Posted by: amsgwp
Posted on: 2008-06-18 19:25:00
I really need to build PHP with fopen() working for this one site. A small webapp that can't do much damage has to use fopen and I'm not inclined to switch it to cURL. I'm sure it could be done, but I can't do it.
Sooo... I've rebuilt PHP a few times using dreamhost, but I don't know how to enable fopen.
Posted by: rlparker
Posted on: 2008-06-18 23:14:00
In reply to:I really need to build PHP with fopen() working for this one site.
That is a decidedly bad idea on many levels. There is no reason at all in this day and age to do that.
In reply to:A small webapp that can't do much damage has to use fopen and I'm not inclined to switch it to cURL.
Given the level of knowledge about PHP configuration evidenced in your post, what makes you feel that you are qualified to evaluate the potential amount of "damage" that this "web app" could do if exploited?
No, your web app does not "have to use fopen" with url wrappers. Your not being "inclined" to recode it in cURL, or use other methodologies to produce robust and reasonably secure code, is not a sufficient reason to unnecessarily subject the server you share with others to security risks that could impact the server or your neighbors who share it. It would be different if you were only placing yourself at risk, like on your own machine or a dedicated box that you alone use.
In reply to:I'm sure it could be done, but I can't do it.
Then you might consider asking for help with *that*, or for suggestions for "best practice" alternatives that you *can* implement.
In reply to:Sooo... I've rebuilt PHP a few times using dreamhost, but I don't know how to enable fopen.
This indicates to me that you don't know nearly enough, or understand the ramifications of what you are doing sufficiently, to be "rebuilding" PHP for use in a production environment. To encourage you in this by telling you "how to do it" would be a bit like telling a manic depressive heroin addict how to obtain and load a handgun, and anyone who would do that is just not acting responsibly.
All the information you need to do that anyway, in spite of how foolish it would be for you to do so, is readily available on the net and in DreamHost's own wiki. If you researched the subject at least thoroughly enough enough to know the risks of what you are trying to do, there is always the hope that you would change your mind and not do it at all .... and if not, then you would at least know the answer to your question and not be here soliciting others to help you do it.
Harsh? Maybe, but seriously: Just because you *can* do something does not mean that you *should* do it - and this is one of those times that you should "just say no".
If you'll provide more details about what this "web app" does, and what you need it for (maybe even link to the app itself) so others could help you evaluate "safe" ways to accomplish the same thing, or maybe even help you "fix" it, I'll bet you will find those here that are more than willing to help you with *that* approach! 
--rlparker
--DreamHost Tech Support
Posted by: amsgwp
Posted on: 2008-06-19 06:52:00
Well it's probably good that you are being harsh. I really dont need to be putting everyone in jeopardy that shares my server. I'm thinking twice about this.
The software is a RETS downloader. I'm trying to make a real-estate website for a broker(my mom ;) and I dont want to pay $40 a month plus $200 setup fee from one of these companies like IDXPro. So some greatful person created VieleRETS which is the software that uses fopen.
http://www.crt.realtors.org/projects/rets/viele/
I feel that it is pretty solid software and for it to even connect to the RETS server it takes quite a bit of authentication. I just don't see how the fopen command can be exploited with this specific software.
RETS = Real Estate Transaction Standard
rets.org
http://www.crt.realtors.org/projects/rets/viele/downloads/vieleRETS-1.1.6.zip
I emailed the developer a while back about using cURL and here is the response I received.
"It probably is possible to use cURL
However, the code is pretty hinged on fopen
If you check the forums at forums.rets.org
there is some discussion about cURL and PHP
with RETS"
Posted by: amsgwp
Posted on: 2008-06-19 07:33:00
Well I'm trying to talk to some people about other solutoins besides fopen and everyone just gives me "you're obviously on a shared host and shouldn't even try this, they aren't good enough, blah blah" so annoying.
I found a solution that uses SimpleXML, OpenSSL, and cURL, but it runs $400 instead of free :(
Posted by: scjessey
Posted on: 2008-06-19 08:53:00
Posted by: amsgwp
Posted on: 2008-06-19 08:55:00
ya, thats just a windows client. At least from what I've seen of it. I'll download it and take a look
Posted by: scjessey
Posted on: 2008-06-19 08:58:00
Posted by: amsgwp
Posted on: 2008-06-19 09:03:00
Ok WOW, now that's what I'm looking for. I've been searching and searching and have not seen one mention of PHRETS. Next time I'll try search sourceforge! Thanks