php include() alternative?

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • roly
    Confirmed User
    • Aug 2002
    • 1844

    #1

    php include() alternative?

    hi

    i want to include a file (it's just a bit of javascript) from domainA into a php page on domainB (all on the same server). to do this i have to have allow_url_include = on in my php.ini which i believe is a big security risk. has anyone got any alternative solutions that are safer,?

    the include is just so i can test various popups over 100's of sites by just changing the javacript in the one file. so i would be grateful for any other simple solutions too.

    thanks in advance
  • stocktrader23
    Let's do some business.
    • Jan 2003
    • 18781

    #2
    iframes?


    Hands Free Adult - Join Once, Earn For Life

    "I try to make a habit of bouncing my eyes up to the face of a beautiful woman, and often repeat “not mine” in my head or even verbally. She’s not mine. God has her set aside. She’s not mine. She’s His little girl, and she needs me to fight for her by keeping my eyes where they should be."

    Comment

    • woj
      <&(©¿©)&>
      • Jul 2002
      • 47882

      #3
      Why are you including it with php? just use a script tag with src='xxxxx'...
      Custom Software Development, email: woj#at#wojfun#.#com to discuss details or skype: wojl2000 or gchat: wojfun or telegram: wojl2000
      Affiliate program tools: Hosted Galleries Manager Banner Manager Video Manager
      Wordpress Affiliate Plugin Pic/Movie of the Day Fansign Generator Zip Manager

      Comment

      • Avalana
        Confirmed User
        • Jun 2011
        • 594

        #4
        Not sure about: require_once();
        bad behavior - Adult & Porn Site Reviews - Need a honest Review for your Adult Porn Site? Just drop me a line - ICQ @BADBEHAVIOR or SKYPE avalana.porngeekz

        Comment

        • roly
          Confirmed User
          • Aug 2002
          • 1844

          #5
          Originally posted by woj
          Why are you including it with php? just use a script tag with src='xxxxx'...
          because the the bit of code i am calling is a javascript with src="xxx" as well and i'm assuming you can't nest it?

          Comment

          • woj
            <&(©¿©)&>
            • Jul 2002
            • 47882

            #6
            Originally posted by roly
            because the the bit of code i am calling is a javascript with src="xxx" as well and i'm assuming you can't nest it?
            you probably can but hard to really say without knowing exactly what you are trying to do...
            Custom Software Development, email: woj#at#wojfun#.#com to discuss details or skype: wojl2000 or gchat: wojfun or telegram: wojl2000
            Affiliate program tools: Hosted Galleries Manager Banner Manager Video Manager
            Wordpress Affiliate Plugin Pic/Movie of the Day Fansign Generator Zip Manager

            Comment

            • Brujah
              Beer Money Baron
              • Jan 2001
              • 22157

              #7
              using curl?
              Code:
              $ch = curl_init();
              curl_setopt ($ch, CURLOPT_URL, 'http://www.domainA.com/');
              curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
              $contents = curl_exec($ch);
              curl_close($ch);
              echo $contents;

              Comment

              • roly
                Confirmed User
                • Aug 2002
                • 1844

                #8
                Originally posted by stocktrader23
                iframes?
                no that doesn't seem to work

                Comment

                • raymor
                  Confirmed User
                  • Oct 2002
                  • 3745

                  #9
                  You want to include the server path to the file, not the URL. So something like:
                  include ('../../othersite.com/public_html/stuff.inc');

                  Symlinks on the server can simplify that.
                  If suexec is preventing you from doing the include, suexec a more serious security hole than fopen_url, as bad as fopen_url is.


                  The above is if you have to include() instead of doing:

                  script type="text/javascript" src="http://somesite.com/cool.js"
                  For historical display only. This information is not current:
                  support&#64;bettercgi.com ICQ 7208627
                  Strongbox - The next generation in site security
                  Throttlebox - The next generation in bandwidth control
                  Clonebox - Backup and disaster recovery on steroids

                  Comment

                  • u-Bob
                    there's no $$$ in porn
                    • Jul 2005
                    • 33063

                    #10
                    Originally posted by roly
                    allow_url_include = on in my php.ini which i believe is a big security risk.
                    mostly a huge waste of resources if both sites are on the same server.

                    the include is just so i can test various popups over 100's of sites by just changing the javacript in the one file.
                    1. use readfile() instead of include() as the contents of the file won't need to be parsed for php code.
                    2. readfile("/full/path/to/whereever/u/put/thefile/file.js");

                    Comment

                    • Brujah
                      Beer Money Baron
                      • Jan 2001
                      • 22157

                      #11
                      Originally posted by raymor
                      You want to include the server path to the file, not the URL. So something like:
                      include ('../../othersite.com/public_html/stuff.inc');

                      Symlinks on the server can simplify that.
                      If suexec is preventing you from doing the include, suexec a more serious security hole than fopen_url, as bad as fopen_url is.


                      The above is if you have to include() instead of doing:

                      script type="text/javascript" src="http://somesite.com/cool.js"
                      Ah, I didn't catch the "same server" bit. Ray's right, you can use a server path to the files in domainA.com's path instead then.

                      Comment

                      • roly
                        Confirmed User
                        • Aug 2002
                        • 1844

                        #12
                        thanks guys for the help it's appreciated, i'm off out now, but i'll have a play around with those tomorrow and report back.

                        thanks again

                        Comment

                        Working...