<?php
$fh=fopen('untitled.php', 'r');
$contents=fread($fh, filesize('untitled.php'));
echo $contents;
fclose($fh);
?>
PHP programmers D:
-
eepberries
- Posts: 1975
- Joined: Mon Jan 24, 2005 10:14 pm
PHP programmers D:
If you can, please tell me why this file doesn't work. It's supposed to open another php file I have and show its code.
for starters, try putting in the full path to the PHP file you're trying to enter (/home/mysite/junk/untitled.php) for example.
Second, what' the error it spits out.
Third, 'filesize('untitled.php') seems out of place, but I'm not sure on that one.
Second, what' the error it spits out.
Third, 'filesize('untitled.php') seems out of place, but I'm not sure on that one.
"Maybe you have some bird ideas. Maybe that’s the best you can do."
― Terry A. Davis
― Terry A. Davis
-
eepberries
- Posts: 1975
- Joined: Mon Jan 24, 2005 10:14 pm
-
eepberries
- Posts: 1975
- Joined: Mon Jan 24, 2005 10:14 pm
that's what it's supposed to do, be horribly insecure otherwise.eepberries wrote:Oh I see. It doesn't seem to want to work with php files. Maybe echoing the php file makes it try to run the php commands contained in the file? If so, how can I get around this?
btw didn't display any error message, just showed nothing
if you need to display the contents of a php file, you'll get more mileage out of 'highlight_file':
http://uk2.php.net/manual/en/function.h ... t-file.php
the file works fine (i just tested it)
the problem is either in the file you're trying to echo (after you've output the page, in your browser do a "view source" and see if anything is output -- there might be // <!-- bits you forgot about or something), or in your php/server setup. check for things like safemode, file permissions, etc.
what the problem isn't, is your code. you don't need full/absolute path (relative works fine), and filesize works fine (as an alternative to stat())
the problem is either in the file you're trying to echo (after you've output the page, in your browser do a "view source" and see if anything is output -- there might be // <!-- bits you forgot about or something), or in your php/server setup. check for things like safemode, file permissions, etc.
what the problem isn't, is your code. you don't need full/absolute path (relative works fine), and filesize works fine (as an alternative to stat())
-
eepberries
- Posts: 1975
- Joined: Mon Jan 24, 2005 10:14 pm
Yup, I got it working fine like PhoeniX suggested. Code looks like this now:
@show_souce("c:\some directory\" + $filename);
The only thing I want to do now is be able to restrict which folder is opened to. I want it to be like this, but I don't know the proper syntax:<?php
$pass = $_POST[passinput];
if (md5($pass) === '0e452a9a0540db83dfc3baa7100a2b0e') {
$filename = $_POST[filename];
@show_source($filename);
}
else {
echo "GET OUT";
}
?>
@show_souce("c:\some directory\" + $filename);
That will work, although if you're paranoid about security then there's a loophole, as someone could use "..\unsafe_directory\mypasswords.php" as filename to view files from another directory. You can prevent this by doing something like $filename = str_replace ('\', '', $filename); to weed out slashes. You'd want to check for both forward or backward slashes.eepberries wrote:
The only thing I want to do now is be able to restrict which folder is opened to. I want it to be like this, but I don't know the proper syntax:
@show_souce("c:\some directory" + $filename);
+ is addition
. is string condensation
don't bother about the "c:\some directory\" bit unless you don't want to load files relative to the script's location. (i'd recommend against it anyway, because it murders your cross-platform compatability). Also, it should be "c:\\some directory\\", because '\' is the escaping character
you'll want to do something like this:
. is string condensation
don't bother about the "c:\some directory\" bit unless you don't want to load files relative to the script's location. (i'd recommend against it anyway, because it murders your cross-platform compatability). Also, it should be "c:\\some directory\\", because '\' is the escaping character
you'll want to do something like this:
Code: Select all
$filename = str_replace('\\','',str_replace('/','',$_POST[filename]));
@show_source($filename);