HELP! Stop php executing!

dopee · #1 04-Feb-2005, 04:36

I have made an admin script to display html in a textarea and to edit it and save it to a file.
My only problem is that when the contents of the html file are included into a textarea, the php code within the html is executed.
How can I stop this? Must I encode the text to it's entites?
Pls goto www.sportstar.co.za and choose left menu, and default to see the script in action. Scroll to the bottom and see what 
<?php print "This is text generated by php";?> produces.
Attached is the full admin script as well as global variables needed in text form, pls resave as .php to execute.
Thanx for the help in advance
Rich

dopee · #2 04-Feb-2005, 04:41

blast bloody attachments...why is there no option to delete attachments?
I have no zipper to compress and can't upload .php and there is a clash with attachments cos stupid pc at internet cafe crashed.
Arrrrg

dopee · #3 04-Feb-2005, 04:44

Heres my code

PHP Code:


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<?php
// this is an admin script for sportstar.co.za to edit html files which control the design of
// the sportstar site

require_once("globals.php");

function displaysections()
{
 GLOBAL $stage;
 echo '<form action="admin.php" method="post">Please choose the section your wish to edit:<br /><br />';
 echo "<input type=\"hidden\" name=\"stage\" value=\"".($stage+1)."\">";
 echo '<select name="sectionvar" style="width:160px">';
 echo "<option value=\"lmenu\">Left Menu</option>\n";
 echo "<option value=\"rcont\">Right content pages</option>\n";
 echo '</select><br /><input type="submit" value="next >>">
        </form>';
}

// lets display a select list depending on what section the user wants to edit
// lmenu or rcont
function displayselect()
{
 GLOBAL $stage, $pagearray, $sectionvar;
 echo '<form action="admin.php" method="post">';
 if (strtolower($sectionvar) == "lmenu")
 echo "\nSelect the left menu section page to edit:<br /><br />\n";
 else echo "\nSelect the page you wish to edit:<br><br>\n";
 echo "<input type=\"hidden\" name=\"stage\" value=\"".($stage+1)."\">\n";
 echo "<input type=\"hidden\" name=\"sectionvar\" value=\"".$sectionvar."\">\n";
 echo '<select name="whichpage" style="width:160px">'."\n";
 $tempcount=0;
 $tempcount2=0;
 foreach ($pagearray as $number => $data)
 {
  //print $number;
  if (strtolower($sectionvar) == "lmenu")
  echo "<option>".$pagearray[$number][0]."</option>\n";
  foreach ($data as $value)
  {
   //print $value."<br>";
        if (($tempcount2 == 0) && ($tempcount == 0));
        else if (strtolower($sectionvar) == "rcont")
        echo "<option>".ucfirst($value)."</option>\n";
        $tempcount ++;
  }
  $tempcount2 ++;
  $tempcount=0;
 }
 echo '</select><br />
      <input type="submit" value="next >>">
      </form>';
}

function findvariables()
{
 GLOBAL $pagearray, $whichpage;
 foreach ($pagearray as $number => $data)
 {
  //return $number;
  foreach ($data as $value)
  {
   //print $value."<br>";
   if ((trim(strtolower($whichpage)) == trim(strtolower($value))))
       {
       return $number;
       }
  }
 }
}

// lets display the html text in a textarea
function displaytext()
{
 GLOBAL $stage, $pathtohtml, $whichpage, $pagearray, $sectionvar;
 $section = findvariables();
 $pos = strrpos($whichpage, " ");
 while (!(empty($pos)))
 {
  $whichpage = substr_replace($whichpage,"",$pos,1);
  $pos = strrpos($whichpage, " ");
 }
 if (!($sectionvar == "lmenu"))
 $whichpage = $pathtohtml.$pagearray[$section][1].(strtolower($whichpage)).".html";
 else $whichpage = $pathtohtml.$pagearray[$section][1]."leftmenu.html";
 if (file_exists($whichpage))
 {
     echo "Editing page: <b>$whichpage</b><br /><br />\n";
     echo '<form action="admin.php" method="post">';
     echo "<input type=\"hidden\" name=\"whichpage\" value=\"".$whichpage."\">\n";
     echo "<input type=\"hidden\" name=\"stage\" value=\"".($stage+1)."\">\n";
     echo '<textarea name="editedtext" cols="60" rows="6">'."\n";
     include_once($whichpage);
     echo '</textarea><br><br><input type="submit" value="save"></form><br />'."\n";
     echo '<a href="admin.php">Home</a>';
 }
 else echo "file does not exist $whichpage";
}

