include a file from an external server

ares05

Hi,

I want to include a file from an external server. The file I'm trying to include has images in it. The image tags use paths to point to the images e.g <img src="images/image.jpg">. I include the file like this:

<?php include("http://server2.com/file.php"); ?>

It works, but the images don't show. When I check the source, the images are linked like this http://server1.com/images/ (which is really the correct path, but not what I want) but the images aren't on server1, they're on server2!

My question is, how can I include a file from an external server so that it will also show any and everything it's linked too.

I thought of using something like this:

<?php ($_SERVER['REMOTE_SERVER'].'file.php'); ?>

But I don't know if it's possible to specify a server (really just a URL prefrix).
I'm also aware that iframes can do exactly what I want, but because you have to define the width and height of the frame I think it looks very messy.

MarkR

This is a really really really big security risk, because you're giving the admin of the other server ability to execute code on your server. You probably don't want to do this.

include() or require() will execute PHP code in the remote file. If that's a .php file, it will only execute it if PHP generates further PHP, which the manager of the remote server could easily achieve.

Instead, you should read the file in and output its contents, that's much safer.

It might be advisable to cache a local copy of the file too, in case the remote server is unavailable, and to increase speed.

In order to fix up the image URLs, you must also have the images on your local server, as the page is using relative (or root-relative) links for their images. This is reasonable.

Alternatively, parse the HTML (for example using DOM parseHTML) and rewrite the links as absolute. This is not easy.

I take it you have the permission of the content authors on the remove site? Can you not simply ask them to make another version of the page which uses absolute image URLs?

Mark

MarkR

Be aware that even if you aren't executing PHP code, the content provider can:

Cause your users to be redirected somewhere else (possibilty maliciously)
Steal your users' cookies (and hence compromise sessions etc, on the same server)
Show arbritary content to the users, possibly enabling them to do a social-engineering type exploit.

If you don't have the explicit permission (and a contract with) of the content creator, they could maliciously do any of these things legitimately.

Mark

ares05

Hi,

Both of the servers are mine. I have 2 servers. One with lots of diskspace and bandwidth but very basic scripting support, this I just use as a file server. The other is my main server which has all the the scripting support I need but only 5 gigs space and 100 gigs bandwidth. I've uploaded around 300mb of images on my file server which I want to use in a gallery on my main server.

I was looking for a gallery script (one where you just type in the image directory and it will generate a gallery for you) and I found this script, u just put a single .php file into a directory and it will generate a gallery for you. That's the file I want to include in a page on my main server.

Anyways, I would change the gallery to use absolute URL but the script is too complicated for me, I wouldn't know where to start! I will have a look at the code later in see if I can figure something out but I'm really hoping there's an easier solution.