Grow your CSS skills. Land your dream job.

PHP Include issue

  • # May 9, 2012 at 1:49 pm

    Here’s my issue – a friend’s hosting expired and I offered to host it – on moving it to my server, nothing worked (see http://nordconsultants.com). After looking at the code, I found the issue.



    home

    about us

    why choose us

    services

    workshops

    success stories

    articles

    clients

    testimonials

    contact





    < ? ini_set('display_errors','0'); include("/usr/local/etc/httpd/htdocs/nordconsultants/copy-$id.txt"); ?>

    When you click on a menu item, say “about us”, it is supposed to load copy-about.txt. Unfortunately, my server is set up differently and

    /usr/local/etc/httpd/htdocs/nordconsultants/copy-$id.txt

    is not a valid path. The .txt files are in the same directory as the PHP file.

    I tried:

    copy-$id.txt
    /copy-$id.txt
    .copy-$id.txt
    /domains/nordconsultants.com/html/copy-$id.txt

    and nothing worked. I’m guessing I am just missing something stupid, but I am out of ideas. Anyone? Thanks in advance.

    # May 9, 2012 at 2:22 pm

    My PHP isn’t that strong lately, but I know in JS you’d have to pass in a variable like this:

    something('/this/is/my/path/copy-' + $id + '.txt')
    # May 9, 2012 at 3:37 pm

    +1 @TheDoc

    that last line should read


    < ? ini_set('display_errors','0'); include("copy-" . $id . ".txt"); ?>

    # May 9, 2012 at 4:13 pm

    @Schmotty @TheDoc

    < ? ini_set('display_errors','0'); include("copy-" . $id . ".txt"); ?>

    Still no dice. PHP is up to date (5.3.10). Not sure what’s going on here…

    # May 9, 2012 at 4:18 pm

    If it’s not showing up with that code, then it must be a path issue.

    # May 9, 2012 at 4:23 pm

    @TheDoc It’s in the same directory as page.php. Is that the correct code? Sorry, my PHP is very rusty.

    # May 9, 2012 at 4:36 pm

    change $id to $_GET


    < ? ini_set('display_errors','0'); include("copy-" . $_GET . ".txt"); ?>
    # May 9, 2012 at 4:41 pm

    That worked. Thank you both!

    __
    # May 9, 2012 at 9:29 pm

    to explain what’s going on, PHP used to have register_globals turned on by default. It was turned “off” in version 4.2, deprecated in 5.3, and was removed in version 5.4.

    Basically, it “read” all of the indexes from the superglobals ($_GET, $_POST, etc.) and magically created $variables with them. This made things marginally easier for coders -novice coders, at least- but was a huge security problem otherwise. For example (from php.net):

    < ?php
    // define $authorized = true only if user is authenticated
    if (authenticated_user()) {
    $authorized = true;
    }

    // Because we didn't first initialize $authorized as false, this might be
    // defined through register_globals, like from GET auth.php?authorized=1
    // So, anyone can be seen as authenticated!
    if ($authorized) {
    include "/highly/sensitive/data.php";
    }
    ?>

    I would be suspicious that a script written so long ago (when code like this was common) would have other security problems with it. For example, you should _never_ use user-submitted data without checking that it is valid and safe. I would highly recommend checking.

    # May 9, 2012 at 9:35 pm

    @traq Good to know. Always helps to understand why something doesn’t work. I will definitely check the rest of the site. Thanks!

Viewing 10 posts - 1 through 10 (of 10 total)

You must be logged in to reply to this topic.

*May or may not contain any actual "CSS" or "Tricks".