So I have two copies of exactly the same project. The configuration of the servers is the same. The script has to write some data to database and then redirect the user to the appropriate page with the header() function depending on the data written to the database.
It works fine on the Linux server, though in Windows it tries to redirect first, and then write to the database, which, of course, doesn't work, because there's no data written. If I comment out the header() function in the Windows version, it writes to the database, but doesn't do the redirection.
How can two exact scripts work so different?
Edit:
I'm not sure how do I show the code, since there's so much of it and it's so scattered. But basically, it's just a function that sets the header() and then the function that writes to db. And when it redirects, it should select the data that was written to the database and display it.
That's a very simplified version of it. Bear in mind, the header is set BEFORE the writing to the database. I believe this to be the culprit, but I didn't write the code, and I can't change the architecture of it, since it works perfectly on 2 Linux servers, I just don't understand how. I just need to make it work on the Windows server.
It makes the redirection ok, I mean it sends me to the link that it should send me to, but it doesn't write to the database. But it I comment out the header() part, it writes to the database, but doesn't make the redirection.
Try adding an if statement like this:
if(mysql_query('...') && mysql_affected_rows()){
header("Location: redirectScript.php");exit();
}
Hope this helps...
The documentation for the header function states the following:
Note:
HTTP/1.1 requires an absolute URI as
argument to ยป Location: including the
scheme, hostname and absolute path,
but some clients accept relative URIs.
You can usually use
$_SERVER['HTTP_HOST'],
$_SERVER['PHP_SELF'] and dirname() to
make an absolute URI from a relative
one yourself:
Are you using a relative URL? It's possible that LAMP likes a relative URL more then WAMP does. It is a simple test, so worth a shot.
For some reason i've only got it to work on WampServer and with PHP 5.2.4
Related
Gone through related posts and found turning allow_url_include will does the trick. However when I did this :
remote file file.php at http://www.courierscripts.com
$content = file_get_contents('http://www.courierscripts.com/folder/file.php');
on my functions.php, was not able to use the functions of file.php. I also don't want to change my file.php to file.txt because everyone can see it.
Any other way?
If the file is on the same server, use absolute or relative path to it, not an url. Otherwise:
Short answer:
No, it's not possible.
Long answer:
Actually possible with conditions but I bet you won't like them.
It's obviously impossible if you don't have access to the target server (otherwise storing passwords in php config files like Wordpress does would be just one big security flaw).
First of all, file_get_contents returns a string. So you could eval it, but eval is very bad (you can search SO for the clues why).
OK, suppose you agree to eval what's coming from that server even after considering that someone might change the code and do whatever he wants on your machine. BUT you make an http request that is handles by the server (Apache, Nginx or whatever else).
The server knows that *.php files should not be handles as static files. For example, fastcgi. You can turn that off, for example, with RemoveHandler in Apache. But that would let everyone see the source code of files you expose this way.
So, after removing handlers and evaling the result, you could get the result. But be ready that someone you work with will punch you in the face for doing that ;)
UPD
For code sharing, use Composer to create a package and use it as a dependency.
Problem Description in Brief:
PHP script seems to work on my local web server when I 'include' it from the footer tag of my index.html file, but does not work when I upload it to my website. Note that I have made sure that all paths are correct, and that the script file has its own php tags, etc.
Problem Description in Detail:
Yes, I am new to PHP scripting, and yes, variants of this question have probably been asked before. The answers to a few of the questions I have read have noted the path of the php script files to be incorrect. I have checked all paths and confirmed that they are indeed correct (including those on the web hosting server). Furthermore, I have been successful in getting the script to work on my local server running Apache2 with PHP5, but have not been successful when uploading it to my website.
Essentially, I am trying to implement a hit counter script which I have acquired from a Stack Overflow post labelled Visitors counter for simple web sites like Vinaora. The code that invokes the php script looks something like this....
