Posted by: listenlight
Posted on: 2006-11-10 15:53:00
can i allow url fopen after installing my own version of php, as per the instructions in the wiki? is this recommended? i'm told that i can use something called "CURL" but i 've never heard of this. which way is better?
i'm trying to use some code to retrieve random images from flickr on my site...
http://listenlight.net
Posted by: rlparker
Posted on: 2006-11-10 16:14:00
I think your question is particularly good, as you are not only concerned with "how to do something", but are also asking whether you *should* do it. Yes, you *can* set up your own version of PHP to set allow_url_fopen to on. You can do this by either compiling your own version of PHP, or by using your own "instance" of the Dreamhost supplied PHP with your own php.ini file. Both methods are well described in the wiki (as I'm sure you know).
As to whether or not it is "recommended", I have no doubt you will receive varying answers on this, as people often disagree on what is the right way to approach an issue. My opinion, quoted verbatim from a previous post in this thread is quoted below:
In reply to:Compiling and using your own PHP in order to enable a "dangerous" function that Dreamhost has disabled by default to increase the security of all on a shared server carries with it a *huge* responsibility, and one should be *very* sure of what they are doing before attempting such a thing. In fact, while I do not mean this to be critical of *you* in any way, if one does not fully understand why cURL is "better" than "allow_url_fopen", and all the ways that allow_url_fopen can be exploited, they should *not* be doing this at all
A little reading on cURL should make it relatively simple for you to modify your PHP to grab your feeds via cURL, and that is what I recommend you should do.
Ok, I've got my asbestos pantaloons on, as I fully expect the the flame fest to begin. 
In my opinion, though it may seem harder for your at first (particularly if you are trying to "plug and play" a script, which you didn't write, and which relies on url_fopen), using cURL is a much safer way to go. 
--rlparker
Posted by: schietschijf
Posted on: 2006-11-11 01:53:00
curl is not that harder than the "file_get_content()" function
the only thing is that you have to understand a new way of thinking, one in some more steps then the disabled function.
What you have to change is not that hard, it only takes 3 or 4 lines, maybe more, depending on the extras you use.
At my site, I use this function which will always work in favor of curl, but it is easy to change so that the file_get_content() the default function is
/**
* gets the source of given parameter
*
* @param string $url
* @return string
*/
public function getUrl($url) {
$text='';
if (function_exists('curl_init')) {
$ch = curl_init($url);
curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_HEADER, 0);
$text = curl_exec($ch);
curl_close($ch);
}
else {
$text = @file_get_contents($url) or die($url . ' can not be reached');
}
return $text;
}
I know this can look like chinese, but when reading the curl pages at php.net/doc, you'll understand.