PDA

View Full Version : Accessing PHP script from another URL


nburlington
July 30th, 2006, 03:35 PM
If I have a .php script on http://www.siteA.com, what do i have to do to allow http://www.siteB.com to have access to that script? Is there a security problem here that is getting in my way? If so, is there as way around it?
Templarian
July 30th, 2006, 04:03 PM
Your server may not allow posting from other servers for some reason or another. Just send the commands with get instead.

Why do you wan't to do this anyway seems wierd.
nburlington
July 30th, 2006, 04:56 PM
Okay, I'm looking into my server settings now. But just to be clear, I'm doing this through flash and this is my code.

_root.loadVariables("http://www.siteA.com/php/theScript.php","GET");

and this works fine if I put the flash file in the same site. once i put my flash on siteB, it breaks.
signifer123
July 30th, 2006, 09:04 PM
sandbox, i guess to prevent xss of some sort...

just write a php proxy script using fopen/file_get_contents to read http://www.siteA.com/php/theScript.php and echo it back out.

so on siteB



<?php
echo file_get_contents('http://www.siteA.com/php/theScript.php');
?>


I'm pretty sure its just the flash player being restictive...so just write a simple script like that to read it from your siteB domain.
nburlington
July 30th, 2006, 09:52 PM
That script worked! That's exciting. But now how do I get flash to stop blocking the script from running?
signifer123
July 31st, 2006, 06:22 AM
If you have access to siteA
http://www.adobe.com/cfusion/knowledgebase/index.cfm?id=tn_14213

Use an XML security policy file on siteA that allows access from siteB, save as crossdomain.xml on siteA


<?xml version="1.0"?>

<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="www.siteB.com" />
<allow-access-from domain="siteB.com" />
</cross-domain-policy>


http://www.adobe.com/cfusion/knowledgebase/index.cfm?id=tn_16520

The other way there is, is to have a swf you load on siteA that will read the variables stored on siteA, then have the swf on siteB load the swf on siteA in a different level than it is in. Then use System.security.allowDomain("http://www.siteB.com"); in swf from siteA to allow the swf from siteB to communicate with it and read all its guts :)

I feel that swf one is quite a hassle, and the proxy one you alrady looked at...though they have ones for jsp,asp,and coldfusion there.