<footer>
<!-- Execute Hit Counter Script -->
<?php include($_SERVER['DOCUMENT_ROOT'].'/php/hitcounter.php'); ?>
</footer>
For the likes of me, I cannot figure out why it does not work on the web hosting server. I have tried other combinations of invoking the script like,
<footer>
<!-- Execute Hit Counter Script -->
<?php include('./php/hitcounter.php'); ?>
</footer>
and,
<footer>
<!-- Execute Hit Counter Script -->
<?php include(dirname(__FILE__).'/php/hitcounter.php'); ?>
</footer>
All combinations seem to work on my local web server, but not on the website! Also note that, I have no problem invoking other PHP scripts using other methods (even on the web hosting server), eg.
<form id="form-query" onsubmit="this.checkValidity();" action="./php/contact.php" method="post">
Any advice/suggestions would be appreciated.
Do you get any PHP error?
First of all, you need to activate error reporting.
Put this before including your file
ini_set('display_errors',1);
error_reporting(-1);
PHP should tell you what's happening.
If you don't see anything, change the filename index.html to index.php and try again.
Maybe be you have used "\" in your include path
Wrong:
<?php include 'includes\header.php'; ?>
You should use "/" to work.
Current:
<?php include 'includes/header.php'; ?>
sometimes it might be dues to casing. check if you you uppercase in naming. on some servers Index.php is not equal to index.php
You might try pasting the "include" code directly into the calling code. Maybe it's the included code itself that's misbehaving...
You are doing completely incorrect thing in the first place.
PHP script seems to work on my local web server when I 'include' it from the footer tag of my index.html
is just totally wrong
There is no such thing as embedding php file within html file (aside from mod_rewrite ...).
For PHP script to be interpreted you must have it (in 99% of cases) with php suffix. This way you allow PHP to distinguish it from regular PHP and send to php interpreter.
Put simply - create this file (a.html):
<body>
abcd<?php echo 'efgh';?>
</body>
and see the result in your browser - use .../a.html
What do you see?
abcd
and not
abcdefgh
On top you always have to have php not the other way around. Solve this or update your question if incorrect.
Short version: How can I relocate to C:\Abyss Web Server\htdocs\database\pfs\max\files\public\sdf.png using header()?
Thorough version:
Currently I'm stuck with this piece of code:
header("Location: ".ROOT_URL."\database\pfs\\".$_GET["u"]."\\files\public\\".$c);
(Not completely in context, but it's not needed in this case, since I've managed to track the cause on my own).
$c is the filename, declared in context, and $_GET["u"] is the "owner's" name. ROOT_URL is defined as: define("ROOT_URL", "file://\Abyss%20Web%20Server\htdocs");, which simply is the path to the server directory (I've also tried with define("ROOT_URL", "C:/\Abyss%20Web%20Server\htdocs"); , but there's no luck there either). Anyways, with this, I want the user to be able of downloading uploaded files by $_GET["u"]. The problem is though, that I everytime get a 404 error... And, from experimenting a bit, I've come to the conclusion that the header() function isn't handling the redirect well.
Not sure why this is happening exactly, but I assume that it has something to do with file:// or c:/. My server is currently hosted locally, and therefore I need to use these methods instead (for so long). Answer would be highly appreciated, as I've been stuck with this for a while now...
If it is a local file system link, you need to prepend the file:// protocol prefix:
header('Location: file://C:\\path\\to\\file');
If you omit that, the client (browser) will interprete it as http://C:\\path\\to\\file
So I've never seen this before. I have an EC2 server (first time setting this up) using Debian Linux and Apache 2.2. Using a path like so /js/file.js is looking for http://js/file.js. On my local machine and my dreamhost shared server I don't have this problem. In fact I've never seen this problem on a server before. What it should do is look for http://domain.com/js/file.js. Does anyone have some idea of why this could be happening? I've poured over my php.ini file and don't have any hint at what I should change or add to fix this.
What kind of syrup did you "pour" over your php.ini file? It may have gummed up the works! ;)
Have you looked in the output HTML via your browser (View > Page Source), and what you're getting is http://js/file.js? Is that src="http://js/file.js" in a tag? Adding http://domain.com/ should be the work of the browser, not the server. Some browsers display URLs with the domain already added, while others show exactly what you sent to the page. Are you sending any tags that maybe are missing the domain? I think it's only supposed to apply to relative URIs, but it's worth checking. Did you actually use js/file.js or /js/file.js? They're very different.
