0

Is it possible to include something in PHP without passing the variables that were passed to the original script?

I am using Joomla, and I am getting the error documented here ("Illegal Variables ..."). The php script is an AJAX script that sends data back to the browser, so this script takes a lot of POST variables, does a database query, then echos the result. I am trying to tighten up security, so I put an include in this script to authenticate the user with the built it Joomla modules. I got the idea from here for the user authentication script.
The authentication script works for some pages, but with others I get the error mentioned above. So I want to include the authentication script without passing any variables to it. Is this possible?

EDIT: Here is a little more detail.

In the ajax script I have this:

<?php
    include '/var/www/joomla-auth.php';
...

below here is the script, basically the "joomla-auth.php" included script takes care of getting the username and password for a mysql query. Contents of joomla-auth:

<?php

define( '_JEXEC', 1 );
define('JPATH_BASE', dirname(__FILE__));
define( 'DS', DIRECTORY_SEPARATOR );
require_once ( JPATH_BASE .DS.'includes'.DS.'defines.php' );
require_once ( JPATH_BASE .DS.'includes'.DS.'framework.php' );

/* Create the Application */
$mainframe =& JFactory::getApplication('site');

/* Make sure we are logged in at all. */
if (JFactory::getUser()->id == 0)
    die("Access denied: login required.");

$user =& JFactory::getUser();

I am pretty sure it is the define or require lines that is throwing the error:

Illegal variable _files or _env or _get or _post or _cookie or _server or _session or globals passed to script.

As documented in the first link above.

EDIT 2:

The 'joomla-auth.php' script makes $username and $password variables which are then used in the AJAX script. I tried this at the top of the AJAX script:

function get_creds(){
    include '/var/www/joomla-auth.php';
    return Array($username,$password);
}

$creds = get_creds();
$username = $creds[0];
$password = $creds[1];
....

But still the $_POST variables are being passed to /var/www/joomla-auth.php :-(

Improve this question
1
  • It's difficult from your description to tell exactly what you are trying to accomplish. Could you add your code that is throwing the error to your question? Just the snipped that's making the post call and the part of the called script that is throwing the error. Commented Dec 12, 2011 at 18:28

3 Answers 3

Reset to default
2

Joomla throws this error if you're passing it one of the vars mentioned in your error to the url (or via mod_rewrite):

_files or _env or _get or _post or _cookie or _server or _session

Besides, I think the same error is thrown if you're passing a whole numeric variable, such as:

http://yoursite.com/?123456=abc

Just make sure you're not passing any of these vars in the url. If you can't find the problem, try to check what's in the request before the error is thrown.

I hope it helped!

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Yes this is helpful unfortunately I would like to still have the option of passing all numeric variables I think...
Yes i had some field names in my database as all numeric, so the some of the name/value pairs in the post has all numeric names. Anyone know why Joomla doens't allow this? Thanks!
1

Wrap the include in another function to create an (almost) empty scope function foo($path){ include($path); }

edit: If you do need to pass some variables, you can pass them as an array in the second argument and extract() it in the function:

function foo($path, array $vars=array()) { extract($vars); include($path); }

This is similar to what was done in Kohana's view engine for a similar purpose ( in View::capture()). You might want to see how they've implemented it and how they're.using it.

Improve this answer

5 Comments

I didn't find that it works... Well maybe not for my purposes, actually I still need the variables created in the include to be passed to my AJAX script, but not the other name around.
@rdlowrey PHP has function scope only, there's no other way to create an empty scope. Jeffery_the_wind, if you need to pass some variables into the scope, see my edit
@shesek Please see my EDIT 2 above. I do not need to pass variables into the scope, but I need to get the 2 variables out of the scope. However it still seems like the $_POST variables are being passed to the script inside the function.
Global variables are... well, global. They can be accessed everywhere, there's nothing you can do about it.
Oh, and as to get variables outside of the scope - just return them from the include file, it'll become the return value of the call to include. Than, return that from the function wrapping the include. I do have to say that it looks like you're doing something really wrong :-\
0

Namespaces may be useful for solving your problem in a not-so-hackish way.

Improve this answer

1 Comment

Namespaces has nothing to do with what he requested

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.