I hope you all are in the best mood to help me in my problem .
Ok now I'm using a free hosting that doesn't allow url_allow_include , my domain is example.com and I wanna include a php file from eample2.com/file.php always when I want to do that it doesn't work , please I don't want answers that says contact your hosting provider to enable it for you. I wanna some trick using curl for example or anything else that will solve my problem and thanks in advance
Sure you don't want to hear it... But still, the answer is contact your hosting provider.
But before you do, let me tell you why you probably shouldn't do so in the first place:
If the PHP file you want to include is included over a url (that is with http:// in front of it) , you will be asking the webserver of example2.com to give you that file. The webserver will then run that file through PHP (thus already parsing that file) and give you the parsed HTML that the script produces. And you will end up including the parsed HTML in stead of the original contents of the PHP file you are trying to include.
If by any chance example.com and example2.com are hosted on the same machine, try including the desired file by using an absolute file path to that file. (eg include "/var/www/example2/yourPHPfile.php";)
Contact your host. Option #1 see if they can change that setting. Option #2 see if you can access the php.ini file and find that option in it and change the value. That's about the best you can do but also try this before both options and see if you get an error. If you do the host is blocking it and probably wont allow you to change it.
ini_set('allow_url_include', "0");
Related
This is my first time I use Filezilla and ftp. I uploaded my files.php. After I entered the hostname on address bar, I could see which files I had uploaded.
The interesting part comes here: When I clicked on index.php to view, It displayed only the html parts.
When I opened page source code, I saw that my php was commented, like this:
From what I had originally written:
<?php include '/includes/php/menu.php'; ?>
it became:
<!--?php include '/includes/php/menu.php'; ?-->
If anyone could help me I would appreciate it. Does any of the above has anything to do with host properties? From what I read, it supported php.
Your host may support php, but that does not mean that PHP is enabled. You can perform a very simple test to find out.
Create a file named test.php and drop one line of php in it and save it:
<?php phpinfo(); ?>
Upload the test.php file to the server and point your browser to it. It should output a bunch of information about the web server if PHP is working.
If not, check your host admin (cpanel) to see if you can enable it yourself. If you don't find it, just submit a ticket to have your host enable it.
PS: Remember to delete the test.php from your site as it is not great for security to leave it there.
UPDATE:
It sounds like you don't have Includes module installed. If you are using Apache, make sure the Apache Module mod_include. To check if you have the module installed you should create a file called phpinfo.php and upload to your server root and it should include the following code:
<?php
phpinfo();
?>
Then load phpinfo.php in your browser and mod_include should be included in the section Loaded Modules. It would be highly unusual if it wasn't there, as it is the default to have it installed on most Apache systems. If you are not on an Apache server, you can still follow the above instructions.
You can set the default editor to view/edit files under Settings->File Settings->Filetype Associations. An example using Notepad is below. There is also a box to inherit system filetype associations and I have it checked.
txt C:\Windows\System32\notepad.exe
php C:\Windows\System32\notepad.exe
I wanna thank all for your support. I am rather newbie in PHP and with you advice I have learnt a lot in the process. I have low rep so I can't give good rates to your answers.
The problem consisted in ftp, but later after changing some options in the host everything went OK. I guess working with PHP offline differs from online.
Thanks a lot everyone
hello i am implementing php files from one website into another and here is the following error message i am getting when trying to open the following page with implemented php files:
http://www.holidaysavers.ca/europe-destinations-canada.php
basically the php files i am importing from one website into another are identical , however they work on the original website but when i implement them into a new website it does not work anymore.
could you assist me in trying to get this resolved?
thank you
You can't include a PHP script that is on an external website/server into your local script - unless you enable allow_url_include on your php.ini (if you have access to it)
Instead, you can let that website/server render the page and get the resulting html output on your local script.
Replace this line in your script:
include('http://www.holidaysavers.ca/europe-canada.php?detour');
With this:
echo file_get_contents('http://www.holidaysavers.ca/europe-canada.php?detour');
Could you post the code from "europe-destinations-canada.php"? It looks like the script is asking to do stuff that's not configured in your php setup on this new site/server
I don't really know what kind of host you are using or if you are using Xampp, I do have an easy fix to it, for xampp and possibly other web server software. Go to your php.ini file, which you can search for or just look for it in c:\\xampp\php\php.ini, the php.ini should be in the php folder in the server software folder. Now search for allow_url_include in the php.ini file and than replace Off with On, if it isn't already on or something. This is most likely the fix because it worked for me.
I might be able to help further if I know if you are using a hosting or home server. If you are using a hosting website than please share what kind of hosting service you are using so I could inspect it further.
Using as example a random remote php file.
The goal is to use this remote file locally, make sure it hasn't change or be altered. The remote file will be downloaded one time only.
Hard coding the sha256 signature avoid to use the network on startup. This is just a base that can be turned to many scenarios, like checking for updates, depending your needs.
<?php
$lib_url = "https://raw.githubusercontent.com/getopt-php/getopt-php/master/src/CommandInterface.php";
$lib_filename = basename($lib_url);
// SHA256 signature
$lib_signature = hash_file("sha256",$lib_url); // "dba0b3fe70b52adbb8376be6a256d2cc371b2fe49ef35f0c6e15cd6d60c319dd"
// Hardcode the signature to avoid a network call on startup:
//$lib_signature = "dba0b3fe70b52adbb8376be6a256d2cc371b2fe49ef35f0c6e15cd6d60c319dd";
if (!is_file($lib_filename) || $lib_signature != hash_file("sha256",$lib_filename)){
// No local copy found, or file signature invalid, get a copy
copy($lib_url, $lib_filename);
}
require $lib_filename;
It is very useful if you intent to share a program as a single file, without composer.
For the case of a file hosted on Github, an ETag HTTP header is provided, it can be used to avoid to download the whole file.
php -r 'var_dump(json_decode(get_headers("https://raw.githubusercontent.com/getopt-php/getopt-php/master/src/CommandInterface.php", 1)["ETag"]));'
//string(64) "c0153dbd04652cc11cddb0876c5abcc9950cac7378960223cbbe6cf4833a0d6b"
The ETag HTTP response header is an identifier for a specific version
of a resource. It lets caches be more efficient and save bandwidth, as
a web server does not need to resend a full response if the content
has not changed.
Warning: include() [function.include]: URL file-access is disabled in the server configuration in /home/content/91/8151691/html/HolidaySavers.ca/europe-destinations-canada.php on line 52
says it all. I believe this is called XXS. It appears you're attempting to include a URL based file which is denied in your server configuration which is either one of two things.
You're attempting to include the file on site B from site A which you would then use instead of include('WhateverFile'); file_get_contents('WhateverFile'); however this will only return the client side data as it is an HTTP request;
You've duplicated the file on site B and forgot to update the domain configuration. Be sure that the include path reflects the site you're running the script on ie.
include(dir($_SERVER['SCRIPT_FILENAME']) . DIRECTORY_SEPARATOR . 'WhateverFile.php');
In any case. I would have to actually examine the line 52 on the said file to see why PHP is complaining to you in detail lol
I'm trying to download the file https://gdata.youtube.com/feeds/api/users/testuser to a string (this file contains the youtube API details from the user 'testuser'). But when I download it with fopen I just get a blank file. I searched a bit but nothing helped, what could be wrong? I tested the same code with a file from the same server and it worked.
Also, I know it's possible because some sites do exactly what I'm trying to do (such as SocialBlade)
did you try file_get_contents check if you get the file using this..
Try with file_get_contents. Seems more appropriate.
Beware of the allow-url-fopen setting
If you are on a hosting service on a shared server, Chances are high that you can not change the allow-url-fopen configuration since it is in PHP_INI_SYSTEM mode. Ask your hosting service for more information about this.
(Please be patient, this does have something to do with include.) I am waiting for a domain to transfer over and am trying to set it up on the new hosting service ahead of time. I realized that on the old site all the path names were absolute, so all my links on the new host point to pages on the old host. I decided to make them all relative (for future possible moves also). I first did it like this:
index.php
include ('./header.php');
header.php
include "./panel.php";
panel.php
Contents of panel.
This works, and my page displays:
Contents of panel.
Then I decided to set a variable for the domain because I want to include this header file from files in subdirectories and I can use the domain variable to make an absolute path. Right now I have a temporary domain name, which I can change later to the real domain name when the transfer comes through. So I changed header.php to:
$domain="http://tempdomain.com"; //I can change this after the transfer
$panel=$domain."/panel.php";
echo $panel;
if ((include $panel) !== 1)
{
echo "<br>include failed";
}
What I get is:
http://tempdomain.com/panel.php
include failed
I've looked at various sites for include syntax, but I can't find any error in my code. All these files are in the / directory. Any ideas?
When you include, you have to give the directory structured, not the url.
Your hosting server path may be home/public/www/htdocs/your_directory_name/panel.php something like this. Then it will work.
remort include is also posiible
if
1. server's php.ini should allow it.
2. the file which will be included should not be preprossed before include. That means it must return unprocessed code :)
First, the allow_url_fopen flag must be set in php.ini. Otherwise remote include() cannot be done. Run var_dump(ini_get("allow_url_fopen")); to see if it is the case.
Second, "Windows versions of PHP prior to PHP 4.3.0 do not support access of remote files via this function, even if allow_url_fopen is enabled." - see PHP docs
Third, your remote PHP script must produce valid PHP code as output. If you include() via http, then not the script itself, but its output will be included.
I'm developing a PHP application that has to respond to request from several clients, and I thinks "Can any of the clients see the PHP code that I'm writing?".
No, unless
There is a server misconfiguration
There is a bad echo/include somewhere
No. Unless you're echoing it to them under where you're actually using it.
Use includes from below or outside the www served directory. (can't +1 yet.. for Frankie)
Don't use symlinks for your http directories. I've intentionally used this to both show source and execute depending on user request path before, but that required httpd.conf changes (or misconfiguration) and can explicitly be disabled in httpd.conf.
If allowing downloads of files using fopen, don't pass anything the user creates to it or they could figure out how to get it to grab any file they can find.
Consider:
fopen('reports/' . $_GET['blah']);
where the user passes in '../index.php'
No, but you should take all measures to prevent it.
You should always set your sensitive code (heck, why not all?) in a directory bellow your server working dir (say /www), that way if the server gets messed up, it wont be able to show your code to the world because that code will be included by php that is not working in the first place.
If you have your webserver set to serve instead of parse your php yes. But then the clients wouldn't work. So the barring any security holes, answer is no.
No. Assuming you've installed a L/UAMP server properly, or aren't printing out (echo, print_r, etc.) and of the guts of your code, the PHP will be processed and the logic or HTML it's meant to output will be used on the page, not visible.
N.B. If there isn't an 'index' in a directory or a proper .htacess file, an Apache server will show a list of files in the directory, which can be downloaded and reviewed.
One mistake for it to happen is to paste a php tag inside a php string, example:
$string = "This is the answer: <s><?php echo $answer; ?></s>";
echo $string;
The person did a Ctrl+C and Ctrl+V of something that should be printed along the string, but the coder forgot to remove the php tags by distraction.