// delete original file and create a new one with same name and edited html text
function savetext()
{
 GLOBAL $editedtext, $whichpage;
 if (file_exists($whichpage)) unlink($whichpage);
 else echo "Error: Page $whichpage not found.";
 $filepointer = fopen($whichpage,"w+");
 fputs($filepointer, $editedtext);
 fclose($filepointer);
 echo "<b>$whichpage</b> successfully edited!<br />\n";
 echo "Go <a href=\"admin.php\">back</a>";
}

// build the head
print "<html><head><title>$websitename</title>\n";
print "<meta content=\"$author\" name=\"author\">\n";
print "<meta content=\"$sitedescription\" name=\"description\">\n";
print "<meta content=\"$keywords\" name=\"keywords\">\n";
print "</head>\n";
?>
<body topmargin="18">

<?php


//print $pagearray[$variablearray][0];

//$position = findvariables($pagearray,strtolower($whichpage));
//$stage = 3;
//$sectionvar = "rcont";
//$whichpage="contact us";


if (empty($stage)) $stage = 1;

// main program
switch ($stage)
{
 case 1:
 displaysections();
 break;
 case 2:
 displayselect();
 break;
 case 3:
 displaytext();
 break;
 case 4:
 savetext();
 break;
}

?>

</body></html>

GLOBALS

PHP Code:


<?
$kkcbanner = "kkcbanner.html";
$errorpage = "404.txt";
$pathtohtml = "htmlinc/";
$pagearray = array(
               array('default','df','Home','Contact Us'),
               array('Corporate Karting','ck','General Info','The Karts','Circuits','Racing Info','Sprint Racing','Endurance Racing','Conferencing','Catering','Extra Activities','Pricing','Booking Form'),
               array('League Racing','lr','General Info','The Karts','Circuits','Dates','Pricing','The Teams','Rules & Regulations','Booking Form'),
               array('4-Stroke Racing','4s','General Info','Prokart-twin 6hp','F200-World Formula Info','F200 Rules','F200 circuits','F200 Calender','F200 Championship Points','F200 Entry Forms','Teams & Drivers','your info here'),
               array('Pro Racing','pr','General Info','Classes','Dealers','Calender','Entries'),
               array('Practice & Rentals','p&r','General Info','Membership','Practice','Arrive & Drive'),
               );
// site variables
$websitename = "Kyalami Kart Circuit";
$author = "richard willis";
$sitedescription = "";
$keywords = "karts, go karts, kyalami, racing";
$styleurl = "styles.css";
$jsurl = "scripts.js";
$arraycount = 0;
?>

Allowee · #4 05-Feb-2005, 06:42

You should not include the files using PHP, like you do:

PHP Code:


include_once($whichpage);

try replacing that live with this one

PHP Code:


echo file_get_contents($whichpage);

that will echo the file inot the textarea without parsing it

dopee · #5 05-Feb-2005, 09:01

great!
Seems to be working fine now.
Thanx a lot for the quick response allowee!

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search
Rate This Thread
Rate This Thread:

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Help ! I need help starting up on Php !	onauc	MySQL / PHP Forum	11	04-Jan-2005 23:57
PHP crashing/restarting Apache - PLEASE HELP ME!!	faulkj	Apache Web Server Forum	4	27-Sep-2004 14:50
uisng php to display php	dopee	MySQL / PHP Forum	6	14-May-2004 18:40
php software	dopee	MySQL / PHP Forum	0	04-May-2004 11:26
All the big PHP script collections that matter	jrobbio	MySQL / PHP Forum	5	06-Jun-2003 16:14