PHP programmers D:

Open discussion about any topic, as long as you abide by the rules of course!
Post Reply
eepberries
Posts: 1975
Joined: Mon Jan 24, 2005 10:14 pm

PHP programmers D:

Post by eepberries »

If you can, please tell me why this file doesn't work. It's supposed to open another php file I have and show its code.
<?php
$fh=fopen('untitled.php', 'r');
$contents=fread($fh, filesize('untitled.php'));
echo $contents;
fclose($fh);
?>
User avatar
Foo
Posts: 13841
Joined: Thu Aug 03, 2000 7:00 am
Location: New Zealand

Post by Foo »

for starters, try putting in the full path to the PHP file you're trying to enter (/home/mysite/junk/untitled.php) for example.

Second, what' the error it spits out.

Third, 'filesize('untitled.php') seems out of place, but I'm not sure on that one.
"Maybe you have some bird ideas. Maybe that’s the best you can do."
― Terry A. Davis
mjrpes
Posts: 4980
Joined: Tue Nov 28, 2000 8:00 am

Post by mjrpes »

An error message would be helpful. Syntax looks OK.
eepberries
Posts: 1975
Joined: Mon Jan 24, 2005 10:14 pm

Post by eepberries »

Oh I see. It doesn't seem to want to work with php files. Maybe echoing the php file makes it try to run the php commands contained in the file? If so, how can I get around this?

btw didn't display any error message, just showed nothing
User avatar
Foo
Posts: 13841
Joined: Thu Aug 03, 2000 7:00 am
Location: New Zealand

Post by Foo »

oic. Take the string you have in $contents and 'neuter' it using addslashes().

Alter
echo $contents;
to
echo addslashes($contents);

see if that works.
"Maybe you have some bird ideas. Maybe that’s the best you can do."
― Terry A. Davis
mjrpes
Posts: 4980
Joined: Tue Nov 28, 2000 8:00 am

Post by mjrpes »

Do you see nothing in your browser even when you 'view source'?
eepberries
Posts: 1975
Joined: Mon Jan 24, 2005 10:14 pm

Post by eepberries »

Like this?

addslashes($contents);

If so, still nothing.
mjrpes
Posts: 4980
Joined: Tue Nov 28, 2000 8:00 am

Post by mjrpes »

Run a test to see if you get a number greater than zero for filesize.
[size=85]yea i've too been kind of thinking about maybe a new sig but sort of haven't come to quite a decision yet[/size]
User avatar
Foo
Posts: 13841
Joined: Thu Aug 03, 2000 7:00 am
Location: New Zealand

Post by Foo »

try adding
echo 'blahblah';

at various states through the code and see where it's falling over.

I'm a shit coder, and this is one of my fave debugging methods :)
"Maybe you have some bird ideas. Maybe that’s the best you can do."
― Terry A. Davis
mjrpes
Posts: 4980
Joined: Tue Nov 28, 2000 8:00 am

Post by mjrpes »

Foo wrote: at various states through the code and see where it's falling over.

I'm a shit coder, and this is one of my fave debugging methods :)
Yeah. For php, since there really isn't a dubugger, you have to use the echo 'is this shit working here' method :D
4days
Posts: 5465
Joined: Tue Apr 16, 2002 7:00 am

Post by 4days »

eepberries wrote:Oh I see. It doesn't seem to want to work with php files. Maybe echoing the php file makes it try to run the php commands contained in the file? If so, how can I get around this?

btw didn't display any error message, just showed nothing
that's what it's supposed to do, be horribly insecure otherwise.

if you need to display the contents of a php file, you'll get more mileage out of 'highlight_file':

http://uk2.php.net/manual/en/function.h ... t-file.php
glossy
Posts: 2285
Joined: Tue Apr 30, 2002 7:00 am

Post by glossy »

the file works fine (i just tested it)

the problem is either in the file you're trying to echo (after you've output the page, in your browser do a "view source" and see if anything is output -- there might be // <!-- bits you forgot about or something), or in your php/server setup. check for things like safemode, file permissions, etc.

what the problem isn't, is your code. you don't need full/absolute path (relative works fine), and filesize works fine (as an alternative to stat())
User avatar
PhoeniX
Posts: 4067
Joined: Fri Aug 04, 2000 7:00 am

Post by PhoeniX »

If you just want to output its source:

<?php
@show_source('untitled.php');
?>
mjrpes
Posts: 4980
Joined: Tue Nov 28, 2000 8:00 am

Post by mjrpes »

So uh, yeah, what's the status of this thing?
eepberries
Posts: 1975
Joined: Mon Jan 24, 2005 10:14 pm

Post by eepberries »

Yup, I got it working fine like PhoeniX suggested. Code looks like this now:
<?php
$pass = $_POST[passinput];

if (md5($pass) === '0e452a9a0540db83dfc3baa7100a2b0e') {
$filename = $_POST[filename];
@show_source($filename);
}
else {
echo "GET OUT";
}
?>
The only thing I want to do now is be able to restrict which folder is opened to. I want it to be like this, but I don't know the proper syntax:

@show_souce("c:\some directory\" + $filename);
User avatar
PhoeniX
Posts: 4067
Joined: Fri Aug 04, 2000 7:00 am

Post by PhoeniX »

Yea you can use show_source() to output any file on your system. Slightly unsecure if your not careful :D.

I can't remember offhand, but try:

@show_souce("c:\some directory\" . $filename);
mjrpes
Posts: 4980
Joined: Tue Nov 28, 2000 8:00 am

Post by mjrpes »

eepberries wrote:
The only thing I want to do now is be able to restrict which folder is opened to. I want it to be like this, but I don't know the proper syntax:

@show_souce("c:\some directory" + $filename);
That will work, although if you're paranoid about security then there's a loophole, as someone could use "..\unsafe_directory\mypasswords.php" as filename to view files from another directory. You can prevent this by doing something like $filename = str_replace ('\', '', $filename); to weed out slashes. You'd want to check for both forward or backward slashes.
eepberries
Posts: 1975
Joined: Mon Jan 24, 2005 10:14 pm

Post by eepberries »

Neither + nor . are working :0
glossy
Posts: 2285
Joined: Tue Apr 30, 2002 7:00 am

Post by glossy »

+ is addition
. is string condensation

don't bother about the "c:\some directory\" bit unless you don't want to load files relative to the script's location. (i'd recommend against it anyway, because it murders your cross-platform compatability). Also, it should be "c:\\some directory\\", because '\' is the escaping character

you'll want to do something like this:

Code: Select all

 $filename = str_replace('\\','',str_replace('/','',$_POST[filename]));
@show_source($filename); 
glossy
Posts: 2285
Joined: Tue Apr 30, 2002 7:00 am

Post by glossy »

str_replace syntax
operators in PHP -- you should know this.
Post Reply