包括外部php文件和使用它们的功能？ [英] Including external php files and using functions from them?

问题描述

我正在尝试在我正在构建的可安装的Web应用程序中实现尽可能简单的许可系统（用户下载并上传到他们的服务器）。在得知会话不能跨域设置（这是我的第一选择）之后，我现在想到在我的服务器上包含一个外部文件，其中包含一个名为 validate（）的函数验证我的数据库中是否存在许可证。

I'm trying to implement an as simple as possible licensing system in a installable web-app that I'm building (user downloads and uploads to their server). After learning that sessions can't be set cross-domain (which was my first choice), I've now thought about including an external file on my server, containing a function called validate() which validates whether or not the license exists in my database.

事件流程：用户在其网站上输入许可证密钥 - >许可证密钥发布到文件 /validate.php ，其中包含来自我的服务器的文件 - >服务器检查数据库中是否包含许可证密钥 - >如果是，则设置关于用户域的会话并重定向到管理部分 - >如果否，重定向回登录页面，并显示错误消息。

Flow of events: User inputs license key on his site -> License key posted to the file /validate.php which includes a file from my server -> Server checks to see if license key is included in database -> If yes, sets a session on users domain and redirects to admin section -> If no, redirects back to login page, with an error message.

这是我的代码（理论 - 可能有问题）：

validate.php

include("http://www.example.com/function.php");
validate($_POST['license']);

function.php

include("db_conn.php");

function validate($license)(
$conn = mysql_connect($db_host, $db_user, $db_pass); mysql_select_db($db_name);

$license = mysql_real_escape_string($license);

$query = "SELECT FROM licenses WHERE license = '$license'";
$result = mysql_query($query);

if(mysql_num_rows($result) == 1) {
    mysql_close($conn);
    session_set_cookie_params(60*60*24*30,"/","." . $_SERVER['SERVER_NAME']);
    session_start();
    $_SESSION['license_valid'] == "YES";
    header("Location:" . $_SERVER['SERVER_NAME'] . "/admin");
} else {
    mysql_close($conn);
    header("Location" . $_SERVER['SERVER_NAME'] . "/login/?error=1");
}
);

问题是，我不确定服务器将如何处理函数 validate（）例如，会话将在我的服务器或用户的服务器上设置吗？它会使用我的 $ _ SERVER ['SERVER_NAME'] 还是用户的？它是否会从我的服务器或用户的包含 db_conn.php ？

The problem is, I'm not sure how the server will handle the function validate() for example, will the session be set on my server, or the user's server? Will it use my $_SERVER['SERVER_NAME'] or the user's? Will it look to include db_conn.php from my server, or the user's?

推荐答案

您的预计流量：

用户在其网站上输入许可证密钥（发生在他的服务器上）

许可证密钥已发布到文件/验证.php ... （发生在他的服务器上）

...其中包含我服务器的文件（不起作用）

您的实际流量将是：

用户在其网站上输入许可证密钥（发生在他的服务器上）

许可证密钥发布到文件yoursite.com/validate.php ... （发生在他的服务器上）

...在您的服务器上运行脚本。

Your actual flow will be:
User inputs license key on his site (happens on his server)
License key posted to the file yoursite.com/validate.php ... (happens on his server)
... which runs a script on your server.

您的服务器检查数据库中是否包含许可证密钥。

Your server checks to see if license key is included in the database.

如果是，请在服务器上为该用户设置会话，并重定向到服务器上的admin部分。

如果不是，请重定向到登录服务器上的页面，显示错误消息。

If yes, sets a session on your server for that user, and redirects to admin section on your server.
If no, redirects to login page on your server, with an error message.

正确的设置方法是在您的服务器上放置一个文件获取许可证密钥的URL参数的服务器，检查它是否有效，然后输出一些内容以指示它是否有效。

The correct way to set it up is to have a file on your server that takes a URL parameter of the license key, checks to see if it's valid, then outputs something to indicate whether it is or not.

validate.php （在您的服务器上）

<?php
session_start();

$key = $_POST['license_key'];
// Please clean this variable, obvious SQL injection, blah blah

include('function.php'); // From your server, contains the validate() function
if (validate($key))
{
    // Log them in on your server
    $_SESSION['license_key'] = $key;
}
else
{
    // Say error and show the login form from your server
}

现在，另一台服务器上的某人可以在< form> <上设置操作 / code>到 http://yourserver.com/validate.php ，您的服务器将从那里接管。

Now someone on another server can set the action on their <form> to http://yourserver.com/validate.php and your server will take over from there.

当你包含一个脚本时，包含脚本中的所有变量都会像中包含内联一样运行脚本。

When you include a script, all the variables in the included script will run as if they were inline, inside the including script.

基本上，想象一下所有代码都在 validate.php 里面，它会好像它一样运行。

Essentially, just imagine all that code is inside validate.php, and it will run as if it were.

这里有一个值得注意的问题 - 如果 function.php 在 validate.php 的另一个目录， include validate.php 要求 db_conn.php 将失败 - 您需要更改此页面以匹配包括文件中的路径。

There is a gotcha to watch out for here - if function.php is in a different directory to validate.php, the include inside validate.php which asks for db_conn.php will fail - you'll need to change this page to match the path from the including file.

这篇关于包括外部php文件和使用它们的功能？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！