pass variable to included file from other domain

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
tkarven
Forum Commoner
Posts: 41
Joined: Tue Aug 02, 2005 10:26 pm

pass variable to included file from other domain

Post by tkarven »

hi, i made an affiliate system, where various different affiliate site might link to main site and display some contents from main site. so i created some file in main site solely for this external linkage problem.

my problem is, how can we pass variable from these external file to the main file? i'm using readfile() instead of <iframe> because it embed into the external site better from the terms of design. however, when i declare a variable, e.g.

Code: Select all

$v1="testing";
from the external site, and try to read it's value from main site using

Code: Select all

echo $v1
it dont work.

same happen to $_SESSION, or global, it still not working. Notes that these external site and main site will have different domains, so will that be a problem ?
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

if the external page is processed by php on that site you will not see any of the internal code. You will have to return the code in raw form to be able to process it.. that is extremely dangerous as someone that tampers with the external file can easily gain access to the other site.
mickd
Forum Contributor
Posts: 397
Joined: Tue Jun 21, 2005 9:05 am
Location: Australia

Post by mickd »

im guessing this isnt the problem because you prolly just mistyped it here but your missing the semicolon ; at the end of echo $v1
josh
DevNet Master
Posts: 4872
Joined: Wed Feb 11, 2004 3:23 pm
Location: Palm beach, Florida

Post by josh »

Yeah, 'PHP injecton' (arbitrary execution of third party code) can be a serious security issue, but if the third party is on one of your own servers, the data could probably be safely trusted.
tkarven
Forum Commoner
Posts: 41
Joined: Tue Aug 02, 2005 10:26 pm

Post by tkarven »

so if that external trustable, how can we do so? for example i just need to get affiliate's site member id in order to produce relavant results. so in the main site, i'll just use that for my sql, for example

Code: Select all

select * from member where member_id = $v1
Do coding this way exploit to any php injection dangerous? of course they can gain access to the main site using other's id easily but that's not main concern because these external pages is for information purpose only, e.g. display what products do each of these affiliates selling.

May be one of the way is through $_GET and url variable, but that's not a solution i'm lookin for.

Beside that, may be one other solution is encrypt these processing page and place them in the external host. So, what do your peoples recommend ?

*encryption is not preferred as we need to establish some database connection to the main host
User avatar
Jenk
DevNet Master
Posts: 3587
Joined: Mon Sep 19, 2005 6:24 am
Location: London

Post by Jenk »

Just design the site so the members have to login on your site, else you are going to have a nightmare with security.
tkarven
Forum Commoner
Posts: 41
Joined: Tue Aug 02, 2005 10:26 pm

Post by tkarven »

yea that's true, but is it the only way? how about other affiliate websites out there?

we tried to do so simply because each of these affiliate website can promote their website on their own and at the same times products which are hosted at our server. If that's the case, we lose mass advantage for group and independent promoting

*security concerns even only that these external website only able to display these product's contents ? there's the only things we willing to let these external can do, just search and view products, nothing more than that.
Post Reply