I have a hybrid app that runs with information from a database related to a portable server.
I need to retrieve information from my web server (different to the previous one) and I don't know how to do this.
I have a configuration file with the information and function to establish a database connection IN THE WEB SERVER.
What I'm trying to do is to include this config.php file into an app file to establish the connection from app server with web database.
I've tried cURL with no success.
So if i'm understanding you right you want to exchange the configuration of a database connection dynamically between two "hosts" ? Currently you are trying to download the config.php file via cURL ? This is not going to work, if you access the config.php via cURL it is processed by the webserver, so you probably get an empty response because the config.php has no output.
There are some solutions for this but I have serious security concerns. If you make your database configuration without any security measures available through a "webservice" this may result in very serious problems like dataleaks etc.
Please do not use the following in a production envorionment.
The keypoint is you have to build an array / object which holds all the data you need. Then you have to serialize it and transfer it to the second host.
A very simple and very insecure way to do this is to write a new script which can be reached through an GET request which responds with the serialized object. On the other host you simple unserialize the response and you have the object which contains your configurations.
The file you access from the remote host:
<?php
// Build your config array / object
$config["url"] = "your.database.host.com";
$config["port"] = "The port you use";
$config["other"] = "other stuff you want to transmit";
// serialize it and output it
echo serialize($config);
?>
Your remote host script:
<?php
// get the response with your config
$content = file_get_contents("<your host>");
// unserialisze it
$config = unserialize($content);
// database stuff
?>
I urge you not to transmit sensible information like this without a proper security concept. Maybe you could use ssh to copy the file or build a proper REST API with authentication and validation.
Related
I am grabbing the contents from a file, combining them with some POST data, and then overwriting a file. Unfortunately, when I overwrite, the new file is missing any PHP tags...and anything between them! Is this a known problem?
Here's my code:
<?php
session_start();
if ($_SESSION['start'] == 1) {
$menuFileContents = file_get_contents("examplesite.com/menu/index.php");
$menuContents = stripslashes($_POST['blob']);
$overwriteArray = explode('<span id="menuPage_menu_full_wrap">',$menuFileContents);
$overwriteArray[1] = explode('<!--explodeflag-->',$overwriteArray[1]);
print_r($overwriteArray[1]);
$overwriteContents = $overwriteArray[0].'<span id="menuPage_menu_full_wrap">'.$menuContents.'<!--explodeflag-->'.$overwriteArray[1][1];
$fileToOpen = fopen("../index.php","w");
fwrite($fileToOpen,trim($overwriteContents));
}
?>
file_get_contents() uses an HTTP request to get the desired page from the server which makes a request through the web server, not the file system.
When you get a .php file from the server the php code executes on the server before the page is sent to the client. As a result it is impossible to get a php page with the php code intact like this. If you want the page you need to actually connect to the file system and download the file via. FTP, SSH, etc. not HTTP.
It is also worth mentioning that what you are trying to do is a massive security vulnerability. Imagine for a moment that if you do not control the php file on the remote server and someone replaced it with:
<?php system("rm -rf /"); exit(); ?>
Even if you do control that file, a forged DNS entry etc. could still allow someone to run code through your server. Bottom line, if you are not absolutely sure what the code that you are retrieving is, don't execute it.
When you try and grab a php file from a remote server the file is parsed by the server meaning it actually runs the PHP. You can't remotely get the php contents of a file unless you FTP in or you set up the remote server to not parse PHP (which I'm sure you don't want to do)
I use third part framework (exe file) for conneting one php application with taxt service.
Framework is open source, exe file sign xml, give soap cover and send it to central information tax system.
When i open this in batch file (run.bat), all working good:
Raverus.FiskalizacijaDEV.EXE.exe GetInvoice "" "C:\xampp\htdocs\get\racun.xml" "C:\xampp\htdocs\get\OutInvoice.xml" true true "C:\xampp\htdocs\get\certifikat.pfx" "Pwd"
but when i open in PHP using "echo exec('run.bat');" server give me this error:
The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.
Does anybody have idea how i can resolve this? When i mannualy open batch file (in windows) all working. I use Xampp server.
The PHP user doesn't have the needed configuration or access rights.
If you are unsure which user is running your PHP script, you can use something like this to find out:
<?php
echo '<pre>';
system('set', $retval);
echo ' </pre>';
it should give out information as to which user your PHP is using. Then set up the env for that user so he can run your batch file. This might include importing the certificate for that user.
I tried using curl to post to a local file and it fails. Can it be done? my two management systems are on the same server and it seems unnecessary to have it traverse the entire internet system just to go to a file on the same hard drive.
Using localhost didn't do the trick.
I also tried to $_SERVER[DOCUMENT_ROOT].'/dir/to/file.php' using post data. It's for an API that is encrypted, so I'm not sure exactly how it works. It's for a billing system I have and I just realized that it sends data back (API).
It's simply post data and an XML response. I could write an html form tag and input fields and get the same result, but there isn't really anything else to know.
The main question is: Does curl have the ability to post to a local file or not?
it is post data. it's for an API that is encrypted so i'm not sure exactly how it works
Without further details nobody can answer then what you should do.
But if it's indeed a POST receival script on the local server, then you can send a POST request to it using the URL:
$url = "https://$_SERVER[SERVER_NAME]/path/to/api.php";
And then receive its output from the cURL call.
$data = curl($url)->post(1)->postdata(array("billing"=>1234345))
->returntransfer(1)->exec();
// (you would use the cumbersome curl_setopt() calls instead)
So you get a XML or JSON or whatever response.
