file_exists(): open_basedir restriction in effect. File() is not within the allowed path(s)

Home Forums BulletProof Security Pro file_exists(): open_basedir restriction in effect. File() is not within the allowed path(s)

Tagged: 

Viewing 15 posts - 16 through 30 (of 42 total)
  • Author
    Posts
  • #31481
    Jason
    Participant

    Yeh, rookie error by me, trying to rush 😉

    And the update, yes; I did the force manual update check and then clicked update in the WP Plugins page.

    #31482
    AITpro Admin
    Keymaster

    @ Jason – Ok try this, which I don’t have much hope will work, but you never know.  Delete the /bulletproof-security/ plugin folder.  Deactivate all of your other plugins.  Use the WordPress Plugin Upload zip installer and install the new bulletproof-security.zip file.  If you need to get the newest bulletproof-security.zip file for BPS Pro version 12.4.1 then login to the BPS Pro Download area:  www.ait-pro.com/wp-admin/.

    #31483
    Jason
    Participant

    Okay, we are good. Everything is back, all plugins activated includeing BPS Pro and Admin is working as it should.

    Shall I run through the Pre-Installation Wizard and Setup Wizard again?

    #31484
    AITpro Admin
    Keymaster

    @ Jason – Sweet!  Nope, you don’t need to re-run the Wizards.  Just doing the BPS Pro upgrade itself has automation code in it that will automatically update/change/etc whatever needs to be updated/changed/ etc.

    Ok so what you are going to need to do for the open_basedir proglem is to either disable open_basedir in your php.ini file (highly recommended) or add the additional paths to your open_basedir setting in your php.ini file.  See this Reply in this same forum topic for the general steps to do that:  http://forum.ait-pro.com/forums/topic/php-error-file_exists-open_basedir-restriction-in-effect-on-htaccess-prevents-setup-wizard/#post-30637  Your host can assist you with that if you can’t figure out exactly what you need to change.

    #31487
    Jason
    Participant

    Great, thank you. I’ll contact my host – it’s shared hosting on this site so I don’t have access to the php.ini

    If I have to go down the adding additonal paths I presume its just the one in the error log as follows (again, I removed URL)

    /var/www/vhosts/URLEDITED.com/httpdocs:/tmp:/usr/share/pear

    Also, just to be clear; am I okay to leave BPS Pro active even though its logging the PHP error every 5 or so minutes?

    Just managed to kill the admin area again. It happens when I activate make changed to Auto Restore and a file is quarntined… will try and sort that now.

    Thanks
    Jason

    #31488
    AITpro Admin
    Keymaster

    @ Jason – Hmm actually you do not need to do anything with open_basedir.  What is happening is BPS Pro F-Lock is trying to read/write to:   dirname(ABSPATH) . '/index.php';, which is being interpreted by open_basedir as a directory that is not allowed to be read/write. So what you need to do is go to F-Lock > File Lock > turn off all of these options: DR: Lock|Unlock DR htaccess File, DR: Lock|Unlock WP DR index.php File, GWIOD: Lock|Unlock Root htaccess File and GWIOD: Lock|Unlock WP Root index.php File. Choose “Checking & Alerts Off”. This should stop the PHP errors from continuing to occur and will also fix the Setup Wizard hanging problem.

    #31489
    Jason
    Participant

    Sorry for the delay, I had to reinstall as couldn’t recover admin. For some reason when I “Save ARQ Cron Options” at defaults shown in blue it quarantines “auto_.htaccess”.

    Now to business, great! Thanks for the reply. Does it matter that it says the following on the F-Lock page?

    Server API: apache2handler - Your Server Configuration is DSO. Files cannot be locked on a DSO Server. Choose/Select - Checking & Alerts Off - for all F-Lock option settings.

    Reading the help on this page the server is DSO – the following items are red in the DSO Permissions & Status Table:
    – Root .htaccess
    – wp-blog-header.php
    – DR – Root .htaccess
    – both GWIOD but not applicable anyway as its in the default directory

    Thanks
    Jason

    #31490
    Jason
    Participant

    I’ve set “Checking & Alerts Off” for all the F-Lock > File Lock drop down.

