i have a problem with included file in php.
I have 2 file "settings.php" and "test.php" (hosted in localhost with all xampp's default settings and "allow_url_include=1").
Now. This is the content of file "settings.php":
<?
define("TEST_INFO","Lorem ipsum");
?>
And this is the file that include "setting.php":
"test.php":
<?
include("http://127.0.0.1/projectFolder/settings.php");
echo(TEST_INFO);
?>
The result of "test.php" is:
Notice: Use of undefined constant TEST_INFO - assumed 'TEST_INFO' in
C:\xampp\htdocs\projectFolder\test.php on line 4 TEST_INFO
The "include" function not make any error or warning as if it were performed correctly, but the constant (or any variable) defined in the included file not work.
If i try to include file "setting.php" without all url, it work correctly. include("settings.php");
But i need that it work so as: include("http://127.0.0.1/projectFolder/settings.php");
Thanks.
You are including a resource from a URL.
The PHP in the first script makes an HTTP request to the URL
The PHP that runs the define (in the second script) is executed on the server
The output is sent over HTTP to the include()
The output is included in the first page
The define statement is executed in a completely different script (possibly on a different server!).
If you want to execute PHP in the context of the current script, then you must include a local file and not an HTTP URL.
Related
This question already has answers here:
PHP: Check if a file is loaded directly instead of including?
(15 answers)
Closed 4 years ago.
I have a script in PHP that's included on pageX.php through include_once. Let's call it script A.php.
One could call this script by navigating directly to it from the browser: www.whatever.com/scripts/A.php.
What I want however is for script A.php to only be accessible through inclusion (on pageX.php) as it contains info that I want displayed on pageX.php only.
Besides using $_SESSION, are there different approaches?
You can define a constant within your index.php, that would not exist had the included script been called directly. In your included script you check if this constant is set and stop execution if it isn't.
Your original script (index.php):
define('PROPERLY_STARTED', true);
include_once 'a.php';
Your a.php:
if (!defined('PROPERLY_STARTED')) return;
Because my comment was deleted for some reason: While this works, it's error prone as you need to add that code to every single file. The established way of dealing with this issue is to only expose the index.php in your web root and have the files that should remain inaccessible in a directory outside of your web root so they aren't even reachable via HTTP (see e.g. the accepted answer on the question this is marked as duplicate of)
Simply don't let A.php output anything and use a
function/method based approach
a PHP script won't do anything if you have just functions defined in it.
Limit the access to your pageX.php only (via chmod / htaccess)
I'm using require_once to call a script that will echo back HTML for a the footer of each page. I have each page submitting a variable in the URL for the PHP file to retrieve via $_GET, but because it doesn't see a file with the name of the full URL (including variable) it isn't working. Any work arounds here?
ERROR:
Warning: require_once(footer/footer.php?page=homepage) [function.require-once]: failed to open stream: No such file or directory in /home/content/05/10838405/html/index.php on line 434
If I remove the '?page=homepage' it works perfectly.
Just use a variable
$page = 'homepage';
require_once 'footer/footer.php';
Then in our footer.php you can use $page
GET parameters are a part of HTTP URLs – but the local file system of your server does “speak” HTTP.
So footer/footer.php?page=homepage would literally mean a file of that name (which does not exist, and the characters ? and = are “illegal” as parts of a file/directory name in many file systems).
Since you are asking for a workaround – two easy possibilities (in both cases, only requiring the file by it’s actual name, footer/footer.php, of course):
you re-write the code inside that file to use a “normal” variable to decide what it should output – $page. (Although that might lead to problems with the variable scope, if $_GET['page'] is used inside a function in that file.)
In your script that does the including, you set the GET parameter yourself – $_GET['page'] = 'homepage'; before including the file. This is perfectly legal in PHP, from a syntactic standpoint – semantically, one might see that differently; and also it might lead to problems if in other code further down the line that GET parameter gets evaluated as well, and the value homepage is not expected in that context.
require_once is a local include, its not going via a http request so things like query strings won't work.
do something like:
$page = 'homepage';
require 'footer.php'
$page will be available to footer.php
Edit: Beaten like a ginger stepchild
Additional Reading: PHP Manual: Require Once
The reason you are having this problem is because require_once will look for a file called 'footer.php?page=homepage' which doesn't exist on your filesystem. Romainberger's solution is good.
