I am running lighttpd and I have mod_userdir, and I want to prevent users from making a file called foo.php in /home/user/foo.php and be able to include /home/user2/foo2.php from foo.php How would I go about doing this?
this is more about the php config. For this purpose check the safe_mode and open_basedir access restriction policies in your php.ini
I don't use phpBB* at all, so I can't tell.... the question is then, if that's a problem of open_basedir or phpBB.... But you are right, open_basedir restrictions can sometimes take you in trouble, e.g. when using pear's AJAX or similar things. But then you just have to correct your open_basedir and safemode's openbasedir thing for your specific vhost, or globally. (in case of adminCPs like ISPCOnfig it's not that easy, but possbile for general changes :-\)
