3

My problem is that I can't include a file on a remote server.

<?php
  echo "Including\n";
  require_once("http://xx.xxx.xxx.xx:8080/path/to/myfile.inc");
  echo "Done..\n";
?>

The script fails at the require_once function. I'm running the script with: php -d allow_url_include=On script.php but to make sure I have set allow_url_include and allow_url_fopen to On in php.ini

If I copy http://xx.xxx.xxx.xx:8080/path/to/myfile.inc to the browser I'm served the file. I have also tried to include other remote files (on standard port 80), but still no luck

Where I get really confused is that everything works from my local computers at my office (mac, ubuntu), but not from our servers. I have tested it on 2 different servers, a virtual and a dedicated. I can get the file with fopen().

user918712
  • 113
  • 1
  • 8
  • 3
    You usually do **not** want to include remote files. If they output any PHP code it is executed on your system! – ThiefMaster Feb 29 '12 at 12:08
  • Plus it's really, really slow. – Pekka Feb 29 '12 at 12:09
  • I know about the security aspect. I have full control over both servers and can restrict access to the server with the file. In practice all the servers are on the same network so I hope it's not too slow, but I'm going to test this. Just curios about why it works on some machines and not others? – user918712 Feb 29 '12 at 12:35
  • Even if you have control over both servers it is insecure. You use ssl (even slower) or ensure that no other computer has access to the network and ensure the integrity of any DNS lookups. – symcbean Feb 29 '12 at 13:06
  • I have asked, here (http://stackoverflow.com/questions/28497142/the-error-with-my-source-code-including). – tibbqzas.sq4 Feb 13 '15 at 11:13

2 Answers2

5

This can be done by setting allow_url_include to on on php.ini.

But, as mentioned in comments, this opens a

huge

security hole on your application.

Community
  • 1
  • 1
Starx
  • 77,474
  • 47
  • 185
  • 261
  • But if you absolutely MUST include content from remote servers, consider adding additional authentication and caching! – symcbean Feb 29 '12 at 13:07
  • @symcbean Thanks. I know it is insecure and I can get around including the file on the remote server, but the question was why it didn't work on some machines. Starx: as I wrote in the post - I did set allow_url_include to On – user918712 Feb 29 '12 at 13:19
  • i suppose you could use something like stunnel (https://www.stunnel.org/index.html) to secure the communication between servers.... – ven Apr 18 '13 at 00:08
0

Require_Once should be used for local files only. If you want to get a remote file use file_get_contents. Remember if you are trying to include php from a remote server like that, it will be really insecure or the php will be executed on the remote server.

MichaelH
  • 1,600
  • 3
  • 14
  • 20
  • From the docs it says I should be able to use require_once: [http://php.net/manual/en/features.remote-files.php](http://php.net/manual/en/features.remote-files.php) and it also works on my local computer – user918712 Feb 29 '12 at 12:41
  • If you read the documentation it says: In addition, URLs can be used... since PHP 5.2.0, allow_url_include must be enabled for these. – MichaelH Feb 29 '12 at 12:45