RE: Re: [PHP] file_exists and wildcard/regex
> -Original Message- > From: Boyd, Todd M. [mailto:[EMAIL PROTECTED] > Sent: Wednesday, December 10, 2008 8:28 AM > To: php-general@lists.php.net > Subject: RE: Re: [PHP] file_exists and wildcard/regex > > FWIW, I would probably do the file search like this (UNTESTED): > > > $filereg = '/bfile[1-9]?\d+\.txt/i'; Erp. I meant '/bfile[1-9]?\d\.txt/i', with no '+' after the '\d'... assuming you want 0-99 to be the range of values. > $pathstr = '/whatever/your/path/is'; > > if(is_dir($pathstr)) { > if($dir = opendir($pathstr)) { > $found = false; > > while(($file = readdir($dir)) !== false && !$found) { > if(preg_match($filereg, $file) > 0) { > echo $file . ''; > $found = true; > } > } > > closedir($dir); > } > } > > ?> // Todd
RE: Re: [PHP] file_exists and wildcard/regex
> -Original Message- > From: Per Jessen [mailto:[EMAIL PROTECTED] > Sent: Wednesday, December 10, 2008 1:43 AM > To: php-general@lists.php.net > Subject: Re: [PHP] file_exists and wildcard/regex > > Ashley Sheridan wrote: > > > If you're on a Linux system, you could look at ls and the regular > > expressions it lets you use with it. You could exec out and get the > > returned results. Also, as it's a system call, it should be very > > speedy. > > 'ls' is just a plain binary (/bin/ls), not a system call. The regex > functionality is part of the shell, usually bash. I think the fact that you have to exec() in order to perform it disqualifies it from being a system call. Ash - a system call is "a mechanism for software to request a particular kernel service." There's a somewhat-outdated list from Linux kernel 2.2 at [1]. You might be able to get crafty with sys_*stat, but I wouldn't recommend it. ;) FWIW, I would probably do the file search like this (UNTESTED): 0) { echo $file . ''; $found = true; } } closedir($dir); } } ?> If you want back more than the first match, do away with the $found -related stuff. 1. http://docs.cs.up.ac.za/programming/asm/derick_tut/syscalls.html HTH, // Todd
Re: [PHP] file_exists and wildcard/regex
Ashley Sheridan wrote: > If you're on a Linux system, you could look at ls and the regular > expressions it lets you use with it. You could exec out and get the > returned results. Also, as it's a system call, it should be very > speedy. 'ls' is just a plain binary (/bin/ls), not a system call. The regex functionality is part of the shell, usually bash. /Per Jessen, Zürich -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] file_exists and wildcard/regex
[EMAIL PROTECTED] wrote: > > I'm not sure how glob works in the guts, but I know it is dog-slow for > large numbers of files (or maybe just large numbers of results). > I'm not sure what the context of this was, but the speed of searching a directory with a large number of files, e.g. 100,000s, also depends a lot on the filesystem. /Per Jessen, Zürich -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] file_exists and wildcard/regex
I'm not sure how glob works in the guts, but I know it is dog-slow for large numbers of files (or maybe just large numbers of results). -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] file_exists and wildcard/regex
On Tue, 2008-12-09 at 12:54 -1000, Daniel Kolbo wrote: > > Daniel Kolbo wrote: > > What is the preferred method with php to test and see if a file > > [pattern] exists? > > > > For example, i only need to search in one directory, that may have any > > number of files named such as afile1.txt, afile2.txt, afile3.txt, > > And also, bfile1.txt, bfile2.txt, bfile3.txt, ... > > I want to see if any such file 'family' exists. That is, i want to > > see if there is any file named bfile[1-9][0-9]+.txt. I don't care > > which bfile number exists, i just want to know if any bfile exists. > > > > I hope this is clear enough, if not let me know. > > > > thanks, > > dK > > > After some more research it seems my options are: > 1) loop through the directory contents > 2) use scandir (then search the resulting array) > 3) use glob. I am not familiar with the glob pattern library, it does > not seem like i have the full power of regex when using glob is this > correct? Also, searching the whole filesystem seems...overkill. > > What do you suggest, is there a 4th option? > thanks, > dK If you're on a Linux system, you could look at ls and the regular expressions it lets you use with it. You could exec out and get the returned results. Also, as it's a system call, it should be very speedy. Ash www.ashleysheridan.co.uk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] file_exists and wildcard/regex
