Loading ...
Sorry, an error occurred while loading the content.

php syntax mistake?

Expand Messages
  • Jonathan Woodbridge.com
    I m trying to edit very simple old php code in an html page that includes other files, such as header, body, menu and footer. Unfortunately, the file is now
    Message 1 of 5 , Jan 22, 2007
    • 0 Attachment
      I'm trying to edit very simple old php code in an html page that includes
      other files, such as header, body, menu and footer. Unfortunately, the file
      is now being hacked to send spam, it seems because the variable that is
      INCLUDEd to display the page content is not checked before it is run, hence
      other code can be injected into it and run other processes on other servers.

      The modification I'm trying to make is quite simple, to read from an array
      of legitimate pages and only run the include if the content occurs in this
      array. However, the new file will not run, it simply looks for data and
      times out. I think I am probably making a simple syntax error, but cannot
      find it. Can anyone help?

      old code (works but insecure) ==================

      <?php
      /* Time for some comments about the code.
      This is the main page. It works as a frame for the whole site. It keeps the
      basic structure:
      1- head
      2- leftmenu
      3- body
      4- footer
      1,2,and 4 are fixed, so they never chage. I keep them in separate .part
      files to keep this page smaller and easier to mantain.
      The body (3) gets loades thru the "pagina" variable. All pages are plain
      text files with HTML and CSS codes vut not structure (is, it's just the body
      nothing else)
      All pages contain many comments, I'm afraid all of them in Spanish ;).
      */
      echo "<div class=\"cabeza\">";
      include 'cabeza.part';
      echo "</div>";
      echo "<div class=\"cuerpo\">";
      echo "<div class=\"lateral\">";
      include 'menu.part';
      echo "</div>";
      echo "<div class=\"centro\">";
      // Si no existe página, ponemos la página primcipal
      if (!$pagina){
      $pagina="home";
      }
      include "$pagina";
      echo "</div></div>";
      echo "<div class=\"pie\">";
      include 'pie.part';
      echo "</div>";
      ?>


      new code (does not work) ================


      <?php
      /* Time for some comments about the code.
      This is the main page. It works as a frame for the whole site. It keeps the
      basic structure:
      1- head
      2- leftmenu
      3- body
      4- footer
      1,2,and 4 are fixed, so they never chage. I keep them in separate .part
      files to keep this page smaller and easier to mantain.
      The body (3) gets loades thru the "pagina" variable. All pages are plain
      text files with HTML and CSS codes vut not structure (is, it's just the body
      nothing else)
      All pages contain many comments, I'm afraid all of them in Spanish ;).
      */
      echo "<div class=\"cabeza\">";
      include 'cabeza.part';
      echo "</div>";
      echo "<div class=\"cuerpo\">";
      echo "<div class=\"lateral\">";
      include 'menu.part';
      echo "</div>";
      echo "<div class=\"centro\">";
      //mod by JW on Jan 18 07 - check that pagina variables are legitimate by
      comparing with list of ok pages
      $pagina=array("accomp2004", "blanco", "cabeza", "comotrabaja", "contact",
      "cuerpo", "docshist", "gallery", "globali", "guatereports", "historia",
      "home", "impuni", "mandato", "orgs", "menu", "pie", "tierra", "trabajo2003",
      "vols");

      //check $page variable called is in ok page array above
      $valid=false;
      for ($i=0; $i<sizeof($pagina) || !$valid; $i++) {
      if ($pagina==$pagina[$i]) {
      $valid=true;
      }
      }
      if ($valid) include ("$pagina");
      if (!$valid) include(home); // include the main page if not valid

      echo "</div></div>";
      echo "<div class=\"pie\">";
      include 'pie.part';
      echo "</div>";
      ?>

      thanks!

      Jonathan
    • Sheri
      ... Do you need a different name for the array? Regards, Sheri
      Message 2 of 5 , Jan 23, 2007
      • 0 Attachment
        > if ($pagina==$pagina[$i]) {

        Do you need a different name for the array?

