I can't figure out why this php code isn't working

Locked
eepberries
Posts: 1975
Joined: Mon Jan 24, 2005 10:14 pm

I can't figure out why this php code isn't working

Post by eepberries »

I'm working on something in php that will let me add new entries to a webpage I have. I got it working where I could have one entry, and submitting another would rewrite the html document entirely with the new entry, but I want to be able to add on to it now rather than just overwrite it. What I'm doing is I'm first writing the submitted content to a storage.txt file. This submitted content contains the html data such as the table and formatting as well as the actual content, so all it has to do it be put into the rest of the html file. When a new entry is submitted, the php code is supposed to read the current data in the storage file, write the new data into the file, then append the old data to the end of the file. There's a bug somewhere in the code though that's keeping it from running, and I can't figure out what it is. This is the code:

Code: Select all

<html><body>
<?php
$title = $_POST['title'];
$content = $_POST['content'];
$pass = $_POST['pass'];
$filename = "storage.txt";

// writes the old content and new content to the storage file
function writefile() {

  $fh = fopen( $filename, 'w' ) or die( "can't open file" );

  fwrite( $fh, "
  <p>
  <table width='80%' align='center'>
  <tr>
  <td>
  <font class='heading'>" );

  fwrite( $fh, $title );
  fwrite( $fh, "<br></font><hr>" );
  fwrite( $fh, $content );
  fwrite( $fh, "<br></td></tr></table></p><br><br>" );

  fwrite( $fh, $currentdata );

  fclose( $fh ); 

}

// reads and stores the current content for later rewriting
function readfile() {

  $fh = fopen( $fh, 'r' );
  $currentdata = fread( $fh, filesize( $filename ) );
  fclose( $fh );

  writefile();

}

if ( md5( $pass ) == "e5ca581bddbcf65b33a497e66e467765" ) {

  echo "You posted " . $title . " <br> " . $content . " <br>";

  readfile();

}

else {

  echo "GET OUT";

}


?>

</body></html>
Sevensins
Posts: 444
Joined: Tue Jul 17, 2001 7:00 am

Post by Sevensins »

currentdata is a local variable to the readfile function so in the writefile function it means nothing (it contains no data).

You should really combine the two functions anyway.
^misantropia^
Posts: 4022
Joined: Sat Mar 12, 2005 6:24 pm

Post by ^misantropia^ »

Code: Select all

$fh = fopen( $fh, 'r' );
This should probably read:

Code: Select all

global $filename;
$fh = fopen( $filename, 'r' );
Furthermore, this code is wide open to XSS attacks. Sanitize the input ($title, $content and, if you're really paranoid, $currentdata as well) by filtering it through htmlentities($var, ENT_QUOTES).
eepberries
Posts: 1975
Joined: Mon Jan 24, 2005 10:14 pm

Post by eepberries »

Alright, so the code now looks like this, but it doesn't seem to be saving anything to the storage.txt file and I can't really figure out why.

Code: Select all

<html><body>
<?php

$title = htmlentities( $_POST['title'], ENT_QUOTES );
$content = htmlentities( $_POST['content'], ENT_QUOTES );
$pass = htmlentities( $_POST['pass'], ENT_QUOTES );
$filename = "storage.txt";

// writes the old content and new content to the storage file
function process() {

  // read
  $fh = fopen( $filename, 'r' );
  $currentdata = fread( $fh, filesize( $filename ) );
  fclose( $fh );
  
  // write
  $fh = fopen( $fh, 'w' ) or die( "can't open file" );

  fwrite( $fh, "
  <p>
  <table width='80%' align='center'>
  <tr>
  <td>
  <font class='heading'>" );

  fwrite( $fh, $title );
  fwrite( $fh, "<br></font><hr>" );
  fwrite( $fh, $content );
  fwrite( $fh, "<br></td></tr></table></p><br><br>" );

  fwrite( $fh, $currentdata );

  fclose( $fh ); 

}

if ( md5( $pass ) == "e5ca581bddbcf65b33a497e66e467765" ) {

  echo "You posted " . $title . " <br> " . $content . " <br>";

  process();

}

else {

  echo "GET OUT";

}


?>

</body></html>
^misantropia^
Posts: 4022
Joined: Sat Mar 12, 2005 6:24 pm

Post by ^misantropia^ »

^misantropia^ wrote:

Code: Select all

global $filename;
$fh = fopen( $filename, 'r' );
:p
^misantropia^
Posts: 4022
Joined: Sat Mar 12, 2005 6:24 pm

Post by ^misantropia^ »

While we're at it, you'll want to fopen() $filename instead of $fh in the following snippet:

Code: Select all

$fh = fopen( $fh, 'w' ) or die( "can't open file" );
Sevensins
Posts: 444
Joined: Tue Jul 17, 2001 7:00 am

Post by Sevensins »

^misantropia^ wrote:

Code: Select all

$fh = fopen( $fh, 'r' );
This should probably read:

Code: Select all

global $filename;
$fh = fopen( $filename, 'r' );
Furthermore, this code is wide open to XSS attacks. Sanitize the input ($title, $content and, if you're really paranoid, $currentdata as well) by filtering it through htmlentities($var, ENT_QUOTES).
ah, good catch as well
eepberries
Posts: 1975
Joined: Mon Jan 24, 2005 10:14 pm

Post by eepberries »

Well, I got it working by just removing the functions. I know fixing it would have been simple, but I didn't really feel like examing exactly what to fix (i've forgotten how php deals with functions and variables). I have it working almost exactly how I want it to now, but the problem I'm now facing is that the variable I'm using to transfer between the storage file and writing to the .html file isn't anywhere near big enough. It's just getting cut off. I guess it wasn't made for this kind of use. Is there anything I can do?
Sevensins
Posts: 444
Joined: Tue Jul 17, 2001 7:00 am

Post by Sevensins »

Oh right, your problem before was probably the same as with filename. You needed all of the variables (title, content, pass,filename) to be declared global inside the function. Variables used globally outside the function have to be declared global inside any function that uses them; otherwise the function thinks they are just local variables.

Your new problem has to be something else because according to the php documenation there isn't a limitation to strings.

Maybe give an example of the content and where it gets cut off.
eepberries
Posts: 1975
Joined: Mon Jan 24, 2005 10:14 pm

Post by eepberries »

Acutally, I just noticed something. It's storing everythign into the storage.txt file correctly. Nothing is getting cut off there, but the actual .html file has stuff cut off. The more you add, the more gets cut off from the bottom.

storage file: http://ohshi.dyndns.org/php/storage.txt

html file: http://ohshi.dyndns.org/feel/

and this is the current php file (I realize some of the reading from the file stuff is a little redundant at the end, I'll probably fix that as soon as I figure out what's causing this problem)

Code: Select all

<html><body>
<?php

$title = htmlentities( $_POST['title'], ENT_QUOTES );
$content = htmlentities( $_POST['content'], ENT_QUOTES );
$pass = htmlentities( $_POST['pass'], ENT_QUOTES );
$filename = "storage.txt";
 

if ( md5( $pass ) == "e5ca581bddbcf65b33a497e66e467765" ) {

  echo "You posted " . $title . " <br> " . $content . " <br>";

 // read
  $fh = fopen( $filename, 'r' );
  $currentdata = fread( $fh, filesize( $filename ) );
  fclose( $fh );
  
  // write
  $fh = fopen( $filename, 'w' ) or die( "can't open file" );

  fwrite( $fh, "
  <p>
  <table width='80%' align='center'>
  <tr>
  <td>
  <font class='heading'>" );

  fwrite( $fh, $title );
  fwrite( $fh, "<br></font><hr>" );
  fwrite( $fh, $content );
  fwrite( $fh, "<br></td></tr></table></p><br>" );

  fwrite( $fh, $currentdata );

  fclose( $fh ); 

// open the storage file again to grab the new content
  $fh = fopen( $filename, 'r' );
  $content = fread( $fh, filesize( $filename ) );
  fclose( $fh );
 
  $fh = fopen( "../feel/index.html", 'w' );
  
  fwrite( $fh, "<html>
  <head>
  <title>feel</title>
  <LINK REL=StyleSheet   HREF='http://ohshi.dyndns.org/testingground/assets/tanasinn.css' TYPE='text/css'>
  </head>

  <body background='http://ohshi.dyndns.org/testingground/assets/tanasinn.gif'>

  <center>
  <a href='http://ohshi.dyndns.org/'><img   src='http://ohshi.dyndns.org/testingground/assets/doraemonbarbroken.png' width='600' height=93 border=0></img></a>
  </center>

  <br>
  <br> ");

  fwrite( $fh, $content );
  fwrite( $fh, "</html></body>" );


  fclose($fh);

}

else {

  echo "GET OUT";

}


?>

</body></html>
Sevensins
Posts: 444
Joined: Tue Jul 17, 2001 7:00 am

Post by Sevensins »

I have an idea, but I am not positive.

First, you might trying using: file_get_contents()

http://php.net/file_get_contents

That should work better for grabbing the entire file into a string.

