IamTomCat Posted January 25, 2015 Share Posted January 25, 2015 Hi I try to echo out random lines of a html file and want after submit password to whole content of the same html file. I have two Problems. 1st Problem When I echo out the random lines of the html file I don't get just the text but the code of the html file as well. I don't want that. I just want the text. How to do that? for($x = 1;$x<=40;$x++) { $lines = file("$filename.html"); echo $lines[rand(0, count($lines)-1)]."<br>"; } I tried instead of "file("$filename.html");" "readfile("$filename.html");" But then I get the random lines plus the whole content. Is there anything else I can use instead of file so that I get the random lines of text without the html code?P.S file_get_contents doesn't work either have tried that one. 2nd Problem: As you could see in my first problem I have a file called $filename.html. After I submit the value of a password I want the whole content. But it is like the program did forget what $filename.html is. How can I make the program remember what $filename.html is? Or with other words how to get the whole content of the html file? My code: if($_POST['submitPasswordIT']){ if ($_POST['passIT']== $password ){ $my_file = file_get_contents("$filename.html"); echo $my_file; } else{ echo "You entered wrong password"; } } If the password isn't correct I get: You entered wrong password. If the password is correct I get nothing. I probably need to create a path to the file "$filename.html", but I don't know exactly how to do that. // get the filename of the file $fileinfo = pathinfo($selected_file); $filename = $fileinfo['dirname'] . DIRECTORY_SEPARATOR . $fileinfo['filename']; You may need this lines to: $selected_file = $_POST['radio1']; // get the filename of the file $fileinfo = pathinfo($selected_file); $filename = $fileinfo['dirname'] . DIRECTORY_SEPARATOR . $fileinfo['filename']; Help would be very much appreciated. Quote Link to comment Share on other sites More sharing options...
Ch0cu3r Posted January 25, 2015 Share Posted January 25, 2015 (edited) 1st Problem When I echo out the random lines of the html file I don't get just the text but the code of the html file as well. I don't want that. I just want the text. How to do that? I tried instead of "file("$filename.html");" "readfile("$filename.html");" But then I get the random lines plus the whole content. Is there anything else I can use instead of file so that I get the random lines of text without the html code?P.S file_get_contents doesn't work either have tried that one. No matter what file function you use PHP has no context of the file you are reading. It just returns whatever is in the file. It does not know you only want the text from the html file. You could use a function called stip_tags which can remove HTML from the line you have read from the file. But a better way would be to parse the HTML DOM and then only return the node value(s) to get the plain text from the html file. 2nd Problem: When is the password submitted? After the radio button has been submitted? If that is the case then you will need to either the add the value of $filename to a hidden input field or add it to a session variable in order for that value to remembered when the password form has been submitted. Edited January 25, 2015 by Ch0cu3r Quote Link to comment Share on other sites More sharing options...
Jacques1 Posted January 25, 2015 Share Posted January 25, 2015 At the risk of getting my post deleted again: You can't just include an arbitrary file your user has asked for. What if they ask for your password file? You don't want to give that to them, do you? No, a group of radio buttons with predefined filenames does not help against this, because this only affects the GUI of your website. The user can still send arbitrary paths to your server, and if you blindly send back the corresponding file, you've unknowingly given them direct access to all of your files (at least the ones readable by the webserver). Not good! You need a whitelist of specific files that the user may see. Only include those and reject any other request. Don't just rely on users being nice. Quote Link to comment Share on other sites More sharing options...
IamTomCat Posted January 25, 2015 Author Share Posted January 25, 2015 Hi Ch0cu3r. Thanks for your reply. I tried to improve what you said. But like it looks like I do it all wrong. My full code: session_start(); $selected_file = $_POST['radio1']; // get the filename of the file $fileinfo = pathinfo($selected_file); $filename = $fileinfo['dirname'] . DIRECTORY_SEPARATOR . $fileinfo['filename']; $password = 'Youarecrazy'; $lines = file("$filename.html"); $_SESSION['selectedfile'] = $selected_file; $_SESSION['file'] = $filename; $_SESSION['file2'] = $fileinfo; if (isset($_POST['submitradio'])) { echo '<div class="imageselected">'; echo '<img src="'.$selected_file.'" /></br>'.PHP_EOL; echo '</div>'; // check to see if a html file named the same also exists if(file_exists("$filename.html")) { echo '<div class="Password">'; echo 'Type in password your password'; echo "<label><div class=\"Input\"><input type='password' name='passIT' value='passit'/></div>"; echo "<input type='submit' name='submitPasswordIT' value='Submit Password'/></div>"; echo '</div>'; echo "$filename.html shares the same name as $selected_file"; for($x = 1;$x<=15;$x++) { $dom = $dom = new DOMDocument; $dom->loadHTML("$filename.html"); echo $dom[rand(0, count($dom)-1)]."<br>"; } // end of forloop } // end of check // start Sorrytext else { echo '<div class="HaWrong">'; echo "Ha. You got it all wrong."; echo '</div>'; } // end Sorrytext } // End of submit radio if($_POST['submitPasswordIT']){ if ($_POST['passIT']== $password ){ echo "You entered wrong password"; echo readfile("$filename.html"); } else{ echo "You entered wrong password"; } } ?> How do I use sessions and HTML_DOM correctly? Quote Link to comment Share on other sites More sharing options...
Jacques1 Posted January 25, 2015 Share Posted January 25, 2015 Please read my reply as well. If you left this forum with a gaping file inclusion vulnerability, that would be a sad outcome for everybody. Quote Link to comment Share on other sites More sharing options...
IamTomCat Posted January 25, 2015 Author Share Posted January 25, 2015 hi I did read your response and I will work on that. But you know how it is with Php. I would very much like to figure out the things that I have asked for. For me it's just that I would like to know how to write a code like this. When you have a problem when coding php you don't rest until you did find the answer. You may understand what I mean. Help would be therefor very much appreciated. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.