How to Include File Outside Document Root

PHP include file in webroot from file outside webroot

Full path should be:

include('/home/xx/xx/domains/mydomain/webroot/file-to-include.php');

Or you should set the path like:

include(__DIR__ . '/../webroot/file-to-include.php');  // php version >= 5.3
include(dirname(__FILE__) . '/../webroot/file-to-include.php');  // php version < 5.3

PHP get file outside of document root

First make sure apache as permission to read the files on /var/extra-files, then you can use:

require "/var/extra-files/file.php";

You may want to read Difference between require, include and require_once?

How to include file outside document root?

You can not accomplish this if open_basedir is in effect, which prevents PHP from traversing out of the home directory.

What you can do is make sure that docroot1 and docroot2 are owned by users in the same group, set group permissions accordingly and use a symbolic link from docroot2 to docroot1 to read the other web root.

Or, re-build PHP and let it just follow typical *nix permissions like every other process :)

Upload file outside web root directory

Add a leading slash /var/media

Trying to Include Files outside of Document Root (Plesk 10)

ANSWER: (This was changed to the answer):

Apparently, in Plesk 10, Plesk's program sets whatever the 'document root' path will be, to the 'open_basedir' BUT there is no user friendly way to change 'open_basedir' in Plesk 10!!!

So instead it is a little bit of a hack, you have to first go here:

/usr/local/psa/admin/conf/templates/default/service/php.php

Then change both of these lines in the file, (line 11 and 29):
echo "php_admin_value open_basedir {$OPT['dir']}/:/tmp/\n";

to this:
echo "php_admin_value open_basedir /var/www/vhosts/[your.domain]/httpdocs/:/tmp/\n";

or to wherever you want the restriction to stop.

Then make sure your run these lines is SSH:

/usr/local/psa/admin/sbin/httpdmng --reconfigure-all
/etc/init.d/httpd stop
/etc/init.d/httpd start

But I'm having a new problem now. The 'document root' is pointing to the correct folder:

/var/www/vhosts/[my.domain]/httpdocs/[folder]/html

without any error however when the server gets to a:
require '../[folder]/[file.php]';

It skips through it like its not even there! Not giving me an error msg or anything. It's also skipping all my embedded css files, js files, images, videos...its not going to any of the directories! I have a feeling it's a 'php.ini' setting or something weird that Plesk is doing.

Solved: The last issue was because I never worked with accessing files above the root. PHP is allowed to go above the root but you can't do this:
src="../img/imagefile.jpg"

in HTML.

So after restructuring all my site files my website is now up and running! Thanks to all that helped, hopefully someone won't have to do that again. Also, I saw a post where Plesk is updating this because it is a big issue. Someone who works for Parallels said, http://forum.parallels.com/showthread.php?t=113236 this will be an option in the next version, so until then it's hack time!!

Storing script files outside web root

Using .htaccess adds overhead since Apache has another item it needs to check for and process.

Keeping files out of web root isn't being paranoid, it's good practice. What happens if someone accesses one of the "include" files directly and it throws out revealing errors because all the pre-requisite files weren't loaded?

Each file needs to have it's own security checks to make sure it is running under the expected environment. Each executable file in a web accessible area is a potential security hole.

Methods for accessing files outside root

If your virtual host is rooted on /site/public_html you can shorten it a little by using $_SERVER['DOCUMENT_ROOT']; this should work for all scripts underneath the document root in the same manner.

$file = $_SERVER['DOCUMENT_ROOT']. '/../file/file.doc';

Including a javascript file outside of doc root using zend framework

Based on previous questions you've been asking I think your directories are something problematic for you.
here is a functionnal and secure example or directory organization for Zend Framework (partial)

var/
   www/
     vhosts/
        otherproject/
        project/
             src/ <-- maybe some project src can be here and not in your libraries
             htdocs/ <--- real apache document root
                css/
                js/
             var/
               log/
               sessions/
             etc/
             doc/
        libraries/
             Zend/
             my-lib/
                  js/

So apache documentRoot is /var/www/project/htdocs. Here we can find the index.php file, the only php file available on public access.

In htdocs/js & htdocs/css you can put some of your project js & css files. And then you've got the problem of css and js files of your external php libs that are now completly outside of the web root.

What I usually do is, like others have said here, links from external directories to the js directory inside the web root. But to be more precise and keep things well organized here what you should do there:

 ln -s /var/www/project/libraries/my-lib/js /var/www/project/htdocs/js/my-lib
 ln -s /var/www/project/libraries/my-lib/css /var/www/project/htdocs/css/my-lib

And you should do it for all external lib having files that should be in the document root.
This way the base url for the js files of my-lib is /js/my-lib/.

Do not fear of using symlinks (junctions on windows), you can even store them in subversion repository. Just check that your apache configuration allow symlinks (Options +FollowSymlinks)

PHP - Security in accessing files outside of web root

You need to allow Apache (assumed) to access that folder with images using Directory directive (http://httpd.apache.org/docs/2.2/mod/core.html#directory).

Or you can move images under root directory and restrict direct access to them using .htaccess if you want to keep them protected.