Jump to content

[SOLVED] file_get_contents - issues with remote files


gregsmith

Recommended Posts

Hi there,

 

I'm currently a complete newb to remote file access (although not a newb to php). 

 

I started by trying just a standard include to the remote file I'm after but the server won't let me do this.  I also gather it's very insecure.

 

I came across the file_get_contents() function and it seems to work pretty well like:

 

echo file_get_contents("file.php");

 

I am, however, having trouble with mysql access.  The system I'm developing currently opens the database connection before the file is included so any sql in the included file is executed on the correct database.  Now that I'm using file_get_contents, this doesn't seem to work - I get an 'Warning: mysql_query() [function.mysql-query]: Access denied for user...' error.

 

Can anyone help me out with what might be going on?  Also any tips on how you do remote access would be great.

Link to comment
Share on other sites

curl seems like a good thing to learn - however this system will likely be installed on many different servers, so I would rather stick to just PHP so I don't have to ask for curl to be installed.

 

To try and clarify:  The 'echo file_get_contents(included_file.php)'; seems to work as a fine substitute to include 'included_file.php'; apart from any sql that's in that file doesn't work.  The mysql connection script is executed before the file is included.

 

Any more help?

Link to comment
Share on other sites

by 'got' I mean got the contents.

 

All I know is that the page works when I was using include 'file.php' and now it doesn't when I try and include it remotely using 'echo file_get_contents('file.php')'.  I'm just trying to include code from a remote location rather than a local location.  This is so I can use the same include files in a number of different installations of the same system so I don't have to keep updating 10's of local copies.

 

What's so 'Mad' about that?

 

When I was using include, the php code seemed to be executed AFTER it was included.  Now that I'm using the other methods (just tried cURL), it seems to be executed BEFORE the include.

Link to comment
Share on other sites

Well, say you have login.php on a remote server in the USA and you include it from a server in Japan. When a user tries to log into your site in Japan, this server will try to include_once( 'file_from_USA' ) which may take 30 seconds, or time out.

 

And you'll copy it over every time someone tries to log, 100s of times a day. And the file you are copying 100s of times a day doesn't change for 2 months = 100 a day x 30 a month x 2 months = 6,000 times this file is copied over the internet.

 

Like I said. Mad. But don't let me put you off your project.  ;D ;D

 

monk.e.boy

Link to comment
Share on other sites

Well, you're not going to put me off because you've arrogantly assumed that you know the usage level and future of my project.  Oh well, as long as you sound clever and knowledgeable I guess that's all that matters.

 

In the meantime does anyone who actually has knowledge and experience of remote include methods care to grace me with their help please?

Link to comment
Share on other sites

OK, I've just discovered from a similar post on a similar forum that what I'm trying to do is not possible.

 

When using 'include', 'file_get_contents()' or 'cURL' you cannot include code itself.  The remote server holding the file will always parse as php and send the result rather than including the php code, unlike if it was being included from a local resource.  This is why the mySQL in my code wasn't working.

 

This does of course make sense from a security point of view.  I thought there might be some secure way round it but apparently not.

 

I'll have to use a build tracking process and installation procedure instead I guess.

 

Cheers,

 

Greg

Link to comment
Share on other sites

Oh well, as long as you sound clever and knowledgeable I guess that's all that matters.

 

Oh, man.

 

Do I feel bad now.

 

I was right and you were wrong. I thought what you were doing was a bit mad  ;D ;D

 

Actually you could do what you want, just download the php file using CURL, then save it to a readable directory and then include it.

 

I can not see why that won't work. I do it all the time with normal web pages, I download them, then regex through them looking for stuff.

 

Anyone? Why wouldn't this work?

 

monk.e.boy

Link to comment
Share on other sites

Oh well, as long as you sound clever and knowledgeable I guess that's all that matters.

 

Oh, man.

 

Do I feel bad now.

 

I was right and you were wrong. I thought what you were doing was a bit mad  ;D ;D

 

I still don't think what I was doing was mad as I would still consider it under certain circumstances using a method such as the one you mentioned, however I was a unnecessarily sarcastic.  You caught me in a bad mood  ;)

You're method seems spot on and I can't see why it wouldn't work.  Another (although super insecure) method is to rename the php includes as .inc (or whatever) files.  This obviously opens up the code to anybody so is pretty dumb.  However, I can think of a few scenarios where this method may be appropriate.

Link to comment
Share on other sites

How about:

 


// make ftp connection
$conn_id = ftp_connect($ftp_server); 
// login with username and password
$login_result = ftp_login($conn_id, $ftp_user_name, $ftp_user_pass); 
ftp_get($conn_id, $local_file, $server_file, FTP_TEXT));

check date+time of php file (or open the file and read a version number, this could be in a comment string at the top of the file)

is it newer than our local version?
{
  move file to includes folder
}

include_once 'file.php';

 

Try that, I'm sure it should work.

 

You could shove all this into a function called include_once_remote() and use that instead of include_once.

 

Please take the time to try this and tell us if it works  ;D:D;D

 

cheers,

 

monk.e.boy

Link to comment
Share on other sites

I've been suggested another method that is a bit simpler on another forum:

 

Rename all included files to .inc (or whatever is suitable) and put them in a specific folder.

Protect the folder with htaccess requiring user authentication.

Using curl you can retrieve the file by passing the correct user authentication login information.

 

Can you see any security issues with this method?  Sounds like the best suggestion so far.

Link to comment
Share on other sites

I'm putting this part of the project on hold as I've just run into a host of new problems with it that I just don't have time to sort out.  I think both methods will work though.

 

If I readdress it at a later date, I'll post my results.  Until then remote access won't be part of my system - build management and remote update installs will take it's place.

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.