stefanoperfili Posted April 20, 2007 Share Posted April 20, 2007 Hey, I'm pretty much a beginner and I've never used PHP before. I've got a thing going, ?page=index or ?page=whatever, and it checks to see if the file is there before including it. This worked when I was on my funpic server but now I'm on this new server and it just doesn't! Current PHP version: 5.0.3, on Windows. What other information do I need to provide? Things I've already tried: - Setting file permissions to read - In php.ini ... safe_mode = Off - ini_set('safe_mode', 'Off'); Here's what I've been doing (forgive me if I've pasted anything irrelevant) ... <?php session_start(); error_reporting(E_ALL); require_once("menu.php"); $sidemenu = ""; $bottommenu = ""; $pagedir = "pages"; $datadir = "register"; foreach($links as $page => $text) { $serv1 = $_GET["page"]; if (empty($serv1) || !file_exists($pagedir . "\\" . $serv1 . ".htm")) { $serv1 = "home"; } $sidemenu .= "\n<a href=\"index.php?page={$page}\""; if ($serv1 == $page) { $sidemenu .= " id=\"current\""; } $sidemenu .= ">{$text}</a> "; $bottommenu .= "· <a href=\"index.php?page={$page}\""; if ($serv1 == $page) { $bottommenu .= " id=\"current2\""; } $bottommenu .= ">{$text}</a> "; } $bottommenu .= "·"; $pageindex = $page = isset($_GET["page"]) ? $_GET["page"] : null; if (!$page || $page == "home") { $page = "home.htm"; } else { $page = "{$page}.htm"; } $serv2 = $page; if (!file_exists($pagedir . "\\" . $serv2)) { $page = "home.htm"; } ?> In the body ... <?php include_once($pagedir . "\\" . $page); ?> Menu.php ... <?php $links = array(); //Format: $links["page-name"] = "Link Text"; //Will generate html that looks like <a href="index.php?page=page-name">Link Text</a> //the content will come from page-name.htm $links["home"] = "Home"; $links["upcoming"] = "Upcoming Symposiums"; $links["introd"] = "Introductions"; $links["moreinfo"] = "More Information"; $links["resrc"] = "Resources"; $links["media"] = "In the Media"; $links["contact"] = "Contact Information"; ?> Link to comment https://forums.phpfreaks.com/topic/47844-file_exists-incorrectly-reports-false/ Share on other sites More sharing options...
genericnumber1 Posted April 20, 2007 Share Posted April 20, 2007 file_exists() isn't incorrectly returning false... $pagedir . "\\" . $serv2 would translate to be "pages\\home.htm" ... I really don't think that exists. PS this script is grossly insecure Link to comment https://forums.phpfreaks.com/topic/47844-file_exists-incorrectly-reports-false/#findComment-233807 Share on other sites More sharing options...
dwees Posted April 20, 2007 Share Posted April 20, 2007 Probably a good idea to tell him why its insecure, he did mention he's a newbie. Anyway, you use a $_GET variable which is available for the user to alter in their address bar (but $_POST variables are only slightly harder to spook) and so they can enter whatever they want for the variable. So as a result, you need to consider that variable to be user entered, and strip it of any bad content. Link to comment https://forums.phpfreaks.com/topic/47844-file_exists-incorrectly-reports-false/#findComment-233836 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.