when a php file is requested on a users front end, the output is html. (view source)

I know there is a way, but I don't know how to view the original source of a php file.

Thanks :peace:

you can't! unless you have ftp access or similar means :)

are you positive? because i'm looking for any means to. I wanted to look at the php source of a particular file that I saw, and can't figure out how to do it.

So there's no way to view php source code? without direct connection to the server it's hosted on?

No, there no way to view such a file.

I am +. PHP is server side scripting language. You are on user side :)

Ask the owner of the web site? Too easy?

Yeah, if anyone could read anyone's php code, then everyone would be able to enter and look at various website's databases, etc., etc.

As briefly stated above, PHP is a Server Side Scripting Language, meaning that the server "runs the code" and outputs (HTML) to your browser; the PHP code is never touched or mentioned to your ISP, router, or computer's browser.

If it's your site, you can make a page that will read the php page as an ordinary text file and display it, but short of that, as far as someone else's site is concerned, no. And that's a good thing.

I think this is common sense. There is no way period.

Exactly, why would there be a way to pull the original page and view the possible security information like the db username/password and everything else. The world would be a mess if you could do this.

Exactly, why would there be a way to pull the original page and view the possible security information like the db username/password and everything else. The world would be a mess if you could do this.
That's not the reason why one cannot view the source code of PHP scripts through a HTTP agent. Consider some silly javascripts that give you a dialog box when you view the page, requesting that you enter the correct password to view the page... and then all you need to do is view source to circumvent it.

In fact, sensitive information like passwords should not be kept on the public html directory, just in case some admin oversight causes a failure to parse the PHP code before serving the page... and then the mess would happen.

Yeah, if anyone could read anyone's php code, then everyone would be able to enter and look at various website's databases, etc., etc.

As briefly stated above, PHP is a Server Side Scripting Language, meaning that the server "runs the code" and outputs (HTML) to your browser; the PHP code is never touched or mentioned to your ISP, router, or computer's browser.

That's true. I didn't even think about that. Good point.

Thanks guys. I was just wondering. I am glad no one can do that to my php programming.

If the php is your own and for whatever reason you need to see the code you could use the highlight_file function:

http://us3.php.net/manual/en/function.highlight-file.php

just make sure that it's tucked away in some admin section of the site which requires login.

That's not the reason why one cannot view the source code of PHP scripts through a HTTP agent. Consider some silly javascripts that give you a dialog box when you view the page, requesting that you enter the correct password to view the page... and then all you need to do is view source to circumvent it.

In fact, sensitive information like passwords should not be kept on the public html directory, just in case some admin oversight causes a failure to parse the PHP code before serving the page... and then the mess would happen.

While that's true, when was the last time you installed a CMS or other PHP app and it instructed you to move your config file with that information to another directory outside the web root.

While that's true, when was the last time you installed a CMS or other PHP app and it instructed you to move your config file with that information to another directory outside the web root.

Geeklog (http://www.geeklog.net) actually does this. All configuration files are outside of the webroot for security reasons.

What exactly does geeklog do?

AddType application/x-httpd-php .php is used to indicate that its to be run as a php file which is to be parsed.

If you can have the opposite of this or have this as treated as a text file and insert this into a .htaccess file for the particular folder then you should be able to view the php code.
I dont know what you need to add to the htaccess file but maybe mime-extension ?

While that's true, when was the last time you installed a CMS or other PHP app and it instructed you to move your config file with that information to another directory outside the web root.

Off topic.

You can keep the file within web root as far as you do not allow post,get access to it. Personally I keep my config files like this:

web_root/Password_protected_dir/.htprivate/.ht_config_file_name
and in htaccess I have this in case that it is removed from default apache configuration.

<Files ~ "^\.ht">
Order allow,deny
Deny from all
Satisfy All
</Files>

Additionally I keep file encrypted with mechanism that is itself encoded, so even if you get it, it would be totally useless to you.