Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 5 years ago.
Improve this question
I am trying to use the file_put_contents() to create user specific pages. When a user first enters their account, I want the site to create a page that is accessible only by the user at mydomain.com/users/username.php. If they are not the user, then I am trying to redirect them to their own account page (because the users/username.html contains sensitive info). As such, I use this code in the username.html:
<?php
$actual_link='http://'.$_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF'];
$net = $actual_link['filename'];
if($_SESSION['username']==$net){
echo 'Verified';
}
else{
header('Location:mydomain.com/user/welcome.php');
}
?>
This, hypothetically, would keep unauthorized users off of the page. To create the page for each user (and keep it scalable), I used
file_put_contents($urlphp,$phpstuff)
(I decided not use FILE_APPEND because the file shouldn't exist). $urlphp is the username ($_SESSION['username']) combined with .php, and $phpstuff is all of teh that I put above. This is where I think I went wrong. I typed:
$phpstuff = "<?php
$actual_link='http://'.$_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF'];
$net = $actual_link['filename'];
if($_SESSION['username']==$net){
echo 'Verified';
}
else{
header('Location:mydomain.com/user/welcome.php');
}
?>"
However, this code produced:
Parse error: syntax error, unexpected '' (T_ENCAPSED_AND_WHITESPACE), expecting identifier (T_STRING) or variable (T_VARIABLE) or number (T_NUM_STRING) in path/to/users/welcome.php on line 35
Line 35 is:
$actual_link='http://'.$_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF'];
However, (and keep in mind here, I'm relatively new to PHP/MySQL, so I'm going off of what I know and what PHP.net and W3Schools tell me) I couldn't find any whitespace in line 35. So I assumed that you can't have a multi-line variable (which wouldn't be detrimental to the code. I think....), so I tried making it all one line, which produced the exact same error, but moved the problematic line up one.
What I can't figure out is if it's a problem with my use of file_put_contents() or my use of the variable $phpstuff. If there is anything that I missed, please point it out, I am almost positive it is something that I'm overlooking. I am at a loss as to what to do/try. All help is appreciated. Thanks!
Don't do it this way.
Instead of generating PHP dynamically and creating a file for each separate user (which is wrong in so many ways), have one file that handles all users, and then pass the username / userid as a parameter to the script.
You could use .htaccess to route all requests for /users/.php to, /users/index.php?user=.
Related
Closed. This question needs debugging details. It is not currently accepting answers.
Edit the question to include desired behavior, a specific problem or error, and the shortest code necessary to reproduce the problem. This will help others answer the question.
Closed 3 years ago.
Improve this question
I'm PHP developer but i cant understand this error
$uid = $this->db->Tables("telegrambots")->search([
"telegrambotid" => $this->botKey
])['uniqueId'];
if (!file_exists("TelegramBotCommands/{$uid}"))
mkdir("TelegramBotCommands/{$uid}");
Eval is evil, you probably don't need it so don't use it. You want to make a call to a class with a dynamic name? Use this:
$dynamic_class_name = 'Video';
$video = new $dynamic_class_name();
That being said, your snippet with eval seems to work perfectly fine:
http://sandbox.onlinephpfunctions.com/code/e3bb43b1ccfd27365247120e9c5751aac9e2b4ce
You would have to check your logs as to what the error is.
EDIT:
As you said you are using namespaces, try to use the full classname including the namespace in the eval function (like new \namespace\Videos(.... Even better though: don't use eval!
Closed. This question needs debugging details. It is not currently accepting answers.
Edit the question to include desired behavior, a specific problem or error, and the shortest code necessary to reproduce the problem. This will help others answer the question.
Closed 7 years ago.
Improve this question
I am facing some problem in my PHP function.
function pagename($id){
$query=mysql_query("select * from tbl_pages where recid='$id' and langid='$LangID'")
$rs=mysql_fetch_array($query);
$page_name=$rsp['pgname'];
print $page_name;
}
i am not getting any resutl
I saw some problems in your code
First, there is no connection string to your database, I hope you do the connection before to do the request.
Then, in your request, you try to use a variable $LangID not declared in your function, maybe you forgot to put it in your function declaration.
You put the result of your request in the $rs variable and then you try to read the $rsp variable.
You are using mysql in your code, actually it's very unsafe to use it, it's very recommended to use mysqli or PDO instead.
Finally, you don't return anything with your function, you are missing the return statement or maybe you just want to display the result ?
EDIT : I suggest you to write your SQL requests with uppercase, it's more readable for you and other people who read your code.
SELECT * FROM tbl_pages WHERE recid='$id' AND langid='$LangID'
There's no $LangID parameter.
$rs and $rsp are different variables in your code, you should use only one of them.
This function does not return anything, even if you get something in your print.
Check if mysql connection is already established.
Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 8 years ago.
Improve this question
I am trying to pass an action parameter and a variable parameter in the same header function.
Here is the code that I have written so far:
header('Location: .?action=show_edit_form, word=$word');
When I use the action parameter alone, it goes to the next page, but when I try to pass a variable along with the action parameter, it does not work.
Please advise.
Query string parameters in URLs are separated by & not by ,
PHP doesn't interpolate variables inside strings quoted with ', you need "
Although most browsers will silently error correct, the Location header requires an absolute URI
Thus:
header("Location: http://example.com/foo.php?action=show_edit_form&word=$word");
Unless you are certain your variable won't have special characters in it, you should make sure it is properly encoded for putting in a URL too.
header("Location: http://example.com/foo.php?action=show_edit_form&word=" . urlencode($word));
What you are doing with the header is just referring the user to another page that conforms to a normal url.
Header('Location: .?action=show_edit_form&
word='.$word);
On that page you can call $_GET['word']. You may also want to urlencode your values to prevent any unforseen problems with invalid characters. Look carefully at you quotation marks inside the header function.
For Example,
Here i am trying to send the parameter id & message for the purpose of deleting record,So you
use the following code,
$Params="?action=delete&id=".$id."&mess=Deleted Sucessfully";
header("Location:company.php".$Params);
So , in the next page you will get the parameter variable as,
$action=$_GET['action'];
$id=$_GET['id'];
$message=$_GET['mess'];
Above is the format of passing multiple parameters.Hope it works...
Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 8 years ago.
Improve this question
Suppose we have the following PHP scripts
if(isset($_GET['adr'])) {
$adr = $_GET['adr'];
include $adr.".txt";
}
I want to load a non text file, For this purpose I use mysite.com/?adr=g:/file.asd%00 URL, in the other side we all know all strings in PHP must terminated by NULL byte (i.e. %00). But when I request this URL the Apache server tells me:
Warning: include(): Failed opening 'g:/file.asd' for inclusion (include_path='.;C:\php\pear') in G:\Program Files\EasyPHP-12.1\www\index.php on line 16
Can anyone please tell me why this does not work?
Thanks
Leaving aside the massive security implications of includeing a file based on user input without validation, here's what I'd do:
if( strpos($adr,".") === false) $adr .= ".txt";
Basically, this appends .txt only if there is not already a file extension (or at least, something that looks like it might be a file extension)
I don't know anything about using NULL byte in urls.
When creating URL and passing parameter you should use urlencode function as below:
$x = 'ysite.com/?adr='.urlencode('g:/file.asd');
and you should make sure that file g:/file.asd.txt exists
Extra question - are you sure you have your file saved? In warning there is Failed opening 'g:/file.asd' for inclusion and in your code you include g:/file.asd.txt file.
Of course you can do this only on your localhost. IF you do it on live server, simple don't because anyone can quick reveal all filesystem data and do anything they want.
Closed. This question is not reproducible or was caused by typos. It is not currently accepting answers.
This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.
Closed 8 years ago.
Improve this question
Hi guys I'm following this tutorial and I'm getting an extremely strange error message in my PHP when I try and run it in the web browser. The code is as follows:
<?php
// Pull in the NuSOAP
require_once('nusoap.php');
// Create the server instance
$server = new soap_server();
// Initialize WSDL support
//(MyService is name of our service)
$server----->configureWSDL('MyService', 'urn:MyService');
// Character encoding
$server->soap_defencoding = 'utf-8';
//-------------------------------------------------
//Registrations of our functions
//-------------------------------------------------
//Our web service functions will be here.
//-------------------------------------------------
$HTTP_RAW_POST_DATA = isset($HTTP_RAW_POST_DATA) ? $HTTP_RAW_POST_DATA : '';
$server->service($HTTP_RAW_POST_DATA);
?>
Which is exactly as it's written in the tutorial, yet I keep getting this error message every time I run the PHP file:
UPDATE now I'm getting this error
Parse error: syntax error, unexpected T_DEC in
/home/a1335235/public_html/MyService.php on line 8
Can anyone figure out why?
As Mark Baker said in the comments (and I'll delete this if he posts first), your code is:
code require_once();
First and foremost code is not PHP. This should be require_once and you can see this in the PHP Manual. Secondly, require_once is a language construct. It's not a function call, so you don't need the (). You should have:
require_once 'nusoap.php';
The syntax error is telling you exactly what line the problem is on, so read it and google that bit of code to see how others are doing it and where you are going wrong in the future.
Now your issue is on line 8:
$server----->configureWSDL
This is not valid PHP either, unless you've heavily modifed the source code of the language, which you haven't. Change this to:
$server->configureWSDL()
That's how you call methods on objects. You should be reading the manual on Objects to see how this works.