Daniel Kolbo wrote: What is the preferred method with php to test and see if a file [pattern] exists? For example, i only need to search in one directory, that may have any number of files named such as afile1.txt, afile2.txt, afile3.txt, And also, bfile1.txt, bfile2.txt, bfile3.txt, ... I want to see if any such file 'family' exists. That is, i want to see if there is any file named bfile[1-9][0-9]+.txt. I don't care which bfile number exists, i just want to know if any bfile exists. I hope this is clear enough, if not let me know. thanks, dK After some more research it seems my options are: 1) loop through the directory contents 2) use scandir (then search the resulting array) 3) use glob. I am not familiar with the glob pattern library, it does not seem like i have the full power of regex when using glob is this correct? Also, searching the whole filesystem seems...overkill. What do you suggest, is there a 4th option? thanks, dK
Re: [PHP] file_exists and wildcard/regex
On 9 Dec 2008, at 22:26, Daniel Kolbo wrote: What is the preferred method with php to test and see if a file [pattern] exists? For example, i only need to search in one directory, that may have any number of files named such as afile1.txt, afile2.txt, afile3.txt, And also, bfile1.txt, bfile2.txt, bfile3.txt, ... I want to see if any such file 'family' exists. That is, i want to see if there is any file named bfile[1-9][0-9]+.txt. I don't care which bfile number exists, i just want to know if any bfile exists. I hope this is clear enough, if not let me know. Use glob (http://php.net/glob) and get the size of the array returned. Note that if there could be thousands of matching files you may want to use opendir and readdir to look for matches instead. -Stut -- http://stut.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] file_Exists() and case
Stan wrote: The script is running on an UBUNTU v8.04 LAMP server. Case is supposed to matter, isn't it? out of interest try putting clearstatcache() before if(!file_Exists($basePicture)) ps.. sure it should be file_exists all lowercase - perhaps you're choosing to use call the function with a capital letter is throwing php in to some kind of "case doesn't matter" mode :p Craige Leeder wrote: Yes, case matters, but only of the file name, not the extension (I think). The extension is simply a secondary file-type identifier. .jpg = .JPG = .jPg I could be wrong. # touch test.T # touch test.t # ls test.t test.T -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] file_Exists() and case
On Sun, 2008-11-23 at 12:24 -0500, Craige Leeder wrote: > Stan wrote: > > If $basePicture = "../pictures/2008 west coast trip/2008-06-10 first week at > > Chris'/DSC_0011.jpg" > > and the file actually is "../pictures/2008 west coast trip/2008-06-10 first > > week at Chris'/DSC_0011.JPG" > > (uppercase extension) the following snippet of code > > > > --- > > /* make sure the picture file actually exists */ > > if(!file_Exists($basePicture)) > > { > > echo "file = '" . $basePicture . "' doesn't exist.\n"; > > $extStartsAt = strrpos($basePicture, ".") + 1; > > $extOfBasePicture = substr($basePicture, $extStartsAt); > > $basePicture = > > substr_replace($extOfBasePicture,strtoupper($extOfBasePicture),$extStartsAt) > > ; > > } > > else > > { > > echo "file = \"" . $basePicture . "\" exists.\n"; > > } > > > > --- > > generates > > > > --- > > file = "../pictures/2008 west coast trip/2008-06-10 first week at > > Chris'/DSC_0011.jpg" exists. > > > > --- > > The script is running on an UBUNTU v8.04 LAMP server. Case is supposed to > > matter, isn't it? > > > > Thanks, > > Stan > > > Yes, case matters, but only of the file name, not the extension (I > think). The extension is simply a secondary file-type identifier. > > .jpg = .JPG = .jPg > > I could be wrong. > > - Craige > > The extension is part of the filename, so you could have all of the following files in the same directory: image.jpg Image.jpg IMAGE.jpg IMAGE.JPG It's just because Unix-based filesystems allow many more characters to be used as part of the filename, and thus, as upper and lowercase characters are different characters with different ascii codes, it treats them as unique. Ash www.ashleysheridan.co.uk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] file_Exists() and case
Stan wrote: If $basePicture = "../pictures/2008 west coast trip/2008-06-10 first week at Chris'/DSC_0011.jpg" and the file actually is "../pictures/2008 west coast trip/2008-06-10 first week at Chris'/DSC_0011.JPG" (uppercase extension) the following snippet of code --- /* make sure the picture file actually exists */ if(!file_Exists($basePicture)) { echo "file = '" . $basePicture . "' doesn't exist.\n"; $extStartsAt = strrpos($basePicture, ".") + 1; $extOfBasePicture = substr($basePicture, $extStartsAt); $basePicture = substr_replace($extOfBasePicture,strtoupper($extOfBasePicture),$extStartsAt) ; } else { echo "file = \"" . $basePicture . "\" exists.\n"; } --- generates --- file = "../pictures/2008 west coast trip/2008-06-10 first week at Chris'/DSC_0011.jpg" exists. --- The script is running on an UBUNTU v8.04 LAMP server. Case is supposed to matter, isn't it? Thanks, Stan Yes, case matters, but only of the file name, not the extension (I think). The extension is simply a secondary file-type identifier. .jpg = .JPG = .jPg I could be wrong. - Craige -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] file_exists() not working correctly?
-:- -Original Message- -:- From: Chris [mailto:[EMAIL PROTECTED] -:- Sent: Monday, August 25, 2008 9:49 AM -:- To: Chris Haensel -:- Cc: php-general@lists.php.net -:- Subject: Re: [PHP] file_exists() not working correctly? -:- -:- -:- > That worked like a charm. Now, can you tell me why that -:- exact same function -:- > works with a relative path on another server and with a -:- "full path only" on -:- > this server? I am glad that it works, but would also -:- like to understand why -:- > :o) -:- -:- Could be different document roots for apache, different -:- environment -:- settings, lots of things. -:- -:- If you have a config variable for the base folder of your -:- app, try to -:- use that. -:- -:- If you don't, then work out the path relative to the file -:- this function -:- is in. -:- -:- $mydir = dirname(__FILE__); -:- $path_to_folder = $mydir . '/../../images/'; -:- -:- That way it's relative to the file the function is in and -:- you don't have -:- to change it each time you put it on a new server. -:- -:- -- -:- Postgresql & php tutorials -:- http://www.designmagick.com/ -:- -:- Thanks mate! Appreciate your help!! Have a great day all! Chris -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] file_exists() not working correctly?
-:- -Original Message- -:- From: Chris [mailto:[EMAIL PROTECTED] -:- Sent: Monday, August 25, 2008 9:25 AM -:- To: Chris Haensel -:- Cc: php-general@lists.php.net -:- Subject: Re: [PHP] file_exists() not working correctly? -:- -:- Chris Haensel wrote: -:- > Good morning list, -:- > -:- > I have a _very_ simple function... it is as follows -:- > -:- > /**/ -:- > -:- > function getgalimage($fzg) { -:- > $folder = "bilder"; -:- > $imgname= $fzg."_1.JPG"; -:- > $checkimg = $folder."/".$imgname; -:- > if(file_exists($checkimg)) { -:- > //echo ' src="mod_search_thumbs.php?bild='.$imgname.'&fzg_nr='.$fzg.'">'; -:- > echo ''; -:- > } else { -:- > echo ''.$checkimg.''; -:- > } -:- > } -:- > -:- > /**/ -:- > -:- > Now, the folder "bilder" exists, and I pass the number -:- 0002822 to the -:- > function. Now it should check whether the image file -:- "bilder/0002822_1.JPG" -:- > exists. It never finds the image, even though it exists -:- (I checked it many -:- > times now) -:- -:- Try a full path: -:- -:- $folder = '/full/path/to/bilder'; -:- -:- -- -:- Postgresql & php tutorials -:- http://www.designmagick.com/ -:- -:- -:- -- -:- PHP General Mailing List (http://www.php.net/) -:- To unsubscribe, visit: http://www.php.net/unsub.php -:- -:- That worked like a charm. Now, can you tell me why that exact same function works with a relative path on another server and with a "full path only" on this server? I am glad that it works, but would also like to understand why :o) Thanks for your help matey! Chris -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] file_exists() not working correctly?
