使用从父域到子域的外部类文件
我如何包含父域中的类文件以在我的服务器上的子域中使用?
例如,我有一个处理用户身份验证以及一些重要方法的类文件。如何在子域上使用该身份验证类?
我的文件夹结构是
父域
/home/<domain>/public_html/
子域
/home/<domain>/public_html/users/cluster_1/<sub>
当我创建一个新的子域时,我有一个模板index.php,它被复制到
/home/<domain>/public_html/users/cluster_1/<sub>/index.php
index.php中,我想包含我的身份验证类,以便我可以根据返回的数据做更多的事情通过其方法。
我知道我不能包含 http 请求,而且我也不想使用 dirname(dirname(__FILE__) 因为如果用户更改,他们可以看到该域的服务器文件夹结构。
我尝试了 fopen但我无法让它包含我的类,而且我也尝试了像这样的 cURL
function get_data($url) {
$ch = curl_init();
$timeout = 5;
curl_setopt($ch,CURLOPT_URL,$url);
curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch,CURLOPT_CONNECTTIMEOUT,$timeout);
$data = curl_exec($ch);
curl_close($ch);
return $data;
}
$returned_content = get_data('http://domain.com/api/ApiClient.php');
有一种优雅的方式来包含我的 ApiClient.php 类文件,即使用户更改 PHP 代码也看不到文件夹结构信息这是由 PHP 错误引发的。
how can i inlude a class file from my parent domain to be used in a subdomain on my server?
for example, I have a class file that handles user authentication along with some important methods. How can I use that authentication class on a subdomain?
my folder structure is
parent domain
/home/<domain>/public_html/
subdomain
/home/<domain>/public_html/users/cluster_1/<sub>
When I make a new subdomain I have a template index.php that is copied onto the
/home/<domain>/public_html/users/cluster_1/<sub>/index.php
in the index.php i want to include my authentication class so that I can do some more stuff based on the data returned by its methods.
i know that i cannot include http requests and also I do not want to use dirname(dirname(__FILE__) because if the user alters that they can see the server folder structure for the domain.
I tried an fopen but i couldn't get that to include my class, and also i tried a cURL like this
function get_data($url) {
$ch = curl_init();
$timeout = 5;
curl_setopt($ch,CURLOPT_URL,$url);
curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch,CURLOPT_CONNECTTIMEOUT,$timeout);
$data = curl_exec($ch);
curl_close($ch);
return $data;
}
$returned_content = get_data('http://domain.com/api/ApiClient.php');
is there an elegant way to include my ApiClient.php class file and even if the user changes the PHP code for them not to see folder structure information that is thrown by the PHP errors.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
抱歉,不,不是真的。
虽然实际上可以通过 HTTP 下载 PHP 代码并在本地运行,但由于安全隐患,强烈不鼓励这样做:您的系统中存在一个小错误,或者代码服务器中存在一个小错误突然间,您正在运行来自未经检查的来源的恶意代码。他们默认禁用该行为是有充分理由的。
如果您的用户可以编辑和运行他们自己的(未经检查的)PHP 代码,那么您的用户看到您的目录结构就没有必要犹豫:除非您保护您的设置(听起来不像),否则他们可以正确地找到该结构现在。只需使用适当的函数即可遍历目录。
我只是使用直接包含方法。
如果您真的希望它们不知道父域:
Sorry, nope, not really.
While it would actually be possible to download PHP code over HTTP and have it run locally, it's strongly discouraged because of the security implications: one little bug in your including system or one little bug in the code-server and suddenly you're running malicious code from an unchecked source. There's a good reason why they disable that behaviour by default.
If your users can edit and run their own (unchecked) PHP code, there's no sense in being hesitant about your users seeing you directory structure: unless you secured your setup (which it doesn't sound like) they could find out that structure right now. Just by using the appropriate functions to walk directories.
I'd just use the direct inclusion approach.
If you really really want them to be unaware of the parent domain: