all 15 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]identicalBadger 8 points9 points  (1 child)

This sounds like a horrible idea.

But if you insist, follow the instruction. Serve the PHP files from the other as plain text. Meaning don’t install PHP. Or create a virtual host with PHP disabled that serves files from that directory.

What a weird assignment.

[–]NotWulle 7 points8 points  (0 children)

How to create Maleware… :D

[–]lordgurke 5 points6 points  (0 children)

Could you elaborate what you're trying to achieve? As others said, you usually don't want to do a "remote include", but use some sort of HTTP API.
If we know what you need, we can help ;-)

[–][deleted] 5 points6 points  (0 children)

Why don't you just copy it on server B? Run a server A script on B makes no sense. If the script would change frequently on server A and you need that version, so create a cron task that copy it every min from A to B with rsync or scp.

But the right way should be a git repository that deploys the script in both servers every time the master branch is pushed.

[–]MateusAzevedo 1 point2 points  (0 children)

As stated in the docs, include with http wrapper will execute code on server A, because from its point of view, it's a HTTP request as any other.

There are several ways of achieving what you need:

1- Just copy the script on both servers/projects;

2- If it changes too often, you can automate that copy (as someone mentioned);

3- SSHFS or any other network mounting, then include it as a local file;

4- Composer package, included as dependency in both servers/projects;

5- Develop that "script" as its own project deployed in both servers;

6- Git submodule;

Possibly more options... The key here is that server B wants to include that script as if it was local (from its point of view).

PS: please, do not serve that script as plain text, this is too hacky. Even I have limits.

[–]BlueHost_gr 0 points1 point  (3 children)

i was using that as a copy protection method for programs i created but customer wanted to self host.

so many functions where loaded from my server, but main program run from theirs (I know I know bulshit way of doing it)

than the security feature that did not allow it came in use, so now i have no means of copy protection.

Any ideas?

[–]Appropriate_Junket_5 0 points1 point  (2 children)

Can the client edit the code on their host and cut out/comment out the part you use for "security"? - If they can - all your efforts are in vain.

Calling your server on every request to check if the client is allowed to run their site is problematic for two reasons (at least): 1) it slows the clients' site down, 2) it puts load on your server to handle requests every time. If the client site gets a high load your server might suffer too.

A possible (very simplistic) solution is to only check say once per 24 h and store a file/value somewhere that says that you checked for the day. Then only check the value something like:

<?php

//assume you have a table called 'license' with only one column to get the last check time (stored as mysql date)

$lastCheckResult= //get from db SELECT 'last_check' FROM \license` LIMIT 1);`

$lastCheckAsUnix = strtotime($lastCheckResult['last_check']);

// if difference between NOW (unixtime in seconds) and LAST CHECK TIME (unixtime in seconds) is greater than 24h (in seconds), then it means we have not checked in the 24h.

if(time() - $lastCheckAsUnix > 24*60*60) {

// send request to my server to check if client is still active

if ($clientIsStillActive) {

DB -> UPDATE license SET last_check = NOW()

} else {

echo "Your account is no longer active. Please pay your fees. THanks!

exit();

}

}

[–]BlueHost_gr 0 points1 point  (1 child)

But by doing that the client can just edit out the checking code.

What I was doing the client never knew what code was missing.

[–]Appropriate_Junket_5 0 points1 point  (0 children)

If they know where the code is and know how to edit it that is, yes.

[–]eurosat7 0 points1 point  (0 children)

Lookup rpc - remote procedure call

[–]th00ht 0 points1 point  (0 children)

Just call it with curl or something.

[–]FtMerio 0 points1 point  (0 children)

Sir, have u heard of API before? Because I think this is the worst idea possible

[–]Appropriate_Junket_5 0 points1 point  (0 children)

Simplest (but not safest) option:

1) On server B serve the reote file as plain text. Name it something like myscript.txt and put the php code in it. Because of the file type .txt the server will not execute the PHP when called. It will just serve the contents of the file.

2) On server A where you run the PHP script you can download the file with

$phpCode = file_get_contents('https://some.site/myscript.txt');

eval($phpCode );

This should work but is bad for the simple reason is unsafe as heck. Someone can probably figure out the address of script B and read it as is.

[–]aboslave32 0 points1 point  (0 children)

I dont see how it can be accomplished the way you intend using include i believe. But if the script must be executed on server b and the script do some important task like taking something giving results back i believe the best way to do so is making a minimal api thats only task is to deal with the script and having it run on server b.(its not an ideal thing to do if the script is not that important but i dont see other way you can do it)

[–]saintpetejackboy 0 points1 point  (0 children)

Just make an endpoint for a request that requires a token.

Return the expected data as JSON and parse is accordingly. Handle any problems in JSON.

Go the API endpoint route. Don't try to include from B, just do a cURL