I can't figure out why this php code isn't working

[eepberries]

I'm working on something in php that will let me add new entries to a webpage I have. I got it working where I could have one entry, and submitting another would rewrite the html document entirely with the new entry, but I want to be able to add on to it now rather than just overwrite it. What I'm doing is I'm first writing the submitted content to a storage.txt file. This submitted content contains the html data such as the table and formatting as well as the actual content, so all it has to do it be put into the rest of the html file. When a new entry is submitted, the php code is supposed to read the current data in the storage file, write the new data into the file, then append the old data to the end of the file. There's a bug somewhere in the code though that's keeping it from running, and I can't figure out what it is. This is the code:

Code: Select all

<html><body>
<?php
$title = $_POST['title'];
$content = $_POST['content'];
$pass = $_POST['pass'];
$filename = "storage.txt";

// writes the old content and new content to the storage file
function writefile() {

  $fh = fopen( $filename, 'w' ) or die( "can't open file" );

  fwrite( $fh, "
  <p>
  <table width='80%' align='center'>
  <tr>
  <td>
  <font class='heading'>" );

  fwrite( $fh, $title );
  fwrite( $fh, "<br></font><hr>" );
  fwrite( $fh, $content );
  fwrite( $fh, "<br></td></tr></table></p><br><br>" );

  fwrite( $fh, $currentdata );

  fclose( $fh ); 

}

// reads and stores the current content for later rewriting
function readfile() {

  $fh = fopen( $fh, 'r' );
  $currentdata = fread( $fh, filesize( $filename ) );
  fclose( $fh );

  writefile();

}

if ( md5( $pass ) == "e5ca581bddbcf65b33a497e66e467765" ) {

  echo "You posted " . $title . " <br> " . $content . " <br>";

  readfile();

}

else {

  echo "GET OUT";

}


?>

</body></html>

[Sevensins]

currentdata is a local variable to the readfile function so in the writefile function it means nothing (it contains no data).

You should really combine the two functions anyway.

[^misantropia^]

Code: Select all

$fh = fopen( $fh, 'r' );

This should probably read:

Code: Select all

global $filename;
$fh = fopen( $filename, 'r' );

Furthermore, this code is wide open to XSS attacks. Sanitize the input ($title, $content and, if you're really paranoid, $currentdata as well) by filtering it through htmlentities($var, ENT_QUOTES).

[eepberries]

Alright, so the code now looks like this, but it doesn't seem to be saving anything to the storage.txt file and I can't really figure out why.

Code: Select all

<html><body>
<?php

$title = htmlentities( $_POST['title'], ENT_QUOTES );
$content = htmlentities( $_POST['content'], ENT_QUOTES );
$pass = htmlentities( $_POST['pass'], ENT_QUOTES );
$filename = "storage.txt";

// writes the old content and new content to the storage file
function process() {

  // read
  $fh = fopen( $filename, 'r' );
  $currentdata = fread( $fh, filesize( $filename ) );
  fclose( $fh );
  
  // write
  $fh = fopen( $fh, 'w' ) or die( "can't open file" );

  fwrite( $fh, "
  <p>
  <table width='80%' align='center'>
  <tr>
  <td>
  <font class='heading'>" );

  fwrite( $fh, $title );
  fwrite( $fh, "<br></font><hr>" );
  fwrite( $fh, $content );
  fwrite( $fh, "<br></td></tr></table></p><br><br>" );

  fwrite( $fh, $currentdata );

  fclose( $fh ); 

}

if ( md5( $pass ) == "e5ca581bddbcf65b33a497e66e467765" ) {

  echo "You posted " . $title . " <br> " . $content . " <br>";

  process();

}

else {

  echo "GET OUT";

}


?>

</body></html>

[^misantropia^]

Code: Select all

global $filename;
$fh = fopen( $filename, 'r' );

[^misantropia^]

While we're at it, you'll want to fopen() $filename instead of $fh in the following snippet:

