We use cookies to help make our site work properly and to analyze how our site is used. Some are optional, but none contain your personal information, and we don't use any for ads. You can view our cookies policy, manage your cookie preferences, or consent and dismiss this banner by clicking agree:

Agree
ExpressionEngine CMS
Open, Free, Amazing

Thread

This is an archived forum and the content is probably no longer relevant, but is provided here for posterity.

The active forums are here.

Trouble moving system folder above web root with MSM sites

June 20, 2012 9:11pm

Subscribe [3]

  • #1 / Jun 20, 2012 9:11pm

    Sean O'Brien

    78 posts

    I finally decided to follow recommended security guidelines and move the system file above web root on an MSM deployment. It worked fine for the main site, and I could access the control panels of all MSM sites, but the MSM sites kept giving me the error:

    Your system folder path does not appear to be set correctly. Please open the following file and correct this: index.php

    I experimented by adding and subtracted dots to no avail. No matter what I’ve done, I keep getting the same error message from my MSM secondary sites. My secondary sites are in subfolders under the public_html directory. Everything seems to work fine as long as the system file remains in that directory.

    I’m running EE 2.5.1 on EngineHosting.

  • #2 / Jun 21, 2012 1:57pm

    Shane Eckert

    7174 posts

    Hey Sean,

    I am sorry to hear you are running into this problem.

    Can you show me what you have in your config? Just replace the real info with fake.

    Thank you,

  • #3 / Jun 21, 2012 5:10pm

    Sean O'Brien

    78 posts

    Hi Shane,

    Here are the parts of my config file that are not commented out, along with all of the CE Image plugin code. Let me know if you need anything else to evaluate this issue.

    Thanks,
    Sean

    <?php  if ( ! defined('BASEPATH')) exit('No direct script access allowed');

$config['app_version'] = "251";
$config['install_lock'] = "";
$config['license_number'] = "xxxx-xxxx-xxxx-xxxx";
$config['debug'] = "1";
$config['cp_url'] = "http://my-site.com/system/";
$config['doc_url'] = "http://ellislab.com/expressionengine/user-guide/";
$config['is_system_on'] = "y";
$config['site_label'] = 'My Site';
$config['cookie_prefix'] = "";

$config['clickstats_date_sent'] = "20091202";
$config['multiple_sites_enabled'] = "y";
$config['allow_extensions'] = "y";

$config['base_url'] = "http://my-site.com/";

$config['index_page'] = "";

$config['uri_protocol'] = 'AUTO';

$config['url_suffix'] = '';

$config['language'] = 'english';

$config['charset'] = 'UTF-8';

$config['enable_hooks'] = TRUE;

$config['subclass_prefix'] = 'EE_';

$config['permitted_uri_chars'] = 'a-z 0-9~%.:_\\-';

$config['enable_query_strings'] = FALSE;
$config['directory_trigger'] = 'D';
$config['controller_trigger'] = 'C';
$config['function_trigger'] = 'M';

$config['log_threshold'] = 0;

$config['log_path'] = '';

$config['log_date_format'] = 'Y-m-d H:i:s';

$config['cache_path'] = '';

$config['encryption_key'] = '';

$config['global_xss_filtering'] = FALSE;

$config['csrf_protection'] = FALSE;

$config['compress_output'] = FALSE;

$config['time_reference'] = 'local';

$config['rewrite_short_tags'] = TRUE;

$config['proxy_ips'] = "";

$config['autosave_interval_seconds'] = 0;

/*
|--------------------------------------------------------------------------
| CE Image Advanced Config Items
|--------------------------------------------------------------------------
|
| The following settings are only for advanced setups! You should very
| rarely need to change anything below.
*/
/*
| The ce_image_current_domain item can generally be left blank, and the
| plugin will figure it out.
*/
$config['ce_image_current_domain'] = '';
/*
| The ce_image_unique option can be set to 'filename', 'directory_name',
| or 'none'. See the docs for more details.
*/
$config['ce_image_unique'] = 'filename';
/*
| The ce_img_src_regex takes an associative pair of values
| that you would like to preg_replace (a PHP function) the src path with.
| This occurs before the plugin tries to find the image on the server.
| Ex: array( '^/images/(?!made)' => '/some/server/path/images/');
*/
$config['ce_image_src_regex'] = array();
/*
| The ce_image_made_regex takes an associative pair of values that you
| would like to preg_replace (a PHP function) the made variable with.
| This occurs right before the made variable is returned to the plugin.
| Ex: array( '^/images/' => 'http://www.example.com/images/');
*/
$config['ce_image_made_regex'] = array();
/*
| Can be '' (default), or the name of a folder that you would like to be
| automatically created in the same image directory as the source
| image (if the source image is above web root). The manipulated image
| will then be cached inside this directory. If the image is below web
| root, the folder will be created in the cache_dir instead. If you are
| pulling images from below web root, it is best to leave this as ''
*/
$config['ce_image_auto_cache'] = '';
/*
| By default, CE Image uses the EE instalation's root folder as the base
| path for CE Image. All relative paths and references will build off of
| this path's value. This setting allows you to override the default, and
| can also be overridden in the global_array in your index.php file.
*/
$config['ce_image_document_root'] = $_SERVER['DOCUMENT_ROOT'];
/*
| The mode (permission level) to try and set the created image
| to. Must be octal. See <a href="http://php.net/manual/en/function.chmod.php">http://php.net/manual/en/function.chmod.php</a> for
| more info. Defaults to: 0644
*/
$config['ce_image_image_permissions'] = 0644;
/*
| The mode (permission level) to try and set the created directories to.
| Must be octal. See <a href="http://php.net/manual/en/function.chmod.php">http://php.net/manual/en/function.chmod.php</a> for
| more info. Defaults to: 0775
*/
$config['ce_image_dir_permissions'] = 0775;
/*
| Amazon S3 settings and optional headers.
*/
$config['ce_image_aws_key'] = '';
$config['ce_image_aws_secret_key'] = '';
$config['ce_image_bucket'] = '';
$config['ce_image_aws_request_headers'] = array();
$config['ce_image_aws_request_headers']['Cache-Control'] = 'max-age=' . (30 * 24 * 60 * 60);
$config['ce_image_aws_request_headers']['Expires'] = gmdate("D, d M Y H:i:s T", strtotime('+1 month') );
$config['ce_image_aws_storage_class'] = 'STANDARD';
// END CE Image advanced config items

  • #4 / Jun 21, 2012 5:15pm

    Stephen Callender

    148 posts

    You don’t have a system folder config setting. Try this.

    $system_folder = '../YOUR_SYSTEM_FOLDER';

  • #5 / Jun 25, 2012 1:42pm

    Sean O'Brien

    78 posts

    Thanks for the reply, Stephen, but I just tried that and it did not work.

  • #6 / Jun 27, 2012 3:18pm

    Shane Eckert

    7174 posts

    Hey Sean O’Brien,

    I am sorry for not being clear. Can you show me what is in your index.php file?

    Cheers,

  • #7 / Jul 02, 2012 12:25pm

    Sean O'Brien

    78 posts

    Hi Shane,

    Here’s my main index.php file.

    <?php
/**
 * ExpressionEngine - by EllisLab
 *
 * @package  ExpressionEngine
 * @author  ExpressionEngine Dev Team
 * @copyright Copyright (c) 2003 - 2012, EllisLab, Inc.
 * @license  <a href="http://ellislab.com/expressionengine/user-guide/license.html">http://ellislab.com/expressionengine/user-guide/license.html</a>
 * @link  <a href="http://expressionengine.com">http://expressionengine.com</a>
 * @since  Version 2.0
 */

 $system_path = './system';

 $debug = 0;

 $routing['directory'] = '';
 $routing['controller'] = 'ee';
 $routing['function'] = 'index';

/*
 * --------------------------------------------------------------------
 *  Mandatory config overrides
 * --------------------------------------------------------------------
 */
 $assign_to_config['subclass_prefix'] = 'EE_';

/*
 * --------------------------------------------------------------------
 *  Resolve the system path for increased reliability
 * --------------------------------------------------------------------
 */

 if (realpath($system_path) !== FALSE)
 {
  $system_path = realpath($system_path).'/';
 }

 // ensure there's a trailing slash
 $system_path = rtrim($system_path, '/').'/';

