[Phpwm] subdomains & includes

David Goodwin david at codepoets.co.uk
Wed Jan 24 07:46:07 GMT 2007


Phil Beynon wrote:
>  This is odd and perplexing.....
>
>  I've got a subdomain site set up which has got a path to a config
>  file which contains things like database name, password etc. This is
>  brought in as an include() to the pages and works fine. On the main
>  site if I do the include with the full url it sees the file, if I do
>  echo "boo!"; in the page it does this, so I know it sees the file....
>  but its not giving up any of the variable values when they get asked
>  for.
>
>  So: subdomain.example.com has: include(/admin/config/siteconfig.php);
>  and that works just fine for seeing the database.
>
>  But www.example.com has:
>  include(http://subdomain.example.com/admin/configs/siteconfig.php);
>  (which can be see to be working from an echo to the page so its not
>  an incorrect path) But isnt getting any of the the values of
>  variables in siteconfig.php


I'd have thought the obvious answer was that when you do an include
with http:// in it, the web server is interpreting it, and sending back
just 'boo!' and not "echo 'boo!'".

In other words, include('http://.......') fetches the file from the remote
web server. If it is a .php file, it will execute on the remote server, and
return you the output from that execution. This is a big difference
between local file opening (not through apache) and remote file opening
(through Apache).

If you wish to get around this limitation, you'd need to rename the
 remote file so it doesn't end in .php, and therefore stop Apache passing
it's content through the PHP interpreter. This is probably insecure, so
 you might want to mix in .htaccess style authentication to stop
$the_rest_of_the_world from accessing your database settings etc.


After all, if I could do an 'include' on an arbitary php file doing
include('http://some.where/foo/bar.php') and see it's source, I'd make
an excellent hacker!

I'd strongly recommend you stick with 
include('/admin/config/siteconfig.php');

thanks
David.




More information about the Phpwm mailing list