calling included remote functions

"Geoff Berrow" <bl@ckdog.co.uk> wrote in message
news:75av11dprg70goldrlu7jcdijl4i1ck6fq@4ax.com...
>I noticed that Message-ID: <3OGdnaLDhNO-BYLfRVn-iQ@comcast.com> from
> juglesh contained the following:
>
>>the script that will run on the central domain needs to do several
>>readirs,
>>is_files, etc. Testing with is_file is not working.
>
> From the manual on include:
>
> If "URL fopen wrappers" are enabled in PHP (which they are in the
> default configuration), you can specify the file to be included using a
> URL (via HTTP or other supported wrapper - see Appendix L for a list of
> protocols) instead of a local pathname. If the target server interprets
> the target file as PHP code, variables may be passed to the included
> file using a URL request string as used with HTTP GET. This is not
> strictly speaking the same thing as including the file and having it
> inherit the parent file's variable scope; the script is actually being
> run on the remote server and the result is then being included into the
> local script.

I'm running this on the remote(central) server:
if (is_file("http://www.satelitedomain.com/aFileThatExists.php")){
echo "file read";}

so, why is that IF not true? Well, security, I suppose? The script not
allowed to
know what file exists on another server? Oh, doesn't work to use the
absolute url from the local computer, either. No is_file from http, then.
Probly no readdir either?

I might have to go back to the idea of using .inc files, but I think my
server is weird about them. If I include a .inc nothing happens, if I
include a .xyz it works fine (but exhibits the above behavior).

--
juglesh

juglesh wrote:

> I'm running this on the remote(central) server:
> if (is_file("http://www.satelitedomain.com/aFileThatExists.php")){
> echo "file read";}

The 'http://www.satelitedomain.com/aFileThatExists.php' ain't really a file in
this example, but a stream. is_file() you use on your local filesystem.


> No is_file from http, then. Probly no readdir either?

readdir(), if it works, I don't know as I haven't tried that, the result is
depending on the remote server settings, if it's allowed to directory list or
not, at least I don't allow that. As the data from a remote server (over http)
isn't files but streams, so there is a quite high risk that the operation will
fail.


> I might have to go back to the idea of using .inc files, but I think my
> server is weird about them. If I include a .inc nothing happens, if I
> include a .xyz it works fine (but exhibits the above behavior).

Blocking to serve *.inc is a good way to do on a server, as in most cases a
*.inc file would be unprocessed and would be quite a good catch fro people who
wants to ruin something when they read config.inc and see your login and
password for the sql database, I know that some have named their *.inc to
*.inc.php so that the page will be processed and generate a blank page when
remotly read.

If you want to use remote files, then you don't have any other option than
using a none standard extention on the files, so that you wont get the
processed page, but this does mean that other people can read your code and
use the information they find in the files to try to make some harm.


//Aho