Posted by Chung Leong on 01/12/06 17:22

Erwin Moller wrote:
> Simon wrote:
>
> > Hi,
> >
> > My webhost allows me to run php but no shell_execute(...), system(...) and
> > so on.
> >
> > I am trying to get info from a site, the reply from the site is usually
> > less than 1 second.
> >
> > I have tried
> >
> > fsockopen("http://www.example.com", 80, $errno, $errstr, 1);
> > //and
> > file( "http://www.example.com")
> > //
> > fopen( ..., "r" );
> >
> > But that does not work
> >
> > according to php.net
> > "Depending on the environment, the Unix domain or the optional connect
> > timeout may not be available."
> >
> > I cannot change "Set_time_limit(...)" because I have no access to the
> > php.ini file.
> >
> > So, how can i test for a website and have a 1 second timeout?
> >
> > Many thanks in advance.
> >
> > Simon
>
> I think you cannot if your provider is so strick.
> I wonder why they are so afraid of file() and fopen().
> Maybe they have something to hide, like the fact that they don't know how to
> set up PHP properly. :-/
> You can always switch provider of course.
>
> Regards,
> Erwin Moller

The problem isn't file() or fopen(), but include() and require().
Remote inclusion is the typical way a PHP worm deploys its payload.
Currently the only way to disable that is allow_url_fopen, which of
course disables everything. The good news is that a separate option
will be added sometime in the future and it'll be off by default.

[Back to original message]