Ok, so I figured it out. The problem was that on my local machine and on my other server I was not at the root domain so I was using $_SERVER['SCRIPT_NAME'].DIRECTORY_SEPARATOR."js/" to determine the root url to make an alias to the js files path. This returned /app/js/. This worked fine when the files where in a sub folder from the domain somewhere e.g. domain.com/app/js/file.js.
However once I was installing this app on my server and it was the root application $_SERVER['SCRIPT_NAME'].DIRECTORY_SEPARATOR."js/" was returning //js/. That was the problem! That is not the same as /js/. That was bypassing the domain as part of the url and instead telling the browser to look at http://js like it was a fully qualified url. I am assuming // is shorthand for http:// though I've never tried this before.
To fix this I hacked together this function based off of something in the Yii Framework, which is what I'm using for this application.
function getBaseUrl() {
$scriptName=basename($_SERVER['SCRIPT_FILENAME']);
if(basename($_SERVER['SCRIPT_NAME'])===$scriptName)
$_scriptUrl=$_SERVER['SCRIPT_NAME'];
else if(basename($_SERVER['PHP_SELF'])===$scriptName)
$_scriptUrl=$_SERVER['PHP_SELF'];
else if(isset($_SERVER['ORIG_SCRIPT_NAME']) && basename($_SERVER['ORIG_SCRIPT_NAME'])===$scriptName)
$_scriptUrl=$_SERVER['ORIG_SCRIPT_NAME'];
else if(($pos=strpos($_SERVER['PHP_SELF'],'/'.$scriptName))!==false)
$_scriptUrl=substr($_SERVER['SCRIPT_NAME'],0,$pos).'/'.$scriptName;
else if(isset($_SERVER['DOCUMENT_ROOT']) && strpos($_SERVER['SCRIPT_FILENAME'],$_SERVER['DOCUMENT_ROOT'])===0)
$_scriptUrl=str_replace('\\','/',str_replace($_SERVER['DOCUMENT_ROOT'],'',$_SERVER['SCRIPT_FILENAME']));
else
throw new Exception('The App is unable to determine the entry script URL.'));
return rtrim(dirname($_scriptUrl), '\\/');
}
I hope this helps someone else.
I'm developing a PHP application that has to respond to request from several clients, and I thinks "Can any of the clients see the PHP code that I'm writing?".
No, unless
There is a server misconfiguration
There is a bad echo/include somewhere
No. Unless you're echoing it to them under where you're actually using it.
Use includes from below or outside the www served directory. (can't +1 yet.. for Frankie)
Don't use symlinks for your http directories. I've intentionally used this to both show source and execute depending on user request path before, but that required httpd.conf changes (or misconfiguration) and can explicitly be disabled in httpd.conf.
If allowing downloads of files using fopen, don't pass anything the user creates to it or they could figure out how to get it to grab any file they can find.
Consider:
fopen('reports/' . $_GET['blah']);
where the user passes in '../index.php'
No, but you should take all measures to prevent it.
You should always set your sensitive code (heck, why not all?) in a directory bellow your server working dir (say /www), that way if the server gets messed up, it wont be able to show your code to the world because that code will be included by php that is not working in the first place.
If you have your webserver set to serve instead of parse your php yes. But then the clients wouldn't work. So the barring any security holes, answer is no.
No. Assuming you've installed a L/UAMP server properly, or aren't printing out (echo, print_r, etc.) and of the guts of your code, the PHP will be processed and the logic or HTML it's meant to output will be used on the page, not visible.
N.B. If there isn't an 'index' in a directory or a proper .htacess file, an Apache server will show a list of files in the directory, which can be downloaded and reviewed.
One mistake for it to happen is to paste a php tag inside a php string, example:
$string = "This is the answer: <s><?php echo $answer; ?></s>";
echo $string;
The person did a Ctrl+C and Ctrl+V of something that should be printed along the string, but the coder forgot to remove the php tags by distraction.