I've been working on a simple cms of sorts only to be hit by a fairly large problem. I've been working on the basis that I would be able to reference php files on a single server from any other server using a simple line such as
however it seems this is not as easy as it seems, due to security measures taken by many hosting companies to prevent php access to outside files, resulting in the warning
Having done a bit of research I came across the potential solution of adding the following line to my code
However this hasn't worked either.
I am quite new to php, so my knwoledge isn't particularly extensive. I'm assuming I won't be able to make this work, so I guess what I really want to know is, is there an alternative to the "include()" php function that might work for me?
allow_url_fopen and allow_url_include cannot be changed at run-time. If they could, it would pretty much negate the security function such a restriction has. (The issue here is that including something from a remote server can have extremely serious security problems if you do not have 100% control/confidence in the code being included from that server.) Additionally, if you include a .php file from a remote server and that server processes it locally as PHP, all your including file will receive is the output of that script, not the source code as you would when including a file from the local file system.
Without knowing the exact details as to why you are doing this and what exactly is to be included, I'm not sure what the best answer is (besides "don't do that"?). Worst case: grab the file via cURL or FTP and then (*shudder!*) eval() it.
"Please give us a simple answer, so that we don't have to think, because if we think, we might find answers that don't fit the way we want the world to be."
~ Terry Pratchett in Nation
Basically I'm a website designer and I recently got into a bit of php and decided to attempt to make a simple template system that I would eb able to set up for anyone. Once I got the hang of the php I realised I could possibly produce all the central files just once, and then simply upload a single php page to the clients' servers that would reference the many other files needed, as well as detailing which database to get the content from.
The advantage would be that I could continue to update and improve the template system and any changes I made would appear automatically on all clients' websites using the system, as well as only having to give the clients a single file to upload to their domains, thus also protecting the code I've written and preventing anyone from making changes to this. The client would also then have their domain in the title bar, rather than referencing my domain instead.
Perhaps I can make my the client pages act as a frame for the central index.php template file (iframe?) and simply pass the variables of which database to get the data from that way, or some such possible alternative if it exists?