Chris Haensel wrote: > That worked like a charm. Now, can you tell me why that exact same > function works with a relative path on another server and with a "full > path only" on this server? I am glad that it works, but would also > like to understand why Check the working directory as well as the permissions. /Per Jessen, Zürich -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] file_exists() not working correctly?
That worked like a charm. Now, can you tell me why that exact same function works with a relative path on another server and with a "full path only" on this server? I am glad that it works, but would also like to understand why :o) Could be different document roots for apache, different environment settings, lots of things. If you have a config variable for the base folder of your app, try to use that. If you don't, then work out the path relative to the file this function is in. $mydir = dirname(__FILE__); $path_to_folder = $mydir . '/../../images/'; That way it's relative to the file the function is in and you don't have to change it each time you put it on a new server. -- Postgresql & php tutorials http://www.designmagick.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] file_exists() not working correctly?
Chris schrieb: Chris Haensel wrote: Good morning list, I have a _very_ simple function... it is as follows /**/ function getgalimage($fzg) { $folder="bilder"; $imgname=$fzg."_1.JPG"; $checkimg=$folder."/".$imgname; if(file_exists($checkimg)) { //echo ''; echo ''; } else { echo ''.$checkimg.''; } } /**/ Now, the folder "bilder" exists, and I pass the number 0002822 to the function. Now it should check whether the image file "bilder/0002822_1.JPG" exists. It never finds the image, even though it exists (I checked it many times now) Try a full path: $folder = '/full/path/to/bilder'; Hi, please show at your JPG or jpg lower or Uppercase at first. Check if the file really exists and your server can read of the directory Regards Carlos -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] file_exists() not working correctly?
Chris Haensel wrote: Good morning list, I have a _very_ simple function... it is as follows /**/ function getgalimage($fzg) { $folder = "bilder"; $imgname= $fzg."_1.JPG"; $checkimg = $folder."/".$imgname; if(file_exists($checkimg)) { //echo ''; echo ''; } else { echo ''.$checkimg.''; } } /**/ Now, the folder "bilder" exists, and I pass the number 0002822 to the function. Now it should check whether the image file "bilder/0002822_1.JPG" exists. It never finds the image, even though it exists (I checked it many times now) Try a full path: $folder = '/full/path/to/bilder'; -- Postgresql & php tutorials http://www.designmagick.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] file_exists
At 11:06 PM + 11/15/07, Stut wrote: The realpath function will reduce your definition of $page to "/home/evil-user-home-dir/evil-payload.php" $expecteddir is set to "/home/stut/phpstuff/inc" The if takes the first strlen($expecteddir) characters of the reduced $page and compares it to $expecteddir. If they don't match then if means the requested file is outside your "safe" directory, hence access denied. If they do match then it's safe to include the file. -Stut -Stut: What about this? '); exit; } chdir('..'); } include('common/includes/header.php'); chdir($origwd); ?> I have a common set of includes that most of my test scripts find and use. Unless I'm not understanding the problem here, this looks like something this might work. It simply looks for the files it needs in an approved path. I don't see any way to circumvent this, do you? Cheers, tedd -- --- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] file_exists
At 2:45 PM + 11/16/07, Stut wrote: It also worth noting that what you're doing there is quite inefficient. I have a similar arrangement where I have a directory containing the include files, but I locate it in a different way. Most sites I deal with have an auto-prepended file containing (among other things) this line... ini_set('include_path', dirname(__FILE__).'/../code'.PATH_SEPARATOR.ini_get('include_path')); This adds the code subdirectory (relative to the location of the prepended file) to the include page. I then don't need to worry about where I am when I want to include a file. When a site goes into production I remove this line and set it in the virtualhost definition since there's no reason to re-calculate it on every request. -Stut Thanks, I think. Now I have to figure out what you did. Cheers, tedd -- --- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] file_exists
