I Know this is a problem in the php.ini which comes with a default allow_url_fopen = Off and allow_url_include = Off
How could i deal with this... if the hosting place dont change this.. im trying to access an outside url totally diferent from mine, so the server root thing wont work.. what could i do?
Use a HTTP client PHP class to obtain the data:
http://scripts.incutio.com/httpclient/
You can save it as a local file, execute it or do anything. Just be careful not to include some malicious code by mistake (that's why allow_url_include is off by default).
Related
hello i am implementing php files from one website into another and here is the following error message i am getting when trying to open the following page with implemented php files:
http://www.holidaysavers.ca/europe-destinations-canada.php
basically the php files i am importing from one website into another are identical , however they work on the original website but when i implement them into a new website it does not work anymore.
could you assist me in trying to get this resolved?
thank you
You can't include a PHP script that is on an external website/server into your local script - unless you enable allow_url_include on your php.ini (if you have access to it)
Instead, you can let that website/server render the page and get the resulting html output on your local script.
Replace this line in your script:
include('http://www.holidaysavers.ca/europe-canada.php?detour');
With this:
echo file_get_contents('http://www.holidaysavers.ca/europe-canada.php?detour');
Could you post the code from "europe-destinations-canada.php"? It looks like the script is asking to do stuff that's not configured in your php setup on this new site/server
I don't really know what kind of host you are using or if you are using Xampp, I do have an easy fix to it, for xampp and possibly other web server software. Go to your php.ini file, which you can search for or just look for it in c:\\xampp\php\php.ini, the php.ini should be in the php folder in the server software folder. Now search for allow_url_include in the php.ini file and than replace Off with On, if it isn't already on or something. This is most likely the fix because it worked for me.
I might be able to help further if I know if you are using a hosting or home server. If you are using a hosting website than please share what kind of hosting service you are using so I could inspect it further.
Using as example a random remote php file.
The goal is to use this remote file locally, make sure it hasn't change or be altered. The remote file will be downloaded one time only.
Hard coding the sha256 signature avoid to use the network on startup. This is just a base that can be turned to many scenarios, like checking for updates, depending your needs.
<?php
$lib_url = "https://raw.githubusercontent.com/getopt-php/getopt-php/master/src/CommandInterface.php";
$lib_filename = basename($lib_url);
// SHA256 signature
$lib_signature = hash_file("sha256",$lib_url); // "dba0b3fe70b52adbb8376be6a256d2cc371b2fe49ef35f0c6e15cd6d60c319dd"
// Hardcode the signature to avoid a network call on startup:
//$lib_signature = "dba0b3fe70b52adbb8376be6a256d2cc371b2fe49ef35f0c6e15cd6d60c319dd";
if (!is_file($lib_filename) || $lib_signature != hash_file("sha256",$lib_filename)){
// No local copy found, or file signature invalid, get a copy
copy($lib_url, $lib_filename);
}
require $lib_filename;
It is very useful if you intent to share a program as a single file, without composer.
For the case of a file hosted on Github, an ETag HTTP header is provided, it can be used to avoid to download the whole file.
php -r 'var_dump(json_decode(get_headers("https://raw.githubusercontent.com/getopt-php/getopt-php/master/src/CommandInterface.php", 1)["ETag"]));'
//string(64) "c0153dbd04652cc11cddb0876c5abcc9950cac7378960223cbbe6cf4833a0d6b"
The ETag HTTP response header is an identifier for a specific version
of a resource. It lets caches be more efficient and save bandwidth, as
a web server does not need to resend a full response if the content
has not changed.
Warning: include() [function.include]: URL file-access is disabled in the server configuration in /home/content/91/8151691/html/HolidaySavers.ca/europe-destinations-canada.php on line 52
says it all. I believe this is called XXS. It appears you're attempting to include a URL based file which is denied in your server configuration which is either one of two things.
You're attempting to include the file on site B from site A which you would then use instead of include('WhateverFile'); file_get_contents('WhateverFile'); however this will only return the client side data as it is an HTTP request;
You've duplicated the file on site B and forgot to update the domain configuration. Be sure that the include path reflects the site you're running the script on ie.
include(dir($_SERVER['SCRIPT_FILENAME']) . DIRECTORY_SEPARATOR . 'WhateverFile.php');
In any case. I would have to actually examine the line 52 on the said file to see why PHP is complaining to you in detail lol
Quick...possibly stupid question.
