php require_once() with a remote file [php 5.0, Windows Server 2003]

Posted on 2010-01-12
Medium Priority
Last Modified: 2013-12-13
Hey folks,

I have a remote (hosted) windows server 2003 that is our primary development test web server. On a local machine here at the office, Windows XP Pro, I want to include a remote file in a php script with the database credentials so the local user can interact with the db, but never see the username/password.

Something like this:

<?php require_once("http://www.domain.com/databaselogin.php"); ?>

I have allow_url_include directive set to On in php.ini, but I still seem unable to include the remote file. I was thinking perhaps permission/connection issues on the remote server, but I'm able to include the file properly in plain text (.txt) form and it works. Is it simply that I'm unable to include .php extension files from a remote location for rendering reasons? If so, is there another, secure way to maintain credentials remotely without giving local users access to them?

Question by:jmoriarty
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
LVL 11

Expert Comment

ID: 26300206

"but I'm able to include the file properly in plain text (.txt) form and it works"

When you include the php file, you are not really including the php code, you are including the result of all that code, I mean all the information "echoed" for the script. If you want to get some remote connection parameter you will need to learn about Web Services,

but anyway, seems that the file that you are trying to include is a connection to a DB, possibly a DB that is in that remote server too, so, A better way is set the connection to the remote DB directly in your host... =P

I mean, you create your DB connection file, and host it in the same server that the rest of your application, but in that DB connection script you set up the connection to the remote DB in the remote server.. ;)


Author Comment

ID: 26300252
Actually, the db resides on a 3rd server, I should've specified more clearly; and I was trying to mask the DB credentials entirely off the local machine to only an interface. A WSDL/web service is a viable option, I was trying to do something "quick and dirty". The setup is basically (local machine) -> remote web server -> database server. I want the local machine to be able to connect to the remote database without allowing someone to simply open the php file on the local machine in a text editor and see the database credentials, if that makes sense.

And good point about the plain text.
LVL 11

Accepted Solution

VanHackman earned 2000 total points
ID: 26300415

"I want the local machine to be able to connect to the remote database without allowing someone to simply open the php file on the local machine in a text editor and see the database credentials, if that makes sense."

Yeah, it makes sense, I have had the same need before.
And the best way to do it is implementing a web service.

Anyway, as you need something "quick and dirty".

I would suggest you a tricky solution:

You can set up your DB connection file in the remote server to check up the IP of the incoming requests, if the IP is equal to the IP of the host with your application, your script will print out all the code for the DB connection.

I know that some one here will shout like a crazy saying that it is dangerous, because some hacker can supplant the host's IP,  I already know that and I am just suggesting a way to do it, but you can (and must) take some extra security preventions like make the transaction over a secure protocol or using SSL directly, or even posting some credential to your DB connection script in order to identify yourself before it show the information, but that way will start to convert the system in a Web Services and you already said that you need something simple... xD


Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

LVL 32

Expert Comment

ID: 26300650
If you're trying to keep people from seeing unencrypted credentials, there might be an easier way.

You can use base64_encode and decode along with the eval statement to encrypt your data.

The concept is relatively simple. See code below
$code_to_be_extreemly_well_encrypted = 'print \'Hello World\';';
print '<?php eval(base64_decode(\'' . base64_encode($code_to_be_extreemly_well_encrypted) . '\'));?>';

Open in new window

LVL 11

Expert Comment

ID: 26305659
Well, I think that Obfuscate the code will be a better approach that only encrypt the credentials.

Author Closing Comment

ID: 31676481
Great ideas; thanks for the help, and apologies for the long delay in response.
LVL 11

Expert Comment

ID: 26333739

Thanks for the points!.

Featured Post

Don't Cry: How Liquid Web is Ensuring Security

WannaCry is just the start. Read how Liquid Web is protecting itself and its customers against new threats.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Developers of all skill levels should learn to use current best practices when developing websites. However many developers, new and old, fall into the trap of using deprecated features because this is what so many tutorials and books tell them to u…
This article discusses how to implement server side field validation and display customized error messages to the client.
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
The viewer will learn how to count occurrences of each item in an array.
Suggested Courses

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question