包括php的另一台服务器的php文件

时间:2022-02-12 16:03:07

I have two PHP files located on different servers, one at http://www.mysite.com/main.php, the other at http://www.sample.com/includeThis.php.

我有两个PHP文件位于不同的服务器上,一个位于http://www.mysite.com/main.php,另一个位于http://www.sample.com/includeThis.php。

I want to include the second file from the first one.

我想要包含第一个文件中的第二个文件。

The content of the second file looks like this:

第二个文件的内容如下所示:

<?php
$foo = "this is data from file one";

And the first file:

第一个档案:

<?php
include "http://www.sample.com/includeThis.php";
echo $foo;

Is there any way I can do this?

有什么方法可以做到这一点吗?

6 个解决方案

#1


31  

Nope, this setting is disabled/not allowed by default in most web servers (php.ini) so you can not use the include to include the files from a remote addresss for security reasons.

不,在大多数Web服务器(php.ini)中默认禁用/不允许此设置,因此出于安全原因,您不能使用include来包含远程地址中的文件。

If you still want to allow inclusion of remote files, the directive allow_url_include must be set to On in php.ini

如果您仍希望允许包含远程文件,则必须在php.ini中将指令allow_url_include设置为On

But again it is a bad practice, in a security-oriented point of view ; and, so, it is generally disabled (I've never seen it enabled, actually)

但从安全导向的观点来看,这也是一种不好的做法;因此,它通常是禁用的(实际上我从来没有看到它启用)

If you want to read the contents of a remote file though, you can use the file_get_contents function instead BUT this will be returned as pure HTML markup code, there won't be any server-side code.

如果你想读取远程文件的内容,你可以使用file_get_contents函数,但这将作为纯HTML标记代码返回,不会有任何服务器端代码。

#2


3  

After reading your comments - in which you state that you want to do this as a means of copy protection - my answer is an emphatical, forget it. This is not how copy protection works.

在阅读了你的评论之后 - 你在其中声明你想要这样做作为一种复制保护手段 - 我的答案是强调的,忘了它。这不是复制保护的工作原理。

The only thing you can do using include() is fetch source code from elsewhere to be interpreted on the local interpreter. This is childishly easy to crack: A malicious customer would to just have to echo() the fetched code.

使用include()唯一可以做的就是从其他地方获取源代码,以便在本地解释器上进行解释。这很容易破解:恶意客户只需要回显()获取的代码。

Executing the remote script remotely (on your server) won't help you, because the state of that script (variables, functions...) won't be present in the script you call it from.

远程执行远程脚本(在您的服务器上)对您没有帮助,因为该脚本的状态(变量,函数...)将不会出现在您调用它的脚本中。

The options you have are:

你有的选择是:

  • Compiling / encoding / obfuscating the script, possibly requiring a specific PHP module to execute it (lots of questions about this on SO)

    编译/编码/混淆脚本,可能需要一个特定的PHP模块来执行它(关于SO的很多问题)

  • Creating a real web service (e.g. using SOAP) that runs on your server, and performs the requested operations

    创建在服务器上运行的真实Web服务(例如,使用SOAP),并执行所请求的操作

For what it's worth, though, I personally do not purchase, nor recommend to clients to purchase, encoded scripts and scripts that need to "phone home" in order to work. I believe in protecting your products through a stringent license agreement (that will scare business customers into buying your product, because the risks of getting caught stealing are too expensive.)

但是,对于它的价值,我个人不会购买,也不建议客户购买需要“打电话回家”才能工作的编码脚本和脚本。我相信通过严格的许可协议保​​护您的产品(这会吓到商业客户购买您的产品,因为偷窃的风险太高了。)

#3


2  

I wonder if the OP ever found a solution for himself. As far as I know, the only way to work this would be to have all your client accounts on the same server as the scripts you want to include - I've done something similar:

我想知道OP是否为自己找到了解决方案。据我所知,唯一的方法就是将所有客户帐户与要包含的脚本放在同一台服务器上 - 我做了类似的事情:

/path_to_myserver_root/httpdocs/clients/client01/wwwroot/scriptA.php /path_to_myserver_root/httpdocs/clients/client02/wwwroot/scriptA.php ETC....

/path_to_myserver_root/httpdocs/clients/client01/wwwroot/scriptA.php /path_to_myserver_root/httpdocs/clients/client02/wwwroot/scriptA.php ETC ....

