问题
how can i inlude a class file from my parent domain to be used in a subdomain on my server?
for example, I have a class file that handles user authentication along with some important methods. How can I use that authentication class on a subdomain?
my folder structure is
parent domain
/home/<domain>/public_html/
subdomain
/home/<domain>/public_html/users/cluster_1/<sub>
When I make a new subdomain I have a template index.php that is copied onto the
/home/<domain>/public_html/users/cluster_1/<sub>/index.php
in the index.php i want to include my authentication class so that I can do some more stuff based on the data returned by its methods.
i know that i cannot include http requests and also I do not want to use dirname(dirname(__FILE__) because if the user alters that they can see the server folder structure for the domain.
I tried an fopen but i couldn't get that to include my class, and also i tried a cURL like this
function get_data($url) {
$ch = curl_init();
$timeout = 5;
curl_setopt($ch,CURLOPT_URL,$url);
curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch,CURLOPT_CONNECTTIMEOUT,$timeout);
$data = curl_exec($ch);
curl_close($ch);
return $data;
}
$returned_content = get_data('http://domain.com/api/ApiClient.php');
is there an elegant way to include my ApiClient.php class file and even if the user changes the PHP code for them not to see folder structure information that is thrown by the PHP errors.
回答1:
Sorry, nope, not really.
While it would actually be possible to download PHP code over HTTP and have it run locally, it's strongly discouraged because of the security implications: one little bug in your including system or one little bug in the code-server and suddenly you're running malicious code from an unchecked source. There's a good reason why they disable that behaviour by default.
If your users can edit and run their own (unchecked) PHP code, there's no sense in being hesitant about your users seeing you directory structure: unless you secured your setup (which it doesn't sound like) they could find out that structure right now. Just by using the appropriate functions to walk directories.
I'd just use the direct inclusion approach.
require MAIN_CLASS_PATH . '/api/ApiClient.php';
If you really really want them to be unaware of the parent domain:
- Move the shared classes into a separate project and thus a separate directory (say /home/$user/shared/api
- Secure the subdomains by setting PHP's open_basedir and disabling functions like exec() (which can be used to circumvent open_basedir)
- Include from /home/$user/shared/api from both your Parent domain and your Subdomain.
来源:https://stackoverflow.com/questions/7021000/use-external-class-file-from-parent-domain-onto-subdomain