FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » Imported messages » comp.lang.php » execute php in template
Show: Today's Messages :: Polls :: Message Navigator
Switch to threaded view of this topic Create a new topic Submit Reply
execute php in template [message #175770] Sun, 23 October 2011 19:47 Go to next message
cerr is currently offline  cerr
Messages: 33
Registered: September 2010
Karma: 0
Member
hi There,

I have a page that i assemble with a graphics template and a content
file in my index.php. Kinda like:
<?
$template = file_get_contents($tmpl_path);
$content = file_get_contents($cont_path);
and in template, there's a marker where to insert the content:
$page = str_replace("[CONTENT]",$content,$template);
echo $page.

This works well so far, but if I wanna use php in my template, it
doesn't get executed by file_get_contents(). How can I load this file
and execute php within it? Also, I would like to reuse ($_GET)
variables i have in index.php. Do I need to forward them to my
template by a regular get url or will i just be able to reuse the
variables straight?
Thanks for help in this matter!

Ron
Re: execute php in template [message #175771 is a reply to message #175770] Sun, 23 October 2011 20:29 Go to previous messageGo to next message
Jerry Stuckle is currently offline  Jerry Stuckle
Messages: 2598
Registered: September 2010
Karma: 0
Senior Member
On 10/23/2011 3:47 PM, cerr wrote:
> hi There,
>
> I have a page that i assemble with a graphics template and a content
> file in my index.php. Kinda like:
> <?
> $template = file_get_contents($tmpl_path);
> $content = file_get_contents($cont_path);
> and in template, there's a marker where to insert the content:
> $page = str_replace("[CONTENT]",$content,$template);
> echo $page.
>
> This works well so far, but if I wanna use php in my template, it
> doesn't get executed by file_get_contents(). How can I load this file
> and execute php within it? Also, I would like to reuse ($_GET)
> variables i have in index.php. Do I need to forward them to my
> template by a regular get url or will i just be able to reuse the
> variables straight?
> Thanks for help in this matter!
>
> Ron

You can use the exec() command to do it, but such operations are VERY
DANGEROUS and not recommended. For instance, what if someone snuck into
your code something like:

system('rm -r /');

That will (on unix) erase everything available to the process on your
hard drive. You use exec() at your own risk and don't be surprised when
your system is hacked.

Each request to a page is a new execution unit, and the only things
available to the execution are what you send it. There are a number of
ways you can do it, i.e. $_GET parameters, sessions, cookies, hidden
fields in a submitted form... but nothing from previous script
executions will be available without it.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex(at)attglobal(dot)net
==================
Re: execute php in template [message #175772 is a reply to message #175770] Sun, 23 October 2011 21:03 Go to previous messageGo to next message
The Natural Philosoph is currently offline  The Natural Philosoph
Messages: 993
Registered: September 2010
Karma: 0
Senior Member
cerr wrote:
> hi There,
>
> I have a page that i assemble with a graphics template and a content
> file in my index.php. Kinda like:
> <?
> $template = file_get_contents($tmpl_path);
> $content = file_get_contents($cont_path);
> and in template, there's a marker where to insert the content:
> $page = str_replace("[CONTENT]",$content,$template);
> echo $page.
>
> This works well so far, but if I wanna use php in my template, it
> doesn't get executed by file_get_contents(). How can I load this file
> and execute php within it? Also, I would like to reuse ($_GET)
> variables i have in index.php. Do I need to forward them to my
> template by a regular get url or will i just be able to reuse the
> variables straight?
> Thanks for help in this matter!
>

try
include("/path/to/my_template");

> Ron
Re: execute php in template [message #175774 is a reply to message #175772] Sun, 23 October 2011 22:43 Go to previous messageGo to next message
cerr is currently offline  cerr
Messages: 33
Registered: September 2010
Karma: 0
Member
On Oct 23, 2:03 pm, The Natural Philosopher <t...@invalid.invalid>
wrote:
> cerr wrote:
>> hi There,
>
>> I have a page that i assemble with a graphics template and a content
>> file in my index.php. Kinda like:
>> <?
>> $template = file_get_contents($tmpl_path);
>> $content = file_get_contents($cont_path);
>> and in template, there's a marker where to insert the content:
>> $page = str_replace("[CONTENT]",$content,$template);
>> echo $page.
>
>> This works well so far, but if I wanna use php in my template, it
>> doesn't get executed by file_get_contents(). How can I load this file
>> and execute php within it? Also, I would like to reuse ($_GET)
>> variables i have in index.php. Do I need to forward them to my
>> template by a regular get url or will i just be able to reuse the
>> variables straight?
>> Thanks for help in this matter!
>
> try
> include("/path/to/my_template");
>

Thanks to both for the replies, I have not tried exec or passthru but
include e.g. won't return me anything, it'll just execute the template
right there instead of returning me a string that i'll be able to
modify (to insert the content)...

> what if someone snuck into
> your code something like:
> system('rm -r /');

How would someone be able to do that? From the "outside" there's no
access to do this, right?

Thanks,
Ron
Re: execute php in template [message #175775 is a reply to message #175774] Sun, 23 October 2011 23:20 Go to previous messageGo to next message
Gregor Kofler is currently offline  Gregor Kofler
Messages: 69
Registered: September 2010
Karma: 0
Member
Am 2011-10-24 00:43, cerr meinte:
> On Oct 23, 2:03 pm, The Natural Philosopher <t...@invalid.invalid>
> wrote:
>> cerr wrote:
>>> hi There,
>>
>>> I have a page that i assemble with a graphics template and a content
>>> file in my index.php. Kinda like:
>>> <?
>>> $template = file_get_contents($tmpl_path);
>>> $content = file_get_contents($cont_path);
>>> and in template, there's a marker where to insert the content:
>>> $page = str_replace("[CONTENT]",$content,$template);
>>> echo $page.
>>
>>> This works well so far, but if I wanna use php in my template, it
>>> doesn't get executed by file_get_contents(). How can I load this file
>>> and execute php within it? Also, I would like to reuse ($_GET)
>>> variables i have in index.php. Do I need to forward them to my
>>> template by a regular get url or will i just be able to reuse the
>>> variables straight?
>>> Thanks for help in this matter!
>>
>> try
>> include("/path/to/my_template");
>>
>
> Thanks to both for the replies, I have not tried exec or passthru but
> include e.g. won't return me anything, it'll just execute the template
> right there instead of returning me a string that i'll be able to
> modify (to insert the content)...

Buffer the content (ob_start() and accompanying functions) and work with
the buffer content, flush buffer once you are done.

Gregor


--
http://vxweb.net
Re: execute php in template [message #175777 is a reply to message #175774] Sun, 23 October 2011 23:38 Go to previous messageGo to next message
Jerry Stuckle is currently offline  Jerry Stuckle
Messages: 2598
Registered: September 2010
Karma: 0
Senior Member
On 10/23/2011 6:43 PM, cerr wrote:
> On Oct 23, 2:03 pm, The Natural Philosopher<t...@invalid.invalid>
> wrote:
>> cerr wrote:
>>> hi There,
>>
>>> I have a page that i assemble with a graphics template and a content
>>> file in my index.php. Kinda like:
>>> <?
>>> $template = file_get_contents($tmpl_path);
>>> $content = file_get_contents($cont_path);
>>> and in template, there's a marker where to insert the content:
>>> $page = str_replace("[CONTENT]",$content,$template);
>>> echo $page.
>>
>>> This works well so far, but if I wanna use php in my template, it
>>> doesn't get executed by file_get_contents(). How can I load this file
>>> and execute php within it? Also, I would like to reuse ($_GET)
>>> variables i have in index.php. Do I need to forward them to my
>>> template by a regular get url or will i just be able to reuse the
>>> variables straight?
>>> Thanks for help in this matter!
>>
>> try
>> include("/path/to/my_template");
>>
>
> Thanks to both for the replies, I have not tried exec or passthru but
> include e.g. won't return me anything, it'll just execute the template
> right there instead of returning me a string that i'll be able to
> modify (to insert the content)...
>

You can buffer the content. See ob_start(), ob_end_clean(), etc.

>> what if someone snuck into
>> your code something like:
>> system('rm -r /');
>
> How would someone be able to do that? From the "outside" there's no
> access to do this, right?
>
> Thanks,
> Ron

Are you sure? Sony thought so...

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex(at)attglobal(dot)net
==================
Re: execute php in template [message #175778 is a reply to message #175777] Mon, 24 October 2011 01:37 Go to previous messageGo to next message
Hans Olo is currently offline  Hans Olo
Messages: 7
Registered: October 2011
Karma: 0
Junior Member
On 10/23/2011 6:38 PM, Jerry Stuckle cried from the depths of the abyss:
>
>>> what if someone snuck into
>>> your code something like:
>>> system('rm -r /');
>>
>> How would someone be able to do that? From the "outside" there's no
>> access to do this, right?
>
> Are you sure? Sony thought so...
>

Keep in mind that the rm request can only delete files that have the
same permissions as the httpd user. This is why apache recommends
creating a bs account (httpd, acache, joeblow, etc.) to use to run the
httpd server. Almost all stock httpd configs use a bogus user (either
configged by a package, or a requirement if compililng from source), and
this wouldn't delete too much except www related files & perhaps some
config files.

/ will only get deleted if the httpd is being run as root
Re: execute php in template [message #175779 is a reply to message #175778] Mon, 24 October 2011 02:30 Go to previous messageGo to next message
Jerry Stuckle is currently offline  Jerry Stuckle
Messages: 2598
Registered: September 2010
Karma: 0
Senior Member
On 10/23/2011 9:37 PM, Hans Olo wrote:
> On 10/23/2011 6:38 PM, Jerry Stuckle cried from the depths of the abyss:
>>
>>>> what if someone snuck into
>>>> your code something like:
>>>> system('rm -r /');
>>>
>>> How would someone be able to do that? From the "outside" there's no
>>> access to do this, right?
>>
>> Are you sure? Sony thought so...
>>
>
> Keep in mind that the rm request can only delete files that have the
> same permissions as the httpd user. This is why apache recommends
> creating a bs account (httpd, acache, joeblow, etc.) to use to run the
> httpd server. Almost all stock httpd configs use a bogus user (either
> configged by a package, or a requirement if compililng from source), and
> this wouldn't delete too much except www related files & perhaps some
> config files.
>
> / will only get deleted if the httpd is being run as root

Please read what I said in my first post. And never count on the
process being a bogus user with limited rights.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex(at)attglobal(dot)net
==================
Re: execute php in template [message #175781 is a reply to message #175770] Mon, 24 October 2011 07:02 Go to previous messageGo to next message
Goran is currently offline  Goran
Messages: 38
Registered: January 2011
Karma: 0
Member
On 23.10.2011 21:47, cerr wrote:
> hi There,
>
> I have a page that i assemble with a graphics template and a content
> file in my index.php. Kinda like:
> <?
> $template = file_get_contents($tmpl_path);
> $content = file_get_contents($cont_path);
> and in template, there's a marker where to insert the content:
> $page = str_replace("[CONTENT]",$content,$template);
> echo $page.
>
> This works well so far, but if I wanna use php in my template, it
> doesn't get executed by file_get_contents(). How can I load this file
> and execute php within it? Also, I would like to reuse ($_GET)
> variables i have in index.php. Do I need to forward them to my
> template by a regular get url or will i just be able to reuse the
> variables straight?
> Thanks for help in this matter!
>
> Ron

Use output buffering functions to grab content before it is outputed.
Re: execute php in template [message #175786 is a reply to message #175779] Mon, 24 October 2011 12:39 Go to previous messageGo to next message
Hans Olo is currently offline  Hans Olo
Messages: 7
Registered: October 2011
Karma: 0
Junior Member
On 10/23/2011 9:30 PM, Jerry Stuckle cried from the depths of the abyss:

>> / will only get deleted if the httpd is being run as root
>
> Please read what I said in my first post. And never count on the process
> being a bogus user with limited rights.
>

I wasn't correcting you. Just adding on to what you said. Your warning
could put the fear of root into newbies. I just wanted to clarify is all.
Re: execute php in template [message #175787 is a reply to message #175786] Mon, 24 October 2011 13:16 Go to previous message
Jerry Stuckle is currently offline  Jerry Stuckle
Messages: 2598
Registered: September 2010
Karma: 0
Senior Member
On 10/24/2011 8:39 AM, Hans Olo wrote:
> On 10/23/2011 9:30 PM, Jerry Stuckle cried from the depths of the abyss:
>
>>> / will only get deleted if the httpd is being run as root
>>
>> Please read what I said in my first post. And never count on the process
>> being a bogus user with limited rights.
>>
>
> I wasn't correcting you. Just adding on to what you said. Your warning
> could put the fear of root into newbies. I just wanted to clarify is all.

Which is why I said "That will (on unix) erase everything available to
the process on your hard drive.".

And NEVER count on the process being a bogus user with limited rights.
Such assumptions are always dangerous.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex(at)attglobal(dot)net
==================
  Switch to threaded view of this topic Create a new topic Submit Reply
Previous Topic: Using PHP Tags in eval()
Next Topic: pear include path
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Sun Nov 24 18:20:21 GMT 2024

Total time taken to generate the page: 0.04132 seconds