SitePoint Sponsor

User Tag List

Results 1 to 18 of 18
  1. #1
    SitePoint Enthusiast SmAsH_HaCkEr's Avatar
    Join Date
    Aug 2009
    Location
    Egypt
    Posts
    64
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Question Include Problem with Headers !!

    Hey,

    I'm facing a problem with the include function when the included file is having a header code....

    I use in my file1.php this simple code


    PHP Code:
    include "http://localhost/test/file2.php"
    and the file2.php have this code

    PHP Code:
    header("HTTP/1.0 404 Not Found");
    include 
    "http://localhost/test/error404.html"

    and when i call file1.php it gets me this error

    Code:
    Warning: include(http://localhost/test/file2.php) [function.include]: failed to open stream: HTTP request failed! HTTP/1.0 404 Not Found in C:\xampp\htdocs\test\file1.php on line 3
    
    Warning: include() [function.include]: Failed opening 'http://localhost/test/file2.php' for inclusion (include_path='.;C:\xampp\php\PEAR') in C:\xampp\htdocs\test\file1.php on line 3
    when i remove the header function [header("HTTP/1.0 404 Not Found");] from file2.php and the code is like

    PHP Code:
    include "http://localhost/test/error404.html"
    it includes the error404.html page normally

    is there any way to keep the header code cuz I'm gonna need it in the RSS file as it must contain the code

    PHP Code:
    header('Content-Type: text/xml'); 
    notice that the "allow_url_fopen" and "allow_url_include" functions are switched on

  2. #2
    Keeper of the SFL StarLion's Avatar
    Join Date
    Feb 2006
    Location
    Atlanta, GA, USA
    Posts
    3,747
    Mentioned
    65 Post(s)
    Tagged
    0 Thread(s)
    Include them using RELATIVE uri's, not absolute.
    Using the absolute (http://...) means that PHP will make an external connection rather than a local file read. Local file read = I get the source code. External connection = I get the RESULT. Your result = 404 status, hence the error.
    Never grow up. The instant you do, you lose all ability to imagine great things, for fear of reality crashing in.

  3. #3
    SitePoint Member
    Join Date
    Nov 2011
    Posts
    16
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    You really shouldn't have allow_url_include on. If you need to load a external page it's better to just use cURL or something.

  4. #4
    Keeper of the SFL StarLion's Avatar
    Join Date
    Feb 2006
    Location
    Atlanta, GA, USA
    Posts
    3,747
    Mentioned
    65 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by scootstah View Post
    You really shouldn't have allow_url_include on. If you need to load a external page it's better to just use cURL or something.
    And... your proof for this is....?
    Never grow up. The instant you do, you lose all ability to imagine great things, for fear of reality crashing in.

  5. #5
    SitePoint Enthusiast SmAsH_HaCkEr's Avatar
    Join Date
    Aug 2009
    Location
    Egypt
    Posts
    64
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by StarLion View Post
    Include them using RELATIVE uri's, not absolute.
    Using the absolute (http://...) means that PHP will make an external connection rather than a local file read. Local file read = I get the source code. External connection = I get the RESULT. Your result = 404 status, hence the error.
    but i'm using mod rewrite for example to change the category url from "http://localhost/test/category.php?name=cat" to "http://localhost/test/cat/"

    so if i used the include function to include a local file the category will include it like "http://localhost/test/cat/error404.html" which is not on the server
    so is there any other way ? or should i try to solve the second problem ?

    Quote Originally Posted by scootstah View Post
    You really shouldn't have allow_url_include on. If you need to load a external page it's better to just use cURL or something.
    thank you and that's what i've said above

    notice that the "allow_url_fopen" and "allow_url_include" functions are switched on

  6. #6
    Keeper of the SFL StarLion's Avatar
    Join Date
    Feb 2006
    Location
    Atlanta, GA, USA
    Posts
    3,747
    Mentioned
    65 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by SmAsH_HaCkEr View Post
    but i'm using mod rewrite for example to change the category url from "http://localhost/test/category.php?name=cat" to "http://localhost/test/cat/"
    so if i used the include function to include a local file the category will include it like "http://localhost/test/cat/error404.html" which is not on the server
    so is there any other way ? or should i try to solve the second problem ?
    I'm... fairly sure category.php still recognizes that it's in the test directory. And your 404 file is in the test directory. so.. "include('error404.php');" should work. (if not, it's include('../error404.php') instead). They're still on the same server. Directory != server.
    Never grow up. The instant you do, you lose all ability to imagine great things, for fear of reality crashing in.

