Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 12 of 12
  1. #1
    Regular Coder
    Join Date
    Sep 2011
    Posts
    428
    Thanks
    18
    Thanked 26 Times in 26 Posts

    Question Upload a php file to a website to be included from other places

    I have a couple php files that I would like to upload to my website and include them in other files. I know that this can be done when the files are stored together, but I plan on doing it a little differently. Say I have the following script:

    PHP Code:
    <?php
    function writeText($string)
    {
        if(empty(
    $string))
            
    $string 'This was empty.';
        echo 
    $string;
    }
    ?>
    Now lets say I want to upload this script to my website, so I do this so it prints out the code. Say I change every apostrophe (" ' ") to " \' ", add "<?php echo'" to the beginning, and "';?>" to the end. In result we get this:

    PHP Code:
    <?php
    echo '<?php
    function writeText($string)
    {
        if(empty($string))
            $string = \'This was empty.\';
        echo $string;
    }
    ?>'
    ;
    ?>
    So if we load this file in a web browser, the source code would be printed out. My issue is in a separate php file, I would like to include this file using something like this:

    PHP Code:
    <?php
    require 'http://website.com/function.php';
    writeText('Function loaded!');
    ?>
    When I attempt this, it comes up with this error:
    Warning: require(http://website.com/function.php): failed to open stream: No such file or directory on line 2 (same here)

    Is there a different way I should attempt to do this what should I change? I've never done this before and would like to be able to because i have a few functions I use very frequently and would like to include it all from one main source, that way they all automatically get the latest version and I don't have to copy and paste the file everywhere it's wanted.

  • #2
    Senior Coder
    Join Date
    Feb 2011
    Location
    Your Monitor
    Posts
    4,339
    Thanks
    60
    Thanked 527 Times in 514 Posts
    Blog Entries
    4
    Thats actually a slightly different slant on how most of us get around it.

    Most folk would stick their php code into a .txt file (or anything other than .php) and just call that purely because .php files will be parsed when called over http.

    Do you need to echo the php code? In theory it will work (though I'd use a nowdoc instead - same as a heredoc but it's the single quote version) but it looks like you have fopenwrappers (or whatever its called) turned off. You should be able to determine this from the php ini settings but if you can't then try using include instead and if it still doesn't work you might want to try to use file_get_contents() and eval() the code. If file_get_contents() doesn't work either then you're screwed basically so try cURL!
    See my new CodingForums Blog: http://www.codingforums.com/blogs/tangoforce/

    Many useful explanations and tips including: Cannot modify headers - already sent, The IE if (isset($_POST['submit'])) bug explained, unexpected T_CONSTANT_ENCAPSED_STRING, debugging tips and much more!

  • #3
    Regular Coder Custard7A's Avatar
    Join Date
    Jul 2010
    Location
    Australia
    Posts
    286
    Thanks
    32
    Thanked 33 Times in 33 Posts
    Quote Originally Posted by tangoforce View Post
    .. it looks like you have fopenwrappers (or whatever its called) turned off.
    You mean allow_url_fopen?

    @ Dubz: If allow_url_fopen is disabled you won't be able to use the absolute URL — good for security, and portability. You could try a relative path, but remember, PHP sees farther than the public_html! You could set the ini setting include_path, and it could be something like this: "/home/username/includes", not "http://domain.com/includes". Running your scripts from behind www is good for security as well. Of course, if you want to run your scripts from a public directory, it would be more like "/home/username/public_html/includes", but that all depends on the structure of your directories on your server.

    You could also do it at runtime..

    PHP Code:


    <?php

     ini_set
    ("include_path","/home/username/includes");
     require 
    "function.php"// Looking for /home/username/includes/function.php
     
    writeText('Function loaded!');

     
    ?>
    May be the problem, or it may not.

  • #4
    Senior Coder
    Join Date
    Feb 2011
    Location
    Your Monitor
    Posts
    4,339
    Thanks
    60
    Thanked 527 Times in 514 Posts
    Blog Entries
    4
    Quote Originally Posted by Custard7A View Post
    You mean allow_url_fopen?
    Sounds about right Too late / early in the morning here for me to worry about the name and I wasn't feeling enthusiastic enough to hit google (my sleeping pattern is so screwed up right now).

    Anyway my point was that if its not enabled, Dubz won't be able to make remote calls to include external files. I'm not quite sure how your use of local paths is going to work for remote files and that is what Dubz is wanting to use.
    See my new CodingForums Blog: http://www.codingforums.com/blogs/tangoforce/

    Many useful explanations and tips including: Cannot modify headers - already sent, The IE if (isset($_POST['submit'])) bug explained, unexpected T_CONSTANT_ENCAPSED_STRING, debugging tips and much more!

  • #5
    Regular Coder Custard7A's Avatar
    Join Date
    Jul 2010
    Location
    Australia
    Posts
    286
    Thanks
    32
    Thanked 33 Times in 33 Posts
    Ah, I didn't think of it that way. What he said could be either including files across different sites, or just different scripts. Depends which he meant.

  • #6
    Regular Coder
    Join Date
    Sep 2011
    Posts
    428
    Thanks
    18
    Thanked 26 Times in 26 Posts
    Quote Originally Posted by Custard7A View Post
    Ah, I didn't think of it that way. What he said could be either including files across different sites, or just different scripts. Depends which he meant.
    I mean across sites. I know how to include them from different scripts that are in or around the same directory. I saw my friend put his php files on his website before and when you clicked on one (viewing from the site index) it displayed the code on the webpage. The only thing I didn't notice was if it was all changed to html format (htmlspecialchars() basically) or if he had some special way to do it. I thought about doing a .txt extension but didn't know if it would allow it to be used as php code in the file.

