View PHP Code?

[john_bboy7]

I dont know if its legal But is it possible to view source code Of php in an HTML site? If yes then how? That can solve my problem... :-\

[Cosizzle]

99% sure you can not  I say 99% because PHP is protected which makes it valuable against preventing hackers... there are certain PHP elements that you can kinda see like an include for an example. the include function however converts the file your attaching into HTML.

 

Mind my asking what your problem is? Perhaps someone here at the boards can help out.

[BlueSkyIS]

PHP is compiled and executed on the server and the resulting HTML code is sent to the browser. You can't view the pre-compiled PHP unless the server is misconfigured.

[roopurt18]

the include function however converts the file your attaching into HTML.

 

It does no such thing.  include() opens and runs the specified file.  If the file echoes HTML, then it will be dumped into the calling script, but it doesn't have to echo anything.

[john_bboy7]

I found this:

 

Description:

this script will not show source of hidden (starts with dot) files, files that don't end with .php, or files outside the document root. make sure any scripts with sensitive information meet at least one of those criteria (preferably all 3) in order to make this script refuse to show their source code. save the code in a file like showsource.php and put it in your site's document root. show the source of a file with showsource.php?file=path/to/script.php, or follow the instructions in the comment header to be able to use showsource.php?file=path/to/script.php instead.

 

And this is the code Sourcecode.php:

 

<?
/*----------------------------------------------------------------------------*\
| show higlighted source code for a php file.  the filename is expected in   |
| $_GET['file'], in the form of path/to/script.php                           |
|                                                                            |
| on apache with mod_rewrite, the following allows viewing source using urls |
| like /source/path/to/script.php instead of                                 |
| showsource.php?file=path/to/script.php:                                    |
| RewriteEngine on                                                           |
| RewriteRule ^source/(.+)$ showsource.php?file=$1                           |
\*----------------------------------------------------------------------------*/

  // get rid of any leading slashes
  while(substr($_GET['file'], 0, 1) == '/')
    $_GET['file'] = substr($_GET['file'], 1);

  // make sure they've asked for a file, it's a php file, it's not a hidden file, and it exists
  if(!isset($_GET['file']) ||
     substr($_GET['file'], -4) != '.php' ||
     substr($_GET['file'], 0, 1) == '.' ||
     !file_exists($_SERVER['DOCUMENT_ROOT'] . '/' . $_GET['file']) ||
     strpos($_GET['file'], '/.') !== false) {
    header('HTTP/1.0 Not Found');  // show a file not found error
    // DO:  include your 404 document here
    die;
  } else {
    // get all of the higlighting colors from php.ini
    $highlight['bg'] = ini_get('highlight.bg');
    $highlight['comment'] = ini_get('highlight.comment');
    $highlight['default'] = ini_get('highlight.default');
    $highlight['html'] = ini_get('highlight.html');
    $highlight['keyword'] = ini_get('highlight.keyword');
    $highlight['string'] = ini_get('highlight.string');
    // set up arrays to use with str_replace later
    foreach($highlight as $type => $color) {
      $font[] = '<font color="' . $color . '">';  // php4 uses font tags
      $span[] = '<span style="color: ' . $color . '">';  // php5 uses span tags with css
      $class[] = '<span class="' . $type . '">';  // we will be replacing specific color settings with a classname that can have the color controlled by an external css file
    }
    $page->Start('source of /' . $_GET['file'], 'php source', '/' . $_GET['file']);
?>
<html>
  <head>
    <title>source of /<?=$_GET['file']; ?></title>
    <style type="text/css">
      div.source {font-family: monospace; margin: 1em 2%; width: 96%; height: 30em; overflow: auto; border: 1px dashed #666666; background-color: #eeeeee;}
      div.source ol {padding-left: 1.5em;}
      div.source li {white-space: nowrap;}
      div.source span.comment {color: #ff8000;}
      div.source span.default {color: #0000bb;}
      div.source span.html {color: #000000;}
      div.source span.keyword {color: #007700;}
      div.source span.string {color: #dd0000;}
    </style>
  </head>
  <body>
    <h1>php source:  /<?=$_GET['file']; ?></h1>
      <div class="source"><ol>
<?
    $file = fopen($_SERVER['DOCUMENT_ROOT'] . '/' . $_GET['file'], 'r');  // open the file for reading
    $php = 0;  // should be either 1 or 0:  1 when we opened a php and didn't close it, 0 otherwise
    $comment = 0;  // should be either 1 or 0:  1 when we opened a comment and didn't close it, 0 otherwise

    // loop through each line of the file
    while(!feof($file)) {
      $line = fgets($file);
      // if the line starts with one space, save it as a non-breaking space and trim it off
      if(substr($line, 0, 1) == ' ' && substr($line, 1, 1) != ' ') {
        $space = ' ';
        $line = substr($line, 1);
      } else
        $space = '';
      // add a comment start to the beginning of the line if we are in a comment
      if($comment)
        $line = '/*' . $line;
      // add a php start to the beginning of the line if we are in php code
      if($php)
        $line = '<?' . $line;
      // remember to remove the php start and comment start if we added them
      $rmphp = $php;
      $rmcmt = $comment;
      // figure out if we start the next line in php code
      $php = substr_count($line, '<?') - substr_count($line, '?>');
      // figure out if we start the next line in a comment
      $comment = substr_count($line, '/*') - substr_count($line, '*/');
      // end the comment on this line to avoid unended comment errors
      if($comment)
        $line .= '*/';
      // highlight the line and get rid of unneccessary code tags, line breaks, and br tags
      $line = str_replace(array('<code>', '</code>', "\n", "\r", '<br />'), '', highlight_string($line, true));
      // change font color tags into span class tags (php4)
      $line = str_replace($font, $class, $line);
      // change span color tags into span class tags (php5)
      $line = str_replace($span, $class, $line);
      // change font closing tags into span closing tags (php4)
      $line = str_replace('</font>', '</span>', $line);

      // remove php start if we added it
      if($rmphp) {
        $pos = strpos($line, '<?');
        if($pos !== false)
          $line = substr($line, 0, $pos) . substr($line, $pos + 5);
      }
      // remove comment start if we added it
      if($rmcmt) {
        $pos = strpos($line, '/*');
        if($pos !== false)
          $line = substr($line, 0, $pos) . substr($line, $pos + 2);
      }
      // remove comment end if we added it
      if($comment) {
        $pos = strrpos($line, '*/');  //strrpos searches backward for '*' here, but */ should be the last thing on the line anyway
        if($pos !== false)
          $line = substr($line, 0, $pos) . substr($line, $pos + 2);
      }
      
      // get rid of any empty span tags, 2 levels deep
      $line = preg_replace('/<span class="(bg|comment|default|html|keyword|string)"><\/span>/', '', $line);
      $line = preg_replace('/<span class="(bg|comment|default|html|keyword|string)"><\/span>/', '', $line);

      // put a non-breaking space on any blank lines so that firefox/mozilla/netscape don't overlap the line numbers
      if(strlen($line) < 1)
        $line = ' ';
?>
        <li><?=$space; ?><?=$line; ?></li>
<?
    }
?>
      </ol></div>

<?
  }
?> 

 

 

But i am getting nothing??  ??? ??? Any idea??

[dezkit]

i have no clue whatsoever you are talking about, however, i might think you would want this tag??

 

<xmp></xmp>

 

<xmp><?php echo "these tags can show you the php code without it actually functioning. so with html."; ?></xmp>

 

<xmp><html><font color="red">You can not see the html itself</font></html></xmp>

[PFMaBiSmAd]

john_bboy7, the script you posted allows someone to view the contents of your .php files on your server. If you have this on a live server, I recommend you remove it as quick as possible before someone uses it to see the content of your .php files.

 

That script has nothing to do with viewing anything that is not on your server and as has already been posted, you cannot see the raw php code in a .php file on a server, unless that server is not configured correctly to parse .php files.

[BlueSkyIS]

PHP is compiled and executed on the server and the resulting HTML code is sent to the browser. You can't view the pre-compiled PHP unless the server is misconfigured.