Php, most portable remote server connection with core streams?

To have cURL support, then php must be compiled --with-curl option.

To have sockets support, then php must be compiled with --enable-sockets option.

To have stream wrappers support for http, ftp ... in functions like fopen, file_get_contents ... then allow_url_fopen must be set to On in php.ini.

While most shared webhosting servers have all (or almost all) previous features enabled, some of them

may not have support for those features, because their optional status.

On the other hand streams are part of php core.

If somebody wants to make a verry portable(i think) php http client for example, not based on cURL, socket, or wrappers(http) support, then, that can be done with:

$fp = stream_socket_client("tcp://example.com:80", $errno, $errstr);
fwrite($fp, "GET / HTTP/1.0\r\nHost: example.com\r\nAccept: */*\r\n\r\n");

using not a http stream wrapper but a stream transport wrapper(tcp) which is different.

I saw on my localhost that even when php.ini directive allow_url_fopen is set to Off, I can make remote connection via stream_socket_client() using tcp transport.

My questions are:

1. Is there a way to block availability of core streams, except the possibility to disable functions like stream_socket_client or fsockopen in php.ini by hardcoding them like:

disable_functions = exec,passthru,shell_exec,stream_socket_client,fsockopen ...

???

2. Is the use of $fp = stream_socket_client('tcp://...',[...]); the most portable solu开发者_Go百科tion for making remote connections, that can be turned later in http/ftp... requests by connecting first to the right port(e.g 80) and using fwrite($fp, 'GET /...'); to send low level http/ftp queries to the remote server?

Hosting companies who wants to disable remote connections have probably already blocked all outgoing connections in the firewall, so even if they do (mistakenly, we can suppose) allow stream_socket_client, the connection itself may be blocked on the transport layer.

If they don't block it in their firewall, you still have two problems to overcome:

• They probably will block stream_socket_client as soon as they find out about it
• If they don't know how (or care) to set up firewall rules for their connection policies, chances are they don't know a lot about hosting security at all

You should really avoid hosting companies which doesn't allow the features you need. The hosting market is big with a lot of options so try to find one who fits your needs. Most hosters already allow outgoing connections and doesn't block sockets and URL streams. cURL is built-in on almost all PHP builds (and almost all hosts as well).

To answer your questions:

1. Yes, they may block outgoing connections in the firewall. Even those hosts who allow url_fopen, cURL and so on routinely block traffic on most other ports than HTTP to make it hard for spammers, crackers and other blackhats.

2. In the server context, maybe. It's not so flexible with regards to things like cookies, redirects and so on. You still have to implement the HTTP protocol yourself, which may be easy for some solutions (if your for example just need a regular GET without cookies and such), but may be a hassle if you want support for cookie handling, redirections, error handling, HTTPS, file uploads and so on.

Even if it may be a portable solution, I think you should focus on other things than writing a HTTP library. It's not hard to find a host with cURL support or similar.