views:

192

answers:

2

I have a page called send.email.php which sends an email - pretty simple stuff - I pass an order id, it creates job request and sends it out. This works fine when used in the context I developed it (Use javascript to make an AJAX call to the URL and pass the order_id as a query parameter)

I am now trying to reuse the exact same page in another application however I am calling it using php file_get_contents($base_url.'admin/send.email.php?order_id='.$order_id). When I call the page this way, the $_SESSION array is empty isempty() = 1.

Is this because I am initiating a new session using file_get_contents and the values I stored in the $_SESSION on login are not available to me within there?

--> Thanks for the feedback. It makes sense that the new call doesn't have access to the existing session...

New problem though:

I now get: failed to open stream: HTTP request failed! When trying to execute:

$opts = array('http' => array('header'=> 'Cookie: ' . $_SERVER['HTTP_COOKIE']."\r\n"));
$context = stream_context_create($opts);
$contents = file_get_contents($base_url.'admin/send.sms.php?order_id='.order_id, false, $context);

YET, the URL works fine if I call it as: (It just doesn't let me access session)

$result file_get_contents($base_url.'admin/send.sms.php?order_id='.$order_id);
A: 

you'd have to include the file or call the respective functions from your send.sms.php script. instead you call it like a webservice (which it isn't)

knittl
So you saying that it is impossible to do it this way? That PHP just can't do it?
sjw
@hairdresser, Everything is possible. But it must be also sensible. Why not to just make a function and then include it in both scripts? Include over HTTP is always sign of bad design.
Col. Shrapnel
it's somehow possible, but it's really bad practice to do it this way
knittl
Thanks for the feedback> I'm going to look to rewriting the code to suit both calls... I have posted a new question asking for guidance to structure the file and include: http://stackoverflow.com/questions/2635332/best-way-to-program-a-call-to-php
sjw
A: 

file_get_contents() shouldn't be used anywhere you need authentication/session information transmitted. It's not going to send any cookies, so the user's authentication information will not be included by default.

You can kind of hack around it by including the session identifier (e.g. 'PHPSESSID' by default) as a query parameter in the URL, and have the other script check for that. But transmitting session identifiers in the URL is horribly bad practice, even if it's just to the same server.

$contents = file_get_contents("http://.... /send_sms.php?order_id=$order_id&" . session_name() . '=' . session_id());

To do this properly, use CURL and build a full HTTP request, including the cookie information of the parent page.

Marc B
Thanks for the feedback> I'm going to look to rewriting the code to suit both calls... I have posted a new question asking for guidance to structure the file and include: http://stackoverflow.com/questions/2635332/best-way-to-program-a-call-to-php
sjw