Code: Select all

$fh = fopen( $fh, 'w' ) or die( "can't open file" );

[Sevensins]

Code: Select all

$fh = fopen( $fh, 'r' );

This should probably read:

Code: Select all

global $filename;
$fh = fopen( $filename, 'r' );

Furthermore, this code is wide open to XSS attacks. Sanitize the input ($title, $content and, if you're really paranoid, $currentdata as well) by filtering it through htmlentities($var, ENT_QUOTES).

ah, good catch as well

[eepberries]

Well, I got it working by just removing the functions. I know fixing it would have been simple, but I didn't really feel like examing exactly what to fix (i've forgotten how php deals with functions and variables). I have it working almost exactly how I want it to now, but the problem I'm now facing is that the variable I'm using to transfer between the storage file and writing to the .html file isn't anywhere near big enough. It's just getting cut off. I guess it wasn't made for this kind of use. Is there anything I can do?

[Sevensins]

Oh right, your problem before was probably the same as with filename. You needed all of the variables (title, content, pass,filename) to be declared global inside the function. Variables used globally outside the function have to be declared global inside any function that uses them; otherwise the function thinks they are just local variables.

Your new problem has to be something else because according to the php documenation there isn't a limitation to strings.

Maybe give an example of the content and where it gets cut off.

[eepberries]

Acutally, I just noticed something. It's storing everythign into the storage.txt file correctly. Nothing is getting cut off there, but the actual .html file has stuff cut off. The more you add, the more gets cut off from the bottom.

storage file: http://ohshi.dyndns.org/php/storage.txt

html file: http://ohshi.dyndns.org/feel/

and this is the current php file (I realize some of the reading from the file stuff is a little redundant at the end, I'll probably fix that as soon as I figure out what's causing this problem)

Code: Select all

<html><body>
<?php

$title = htmlentities( $_POST['title'], ENT_QUOTES );
$content = htmlentities( $_POST['content'], ENT_QUOTES );
$pass = htmlentities( $_POST['pass'], ENT_QUOTES );
$filename = "storage.txt";
 

if ( md5( $pass ) == "e5ca581bddbcf65b33a497e66e467765" ) {

  echo "You posted " . $title . " <br> " . $content . " <br>";

 // read
  $fh = fopen( $filename, 'r' );
  $currentdata = fread( $fh, filesize( $filename ) );
  fclose( $fh );
  
  // write
  $fh = fopen( $filename, 'w' ) or die( "can't open file" );

  fwrite( $fh, "
  <p>
  <table width='80%' align='center'>
  <tr>
  <td>
  <font class='heading'>" );

  fwrite( $fh, $title );
  fwrite( $fh, "<br></font><hr>" );
  fwrite( $fh, $content );
  fwrite( $fh, "<br></td></tr></table></p><br>" );

  fwrite( $fh, $currentdata );

  fclose( $fh ); 

// open the storage file again to grab the new content
  $fh = fopen( $filename, 'r' );
  $content = fread( $fh, filesize( $filename ) );
  fclose( $fh );
 
  $fh = fopen( "../feel/index.html", 'w' );
  
  fwrite( $fh, "<html>
  <head>
  <title>feel</title>
  <LINK REL=StyleSheet   HREF='http://ohshi.dyndns.org/testingground/assets/tanasinn.css' TYPE='text/css'>
  </head>

  <body background='http://ohshi.dyndns.org/testingground/assets/tanasinn.gif'>

  <center>
  <a href='http://ohshi.dyndns.org/'><img   src='http://ohshi.dyndns.org/testingground/assets/doraemonbarbroken.png' width='600' height=93 border=0></img></a>
  </center>

  <br>
  <br> ");

  fwrite( $fh, $content );
  fwrite( $fh, "</html></body>" );


  fclose($fh);

}

else {

  echo "GET OUT";

}


?>

</body></html>

[Sevensins]

I have an idea, but I am not positive.

First, you might trying using: file_get_contents()

http://php.net/file_get_contents

That should work better for grabbing the entire file into a string.