  • #7
    Senior Coder
    Join Date
    Feb 2011
    Location
    Your Monitor
    Posts
    4,339
    Thanks
    60
    Thanked 527 Times in 514 Posts
    Blog Entries
    4
    .txt should be fine but if you can't make an outbound connection you're still stuffed. Additionally you may still need to run it through eval but I doubt you will.

    Also to echo code without escaping everything you can use a nowdoc:
    PHP Code:
    //Note the single quotes that a heredoc does not use
    echo <<< 'STOP'
    <?php
    function writeText($string)
    {
        if(empty(
    $string))
            
    $string 'This was empty.';
        echo 
    $string;
    }
    ?>
    STOP;
    What is the difference? a nowdoc is the same as a single quoted string so any $variables will not be replaced with their values as they would in a double quoted string. It is however only available in PHP 5.3.0 and above.
    See my new CodingForums Blog: http://www.codingforums.com/blogs/tangoforce/

    Many useful explanations and tips including: Cannot modify headers - already sent, The IE if (isset($_POST['submit'])) bug explained, unexpected T_CONSTANT_ENCAPSED_STRING, debugging tips and much more!

  • #8
    Regular Coder
    Join Date
    Sep 2011
    Posts
    428
    Thanks
    18
    Thanked 26 Times in 26 Posts
    I got a working solution here. On the server end I put the php code in a tet document without the '<?php' and '?>' tags. On the client's side, it goes as simple as this:

    PHP Code:
    <?php
    eval(file_get_contents('http://dubzone.co.cc/scripts/php/basicfunctions.txt'));
    ?>
    This loads all the php code from that link and executes it (includes it basically). If anyone wants to check the code out, feel free to browse around it, some of the functions I find very useful! Just be sure to either include it the same way or save the entire file AS-IS if you would like to use it, don't remove the credits.

  • #9
    God Emperor Fou-Lu's Avatar
    Join Date
    Sep 2002
    Location
    Saskatoon, Saskatchewan
    Posts
    16,994
    Thanks
    4
    Thanked 2,662 Times in 2,631 Posts
    It also makes the script publicly viewable since its text only. Keep that in mind for the variables you put into it.
    You could also create a soap service for function calls as well. Trivial for something like this; you'd want to use soap where you can accept input and have it actually modify data in storage.
    eval should be used with extreme caution especially on remote. Its effectively saying "here's the keys to my server. I trust you won't break anything. . .". And when I say that, I say it literally. The PHP code will execute on the client server and follow instructions exactly as they are specified. It is a huge security hole.

  • #10
    Regular Coder
    Join Date
    Sep 2011
    Posts
    428
    Thanks
    18
    Thanked 26 Times in 26 Posts
    Quote Originally Posted by Fou-Lu View Post
    It also makes the script publicly viewable since its text only. Keep that in mind for the variables you put into it.
    You could also create a soap service for function calls as well. Trivial for something like this; you'd want to use soap where you can accept input and have it actually modify data in storage.
    eval should be used with extreme caution especially on remote. Its effectively saying "here's the keys to my server. I trust you won't break anything. . .". And when I say that, I say it literally. The PHP code will execute on the client server and follow instructions exactly as they are specified. It is a huge security hole.
    Everything in the file is either a function or comment, I wouldn't put sensitive data on there for other to have access to.

    As for the security hole on the clients end, that's not my problem. I know what I put in the file so I trust to use it this way for myself. If someone else would also like to do this, they can go right ahead and do it, if they don't want any risks, then hey can download it instead. I'm only doing it this way because I am tired of having to keep track of multiple copies of this file, this way is easier to update them all. I don't recommend doing this as a permanent solution for everything, but it's a way to remotely include a separate php script and I'm giving the solution to anyone who wants it.

  • #11
    Senior Coder
    Join Date
    Feb 2011
    Location
    Your Monitor
    Posts
    4,339
    Thanks
    60
    Thanked 527 Times in 514 Posts
    Blog Entries
    4
    You could include a username and password in the url as parameters to a php file and then check those. If correct, echo out the php code in a nowdoc as demo'd above.
    See my new CodingForums Blog: http://www.codingforums.com/blogs/tangoforce/

    Many useful explanations and tips including: Cannot modify headers - already sent, The IE if (isset($_POST['submit'])) bug explained, unexpected T_CONSTANT_ENCAPSED_STRING, debugging tips and much more!

  • #12
    Regular Coder
    Join Date
    Sep 2011
    Posts
    428
    Thanks
    18
    Thanked 26 Times in 26 Posts
    Quote Originally Posted by tangoforce View Post
    You could include a username and password in the url as parameters to a php file and then check those. If correct, echo out the php code in a nowdoc as demo'd above.
    I could, but I'm not worried about leechers. The functions are mostly pretty useful at some point or another and I don't mind if someone wants to use them as long as they leave the credits with it. If I was worried about protecting them then I would do something like that, but the functions in this file aren't any security risks on my part. If i needed to put a function somewhere else to avoid public access I would, but they are helpful little functions and could help others out.


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •