Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Please help me with a little PHP thingy ;.;

  • 09-02-2002 5:36pm
    #1
    Registered Users, Registered Users 2 Posts: 151 ✭✭


    Ever been to one of those sites, where it has a php index page ?
    And the main new's part of the page is uploaded through a txt file?

    You know, instead of the webmaster having to open a HTML editor just to change the news ?

    He just changes the TXT file, upload's it, BAM! Its updated?




    How'dy'do tha'?


Comments

  • Banned (with Prison Access) Posts: 16,659 ✭✭✭✭dahamsta


    A simple example:

    [php]<?php

    // Grab the contents of the requested file.
    // file() creates an array of the file contents, one element per line.
    // implode() creates a string out of the array.

    $content = implode('', file($file));

    // "Here print" the rest of the document, or alternatively,
    // you can pop out of parsed mode and use an inline echo.

    echo <<<EOD

    <html>
    <head>
    <title>Title</title>
    </head>
    <body bgcolor="white">
    <h1>Title</h1>
    $content
    </body>
    </html>

    EOD;
    ?>[/php]Now you would just pass the filename to the script, and voila, there's your page. This is a simple, insecure example though, wide open to directory tranversal. Say for example that a user called a URL like this:

    http://yoursite.com/path/to/script/?file=/etc/passwd

    Now he has the contents of your passwd file, which he can run a brute force attack on in his own time, and possibly get root on your machine.

    You get around this by a) removing the file extension, and appending it in the script; and b) making sure he doesn't include directory information. Use the str() and ereg() functions to parse out user input.

    adam


  • Registered Users, Registered Users 2 Posts: 151 ✭✭Arboration


    [php]<?php

    // Grab the contents of the requested file.
    // file() creates an array of the file contents, one element per line.
    // implode() creates a string out of the array.

    $content = implode('News', file($News.txt));

    // "Here print" the rest of the document, or alternatively,
    // you can pop out of parsed mode and use an inline echo.

    echo <<<EOD

    <html>
    <head>
    <title>Title</title>
    </head>
    <body bgcolor="white">
    <h1>Title</h1>


    $content


    </body>
    </html>

    EOD;
    ?>
    [/php]


    So, thats how it is ?



    Let's say, If I add HTML into my txt file ?
    Will it be shown as HTML?


  • Banned (with Prison Access) Posts: 16,659 ✭✭✭✭dahamsta


    This is wrong:

    [php]$content = implode('News', file($News.txt));[/php]

    The first argument to implode() is the delimiter, i.e. the string (glue) that will be placed between each array element when the string is created. In other words, $content will end up looking like:
    Line
    NewsLine
    NewsLine
    etc.
    

    Leave the first argument empty. Also, as I said, you should parse the user input for security first. Something like:

    [php]if ( strstr('/') || strstr('.') ) {
    echo "Illegal input, chancer!";
    }[/php]

    Have a look at the function docs:

    http://uk.php.net/explode
    http://uk.php.net/file
    http://uk.php.net/strstr

    Let's say, If I add HTML into my txt file ? Will it be shown as HTML?

    Yes.

    adam


  • Closed Accounts Posts: 4,655 ✭✭✭Ph3n0m


    why not use a simple include


    <html>
    <head>
    <title>Untitled</title>
    </head>

    <body>
    <?php

    include("/content.txt");

    ?>

    </body>
    </html>


  • Registered Users, Registered Users 2 Posts: 151 ✭✭Arboration


    Warning: Failed opening '/Content.txt' for inclusion (include_path='') in /usr/home/ffrapture/index.php on line 86


    Index.php

    Content.txt CHMOD: 777

    what went wrong :(


  • Advertisement
  • Closed Accounts Posts: 4,655 ✭✭✭Ph3n0m


    d'oh (my mistake)


    make sure the text file is in the same directory as the index.php


    and the include statement should look like this


    <?
    include ("content.txt");

    ?>


    much better :)


  • Closed Accounts Posts: 19,777 ✭✭✭✭The Corinthian


    In all these cases here, all you’re going to include in your PHP script is raw, unformatted text. You'll still need to format your content. A very common approach is to use template includes at the top and bottom of your pages:
    [PHP]
    require("top.php");
    <p>HTML forrmatted body text goes here...</p>
    require("bottom.php");
    [/PHP]
    top.php would generally contain all the repetitve HTML <HEAD> content and CSS data, up to around the <BODY> tag. bottom.php could often just be the </BODY></HTML> tags (and any repetitive content, such as copyright notices, that would need to appear on all your pages).

    If you look at the source code here you'll see HTML comments denoting where the relevant TOP and Bottom templates end/begin.


Advertisement