I'm trying to include a file with an absolute url:
<?
session_start();
$_SESSION['sr_path'] = 'http://domain.org/www/myapp';
include($_SESSION['sr_path'].'/assets/contact.php');
?>
But it don't work.
Any idea why please ?
you include your files by directories not url:
include(dirname(__FILE__).'/assets/contact.php');
or
include(dirname(__FILE__).'/contact.php');
where dirname(__FILE__) get the path of your current file you write this code in it.
or for all case you can define constant in your website index.php page, and use this const anywhere:
define('ROOT', dirname(__FILE__));
then use it in any dir like this:
include(dirname(__FILE__).'/same_index_file_path/contact.php');
You are currently attempting to include a file by a URL not by the path on the server. By default you cannot use the 'HTTP' wrapper or you'll get this warning (or similar):
http:// wrapper is disabled in the server configuration by allow_url_include=0
Whilst you can include files by URL, it is generally preferred to include with a path on your server.
If you did want to go ahead with your current method and include something which is stored on a different server to the one the script is running on, you'll need to update your configuration by setting 'allow_url_include' to 1.
The PHP Docs for include specify:
If "URL include wrappers" are enabled in PHP, you can specify the file to be included using a URL (via HTTP or other supported wrapper - see Supported Protocols and Wrappers for a list of protocols) instead of a local pathname.
It's worth noting, however, that if you use HTTP you could be relying on a remote server to process the PHP script for you and return it to your script. As the docs state:
Remote file may be processed at the remote server (depending on the file extension and the fact if the remote server runs PHP or not) but it still has to produce a valid PHP script because it will be processed at the local server.
It goes onto clarify:
...the script is actually being run on the remote server and the result is then being included into the local script.
TL;DR
I would guess what you actually want to do, assuming the script you are attempting to include is on the same server as the script that is doing the including, is to just give the path to it on your server such as:
/var/www/myapp/assets/contact.php
which would look like this:
include('/var/www/myapp/assets/contact.php');
instead of this:
include('http://example.com/myapp/assets/contact.php');
Related
I am trying to communicate between two servers through PHP. Lets say, there is one PHP file "a.php" on my localhost and another PHP file "b.php" on a remote server. I want to include b.php in a.php. I am trying to do this through include method by giving a full path of remore server "http://ip/b.php" but nothing happens.
Actually I want to run a part of script from a.php file then I want to communicate with b.php file and then return back to a.php file.
Please guide me how to do this. I know there are similar questions asked and I have tried to resolve this issue using those techniques but in vain.
Thank you
Nope, this setting is disabled/not allowed by default in most web servers (php.ini) so you can not use the include to include the files from a remote addresss for security reasons.
If you still want to allow inclusion of remote files, the directive allow_url_include must be set to On in php.ini
But again it is a bad practice, in a security-oriented point of view ; and, so, it is generally disabled (I've never seen it enabled, actually)
If you want to read the contents of a remote file though, you can use the file_get_contents function instead BUT this will be returned as pure HTML markup code, there won't be any server-side code.
including php file from another server with php
Another Solution is
Save your file as a text file removing the from it.
Access the file using file_get_contents
Example
http://ip/b.php - save this file as b.txt
<?php
$filedata = file_get_contents('http://ip/b.txt');
eval ("?>$filedata");
?>
As much as it is unsafe and bad practice, you can always turn off php for particular directory, using .htaccess (php_flag engine off).
Then your files will be served directly as a text files to whoever know url. That way you can include them via allow_url_include or as Mad Angle said get_file_contets.
But either way - its bad idea. So you can try it for science :)
Can I use include (or something similar) to get functions (or something else) from an online file?
Something like this:
include 'http://stackoverflow.com/questions/ask.php';
Simple Answer: No
Elaborating:
If you use http or https inside your file path, you are literally telling your code to include a file that is on the internet and to use the HTTP / HTTPS protocol in that process.
As you probably know, php code is executed on the server and is never displayed to users online, but rather the output of the php is displayed.
For that reason, you won't be able to gain access to your php functions while being a user from online (because that is how you will be perceived with the previous method).
What you should do is either use relative paths or absolute paths to include php scripts with functions on the same server. Here is some php documentation if you want to read a bit more on how to format the path: PHP DOC
Note; The problem is not in require or include.( it's in variables) while requiring or including from URl
I am facing an strange error as following:
require_once "http://".$_SERVER['HTTP_HOST'].'/engine/header.php';
This is causing errors with variables
Undefined Variables
While this :
require_once '/engine/header.php';
Doesn't cause any problem!
Sorry if have misspelled anything or written not understandable words.
You can only include URLs if URL include wrappers are enabled, so check if allow_url_include is set to true in your php config.
Your answer is located here.
If "URL include wrappers" are enabled in PHP, you can specify the file to be included using a URL (via HTTP or other supported wrapper - see Supported Protocols and Wrappers for a list of protocols) instead of a local pathname. If the target server interprets the target file as PHP code, variables may be passed to the included file using a URL request string as used with HTTP GET. This is not strictly speaking the same thing as including the file and having it inherit the parent file's variable scope; the script is actually being run on the remote server and the result is then being included into the local script.
This means if you include a URL, it will be an independent PHP execution outside of your current scope. You would need to pass the variables via the $_GET superglobal.
If the include/require is absolute/relative file paths, you would be able to access the variables via that scope.
When you access a .php file through the webserver, the webserver executes the file, and the response that's sent to the client is the output of the script, not the script's source code. But require expects to read PHP source code from the file, so it can execute it in the context of the current script.
So unless header.php takes special measures to output PHP source code when it's being accessed remotely, trying to require it using a URI is not going to work correctly.
I have a PHP script called constants.php, in there I have a lot of valuable data, like my MySQL information, etc.
Is it possible to access that script outside my machine? Lets say, using the following: include http://www.fakewebsite.com/config/constants.php
Well, yes and no.
Yes: They will be able to access the output of the file constants.php (however most likely it will be blank).
No: They won't be able to access your variables. You can only access these before PHP has been parsed.
Let's read the docs:
If "URL fopen wrappers" are enabled in PHP (which they are in the
default configuration), you can specify the file to be included using
a URL (via HTTP or other supported wrapper - see Supported Protocols
and Wrappers for a list of protocols) instead of a local pathname. If
the target server interprets the target file as PHP code, variables
may be passed to the included file using a URL request string as used
with HTTP GET. This is not strictly speaking the same thing as
including the file and having it inherit the parent file's variable
scope; the script is actually being run on the remote server and the
result is then being included into the local script.
So you can actually load external files (if your admin allows you to). However, is it going to be useful in your case? Open http://www.fakewebsite.com/config/constants.php in your web browser and open the "View Source" menu. Whatever you see there, it's what your PHP script will see (most likely, a blank page).
Last but not least... Supposing that the remote server is configured to not execute *.php files or contains a PHP script that generates PHP code, why would you want to post all that valuable and sensitive data to the Internet?
If the URL is publically accessible, then yes, anyone can read it from the URL, including scripts.
However the key part here is that they will access the output of constants.php, not the file itself. They'll get exactly the same output as you would if you accessed the file from a web browser.
What they cannot do is include your actual PHP code by calling the URL. The URL is not a direct connection to the PHP file; it's a connection to the web server. The web server then processes the PHP file and provides the output. As long as the web server is processing the PHP file before sending the output, then your PHP code is safe. It can't be seen via the URL.
There may be other ways of getting at it, but not that way.
Yes, so long as you have access to the script, you can include it within your own scripts.
I need to include to my php script external php code which is situated for example by link http://site.com/code.php How could I do it? I tryed all ways which I found in internet but no one works. All methods are good to include text but not php script.
You can only include the code if it is served as text: otherwise everyone would be able to see / use your code.
So the options you have:
Get the file trough ftp and include it with include or require
Get the file in plaintext, by serving .php files on "site.com" as text. This is ofcourse not a good idea, as everyone could see your source from there.
Put the file on the same server as the script that wants to include it.
If you need just the file to be 'run', you can curl it. You won't get the source (cannot use its functions etc) but any actions it performs (make file? add something to the database) will be run.
It is not possible, unless you can get the source code to it (aka. its published somewhere or it is on a file system you can access).
According to the PHP documentation (http://php.net/manual/en/features.remote-files.php) "As long as allow_url_fopen is enabled in php.ini, you can use HTTP and FTP URLs with most of the functions that take a filename as a parameter. In addition, URLs can be used with the include(), include_once(), require() and require_once() statements (since PHP 5.2.0, allow_url_include must be enabled for these)."