Password protecting an include (PHP)

theMAD2

theMAD2

theMAD2

Associate
Joined
2 Aug 2005
Posts
680
Is it possible to host a page on my website, for example news.inc.php and password protect the file (using htaccess), but let people on other websites access this file as an include for example

<?php include 'http://mysite.com/news.inc.php';?>

Can I add something to the include to access the file using my htaccess username and password?

It sounds like a strange question but I basically want to be able to add a test to several peoples' websites and if I update the test in the future I want to be able to do it through this one file hosted on my site.

Thanks,
Dan
 
That wouldn't really work because if the file was stored in a directory with htaccess the php script wouldn't get the chance to check for the host. Can you use an include on a file which is stored on a different server/host? And if so, can you run the include with a username and password if the file you are trying to include IS password protected?

Thanks mate,
 
What's happened is I have made a few assessment tools (tests with forms) for some customers. I have made them as include files like test.inc.htm and results.inc.php so when I add the files to my customer's website it takes the shape and style of their site using their CSS. The only problem is, if I update one of the tests I will have to change the include files on everyones site.

What I was thinking was is there a way to have these include files on my site instead, so when I update them it's effective on everyones site?

It looks like you can run includes from remote sites using HTTP:
http://uk.php.net/manual/en/function.include.php

The only trouble is, these could be accessed by anyone. I want to be able to password protect the include files on my site so only people who know the username and password can access them. Sorry it's all a bit long winded, hope it makes more sense :)
 
Executing external code is very dangerous.
Click to expand...
True, but it's only external in technical terms, it's code that I control so it's not external to me.

As we're on the subject of security, is it safe to use a set of includes like:

red.inc.htm
orange.inc.htm
green.inc.htm
ect

and then call them up from a php script with this code
Code: 
<?php include "$colour" . '.inc.htm';?>
using links like colour.php?colour=red

Is there a safer way to switch between includes using variables passed in the links?
 
eek! ok, how about passing variables in the link (like above), but in the file with the include have something like this:

Code: 
<?php
if ($colour == 'red') { include 'red.inc.htm'; }
else if ($colour == 'orange') { include 'orange.inc.htm'; }
else if ($colour == 'green') { include 'green.inc.htm'; }
else { print 'Sorry, please click your browsers back button'; }
?>

Thanks a lot for your help mate :)
 
Thanks a lot for your help with this mate :)
Can I use this?
Code: 
<?php include "$colour" . '.inc.htm';?>
if I have set the variable in the php file, so even if someone trys to add something like colours.php?colour=hijackcode it will be changed when the php code (which will change the variable) is parsed?
 
You must log in or register to reply here.
Back
Top Bottom