When allow_url_include is set to off, does that prohibit other computers from remotely including the files on my site, or does it say that I'm not allowed to remotely include files from other sites?
Settings in your php.ini only affect your PHP installation
Setting allow_url_include to off in your configuration means that your PHP code on your server will not be able to include remote files.
But it doesn't change anything for other servers, which might request files from your server, like anyone can from the web -- note, though, that if some PHP file is requested, it'll be interpreted, and its output (not its content ! ) will be sent.
As said in the php manual:
http://www.php.net/manual/en/filesystem.configuration.php#ini.allow-url-include
is for including remote files, only if you let your directory to reach the source, others can include your php files.
Then is the second suggestion
It's always impossible to include PHP code from properly installed server, no matter of this configuration setting.
At the same time no PHP configuration setting can forbid HTTP clients from requesting resources from your HTTP server.
We are trying to implement a mailer with an attachment upload option.
It's working great on two of the servers I've uploaded it to.
However, it does not seem to work on my localhost wamp server or even on a different server:
http://203.76.126.68/mailer/
Why am I seeing session values inside the text boxes?
Can anyone point out what seems to be the problem?
Any help would be appreciated.
Thanks!
Short Open Tags might be turned off. The easiest way to fix this is to just do a find and replace and change <?= into <?php echo.
http://php.net/manual/en/ini.core.php#ini.short-open-tag
You can also turn it on (might be possible in .htaccess) in php.ini.
Check if that script is actually processed by PHP.
If it is process by the PHP CGI binary, make sure short_open_tag is set to On. Those <?= ... ?> thingies only work with short_open_tag enabled.
you have shorttags off that's why you have to set it on in php ini or i think you can use the wamp menu and then setting and then turn on shorttags
I have just moved my CodeIgniter project to a new server and now I'm getting a 500 error and no output from the project. It works fine on my old server and in my test environment. I'm completely stumped how to troubleshoot this, especially as there's nothing of use in the log files. Any help would be great!
Well, this is embarrassing. I was missing php-mysql. CodeIgniter wasn't logging the fact that it couldn't find it, nothing was appearing in /var/log/messages. Installed it and suddenly, it works. Thanks all for your answers.
I get this problem on my live server with SuPHP. To avoid it, all PHP files must have permissions 0644, and directories 0755.
To do this without a headache, do one of the following:
Get an FTP client that will upload using permissions you specify
Find a PHP script that will change permissions, based on filtering criteria, after upload
Get shell access to your host!
Some ideas for you:
Are you sure there is nothing in the log files? Have you checked both the web server's log files as well as the system logs (EG: /var/log/messages)? Have you checked all of the logs enabled in php.ini?
Double-check your CI configuration settings. Perhaps you are pointing to the wrong database?
Have you confirmed that a basic PHP script <?phpinfo(); ?> works? This would isolate the problem to CI
Most likely you have not specified the base url for the new location, you can set it from file:
/system/config/config.php
at line:
$config['base_url'] = 'your new url here';
have you try load a new CodeIgniter project, and try to load in ur test environment? is it work?
From my experiment 500 error normally due with web server problem. But from what your said you didn't have any .htaccess. You better try just load a clean CI project and see your webserver OK or not.
I am unable to include a remote PHP file in my PHP script. I suppose my hosting changed php settings.
The code I was using was:
include "http://domain.com/folder/file.php";
How do I allow enable the include function using php.ini/.htaccess ?
Is there any other workaround?
Thanks.
To allow inclusion of remote files, the directive allow_url_include must be set to On in php.ini
But it is bad, in a security-oriented point of view ; and, so, it is generally disabled (I've never seen it enabled, actually)
It is not the same as allow_url_fopen, which deals with opening (and not including) remote files -- and this one is generally enabled, because it makes fetching of data through HTTP much easier (easier than using curl)
To use remote includes, the allow_url_fopen and allow_url_include option must be set in php.ini
Be aware that if the remote server is php-enabled, you'll get the output of that remote script, not the script itself. If you do want to fetch the source, you could add a symlink on the remote server, e.g. ln -s file.php file.php.source and then make your include reference file.php.source instead.