THEN: /path_to_myserver_root/privatefiles/myapp/scriptB.php

那么:/ path_to_myserver_root/privatefiles/myapp/scriptB.php

wwwroot is where each client domain points.

wwwroot是每个客户端域指向的地方。

scriptA.php has some business logic then includes scriptB.php for it's functions with the full path above:

scriptA.php有一些业务逻辑,然后包含scriptB.php,它的函数具有上面的完整路径:

require('/path_to_myserver_root/privatefiles/myapp/scriptB.php')

要求( '/ path_to_myserver_root / privatefiles / MyApp的/ scriptB.php')

scriptB.php resides in a private protected dir on the server, inaccessible by http, and not traversable by the clients.

scriptB.php驻留在服务器上的私有受保护目录中,http不可访问,并且不能由客户端遍历。

Now mind you, my reasons for doing this is to maintain version consistency across multiple accounts, not to withhold some proprietary magical php code from my clientele - But I suppose it could be implemented for that purpose.

现在请注意,我这样做的原因是为了保持多个帐户的版本一致性,而不是从我的客户那里扣留一些专有的神奇PHP代码 - 但我想它可以为此目的而实现。

Meh, YMMV.

嗯,YMMV。

#4


1  

Use file_get_contents, to open up the file, append it to the second file like so:

使用file_get_contents打开文件,将其附加到第二个文件,如下所示:

$secondFile = file_get_contents('http://www.sample.com/includeThis.php');
file_put_contents('your_file', $secondFile, FILE_APPEND);

This will work if you want to put it at the end of your file. Than just do an include on your file.

如果您想将它放在文件的末尾,这将有效。不只是在你的文件上做一个包含。

Anyways, like I said, this is risky and dangerous IMO, especially if you aren't sure about the content it has inside of it.

无论如何,就像我说的,这是一个冒险和危险的IMO,特别是如果你不确定它里面的内容。

Also, your_file will need to be an actual server path, not a URL.

此外,your_file需要是实际的服务器路径,而不是URL。

#5


0  

When you're trying to go across domains as you have suggested, you're not actually including a file that's sat there ready to do - the process is different. The machine needs to bring back the file over http which isn't what the include statement is all about.

当你试图按照你的建议跨域时,你实际上并没有包含一个准备好做的文件 - 过程是不同的。机器需要通过http恢复文件,这不是include语句的全部内容。

Also, if you're on shared hosting, PHP is often configured to prevent you from going outside of your own domain.

此外,如果您在共享主机上,PHP通常配置为阻止您进入您自己的域之外。

If you aren't under this restriction, one solution might be to use PHP to copy back a copy of the file from the other server, and then include it once it's sat in your domain. Another apporach might be to write a little "deployment" script that copies it everywhere it needs to be whenever you make changes...

如果您不受此限制,一种解决方案可能是使用PHP从另一台服务器复制该文件的副本,然后在它位于您的域中后将其包含在内。另一个应用程序可能是编写一个小的“部署”脚本,无论何时进行更改,都可以将其复制到所需的任何位置......

Hope this helps...

希望这可以帮助...

Martin

马丁

#6


0  

rename the first one to .txt
then think twice, are you sure you need cross-domain include

将第一个重命名为.txt,然后三思而后行,您确定需要跨域包含

#1


31  

Nope, this setting is disabled/not allowed by default in most web servers (php.ini) so you can not use the include to include the files from a remote addresss for security reasons.

不,在大多数Web服务器(php.ini)中默认禁用/不允许此设置,因此出于安全原因,您不能使用include来包含远程地址中的文件。

If you still want to allow inclusion of remote files, the directive allow_url_include must be set to On in php.ini

如果您仍希望允许包含远程文件,则必须在php.ini中将指令allow_url_include设置为On

But again it is a bad practice, in a security-oriented point of view ; and, so, it is generally disabled (I've never seen it enabled, actually)

但从安全导向的观点来看,这也是一种不好的做法;因此,它通常是禁用的(实际上我从来没有看到它启用)

If you want to read the contents of a remote file though, you can use the file_get_contents function instead BUT this will be returned as pure HTML markup code, there won't be any server-side code.

如果你想读取远程文件的内容,你可以使用file_get_contents函数,但这将作为纯HTML标记代码返回,不会有任何服务器端代码。

#2


3  

After reading your comments - in which you state that you want to do this as a means of copy protection - my answer is an emphatical, forget it. This is not how copy protection works.

在阅读了你的评论之后 - 你在其中声明你想要这样做作为一种复制保护手段 - 我的答案是强调的,忘了它。这不是复制保护的工作原理。

The only thing you can do using include() is fetch source code from elsewhere to be interpreted on the local interpreter. This is childishly easy to crack: A malicious customer would to just have to echo() the fetched code.

使用include()唯一可以做的就是从其他地方获取源代码,以便在本地解释器上进行解释。这很容易破解:恶意客户只需要回显()获取的代码。

Executing the remote script remotely (on your server) won't help you, because the state of that script (variables, functions...) won't be present in the script you call it from.

