RE: [PHP-DB] Downloading PHP source from a PHP filename, possible?
Only just to say: There is no way how to grab PHP source code from remote computer!!! 1/ As I said: communicating with another computer is always using some protocol (HTTP,HTTPS,FTP,GOPHER,SMTP) And using http protocol always pass the code through php parser before it's sended to you. Always, there is no way how to escape this. 2/ Try to imagine, what should be possible if you are able to do it... you can steal every source codes... with passwords, dataabse administrator access.. We are all glad it's not possible to do it But there is way if the remote computer, you want to grab the codes from is under your control (or part of it). There *must* be some way, because when you point your web-browser to domain1.com it loads the source, so windows reads the source to display and the webserver handles the requests. So there must be some way to actually grab it? Or no? I don't mean the HTML source I mean the entire PHP source. As I wrote, no way unless you have that code under your control And be really carefull, what are you doing NEVER do this customizable from users to prewent downloading other sources, that you you want them to download Brona -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Downloading PHP source from a PHP filename, possible?
The only real way to do this is to set up a web service on domain 2 which responds to page requests by pulling the source directly as a file, without interpreting it as PHP code. The function to use here is readfile(/path/to/my/php/scripts/on/webserver.php); You might also want to set a header of Content-type: text/plain Readfile does exactly what it says on the tin - it does not attempt to interpret the contained content, it simply passes it to the output stream. For this reason, while people commonly include() HTML in a PHP page, if it contains no PHP code you should use readfile() because it is quicker to run (it is not interpreted). I would then in the calling page, put the PHP code into a textarea/textarea box so that the code can be viewed and easily cut + paste. Be careful with the security of scripts like this - make sure you pass a numeric parameter, and convert this into a an array key which *looks up* the script filename. If you pass the filename direct, people *will* hack your web server to extract unexpected files you didn't plan on providing. Cheers - Neil. At 07:17 30/11/2003 +, you wrote: I dunno, but how is it possible to grab local PHP source but not from another domain? I'd think it work in the same manner but guess there is something locking that out. I own both domains and thought it be easier to have one domain for the code and one domain for displaying the code. So I could use the other domain to test with and users could also and the other domain for demo's on what to do to achieve things with PHP/mysql etc. Which Only I can edit. I understand PHP has a ftp service in PHP, could this work to download the source? Thanks for your time. Jerry -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Downloading PHP source from a PHP filename, possible?
Hi, Thanks for the code(s), finally got it to display in a page. But I crashed the server in the attempt. Very bad thing I did... Which threw out over 3000 processes for just visiting the page the one time... eck! It was nasty, I hope noone else attempts it. If people want the code that I used that simply caused more headaches than anything else I am happy to post it. Than again why would you want it? So than again I may not. :P Okay finally I have multiple domains. domain1.com domain2.com Is it possible to grab the source using some PHP code from domain2.com and display it on domain1.com? There *must* be some way, because when you point your web-browser to domain1.com it loads the source, so windows reads the source to display and the webserver handles the requests. So there must be some way to actually grab it? Or no? I don't mean the HTML source I mean the entire PHP source. Thinking about it more maybe it is not that possible as the web-server handles the PHP requests and than the browser outputs it from what the web-server says. I dunno, but how is it possible to grab local PHP source but not from another domain? I'd think it work in the same manner but guess there is something locking that out. I own both domains and thought it be easier to have one domain for the code and one domain for displaying the code. So I could use the other domain to test with and users could also and the other domain for demo's on what to do to achieve things with PHP/mysql etc. Which Only I can edit. I understand PHP has a ftp service in PHP, could this work to download the source? Thanks for your time. Jerry Date: Fri, 28 Nov 2003 22:35:16 -0500 From: David T-G [EMAIL PROTECTED] To: PHP DB list [EMAIL PROTECTED] CC: JeRRy [EMAIL PROTECTED] Subject: Re: [PHP-DB] Downloading PHP source from a PHP filename, possible? Jerry -- ...and then JeRRy said... % % Hi, Hi! % ... % If a file is called blah.php and is only tailored to % PHP code is it possible to make it downloadable either % as a file-download or appear as plain text in a % browser window? You could probably manage anything, though it might be a little tricky; if you really insisted on having just the one file, I'd actually have a wrapper script which is allowed to display the php source of another file. Hmmm... As I think about it, there's probably no reason that special script couldn't display itself, which means there's no reason your original file couldn't display itself either; you'd no doubt have a display function just for that. Gonna have to think about that one. Anyway, what I usually do if I have a need to display the source of running code is just make a symlink as either blah.txt or blah.phps (depending on whether I want it to be readable on the surfer's windows box after downloading or want colorization by apache) so that I save space and have only one thing to maintain. I could use a hard link but then it's easy to forget that it's a link :-) But I'm going to have to go and think about including and recursion for a bit, starting with how to do it for some specific other file. It could be as easy as print file(blah.php) ; or such... HTH HAND :-D http://personals.yahoo.com.au - Yahoo! Personals New people, new possibilities. FREE for a limited time. -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Downloading PHP source from a PHP filename, possible?
