john_bboy7 Posted April 13, 2008 Share Posted April 13, 2008 I dont know if its legal But is it possible to view source code Of php in an HTML site? If yes then how? That can solve my problem... :-\ Quote Link to comment Share on other sites More sharing options...
Cosizzle Posted April 13, 2008 Share Posted April 13, 2008 99% sure you can not I say 99% because PHP is protected which makes it valuable against preventing hackers... there are certain PHP elements that you can kinda see like an include for an example. the include function however converts the file your attaching into HTML. Mind my asking what your problem is? Perhaps someone here at the boards can help out. Quote Link to comment Share on other sites More sharing options...
BlueSkyIS Posted April 13, 2008 Share Posted April 13, 2008 PHP is compiled and executed on the server and the resulting HTML code is sent to the browser. You can't view the pre-compiled PHP unless the server is misconfigured. Quote Link to comment Share on other sites More sharing options...
roopurt18 Posted April 13, 2008 Share Posted April 13, 2008 the include function however converts the file your attaching into HTML. It does no such thing. include() opens and runs the specified file. If the file echoes HTML, then it will be dumped into the calling script, but it doesn't have to echo anything. Quote Link to comment Share on other sites More sharing options...
john_bboy7 Posted April 13, 2008 Author Share Posted April 13, 2008 I found this: Description: this script will not show source of hidden (starts with dot) files, files that don't end with .php, or files outside the document root. make sure any scripts with sensitive information meet at least one of those criteria (preferably all 3) in order to make this script refuse to show their source code. save the code in a file like showsource.php and put it in your site's document root. show the source of a file with showsource.php?file=path/to/script.php, or follow the instructions in the comment header to be able to use showsource.php?file=path/to/script.php instead. And this is the code Sourcecode.php: <? /*----------------------------------------------------------------------------*\ | show higlighted source code for a php file. the filename is expected in | | $_GET['file'], in the form of path/to/script.php | | | | on apache with mod_rewrite, the following allows viewing source using urls | | like /source/path/to/script.php instead of | | showsource.php?file=path/to/script.php: | | RewriteEngine on | | RewriteRule ^source/(.+)$ showsource.php?file=$1 | \*----------------------------------------------------------------------------*/ // get rid of any leading slashes while(substr($_GET['file'], 0, 1) == '/') $_GET['file'] = substr($_GET['file'], 1); // make sure they've asked for a file, it's a php file, it's not a hidden file, and it exists if(!isset($_GET['file']) || substr($_GET['file'], -4) != '.php' || substr($_GET['file'], 0, 1) == '.' || !file_exists($_SERVER['DOCUMENT_ROOT'] . '/' . $_GET['file']) || strpos($_GET['file'], '/.') !== false) { header('HTTP/1.0 Not Found'); // show a file not found error // DO: include your 404 document here die; } else { // get all of the higlighting colors from php.ini $highlight['bg'] = ini_get('highlight.bg'); $highlight['comment'] = ini_get('highlight.comment'); $highlight['default'] = ini_get('highlight.default'); $highlight['html'] = ini_get('highlight.html'); $highlight['keyword'] = ini_get('highlight.keyword'); $highlight['string'] = ini_get('highlight.string'); // set up arrays to use with str_replace later foreach($highlight as $type => $color) { $font[] = '<font color="' . $color . '">'; // php4 uses font tags $span[] = '<span style="color: ' . $color . '">'; // php5 uses span tags with css $class[] = '<span class="' . $type . '">'; // we will be replacing specific color settings with a classname that can have the color controlled by an external css file } $page->Start('source of /' . $_GET['file'], 'php source', '/' . $_GET['file']); ?> <html> <head> <title>source of /<?=$_GET['file']; ?></title> <style type="text/css"> div.source {font-family: monospace; margin: 1em 2%; width: 96%; height: 30em; overflow: auto; border: 1px dashed #666666; background-color: #eeeeee;} div.source ol {padding-left: 1.5em;} div.source li {white-space: nowrap;} div.source span.comment {color: #ff8000;} div.source span.default {color: #0000bb;} div.source span.html {color: #000000;} div.source span.keyword {color: #007700;} div.source span.string {color: #dd0000;} </style> </head> <body> <h1>php source: /<?=$_GET['file']; ?></h1> <div class="source"><ol> <? $file = fopen($_SERVER['DOCUMENT_ROOT'] . '/' . $_GET['file'], 'r'); // open the file for reading $php = 0; // should be either 1 or 0: 1 when we opened a php and didn't close it, 0 otherwise $comment = 0; // should be either 1 or 0: 1 when we opened a comment and didn't close it, 0 otherwise // loop through each line of the file while(!feof($file)) { $line = fgets($file); // if the line starts with one space, save it as a non-breaking space and trim it off if(substr($line, 0, 1) == ' ' && substr($line, 1, 1) != ' ') { $space = ' '; $line = substr($line, 1); } else $space = ''; // add a comment start to the beginning of the line if we are in a comment if($comment) $line = '/*' . $line; // add a php start to the beginning of the line if we are in php code if($php) $line = '<?' . $line; // remember to remove the php start and comment start if we added them $rmphp = $php; $rmcmt = $comment; // figure out if we start the next line in php code $php = substr_count($line, '<?') - substr_count($line, '?>'); // figure out if we start the next line in a comment $comment = substr_count($line, '/*') - substr_count($line, '*/'); // end the comment on this line to avoid unended comment errors if($comment) $line .= '*/'; // highlight the line and get rid of unneccessary code tags, line breaks, and br tags $line = str_replace(array('<code>', '</code>', "\n", "\r", '<br />'), '', highlight_string($line, true)); // change font color tags into span class tags (php4) $line = str_replace($font, $class, $line); // change span color tags into span class tags (php5) $line = str_replace($span, $class, $line); // change font closing tags into span closing tags (php4) $line = str_replace('</font>', '</span>', $line); // remove php start if we added it if($rmphp) { $pos = strpos($line, '<?'); if($pos !== false) $line = substr($line, 0, $pos) . substr($line, $pos + 5); } // remove comment start if we added it if($rmcmt) { $pos = strpos($line, '/*'); if($pos !== false) $line = substr($line, 0, $pos) . substr($line, $pos + 2); } // remove comment end if we added it if($comment) { $pos = strrpos($line, '*/'); //strrpos searches backward for '*' here, but */ should be the last thing on the line anyway if($pos !== false) $line = substr($line, 0, $pos) . substr($line, $pos + 2); } // get rid of any empty span tags, 2 levels deep $line = preg_replace('/<span class="(bg|comment|default|html|keyword|string)"><\/span>/', '', $line); $line = preg_replace('/<span class="(bg|comment|default|html|keyword|string)"><\/span>/', '', $line); // put a non-breaking space on any blank lines so that firefox/mozilla/netscape don't overlap the line numbers if(strlen($line) < 1) $line = ' '; ?> <li><?=$space; ?><?=$line; ?></li> <? } ?> </ol></div> <? } ?> But i am getting nothing?? ??? ??? Any idea?? Quote Link to comment Share on other sites More sharing options...
dezkit Posted April 13, 2008 Share Posted April 13, 2008 i have no clue whatsoever you are talking about, however, i might think you would want this tag?? <xmp></xmp> <xmp><?php echo "these tags can show you the php code without it actually functioning. so with html."; ?></xmp> <xmp><html><font color="red">You can not see the html itself</font></html></xmp> Quote Link to comment Share on other sites More sharing options...
PFMaBiSmAd Posted April 13, 2008 Share Posted April 13, 2008 john_bboy7, the script you posted allows someone to view the contents of your .php files on your server. If you have this on a live server, I recommend you remove it as quick as possible before someone uses it to see the content of your .php files. That script has nothing to do with viewing anything that is not on your server and as has already been posted, you cannot see the raw php code in a .php file on a server, unless that server is not configured correctly to parse .php files. Quote Link to comment Share on other sites More sharing options...
BlueSkyIS Posted April 13, 2008 Share Posted April 13, 2008 PHP is compiled and executed on the server and the resulting HTML code is sent to the browser. You can't view the pre-compiled PHP unless the server is misconfigured. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.