thanks for ur reply Mark,
darn, I was really hoping things would be little easiler if this trick could be done using (HTTP) protocol to transfer it(php upload), mapping to remote server is not a good idea, since the webserver has lotz of rules, thats the reason thought to save my file on my server. Ah.. thanks anyway guys... I wonder if there anyone who figureout a way to do this trick without FTP/SSH.
move_uploaded_file remotely?
If you have PHP available on both servers, you could engineer some system whereby one PHP script posts the data to another. However, this would require quite a lot of work, particularly on security and binary correctness.
I don't know how hard it is to create a HTTP multipart POST with PHP, but I do wonder why, if you have PHP on both sites, people don't simply upload to the target server in the first place?
Mark
Thanks for the reply, To answer ur question:
I cannot upload to the webserver because that is allowed for websites only(not allowed for uploads/downloads), beside it will take all the web bandwidth for file uploading/downloading..
The 2nd server is mine, based on unix system. I use for upload/downloads only. However, I thought it could be done in php easily, using some functions.. but it seems like I was wrong.
Well, thanks.. and I'm going to leave this topic open to hear what others have to say for this, if anyone find a solution for this problem, it would be great to know the answer.
Here's a way.
<?php
// run this on your local machine
// set the url to the remote machines address
// sample.txt is a file on your local machine
$file = 'sample.txt';
include "http://remotemachine/getremotefile.php?file=$file";
?><?php
// run this on the remote machine
// set url to your local machines address
$getfile = $_GET['file'];
print $getfile;
$data = file_get_contents("http://localmachine/$getfile");
$fp = fopen($getfile, 'wb');
fwrite($fp, $data);
fclose($fp);
?>There are several obvious flaws with samudasu's solution above - not only is it obfuscated in the extreme, but it probably won't work and also presents several major security problems.
Because he hasn't made any attempt to explain how it works, you should not use it - at least not without a thorough explanation of how it should work.
In my opinion, most uses of including a remote file with include() are errors.
Mark
Mark: For someone who can't understand 8 lines of PHP code you sure are opinionated. Obfuscated, i hardly think so. Each line is self explanatory. Before you go running your mouth off you should try to understand what i posted.
This code isn't meant to be secure. It's just shows a simple method of calling a script to download a file. If someone were to use this on a live server then i'd expect them to have enough sense to make it more secure.
Actually there is one line that i should have changed when i first posted that might throw some people off. file_get_contents("http://localmachine:8080/$getfile")
should have been file_get_contents("http://localmachine/$getfile");
Port 8080 is another webserver running on my test machine and i forgot to change that when i posted.
Ok, let me clarify this:
- You are using include() to include via a URL. This smells bad to me - it smells either of not understanding what include() does on remote files, or self-writing code (which I don't like).
If that's the whole of getremotefile.php, then it's even more weird, as it doesn't appear to be echo'ing anything - therefore you're including an empty file - so include() as an RPC mechanism? A bit strange, I think, in the extreme.
You have a script called getremotefile.php which seems to be doing more or less the opposite - it's actually used to PUT a remote file. But not quite,
It's an obfuscated callback mechanism - there are three HTTP requests happening concurrently, when surely a maximum of two are required?
You're relying on the file being in a directory served by the web server are you? This is totally unclear.
I think it is obfuscated. You're abusing include() to do something totally different. You're making three requests instead of two, and this is probably totally unclear to most people (indeed, it was to me before I looked at it more carefully).
I'm going to offer an alternative implementation here:
<?php
function TestSend()
{
$filename = "test.txt";
$url = "http://localhost:9001/put.php?filename=" . urlencode($filename);
$content = file_get_contents($filename);
$opts = array ('http' => array (
'method' => 'POST',
'content' => $content,
'header' => "Content-type: application/octet-stream"));
$ctx = stream_context_create($opts);
$f = fopen($url, "r", false /* use_include_path*/, $ctx);
$result = stream_get_contents($f);
fclose($f);
echo "Post result: $result\n";
}
TestSend();
?>
<?php
/*
* Recieve a remote file via a raw HTTP POST.
*
* Security NOTE: this should do some authorisation and
* perform better checks on the filename.
*/
function DoPut()
{
$filename = $_GET['filename'];
// Some lame checks - NOT SUITABLE FOR PRODUCTION USE!
assert(strchr($filename, '/') === FALSE);
assert(strchr($filename, "\\") === FALSE);
assert(strchr($filename, '.php') === FALSE);
global $HTTP_RAW_POST_DATA;
assert(isset($HTTP_RAW_POST_DATA));
$f = fopen("uploads/" . $filename, "wb");
fwrite($f, $HTTP_RAW_POST_DATA);
fclose($f);
echo "ok";
}
DoPut();
?>
I've tested this in a recent PHP 5.1.2+ snapshot version and it appears to work. Your mileage may vary, but the above is tested and requires only two HTTP requests, not three.
