First step, in order to attack your system you have to verify that security feature for preventing include that contain URLs is disabled.
On another web site (your HTTPS server for instance). Create a PHP file that generates "Hello you are hacked"
As a language, give a reference to your hacker file (using http). You can not refere to your file as a file, since it should not be on the same file system..
You should remember that the script is first evaluated on the first server, and then on the second.
Change your attacked script, such that it displays all the files in the directory of the attacked system (where the script is) and displays the content of the php.ini file.
Be careful here, that you should execute the script on your victim site and not the attacker (print the IP address for being certain).
Fix the system
Change the config file such that no inclusion of remote files is allowed
Change the include code, such that just a valid file name can be given.