Hi, >> $rootFile = "/accounts/www73038/www/www.art-co-op.net/html"; >> >> $rootDir = "http://shell9.vhosting.com/www73038";; >> >> include(../../includes/inc_file); //-- works >> >> include($rootFile. "/includes/inc_file); //-- works >> >> include($rootHttp. "/includes/inc_file); //-- fails > >maybe because of $rootDir and $rootHttp ?
also, keep in mind that it is a bad practice to keep source code 'downloadable' from the web. make sure you always choose a file extension which is parsed by the webserver (such as .php, .phtml and NOT .inc or whatever). of course, nobody knows the URL of your included file, but maybe someone might also get the url when an error occurs (failed to include http:// .. whatever). an even better practice is to keep config-files with sensitive data (database user+password) out of the document-root. it once occured to me that after updating apache with a package-manager (apt) that mod_php was commented out, thus allowing everyone to download the .php sources. of course I quickly fixed that an also checked all access logs whether someone has downloaded a php file (luckily no one did because it was at night). just to show you how your website could be exploited. Kind regards, Daniel Lorch -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
