We Keep Coding

Recursion with array's PHP [closed]

Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 3 years ago.
Improve this question
I have a function (listarUrls ()) that returns / scans all the urls it finds on a web page.
I need that for each of the urls that the function returns to me, I return to the list / scan all the urls of that page
many times as requested by the user, that is
.If the user asks for 1 iteration of the url www.a.com, bring back:
-$arry[0] www.1.com
-$arry[1] www.2.com
-..... So with all the urls you find in www.a.com
.If the user asks for 2 iteration of the url www.a.com, bring back:
-$arry[0] www.1.com
-$arry[0][0] www.1-1.com
-$arry[0][1] www.1-2.com
-...So with all the urls you find in www.1.com
-$arry[1] www.2.com
-$arry[1][0] www.2-1.com
-$arry[1][1] www.2-2.com
-...So with all the urls you find in www.2.com
-...
.If the user asks for 3 iteration of the url www.a.com, bring back:
-$arry[0] www.1.com
-$arry[0][0] www.1-1.com
-$arry[0][0][0] www.1-1-1.com
-$arry[0][0][1] www.1-1-2.com
-...So with all the urls you find in www.1-1.com
-$arry[0][1] www.1-2.com
-$arry[0][1][0] www.1-2-1.com
-$arry[0][1][1] www.1-2-2.com
-...So with all the urls you find in www.1-2.com
-$arry[1] www.2.com
-$arry[1][0] www.2-1.com
-$arry[1][0][0] www.2-1-1.com
-$arry[1][0][1] www.2-1-2.com
-...So with all the urls you find in www.2-1.com
-$arry[1][1] www.2-2.com
-$arry[1][1][0] www.2-2-1.com
-$arry[1][1][1] www.2-2-2.com
-...So with all the urls you find in www.2-2.com
-...
Could someone shed some light on the subject please?

This is web scraping with the option to instruct how much deep to investigate.
We can have a function definition like below:
function scrapeURLs($url,$steps,&$visited_urls = []);
Here, $url is the current URL we are scraping. $steps is which step we are investigating. If $steps == 1 at any point in our recursive function, we stop scraping further. $visited_urls is to make sure we aren't visiting same URL twice for scraping.
Snippet:
<?php
ini_set('max_execution_time','500');
libxml_use_internal_errors(true); // not recommended but fine for debugging. Make sure HTML of the URL follows DOMDocument requirements
function scrapeURLs($url,$steps,&$visited_urls = []){
$result = [];
if(preg_match('/^http(s)?:\/\/.+/',$url) === 0){ // if not a proper URL, we stop here, but will have to double check if it's a relative URL and do some modifications to current script
return $result;
}
$dom = new DOMDocument();
$dom->loadHTMLFile($url);
// get all script tags
foreach($dom->getElementsByTagName('script') as $script_tag){
$script_url = $script_tag->getAttribute('src');
if(!isset($visited_urls[$script_url])){
$visited_urls[$script_url] = true;
$result[$script_url] = $steps === 1 ? [] : scrapeURLs($script_url,$steps - 1,$visited_urls); // stop or recurse further
}
}
// get all anchor tags
foreach($dom->getElementsByTagName('a') as $anchor_tag){
$anchor_url = $anchor_tag->getAttribute('href');
if(!isset($visited_urls[$anchor_url])){
$visited_urls[$anchor_url] = true;
$result[$anchor_url] = $steps === 1 ? [] : scrapeURLs($anchor_url,$steps - 1,$visited_urls);
// stop or recurse further
}
}
/* Likewise, you can capture several other URLs like CSS stylesheets, image URLs etc*/
return $result;
}
print_r(scrapeURLs('http://yoursite.com/',2));

array_walk_recursive — Apply a user function recursively to every member of an array
https://www.php.net/manual/en/function.array-walk-recursive.php

query string in php url which fetches values from files in directories

for security reasons we need to disable a php/mysql for a non-profit site as it has a lot of vulnerabilities. It's a small site so we want to just rebuild the site without database and bypass the vulnerability of an admin page.
The website just needs to stay alive and remain dormant. We do not need to keep updating the site in future so we're looking for a static-ish design.
Our current URL structure is such that it has query strings in the url which fetches values from the database.
e.g. artist.php?id=2
I'm looking for a easy and quick way change artist.php so instead of fetching values from a database it would just include data from a flat html file so.
artist.php?id=1 = fetch data from /artist/1.html
artist.php?id=2 = fetch data from /artist/2.html
artist.php?id=3 = fetch data from /artist/3.html
artist.php?id=4 = fetch data from /artist/4.html
artist.php?id=5 = fetch data from /artist/5.html
The reason for doing it this way is that we need to preserve the URL structure for SEO purposes. So I do not want to use the html files for the public.
What basic php code would I need to achieve this?

To do it exactly as you ask would be like this:
$id = intval($_GET['id']);
$page = file_get_contents("/artist/$id.html");
In case $id === 0 there was something else besides numbers in the query parameter. You could also have the artist information in an array:
// datafile.php
return array(
1 => "Artist 1 is this and that",
2 => "Artist 2..."
)
And then in your artist.php
$data = include('datafile.php');
if (array_key_exists($_GET['id'], $data)) {
$page = $data[$_GET['id']];
} else {
// 404
}

HTML isn't your best option, but its cousin is THE BEST for static data files.
Let me introduce you to XML! (documentation to PHP parser)
XML is similar to HTML as structure, but it's made to store data rather than webpages.
If instead your html pages are already completed and you just need to serve them, you can use the url rewriting from your webserver (if you're using Apache, see mod_rewrite)
At last, a pure PHP solution (which I don't recommend)
<?php
//protect from displaying unwanted webpages or other vulnerabilities:
//we NEVER trust user input, and we NEVER use it directly without checking it up.
$valid_ids = array(1,2,3,4,5 /*etc*/);
if(in_array($_REQUEST['id'])){
$id = $_REQUEST['id'];
} else {
echo "missing artist!"; die;
}
//read the html file
$html_page = file_get_contents("/artist/$id.html");
//display the html file
echo $html_page;

Is it safe to pass filename in GET? [closed]

Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 8 years ago.
Improve this question
I am doing
index.php?letter=1&show=cat.jpg
File I do not include, but use it only as <img src="$_GET['show']">
Is it safe?

Simple code to validate the input.
// Check File Param provided
$filename = (isset($_GET['show']) ? $_GET['show'] : '');
if (strlen($filename) == 0) {
die('File Not Provided');
}
// remove leading '/' or double slashes (will also hack out http:// injections)
$filename = trim($filename);
$filename = str_replace('//', '/', $filename);
while (strlen($filename) > 0 && strcmp(substr($filename,0,1), '/') == 0) {
$filename = substr($filename, 1);
}
// Check filename exists
if (file_exists('./' . $filename)) { // Note the "./", also will to prevent cross site injections; if using a sub-directory, add in here
die ('file does not exist');
}
// Check file actually is an image
if (!#getImageSize('./' . $filename)) {
die ('file is not an image');
}
// Should be safe at this point.
You could also preg_match for a pattern if you know the pattern of filename e.g. always expecting a .png).
You probably also want to handle errors differently, but this should give you an idea.

Yes, Its safe to use. But you want to take care of XSS attacks.
Actually now you are showing the content attached to your parameter show inside your html page. Think a scenario if a user edited the 'cat.jpg' and inserted some script content into it.
See this simple example by Arjun Sreedharan.
XSS attack to your url would be as shown below
index.php?letter=1&show=Path/To/some/other/Image"></img><h1>XSS Attack</h1><div> Showing False data in your website</div><img src="Some/Other/Image.jpg
The Html rendered in your page would be
<img src="Path/To/some/other/Image"></img>
<h1>XSS Attack</h1>
<div> Showing False data in your website</div>
<img src="Some/Other/Image.jpg">
The solution is to encode html. HtmlEntities in PHP.

Yes, it is safe but the mechanism to deliver/show that file should be proper to handle only authorized requests.
If you want then you can do it by POST, but some time its possessive when you refresh the page and browser asking to confirm that previously posted data sends back to server again.
Above are my personal view.

I'd say get something like image_id from URL and then retrieve the relevant data from database and output your own data (e.g. file name) in the markup.
Even if you consider different ways of validating or filtering the users' input, you might still be open to some attacks or maybe bugs. To avoid that, again, I'd recommend to get a key from user and then based on that key output the data. Validating that key is much easier and also you are not gonna to output it again -- you're using that only in the back-end so it won't be a security hole for XSS attacks for example.

<img src="/images/<?php echo basename(preg_replace('/[^a-z0-9\.-]/i','',$_GET['show'])); ?>">
This will this will only return name of a file even if path or url is passed.

How to handle ?_escaped_fragment_= for AJAX crawlers?

I'm struggling to make AJAX-based website SEO-friendly. As recommended in tutorials on the web, I've added "pretty" href attributes to links: контакт and, in a div where content is loaded with AJAX by default, a PHP script for crawlers:
$files = glob('./pages/*.php');
foreach ($files as &$file) {
$file = substr($file, 8, -4);
}
if (isset($_GET['site'])) {
if (in_array($_GET['site'], $files)) {
include ("./pages/".$_GET['site'].".php");
}
}
I have a feeling that at the beginning I need to additionaly cut the _escaped_fragment_= part from (...)/index.php?_escaped_fragment_=site=about because otherwise the script won't be able to GET the site value from URL , am I right?
but, anyway, how do I know that the crawler transforms pretty links (those with #!) to ugly links (containing ?_escaped_fragment_=)? I've been told that it happens automatically and I don't need to provide this mapping, but Fetch as Googlebot doesn't provide me with any information about what happens to URL.

Google bot will automatically query for ?_escaped_fragment_= urls.
So from www.example.com/index.php#!site=about
Google bot will query: www.example.com/index.php?_escaped_fragment_=site=about
On PHP site you will get it as $_GET['_escaped_fragment_'] = "site=about"
If you want to get the value of the "site" you need to do something like this:
if(isset($_GET['_escaped_fragment_'])){
$escaped = explode("=", $_GET['_escaped_fragment_']);
if(isset($escaped[1]) && in_array($escaped[1], $files)){
include ("./pages/".$escaped[1].".php");
}
}
Take a look at the documentation:
https://developers.google.com/webmasters/ajax-crawling/docs/specification

Curing the "Back Button Blues"

Ever stumbled on a tutorial that you feel is of great value but not quite explained properly? That's my dilemma. I know THIS TUTORIAL has some value but I just can't get it.
Where do you call each function?
Which function should be called
first and which next, and which
third?
Will all functions be called in all files in an application?
Does anyone know of a better way cure the "Back Button Blues"?
I'm wondering if this will stir some good conversation that includes the author of the article. The part I'm particularly interested in is controlling the back button in order to prevent form duplicate entries into a database when the back button is pressed. Basically, you want to control the back button by calling the following three functions during the execution of the scripts in your application. In what order exactly to call the functions (see questions above) is not clear from the tutorial.
All forwards movement is performed by
using my scriptNext function. This is
called within the current script in
order to activate the new script.
function scriptNext($script_id)
// proceed forwards to a new script
{
if (empty($script_id)) {
trigger_error("script id is not defined", E_USER_ERROR);
} // if
// get list of screens used in this session
$page_stack = $_SESSION['page_stack'];
if (in_array($script_id, $page_stack)) {
// remove this item and any following items from the stack array
do {
$last = array_pop($page_stack);
} while ($last != $script_id);
} // if
// add next script to end of array and update session data
$page_stack[] = $script_id;
$_SESSION['page_stack'] = $page_stack;
// now pass control to the designated script
$location = 'http://' .$_SERVER['HTTP_HOST'] .$script_id;
header('Location: ' .$location);
exit;
} // scriptNext
When any script has finished its
processing it terminates by calling my
scriptPrevious function. This will
drop the current script from the end
of the stack array and reactivate the
previous script in the array.
function scriptPrevious()
// go back to the previous script (as defined in PAGE_STACK)
{
// get id of current script
$script_id = $_SERVER['PHP_SELF'];
// get list of screens used in this session
$page_stack = $_SESSION['page_stack'];
if (in_array($script_id, $page_stack)) {
// remove this item and any following items from the stack array
do {
$last = array_pop($page_stack);
} while ($last != $script_id);
// update session data
$_SESSION['page_stack'] = $page_stack;
} // if
if (count($page_stack) > 0) {
$previous = array_pop($page_stack);
// reactivate previous script
$location = 'http://' .$_SERVER['HTTP_HOST'] .$previous;
} else {
// no previous scripts, so terminate session
session_unset();
session_destroy();
// revert to default start page
$location = 'http://' .$_SERVER['HTTP_HOST'] .'/index.php';
} // if
header('Location: ' .$location);
exit;
} // scriptPrevious
Whenever a script is activated, which
can be either through the scriptNext
or scriptPrevious functions, or
because of the BACK button in the
browser, it will call the following
function to verify that it is the
current script according to the
contents of the program stack and take
appropriate action if it is not.
function initSession()
// initialise session data
{
// get program stack
if (isset($_SESSION['page_stack'])) {
// use existing stack
$page_stack = $_SESSION['page_stack'];
} else {
// create new stack which starts with current script
$page_stack[] = $_SERVER['PHP_SELF'];
$_SESSION['page_stack'] = $page_stack;
} // if
// check that this script is at the end of the current stack
$actual = $_SERVER['PHP_SELF'];
$expected = $page_stack[count($page_stack)-1];
if ($expected != $actual) {
if (in_array($actual, $page_stack)) {// script is within current stack, so remove anything which follows
while ($page_stack[count($page_stack)-1] != $actual ) {
$null = array_pop($page_stack);
} // while
$_SESSION['page_stack'] = $page_stack;
} // if
// set script id to last entry in program stack
$actual = $page_stack[count($page_stack)-1];
$location = 'http://' .$_SERVER['HTTP_HOST'] .$actual;
header('Location: ' .$location);
exit;
} // if
... // continue processing
} // initSession
The action taken depends on whether
the current script exists within the
program stack or not. There are three
possibilities:
The current script is not in the $page_stack array, in which case it is
not allowed to continue. Instead it is
replaced by the script which is at the
end of the array.
The current script is in the
$page_stack array, but it is not the
last entry. In this case all
following entries in the array are
removed.
The current script is the last entry
in the $page_stack array. This is
the expected situation. Drinks all
round!

