When attempting to access a file in PHP, the script will yield a warning similar to:
Warning: fopen(): open_basedir restriction in effect. File(/var/www/myresource) is not within the allowed path(s): (/home/virtual/site2/fst:/var/www/html:/usr/local:/usr/bin:/usr/sbin:/etc:/tmp:/proc:/dev:/.socket) in /home/virtual/site2/fst/var/www/html/myfile.php on line 3
This is caused by mistakenly referencing a path within a pivot root inconsistent with PHP. PHP runs with a separate filesystem visibility for high-throughput performance, whereas FTP and control panel access require low-throughput, but heightened security. PHP implements a different security subsystem and different access rights.
Prepend the HTTP Base Prefix value taken from the control panel under Account > Summary > Web. For example, the following PHP snippet would be corrected as follows:
<?php // INCORRECT // Will yield open_basedir warning $key = file_get_contents("/var/www/secret.hash"); // CORRECT $key = file_get_contents("/home/virtual/site12/fst/var/www/secret.hash"); ?>
For convenience, the web server will populate an environment variable named
SITE_ROOT that contains the value of HTTP Base Prefix. A better example would be:
<?php $key = file_get_contents($_SERVER['SITE_ROOT'] . "/var/www/secret.hash"); // do whatever, $key works! ?>
Just don’t forget too that PHP requires special permissions for write access!
PHP: Writing to files