Page 1 of 1

call a function from a remote include() php file

Posted: Sat Dec 01, 2007 2:42 am
by paqman
I'm trying to set up a general error reporting tool for all the websites I build which will all call a function from my main website. This way I'll only have to update the one file to make any changes. I'm trying:

Code: Select all

include('http://mysite.com/error_report.php');
report_error("9001", "0", "0", "http://thesite.com", "0");

The file error_report.php begins like this:

Code: Select all

<? function report_error($errorcode, $headertype, $messagetype, $domain, $submextra) {
...

I'm asking because the script works fine when it's included by a script in the same domain as it. When I try to include error_report.php remotely, it just tells me "Fatal error: Call to undefined function: report_error()". The file's being included; it's just not able to see the function. Any ideas?

Posted: Sat Dec 01, 2007 3:38 am
by Dale
I don't think you can use relative paths to your files (eg; http://www.foo.bar), you have to use full paths (/foo/bar/ect/).

Posted: Sat Dec 01, 2007 4:39 am
by jmut
http://php.net/manual/en/function.include.php

You need allow_url_fopen option enabled.
But in long term I really thing this is bad idea.
I would suggest you have some class that does the job for you...and whenever new version of the class pops up
you just synchronize to needed systems. Much easier to test/debug in my opinion.
Generally allow_url_fopen enabled is considered security risk. You should be very very strict not to allow attacker using it in a bad way.

Posted: Sat Dec 01, 2007 8:25 am
by volka
Does http://mysite.com/ itself parse and execute php scripts?
Then your including script only gets the output of error_report.php, not the source code.

Posted: Sat Dec 01, 2007 3:27 pm
by paqman
ahhhhhhhhh that makes sense - it's parsing the code itself, then returning nothing... Sorry I didn't realize that earlier. Would a file opening/reading function import the code? Or should I just listen to jmut and avoid the possibility of attacks?

Posted: Sat Dec 01, 2007 3:35 pm
by feyd
Nothing you can do on the requesting server will fetch the code without the help of the remote server. Just don't do it.