Forums

dylanpine

Here's my issue - a friend's hosting expired and I offered to host it - on moving it to my server, nothing worked (see http://nordconsultants.com). After looking at the code, I found the issue.

<td valign="top" width="139"><br>
						<a class="menu" href="page.php?id=home">home<br>
						</a><a class="menu" href="page.php?id=about">about us<br>
						</a><a class="menu"  href="page.php?id=choose">why choose us<br>
						</a><a class="menu" href="page.php?id=services">services<br>
						</a>	<a class="menu" href="page.php?id=workshops">workshops<br>
						</a><a class="menu" href="page.php?id=success_stories">success stories<br>
						</a><a class="menu" href="page.php?id=articles">articles<br>
						</a><a class="menu" href="page.php?id=clients">clients<br>
						</a><a class="menu" href="page.php?id=testimonials">testimonials<br>
						</a><a class="menu" href="page.php?id=contact">contact<br>
						</a></td>
				<td width="3" background="img/vertline.gif"><img src="img/vertline.gif" alt="" height="3" width="3" border="0"></td>
				<td valign="top"><img src="/img/title-<? echo $id;?>.gif" alt="" border="0">
						<div class="main">
							<p><? ini_set('display_errors','0'); include("/usr/local/etc/httpd/htdocs/nordconsultants/copy-$id.txt"); ?><br>

When you click on a menu item, say "about us", it is supposed to load copy-about.txt. Unfortunately, my server is set up differently and

/usr/local/etc/httpd/htdocs/nordconsultants/copy-$id.txt

is not a valid path. The .txt files are in the same directory as the PHP file.

I tried:

copy-$id.txt
/copy-$id.txt
.copy-$id.txt
/domains/nordconsultants.com/html/copy-$id.txt

and nothing worked. I'm guessing I am just missing something stupid, but I am out of ideas. Anyone? Thanks in advance.

TheDoc

My PHP isn't that strong lately, but I know in JS you'd have to pass in a variable like this:

something('/this/is/my/path/copy-' + $id + '.txt')

Schmotty

+1 @TheDoc

that last line should read


<p><? ini_set('display_errors','0'); include("copy-" . $id . ".txt"); ?><br>

dylanpine

@Schmotty @TheDoc

<? ini_set('display_errors','0'); include("copy-" . $id . ".txt"); ?>

Still no dice. PHP is up to date (5.3.10). Not sure what's going on here...

TheDoc

If it's not showing up with that code, then it must be a path issue.

dylanpine

@TheDoc It's in the same directory as page.php. Is that the correct code? Sorry, my PHP is very rusty.

Schmotty

change $id to $_GET['id']


<? ini_set('display_errors','0'); include("copy-" . $_GET['id'] . ".txt"); ?>

dylanpine

That worked. Thank you both!

traq

to explain what's going on, PHP used to have register_globals turned on by default. It was turned "off" in version 4.2, deprecated in 5.3, and was removed in version 5.4.

Basically, it "read" all of the indexes from the superglobals ($_GET, $_POST, etc.) and magically created $variables with them. This made things marginally easier for coders -novice coders, at least- but was a huge security problem otherwise. For example (from php.net):

<?php
// define $authorized = true only if user is authenticated
if (authenticated_user()) {
    $authorized = true;
}

// Because we didn't first initialize $authorized as false, this might be
// defined through register_globals, like from GET auth.php?authorized=1
// So, anyone can be seen as authenticated!
if ($authorized) {
    include "/highly/sensitive/data.php";
}
?>

I would be suspicious that a script written so long ago (when code like this was common) would have other security problems with it. For example, you should _never_ use user-submitted data without checking that it is valid and safe. I would highly recommend checking.

dylanpine

@traq Good to know. Always helps to understand why something doesn't work. I will definitely check the rest of the site. Thanks!

treehouse : what would you like to learn today?

Forums

[Solved] PHP Include issue