Warning: include() [function.include]: URL file-access

 
Post new topic   Reply to topic    Aprelium Forum Index -> PHP
View previous topic :: View next topic  
Author Message
Kent
-


Joined: 12 Jan 2003
Posts: 137

PostPosted: Tue Jan 09, 2007 4:38 am    Post subject: Warning: include() [function.include]: URL file-access Reply with quote

Im trying to include an external file from another server but I am getting the following error, does anyone here have any clues to help me solve the problem?

Its a simple line of code, I dont know how I messed it up..lol

Code:

<?
include('url to file');
?>


Warning: include() [function.include]: URL file-access is disabled in the server configuration in C:\server\htdocs\file.php on line 2

Warning: include(http://*************) [function.include]: failed to open stream: no suitable wrapper could be found in C:\server\htdocs\file.php on line 2

Warning: include() [function.include]: Failed opening 'http://*********' for inclusion (include_path='.;C:\php5\pear') in C:\server\htdocs\file.php on line 2
Back to top View user's profile Send private message
Moxxnixx
-


Joined: 21 Jun 2003
Posts: 1226
Location: Florida

PostPosted: Tue Jan 09, 2007 2:55 pm    Post subject: Reply with quote

Look for allow_url_fopen = off in your php.ini and set it to on.

Be aware that this is a security risk...
http://www.technosailor.com/lessons-in-web-security-php-and-remote-file-execution


Last edited by Moxxnixx on Tue Jan 09, 2007 6:39 pm; edited 1 time in total
Back to top View user's profile Send private message Visit poster's website
cmxflash
-


Joined: 11 Dec 2004
Posts: 872

PostPosted: Tue Jan 09, 2007 6:08 pm    Post subject: Reply with quote

Moxxnixx wrote:
Be aware that this is a security risk...

True, but only if he is allowing other people to upload and execute PHP code on his machine. If he uses a single (or more) include with a static URL, it's pretty safe as long as he trusts the server he is including the code from. If there is no PHP-code in the included URL, you should use file_get_contents instead of include to make PHP ignore any malicious code.

Never use the include function to display a page recieved from $_GET, $_POST or similar. I've seen too many pages that simply uses something like this:

Code:
<?php
print_header();
include($_GET['content']);
print_foot();
?>
Back to top View user's profile Send private message
Kent
-


Joined: 12 Jan 2003
Posts: 137

PostPosted: Tue Jan 09, 2007 6:11 pm    Post subject: thanks guys Reply with quote

Thanks for the clue ;) and the heads up on the security...
I am including a file from my paid host website for a page ran on my home server - I trust it completely :)
Back to top View user's profile Send private message
Kent
-


Joined: 12 Jan 2003
Posts: 137

PostPosted: Tue Jan 09, 2007 6:21 pm    Post subject: Reply with quote

I looked at my php.ini file and allow_url_include

is on and so is

allow_url_fopen

and
<?
include('include some file');
?>

still does not work gives me the same error :cry:
Back to top View user's profile Send private message
Marty
-


Joined: 10 Sep 2006
Posts: 83

PostPosted: Tue Jan 09, 2007 7:05 pm    Post subject: Reply with quote

The file you are trying to include, does it require any additional files to run, check the script for the include or require statement. If so you will need to edit those include statements in the same manor your trying to include this one ie: http://www././php etc.. of course setting the path to your paid host server.
_________________
www.web-bin.com | www.skydigitalcards.com
Back to top View user's profile Send private message
Kent
-


Joined: 12 Jan 2003
Posts: 137

PostPosted: Tue Jan 09, 2007 8:55 pm    Post subject: no Reply with quote

no it doesnt require any other files to run...
I even tried to create a "mock" file to test if I can include files from the abyss server to other docs on the abyss server and I get the same error...lol
Back to top View user's profile Send private message
Kent
-


Joined: 12 Jan 2003
Posts: 137

PostPosted: Tue Jan 09, 2007 9:13 pm    Post subject: nevermind Reply with quote

OK I researched this issue a little and found that the latest php no longer allows the use of include('http://url.com'); ? only include('path to local file on server');

hense the wrapper statement? I assumed so I dug up the following data to fix the problem..

either you can use :

<?php
$file_contents = file_get_contents('http://url.com/');

// display file
echo $file_contents;
?>

or you can go with something like:

<?php
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "http://url.com/");
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_exec($ch);
curl_close($ch);
?>
Back to top View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Aprelium Forum Index -> PHP All times are GMT + 1 Hour
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB phpBB Group