  7. #7
    SitePoint Enthusiast SmAsH_HaCkEr's Avatar
    Join Date
    Aug 2009
    Location
    Egypt
    Posts
    64
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by StarLion View Post
    I'm... fairly sure category.php still recognizes that it's in the test directory. And your 404 file is in the test directory. so.. "include('error404.php');" should work. (if not, it's include('../error404.php') instead). They're still on the same server. Directory != server.
    well i'll try to do this

    and i know that directory != server but the word "directory" wasn't in my mind then cuz english is not my main language

  8. #8
    SitePoint Enthusiast SmAsH_HaCkEr's Avatar
    Join Date
    Aug 2009
    Location
    Egypt
    Posts
    64
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    well, i changed it to

    PHP Code:
    include("error404.html"); 
    and it's working but the problem when i include file like "file2.php?id=12"

    it gives me this error

    Code:
    Warning: include(file2.php?id=12) [function.include]: failed to open stream: No error in C:\xampp\htdocs\test\file1.php on line 5
    
    Warning: include() [function.include]: Failed opening 'file2.php?id=12' for inclusion (include_path='.;C:\xampp\php\PEAR') in C:\xampp\htdocs\test\file1.php on line 5

  9. #9
    SitePoint Enthusiast SmAsH_HaCkEr's Avatar
    Join Date
    Aug 2009
    Location
    Egypt
    Posts
    64
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    and here's example 3 in the manual

    Example #3 include() through HTTP

    PHP Code:
    <?php

    /* This example assumes that www.example.com is configured to parse .php
    * files and not .txt files. Also, 'Works' here means that the variables
    * $foo and $bar are available within the included file. */

    // Won't work; file.txt wasn't handled by www.example.com as PHP
    include 'http://www.example.com/file.txt?foo=1&bar=2';

    // Won't work; looks for a file named 'file.php?foo=1&bar=2' on the
    // local filesystem.
    include 'file.php?foo=1&bar=2';

    // Works.
    include 'http://www.example.com/file.php?foo=1&bar=2';

    $foo 1;
    $bar 2;
    include 
    'file.txt';  // Works.
    include 'file.php';  // Works.

    ?>
    now what ??

  10. #10
    SitePoint Enthusiast SmAsH_HaCkEr's Avatar
    Join Date
    Aug 2009
    Location
    Egypt
    Posts
    64
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Is there any function or method to send specific data to a file and gets me the result ?

  11. #11
    SitePoint Member
    Join Date
    Nov 2011
    Posts
    16
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by StarLion View Post
    And... your proof for this is....?
    Because it opens a potential security hole where someone can include malicious code.

  12. #12
    Keeper of the SFL StarLion's Avatar
    Join Date
    Feb 2006
    Location
    Atlanta, GA, USA
    Posts
    3,747
    Mentioned
    65 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by scootstah View Post
    Because it opens a potential security hole where someone can include malicious code.
    Except, again, an external connection gets the RESULT, not the CODE. So unless you eval() the result, it's not really a hole.

    Quote Originally Posted by SmAsH_HaCkEr View Post
    well, i changed it to

    PHP Code:
    include("error404.html"); 
    and it's working but the problem when i include file like "file2.php?id=12"

    it gives me this error

    Code:
    Warning: include(file2.php?id=12) [function.include]: failed to open stream: No error in C:\xampp\htdocs\test\file1.php on line 5
    
    Warning: include() [function.include]: Failed opening 'file2.php?id=12' for inclusion (include_path='.;C:\xampp\php\PEAR') in C:\xampp\htdocs\test\file1.php on line 5
    INCLUDE'ing the code doesnt need you to send the value.