That is a good discussion but more to the point you should be looking into Post Redirect Get (PRG) also known as "Get after Post."
http://www.theserverside.com/patterns/thread.tss?thread_id=20936

If you do not understand my article then you should take a close look at figure 1 which depicts a typical scenario where a user passes through a series of screens – logon, menu, list, search, add and update. When I describe a movement of FORWARDS I mean that the current screen is suspended while a new screen is activated. This happens when the user presses a link in the current screen. When I describe a movement as BACKWARDS I mean that the user terminates the current screen (by pressing the QUIT or SUBMIT button) and returns to the previous screen, which resumes processing from where it left off. This may include incorporating any changes made in the screen which has just been terminated.
This is where maintaining a page stack which is independent of the browser history is crucial – the page stack is maintained by the application and is used to verify all requests. These may be valid as far as the browser is concerned, but may be identified by the application as invalid and dealt with accordingly.
The page stack is maintained by two functions:
scriptNext() is used to process a
FORWARDS movement, which adds a new
entry at the end of the stack and
activates the new entry.
scriptPrevious() is used to process
a BACKWARDS movement, which removes
the last entry from the stack and
re-activates the previous entry.
Now take the situation in the example where the user has navigated to page 4 of the LIST screen, gone into the ADD screen, then returned to page 5 of the LIST screen. The last action in the ADD screen was to press the SUBMIT button which used the POST method to send details to the server which were added to the database, after which it terminated automatically and returned to the LIST screen.
If you therefore press the BACK button while in page 5 of the LIST screen the browser history will generate a request for the last action on the ADD screen, which was a POST. This is a valid request as far as the browser is concerned, but is not as far as the application is concerned. How can the application decide that the request is invalid? By checking with its page stack. When the ADD screen was terminated its entry was deleted from the page stack, therefore any request for a screen which is not in the page stack can always be treated as invalid. In this case the invalid request can be redirected to the last entry in the stack.
The answers to your questions should therefore be obvious:
Q: Where do you call each function?
A: You call the scriptNext()
function when the user chooses to
navigate forwards to a new screen,
and call the scriptPrevious()
function when the user terminates
the current screen.
Q: Which function should be called
first and which next, and which
third?
A: Each function is called in
response to an action chosen by the
user, so only one function is used
at a time.
Q: Will all functions be called in
all files in an application?
A: All functions should be available
in all files in an application, but
only called when chosen by the user.
It you wish to see these ideas in action then you can download my sample application.

The part I'm particularly interested in is controlling the back button in order to prevent form duplicate entries into a database when the back button is pressed.
Your premise is wrong. There is no such thing as "Back Button Blues", if you design your application as a web application. If you design your application without any server side state, you will never run into this problem in the first case. This minimalistic approach to web applications works remarkably well, and is usually known as REST.

# troelskn
If you design your application without any server side state ....
It is not possible to design an effective application which does not have state, otherwise all you have is a collection of individual pages which do not communicate with each other. As maintaining state on the client is fraught with issues there is no effective alternative but to maintain state on the server.

#Marston.
I solved the problem with post/redirect/get but I believe the tutorial has some merit and perhaps Tony Marston can elaborate on it. And how it could be used to solve not necessarily my particular problem but perhaps something similar. Or how is it better than post/redirect/get if the functions can in fact be used in solving my particular problem. I think this will be a good addition to the community here.

if ($_POST) {
process_input($_POST);
header("Location: $_SERVER[HTTP_REFERER]");
exit;
}