Second: You can check something quick by adding a echo of the contents at:

Code: Select all

// open the storage file again to grab the new content
  $fh = fopen( $filename, 'r' );
  $content = fread( $fh, filesize( $filename ) );
  echo $content;
  fclose( $fh );
Is the content cut off there?
Last edited by Sevensins on Thu Aug 31, 2006 10:32 am, edited 1 time in total.
^misantropia^
Posts: 4022
Joined: Sat Mar 12, 2005 6:24 pm

Post by ^misantropia^ »

Sevensins wrote:First, you might trying using: file_get_contents()
Even easier, use fpassthru().
User avatar
Captain
Posts: 20410
Joined: Thu Jan 05, 2006 2:50 am

Post by Captain »

Sorry for the off-topic nudge here, but have you guys by any chance studied programming and computer sciences? You seem like a bright group :icon14:
eepberries
Posts: 1975
Joined: Mon Jan 24, 2005 10:14 pm

Post by eepberries »

^misantropia^ wrote:Even easier, use fpassthru().
Hmm. I don't really understand how this is supposed to work. Something isn't working right, because now the HTML file just shows a number that gets greater as I add new entries. I changed

Code: Select all

// open the storage file again to grab the new content
  $fh = fopen( $filename, 'r' );
  $content = fread( $fh, filesize( $filename ) );
  fclose( $fh ); 
to

Code: Select all

// open the storage file again to grab the new content
  $fh = fopen( $filename, 'r' );
  $content = fpassthru( $fh );
  fclose( $fh );
^misantropia^
Posts: 4022
Joined: Sat Mar 12, 2005 6:24 pm

Post by ^misantropia^ »

Ah sorry. fpassthru() is more for displaying the contents of files, in this case storage.txt. Me thinks I should've been a bit clearer about that.

@Mazda: I have. I have about ten years of programming / software engineering experience.
User avatar
Captain
Posts: 20410
Joined: Thu Jan 05, 2006 2:50 am

Post by Captain »

It really shows :)
Sevensins
Posts: 444
Joined: Tue Jul 17, 2001 7:00 am

Post by Sevensins »

eepberries wrote:

Code: Select all

// open the storage file again to grab the new content
  $fh = fopen( $filename, 'r' );
  $content = fread( $fh, filesize( $filename ) );
  fclose( $fh ); 
to

Code: Select all

$content = file_get_contents($filename);
Sevensins
Posts: 444
Joined: Tue Jul 17, 2001 7:00 am

Post by Sevensins »

Code: Select all

<html><body>
<?php

$title = htmlentities( $_POST['title'], ENT_QUOTES );
$content = htmlentities( $_POST['content'], ENT_QUOTES );
$pass = htmlentities( $_POST['pass'], ENT_QUOTES );
$filename = "storage.txt";
 

if ( md5( $pass ) == "e5ca581bddbcf65b33a497e66e467765" ) {

  echo "You posted " . $title . " <br> " . $content . " <br>";

 // read
  $currentdata = file_get_contents($filename);
 

  $newContent = "<p> <table width='80%' align='center'>
		<tr><td><font class='heading'>";
  $newContent .= $title;
  $newContent .= "<br></font><hr>";
  $newContent .= $content;
  $newContent .= "<br></td></tr></table></p><br>";
  $newContent .= $currentdata;	//append the old data

  //write new storage
  if ( !file_put_contents($filename, $newContent) )
  {
	//something failed
  }
 
  $fh = fopen( "../feel/index.html", 'w' );
 
  fwrite( $fh, "<html>
  <head>
  <title>feel</title>
  <LINK REL=StyleSheet   HREF='http://ohshi.dyndns.org/testingground/assets/tanasinn.css' TYPE='text/css'>
  </head>

  <body background='http://ohshi.dyndns.org/testingground/assets/tanasinn.gif'>

  <center>
  <a href='http://ohshi.dyndns.org/'><img   src='http://ohshi.dyndns.org/testingground/assets/doraemonbarbroken.png' width='600' height=93 border=0></img></a>
  </center>

  <br>
  <br> ");

  fwrite( $fh, $newContent );
  fwrite( $fh, "</html></body>" );


  fclose($fh);

}

else {

  echo "GET OUT";

}


?>

</body></html>
eepberries
Posts: 1975
Joined: Mon Jan 24, 2005 10:14 pm

Post by eepberries »

Well, I got it working, but I took out the htmlentities stuff because I couldn't figure out how to get it working. It would write to the storage.txt file with html codes starting with ; and all, but when it wrote to the html files, it would show <br> on the html page rather than it doing page breaks. It shouldn't make a difference though since you have to have the right password for it to be processed, right?
^misantropia^
Posts: 4022
Joined: Sat Mar 12, 2005 6:24 pm

Post by ^misantropia^ »

eepberries wrote:It shouldn't make a difference though since you have to have the right password for it to be processed, right?
If only admins can access the page, there shouldn't be too much of a problem, no.
eepberries
Posts: 1975
Joined: Mon Jan 24, 2005 10:14 pm

Post by eepberries »

Well, anyone can access the page if they know the url, but you have to enter the right password into the form for any of the submitted data to be stored.
Locked