如何使用PHP请求非公开的PHP页面?
[英]How to request a non-public PHP page using PHP?
问题描述
To request a public-facing page, you can simply do: 
要请求面向公众的页面,您只需执行以下操作:
$html = file_get_contents("http://mysite.com/file.php");
But the file I want to request is not a publicly available page. 但是我要请求的文件不是公开可用的页面。 Is there any way to request it without resorting to server configurations? 有什么方法可以不通过服务器配置来请求它吗?
To be clear, I do not want the source code of the .php file - I want to execute the PHP in the file and get the resulting html as a string. 需要明确的是,我不需要.php文件的源代码-我想在文件中执行PHP并获取生成的html作为字符串。
5 个解决方案
解决方案1
2 已采纳 2013-04-22 06:56:34
您可以使用这样的命令行调用来调用php文件
$content = shell_exec('php /path/to/your/file.php');
解决方案2
1 2013-04-22 07:01:56
If the file is not a public facing file, your first move is to put it in a location that public cannot access, eg, not in your sites public folder, but a level up from there. 如果该文件不是面向公众的文件,则第一步是将其放置在公共无法访问的位置,例如,不在您站点的公共文件夹中,而是从该目录上移。 That way, nobody will ever be able to access it, except for files residing on the same server. 这样,除了驻留在同一服务器上的文件之外,没有人能够访问它。
Next, instead of using file_get_contents() to load up a url, use exec() to execute the php script like this 接下来,而不是使用file_get_contents()加载URL,而是使用exec()执行php脚本,如下所示
exec('php /path/to/file.php', $output);
print_r($output); // each line of the output is stored in the $output array
See http://php.net/manual/en/function.exec.php for mroe info 参见http://php.net/manual/en/function.exec.php了解更多信息
解决方案3
0 2013-04-22 07:15:00
But the file I want to request is not a publicly available page.
If it's an external file, no, there isn't a way to by-pass server configurations. 如果它是一个外部文件,否,没有办法绕过服务器配置。 Essentially by pointing file_get_contents() to a PHP file, you are telling the web server to execute it and if it was made to print a bunch of information, it will exactly do that. 从本质上讲,通过将file_get_contents()指向一个PHP文件,您就是在告诉Web服务器执行它,如果它是用来打印大量信息的,它将完全做到这一点。 CURL may be the better choice if you are trying to access .htaccess password protected files. 如果您尝试访问.htaccess密码保护的文件,则CURL可能是更好的选择 。
解决方案4
-1 2013-04-22 06:52:49
This can be done by making the file public, but protecting it with a password. 可以通过将文件公开,但要用密码保护它来完成。 Then the page will still be protected from the outside world, but can be requested with file_get_contents(). 这样,该页面仍然会受到外界的保护,但是可以通过file_get_contents()请求该页面。
In the requesting page: 在请求页面中:
$html = file_get_contents("http://mysite.com/file.php?password=h29kd8cm28x");
And in the (now public) page being requested: 并在要求(现在公开)的页面中:
if ($_GET['password'] != 'h29kd8cm28x') {
die("Access denied!");
} else {
// page contents here
}
However this seems like a clunky solution, and requires extra work to prevent hackers from learning the password. 但是,这似乎是一个笨拙的解决方案,并且需要进行额外的工作以防止黑客学习密码。
解决方案5
-1 2013-04-22 07:02:14
You need to keep the PHP file in document root or its sub-folders. 您需要将PHP文件保留在文档根目录或其子文件夹中。 Assuming you are calling call.php from run.php: 假设您正在从run.php调用call.php:
// call.php
if($_SERVER['REQUEST_URI']=='run.php') { // Or the full path of run.php
// Code here
}
// run.php
$html = file_get_contents("http://sitename.com/call.php");
If call.php should be outside the document root, shell_exec is an option, as mentioned by silly. 如果call.php应该在文档根目录之外,则如傻傻提到的那样,可以选择shell_exec。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.