Some thing wrong in this code.. Pls help

[kganesh20]

<?
   if ( $_GET['go'] != '' ) {
     include($_GET['go']);
   }
?>

 

I am having a problem while using this code.. consider if the above code is saved as "123.php". If i want to open a html document called "Test.html" under a folder called "content", I will use "www.youngbuddy.com/123.php?go=content/Test.html" in the url bar. Here comes my problem, I am havin image("Image.jpg") file in "Test.html"(the image file also present in the same folder where "Test.html" present), While opening "www.youngbuddy.com/123.php?go=content/Test.html" it is not showing the image.. But if i open "www.youngbuddy.com/content/Test.html" it is showing the image.

 

The "www.youngbuddy.com/123.php?go=content/Test.html" is showing the image only when i change the image location in "Test.html" to "content/image.jpg(location from the folder where "123.php" is found)". This not happens not only in this page, in all the pages, it is very difficult to change all the location of images, document from root folder. Please help me

 

Sorry for my poor english if you cant understand. Below i created the pages to show what is my problem exactly. Please Help me.

 

Image location not changed "image.jpg":

 

www.youngbuddy.com/123.php?go=content/Test.html

www.youngbuddy.com/content/Test.html

 

Image location changed to "content/image.jpg":

 

www.youngbuddy.com/123.php?go=content/Test2.html

www.youngbuddy.com/content/Test2.html

 

Note:

Test.html is the file in which i saved the image location as "image.jpg"

Test2.html is the file in which i saved the image location as "content/image.jpg"

 

 

Pls help me  ??? ??? ???

[stuffradio]

Well... just do what you did.

 

Change file location to "Content/image.jpg" or whatever it was. When you include the html file on the main page... it includes it as if it's actually executing the file. So it's trying to get the file from /image.jpg not content/image.jpg

[enoyhs]

Try like this:

<?
   if ( $_GET['go'] != '' ) {
     include("$_GET['go']");
   }
?>

[Zane]

notice that if you go here

http://www.youngbuddy.com/123.php?go=content/Image.jpg

 

you get this error

Parse error: syntax error, unexpected T_STRING in C:\Inetpub\vhosts\youngbuddy.com\httpdocs\Content\Image.jpg on line 30

[ashishmat1979]

Try the complete image path relative to root of site like:

 

<img src="http://www.youngbuddy.com/content/image.jpg" />

 

That i think will work for every case.

 

[kganesh20]

Try like this:

<?
   if ( $_GET['go'] != '' ) {
     include("$_GET['go']");
   }
?>

 

While using this i get the error

 

Parse error: syntax error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING in F:\xampp\htdocs\New\Main1.php on line 7

 

 

 

It is not posible for me to change all the locations of the files...... Is there any other way to solve this? ???

 

[premiso]

     include("$_GET['go']");

 

SHOULD BE

 

     include($_GET['go']);

 

I do not recommend using $_GET as includes without filtering due to exploits that can screw up your server. Verify the data in $_GET first.

[kganesh20]

But in these site you can see the thing can be done.. what i've told before

 

http://www.tamilflame.com/test.php?go=home.php

http://www.tamilflame.com/home.php

 

http://www.tamilflame.com/test.php?go=http://www.google.com

Not only google any site

 

Any one know how to do this? pls help me

 

 

[premiso]

They probably have a validation filter setup.

 

The dangerous aspect of that is anyone can modify that url and point it to a file on their site which runs on your site.

 

http://www.yoursite.com/link.php?go=http://www.mysite.com/include.txt

 

Whatever is in the include .txt file will now execute due to the include statement. I could then overwrite your index.php file, or read any file contents I want and write them as a txt file and then open those text files which could give me database access or even just code.

 

Instead what tamilflame is doing is using www.php.net/file_get_contents  which does not execute code, instead just grabs it in a string/array and printing it to the screen.

 

The limitation to this is if you are on shared hosting, chances are it will not work due to security settings for the above mentioned.

[BlueSkyIS]

note: include() of php code on another server will include() the output of that PHP, not the PHP itself.

 

eh, not necessarily. you could have the server echo back PHP code from PHP. never mind...

[kganesh20]

note: include() of php code on another server will include() the output of that PHP, not the PHP itself.

 

eh, not necessarily. you could have the server echo back PHP code from PHP. never mind...

 

Ya i agree with you BlueSkyIS

[kganesh20]

Thanks premiso

 

  As you told before tamilflame.com does not execute code, instead just grabs it in a string/array and printing it to the screen. Thats what i am searching for.... Just now im started to learn php.. Can u write the code?

