I'm trying to run a php function that's hosted on a different server. Here's the relevant code:
In firstdomain.com/handler.php:
include 'http://www.seconddomain.com/functions.php';
$disp_keyword = doQuery( 0, $keyword, null );
And in seconddomain.com/functions.php:
function doQuery( $code, $arg1, $arg2 ) {
mail( '[email protected]', 'doquery entered', 'test' );
}
How can I get this to work?
Allot of servers default setup will stop this as its highly insecure but there is an easy work around using eval tho its just as insecure, if you dont 100% trust the source.
Instead of using
include 'http://www.seconddomain.com/functions.php';
use:
<?php
//get file content, save it .txt on the serving server so its not interpreted,
// you could even encrypt it then base 64 it to keep it safe, then reverse the process
$content = file_get_contents('http://www.seconddomain.com/file.txt');
eval ("?>$content");
?>
or you could grab the file with FGC,save it and then just use a normal include, thou any method you choose you should be very wary of the source of the file.
The file on the second server needs to output the PHP source, not just run it. When you include a remote file, it's like going there in your browser but then the code shown is run.
So, the easiest way to do this is to just leave out the <?php and ?> tags. However bear in mind that this leaves your source code visible to the outside world - in particular any security is lost.
allow_url_fopenis enabled andallow_url_includeas well. Also make absolutely sure that you know the contents of the file you are including remotely, and it is trusted 100%.