Jump to content

Recommended Posts

Hi

 

I try to echo out random lines of a html file and want after submit password to whole content of the same html file. I have two Problems.

1st Problem When I echo out the random lines of the html file I don't get just the text but the code of the html file as well. I don't want that. I just want the text. How to do that?

for($x = 1;$x<=40;$x++) {
		$lines = file("$filename.html");
        echo $lines[rand(0, count($lines)-1)]."<br>";
        }

I tried instead of "file("$filename.html");" "readfile("$filename.html");" But then I get the random lines plus the whole content. Is there anything else I can use instead of file so that I get the random lines of text  without the html code?P.S file_get_contents doesn't work either have tried that one.

 

 

2nd Problem:

 

As you could see in my first problem I have a file called $filename.html. After I submit the value of a password I want the whole content. But it is like the program did forget what $filename.html is. How can I make the program remember what $filename.html is? Or with other words how to get the whole content of the html file?

 

My code:

if($_POST['submitPasswordIT']){
if ($_POST['passIT']== $password ){
$my_file = file_get_contents("$filename.html");
echo $my_file;
}
else{
echo "You entered wrong password";
}
}

If the password isn't correct I get: You entered wrong password. If the password is correct I get nothing. I probably need to create a path to the file "$filename.html", but I don't know exactly how to do that. 

 
    // get the filename of the file
    $fileinfo = pathinfo($selected_file);
    $filename = $fileinfo['dirname'] . DIRECTORY_SEPARATOR . $fileinfo['filename'];

 

You may need this lines to:

$selected_file = $_POST['radio1'];

    // get the filename of the file
$fileinfo = pathinfo($selected_file);
$filename = $fileinfo['dirname'] . DIRECTORY_SEPARATOR . $fileinfo['filename'];

Help would be very much appreciated.

 

 

 

 

 

 

1st Problem When I echo out the random lines of the html file I don't get just the text but the code of the html file as well. I don't want that. I just want the text. How to do that? 

 

I tried instead of "file("$filename.html");" "readfile("$filename.html");" But then I get the random lines plus the whole content. Is there anything else I can use instead of file so that I get the random lines of text  without the html code?P.S file_get_contents doesn't work either have tried that one.

No matter what file function you use PHP has no context of the file you are reading. It just returns whatever is in the file. It does not know you only want the text from the html file.

 

You could use a function called stip_tags which can remove HTML from the line you have read from the file. But a better way would be to parse the HTML DOM and then only return the node value(s) to get the plain text from the html file.

 

 

2nd Problem:

When is the password submitted? After the radio button has been submitted? If that is the case then you will need to either the add the value of $filename to a hidden input field or add it to a session variable in order for that value to remembered when the password form has been submitted. 

Edited by Ch0cu3r

At the risk of getting my post deleted again:

 

You can't just include an arbitrary file your user has asked for. What if they ask for your password file? You don't want to give that to them, do you?

 

No, a group of radio buttons with predefined filenames does not help against this, because this only affects the GUI of your website. The user can still send arbitrary paths to your server, and if you blindly send back the corresponding file, you've unknowingly given them direct access to all of your files (at least the ones readable by the webserver). Not good!

 

You need a whitelist of specific files that the user may see. Only include those and reject any other request. Don't just rely on users being nice.

Hi Ch0cu3r. Thanks for your reply. I tried to improve what you said. But like it looks like I do it all wrong. 

 

 

My full code:

 session_start();
  	$selected_file = $_POST['radio1'];
  	// get the filename of the file
    $fileinfo = pathinfo($selected_file);
    $filename = $fileinfo['dirname'] . DIRECTORY_SEPARATOR . $fileinfo['filename'];
    $password = 'Youarecrazy';
    $lines = file("$filename.html");
    $_SESSION['selectedfile'] = $selected_file;
    $_SESSION['file'] =  $filename;
  	$_SESSION['file2'] = $fileinfo;
	
 
if (isset($_POST['submitradio']))
{ 
 	 echo '<div class="imageselected">';
	 echo '<img src="'.$selected_file.'" /></br>'.PHP_EOL;
	 echo '</div>';
    // check to see if a html file named the same also exists
    if(file_exists("$filename.html"))
    {
    	echo '<div class="Password">';
    	echo 'Type in password your password';
    	
		echo "<label><div class=\"Input\"><input type='password' name='passIT' value='passit'/></div>";
		echo "<input type='submit' name='submitPasswordIT' value='Submit Password'/></div>";
		echo '</div>';
		echo "$filename.html shares the same name as $selected_file";
		

		for($x = 1;$x<=15;$x++) {
		$dom = $dom = new DOMDocument;
		$dom->loadHTML("$filename.html");
        echo $dom[rand(0, count($dom)-1)]."<br>";
        }
    	// end of forloop
 
		}
  		// end of check
		  // start Sorrytext
		 
    		else
    		{
    		 echo '<div class="HaWrong">';
        		echo "Ha. You got it all wrong.";
        		echo '</div>';
    		}
    		
		 // end Sorrytext
}
// End of submit radio

if($_POST['submitPasswordIT']){
if ($_POST['passIT']== $password ){
echo "You entered wrong password";
echo readfile("$filename.html");
}
else{
echo "You entered wrong password";
}
}
?>

How do I use sessions and HTML_DOM correctly?

hi I did read your response and I will work on that. But you know how it is with Php.  I would very much like to figure out the things that I have asked for. For me it's just that I would like to know how to write a code like this. When you have a problem when coding php you don't rest until you did find the answer. You may understand what I mean. Help would be therefor very much appreciated.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.