1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

PHP script works one one server, not another

Discussion in 'Software Development' started by SuperSquirel, Apr 18, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. SuperSquirel

    SuperSquirel Thread Starter

    Joined:
    Apr 18, 2004
    Messages:
    15
    I've been using the a line of PHP i was given a year or 2 ago for the new site i'm creating, it is supposed to automatically include an html page that i specify in the url (ie. index.php?page=news), however its not working on my main webhost.
    here is the line of code:

    <? if (isSet($page)) { $file="$page.html" ; if (file_exists("$file")) { include("$file"); } else { include('./404.html'); } } else { include("main.html"); } ?>

    the problem is that main.html is included every time even when i specify another page to be included. however when i uploaded the exact same index.php, a test page and main.html to my old webhost it worked perfectly.
    The puzzling thing is my current website uses phpnuke and i have a custom module which uses the same line of code and that works fine.

    does anyone know if somethin in the code could be causing problems or if it could perhaps be a server configuration?
     
  2. mussavcom

    mussavcom

    Joined:
    Mar 28, 2004
    Messages:
    51
    All server configurations differ, so there could be several problems.

    Your server may not allow you to use $page until you GET it from the URL for security reasons.
    Try:

    if (isset($_GET['page']))

    instead of
    if (isset($page))
     
  3. brendandonhu

    brendandonhu

    Joined:
    Jul 8, 2002
    Messages:
    14,681
    Recent versions of PHP have superglobals turned off for security reasons. The code you posted would probably work like this
    PHP:
    <?
    if (isset(
    $_GET['page']))
    {
      
    $file$_GET['page'] . '.html';
      if (
    file_exists($file))
     {
        include(
    $file);
      }
    else
    {
      include(
    './404.html');
     } 

    else 
    {
      include(
    'main.html');

    ?>
    However that code is very insecure. Any user could access any file on your website. You should create an array of pages they are allowed to access, and let the script load those pages.
     
  4. SuperSquirel

    SuperSquirel Thread Starter

    Joined:
    Apr 18, 2004
    Messages:
    15
    that works, thank you :)
     
  5. brendandonhu

    brendandonhu

    Joined:
    Jul 8, 2002
    Messages:
    14,681
    Just remember, a script like that will give anyone access to any file on your site.
    This is quite a bit more secure. Just put all the files the user is allowed to view in a directory called "files"
    PHP:
    <? 
    if (isset(
    $_GET['page'])) 

      
    $filestr_replace('.','',$_GET['page']) . '.html'
      if (
    file_exists($file)) 
     { 
        include(
    '/files/' $file); 
      } 
    else 

      include(
    './404.html'); 
     }  
    }  
    else  

      include(
    '/files/main.html'); 

     
  6. mussavcom

    mussavcom

    Joined:
    Mar 28, 2004
    Messages:
    51
    brendandonhu -- what if somebody had "../file.html" as the file? I know when you enter URLS into an address bar, site.com/folder/../file.html is the same as site.com/file.html. Would that happen on PHP to? If so, any file on the site could still be accessed.
     
  7. brendandonhu

    brendandonhu

    Joined:
    Jul 8, 2002
    Messages:
    14,681
    Yes they could, I just edited the script to fix that.
     
  8. SuperSquirel

    SuperSquirel Thread Starter

    Joined:
    Apr 18, 2004
    Messages:
    15
    thats quite a useful security fix for the script, thanks. i had some admin pages on the site that were protected by cpanels directory protection, i never realised they could still be included without need of password.
     
  9. brendandonhu

    brendandonhu

    Joined:
    Jul 8, 2002
    Messages:
    14,681
    No prob :)
    It generally wouldn't allow access to protected pages, but theres still a possibility.
     
  10. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/221525

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice