I use the following code to include page content in a index.php file (template).
if(isset($_GET['page']))
{
include($_GET['page'].'.php');
}
if(isset($_GET['special']))
{
include($_GET['special'].'.php3');
}
The url could look like this: http://www.example.com/?page={PageToShow}
This works fine for Chrome, Firefox and Safari, but the content is not shown in IE 7,8 & 9. Any idea why?
The server side PHP scripts wouldn't be affected by the browser that you use to view the page, so this looks like a rendering issue - check that the included code produces valid HTML, and that you haven't got <html> tags being included within other <html> tags.
You might want to rethink the way you're including page content - doing this via a GET variable is potentially insecure: for a start, it doesn't limit the files to those within the document root of your website.
At the very least I'd recommend doing some sanity checks on the input files (i.e. are they in the webroot?), but a more modern method is to use .htaccess rewriting to send all requests to index.php, where you can then choose which files to include depending on the request (take a look at this post for more information).
The server side script you put above should return the same result with all browsers. Try debugging with $_SERVER["REQUEST_URI"] and see if you get the same results.
Also, I would advise not to use such kind of includes for security reasons.
Related
I am on a WAMP stack and have the below one line of code for demo.html
<img src="http://localhost/redirect/demo.php"></img>
demo.php code as below
<?php
header("Location: http://localhost/redirect/blah");
exit();
?>
The code works fine. but there is huge response time during content download
when I change demo.html to use script tag vs img tag, there are no problems during response times
<script src="http://localhost/redirect/demo.php"></script>
Not sure why this is happening to IMG tags. Could anyone explain why this is happening and how do I avoid this? Are there any alternate methods to loading IMG via 302 without a javascript solution.
Note - believe this cannot be a PHP/WAMP problem as the response times are not affected when I call http://localhost/redirect/demo.php directly. Trust this has something to do with browser, its rendering, its load events.
If I'm not wrong, scripts are loaded synchronously whereas images are queued and loaded asynchronously.
So my understanding is if you use script tag, browsers wait to load http://localhost/redirect/demo.php which sends 302. This forces browser to execute http://localhost/redirect/blah before loading anything else.
Instead if you use img tag, browsers execute http://localhost/redirect/demo.php and continue to load remaining portion of the page. When demo.php returns 302, http://localhost/redirect/blah gets added to the queue of URLs to be loaded. Because of which the overall time to load the image is more.
Not sure if you can avoid it. Probably, enabling caching on demo.php could help in subsequent requests.
Depending on the usage of your image redirect, you can take a look at URL Rewriting.
I'm not sure it's a good solution because your example code is out of context.
You can also take a look at this question which can provide you additional informations : Is it OK to HTTP redirect images?
Use .htaccess:
RewriteEngine on
RewriteRule ^redirect/demo.php$ /redirect/blah [QSA,L]
Eventualy if you want to have the "blah" file/script on the other server you can use Reverse Proxy see: https://www.digitalocean.com/community/tutorials/how-to-use-apache-http-server-as-reverse-proxy-using-mod_proxy-extension
I have this code inside of my header
<?php
define('RELPATH','http://www.saint57records.com/');
include_once(RELPATH.'sidebar.php');
?>
and an example line of code in the sidebar
<img style="margin:10px;" src="<?php print RELPATH;?>images/logo.png" width="60px"/>
but when it gets to the page it includes the file correctly but all the links inside of the file just print RELPATH instead of the web url like this
<img style="margin:10px;" src="RELPATHimages/logo.png" width="60px"/>
It works fine on the other pages of my website, just not inside of Wordpress. Does anyone know what might be causing this issue?
The short answer is to provide a filesystem path to RELPATH, not a web URL.
The long answer is that when you use a web URL to include a PHP file, the PHP file will be treated like an external source. It will be called remotely, executed in a process of its own, and return the results. A constant defined previously can not have an effect in this remote resource.
If http://www.saint57records.com/ is on a different server, you'll have to pass RELPATH to it some other way, e.g. through a GET variable (which you'd have to sanitize with htmlentities() prior to use.) However, including content from a remote server in this way isn't good practice. It'll slow down your page as it'll make an expensive web request. If the target server is down, your page will time out.
I am trying to find an embedded stream link from a page. When I check for the source code of that page it returns something similar to below:
<script type='text/javascript'> swidth='640', sheight='460';</script>
<script type='text/javascript' src='http://www.sawlive.tv/embed/hqfootyerech1'></script>
This also returns code like:
http://sawlive.tv/embed/watch/xxxxxxx_
I have tried with file_get_contents to crawl to http://www.sawlive.tv/embed/hqfootyerech1 but it does not return anything.
The page only loads from http://myiframe12.altervista.org/
Is there a way to get the full source code of the page including the embedded page and script? I can inspect the elements loaded on that page with Firefox, but the source codes are different.
I have heard of Selenium2. But no idea how it works either.
You should use file_get_content.
There is a difference if you call it with http or a path to your file.
If you wish to get the source code you should write:
file_get_contents('path/to/YOUR/FILE.php');
You probably called a file with it's URL which is different, if you use http u can only see the ouput of the PHP script, so use the path.
I don't think you can access the source code of a file not on your domain, but i'm not sure about that.
*EDIT : *
In case this dosen't work, i found this code, not tested but should work too :
ob_start();
include "yourfile.php";
$myvar = ob_get_contents();
ob_end_clean();
I am experiencing some very strange behavior when including a php file.
I need to load a script that is not on the same domain as the page that will be calling it.
I have already created a system that works using cURL, but I just recently found out that many of the sites that will need to have access to this script, do not have cURL installed.
I did, however, notice that these sites have allow_url_fopen set to on. With this knowledge I got started creating a new system that would let me just include the script on the remote site.
Just testing this out, I coded the script test.php as follows:
<?php
echo("test");
?>
I include this script on the remote page using:
<?php
include("http://mydomain.com/script.php");
?>
and it works no problem and "test" is printed at the top of the page.
However, if I add a function to the script and try to call the function from the page, it crashes.
To make it worse, this site has php errors turned off and I have no way of turning it on.
To fully make sure that I didn't just mess up the code, I made my test.php look like this:
<?php
function myfunc()
{
return "abc";
}
?>
Then on the page including the file:
<?php
include("http://mydomain.com/script.php");
echo(myfunc());
?>
And it crashes.
Any ideas would be greatly appreciated.
This is not odd behavior, but since you load the file over the internet (note in this case the World Wide Web), the file is interpreted before it is sent to your include function.
Since the script is interpreted no functions will be visible, but only the output of the script.
Either load it over FTP or create an API for the functions.
My guess: The PHP of http://mydomain.com/script.php is interpreted by the web server of mydomain.com. All you're including is the result of that script. For a simple echo("test"), that's "test". Functions do not produce any output and are not made available to the including script. Confirm this by simply visiting http://mydomain.com/script.php in your browser and see what you get. You would need to stop mydomain.com from actually interpreting the PHP file and just returning it as pure text.
But: this sounds like a bad idea to begin with. Cross-domain includes are an anti-patterns. Not only does it open you up to security problems, it also makes every page load unnecessarily slow. If cross-domain inclusions is the answer, your question is wrong.
You are including the client side output from test.php rather than the server-side source code. Rename test.php to test.phpc to prevent executing the script. However this is dangerous out of security point of view.
EDIT I just realized that I must have had a massive brain fart while writing the abbreviated code sample. See, I'm using smarty. Thus, I'm actually already using Kips's solution, because smarty displays after the session is saved
I've been working on implementing a resource manager (for condensing, compressing and minifying CSS & JS) for a PHP site I'm working on and have run into an awfully strange problem. So when a user navigates to index.php, files are added to a resource manager object, which combines them into a single file and are included in the page via either <script src="resource.php?id=123&ext=.js"> or <link href="resource.php?id=123&ext=.css" />
What it basically boils down to is that a file path is stored in a session on the accessed page and read from the session on the resource page. In FF, this works perfectly fine. In IE and Chrome, it does not.
Here's a much-abbreviated code sample:
index.php
<?php
session_start();
//Do a ton of stuff
//Including adding several files to the resource object
//Add the resource links to the head
$smarty->append('headSection','<link href="resource.php?id=<?=$resourceID?>&type=.js" />');
</head>
//Save the resource file which:
// - Outputs the file
// - Saves a reference to it in session
$_SESSION[$resourceID] = $file;
//Let Smarty display
$smarty->display($templateFile);
?>
resource.php
<?php
readfile($_SESSION[$_GET['id']] . $_GET['type']);
?>
What it seems like to me is that FF waits for an entire page response before making any new requests to the resources required by the page, while IE and Chrome function by starting a new request the second it is encountered. Due to this, this error basically boils down to a race condition.
Can anyone confirm that this is indeed the way it works? And if so - how would I work around it?
Edit: After the update to your question, then I am not surprised that you are getting a race condition. I don't know why it is working in Firefox, but IE and Chrome are certainly not doing anything illegal by requesting the resources early. One way you could resolve this is with output buffering. At the top of your index.php file, you can add:
ob_start('ob_gzhandler');
This kills two birds with one stone, by: a) making sure that output is buffered, so the browser doesn't see the file until the whole page has been generated; and b) saving you and your users bandwidth by using gzip compression.
Previous answer: That doesn't seem to make sense. Cookies can only be set in the header, which happens before any page content is loaded. So the browser requests index.php, and the PHPSESSID cookie is set in the header. Then the page content is delivered.
I don't have access to a machine with PHP at the moment, but the following might help to test your theory. test1.php sets a session variable, but then takes 30 seconds to completely finish loading. Meanwhile, test2.php (a CSS file) will try to use that session variable as the text color. The text will show up red if the session could be read from test2, or black (default color) otherwise.
test1.php
<?php
session_start();
$_SESSION['mycolor'] = 'red';
?>
<html>
<head>
<link rel="stylesheet" href="test2.php" type="text/css" />
</head>
<body>
Starting test...<br/>
<?php
for($i = 0; $i < 6; $i++) //loop will take 30 seconds to complete
{
echo "$i<br/>\n";
sleep(5);
}
?>
Done!
</body>
</html>
test2.php
<?php
session_start();
?>
body { color: <?php echo $_SESSION['mycolor']; ?>; }
I finally figured out what was needed to fix this. For starters, Kip's suggested solution is correct, however it wasn't actually the solution to my problem as what I said was my problem wasn't actually my problem... more or less.
In one of the tests I was doing, I noticed suddenly that the SessionID was different for the page and for the resource file. I didn't have any idea how that was possible, until I remembered that in another component that I include in the page, I regenerate the SessionID (session_regenerate_id()) to prevent CSRF attacks. Once I commented out that line, everything worked perfectly in every browser.
For me however, this raises a new question... Why isn't session_regenerate_id() preserving session data?
Edit - Follow up:
It seems that this is actually a known issue and is well documented in the comments on the PHP docs page for session_regenerate_id().
Start here: http://www.php.net/manual/en/function.session-regenerate-id.php#81212 and read up.