 // Is the sytsem path correct?
 if ( ! is_dir($system_path))
 {
  exit("Your system folder path does not appear to be set correctly. Please open the following file and correct this: ".pathinfo(__FILE__, PATHINFO_BASENAME));
 }

/*
 * --------------------------------------------------------------------
 *  Now that we know the path, set the main constants
 * --------------------------------------------------------------------
 */ 
 // The name of THIS file
 define('SELF', pathinfo(__FILE__, PATHINFO_BASENAME));

 // The PHP file extension
 define('EXT', '.php');

  // Path to the system folder
 define('BASEPATH', str_replace("\\", "/", $system_path.'codeigniter/system/'));
 
 // Path to the "application" folder
 define('APPPATH', $system_path.'expressionengine/');
 
 // Path to the front controller (this file)
 define('FCPATH', str_replace(SELF, '', __FILE__));
 
 // Name of the "system folder"
 define('SYSDIR', trim(strrchr(trim(str_replace("\\", "/", $system_path), '/'), '/'), '/'));

 // The $debug value as a constant for global access
 define('DEBUG', $debug);  unset($debug);

/*
 * --------------------------------------------------------------------
 *  Set the error reporting level
 * --------------------------------------------------------------------
 */ 
 if (DEBUG == 1)
 {
  error_reporting(E_ALL);
  @ini_set('display_errors', 1);
 }
 else
 {
  error_reporting(0); 
 }

/*
 *---------------------------------------------------------------
 * LOAD THE BOOTSTRAP FILE
 *---------------------------------------------------------------
 *
 * And away we go…
 *
 */
 require_once BASEPATH.'core/CodeIgniter'.EXT;

/* End of file index.php */
/* Location: ./index.php */

  • #8 / Jul 02, 2012 12:30pm

    Sean O'Brien

    78 posts

    And here is an index.php file from one of my MSM subsites, with some of the commented out code and description removed.

    <?php
/**
 * ExpressionEngine - by EllisLab
 *
 * @package  ExpressionEngine
 * @author  EllisLab Dev Team
 * @copyright Copyright (c) 2003 - 2012, EllisLab, Inc.
 * @license  <a href="http://ellislab.com/expressionengine/user-guide/license.html">http://ellislab.com/expressionengine/user-guide/license.html</a>
 * @link  <a href="http://expressionengine.com">http://expressionengine.com</a>
 * @since  Version 2.0
 */

/*
 * --------------------------------------------------------------------
 *  System Path
 * --------------------------------------------------------------------
 *
 * The following variable contains the server path to your
 * ExpressionEngine "system" folder.  By default the folder is named
 * "system" but it can be renamed or moved for increased security.
 * Indicate the new name and/or path here. The path can be relative
 * or it can be a full server path.
 *
 * <a href="http://ellislab.com/expressionengine/user-guide/installation/best_practices.html">http://ellislab.com/expressionengine/user-guide/installation/best_practices.html</a>
 * 
 */
 $system_path = '../system';


/*
 * --------------------------------------------------------------------
 *  Multiple Site Manager
 * --------------------------------------------------------------------
 *
 * Uncomment the following variables if you are using the Multiple
 * Site Manager: <a href="http://ellislab.com/expressionengine/user-guide/cp/sites">http://ellislab.com/expressionengine/user-guide/cp/sites</a>
 *
 * Set the Short Name of the site this file will display, the URL of
 * this site's admin.php file, and the main URL of the site (without
 * index.php) 
 *
 */
 $assign_to_config['site_name']  = 'SUBSITE';
 $assign_to_config['cp_url'] = 'http://SITE.com/admin.php';
 $assign_to_config['site_url'] = 'http://SITE.com/SUBSITE/';


/*
 * --------------------------------------------------------------------
 *  Error Reporting
 * --------------------------------------------------------------------
 *
 * PHP and database errors are normally displayed dynamically based
 * on the authorization level of each user accessing your site.  
 * This variable allows the error reporting system to be overridden, 
 * which can be useful for low level debugging during site development, 
 * since errors happening before a user is authenticated will not normally 
 * be shown.  Options:
 *
 * $debug = 0;  Default setting. Errors shown based on authorization level
 *
 * $debug = 1;  All errors shown regardless of authorization
 *
 * NOTE: Enabling this override can have security implications.
 * Enable it only if you have a good reason to.
 * 
 */
 $debug = 1;