    Re-ran setup and its still Processing as I type this.

    Still getting the PHP error

    [02-Dec-2016 20:20:31 UTC] PHP Warning:  file_exists(): open_basedir restriction in effect...
    #31491
    AITpro Admin
    Keymaster

    @ Jason – Since this is a DSO server type you need to first make sure each option setting is set correctly and then choose Checking & Alerts Off.  So for all of the option settings: Choose DSO|644 File Permission > Click the Save Options button. Then for all of the option settings: Choose Checking & Alerts Off > Click the Save Options button. You will probably see some sort of error message displayed when doing these steps, but you can just ignore the error. My hunch is that this site was at one time on a CGI server and was moved to a DSO server and older F-Lock settings are still saved in the database for this site.

    “both GWIOD but not applicable anyway as its in the default directory” The F-Lock GWIOD settings are exactly where the php error is coming from due to open_basedir.

    #31494
    Jason
    Participant

    I’ve got green DSO – 0644 File Permissions set for:
    – Root .htaccess
    – wp-config.php
    – WP index.php
    – wp-blog-header.php
    – DR – Root .htaccess
    – DR – WP index.php

    GWIOD – Root .htaccess and GWIOD – WP index.php have:
    “GWIOD – Root htaccess file does not exist. DSO – 0 File Permissions”

    These are now all “Turned Off”

    Unfortunately I’m still getting the PHP error.

    Thanks
    Jason

    #31495
    AITpro Admin
    Keymaster

    @ Jason – Are you sure you are seeing “new” php errors and not “old” php errors. Try resetting/clearing the php error log. Then see if new php errors start occurring.

    Technically this is somewhat of a bug because there is a missing conditional check for “if this is a GWIOD site then do X”.  Currently the code is not doing that.  So that needs to be added/created in the next BPS Pro version. So that in cases where a site is not a GWIOD site and open_basedir is being used the F-Lock and Setup Wizard F-Lock code does not try to read/write to a directory that open_basedir does not allow read/write.

    #31497
    Jason
    Participant

    Ah, right – good to know I’m not being a poor student and possibly helping find a (minor) issue 🙂

    And yes, I’ve been resetting the DB and clearing log each time I post, here’s the latest:

    [02-Dec-2016 20:44:44 UTC] PHP Warning:  file_exists(): open_basedir restriction in effect. File(/var/www/vhosts/URLEDITED.com/index.php) is not within the allowed path(s): (/var/www/vhosts/URLEDITED.com/httpdocs:/tmp:/usr/share/pear) in /var/www/vhosts/URLEDITED.com/httpdocs/wp-content/plugins/bulletproof-security/includes/general-functions.php on line 841

    If you want access to the site to confirm its an issue I’m happy to give you access. Just let me know if that’s of use.

    As a note I built this on my development server but it runs the same system Apache / Plesk. From memory I didn’t install BPS Pro during development as I prefer to do it on the final live server.

    Thanks
    Jason

    #31500
    AITpro Admin
    Keymaster

    @ Jason – Ok at this point we will go ahead and add the additional conditional checking code in BPS Pro F-Lock and the Setup Wizard and upload a new zip file.  When that is completed I’ll post back here so you can download the new BPS Pro zip file.

    #31501
    Jason
    Participant

    Great, many thanks for your help. Enjoy the rest of your day 🙂

    #31502
    AITpro Admin
    Keymaster

    @ Jason – I am curious if the Wizards will complete successfully now since the F-Lock DB Settings are using by the Wizards.  So try running the Pre-Installation Wizard and the Setup Wizard again and let me know if they complete successfully.  If you see any php errors you can disregard them.

    I forgot that S-Monitor has an option setting for F-Lock:  F-Lock: File Lock|Unlock Alerts > set this to Turn Off Displayed Alerts.  That will prevent the php errors from occurring repeatedly.

Viewing 15 posts - 16 through 30 (of 42 total)
  • You must be logged in to reply to this topic.