When I include a page using it's full URL (like include 'http://mysite.tld/mypage.php'), I can't use the $GLOBALS in mypage.php, it returns Undefined index error.
But when I include it using it's relative path (like include 'mypage.php'), then it's OK.
The reason why am I using URL instead of relative path is that I want to include $_GET parameters to mypage.php
Is there any logical explanation of this strange behaviour?
Note that both files are on the same server, in the same directory.
Including files with a URL means the code is run as a separate process, which means it runs under a different variable scope. This is as opposed to if you include the file via a relative path, in which case it is pretty much equivalent to cut and pasting the code into the script.
Essentially this means that the only variables available from your starting script are those that you explicitly pass (as you are in this case using the $_GET variables). This includes the $_SESSION variables, since the caller is your own server rather than the client.
This behaviour is noted in the PHP manual's include page:
If the target server interprets the target file as PHP code, variables
may be passed to the included file using a URL request string as used
with HTTP GET. This is not strictly speaking the same thing as
including the file and having it inherit the parent file's variable
scope; the script is actually being run on the remote server and the
result is then being included into the local script.
I have a script scripty.php
Sometimes this script gets called through the browser.
Other times it gets called by another script on the server.
How can I (securely) check within scripty.php to see whether or not it is being called by the server?
in the form of an http URL
The $_SERVER["REMOTE_ADDR"] variable that gives you the IP address of the client who made the request should be 127.0.0.1 when the script is called from the server.
you can create a variable before including your script
$by_script = true;
include("new_script.php");
and check it inside
Just a guess: You want to know, if the script its called trough a browser, or from CLI
var_dump(PHP_SAPI);
On any script that will be calling it define a constant like define("IN_SCRIPT") and within scripty.php you can check for the constant to determine if it's inside another script or not.
e.g.
if(defined("IN_SCRIPT")){
// We must be inside a script right now!
}
or
if(!defined("IN_SCRIPT")){
// We are working alone now
}
consider a file named test.php, this is the only code contained:
echo str_replace("\\","/",$_SERVER["SCRIPT_FILENAME"]);
echo str_replace("\\","/",__FILE__);
when a user execute* test.php by browser url, this is the output:
"C:/xampp/htdocs/test.php"
"C:/xampp/htdocs/test.php"
otherwise, differ (( in this case another.php was executed by browser url, who include test.php ))
"C:/xampp/htdocs/another.php"
"C:/xampp/htdocs/test.php"
I recently moved a large CubeCart installation to a new server and it created a whole bunch of issues. Most of them I'm getting sorted out error by error, but I'm stuck on this one:
In the main index.php file the config file is included, which sets key variables like $glob['rootDir']. Then a few lines later in the main index.php file another important script is included and calls some of those $glob variables, but under the $GLOBALS superglobal. However this isn't working. If I put on the second included file var_dump($GLOBALS) it's all there... but if I put echo $GLOBALS['rootDir'] I get nothing.
I'm not getting any bad errors or anything, just Undefined Index.
Is this an issue with PHP settings? The site was working fine before on the previous server, though I don't know what version of PHP it was running or specific settings.
Code samples:
MAIN INDEX FILE:
//INCLUDE CORE VARIABLES & FUNCTIONS
include_once("includes/global.inc.php");
//... other stuff ...
include_once("includes/sessionStart.inc.php");
GLOBAL.INC.PHP:
$glob['dbhost'] = 'localhost';
//other variables, including $glob['rootRel'];
SESSIONSTART.INC.PHP:
$sessionDomain = substr($GLOBALS['rootRel'],0, strlen($GLOBALS['rootRel'])-1);
//the above is where it throws Undefined Index
Thanks!
$glob and $GLOBALS are different variables, so this behaviour is ok.