tedd wrote: At 11:06 PM + 11/15/07, Stut wrote: The realpath function will reduce your definition of $page to "/home/evil-user-home-dir/evil-payload.php" $expecteddir is set to "/home/stut/phpstuff/inc" The if takes the first strlen($expecteddir) characters of the reduced $page and compares it to $expecteddir. If they don't match then if means the requested file is outside your "safe" directory, hence access denied. If they do match then it's safe to include the file. -Stut -Stut: What about this? '); exit; } chdir('..'); } include('common/includes/header.php'); chdir($origwd); ?> I have a common set of includes that most of my test scripts find and use. Unless I'm not understanding the problem here, this looks like something this might work. It simply looks for the files it needs in an approved path. I don't see any way to circumvent this, do you? Since nothing in there comes from external variables it should be pretty safe, but this is not what the OP was doing. It also worth noting that what you're doing there is quite inefficient. I have a similar arrangement where I have a directory containing the include files, but I locate it in a different way. Most sites I deal with have an auto-prepended file containing (among other things) this line... ini_set('include_path', dirname(__FILE__).'/../code'.PATH_SEPARATOR.ini_get('include_path')); This adds the code subdirectory (relative to the location of the prepended file) to the include page. I then don't need to worry about where I am when I want to include a file. When a site goes into production I remove this line and set it in the virtualhost definition since there's no reason to re-calculate it on every request. -Stut -- http://stut.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] file_exists
Instruct ICC wrote: Something like the following would be much better (untested)... $page = realpath(dirname(__FILE__).'/inc/'.$_GET['page'].'.php'); $expecteddir = realpath(dirname(__FILE__).'/inc'); if (substr($page, 0, strlen($expecteddir)) != $expecteddir) { // Ideally return a 403 status here die('Access denied'); } // Now we know it's a file in the right directory if (file_exists($page)) { include($page); } else { // Return a 404 status here die('Resource not found'); } That should lock the requested page to the given directory. If anyone can see any way around that I'd be interested in hearing about it. -Stut -- http://stut.net/ Good points about (.php, evil-payload, and evil-payload.php?). Although I'll defer to a security expert, your modification looks good to not include a remote site's code. But on a shared host, what about this?: index.php?page=../../../../../../../../../../../../home/evil-user-home-dir/evil-payload.php If that gives something like: $expecteddir === "/home/stut/phpstuff/inc/../../../../../../../../../../../../home/evil-user-home-dir/evil-payload.php" maybe it will include "/home/evil-user-home-dir/evil-payload.php" No, you've missed the point. $expecteddir is a fixed variable that you, the script author, specify. It does not contain anything coming from external veriables. You then compare the full path you build from the external variables to $expecteddir to verify that the file is in the right directory. I suggest you read the code I posted again. -Stut I meant if $page evaluates to "/home/stut/phpstuff/inc/../../../../../../../../../../../../home/evil-user-home-dir/evil-payload.php" which it does not. However I don't think your if (substr($page, 0, strlen($expecteddir)) != $expecteddir) ever evaluates to TRUE. So you'll never get Access denied. So how you set $page saved your ass. Good job. You clearly don't know what the realpath function does. Look it up. -Stut -- http://stut.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] file_exists