    File1:
    PHP Code:
    <?php
    $a 
    2
    include('file2.php');
    ?>
    File2:
    PHP Code:
    <?php
    echo $a
    ?>
    Running file1 will output 2. Including a local file means that the variables you used are in scope for the included file.
    Never grow up. The instant you do, you lose all ability to imagine great things, for fear of reality crashing in.

  13. #13
    SitePoint Member
    Join Date
    Nov 2011
    Posts
    16
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by StarLion View Post
    Except, again, an external connection gets the RESULT, not the CODE. So unless you eval() the result, it's not really a hole.
    This is not true at all. It doesn't quite work the same way as locally including a file, but code still executes.

  14. #14
    Keeper of the SFL StarLion's Avatar
    Join Date
    Feb 2006
    Location
    Atlanta, GA, USA
    Posts
    3,747
    Mentioned
    65 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by scootstah View Post
    This is not true at all. It doesn't quite work the same way as locally including a file, but code still executes.
    This is 100% true.
    Code still executes on the REMOTE system, but has NO effect on the local code. Otherwise i could do
    PHP Code:
    include('http://www.sitepoint.com/forums/db.php');
     echo 
    $db_passwd
    and instantly gain access to sitepoint's forum password. Talk about security hole.
    Never grow up. The instant you do, you lose all ability to imagine great things, for fear of reality crashing in.

  15. #15
    SitePoint Enthusiast barrykins's Avatar
    Join Date
    Feb 2011
    Location
    Virginia Beach, Virginia
    Posts
    47
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by StarLion View Post
    This is 100% true.
    Code still executes on the REMOTE system, but has NO effect on the local code. Otherwise i could do
    PHP Code:
    include('http://www.sitepoint.com/forums/db.php');
     echo 
    $db_passwd
    and instantly gain access to sitepoint's forum password. Talk about security hole.
    How could this be a security hole if you can't access the local files? (Or is that the point you were trying to make?)

  16. #16
    SitePoint Enthusiast SmAsH_HaCkEr's Avatar
    Join Date
    Aug 2009
    Location
    Egypt
    Posts
    64
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by StarLion View Post
    Except, again, an external connection gets the RESULT, not the CODE. So unless you eval() the result, it's not really a hole.



    INCLUDE'ing the code doesnt need you to send the value.

    File1:
    PHP Code:
    <?php
    $a 
    2
    include('file2.php');
    ?>
    File2:
    PHP Code:
    <?php
    echo $a
    ?>
    Running file1 will output 2. Including a local file means that the variables you used are in scope for the included file.
    as i said before english is not my main language so most of the other post's words i don't understand anyway,

    i used it like

    PHP Code:
    $id "12";
    include(
    "file2.php"); 
    and it's working i'll try it with the rest of the links and if there's a problem i'll tell you right away so thanks a lot <3

  17. #17
    Keeper of the SFL StarLion's Avatar
    Join Date
    Feb 2006
    Location
    Atlanta, GA, USA
    Posts
    3,747
    Mentioned
    65 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by barrykins View Post
    How could this be a security hole if you can't access the local files? (Or is that the point you were trying to make?)
    That was the point being made. If i could access the remote script's variables, it'd be the largest security hole ever. :P
    Never grow up. The instant you do, you lose all ability to imagine great things, for fear of reality crashing in.

  18. #18
    SitePoint Enthusiast barrykins's Avatar
    Join Date
    Feb 2011
    Location
    Virginia Beach, Virginia
    Posts
    47
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by StarLion View Post
    That was the point being made. If i could access the remote script's variables, it'd be the largest security hole ever. :P
    Ohh haha, I made this mistake once of thinking I found a huge hole. The .php page of a website downloaded instead of loading. I thought it would've been all of the code in the page when I opened it but it was already formatted into html.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •