使用外部类文件从父域到子域 [英] use external class file from parent domain onto subdomain
问题描述
例如,我有一个类文件处理用户认证以及一些重要的方法。
我的文件夹结构是
父域
/ home /< domain> / public_html /
子网域
/ home /< domain> / public_html / users / cluster_1 /< ; sub>
当我创建一个新的子域时,我有一个模板index.php复制到
/home/<domain>/public_html/users/cluster_1/<sub>/index.php
我想包括我的认证类,以便我可以做一些更多的东西基于其方法返回的数据。
我知道我不能包括http请求,也不想使用 dirname(dirname(__ FILE __)因为如果用户改变他们可以看到域的服务器文件夹结构。
我试过fopen,但我不能得到包括我的类,我也试过一个cURL这样
function get_data($ url){
$ ch = curl_init b $ b $ timeout = 5;
curl_setopt($ ch,CURLOPT_URL,$ url);
curl_setopt($ ch,CURLOPT_RETURNTRANSFER,1);
curl_setopt($ ch,CURLOPT_CONNECTTIMEOUT,$ timeout );
$ data = curl_exec($ ch);
curl_close($ ch);
return $ data;
}
$ returned_content = get_data('http://domain.com/api/ApiClient.php');
有一个优雅的方式来包含我的ApiClient.php类文件,即使用户更改PHP他们不会看到PHP错误引发的文件夹结构信息。
对不起,不是真的。 / p>
虽然实际上可以通过HTTP下载PHP代码并让它在本地运行,但由于安全隐患,您的包含系统中的错误或代码服务器中的一个小错误,突然您从未经检查的源运行恶意代码。有一个很好的理由,他们禁用默认情况下的行为。
如果您的用户可以编辑和运行自己的(未选中的)PHP代码,对于用户看到您的目录结构犹豫不决:除非您保护您的设置它听起来不像),他们现在可以找到该结构。只需使用适当的函数来遍历目录。
我只是使用直接包含方法。
需要MAIN_CLASS_PATH。 '/api/ApiClient.php';
如果你确实希望他们不知道父域:
- 将共享类移动到单独的项目中,从而创建单独的目录(例如/ home / $ user / shared / api
- 通过设置PHP的open_basedir并禁用函数exec()(可用于规避open_basedir)来保护子域。 包括来自/ home / $ user / shared / api和您的子网域。
how can i inlude a class file from my parent domain to be used in a subdomain on my server?
for example, I have a class file that handles user authentication along with some important methods. How can I use that authentication class on a subdomain?
my folder structure is
parent domain
/home/<domain>/public_html/
subdomain
/home/<domain>/public_html/users/cluster_1/<sub>
When I make a new subdomain I have a template index.php that is copied onto the
/home/<domain>/public_html/users/cluster_1/<sub>/index.php
in the index.php i want to include my authentication class so that I can do some more stuff based on the data returned by its methods.
i know that i cannot include http requests and also I do not want to use dirname(dirname(__FILE__) because if the user alters that they can see the server folder structure for the domain.
I tried an fopen but i couldn't get that to include my class, and also i tried a cURL like this
function get_data($url) {
$ch = curl_init();
$timeout = 5;
curl_setopt($ch,CURLOPT_URL,$url);
curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch,CURLOPT_CONNECTTIMEOUT,$timeout);
$data = curl_exec($ch);
curl_close($ch);
return $data;
}
$returned_content = get_data('http://domain.com/api/ApiClient.php');
is there an elegant way to include my ApiClient.php class file and even if the user changes the PHP code for them not to see folder structure information that is thrown by the PHP errors.
Sorry, nope, not really.
While it would actually be possible to download PHP code over HTTP and have it run locally, it's strongly discouraged because of the security implications: one little bug in your including system or one little bug in the code-server and suddenly you're running malicious code from an unchecked source. There's a good reason why they disable that behaviour by default.
If your users can edit and run their own (unchecked) PHP code, there's no sense in being hesitant about your users seeing you directory structure: unless you secured your setup (which it doesn't sound like) they could find out that structure right now. Just by using the appropriate functions to walk directories.
I'd just use the direct inclusion approach.
require MAIN_CLASS_PATH . '/api/ApiClient.php';
If you really really want them to be unaware of the parent domain:
- Move the shared classes into a separate project and thus a separate directory (say /home/$user/shared/api
- Secure the subdomains by setting PHP's open_basedir and disabling functions like exec() (which can be used to circumvent open_basedir)
- Include from /home/$user/shared/api from both your Parent domain and your Subdomain.
这篇关于使用外部类文件从父域到子域的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
