FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » Imported messages » comp.lang.php » Nested PHP
Show: Today's Messages :: Polls :: Message Navigator
Return to the default flat view Create a new topic Submit Reply
Re: Nested PHP [message #184843 is a reply to message #184834] Tue, 11 February 2014 13:15 Go to previous messageGo to previous message
Jerry Stuckle is currently offline  Jerry Stuckle
Messages: 2598
Registered: September 2010
Karma:
Senior Member
On 2/11/2014 5:11 AM, Adrian Tuddenham wrote:
> Jerry Stuckle <jstucklex(at)attglobal(dot)net> wrote:
>
>> On 2/10/2014 6:06 PM, Denis McMahon wrote:
>>> On Mon, 10 Feb 2014 21:44:02 +0000, Adrian Tuddenham wrote:
>>>
>>>> Jerry Stuckle <jstucklex(at)attglobal(dot)net> wrote:
>>>>
>>>> > On 2/10/2014 3:24 PM, Adrian Tuddenham wrote:
>>>> >> I am using a php program to generate and download a webpage as an
>>>> >> HTML file, the HTML file draws its headers and navigation bar from
>>>> >> another HTML file using some embedded php with an "include" command.
>>>> >>
>>>> >> The embedded php doesn't run when the file is downloaded, so the page
>>>> >> appears in the browser without its headers or navigation.
>>>> >>
>>>> >> Is there a way of making the HTML file run the php or do I have to
>>>> >> tackle this from another angle?
>>>
>>>> > The PHP code in your generated file is only executed when the file is
>>>> > processed as a web page. This is done by the web server, based on the
>>>> > file extension (default is .php; you do have that as the file
>>>> > extension,
>>>> > right?).
>>>
>>>> Yes - and the same code runs perfectly well with all its headers if the
>>>> file is sitting on the server and I call it up with a browser. It is
>>>> only if I 'create' it on the fly from a php program that it doesn't work
>>>> - the HTML runs but the php doesn't.
>>>
>>> What happens is that php script is executed by a script processor in the
>>> server, and the output of the php script is delivered by the server as
>>> html.
>>>
>>>> > Any other means of downloading the file (i.e. ftp) will not cause the
>>>> > PHP code to be executed.
>>>
>>>> I was using a browser to view it, but the source code was coming from a
>>>> php program, not directly from a file on the server.
>>>
>>> When you say "the source code was coming from a php program" do you mean
>>> that you were viewing a php script with a web browser, or do you mean
>>> that you were running a script through a php interpreter and viewing the
>>> output?
>>>
>>> Any php processing for web pages that is needed is generally carried out
>>> in a process called from the main server process in the web server.
>>> Normally when a .php file is requested, the webserver passes the file to
>>> the php processor, and takes the output of the php processor and sends
>>> that to the requesting client as html (unless another content type is
>>> specified).
>>>
>>> It's also possible for php to be embedded in html files, in which case
>>> the same thing happens for html files.
>>>
>>> I can't quite map your description of what you're doing and what you seem
>>> to expect with my knowledge of how web servers work, this suggests that
>>> either you're using the terminology in a way that I don't understand, or
>>> possibly that your perception of what is happening is not what is
>>> actually happening.
>>>
>>
>> Denis,
>>
>> From what I can gather, he's generating a page which contains PHP code
>> from another PHP script, and sending the generated page to the browser -
>> expecting the generated PHP code to be executed (which, of course, it
>> isn't).
>
> That's right.
>

Then no, anything generated by your code is NOT processed by the
interpreter. It is simply sent to the client.

> I'll try to elaborate and show some of the code, which might answer many
> of the previous replies at the same time:
>
> A typical webpage in this site uses embedded php to operate the hit
> counter (PROCaddlog.php), pick up its headers (SCCSheaders.php) and pick
> up its navigation table (SCCSnavtable.php).
>
>
> ~~~~~~~ Typical webpage ~~~~~~~~
> <HTML>
> <HEAD>
> <TITLE>Picture Gallery</TITLE>
> <meta name="KEYWORDS" content="Coal Canal, Somersetshire Coal Canal,
> Somerset Coal Canal, locks, caissons, Kennet & Avon,Weldon, Robert
> Weldon, Caisoon Lock, Inclined plane, Combe Hay, Bath, Wellow, Weldon,
> William Smith, Tuckingmill Tramway, Dorset & Somerset Canal">
> </HEAD>
> <BODY BGCOLOR="#CCFFFF">
> <CENTER><!--NOEDIT--><?php
> include($_SERVER['DOCUMENT_ROOT'] . "/PHP/counters/PROCaddlog.php");
> addlog("Gallery");
> include("http://www.coalcanal.org/PHP/SCCSheaders.php");
> include("http://www.coalcanal.org/PHP/SCCSnavtable.php");
> ?><!--/NOEDIT-->
>
> <P><FONT COLOR="#996633"><B>GALLERY</B></FONT>
>
> <P>&nbsp;
>
> <P><A HREF="http://www.flickr.com/photos/114362147@N06/">Photostream
> on Flickr</A>
>
> <P><A HREF="gallery/gallery-old.htm">Old pictures of the canal</A>
>
> <P>&nbsp;
>
> <P>&nbsp;
>
> <P><TABLE BORDER=0 CELLSPACING=0 CELLPADDING=5 WIDTH="100%">
> <TR>
> <TD>
> <P><A HREF="index.htm">Return to home page</A>
> </TD>
> <TD>
> <CENTER><A HREF="alphabetical.htm"><IMG SRC="images/Find.gif"
> WIDTH=75 HEIGHT=26 BORDER=0 ALIGN=bottom></A></CENTER>
> </TD>
> <TD>
> <P ALIGN=right><A HREF="#TOP">Return to top of this page</A>
> </TD>
> </TR>
> </TABLE>
> </CENTER>
> </BODY>
> </HTML>
>
> ~~~~~~~~~~ End of Typical Webpage ~~~~~~~
>
> The resulting output can be seen at:
> <http://www.coalcanal.org/gallery.php>
>

Is this supposed to be the page your code has generated? Or is this a
file on your site? The code here is being processed.

> I am now trying to build some password-protected pages and downloads,
> where a link to a page or PDF file calls up a page delivery program
> which decodes an encryped file and generates the PDF or page source code
> on-the-fly. The PDF-delivery program works fine, but when I use the
> same code to deliver an HTML page, the php within the HTML appears as
> text and fails to run.
>

It won't work.

> ~~~~~~~~~~ PDF Delivery Program ~~~~~~~~~~
> <?php
>
> $cookie1 = $_COOKIE["uservalid"];
> stripslashes($cookie1);
> setcookie ("uservalid", $cookie1 , time() + 900);
> $cookie2 = strrev($cookie1);
> $filename = $_GET["url"];
> stripslashes($filename);
> $text = "Empty string";
>
> #Cookie check removed for security
> #If ($cookie2~~~~~~~~~
> {
> ### Read file ###
>
> $filenamer = $filename . "r";
> $fh = fopen($filenamer, 'r') or ("Downloader can't open
> file $filenamer");
> $text = fread($fh, filesize($filenamer));
> fclose($fh);
>
>
> ### Decode file ###
>
> # Decoding section removed for security#
> }
>
> ### Send file or refer to Login page ###
>
> #Cookie check removed for security
> #If ($cookie2~~~~~~~~~
> {
> header('Content-Type: application/octet-stream');
> header('Content-Disposition: attachment;
> filename="'.basename($filename).'"');
> header('Content-Length: ' . filesize($filenamer));
> print $text;
> }
> else
> {
> print "
> <HTML>
> <HEAD>
> </HEAD>
> <BODY BGCOLOR='#FFFFFF'>
> <CENTER><BR><BR>
> <FORM ACTION=\"Login2.php\" METHOD=POST>
> <P>Please <INPUT TYPE=submit NAME=Submit VALUE=\"Log in\">if you
> want to download this file
> <P> <A
> HREF='http://www.coalcanal.org.uk/contactform1.php'>Contact the
> webmaster</A> if you continue to have difficulties</CENTER>
> </BODY>
> </HTML>
> ";
> }
>
> ?>
>
> ~~~~~~~~~~~~ End of PDF Delivery Program ~~~~~~~~~
>
> As suggested by one of the replies, I am currently using a modification
> of the above program to deliver webpages, whereby the 'include' is
> processed by the delivery program (not by the HTML page) and the result
> delivered to the HTML page at the appropriate point in the generated
> source code.
>
> I wondered if there was a command which I could embed instead of the
> "print $text;", which would cause the resulting HTML to be processed
> like a normal webpage, so that the php within it would also run?
>
>
>

You could use eval(), if your host allows it. But that is a huge
security risk. You're just asking to be hacked.

My main question here would be - what are you trying to accomplish by
having files encrypted on your server. Since the decryption code is
right in plain sight, encrypting the files adds no security. If they
can get to your raw files, they can get to your decryption code.

And in any case, the decrypted page (along with images, etc.) is
available at the browser just as soon as someone requests it.

I think your whole approach needs rethinking.

--
==================
Remove the "x" from my email address
Jerry Stuckle
jstucklex(at)attglobal(dot)net
==================
[Message index]
 
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Previous Topic: Filling an array with random input doesn't quite work
Next Topic: string length
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Wed Nov 27 21:03:22 GMT 2024

Total time taken to generate the page: 0.04506 seconds