It seems like I can't use shell_exec or proc_open on my shared server.
The message I get when I try to use it is:
Warning: shell_exec() has been disabled for security reasons in /home/georgee/public_html/admin/email.php on line 4
Are there any alternatives to these functions?
I assume you want to use this for async processing, for instance sending eMails in a separate process (hence the error in email.php). If so, please check if cURL is enabled. You can trigger your scripts through an HTTP request without waiting for the response.
Further reading:
Asynchronous/parallel HTTP requests using PHP multi_curl
How to use curl_multi() without blocking
How do I make an asynchronous GET request in PHP?
If cURL is not available, try to use with non-blocking streams:
http://de.php.net/manual/en/function.stream-set-blocking.php
http://thethoughtlab.blogspot.com/2007/04/non-blocking-io-with-php-mio.html
For added security, consider using a self-defined API key, so the eMail sending URL cannot be triggered without permission. Pass this in as a GET or POST. You could also validate if the request came from the same server.
The only alternative is to not use shared hosting. They don't want you doing this for a reason.
Try using backtick operator
This answers seems to suggest these is not much you can do.
Just a follow up for people who need to use shared hosting. While I no longer recommend HostGator due to their sub-par support (resulting from their purchase by EIG), they do allow popen.
Related
I'm trying to download file from remote url with fopen function.
Problem it's function return false from one website that i need. From other domains functions works fine.
How could it be? Maybe have some options in php? Or that website can protect file from some access(but from browser file available)?
There are a number of checks the server side can do to prevent "miss usage" of their service. One example is a check of the "HTTP Referer Header" which indicates that your request is done by a browser navigating from a link to the object.
You can simulate all that if you want to, but for that you have to find out exactly what the difference is between your request and one the browser successfully makes. Two things to do for that:
find out the exact error message you receive back. Easiest for that is to use php's cURL extension instead of file_open() for your request, it allows you to dump everything you get back. There might be valuable information like a reason in the reply.
monitor both requests by means of a network sniffer, for example tcpdump or wireshark. The comparison of both requests allows to tell the exact difference. That again is the information you need to precisely rebuilt the browsers request in your script.
On some shared hosting or some VPS fopen not work or are disabled inside PHP. Try to use CURL to get contnt. If that not work, the last solution (only if you send some informations via GET but not to recive data) is to use <img> tag and inside "src" to send request. That work ONLY if you send informations, but if you need to recive something, you need to use or AJAX or cURL.
I'm currently in the process of building/implementing a logging system for a website I'm working on that's in PHP. The way the logging system works is I send a JSON request to localhost and that json gets logged (basically, anyway.
My question is:
what's the fastest way I can make a quick fire and forget call with a JSON POST? Is there a way to fire and forget with cURL?
There are multiple ways to do it: you could use the curl_multi functionality of the php_curl extension, which allows you to send asynchronous HTTP requests using cURL, but this requires that extension. GuzzlePHP provides a large wrapper around much of the functionality of cURL, including the curl_multi features if you are looking for an object-oriented approach. PHP's sockets also support asynchronous communications, a library which implements this for the HTTP protocol is available here [the client is written in "pure" PHP and has no dependency on cURL but supports asynchronous requests and fully complies with the HTTP 1.1 spec].
If you are looking for a fire and forget logging solution you might want to look at something that uses UDP protocol like Graylog.
You could use a small image that hits a PHP script. The php script logs the hit and returns a tiny 1x1 transparent GIF. Then the logging will happen after the page loads.
Some people disable the http wrapper for the include function. I need to use a query string when including a file, so I can't include it as a local file. Is it possible for me to override this setting? Can hosting companies make it impossible to override?
As long as I sanitise the input, I should be ok right?
no, you are never OK running the code you've got from a remote server. There are way too many ways to trick you into running something you don't expect. You'd better avoid it. If you are into adventures then you can try it with curl extension which is usually enabled on shared hosting. First get your text via curl
http://php.net/manual/en/function.curl-init.php
then eval it
http://php.net/manual/en/function.eval.php
I know that this is a simple question for PHP guys but I don't know the language and just need to do a simple "get" from another web page when my page is hit. i.e. signal the other page that this page has been hit.
EDIT: curl is not available to me.
If curl wrappers are on (they are per default), you can use:
file_get_contents('http://www.example.org');
Note that this happens synchronous, so before the request has completed, your page won't either. It would be better to log access to a logfile (or database) and export the data occasionally. Alternatively, you could do the request after your page has completed, and output has been sent to the client.
Beware file_get_contents() and fopen():
If PHP has decided that filename specifies a registered protocol, and that protocol is registered as a network URL, PHP will check to make sure that allow_url_fopen is enabled. If it is switched off, PHP will emit a warning and the fopen call will fail.
There's numerous ways... the simplest is file_get_contents('http://...');
Other functions like fopen() also support http: streams.
If you need more control, I'd suggest looking at curl (see curl_init)
There are a number of ways to send a GET request with PHP. As mentioned above, you can use file_get_contents, fopen or cURL.
You can also use the HTTP extension, the fsockopen() function or streams via fopen.
I'd advise checking out what WordPress has done, as it handles almost all possibilities.
You'll probably want to use cURL
I would like to know why it is better to use curl instead off other methods like
$ret=file($url) in php.
This is actually used to access an http api for an sms gateway.
Someone dropped a "I would recommend using curl for http connections", but I don't know why.
I just read that it is necessary for Paypal payments, so that does sound interesting.
I did a Google search "why use libcurl", but I haven't found an answer yet.
Could someone explain please?
I think the FAQ on the curl site says it best:
1.2 What is libcurl?
libcurl is a reliable and portable
library which provides you with an
easy interface to a range of common
Internet protocols.
You can use libcurl for free in your
application, be it open source,
commercial or closed-source.
libcurl is most probably the most
portable, most powerful and most often
used C-based multi-platform file
transfer library on this planet - be
it open source or commercial.
Also, curl facilitates downloading data from multiple sources simultaneously with better efficiency than say file_get_contents() or file().
Well, I don't know much about other methods of doing HTTP calls in PHP, so I'm not sure if they can do this or not, but Curl can mimic a web browser in pretty much every way, by setting headers, even the user-agent header, etc so that the web server just thinks its a browser which can be important as some sites will try to stop access from anything that isn't a traditional browser
Curl extension has a lot of options that you can set, for example the connection time out. You can also add post variables or access the site with a specific referer. I also reccomend you to use CURL.