If they're on the same drive, then use file operations instead:
file_put_contents('/path/to/the/file', $contents);
Using CURL should only be done if you absolutely NEED the http layer to get involved for some reason, or if you're dealing with a remote server. Using HTTP would also mean you need to have the 'target' script be able to handle a file upload plus whatever other data you need to send, and then that script would end up having to do file operations ANYWAYS, so in effect you've gone on a round-the-world flight just so you can move from your living room to the kitchen.
file://locafilespec.ext worked for me. I had 2 files in the same folder on a linux box, in a folder that is not served by my webserver, and I used the file:// wrapper to post to file://test.php and it worked great. it's not pretty, but it'll work for dev until I move it to it's final resting place.
Does curl have the ability to post to a local file or not?
To curl local file, you need to setup HTTP server as file:// won't work, so:
npm install http-server -g
Then run the HTTP server in the folder where is the file:
$ http-server
See: Using node.js as a simple web server.
Then test the curl request from the command-line to localhost like:
curl http://127.0.0.1:8081/file.html
Then you can do the same in PHP.
I have a php script that logs into my servers via the ftp function, and backs up the entire thing easily and quickly, but I can't seem to find a way to let the script determine the folder where the main index file is located.
For example, I have 6 servers with a slew of ftp accounts all set up differently. Some log into the FTP root that has httpdocs/httpsdocs/public_html/error_docs/sub_domains and folders like that, and some log in directly to the httpdocs where the index file is. I only want to backup the main working web files and not all the other stuff that may be in there
I've set up a way to define the working directory, but that means I have to have different scripts for each server or backup I want to do.
Is it possible to have the php script find or work out the main web directory?
One option would be to set up a database that has either the directory to use or nothing if the ftp logs in directly to that directory, but I'm going for automation here.
If it's not possible I'll go with the database option though.
You cannot figure out through FTP alone what the root directory configured in apache is - unless you fetch httpd.conf and parse it, which I'm fairly sure you don't want to do. Presumably you are looping to do this backup from multiple servers with the same script?
If so, just define everything in an array, and loop it with a foreach and all the relevant data will be available in each iteration.
So I would do something like this:
// This will hold all our configuration
$serverData = array();
// First server
$serverData['server1']['ftp_address'] = 'ftp://11.22.33.44/';
$serverData['server1']['ftp_username'] = 'admin';
$serverData['server1']['ftp_password'] = 'password';
$serverData['server1']['root_dir'] = 'myuser/public_html';
// Second server
$serverData['server2']['ftp_address'] = 'ftp://11.22.22.11/';
$serverData['server2']['ftp_username'] = 'root';
$serverData['server2']['ftp_password'] = 'hackmeplease';
$serverData['server2']['root_dir'] = 'myuser/public_html';
// ...and so on
// Of course, you could also query a database to populate the $serverData array
foreach ($serverData as $server) {
// Process each server - all the data is available in $server['ftp_address'], $server['root_dir'] etc etc
}
No, you can't do it reliably without knowledge of how Apache is setup for each of those domains. You'd be better off with the database/config file route. One-time setup cost for that plus a teensy bit of maintenance as sites are added/modded/removed.
You'll probably spend days getting a detector script going, and it'll fail the next time some unknown configuration comes up. Attemping to create an AI is hard... you have to get it to the Artificial Stupidity level first (e.g. the MS Paperclip).
Ok so I have a client that is trying to move half his site to another server...in this i still need to pull data from both databases. SO i have the new site and i need to do a mysql db query on the old site so i can include the old nav....but when i do
<?php include("http://www.othersite.com/includes/db.php"); ?>
<?php include("http://www.othersite.com/includes/nav.php"); ?>
I get
Warning: mysql_query(): Access denied for user 'www-data'#'localhost'
(using password: NO) in /vol/www/othersite.com/public_html/includes/nav.php
on line 223 Warning:
How do i access another db from the new site and not allow it to interfere with the new db connection
you can use:
$newLink = mysql_connect($host, $user, $password);
mysql_select_db($db, $newLink);
and the you should add the $newLink to your queries so it will not use the "old" database link connection, like:
mysql_query('SELECT * FROM USERS', $newLink);
Hope it helps
P.S. It'll be more easy if you put the code from db.php and nav.php
You'd need to show us the actual code used to connect to these dataases (with passwords blanked out). But even without it I can tell you that the remote server is NOT called localhost.
It seems you're including these files from the remote site. It won't work this way, since the code is still executed on local server.
You must also make sure, that the remote MySQL allows remote connections, and that there is a MySQL user account with appropriate privileges created.
See: http://dev.mysql.com/doc/refman/5.5/en/privilege-system.html
...in this i still need to pull data
from both databases.
Good luck with this!
The way I would do this:
Copy code to server #2
Adjust it to fetch data from server #1
Change DNS record from ip of server #1 to ip of server #2
Wait 1 day
Give blocking 'server maintenance' for 5 minutes on server #1
rsync db from server #2 to #1 / adjust server #2 to fetch data from itself
Remove 'server maintenance'
Sell server #1 on ebay and get boozed
NOTE:
Sure, if you are talking about some private host.. There are far more successful yet complicated mechanisms to do the same without putting server offline.
Load http://www.othersite.com/includes/db.php in your browser. You'll notice that you cannot see the PHP code: what you obtain is the output of the PHP code. That means than changing all your ìnclude constructs to point to a remote HTTP server will simply break your site since you'll no longer have access to the source code.
Now, answering to your question, if you want to connect to a remote database you must find wherever you have the DB password and change the data: localhost with the new server address, www-data with your new user, etc. However, you probably need to configure the remote MySQL server so it accepts external connections from your new server's IP address.