Justtechjobs.com Find a programming school near you






Online Campus Both


php-documentation-list | 2003101

Re: [PHP-DOC] error message http://www.php.net/manual/en/function.include.php From: Gabor Hojtsy (gabor <email protected>)
Date: 10/07/03

Hm, this is better not posted to the include page, as it shows one of
the clear security hole introduction techniques. You include one file
with a name provided by the user... I would suggest you read the
security chapter in the manual.

Thanks for your submission anyway,
Goba

josh <email protected> wrote:
> I think I was getting an error message when I tried to post this, but here
> is what I wanted to add to http://www.php.net/manual/en/function.include.php
> Thanks,
> Josh
>
>
>
> ""
>
> First of all, great site! I have learned everything I know about php at
> this site.
> Here is a little script I wrote that I use as a online tutorial
> (tutorial.php), that shows files to users, but will not allow the user to
> view the files directly. It uses require, function, global, if, and echo.
>
> The files Users may view, but not view directly I have as one.php two.php
> and so on, you may call them anything you would like.php
>
> The main file may be called anything as well.
>
> Main File: yourfile.php
> My HTML blah blah blah
> <?php
> global $goto; // define a variable,
> function DoShow($goto){ //bein the function
> $includedfile = true; // this sets a variable that alows the other
> files to check and see if they are being access directly by the view, more
> will be explained latter on this
> if ( file_exists($goto) ){ // This statement checks to see if the file
> exists, if not it will go to the else statement
> //goto is defined like this,
> www.yoursite.com/yourfile.php?goto=theotherfile.php You can use this as a
> link, then when your main php file opens, it will open the other file within
> it.
> include($goto);} // this prints the other file out once the function
> DoShow() is called
> else { // if ?goto= is not defined or the file cannot be accessed or if a
> user types www.yoursite.com/yourfile.php without the extra ?stuff after it
> then he or she will get the following message.
> echo "This page may not be accessed like this, directly."; // specify your
> message here
> }
> }
> // now within yourfile.php you can have links to files such as,
> yourfile.php?goto=one.php or yourfile?goto=two.php (the php files at the end
> will be the ones you do not want users to view directly) i.e. <a
> href="http://www.losttware.com/html/tutorial.php?hidgkrresdgrtr=one.php">
> click here for file one </a> Now don't get confused, I use "hidgkrresdgrtr"
> instead of "goto" on my script. No big deal.
>
>
>
>
> DoShow($goto); // this will be inputing the file you want users to use, but
> not access directly, the one following the = into your main file.
>
>
> ?>
> My HTML blah blah blah
>
>
> Now the other files are quite simple,
> otherfile.php //or on my site, one.php two.php and so on
> <?php
> if ($includedfile == false) { // check to see if it is being accessed
> directly, by default it is false unless specified as true by the first page.
> echo "You may not view this file directly"; // prints out on the screen,
> your bad guy message
> exit; // kills the php file, nothing from here happens
> }
> else { $includedfile = true; // or, if your other file did access this one,
> then they may seeit (it is being used by your main file)
> echo " "; // not sure on this, but you have to at least echo a space, you
> could try this but I've found so far that I at least need a space in there
> for it to work.
> } ?> Now you can write your page here, html or whatever, plain text, or
> more php. This, on my site is where my tutorial txtis located.
>
> ""
>