Second: You can check something quick by adding a echo of the contents at:

Code: Select all

// open the storage file again to grab the new content
  $fh = fopen( $filename, 'r' );
  $content = fread( $fh, filesize( $filename ) );
  echo $content;
  fclose( $fh );

Is the content cut off there?

[^misantropia^]

First, you might trying using: file_get_contents()

Even easier, use fpassthru().

[Captain]

Sorry for the off-topic nudge here, but have you guys by any chance studied programming and computer sciences? You seem like a bright group :icon14:

[eepberries]

Even easier, use fpassthru().

Hmm. I don't really understand how this is supposed to work. Something isn't working right, because now the HTML file just shows a number that gets greater as I add new entries. I changed

Code: Select all

// open the storage file again to grab the new content
  $fh = fopen( $filename, 'r' );
  $content = fread( $fh, filesize( $filename ) );
  fclose( $fh ); 

to

Code: Select all

// open the storage file again to grab the new content
  $fh = fopen( $filename, 'r' );
  $content = fpassthru( $fh );
  fclose( $fh );

[^misantropia^]

Ah sorry. fpassthru() is more for displaying the contents of files, in this case storage.txt. Me thinks I should've been a bit clearer about that.

@Mazda: I have. I have about ten years of programming / software engineering experience.

[Captain]

It really shows

[Sevensins]

Code: Select all

// open the storage file again to grab the new content
  $fh = fopen( $filename, 'r' );
  $content = fread( $fh, filesize( $filename ) );
  fclose( $fh ); 

to

Code: Select all

$content = file_get_contents($filename);

[Sevensins]

Code: Select all

<html><body>
<?php

$title = htmlentities( $_POST['title'], ENT_QUOTES );
$content = htmlentities( $_POST['content'], ENT_QUOTES );
$pass = htmlentities( $_POST['pass'], ENT_QUOTES );
$filename = "storage.txt";
 

if ( md5( $pass ) == "e5ca581bddbcf65b33a497e66e467765" ) {

  echo "You posted " . $title . " <br> " . $content . " <br>";

 // read
  $currentdata = file_get_contents($filename);
 

  $newContent = "<p> <table width='80%' align='center'>
		<tr><td><font class='heading'>";
  $newContent .= $title;
  $newContent .= "<br></font><hr>";
  $newContent .= $content;
  $newContent .= "<br></td></tr></table></p><br>";
  $newContent .= $currentdata;	//append the old data

  //write new storage
  if ( !file_put_contents($filename, $newContent) )
  {
	//something failed
  }
 
  $fh = fopen( "../feel/index.html", 'w' );
 
  fwrite( $fh, "<html>
  <head>
  <title>feel</title>
  <LINK REL=StyleSheet   HREF='http://ohshi.dyndns.org/testingground/assets/tanasinn.css' TYPE='text/css'>
  </head>

  <body background='http://ohshi.dyndns.org/testingground/assets/tanasinn.gif'>

  <center>
  <a href='http://ohshi.dyndns.org/'><img   src='http://ohshi.dyndns.org/testingground/assets/doraemonbarbroken.png' width='600' height=93 border=0></img></a>
  </center>

  <br>
  <br> ");

  fwrite( $fh, $newContent );
  fwrite( $fh, "</html></body>" );


  fclose($fh);

}

else {

  echo "GET OUT";

}


?>

</body></html>

[eepberries]

Well, I got it working, but I took out the htmlentities stuff because I couldn't figure out how to get it working. It would write to the storage.txt file with html codes starting with ; and all, but when it wrote to the html files, it would show <br> on the html page rather than it doing page breaks. It shouldn't make a difference though since you have to have the right password for it to be processed, right?

[^misantropia^]

It shouldn't make a difference though since you have to have the right password for it to be processed, right?

If only admins can access the page, there shouldn't be too much of a problem, no.

[eepberries]

Well, anyone can access the page if they know the url, but you have to enter the right password into the form for any of the submitted data to be stored.