> >> Something like the following would be much better (untested)... > >> > >> $page = realpath(dirname(__FILE__).'/inc/'.$_GET['page'].'.php'); > >> $expecteddir = realpath(dirname(__FILE__).'/inc'); > >> if (substr($page, 0, strlen($expecteddir)) != $expecteddir) > >> { > >> // Ideally return a 403 status here > >> die('Access denied'); > >> } > >> // Now we know it's a file in the right directory > >> if (file_exists($page)) > >> { > >> include($page); > >> } > >> else > >> { > >> // Return a 404 status here > >> die('Resource not found'); > >> } > >> > >> That should lock the requested page to the given directory. If anyone > >> can see any way around that I'd be interested in hearing about it. > >> > >> -Stut > >> > >> -- > >> http://stut.net/ > > > > Good points about (.php, evil-payload, and evil-payload.php?). > > > > Although I'll defer to a security expert, your modification looks good to > > not include a remote site's code. > > But on a shared host, what about this?: > > index.php?page=../../../../../../../../../../../../home/evil-user-home-dir/evil-payload.php > > > > If that gives something like: > > $expecteddir === > > "/home/stut/phpstuff/inc/../../../../../../../../../../../../home/evil-user-home-dir/evil-payload.php" > > maybe it will include "/home/evil-user-home-dir/evil-payload.php" > > > > No, you've missed the point. $expecteddir is a fixed variable that you, > the script author, specify. It does not contain anything coming from > external veriables. You then compare the full path you build from the > external variables to $expecteddir to verify that the file is in the > right directory. > > I suggest you read the code I posted again. > > -Stut I meant if $page evaluates to "/home/stut/phpstuff/inc/../../../../../../../../../../../../home/evil-user-home-dir/evil-payload.php" which it does not. However I don't think your if (substr($page, 0, strlen($expecteddir)) != $expecteddir) ever evaluates to TRUE. So you'll never get Access denied. So how you set $page saved your ass. Good job. _ Help yourself to FREE treats served up daily at the Messenger Café. Stop by today. http://www.cafemessenger.com/info/info_sweetstuff2.html?ocid=TXT_TAGLM_OctWLtagline
RE: [PHP] file_exists
> My server is down right now so I can't do my usual example script. A likely story. Just kidding. Stut, YOU WERE RIGHT, AND I WAS WRONG. Your code is golden. _ Help yourself to FREE treats served up daily at the Messenger Café. Stop by today. http://www.cafemessenger.com/info/info_sweetstuff2.html?ocid=TXT_TAGLM_OctWLtagline
Re: [PHP] file_exists
Instruct ICC wrote: Date: Thu, 15 Nov 2007 13:16:46 + From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] CC: php-general@lists.php.net Subject: Re: [PHP] file_exists Instruct ICC wrote: Date: Thu, 15 Nov 2007 00:20:52 + From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] CC: php-general@lists.php.net Subject: Re: [PHP] file_exists Philip Thompson wrote: I've run into similar problems where I *thought* I was looking in the correct location... but I wasn't. Take this for example $page = $_GET['page']; if (file_exists ("$page.php")) { include ("$page.php"); } ?> I really hope this is not a piece of production code. If it is then you might want to think very hard about what it's doing. If you still can't see a problem let me know! -Stut -- http://stut.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php Called like this? index.php?page=http://evil-hacker-site.com/evil-payload.php And the browser will probably url_encode for me if needed. Actually in this example that would end up getting evil-payload.php.php - probably not what your evil mind wanted. You could do this... index.php?page=http://evil-hacker-site.com/evil-payload ...assuming you know it's gonna stick .php on the end. Alternatively you could do this... index.php?page=http://evil-hacker-site.com/evil-payload.php? Resulting in the appended .php being in the querystring. The easiest way to protect your code from this is to always always prefix the string with something as well as appending to it. For example... $page = dirname(__FILE__).'/'.$_GET['page'].'.php'; if (file_exists ($page)) { include ($page); } But that doesn't prevent a malicious user including any PHP file on your server. $_GET['page'] should be one of a known set of values. At the very least it should be restricted to file in a particular directory. Something like the following would be much better (untested)... $page = realpath(dirname(__FILE__).'/inc/'.$_GET['page'].'.php'); $expecteddir = realpath(dirname(__FILE__).'