Jerry -- ...and then JeRRy said... % % Hi, Hi! % % Thanks for the code(s), finally got it to display in a % page. But I crashed the server in the attempt. Very % bad thing I did... Which threw out over 3000 processes % for just visiting the page the one time... eck! Oops :-) % % It was nasty, I hope noone else attempts it. If % people want the code that I used that simply caused % more headaches than anything else I am happy to post % it. Than again why would you want it? So than again % I may not. :P *grin* % % Okay finally I have multiple domains. % % domain1.com % domain2.com Yay. % % Is it possible to grab the source using some PHP code % from domain2.com and display it on domain1.com? Nope. Well, not unless you have it on domain2 so that anyone could get it (eg as a .phps or a .txt or even a not-interpreted .php). % % There *must* be some way, because when you point your % web-browser to domain1.com it loads the source, so % windows reads the source to display and the webserver Not quite. % handles the requests. So there must be some way to % actually grab it? Or no? I don't mean the HTML % source I mean the entire PHP source. Exactly. That's what you can't have. % % Thinking about it more maybe it is not that possible % as the web-server handles the PHP requests and than % the browser outputs it from what the web-server says. Yep. % % I dunno, but how is it possible to grab local PHP % source but not from another domain? I'd think it work % in the same manner but guess there is something % locking that out. If you can read the file from your disk then you can load it up; it's part of domain1's local files even if it's meant to be displayed somewhere else. Hmmm... That brings up two points. The sane one is that if both domains are hosted on the same server then you can often share the file (but if safe mode and the like are on you may not be able to get out of your own jail). The insane one is that if you mount the other server's disk via NFS or such then it looks local and apache can go and load the file -- but that's quite insane indeed. % % I own both domains and thought it be easier to have % one domain for the code and one domain for displaying % the code. So I could use the other domain to test Again, if they're hosted together, then it becomes a piece of cake. What we do on our server, for instance, is / home/ sites/ .php/ dev/ code.inc tst/ pro/ index.inc site1/ web/ code.php site2/ web/ index.php where the two .php files just look like ?php include(/home/sites/.php/dev/code.inc); ? ?php include(/home/sites/.php/pro/index.inc); ? and all of the magic is done in our protected area where users cannot go (they are jailed at the siteX level) and certainly can't change it. % with and users could also and the other domain for % demo's on what to do to achieve things with PHP/mysql % etc. Which Only I can edit. Well, don't give your users permission to edit the central repository on the other machine, of course... % % I understand PHP has a ftp service in PHP, could this % work to download the source? Only if you want it to be downloadable, and I still don't recommend it. % % Thanks for your time. That's why we're here :-) % % Jerry HTH HAND :-D -- David T-G * There is too much animal courage in (play) [EMAIL PROTECTED] * society and not sufficient moral courage. (work) [EMAIL PROTECTED] -- Mary Baker Eddy, Science and Health http://justpickone.org/davidtg/ Shpx gur Pbzzhavpngvbaf Qrprapl Npg! pgp0.pgp Description: PGP signature
Re: [PHP-DB] Downloading PHP source from a PHP filename, possible?
Jerry -- ...and then JeRRy said... % % Hi, Hi! % ... % If a file is called blah.php and is only tailored to % PHP code is it possible to make it downloadable either % as a file-download or appear as plain text in a % browser window? You could probably manage anything, though it might be a little tricky; if you really insisted on having just the one file, I'd actually have a wrapper script which is allowed to display the php source of another file. Hmmm... As I think about it, there's probably no reason that special script couldn't display itself, which means there's no reason your original file couldn't display itself either; you'd no doubt have a display function just for that. Gonna have to think about that one. Anyway, what I usually do if I have a need to display the source of running code is just make a symlink as either blah.txt or blah.phps (depending on whether I want it to be readable on the surfer's windows box after downloading or want colorization by apache) so that I save space and have only one thing to maintain. I could use a hard link but then it's easy to forget that it's a link :-) But I'm going to have to go and think about including and recursion for a bit, starting with how to do it for some specific other file. It could be as easy as print file(blah.php) ; or such... HTH HAND :-D -- David T-G * There is too much animal courage in (play) [EMAIL PROTECTED] * society and not sufficient moral courage. (work) [EMAIL PROTECTED] -- Mary Baker Eddy, Science and Health http://justpickone.org/davidtg/ Shpx gur Pbzzhavpngvbaf Qrprapl Npg! pgp0.pgp Description: PGP signature
