Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 6 of 6
  1. #1
    New Coder
    Join Date
    Dec 2006
    Posts
    36
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Include/require order

    I have a file called index.php:

    Code:
    	require 'http://www.ge64.nl/dbzoek/config.php';
    	require 'http://www.ge64.nl/dbzoek/functions.php';
    	require 'http://www.ge64.nl/dbzoek/dbzoek.php' . passgetvars($_GET);
    But it returns an error. This is because the function passgetvars is defined in functions.php. Is there any way to make functions.php included first before it continues the script, that way the 3rd line would work.

  • #2
    Supreme Master coder! _Aerospace_Eng_'s Avatar
    Join Date
    Dec 2004
    Location
    In a place far, far away...
    Posts
    19,291
    Thanks
    2
    Thanked 1,043 Times in 1,019 Posts
    Hmm seems like allow_url_fopen might be turned off meaning you can't use http urls. Try this
    PHP Code:
    require 'config.php';
    require 
    'functions.php';
    require 
    'dbzoek.php' passgetvars($_GET); 
    From the manual on require
    Quote Originally Posted by php.net
    Windows versions of PHP prior to PHP 4.3.0 do not support accessing remote files via this function, even if allow_url_fopen is enabled.
    Last edited by _Aerospace_Eng_; 01-07-2007 at 09:36 AM.
    ||||If you are getting paid to do a job, don't ask for help on it!||||

  • #3
    New Coder
    Join Date
    Dec 2006
    Posts
    36
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by _Aerospace_Eng_ View Post
    Hmm seems like allow_url_fopen might be turned off meaning you can't use http urls. Try this
    PHP Code:
    require 'config.php';
    require 
    'functions.php';
    require 
    'dbzoek.php' passgetvars($_GET); 
    From the manual on require
    Well the script is running on a different server, so the code you posted would never work. Also, it is running on PHP4.1 Linux, actually I did read the notice. The included pages work except they arae all included at the same time, therefor the 3rd one returns an error (the 2nd one hasn't finished yet when php tries to include the 3rd one)

  • #4
    New Coder
    Join Date
    Dec 2006
    Posts
    36
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Wow look what I found:

    Something not previously stated here - but found elsewhere - is that if a file is included using a URL and it has a '.php' extension - the file is parsed by php - not just included as it would be if it were linked to locally.

    This means the functions and (more importantly) classes included will NOT work.

    for example:

    include "http://MyServer.com/MyInclude.php";

    would not give you access to any classes or functions within the MyInclude.php file.

    to get access to the functions or classes you need to include the file with a different extension - such as '.inc' This way the php interpreter will not 'get in the way' and the text will be included normally.
    From the manual on include/comments

    [s]i'll try that[/s]

    Edit: It works! I wonder why it doesnt work when you use .php though...
    Last edited by Ge64; 01-07-2007 at 10:11 AM.

  • #5
    Supreme Master coder! _Aerospace_Eng_'s Avatar
    Join Date
    Dec 2004
    Location
    In a place far, far away...
    Posts
    19,291
    Thanks
    2
    Thanked 1,043 Times in 1,019 Posts
    Mainly for security reasons so a user can't just execute the php from a remote host.
    ||||If you are getting paid to do a job, don't ask for help on it!||||

  • #6
    Senior Coder CFMaBiSmAd's Avatar
    Join Date
    Oct 2006
    Location
    Denver, Colorado USA
    Posts
    3,122
    Thanks
    2
    Thanked 327 Times in 319 Posts
    By having remote code/configuration files that can be included, they can also be viewed. This creates a great security risk for your server. Here are the first few lines of your admin.inc code -
    PHP Code:
    <?php

        
    if (md5($_GET['adminpass']) == $md5pass) {
            if (isset(
    $_GET['del'])) {
    Someone will find a security hole in your code or will find your database username and password. I recommend you don't write code that works in this way.
    If you are learning PHP, developing PHP code, or debugging PHP code, do yourself a favor and check your web server log for errors and/or turn on full PHP error reporting in php.ini or in a .htaccess file to get PHP to help you.


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •