Page 1 of 1
I can't figure out why this php code isn't working
Posted: Tue Aug 29, 2006 7:13 pm
by eepberries
I'm working on something in php that will let me add new entries to a webpage I have. I got it working where I could have one entry, and submitting another would rewrite the html document entirely with the new entry, but I want to be able to add on to it now rather than just overwrite it. What I'm doing is I'm first writing the submitted content to a storage.txt file. This submitted content contains the html data such as the table and formatting as well as the actual content, so all it has to do it be put into the rest of the html file. When a new entry is submitted, the php code is supposed to read the current data in the storage file, write the new data into the file, then append the old data to the end of the file. There's a bug somewhere in the code though that's keeping it from running, and I can't figure out what it is. This is the code:
Code: Select all
<html><body>
<?php
$title = $_POST['title'];
$content = $_POST['content'];
$pass = $_POST['pass'];
$filename = "storage.txt";
// writes the old content and new content to the storage file
function writefile() {
$fh = fopen( $filename, 'w' ) or die( "can't open file" );
fwrite( $fh, "
<p>
<table width='80%' align='center'>
<tr>
<td>
<font class='heading'>" );
fwrite( $fh, $title );
fwrite( $fh, "<br></font><hr>" );
fwrite( $fh, $content );
fwrite( $fh, "<br></td></tr></table></p><br><br>" );
fwrite( $fh, $currentdata );
fclose( $fh );
}
// reads and stores the current content for later rewriting
function readfile() {
$fh = fopen( $fh, 'r' );
$currentdata = fread( $fh, filesize( $filename ) );
fclose( $fh );
writefile();
}
if ( md5( $pass ) == "e5ca581bddbcf65b33a497e66e467765" ) {
echo "You posted " . $title . " <br> " . $content . " <br>";
readfile();
}
else {
echo "GET OUT";
}
?>
</body></html>
Posted: Tue Aug 29, 2006 8:09 pm
by Sevensins
currentdata is a local variable to the readfile function so in the writefile function it means nothing (it contains no data).
You should really combine the two functions anyway.
Posted: Tue Aug 29, 2006 9:05 pm
by ^misantropia^
This should probably read:
Code: Select all
global $filename;
$fh = fopen( $filename, 'r' );
Furthermore, this code is wide open to XSS attacks. Sanitize the input ($title, $content and, if you're really paranoid, $currentdata as well) by filtering it through
htmlentities($var, ENT_QUOTES).
Posted: Tue Aug 29, 2006 10:13 pm
by eepberries
Alright, so the code now looks like this, but it doesn't seem to be saving anything to the storage.txt file and I can't really figure out why.
Code: Select all
<html><body>
<?php
$title = htmlentities( $_POST['title'], ENT_QUOTES );
$content = htmlentities( $_POST['content'], ENT_QUOTES );
$pass = htmlentities( $_POST['pass'], ENT_QUOTES );
$filename = "storage.txt";
// writes the old content and new content to the storage file
function process() {
// read
$fh = fopen( $filename, 'r' );
$currentdata = fread( $fh, filesize( $filename ) );
fclose( $fh );
// write
$fh = fopen( $fh, 'w' ) or die( "can't open file" );
fwrite( $fh, "
<p>
<table width='80%' align='center'>
<tr>
<td>
<font class='heading'>" );
fwrite( $fh, $title );
fwrite( $fh, "<br></font><hr>" );
fwrite( $fh, $content );
fwrite( $fh, "<br></td></tr></table></p><br><br>" );
fwrite( $fh, $currentdata );
fclose( $fh );
}
if ( md5( $pass ) == "e5ca581bddbcf65b33a497e66e467765" ) {
echo "You posted " . $title . " <br> " . $content . " <br>";
process();
}
else {
echo "GET OUT";
}
?>
</body></html>
Posted: Tue Aug 29, 2006 11:23 pm
by ^misantropia^
^misantropia^ wrote:Code: Select all
global $filename;
$fh = fopen( $filename, 'r' );
Posted: Tue Aug 29, 2006 11:27 pm
by ^misantropia^
While we're at it, you'll want to fopen() $filename instead of $fh in the following snippet:
Code: Select all
$fh = fopen( $fh, 'w' ) or die( "can't open file" );
Posted: Tue Aug 29, 2006 11:38 pm
by Sevensins
^misantropia^ wrote:
This should probably read:
Code: Select all
global $filename;
$fh = fopen( $filename, 'r' );
Furthermore, this code is wide open to XSS attacks. Sanitize the input ($title, $content and, if you're really paranoid, $currentdata as well) by filtering it through
htmlentities($var, ENT_QUOTES).
