Help on a php script annoying "bug"

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
josh
DevNet Master
Posts: 4872
Joined: Wed Feb 11, 2004 3:23 pm
Location: Palm beach, Florida

Help on a php script annoying "bug"

Post by josh »

I'm currently makeing a page for someone and they need to be able to update their website via a web based interface... I have the bear bones of this web based interfece up and I was just wondering about 2 things first....


My update "who we are" or the main contents of index.php writes to file who.txt and index.php reads who.txt, when you request the php file for the we based updater it returns a form with a text box and a password box and a submit button. This text box for the main content automatically already contains the who.txt's contents so they can edit it rather then copy and paste and deal with html .......... when I request it, the html that has " <<< quotes in it is turned into /" or a slash and a quote. I am assumeing this is php's code for a quote, but when you request index.php and look at it, it has /" instead of " all over the place. This is no big deal but everytime they edit it it adds more slashes so now when i look at the source it has //////////////////////////////////" for every quote




SEcond of all is the form sends the request to update.php or who.php etc.... here is the source code of it:

<?
// Get the document root



// Set what will be written to file
$passwrd = $_REQUEST['passwrd'];
$outputstring = $_REQUEST['stringfile'];
//passwrd

if ($passwrd == "my_password_here"){


$filename = 'who.txt';
$outputstringtwo = file_get_contents($filename);

// Set file for opening
$fp = fopen("who.txt", 'w');



echo ("File main.txt has been opened<BR>");
$fo = $fp;

// Finally, write to file
fwrite($fp, $outputstring);
echo ("File main.txt has been written<BR>");

// Close the written file
fclose($fp);
echo ("File who.txt has been closed<BR>");
echo ("Done, check the file <a href=index.php>here</a><BR><BR>");
echo ("File who.txt has been chenged to:<BR>");
echo ($outputstring);
echo ("<P>from<P>");
echo ($outputstringtwo);


} else {
echo ("Incorrect pass");
}

?>







Is this part secure?
if ($passwrd == "my_password_here"){

Or can they view my php somehow because when I goto the php file normally in my browser it returns incorrect pass like I want it too.


Thanks in advanced for your help. Any suggestions or anything at all?


If I could just figure out how to do

replace (" //" " with " /" " );

or soemthing like that but im not sure what the command is to replace things
User avatar
DuFF
Forum Contributor
Posts: 495
Joined: Tue Jun 24, 2003 7:49 pm
Location: USA

Post by DuFF »

Yes that is secure. Remember that PHP is server-side, so all code is executed by the server before it goes to the client. There is no way a client can ever see the PHP code.

To get rid of the slashes do this:

Code: Select all

// Finally, write to file
$outputstring = stripslashes($outputstring);  //I added this line
fwrite($fp, $outputstring); 
echo ("File main.txt has been written<BR>");
josh
DevNet Master
Posts: 4872
Joined: Wed Feb 11, 2004 3:23 pm
Location: Palm beach, Florida

thnx

Post by josh »

Thanks alot
Post Reply