远程执行远程脚本(在您的服务器上)对您没有帮助,因为该脚本的状态(变量,函数...)将不会出现在您调用它的脚本中。

The options you have are:

你有的选择是:

  • Compiling / encoding / obfuscating the script, possibly requiring a specific PHP module to execute it (lots of questions about this on SO)

    编译/编码/混淆脚本,可能需要一个特定的PHP模块来执行它(关于SO的很多问题)

  • Creating a real web service (e.g. using SOAP) that runs on your server, and performs the requested operations

    创建在服务器上运行的真实Web服务(例如,使用SOAP),并执行所请求的操作

For what it's worth, though, I personally do not purchase, nor recommend to clients to purchase, encoded scripts and scripts that need to "phone home" in order to work. I believe in protecting your products through a stringent license agreement (that will scare business customers into buying your product, because the risks of getting caught stealing are too expensive.)

但是,对于它的价值,我个人不会购买,也不建议客户购买需要“打电话回家”才能工作的编码脚本和脚本。我相信通过严格的许可协议保​​护您的产品(这会吓到商业客户购买您的产品,因为偷窃的风险太高了。)

#3


2  

I wonder if the OP ever found a solution for himself. As far as I know, the only way to work this would be to have all your client accounts on the same server as the scripts you want to include - I've done something similar:

我想知道OP是否为自己找到了解决方案。据我所知,唯一的方法就是将所有客户帐户与要包含的脚本放在同一台服务器上 - 我做了类似的事情:

/path_to_myserver_root/httpdocs/clients/client01/wwwroot/scriptA.php /path_to_myserver_root/httpdocs/clients/client02/wwwroot/scriptA.php ETC....

/path_to_myserver_root/httpdocs/clients/client01/wwwroot/scriptA.php /path_to_myserver_root/httpdocs/clients/client02/wwwroot/scriptA.php ETC ....

THEN: /path_to_myserver_root/privatefiles/myapp/scriptB.php

那么:/ path_to_myserver_root/privatefiles/myapp/scriptB.php

wwwroot is where each client domain points.

wwwroot是每个客户端域指向的地方。

scriptA.php has some business logic then includes scriptB.php for it's functions with the full path above:

scriptA.php有一些业务逻辑,然后包含scriptB.php,它的函数具有上面的完整路径:

require('/path_to_myserver_root/privatefiles/myapp/scriptB.php')

要求( '/ path_to_myserver_root / privatefiles / MyApp的/ scriptB.php')

scriptB.php resides in a private protected dir on the server, inaccessible by http, and not traversable by the clients.

scriptB.php驻留在服务器上的私有受保护目录中,http不可访问,并且不能由客户端遍历。

Now mind you, my reasons for doing this is to maintain version consistency across multiple accounts, not to withhold some proprietary magical php code from my clientele - But I suppose it could be implemented for that purpose.

现在请注意,我这样做的原因是为了保持多个帐户的版本一致性,而不是从我的客户那里扣留一些专有的神奇PHP代码 - 但我想它可以为此目的而实现。

Meh, YMMV.

嗯,YMMV。

#4


1  

Use file_get_contents, to open up the file, append it to the second file like so:

使用file_get_contents打开文件,将其附加到第二个文件,如下所示:

$secondFile = file_get_contents('http://www.sample.com/includeThis.php');
file_put_contents('your_file', $secondFile, FILE_APPEND);

This will work if you want to put it at the end of your file. Than just do an include on your file.

如果您想将它放在文件的末尾,这将有效。不只是在你的文件上做一个包含。

Anyways, like I said, this is risky and dangerous IMO, especially if you aren't sure about the content it has inside of it.

无论如何,就像我说的,这是一个冒险和危险的IMO,特别是如果你不确定它里面的内容。

Also, your_file will need to be an actual server path, not a URL.

此外,your_file需要是实际的服务器路径,而不是URL。

#5


0  

When you're trying to go across domains as you have suggested, you're not actually including a file that's sat there ready to do - the process is different. The machine needs to bring back the file over http which isn't what the include statement is all about.

当你试图按照你的建议跨域时,你实际上并没有包含一个准备好做的文件 - 过程是不同的。机器需要通过http恢复文件,这不是include语句的全部内容。

Also, if you're on shared hosting, PHP is often configured to prevent you from going outside of your own domain.

此外,如果您在共享主机上,PHP通常配置为阻止您进入您自己的域之外。

If you aren't under this restriction, one solution might be to use PHP to copy back a copy of the file from the other server, and then include it once it's sat in your domain. Another apporach might be to write a little "deployment" script that copies it everywhere it needs to be whenever you make changes...

如果您不受此限制,一种解决方案可能是使用PHP从另一台服务器复制该文件的副本,然后在它位于您的域中后将其包含在内。另一个应用程序可能是编写一个小的“部署”脚本,无论何时进行更改,都可以将其复制到所需的任何位置......

Hope this helps...

希望这可以帮助...

Martin

马丁

#6


0  

rename the first one to .txt
then think twice, are you sure you need cross-domain include

将第一个重命名为.txt,然后三思而后行,您确定需要跨域包含