ah, good catch as well
Posted: Wed Aug 30, 2006 12:30 am
by eepberries
Well, I got it working by just removing the functions. I know fixing it would have been simple, but I didn't really feel like examing exactly what to fix (i've forgotten how php deals with functions and variables). I have it working almost exactly how I want it to now, but the problem I'm now facing is that the variable I'm using to transfer between the storage file and writing to the .html file isn't anywhere near big enough. It's just getting cut off. I guess it wasn't made for this kind of use. Is there anything I can do?
Posted: Wed Aug 30, 2006 1:48 am
by Sevensins
Oh right, your problem before was probably the same as with filename. You needed all of the variables (title, content, pass,filename) to be declared global inside the function. Variables used globally outside the function have to be declared global inside any function that uses them; otherwise the function thinks they are just local variables.
Your new problem has to be something else because according to the php documenation there isn't a limitation to strings.
Maybe give an example of the content and where it gets cut off.
Posted: Wed Aug 30, 2006 1:57 am
by eepberries
Acutally, I just noticed something. It's storing everythign into the storage.txt file correctly. Nothing is getting cut off there, but the actual .html file has stuff cut off. The more you add, the more gets cut off from the bottom.
storage file:
http://ohshi.dyndns.org/php/storage.txt
html file:
http://ohshi.dyndns.org/feel/
and this is the current php file (I realize some of the reading from the file stuff is a little redundant at the end, I'll probably fix that as soon as I figure out what's causing this problem)
Code: Select all
<html><body>
<?php
$title = htmlentities( $_POST['title'], ENT_QUOTES );
$content = htmlentities( $_POST['content'], ENT_QUOTES );
$pass = htmlentities( $_POST['pass'], ENT_QUOTES );
$filename = "storage.txt";
if ( md5( $pass ) == "e5ca581bddbcf65b33a497e66e467765" ) {
echo "You posted " . $title . " <br> " . $content . " <br>";
// read
$fh = fopen( $filename, 'r' );
$currentdata = fread( $fh, filesize( $filename ) );
fclose( $fh );
// write
$fh = fopen( $filename, 'w' ) or die( "can't open file" );
fwrite( $fh, "
<p>
<table width='80%' align='center'>
<tr>
<td>
<font class='heading'>" );
fwrite( $fh, $title );
fwrite( $fh, "<br></font><hr>" );
fwrite( $fh, $content );
fwrite( $fh, "<br></td></tr></table></p><br>" );
fwrite( $fh, $currentdata );
fclose( $fh );
// open the storage file again to grab the new content
$fh = fopen( $filename, 'r' );
$content = fread( $fh, filesize( $filename ) );
fclose( $fh );
$fh = fopen( "../feel/index.html", 'w' );
fwrite( $fh, "<html>
<head>
<title>feel</title>
<LINK REL=StyleSheet HREF='http://ohshi.dyndns.org/testingground/assets/tanasinn.css' TYPE='text/css'>
</head>
<body background='http://ohshi.dyndns.org/testingground/assets/tanasinn.gif'>
<center>
<a href='http://ohshi.dyndns.org/'><img src='http://ohshi.dyndns.org/testingground/assets/doraemonbarbroken.png' width='600' height=93 border=0></img></a>
</center>
<br>
<br> ");
fwrite( $fh, $content );
fwrite( $fh, "</html></body>" );
fclose($fh);
}
else {
echo "GET OUT";
}
?>
</body></html>
Posted: Wed Aug 30, 2006 2:22 am
by Sevensins
I have an idea, but I am not positive.
First, you might trying using: file_get_contents()
http://php.net/file_get_contents
That should work better for grabbing the entire file into a string.
Second: You can check something quick by adding a echo of the contents at:
Code: Select all
// open the storage file again to grab the new content
$fh = fopen( $filename, 'r' );
$content = fread( $fh, filesize( $filename ) );
echo $content;
fclose( $fh );
Is the content cut off there?
