2

I'm attempting to use php to read the source of a separate php file. I'm attempting to use file_get_contents in the following manner

file_get_contents('http://www.example.com/someFile.php');

Unfortunately, the code above attempts to execute the php code rather than just reading the text as it would with any other file.

I came across an article which appears to address the issue, which led me to the following code:

file_get_contents('php://filter/convert.base64-encode/resource=http://www.example.com/someFile.php');

However this code has the same effect; It attempts to execute the php code.

How can I use php to read the source of another php file without attempting to execute the php in the file?

Mark Brown
  • 12,026
  • 8
  • 27
  • 32

6 Answers6

1

If remote server does not give you the source of the php file 'as is' you will never get it by yourself. Remote server will ALWAYS (except, of course, of situation with wrong configuration) run php engine for it and return the output of the script. Imagine what would happen if you will be able to get the source of ANY remote php file.

Cheery
  • 16,063
  • 42
  • 57
  • Fair enough. But what about the case when the file is on the same server? Or even in the same directory? i.e. file_get_contents('http://localhost/someFile.php'); – Mark Brown Mar 01 '12 at 00:22
  • 1
    @MarkBrown It does not matter. You have to configure your server not to run php at requests to/from localhost. When you perform a HTTP request (and not the direct request to the file system) the server should run php script, it is a purpose of the server. – Cheery Mar 01 '12 at 00:25
  • 1
    @MarkBrown Then you're still reading the file via the webserver/PHP interpreter. If the file is local, you need to read it as a *file*, not a *url*. – user229044 Mar 01 '12 at 00:25
1

Unfortunately, the code above attempts to execute the php code rather than just reading the text as it would with any other file.

No, it doesn't.

What's happening here is that file_get_contents makes a regular HTTP request for http://www.example.com/someFile.php, and the remote server at "example.com" is interpreting the PHP code. It serves the results up exactly as though you'd navigated to http://www.example.com/someFile.php in your browser. Your script is downloading that output.

file_get_contents most definitely does not execute the contents of the file after retrieving it. The only access your script has to "someFile.php" is what the remote server is willing to serve up; file_get_contents cannot somehow fetch the underlying PHP source any more than you could with your browser somehow view the PHP source.

user229044
  • 232,980
  • 40
  • 330
  • 338
1

As it was said before, if you try to read the file through an http url, the request will then be processed by the webserver on that server and it will execute the php file.

If the file is on the same server as your php code, try to use a either relative or absolute filepath such as file_get_contents('/dir/dir/yourfile') or file_get_contents('dir/file.php').

Cyprien
  • 99
  • 4
0

In my case, i was able to read the php source of files in my server by using htmlentities: $Filedata=file_get_contents('myfile.php'); echo htmlentities($Filedata);

But this method, is not working for remote files. Maybe depends on the server configuration (when php is served) as said above.

monaxosss
  • 1
0

When you request a remote file, how it's rendered is up to the server on the other end. If the remote host is configured to execute a PHP file before serving it, you can expect to get the output served back.

If you own the server at the other end, you can instruct it not to parse .php files before sending them back. For Apache, you'll probably want to read up on mod_mime: http://httpd.apache.org/docs/2.0/mod/mod_mime.html

rjz
  • 16,182
  • 3
  • 36
  • 35
-1

You can't read the content of the php file using the URL, because if you are using http:// then it is processed through your apache server and the apache gives the output of php file not the content. If you could read the php file using http:// then its a security issue and you can read the content of files from other server as well. So the answer is you can't do it, as simple as that!!

By any chance if you are trying to access the php file from other server which is not owned by you, its simple illegal !!

Deepak
  • 6,684
  • 18
  • 69
  • 121
  • Um... how is it illegal to access a PHP file on a public web server? – user229044 Mar 01 '12 at 00:27
  • is it legal to access and view your important php script ?? will you be happy if i use file_get_contents() to look at your login.php code :) – Deepak Mar 01 '12 at 00:29
  • The whole point of this question is that you can't do that. It's not a legal limitation, it's a technical one. `file_get_contents` can't magically see the underlying PHP source code that produces a website. And if your `login.php` file contains sensitive information, you're writing awful software. – user229044 Mar 01 '12 at 00:30
  • okay that's sweet!! just wanted to add an extra piece of info to my answer thats it!! no offence :) – Deepak Mar 01 '12 at 00:32
  • @meagar and again `login.php` is just an example!! ok lets say a sensitive file `xyz123.php` :D – Deepak Mar 01 '12 at 00:33
  • Sensitive information should reside in config files outside the publicly-accessible root of your website or in the database. They should not be hard-coded into your PHP files. This is bad for several reasons, among which is the problem you're describing. – user229044 Mar 01 '12 at 00:41
  • thats cool.. nice info.. i know tat already.. thanks for tat anyways :) – Deepak Mar 01 '12 at 00:49