 

[premiso]

note: include() of php code on another server will include() the output of that PHP, not the PHP itself.

 

eh, not necessarily. you could have the server echo back PHP code from PHP. never mind...

 

Ya i agree with you BlueSkyIS

 

Agree with what? Poor rambling of non-sense?

 

Here is a test for you, if you think include is the way to go:

 

Create this file on a site somewhere other than your main site, whether it is on a free hosted site or what I do not know:

 

include.txt

<?php
echo 'If you see this without the echo you have just been screwed by this file';
?>

 

Then create a test.php on your main site:

<?php
include($_GET['test']);
?>

 

Then reference your site via the following:

http://www.yoursite.com/test.php?test=http://www.othersite.com/include.txt

 

Let me know what you see on that test page. I bet you will just see "If you see this without the echo you have just been screwed by this file" and none of the other code.

 

Now all I have to do is write file operations in that code, and I can take down your whole system easily. I can even erase files, and most importantly overwrite/rename/display code.

 

 

Now that that part is aside here is one way to print out code without executing it:

 

<?php
$file = file_get_contents($_GET['website']); 

echo $header_data; // incase you have a header like on the sites example you need to print that out first

echo $file;

echo $footer_data; // footer comes last etc.
?>

[kganesh20]

I got this error when done with includ.txt and test.php

 

 

Warning: include() [function.include]: URL file-access is disabled in the server configuration in C:\Inetpub\vhosts\youngbuddy.com\httpdocs\test.php on line 2

 

Warning: include(http://www.google.com) [function.include]: failed to open stream: no suitable wrapper could be found in C:\Inetpub\vhosts\youngbuddy.com\httpdocs\test.php on line 2

 

Warning: include() [function.include]: Failed opening 'http://www.google.com' for inclusion (include_path='.;./includes;./pear') in C:\Inetpub\vhosts\youngbuddy.com\httpdocs\test.php on line 2

[premiso]

If this is a local server you need to allow remote access to files.

 

If you are on a shared server, well you are SOL. As they disable the fetching of remote files for security reasons as I explained above.

 

The setting would be in php.ini  and something like fopen_url  or similar. Look at the help contents of www.php.net/include  and  www.php.net/file_get_contents  it tells you what has to be enabled to use the including/fetching of remote files.

[BlueSkyIS]

Agree with what? Poor rambling of non-sense?

 

says the one who claims short tags are deprecated?

[premiso]

Either way if it is or is not depreciated/being depreciated. It is good practice to not use the short tags due to XML conflicts and the fact that any server can turn them off.

 

http://talks.php.net/show/php-best-practices/10

 

Something to consider one way or the other.

[kganesh20]

<?php
$file = file_get_contents($_GET['website']); 

echo $header_data; // incase you have a header like on the sites example you need to print that out first

echo $file;

echo $footer_data; // footer comes last etc.
?>

 

This code also not solved my prob...Here i will tell what my prob actually is....

 

Consider

The file 123.html contains images which are also in the same dir(content)..

If i execute Http://www.youngbuddy.com/main.php?go=content/test.html

 

When includeing the html file on the main page... it includes it as if it's actually executing the file. So it's trying to get the image file from the same dir where main.php is present and not the dir content/. It is not posible for me to change all the locations of images, pages, etc from the root dir.... for that main.php file

[kganesh20]

Any1 there?

[kganesh20]

Can any one help in this? ???

[sasa]

in main page your inlude must be

include ($_SERVER['DOCUMENT_ROOT'] .'/'.$_GET['go']);

 

in test.html you use

<img src="/content/image.jpg">

[kganesh20]

in main page your inlude must be

include ($_SERVER['DOCUMENT_ROOT'] .'/'.$_GET['go']);

 

in test.html you use

<img src="/content/image.jpg">

 

 

It showing the same result..  ???

here is the link to show the result of the above code

http://www.youngbuddy.com/testtest.php?go=content/test.html

 

Code used in testtest.php:

<?
   if ( $_GET['go'] != '' ) {
     include($_SERVER['DOCUMENT_ROOT'].'/'.$_GET['go']);
   }
?>

[sasa]

You mast change test.html from

<html><head></head>
<body>
<img border="0" src="Image.jpg" width="450" height="350">
</body>
</html>

to

<html><head></head>
<body>
<img border="0" src="/content/Image.jpg" width="450" height="350">
</body>
</html>

use full path for jour pictures

[kganesh20]

Thanks for your reply...

 

Im having lot of images and php files and flash files in my website... So i need to change all the path of all the files.. It will take long time to done.. So is there any other way to show the image by setting the src as image.jpg instead of content/image.jpg