I am trying to create a script that will display the contents of a folder, onto a newsticker, and I was wondering if anyone had a script that could run this. I was thinking probably php, but it has no been working for me.
Thanks for the help
The software I am using is dreamweaver cs4
I'm guessing that you have written some PHP, but are trying to run it locally without a server - for PHP to work you need a server. XAMPP is a good bet to do this locally, or you'll need to upload your file to some hosting that supports PHP.
I'm thinking why you're having trouble with it is because you just copy and pasted the code in a .html file and opening it on your local environment.
With that said, in order for it to run locally, you have to install php and a http server. The code is done on server side, not client side. So either get a hosting service that supports php or download and install your own server and php.
Also, if you already have the above, the code has to be surrounded by a < ?php and ? > tags(without spaces). If you're running it on cli, then you need to make sure you give it execution permission with the path to php, OR execute php < name of script >.
Last, the code you presented provides major security flaws. The first of which is where will the "$dir_path" variable be set? Will that be user given, or will you specify the variable?
Whenever you allow users to view your file system, always make sure you give limitations to it. For example, let's say you did this:
www.example.com/newsticker.php?path=/www/files/newsticker
looks innocent enough, but a clever hacker could say let me try....
www.example.com/newsticker.php?path=/
And so fort.
So be careful and don't allow users to specify directories or execute code.
Related
Before this question gets closed, I know the setup above is possible. I just want clarification on some things.
I just started learning Aurelia because I want to convert one of my projects into a web app. My project is built with html+css+JavaScript(jQuery)+ PHP(MySql).
I havent used any sort of framework before.
In the guide, they mention a few ways to setup a web server. I used the http server with node. Now this is where I need some help understanding a few things.
I dont want to use node.js. I want to use PHP on the server. Will that work and how?
When using Apache server, I know any PHP page is sent to the interpreter that renders the final html. I use XAMPP and its apache comes bundled with PHP. Does the http server used by node come with PHP? Is this even a sensible question?
Now I know Aurelia is purely front end. If it used to make single page applications, it uses Ajax. So now I made the following assumption:
Using Aurelia, the user accesses the root page of the app that the web server sends. After that, Aurelia makes various Ajax requests to the server which will use my PHP files to do database query stuff.
Is that right or am I missing something. And can I just use xampp(apache) to host my app instead of server from node?
Aurelia is a framework that, after you export it to any server, does not rely on any back-end software at all. This means that with the help of the http- / fetch-client API, you can just call out to your php script.
I have an example in my github:
https://github.com/rjpvroegop/randyvroegop.nl-made-with-aurelia
Here I use the http-client to post data to my php script wich has a very simple email functionality.
You can see the action inside my view-model in src/pages/contact/index.js.
You can see the PHP script in src/assets/components/contactengine.php.
These work the way they should. Note: you have to change your gulp build if you want your PHP served the way I serve mine, from the dist folder after gulp-watch or gulp-export.
Next to that you can use any back-end functionality you would like, as long as it returns the proper data. This PHP script does that. If you would download my distribution to test this you can simply do the following:
gulp export from your terminal in the root folder
copy everything from the export folder to your PHP webserver.
Php is a server side scripting language.. So, if i make my PC work as a server in a network, will I be able to see the php code executed on my machine? As html is seen on all client PC's?
Not only will you be able to see the php code on your server, you will even have to put it there first. Your server will not run other servers' PHP code if that is what you had in mind.
If the webserver is configured correctly then you can only see the code directly on the server as with every other local file on a server/pc.
Other machines that access your internet pages (in case that the php files are for a webpage, as I have seen some usages of php files for maintenance utilities instead of web pages in the past) only see the results of the php code not the php code itself (thus only what you echo or specifically print out to html in another way). This is because the webserver processes the php file and the clients only receive the results of the php files not the source files themselves.
Aside from those two cases I've seen it in the past that if a webserver is NOT correctly configured, it can be that the clients see the php code itself instead of the results (as the webserver does not process the php parts). In these cases yes the clients can see the php source (not sure if this is also true for the current versions of webservers though. At least in the past it was that way).
As mentioned there exists also the option to use php files as programs that run locally (for example started via a service that calls php myphpfile.php). In these cases it is as in the first case that the sourcefile itself can normally be accessed as every other local file on the server itself, but as it is not in a webserver directory clients (aside from network shares,...) won't be able to see anything of the file itself.
Yes, you can see your code by using ssh like putty you have to login to your server using a user account of server. Follow the following tutorial. You will be able to log into your server remotely and you can see and even update the files on server.
http://kb.mediatemple.net/questions/1595/Using+SSH+in+PuTTY+%28Windows%29#gs
You can open the folder containing the source PHP files and open them with an appropriate Editor (Notepad++, Sublime Text...)
