Reply to Re: PHP and IIS permissions

Your name:

Reply:


Posted by FrobinRobin on 03/07/06 13:10

Hi James,

What version of IIS are you using? What is HCPanel? Plus you are
missing code from this post so we dont know how you are authenticating.

Are you using PHP to send http authentication headers to authenticate
the required IIS permissions? (That is probably what I would do)
Does that user have permissions across all site folders?

My first suggestions would be to check the IIS permissions, IIS 6.0
creates three accounts on the local server when it is initally
installed IUSR, IWAM and WPG.
Only when you apply the permission in IIS, will the folder ACL be
changed (by IIS).

Also, it looks like you are using require(), try include() because it
doesnt halt on error?

Good luck

- Robin


James Beilby wrote:
> Hello people,
>
> It's been a long time since I've asked any techie questions on Usenet but I
> am under pressure to finish a project and the following issue has me
> stumped. I appreciate that it's a bit long-winded but I'd be much obliged if
> anyone could shed any light...
>
> I am currently developing a PHP-based site for a client on IIS. It might be
> worth pointing out here that, from a Linux background, I am no expert on IIS
> or NTFS permissions.
>
> The site includes an /admin/ folder that I wish to secure with a password.
> The contents of this folder includes non-web files that I wish to protect,
> so application-level password protection implemented in PHP is not suitable.
> To secure the folder at the IIS/NTFS level, I enabled a "WWW Password" in a
> web control panel (HCPanel) for the admin folder. Am I right in thinking
> that this would probably create an IUSR account on the server, and modify
> the admin folder's ACL to restrict access to this account only?
>
> Anyway, this works great for static content and some PHP files, but I have
> come across the following issue...
>
> When a PHP file in the protected area (e.g. /admin/index.php) tries to
> include() or require() a PHP file outside that protected area (e.g.
> /include/config.php), an error occurs:
>
> Warning: main(../include/config.php) [function.main]: failed to create
> stream: No such file or directory in
> c:\websites\clientusername\clientdomain.com\admin\index.php on line 3
> Fatal error: main() [function.main]: Failed opening required
> '../include/config.php' (include_path='.;c:\php4\pear') in
> c:\websites\clientusername\clientdomain.com\admin\index.php on line 3
>
> This occurs only when the admin area is protected; removing the protection
> allows the script to run normally. Changing '../include/config.php' to an
> absolute path changes the first error to a "Permission Denied" warning.
>
> To me, it's logical that /include/config.php might not be able to include
> /admin/index.php as it does not have permissions, but why does the
> 'priviledged' user /admin/index.php not have access to /include/config.php?
>
> I recognise that there are ways to work around this e.g. creating a copy of
> the included files under the admin folder, or resorting to application-level
> password protection, but I'd hope that there is a more elegant resolution.
>
> Many thanks,
>
> James Beilby

[Back to original message]


Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация