I am using the php page includes in my site, it's perfectly working without error in localhost, but at the time of running this with a live web server it shows the error.
with using these functions
include("http-url/file.php") and required_once("http-url/file.php")
they are shows error like this
Warning: include(): http:// wrapper is disabled in the server
configuration by allow_url_include=0 in
www.mysite.com/....
with file inclution.........
what to do to solve this issue
Many developers include files by pointing to a remote URL, even if the file is within the local system. For example:
<?php include("http://example.com/includes/example_include.php"); ?>
With allow_url_include disabled, this method does not work. Instead, the file must be included with a local path, and there are three methods of doing this:
By using a relative path, such as ../includes/example_include.php.
By using an absolute path (also known as relative-from-root), such as /home/username/example.com/includes/example_include.php.
By using the PHP environment variable $_SERVER['DOCUMENT_ROOT'], which returns the absolute path to the web root directory. This is by far the best (and most portable) solution. The following example shows the environment variable in action.
Example Include
<?php include($_SERVER['DOCUMENT_ROOT']."/includes/example_include.php"); ?>
More about allow_url_include here
Related
I'm on a XAMPP for Windows 8.0.3 installation, developing a payments gateway plugin for my ecommerce site made via Wordpress. I moved some of my code to an includes directory, and then used require_once plugins_url('/includes/class-wc-payment-gateway-elavon.php', __FILE__ ); to require the file from my includes directory.
In my website, I'm now receiving a fatal error, telling me "Failed to open stream: no suitable wrapper could be found" on that line that I just mentioned. It also gives me a warning which states "require_once(): https:// wrapper is disabled in the server configuration by allow_url_include=0", which to me means that the method to fix this error would be to change allow_url_include to yes in my php.ini file. To my understanding, it's bad practice to have allow_url_include set to YES in your php.ini file, as it poses security risks. Also, in Wordpress by default, the function "plugins_url" retrieves a URL within the plugins or mu-plugins directory, which is the directory where my plugin resides. Here is a reference to the function in the developer documentation for Wordpress: https://developer.wordpress.org/reference/functions/plugins_url/
So, my questions are as follows. Why is my file failing to be retrieved with this method? Why would it mention that the https:// wrapper is disabled in the server configuration if I'm trying to access a file locally? Is there a better way to require this include than the method that I am using? I'm relatively new to PHP and coding as a whole, so I'd appreciate if you are verbose, or point me to other resources I may use to learn. Thank you for any responses or help.
The reason that your code doesn't work with plugins_url is because that returns a URL such as https://www.example.com/wp-content/plugins/your-plugin/includes/class-wc-payment-gateway-elavon.php which will be executed on the server as PHP and the result of that execution return, not the code itself.
My recommendation is in your main plugin entry file do something like this:
define('MY_AWESOME_PLUGIN_PATH', __DIR__);
Replace that constant name as you see fit.
Then, whenever you need to include something you can just use:
require_once MY_AWESOME_PLUGIN_PATH . '/includes/class-wc-payment-gateway-elavon.php';
In the longer run, if you have more classes you might want to explore using an autoloader instead.
I have the following code in a php/html file:
<?php
include('sample.php');
include_once('foo.php');
include('bar.php');
?>
On my dev server (php's built-in server), everything is working fine, on the production server (apache2) though I get a blank page when accessing the file.
The only way to get to the actual page is by removing all 3 includes, removing a single one or two of them does not resolve the problem. In the included files I do include files, which might get loaded more than once with include_once. Apart from that I have no glue why there is an error since everything is working on my dev server and some of the included files work well in other parts of the app.
It is probable that the configuration of include_path on your dev server contains ., which means: if file is included with relative path, try to find it in the current directory. This setting is probably not present on the prod server (see for yourself with phpinfo()).
I have a file called config file containing lots of function in my online server, I decide to include this file on a project I'm doing locally by simply coding
<?php include("http://example.com/config.php") ;?>
And I have a function called
<?php restrict(){
//content
} ;?>
This function is not working despite the fact that I've included the file
To allow inclusion of remote files, the directive allow_url_include must be set to On in php.ini
But that is a security problem, that's why is generally disabled (I've never seen it enabled, actually)
You certainly don't have included the source code of the PHP file but the ouput it does, it won't work. You have a webserver like apache or nginx + fpm that interprets the source code you have exposed.
You can serve this file as it without any interpretaion (by disabling mod_php on apache for instance) but you shouldn't. Exposing the source code is always a bad idea and must be avoided.
hello i am implementing php files from one website into another and here is the following error message i am getting when trying to open the following page with implemented php files:
http://www.holidaysavers.ca/europe-destinations-canada.php
basically the php files i am importing from one website into another are identical , however they work on the original website but when i implement them into a new website it does not work anymore.
could you assist me in trying to get this resolved?
thank you
You can't include a PHP script that is on an external website/server into your local script - unless you enable allow_url_include on your php.ini (if you have access to it)
Instead, you can let that website/server render the page and get the resulting html output on your local script.
Replace this line in your script:
include('http://www.holidaysavers.ca/europe-canada.php?detour');
With this:
echo file_get_contents('http://www.holidaysavers.ca/europe-canada.php?detour');
Could you post the code from "europe-destinations-canada.php"? It looks like the script is asking to do stuff that's not configured in your php setup on this new site/server
I don't really know what kind of host you are using or if you are using Xampp, I do have an easy fix to it, for xampp and possibly other web server software. Go to your php.ini file, which you can search for or just look for it in c:\\xampp\php\php.ini, the php.ini should be in the php folder in the server software folder. Now search for allow_url_include in the php.ini file and than replace Off with On, if it isn't already on or something. This is most likely the fix because it worked for me.
I might be able to help further if I know if you are using a hosting or home server. If you are using a hosting website than please share what kind of hosting service you are using so I could inspect it further.
Using as example a random remote php file.
The goal is to use this remote file locally, make sure it hasn't change or be altered. The remote file will be downloaded one time only.
Hard coding the sha256 signature avoid to use the network on startup. This is just a base that can be turned to many scenarios, like checking for updates, depending your needs.
<?php
$lib_url = "https://raw.githubusercontent.com/getopt-php/getopt-php/master/src/CommandInterface.php";
$lib_filename = basename($lib_url);
// SHA256 signature
$lib_signature = hash_file("sha256",$lib_url); // "dba0b3fe70b52adbb8376be6a256d2cc371b2fe49ef35f0c6e15cd6d60c319dd"
// Hardcode the signature to avoid a network call on startup:
//$lib_signature = "dba0b3fe70b52adbb8376be6a256d2cc371b2fe49ef35f0c6e15cd6d60c319dd";
if (!is_file($lib_filename) || $lib_signature != hash_file("sha256",$lib_filename)){
// No local copy found, or file signature invalid, get a copy
copy($lib_url, $lib_filename);
}
require $lib_filename;
It is very useful if you intent to share a program as a single file, without composer.
For the case of a file hosted on Github, an ETag HTTP header is provided, it can be used to avoid to download the whole file.
php -r 'var_dump(json_decode(get_headers("https://raw.githubusercontent.com/getopt-php/getopt-php/master/src/CommandInterface.php", 1)["ETag"]));'
//string(64) "c0153dbd04652cc11cddb0876c5abcc9950cac7378960223cbbe6cf4833a0d6b"
The ETag HTTP response header is an identifier for a specific version
of a resource. It lets caches be more efficient and save bandwidth, as
a web server does not need to resend a full response if the content
has not changed.
Warning: include() [function.include]: URL file-access is disabled in the server configuration in /home/content/91/8151691/html/HolidaySavers.ca/europe-destinations-canada.php on line 52
says it all. I believe this is called XXS. It appears you're attempting to include a URL based file which is denied in your server configuration which is either one of two things.
You're attempting to include the file on site B from site A which you would then use instead of include('WhateverFile'); file_get_contents('WhateverFile'); however this will only return the client side data as it is an HTTP request;
You've duplicated the file on site B and forgot to update the domain configuration. Be sure that the include path reflects the site you're running the script on ie.
include(dir($_SERVER['SCRIPT_FILENAME']) . DIRECTORY_SEPARATOR . 'WhateverFile.php');
In any case. I would have to actually examine the line 52 on the said file to see why PHP is complaining to you in detail lol
(Please be patient, this does have something to do with include.) I am waiting for a domain to transfer over and am trying to set it up on the new hosting service ahead of time. I realized that on the old site all the path names were absolute, so all my links on the new host point to pages on the old host. I decided to make them all relative (for future possible moves also). I first did it like this:
index.php
include ('./header.php');
header.php
include "./panel.php";
panel.php
Contents of panel.
This works, and my page displays:
Contents of panel.
Then I decided to set a variable for the domain because I want to include this header file from files in subdirectories and I can use the domain variable to make an absolute path. Right now I have a temporary domain name, which I can change later to the real domain name when the transfer comes through. So I changed header.php to:
$domain="http://tempdomain.com"; //I can change this after the transfer
$panel=$domain."/panel.php";
echo $panel;
if ((include $panel) !== 1)
{
echo "<br>include failed";
}
What I get is:
http://tempdomain.com/panel.php
include failed
I've looked at various sites for include syntax, but I can't find any error in my code. All these files are in the / directory. Any ideas?
When you include, you have to give the directory structured, not the url.
Your hosting server path may be home/public/www/htdocs/your_directory_name/panel.php something like this. Then it will work.
remort include is also posiible
if
1. server's php.ini should allow it.
2. the file which will be included should not be preprossed before include. That means it must return unprocessed code :)
First, the allow_url_fopen flag must be set in php.ini. Otherwise remote include() cannot be done. Run var_dump(ini_get("allow_url_fopen")); to see if it is the case.
Second, "Windows versions of PHP prior to PHP 4.3.0 do not support access of remote files via this function, even if allow_url_fopen is enabled." - see PHP docs
Third, your remote PHP script must produce valid PHP code as output. If you include() via http, then not the script itself, but its output will be included.