Posted: Wed Aug 30, 2006 9:47 am
by ^misantropia^
Sevensins wrote:First, you might trying using: file_get_contents()
Even easier, use
fpassthru().
Posted: Wed Aug 30, 2006 10:19 am
by Captain
Sorry for the off-topic nudge here, but have you guys by any chance studied programming and computer sciences? You seem like a bright group :icon14:
Posted: Thu Aug 31, 2006 4:02 am
by eepberries
Hmm. I don't really understand how this is supposed to work. Something isn't working right, because now the HTML file just shows a number that gets greater as I add new entries. I changed
Code: Select all
// open the storage file again to grab the new content
$fh = fopen( $filename, 'r' );
$content = fread( $fh, filesize( $filename ) );
fclose( $fh );
to
Code: Select all
// open the storage file again to grab the new content
$fh = fopen( $filename, 'r' );
$content = fpassthru( $fh );
fclose( $fh );
Posted: Thu Aug 31, 2006 9:58 am
by ^misantropia^
Ah sorry. fpassthru() is more for displaying the contents of files, in this case storage.txt. Me thinks I should've been a bit clearer about that.
@Mazda: I have. I have about ten years of programming / software engineering experience.
Posted: Thu Aug 31, 2006 10:19 am
by Captain
It really shows
Posted: Thu Aug 31, 2006 10:31 am
by Sevensins
eepberries wrote:
Code: Select all
// open the storage file again to grab the new content
$fh = fopen( $filename, 'r' );
$content = fread( $fh, filesize( $filename ) );
fclose( $fh );
to
Code: Select all
$content = file_get_contents($filename);
Posted: Thu Aug 31, 2006 4:02 pm
by Sevensins
Code: Select all
<html><body>
<?php
$title = htmlentities( $_POST['title'], ENT_QUOTES );
$content = htmlentities( $_POST['content'], ENT_QUOTES );
$pass = htmlentities( $_POST['pass'], ENT_QUOTES );
$filename = "storage.txt";
if ( md5( $pass ) == "e5ca581bddbcf65b33a497e66e467765" ) {
echo "You posted " . $title . " <br> " . $content . " <br>";
// read
$currentdata = file_get_contents($filename);
$newContent = "<p> <table width='80%' align='center'>
<tr><td><font class='heading'>";
$newContent .= $title;
$newContent .= "<br></font><hr>";
$newContent .= $content;
$newContent .= "<br></td></tr></table></p><br>";
$newContent .= $currentdata; //append the old data
//write new storage
if ( !file_put_contents($filename, $newContent) )
{
//something failed
}
$fh = fopen( "../feel/index.html", 'w' );
fwrite( $fh, "<html>
<head>
<title>feel</title>
<LINK REL=StyleSheet HREF='http://ohshi.dyndns.org/testingground/assets/tanasinn.css' TYPE='text/css'>
</head>
<body background='http://ohshi.dyndns.org/testingground/assets/tanasinn.gif'>
<center>
<a href='http://ohshi.dyndns.org/'><img src='http://ohshi.dyndns.org/testingground/assets/doraemonbarbroken.png' width='600' height=93 border=0></img></a>
</center>
<br>
<br> ");
fwrite( $fh, $newContent );
fwrite( $fh, "</html></body>" );
fclose($fh);
}
else {
echo "GET OUT";
}
?>
</body></html>
Posted: Sun Sep 03, 2006 4:04 am
by eepberries
Well, I got it working, but I took out the htmlentities stuff because I couldn't figure out how to get it working. It would write to the storage.txt file with html codes starting with ; and all, but when it wrote to the html files, it would show <br> on the html page rather than it doing page breaks. It shouldn't make a difference though since you have to have the right password for it to be processed, right?
Posted: Sun Sep 03, 2006 3:00 pm
by ^misantropia^
eepberries wrote:It shouldn't make a difference though since you have to have the right password for it to be processed, right?
If only admins can access the page, there shouldn't be too much of a problem, no.
Posted: Sun Sep 03, 2006 3:37 pm
by eepberries
Well, anyone can access the page if they know the url, but you have to enter the right password into the form for any of the submitted data to be stored.