Skip to main content
A
Anonymous
February 28, 2010
Question

PHP include call used to work, doesn't now, and my ISP blames me...help?

  • February 28, 2010
  • 3 replies
  • 1606 views

Hello all,


Here's the deal: I have a website, www.website.com which has a sub-domain, subdomain.website.com. I use one CSS file for both sites, the subdomain calls to the main website. Likewise, I pull graphics from the main site that appear on the subdomain. Everything works swimmingly.


I also have a navbar that is common to both sites. For simplicity, the navbar is in an includes folder in the main site's root directory. I do this so that changes made to the navbar can be instantaneous across both sites. I avoid having to upload includes files to BOTH sites every time I change one of them. Here's how I call it in the code:


<?php include('http://www.website.com/includes/navbar2.php'); ?>


This USED TO WORK JUST FINE. Not long ago, pages in the subdomain are no longer able to call the navbar from the includes folder on the main site. I get three <function include> errors where there ought to be the navbar. I contacted my ISP (Network Solutions) and they blame it on 'custom coding' which is absurd as I haven't altered the code on these pages in months...far before the problem occurred.


Here is the html for the three <function include> errors:


<b>Warning</b>:  include() [<a href='function.include'>function.include</a>]: URL file-access is disabled in the server configuration in <b>/(actual path info removed)/main.php</b> on line <b>31</b><br />

<br />
<b>Warning</b>:  include(http://www.website.com/includes/navbar2.php) [<a href='function.include'>function.include</a>]: failed to open stream: no suitable wrapper could be found in <b>/(actual path info removed)/main.php</b> on line <b>31</b><br />
<br />
<b>Warning</b>:  include() [<a href='function.include'>function.include</a>]: Failed opening 'http://www.website.com/includes/navbar2.php' for inclusion (include_path='.:/usr/services/vux/lib/php') in <b>/(actual path info removed)/htdocs/subdomain_folder/main.php</b> on line <b>31</b><br />

I think it's a server-side change. Has to be as I have not altered the code at all in ages. Any thoughts, suggestions or help would be very much appreciated.

Sincerely,

wordman




This topic has been closed for replies.

3 replies

David_Powers
David_Powers
Inspiring
March 2, 2010

Wordman-GL wrote:

Here's how I call it in the code:


<?php include('http://www.website.com/includes/navbar2.php'); ?>


This USED TO WORK JUST FINE.

Your hosting company is quite correct in blaming you, although it should probably have explained why it no longer works.

Since PHP 5.2, there have been two security directives: allow_url_fopen, which is on by default, and allow_url_include, which is off by default.

Including a file directly from a URL is a major security risk, which is why allow_url_include is turned off. If you want to include content from a URL, you must retrieve it using a file function, such as file_get_contents(), and run your own security checks on it before including it in a page.

A
Anonymous
March 2, 2010

David,

Thank you as always, for a concise answer.

I tried the file_get_contents(), but it bombed. So I figured to cut my losses and just add the includes file in my subdomain.

Let me ask you this: from my subdomain, I also call to graphics and a CSS file located on the main www page ( <img src="http;//www.website.cpm/graphics/logo.jpg" /> and <link href="http://www.website.com/css_files/file.css etc...> ). Does this also pose a security risk? Currently these work, I'm assuming because they do not involve PHP.

Your advice would be greatly appreciated!

Thanks!

Sincerely,

wordman

David_Powers
David_Powers
Inspiring
March 4, 2010

As long as you know what you're including, there is no security risk. The reason allow_url_include has been turned off by default is because a lot of inexperienced people use PHP in an insecure way. That's why the directive can be turned on in a controlled environment.

Including your images from another domain is the same. If you control the domain (or subdomain), there's no problem. If you're using an image from elsewhere, there are two potential problems: the other domain might be down, or the owner of that domain removes the image.

In other words, if you know the implications of what you're doing, you can determine whether a course is safe to follow. It's when you fail to think things through that problems arise.

M
mtprogrammer
New Participant
March 1, 2010

If you cannot access the files outside of your sub domain (on your main domain), than I would use the following method.

If your nav bar is displaying or returning html, than I would just grab the contents of the file you want to use on your other domain using the php function file_get_contents(). You could also use curl, but that is probably overkill for this.

I hope you find this useful.

Chris Roane - My Lifestyle and PHP Blog

A
Anonymous
March 1, 2010

Chris,

As a relative newcomer to PHP, I have to say, I'm not familiar with these functions but I will absolutely look them up to see if this cures my problem.

You guys are awesome. I will report back on the results soon!

Most cheers,

wordman

BenPleysier
Community Expert
BenPleysierCommunity Expert
Community Expert
March 1, 2010

I agree with you, there has been a tightening of security on the server.

Assuming that your sub-domain is in the same directory structure as your main domain name as in maindomain/program_files and maindomain/subdomain/program_files, then why don't you grab your menu for your subdomain as in <?php include('../includes/menu.php'); ?>

This way you are not calling a domain name which the server is blocking.

I hope this helps.

Ben

Wappler is the DMXzone-made Dreamweaver replacement and includes the best of their powerful extensions, as well as much more!
A
Anonymous
March 1, 2010

Ben,

Thank you, an excellent suggestion! However, my subdomain lies in its own folder on the server. I am happy to know that you agree this is some sort of security tightening. It's weird, because I can pull pics, graphics and other material from the main site with no hitch. Go figure.

Many thanks for the message!

Cheers,

wordman

Terms & ConditionsAccessibility statement
Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices