Include Problem with Headers!

Hey,

I’m facing a problem with the include function when the included file is having a header code…

I use in my file1.php this simple code

include "http://localhost/test/file2.php";

and the file2.php have this code


header("HTTP/1.0 404 Not Found");
include "http://localhost/test/error404.html";

and when i call file1.php it gets me this error


Warning: include(http://localhost/test/file2.php) [function.include]: failed to open stream: HTTP request failed! HTTP/1.0 404 Not Found in C:\\xampp\\htdocs\	est\\file1.php on line 3

Warning: include() [function.include]: Failed opening 'http://localhost/test/file2.php' for inclusion (include_path='.;C:\\xampp\\php\\PEAR') in C:\\xampp\\htdocs\	est\\file1.php on line 3

when i remove the header function [header(“HTTP/1.0 404 Not Found”);] from file2.php and the code is like


include "http://localhost/test/error404.html";

it includes the error404.html page normally

is there any way to keep the header code cuz I’m gonna need it in the RSS file as it must contain the code

header('Content-Type: text/xml');

notice that the “allow_url_fopen” and “allow_url_include” functions are switched on

Include them using RELATIVE uri’s, not absolute.
Using the absolute (http://…) means that PHP will make an external connection rather than a local file read. Local file read = I get the source code. External connection = I get the RESULT. Your result = 404 status, hence the error.

You really shouldn’t have allow_url_include on. If you need to load a external page it’s better to just use cURL or something.

And… your proof for this is…?

but i’m using mod rewrite for example to change the category url from “http://localhost/test/category.php?name=cat” to “http://localhost/test/cat/

so if i used the include function to include a local file the category will include it like “http://localhost/test/cat/error404.html” which is not on the server
so is there any other way ? or should i try to solve the second problem ?

thank you and that’s what i’ve said above :smiley:

notice that the “allow_url_fopen” and “allow_url_include” functions are switched on

I’m… fairly sure category.php still recognizes that it’s in the test directory. And your 404 file is in the test directory. so… “include(‘error404.php’);” should work. (if not, it’s include(‘…/error404.php’) instead). They’re still on the same server. Directory != server.

well i’ll try to do this

and i know that directory != server but the word “directory” wasn’t in my mind then cuz english is not my main language :smiley:

well, i changed it to

include("error404.html");

and it’s working but the problem when i include file like “file2.php?id=12”

it gives me this error

Warning: include(file2.php?id=12) [function.include]: failed to open stream: No error in C:\\xampp\\htdocs\	est\\file1.php on line 5

Warning: include() [function.include]: Failed opening 'file2.php?id=12' for inclusion (include_path='.;C:\\xampp\\php\\PEAR') in C:\\xampp\\htdocs\	est\\file1.php on line 5

:frowning:

and here’s example 3 in the manual

Example #3 include() through HTTP

<?php

/* This example assumes that www.example.com is configured to parse .php
* files and not .txt files. Also, 'Works' here means that the variables
* $foo and $bar are available within the included file. */

// Won't work; file.txt wasn't handled by www.example.com as PHP
include 'http://www.example.com/file.txt?foo=1&bar=2';

// Won't work; looks for a file named 'file.php?foo=1&bar=2' on the
// local filesystem.
include 'file.php?foo=1&bar=2';

// Works.
include 'http://www.example.com/file.php?foo=1&bar=2';

$foo = 1;
$bar = 2;
include 'file.txt';  // Works.
include 'file.php';  // Works.

?>

now what ?? :frowning:

Is there any function or method to send specific data to a file and gets me the result ?

Because it opens a potential security hole where someone can include malicious code.

Except, again, an external connection gets the RESULT, not the CODE. So unless you eval() the result, it’s not really a hole.

INCLUDE’ing the code doesnt need you to send the value.

File1:


<?php
$a = 2
include('file2.php');
?>

File2:


<?php
echo $a
?>

Running file1 will output 2. Including a local file means that the variables you used are in scope for the included file.

This is not true at all. It doesn’t quite work the same way as locally including a file, but code still executes.

This is 100% true.
Code still executes on the REMOTE system, but has NO effect on the local code. Otherwise i could do


include('http://www.sitepoint.com/forums/db.php');
 echo $db_passwd;

and instantly gain access to sitepoint’s forum password. Talk about security hole.

How could this be a security hole if you can’t access the local files? (Or is that the point you were trying to make?)

as i said before english is not my main language so most of the other post’s words i don’t understand :smiley: anyway,

i used it like


$id = "12";
include("file2.php");

and it’s working :smiley: :smiley: i’ll try it with the rest of the links and if there’s a problem i’ll tell you right away so thanks a lot <3

That was the point being made. If i could access the remote script’s variables, it’d be the largest security hole ever. :stuck_out_tongue:

Ohh haha, I made this mistake once of thinking I found a huge hole. The .php page of a website downloaded instead of loading. I thought it would’ve been all of the code in the page when I opened it but it was already formatted into html.