        Regards,
        Sheri
      • Bob Janes
        Hi Jonathan, ... other files, such as header, body, menu and footer. I ve just got back to the office and seen this, I guess you have it fixed by now but if
        Message 3 of 5 , Jan 24, 2007
        • 0 Attachment
          Hi Jonathan,

          Jonathan Woodbridge.com wrote:
          > I'm trying to edit very simple old php code in an html page that includes
          other files, such as header, body, menu and footer.

          I've just got back to the office and seen this, I guess you have it fixed by
          now but if not this should work.

          As someone else said you're using the same variable name twice. There are
          also a couple of odd line-breaks but they may be a result of e-mail
          formatting. Here's a chunk of slightly simpler code that should do it for
          you; notice that I've re-named the array to $pagina_array

          +++++

          $pagina_array = array("accomp2004", "blanco", "cabeza", "comotrabaja",
          "contact", "cuerpo", "docshist", "gallery", "globali", "guatereports",
          "historia", "home", "impuni", "mandato", "orgs", "menu", "pie", "tierra",
          "trabajo2003", "vols");

          //check $page variable called is in ok page array above

          if ( in_array($pagina, $pagina_array) ) {
          include $pagina;
          } else {
          include $home;
          }
          echo "</div></div>";

          +++++


          Best wishes

          Bob

          --
          Bob Janes
          bob@...

          I do want to say a few things to the graduates . . . I ask you to give
          to your children a better world than we gave to you. I ask you to
          temper your striving for material success, for the glitter of things,
          with the drive to overcome the injustice and misery that still stalk
          our nation and our planet . . . Be steadfast, be strong, be of good
          cheer. ~ Vernon E Jordan, Jr
        • Bob Janes
          Hi Jonathan, I made the mistake of posting my first version then going off to have a bath . . . Here s the slightly more elegant revised version. +++++
          Message 4 of 5 , Jan 24, 2007
          • 0 Attachment
            Hi Jonathan,

            I made the mistake of posting my first version then going off to have a bath
            . . . Here's the slightly more elegant revised version.

            +++++

            $pagina_array = array("accomp2004", "blanco", "cabeza", "comotrabaja",
            "contact", "cuerpo", "docshist", "gallery", "globali", "guatereports",
            "historia", "home", "impuni", "mandato", "orgs", "menu", "pie", "tierra",
            "trabajo2003", "vols");

            //check $page variable called is in ok page array above

            $page_to_load = $home;

            if ( in_array($pagina, $pagina_array) ) {
            $page_to_load = $pagina;
            }

            include $page_to_load;
            echo "</div></div>";

            +++++


            Best wishes

            Bob

            --
            Bob Janes
            bob@...

            I do want to say a few things to the graduates . . . I ask you to give
            to your children a better world than we gave to you. I ask you to
            temper your striving for material success, for the glitter of things,
            with the drive to overcome the injustice and misery that still stalk
            our nation and our planet . . . Be steadfast, be strong, be of good
            cheer. ~ Vernon E Jordan, Jr





            Yahoo! Groups Links
          • Jonathan Woodbridge.com
            Hello Bob, ... thinking is always dangerous! thanks so much for this, it works great. I still can t exactly see why the old code doesn t work, but then, I ve
            Message 5 of 5 , Jan 25, 2007
            • 0 Attachment
              Hello Bob,

              > I made the mistake of posting my first version then going off
              > to have a bath . . . Here's the slightly more elegant revised version.

              thinking is always dangerous! thanks so much for this, it works great.

              I still can't exactly see why the old code doesn't work, but then, I've
              never gotten very far with php or c or anything except WordBasic.

              I run a website for Peace Brigades International, we send volunteers to
              accompany human rights activists who are threatened for their work. Your
              code just got our Spanish language pages on our project in Guatemala up and
              running again at www.peacebrigades.org/guatemala

              Enjoy Brittany: when I was a boy, I used to vacation in Le Val Andre, not so
              far away, I think. Glad someone else likes Spencer Brown's Laws of Form.

              best,

              Jonathan
            Your message has been successfully submitted and would be delivered to recipients shortly.