Secure PHP Includes??

drummerboy

I've been building my company's site using SSI, in .shtml files with easy implementation - a great help for ease of editing. Now I am trying to use a secure .php page so I can have PHP includes.

The problem I'm encountering now is that coming into the page the user is promted with the "secure/unsecure items" warning because the PHP includes are considered the "unsecure" elements. I've tried making the (absolute) link to the PHP include files reference [url]https://[/url] so that that information is processed securely - (https://www.companysite.com/included_file.txt) , but the server returns the error:

Warning: Failed opening 'https://www.companysite.com/included_file.txt' for inclusion (include_path='.:/usr/local/php/include') in /blah/blah/blah/php_page.php on line 2649.

Is there a way to reference the files to be included (with PHP) so that they are considered secure items? Do I need to correct something on the server??

I tried talking to a support tech at my host's hotline, but to no avail. He couldn't understand that I wanted to AVOID the "secure/ Unsecure elements" pop-up prompt - he thought I wanted to hide the fact that the page was secure for some reason?!? A fine waste of 40 minutes of my life.

So, in order to call an included file (with PHP - <? include "h**ps://www.companysite.com/menu_file.txt" ); ?> through the same secure socket as the rest of the page, is the problem that eludes me.

Thanks for your input,
-TC

ksandom

What are you trying to achieve by using a URL in the include?
I useually do something like:

include ('funcs.inc');

This way, all including is done on the server side, thus the browser shouldn't have a clue as to what is happening on the server. So shouldn't give error messages.

drummerboy

The reason I'm including an absolute URL in the include path (with [url]https://[/url]) is so that the "scure/unsecure" warning doesn't appear. Although, I could be totally wrong as to what is causing the warning....

It might be a case of me overcomplicating things, but I don't know what else on the page would be considered "unsecure".

Any suggestions on pinpointing the problem?

Thanks,
-TC

stolzyboy

not sure what your problem is exactly, but just for future reference, you shouldn't call your includes whatever.txt as if someone stumbles on that, they will see the code, simply call it whatever.inc.php

just another precaution

remember

"Just because you aren't paranoid, doesn't mean they aren't watching"

drummerboy

Well, it goes like this -

I tried using the fopen function in basic form to print the file to the page before it hit the browser, so that it wouldn't put up the "secure/unsecure" warning...like this

<?php
$fp = fopen( "footer.txt", 'r' );
?>

but I didn't get any results - meaning the file did not appear included on the page at all. Then I tried using a different approach

<?php
( $fp = fopen( "footer.txt", 'r' ) ) or die ("Couldn't open the file, sorry" );
?>

...still no results (I could have done something wrong there because I'm VERY new to PHP. I've only built basic formmail scripts so far.

Then, I tried this approach

<?php
	  $filename = "../footer.txt";
	  $fp = fopen( $filename, 'r' ) or die("Couldn't open $filename" );
	   while ( ! feof( $fp ) ) {
		$line = fgets( $fp, 2050 );
	  print "$line";
	  }
	 fclose( $fp );
	  ?>

and I got RESULTS! Except, I'm back to square 1 because now the "secure/unsecure" warning is showing again!! Although, I did NOT get them when the files did not write to the page....soooo...they must be what's considered "unsecure" on the page, right?

Any more suggestions?

Thanks,
-TC

drummerboy

:rolleyes: Well, poop.

I just figured out my problem and it had nothing to do with the coding. There is a 1 pixel spacer image in the included file that was referenced using http rather than https.

After correcting, the page displays the secure padlock with no warning.

I guess not all is lost, I did learn a new PHP function - that's what it's all about right? Well, that and the hokey-pokey, that is.

Thanks everyone for suffering my oversight. And for your valuable input. The forum did succeed after all.

-TC