Hi!
If you make an iclude file with php extention and that extention (obviously) is server-parsed by PHP, malicious users will never be able to see the source, all they will see is output. And if this include contains only a class declaration or a bunch of functions without calls to functions in the global namespace, they won't see anything at all. Besides, they probably won't be able even to guess the name of the file.
On WinNT, you can indeed call COM methods from PHP, but not on Apache. I recommend you to make a PHP version of the code because this solves the problem with portability. But if you are going to host on WindowsNT, you will be better off calling the DLL directly via COM functions that are built into PHP.
Don't make the include with extension inc as it is often not configured as a server parsed extention by default (you can change that by editing the .htaccess or other web server configuration files easily though).
Hope it helps,
Best,
Stas