I'm using raw post data to send the file.
Mark
Congradulations Mark. It's about time you came up with a solution. Ok, let me clarify some things to you.
- There are no rules that say you can't use a remote url with include(). Even the php manual has an example of this. Actually the file with the include does echo something back from the result of getremotefile.php. In this case just the file name but it could echo anything the user wanted (error messages, etc.) You need to remember that the page with the include may have other functions to perform beside what i'm showing.
This could have done this with a form or even a url but i decided to do a one line include instead. Really the only thing this page needs to do is send a filename to getremotefile.php.
You're not seeing clearly that http://remotemachine/getremotefile.php?file=$file is run on the "REMOTE" machine. If you read the code for getremotefile.php you will see that it it opens a connection and gets the chosen file (which is remote as far as getremotefile.php is concerned) from your local machine. It doesn't PUT anything.
It's obfuscated in your eyes since you still haven't figured out how it works.
I never said this was the only way to do it. I'm just showing a method that you couldn't show before. That's what the original poster asked for and oh yes, IT DOES WORK.The user of the script knows the location of the file they want to send. It's up to he/she to choose the correct path.
Abusing include, i don't see it.
Goaman: Sorry, but if you don't have php on both servers then neither of the two methods mentioned above will be of any use. I'm sure you've realized that already.
I didnt read anyone elses posts but the first one, so I dont know if anyone has said this, but.......
just put another uploader.php on the remote site and just use the form action="remoteSite/uploader.php"
samudasu wrote:1. There are no rules that say you can't use a remote url with include().
No, but you are abusing it. You could have achieved the same with file_get_contents(). Please do not use include() when file_get_contents() will do.
2. You're not seeing clearly that http://remotemachine/getremotefile.php?file=$file is run on the "REMOTE" machine.
No, I can see where it runs.
But it seems like an excessively complicated way of doing it:
- User connects to machine "local"
- Local machine connects to machine "remote" can calls "getremotefile.php"
- Remote machine then connects BACK to local machine???!
If you read the code for getremotefile.php you will see that it it opens a connection and gets the chosen file (which is remote as far as getremotefile.php is concerned) from your local machine. It doesn't PUT anything.
Well, from my perspective it puts the file into its own filesystem on "remotemachine". The difficulty I have is understanding why you need to do this.
I'm concerned that the OP may have one or more directions of traffic between localmachine and remotemachine firewalled. Your solution requires 2 additional HTTP requests. Mine only requires one.
3. It's obfuscated in your eyes since you still haven't figured out how it works.
Yes I have. I figured it out a long time ago, and it's nonsense. Do not use include() to do RPC!!! If you must use this method, at least use file_get_contents or something.
Mark
Sorry but you are wrong. Include did exactly what i wanted it to do. Evaluate a file and return the result. What's your hangup with include? Did include() steal your girl or something? It seems that's all you can talk about.
My script may seem excessive to you but i'll bet you'd be surprised to know my sript is nearly 2x as fast as your bloated crapware, not to mention the fact that your script won't run on php 4.* which most of the real world is still using. If you don't believe me then test it. And test it on a real machine not Windows which is probably what you try to develop on. By the way, i actually did run your code and it's SLOOOOWWWWWWWWW.
It's not complicated at all. It's rather simple. Your code is cute and packed up into nice little functions but it's bloated and slow.
Your mention of worrying about being firewalled is utter nonsense. If port 80 is blocked (which is what both our methods are using) from incoming or outgoing traffic it's not going to matter. I think you need to do some further reading on the http protocol and tcp/ip while you're at it.
Basically you need to get a life and stop critiquing my code. No one asked your opinion in the first place. Do you need to prove that you're a good coder or something? It's not working!
woo.. Thanks for the reply guys, where to begin.. oh yes..
I wouldn't be talking abt uploading to remote machine using php if I don't have php running on both servers, I have php on both srvs. Both server has php 4.x.x.x.
It looks like when you upload a file that saves on a localmachine(A) first and then it must be manually grabbed from the localmachine(A) to save again in a remotemachine(
, am I right guys? Isn't there any ways to send the file streight to my remote machine folder without saving the file on a webserver?
Hi Goaman, sorry about all the drama but it really pisses me off when someone says my code doesn't work without even understanding it (yes, he understands now but when he first attacked my post he didn't) and then tries to play my mother saying i shouldn't do this or that.
Just for your info, my method was just meant to be a demonstration of one way it could be done. If you're not looking to save a local copy then (as much as i hate to say it because he's such a blow hard) MarkR's method will probably work better in this particular case. My code could also be easily adapted to do the same using a tempfile but i wouldn't recommend it. So to answer your question, no, you don't have to save the file on the local server. You should be able to send it directly from the tmp upload directory.