So I'm a bit confused about what crafty users can and can't see on a site.
If I have a file with a bunch of php script, the user cant see it just by clicking "view source." But is there a way they can "download" the entire page including the php?
If permission settings should pages be set to, if there is php script that must execute on load but that I dont want anyone to see?
Thanks
2 steps.
Step 1: So long as your PHP is being processed properly this is nothing to worry about...do that.
Step 2: As an insurance measure move the majority of your PHP code outside of the Web server directory and then just include it from the PHP files that are in the directory. PHP will include on the file system and therefore have access to the files, but the Web server will not. On the off chance that the Web server gets messed up and serves your raw PHP code (happened to Facebook at one point), the user won't see anything but a reference to a file they can't access.
PHP files are processed by the server before being sent to your web browser. That is, the actual PHP code, comments, etc. cannot be seen by the client. For someone to access your php files, they have to hack into your server through FTP or SSH or something similar, and you have bigger problems than just your PHP.
It depends entirely on your web server and its configuration. It's the web server's job to take a url and decide whether to run a script or send back a file. Commonly, the suffix of a filename, file's directory, or the file's permission attributes in the filesystem are used to make this decision.
PHP is a server side scripting language that is executed on server. There is no way it can be accessed client side.
If PHP is enabled, and if the programs are well tagged, none of the PHP code will go past your web server. To make things further secure, disable directory browsing, and put an empty index.php or index.html in all the folders.
Ensure that you adhere to secure coding practices too. There are quite a number of articles in the web. Here is one http://www.ibm.com/developerworks/opensource/library/os-php-secure-apps/index.html
thanks all of you for patiently answering my question "About exec() function in PHP: About exec() function in PHP", it has given me an idea of how this works and so. Lots of them pointed the syntax error, my pardon forgot to include the quotes.
Actually I have got a requirement in normal conditions the customer has the .exe file which he needs to normally run from command prompt, where he needs to include the path for the license and config files manually, so that application is valid for installation.
Now he wants a php script where he will enter the web page with his valid login details and with the click of link he should be able to run the .exe file to install the software on his machine. Including the license and config file is my job which I have been working on, on the other hand I am still not clear that this is really possible to run the .exe file on the clients machine when the script runs on the php remote server. What can be the other alternatives to accomplish this. Can anyone clear my doubts?
You cannot run anything on the client machine from a PHP script running on the server. It's impossible. What you can do is create an archive (e.g. ZIP) that contains the executable file, the license file and the configuration. Then you can offer this archive to the user as download. After extracting the archive on his machine he then would be able to execute the application.
Other possibilities to execute something on the client machine would be a Java applet or a Flash application. Those are subject to a lot of security restrictions though.
Alternative:
1.Save settings to file
2.Compact programm to archive with setting file && license
3.Download archive
PHP is on the server, the server generates HTML/JS/CSS. The PHP process ends before the web page is displayed to the user.
There's no way, and a VERY VERY good reason why this can not or will never be able to be done.
And why would you want to run an .exe file on someone's computer other than malicious reasons?
You're on the Web, sell subscription, what licensing are you talking about?
There is no way to actually execute a program on the client machine directly from PHP. The best you can hope to achieve is to provide a download for the executable file and then the client can execute it manually. You could provide an archive file with the installation executable and config/license file(s), but the client would still have to execute the file manually.
You could potentially use client-side technologies such as Flash, Java or ActiveX to accomplish this, but this is not a simple task and requires fairly intimate knowledge of the languages on which these technologies are based.
If the file was an MSI, it would be theoretically possible to allow the server to remotely install it on the client machine, however there are some barriers to this:
You need a fully fledged Windows domain for this, and both the server and client machines would have to be members of that domain. There is no way around this.
You would most likely need to know the NetBIOS name of the client machine, and there is AFAIK no 100% reliable way to determine this from PHP.
Your PHP instance would need to be running under an account that has administrative privileges in the domain. This is unlikely to be the case at the moment, and it is not a very good idea to run like this anyway.
Does anyone know if it is possible to send a command line script from a php page to another server from which the php file is not on? So Php file is on server A and the command line script needs to be run on server B. Both are hosted locally but on seperate machines.
I dont think it is possible but just want to see if anyone else has tried it or knows it doesnt work either.
Thanks,
Mike
It is possible to make a PHP script log on to another server using SSH, but it's very complicated.
It's probably much, much easier to have a publicly accessible PHP file on the remote server, call that through the web, and have it perform whatever actions you need.
What you describe can be done as a a simple "REST service" which Pekka described.
You should also research "RPC" (Remote Procedure Call) and "SOAP" as well.
Both of those come with some baggage, and both are probably overkill, but they are solutions to the problem.