include() from external hosted php file

kohkindachi

Hi I've my full script hosted at SITE A. My client (SITE 😎 want this script but i do not want my script to be leaked to the public. Hence I intended to 'include' the important php file (with all necessary functions), using the include() tag.

<?php
include_once "http://SITEA.com/1/mufunc.inc.php";
?>

I'm know that the below works if all my script in places under the same host and dir.

<?php
include_once "mufunc.inc.php";
?>

dagon

If "URL fopen wrappers" are enabled in PHP (which they are in the default configuration), you can specify the file to be included using a URL (via HTTP or other supported wrapper - see List of Supported Protocols/Wrappers for a list of protocols) instead of a local pathname. If the target server interprets the target file as PHP code, variables may be passed to the included file using a URL request string as used with HTTP GET. This is not strictly speaking the same thing as including the file and having it inherit the parent file's variable scope; the script is actually being run on the remote server and the result is then being included into the local script.

Include()

kohkindachi

dagon;10905220 wrote:
Include()

hmmm....thx for this. But will the functions be used by the second host?

dagon

kohkindachi;10905224 wrote:
hmmm....thx for this. But will the functions be used by the second host?

what happened when you tried it?

joebob

Of course the functions in the remote script will not be available to the other script. If this was possible, your very worry that it would leak to the public would come true. If this was true, it would also be true that all banks, government websites, and other secure web sites would be extremely vulnerable if they used PHP.

The only way you're going to be able to (try to) prevent your source from leaking is use something like IonCube or SourceGuardian, but even then, it's not 100% secure.

The only way I could see around this one is to make a file containing the source code which can be read in by the second script, but require some sort of authentication.

bradgrafelman

joebob wrote:
The only way I could see around this one is to make a file containing the source code which can be read in by the second script, but require some sort of authentication.

That, or you could just upload/download a copy of the PHP script so that it doesn't require a remote include.

foyer

"remote" including sounds pretty sketchy

djjjozsi

(use) make a php repository, where you replace your pritty classes and functions and var names into a long hashed names evrywhere.
no one will understand your code!

scrupul0us

php is compiled on the server... fetching it remotely gives you the output of the script...

if you were able to include other peoples scripts/files then there'd be lots of issues

if you are doing this legitimately there are some alternatives

1) make the source available on the remote server, scrape it to a file then include it locally

2) ftp the file to your server using PHP's functions