/*
 * ---------------------------------------------------------------
 *  Disable all routing, send everything to the frontend
 * ---------------------------------------------------------------
 */
 $routing['directory'] = '';
 $routing['controller'] = 'ee';
 $routing['function'] = 'index';

/*
 * --------------------------------------------------------------------
 *  Mandatory config overrides
 * --------------------------------------------------------------------
 */
  $assign_to_config['enable_query_strings'] = TRUE;
 $assign_to_config['subclass_prefix'] = 'EE_';

/*
 * --------------------------------------------------------------------
 *  Resolve the system path for increased reliability
 * --------------------------------------------------------------------
 */

 if (realpath($system_path) !== FALSE)
 {
  $system_path = realpath($system_path).'/';
 }

 // ensure there's a trailing slash
 $system_path = rtrim($system_path, '/').'/';

 // Is the sytsem path correct?
 if ( ! is_dir($system_path))
 {
  exit("Your system folder path does not appear to be set correctly. Please open the following file and correct this: ".pathinfo(__FILE__, PATHINFO_BASENAME));
 }

/*
 * --------------------------------------------------------------------
 *  Now that we know the path, set the main constants
 * --------------------------------------------------------------------
 */ 
 // The name of THIS file
 define('SELF', pathinfo(__FILE__, PATHINFO_BASENAME));

 // The PHP file extension
 define('EXT', '.php');

  // Path to the system folder
 define('BASEPATH', str_replace("\\", "/", $system_path.'codeigniter/system/'));
 
 // Path to the "application" folder
 define('APPPATH', $system_path.'expressionengine/');
 
 // Path to the front controller (this file)
 define('FCPATH', str_replace(SELF, '', __FILE__));
 
 // Name of the "system folder"
 define('SYSDIR', trim(strrchr(trim(str_replace("\\", "/", $system_path), '/'), '/'), '/'));

 // The $debug value as a constant for global access
 define('DEBUG', $debug);  unset($debug);

/*
 * --------------------------------------------------------------------
 *  Set the error reporting level
 * --------------------------------------------------------------------
 */ 
 if (DEBUG == 1)
 {
  error_reporting(E_ALL);
  @ini_set('display_errors', 1);
 }
 else
 {
  error_reporting(0); 
 }

/*
 *---------------------------------------------------------------
 * LOAD THE BOOTSTRAP FILE
 *---------------------------------------------------------------
 *
 * And away we go…
 *
 */
 require_once BASEPATH.'core/CodeIgniter'.EXT;

/* End of file index.php */
/* Location: ./index.php */

  • #9 / Jul 04, 2012 5:39pm

    Dan Decker

    7338 posts

    Hi Sean,

    Moving /system above web root is an excellent security measure and should be easy enough.

    How your sites are setup on the server will determine how deep the relative path needs to be.

    system
site_1_folder
 |_index.php
 |_admin.php
site_2_folder
 |_index.php
 |_admin.php

    In that setup, each site’s index.php and admin.php will have a $system_path set like so:

    $system_path = '../system';

    If site 2 is a subfolder of site 1, it changes a little:

    system
site_1_folder
 |_index.php
 |_admin.php
 |_site_2_folder
    |_index.php
    |_admin.php

    That means we need:

    site 1 - index.php and admin.php
$system_path = '../system';

site 2 - index.php and admin.php
$system_path = '../../system';

    That should get you squared away. Let me know if you have any questions!

    Cheers,

  • #10 / Jul 12, 2012 6:47pm

    Sean O'Brien

    78 posts

    Thanks, Dan. That worked.

    I was using

    $system_path = '.../system';

    instead of

    $system_path = '../../system';

  • #11 / Jul 13, 2012 3:42pm

    Shane Eckert

    7174 posts

    Hey Sean O’Brien,

    Glad to see that it is working! I am also glad that Dan was able to help.

    If you need anything else, please just let me know by opening a new thread.

    Cheers,

.(JavaScript must be enabled to view this email address)

ExpressionEngine News!

#eecms, #events, #releases

© Packet Tide, All Rights Reserved. Legal Notices

Username

Password

Forgot password?
or Register