Jump to content

Simple PHP Include Question - I think my host changed something


kirkdickinson
Go to solution Solved by ginerjm,

Recommended Posts

I think something change on my GoDaddy hosted site and broke PHP code.

I have a really simple site that has been working for several years. It has a main index page and depending on the variable it is called with, displays different content in that page. I know literally nothing about PHP and someone else gave me the code forever ago. All the sudden the code stopped working. I have no clue why.

http://www.mysite.com/?con=about

“con” is the variable and “about” is another is the page I want displayed which should include a file named about.php.

If the page is called with an invalid variable or with none, it should revert to main.php.

The php code is:

   	<?
		$ext = ".php";
		$id = $_GET['con'].$ext;
		if (file_exists($id))
		{
		include($id);
		} else {
		include("main.php");
		}
	?>

The files are all actually there and will display, but not with the index wrapper, if I change the addresses to:

http://www.mysite.com/about.php

I think there must be something stupidly simple, but don’t know where to start… except for to ask on this forum.

Link to comment
Share on other sites

2 hours ago, kirkdickinson said:

stopped working

define: stopped working? what does happen and if you are getting a blank page, what does the 'view source' in your browser show? (the problem is probably the short-open tag no longer working.)

next, don't do this without validating that $_GET['con'] is exactly and only a permitted value. by using directory traversal or remote code inclusion, i.e. including path information or a remote url in the value, anyone can cause your code to include any file on your server, and if enabled, any code in a remote file, because file_exists($id) will be true.

Edited by mac_gyver
Link to comment
Share on other sites

7 minutes ago, mac_gyver said:

define: stopped working? what does happen and if you are getting a blank page, what does the 'view source' in your browser show? (the problem is probably the short-open tag no longer working.)

next, don't do this without validating that $_GET['con'] is exactly and only a permitted value. by using directory traversal or remote code inclusion, i.e. including path information or a remote url in the value, anyone can cause your code to include any file on your server, and if enabled, any code in a remote file, because file_exists($id) will be true.

The code doesn't include the page. It fails to put in the default, or the page called in the variable.

I just reached out to a friend that is a system admin. He said that my code probably shouldn't run in newer versions of PHP. I have version 8.1.2. He couldn't help me change the code because he isn't really a coder, but he said that the host he manages had a bunch of sites that broke with similar code when they upgraded their PHP version.

Link to comment
Share on other sites

Did you make the addition that I gave you and run it?  Errors?

What was the previous version?

What happens if you simply try to run the script that you are trying to include?

Or - add the following line to the top of your script;

echo "Now running in script (your script name)";

At the very least (if you have no errors) that should give you that message.

Edited by ginerjm
Link to comment
Share on other sites

6 minutes ago, kirkdickinson said:

The code doesn't include the page. It fails to put in the default, or the page called in the variable.

did you look at the 'view source' of the page as suggested?

7 minutes ago, kirkdickinson said:

He said that my code probably shouldn't run in newer versions of PHP

there's nothing php version specific in this code.

Link to comment
Share on other sites

If you are having problems trying to do what we have asked try this:

<?
	error_reporting(E_ALL);
	ini_set('display_errors', '1');
	$ext = ".php";
	if (isset($_GET['con']))
	{
		$id = $_GET['con'];
		if ($id == 'show')
		{
 			echo "Now running startup script";
			exit();
		}
		else 
		{
  			$id .= $ext;
			if (file_exists($id))
 		 		include($id);
			else 
		  		include("main.php");
	  	}
	}
	else
	{
 		echo "No con argument provided";
		exit():
	}

Save this revised version of your script as a tester.  Give it a new name.  Then execute it using 'show' as the con value  (?con=show) and see if the script gives you a message.  That means that it is working so try it again with you desired con value.

My guess is that it is not running and testing it as I suggested just now will show you nothing.   If so, may I suggest you post the full script (if it is not too large) for us to review?

Edited by ginerjm
Link to comment
Share on other sites

25 minutes ago, ginerjm said:

Did you make the addition that I gave you and run it?  Errors?

What was the previous version?

What happens if you simply try to run the script that you are trying to include?

Or - add the following line to the top of your script;

echo "Now running in script (your script name)";

At the very least (if you have no errors) that should give you that message.

Not showing any errors. I think the previous version was 7.?? My admin friend thought that code would break on 6 and above, but I don't think it was running anything that old.

It acts like it isn't running the PHP at all. The error code doesn't display any errors, the echo doesn't show anything, and my include doesn't get included. Maybe I need to look at the settings in the cpanel to make sure that it is set right to actually run PHP code. I remember seeing some settings a long time ago on a different server about that.

As much of a hack this page is, I guess I might as well share the link.
http://bbc-kjv.com/
http://bbc-kjv.com/phpinfo.php

 

Link to comment
Share on other sites

11 minutes ago, ginerjm said:

If you are having problems trying to do what we have asked try this:

<?
	error_reporting(E_ALL);
	ini_set('display_errors', '1');
	$ext = ".php";
	if (isset($_GET['con']))
	{
		$id = $_GET['con'];
		if ($id == 'show')
		{
 			echo "Now running startup script";
			exit();
		}
		else 
		{
  			$id .= $ext;
			if (file_exists($id))
 		 		include($id);
			else 
		  		include("main.php");
	  	}
	}
	else
	{
 		echo "No con argument provided";
		exit():
	}

Save this revised version of your script as a tester.  Give it a new name.  Then execute it using 'show' as the con value  (?con=show) and see if the script gives you a message.  That means that it is working so try it again with you desired con value.

My guess is that it is not running and testing it as I suggested just now will show you nothing.   If so, may I suggest you post the full script (if it is not too large) for us to review?

I just swapped out the code and it isn't working. I am wondering if there is something else going on in the cpanel of the GoDaddy server?

 

Link to comment
Share on other sites

5 minutes ago, ginerjm said:

If the echo line is properly placed (near the beginning?) it HAS to show if the script is running - that's why I gave it to you.

Show us the code.  No links  Don't care about your phpinfo at this point.

Here is the code for the entire page.

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>Bible Baptist Church - Byesville Ohio</title>

<!--[if IE 5]>
<style type="text/css">
/* place css box model fixes for IE 5* in this conditional comment */
.twoColFixLtHdr #sidebar1 { width: 230px; }
</style>
<![endif]--><!--[if IE]>
<style type="text/css">
/* place css fixes for all versions of IE in this conditional comment */
.twoColFixLtHdr #sidebar1 { padding-top: 30px; }
.twoColFixLtHdr #mainContent { zoom: 1; }
/* the above proprietary zoom property gives IE the hasLayout it needs to avoid several bugs */
</style>
<![endif]-->
<link href="bbc.css" rel="stylesheet" type="text/css">
</head>

<body bgcolor="#FFFFFF" class="twoColFixLtHdr">
<div id="fb-root"></div>
<script async defer crossorigin="anonymous" src="https://connect.facebook.net/en_US/sdk.js#xfbml=1&version=v6.0"></script>
<div id="container">
    <div id="header">
        <?php include ("header.php");?>
    </div>
    <div id="sidebar1">
        <?php include ("menu.php");?>
        <p>&nbsp;</p>
        <p><a href="https://www.facebook.com/pages/Bible-Baptist-Church-of-Byesville-OH/153672901470035?ref=br_tf"><img src="Images/facebook-logo.png" align="center" width="120" height="43" alt="Visit Us On Facebook"/></a></p>
        <p>&nbsp;</p>
        <p><a href="https://www.youtube.com/channel/UCe-3wTp8RuIFRY_XfLHIRZg"><img src="Images/youtube-logo.png" align="center" width="120" height="58" alt="Watch Us On YouTube"/></a></p>
        
        <!-- end #sidebar1 -->
    </div>
    <div id="mainContent">
        <?
        error_reporting( E_ALL );
        ini_set( 'display_errors', '1' );
        $ext = ".php";
        if ( isset( $_GET[ 'con' ] ) ) {
            $id = $_GET[ 'con' ];
            if ( $id == 'show' ) {
                echo "Now running startup script";
                exit();
            } else {
                $id .= $ext;
                if ( file_exists( $id ) )
                    include( $id );
                else
                    include( "main.php" );
            }
        } else {
            echo "No con argument provided";
            exit():
        }
        ?>
        
        <!-- end #mainContent --></div>
    <!-- This clearing element should immediately follow the #mainContent div in order to force the #container div to contain all child floats --><br class="clearfloat" />
    <div id="footer">
        <p>If my people, which are called by my name, shall humble themselves, and pray, and seek my face, and turn from their wicked ways; then will I hear from heaven, and will forgive their sin, and will heal their land.</p>
        <p align="right">II Chr 7:14 </p>
        <!-- end #footer --></div>
    <!-- end #container --></div>
</body>
</html>

Link to comment
Share on other sites

Just now, ginerjm said:

Did you make the correction I posted?  

If you have fixed my code and tried to run it and got back no message and no error message  give me the answers to my previous questions about the script name and the opening php tag.

I am not sure what you mean about a script name. I mostly do CFM stuff and don't really know much of anything about PHP. This is just a snippet of PHP code in my index file. No separate script. That code should insert the different pages of the website into the index file. It has been working for a decade. I don't know what an "Opening PHP tag" is?

 

Link to comment
Share on other sites

7 minutes ago, kirkdickinson said:

When I view the source, it shows the raw php code

the cause has already been posted -

56 minutes ago, mac_gyver said:

(the problem is probably the short-open tag no longer working.)

only use full opening tags <?php so that your php code will always be seen as being php code.

Link to comment
Share on other sites

9 minutes ago, mac_gyver said:

the cause has already been posted -

only use full opening tags <?php so that your php code will always be seen as being php code.

OK, sorry, I didn't understand what you meant. I changed that. My old code seems to partially work now. It will display the default page if there is no variable. If I add the variable, I get a "This page isn't working" error. HTTP ERROR 500.

When I swap the code out to your code, I get the above error every time.

Doing more research, I think GoDaddy has done something. I get some fatal errors on a couple of Wordpress sites that I have there.

Link to comment
Share on other sites

When you say 'index file' what do you mean?  Are you saying that you are not using any script and letting your system just use the default home page name?  What shows in the address bar when you do run it?  Does it have a .php extension on it or is it an html extension?

When you type in the ?con=xxx what is immediately in front of that?  Show us that whole address bar line.

Edited by ginerjm
Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.