/inc'); if (substr($page, 0, strlen($expecteddir)) != $expecteddir) { // Ideally return a 403 status here die('Access denied'); } // Now we know it's a file in the right directory if (file_exists($page)) { include($page); } else { // Return a 404 status here die('Resource not found'); } That should lock the requested page to the given directory. If anyone can see any way around that I'd be interested in hearing about it. -Stut -- http://stut.net/ Good points about (.php, evil-payload, and evil-payload.php?). Although I'll defer to a security expert, your modification looks good to not include a remote site's code. But on a shared host, what about this?: index.php?page=../../../../../../../../../../../../home/evil-user-home-dir/evil-payload.php If that gives something like: $expecteddir === "/home/stut/phpstuff/inc/../../../../../../../../../../../../home/evil-user-home-dir/evil-payload.php" maybe it will include "/home/evil-user-home-dir/evil-payload.php" Maybe a switch statement that only uses the file name supplied by the script (whether or not an unknown user supplies an actual file name. I just did something like that today. I have a custom "ls" type PHP script and I want it to search 1 of 2 directories only. I check if the GET var is set; don't even look at the value, then do a custom "ls" on 1 or the other directory which is in the web path. The whole site is behind htaccess though, but I added this layer for this special "ls" function. No, you've missed the point. $expecteddir is a fixed variable that you, the script author, specify. It does not contain anything coming from external veriables. You then compare the full path you build from the external variables to $expecteddir to verify that the file is in the right directory. I suggest you read the code I posted again. -Stut -- http://stut.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] file_exists
Instruct ICC wrote: No, you've missed the point. $expecteddir is a fixed variable that you, the script author, specify. It does not contain anything coming from external veriables. You then compare the full path you build from the external variables to $expecteddir to verify that the file is in the right directory. I suggest you read the code I posted again. -Stut I meant if $page evaluates to "/home/stut/phpstuff/inc/../../../../../../../../../../../../home/evil-user-home-dir/evil-payload.php" which it does not. However I don't think your if (substr($page, 0, strlen($expecteddir)) != $expecteddir) ever evaluates to TRUE. So you'll never get Access denied. So how you set $page saved your ass. Good job. You clearly don't know what the realpath function does. Look it up. -Stut No I didn't. And I looked it up for the previous reply. And I said that's the only thing saving your ass. Your IF never evaluates to true. But it works to keep out the hacker. So I said "Good job". My server is down right now so I can't do my usual example script. The realpath function will reduce your definition of $page to "/home/evil-user-home-dir/evil-payload.php" $expecteddir is set to "/home/stut/phpstuff/inc" The if takes the first strlen($expecteddir) characters of the reduced $page and compares it to $expecteddir. If they don't match then if means the requested file is outside your "safe" directory, hence access denied. If they do match then it's safe to include the file. -Stut -- http://stut.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] file_exists
> >> No, you've missed the point. $expecteddir is a fixed variable that you, > >> the script author, specify. It does not contain anything coming from > >> external veriables. You then compare the full path you build from the > >> external variables to $expecteddir to verify that the file is in the > >> right directory. > >> > >> I suggest you read the code I posted again. > >> > >> -Stut > > > > I meant if $page evaluates to > > "/home/stut/phpstuff/inc/../../../../../../../../../../../../home/evil-user-home-dir/evil-payload.php" > > which it does not. > > > > However I don't think your if (substr($page, 0, strlen($expecteddir)) != > > $expecteddir) > > ever evaluates to TRUE. So you'll never get Access denied. > > > > So how you set $page saved your ass. Good job. > > You clearly don't know what the realpath function does. Look it up. > > -Stut No I didn't. And I looked it up for the previous reply. And I said that's the only thing saving your ass. Your IF never evaluates to true. But it works to keep out the hacker. So I said "Good job". _ Help yourself to FREE treats served up daily at the Messenger Café. Stop by today. http://www.cafemessenger.com/info/info_sweetstuff2.html?ocid=TXT_TAGLM_OctWLtagline
RE: [PHP] file_exists
> Date: Thu, 15 Nov 2007 13:16:46 + > From: [EMAIL PROTECTED] > To: [EMAIL PROTECTED] > CC: php-general@lists.php.net > Subject: Re: [PHP] file_exists > > Instruct ICC wrote: > > > > > >> Date: Thu, 15 Nov 2007 00:20:52 + > >> From: [EMAIL PROTECTED] > >> To: [EMAIL PROTECTED] > >> CC: php-general@lists.php.net > >> Subject: Re: [PHP] file_exists > >> > >> Philip Thompson wrote: > >>> I've run into similar problems where I *thought* I was looking in the > >>> correct location... but I wasn't. Take this for example > >>> > >>>> $page = $_GET['page']; > >>> if (file_exists ("$page.php")) { > >>> include ("$page.php"); > >>> } > >>> ?> > >> I really hope this is not a piece of production code. If it is then you > >> might want to think very hard about what it's doing. If you still can't > >> see a problem let me know! > >> > >> -Stut > >> > >> -- > >> http://stut.net/ > >> > >> -- > >> PHP General Mailing List (http://www.php.net/) > >> To unsubscribe, visit: http://www.php.net/unsub.php > >> > > > > Called like this? > > > > index.php?page=http://evil-hacker-site.com/evil-payload.php > > > > And the browser will probably url_encode for me if needed. > > Actually in this example that would end up getting evil-payload.php.php > - probably not what your evil mind wanted. You could do this... > > index.php?page=http://evil-hacker-site.com/evil-payload > > ...assuming you know it's gonna stick .php on the end. Alternatively you > could do this... > > index.php?page=http://evil-hacker-site.com/evil-payload.php? > > Resulting in the appended .php being in the querystring. The easiest way > to protect your code from this is to always always prefix the string > with something as well as appending to it. For example... > > $page = dirname(__FILE__).'/'.$_GET['page'].'.php'; > if (file_exists ($page)) { > include ($page); > } > > But that doesn't prevent a malicious user including any PHP file on your > server. $_GET['page'] should be one of a known set of values. At the > very least it should be restricted to file in a particular directory. > > Something like the following would be much better (untested)... > > $page = realpath(dirname(__FILE__).'/inc/'.$_GET['page'].'.php'); > $expecteddir = realpath(dirname(__FILE__).'/inc'); > if (substr($page, 0, strlen($expecteddir)) != $expecteddir) > { > // Ideally return a 403 status here > die('Access denied'); > } > // Now we know it's a file in the right directory > if (file_exists($page)) > { > include($page); > } > else > { > // Return a 404 status here > die('Resource not found'); > } > > That should lock the requested page to the given directory. If anyone > can see any way around that I'd be interested in hearing about it. > > -Stut > > -- > http://stut.net/ Good points about (.php, evil-payload, and evil-payload.php?). Although I'll defer to a security expert, your modification looks good to not include a remote site's code. But on a shared host, what about this?: index.php?page=../../../../../../../../../../../../home/evil-user-home-dir/evil-payload.php If that gives something like: $expecteddir === "/home/stut/phpstuff/inc/../../../../../../../../../../../../home/evil-user-home-dir/evil-payload.php" maybe it will include "/home/evil-user-home-dir/evil-payload.php" Maybe a switch statement that only uses the file name supplied by the script (whether or not an unknown user supplies an actual file name. I just did something like that today. I have a custom "ls" type PHP script and I want it to search 1 of 2 directories only. I check if the GET var is set; don't even look at the value, then do a custom "ls" on 1 or the other directory which is in the web path. The whole site is behind htaccess though, but I added this layer for this special "ls" function. _ Help yourself to FREE treats served up daily at the Messenger Café. Stop by today. http://www.cafemessenger.com/info/info_sweetstuff2.html?ocid=TXT_TAGLM_OctWLtagline
Re: [PHP] file_exists
On Nov 15, 2007 7:16 AM, Stut <[EMAIL PROTECTED]> wrote: > Instruct ICC wrote: > > > > > >> Date: Thu, 15 Nov 2007 00:20:52 + > >> From: [EMAIL PROTECTED] > >> To: [EMAIL PROTECTED] > >> CC: php-general@lists.php.net > >> Subject: Re: [PHP] file_exists > >> > >> Philip Thompson wrote: > >>> I've run into similar problems where I *thought* I was looking in the > >>> correct location... but I wasn't. Take this for example > >>> > >>>> $page = $_GET['page']; > >>> if (file_exists ("$page.php")) { > >>> include ("$page.php"); > >>> } > >>> ?> > >> I really hope this is not a piece of production code. If it is then you > >> might want to think very hard about what it's doing. If you still can't > >> see a problem let me know! > >> > >> -Stut > >> > >> -- > >> http://stut.net/ > >> > >> -- > >> PHP General Mailing List (http://www.php.net/) > >> To unsubscribe, visit: http://www.php.net/unsub.php > >> > > > > Called like this? > > > > index.php?page=http://evil-hacker-site.com/evil-payload.php > > > > And the browser will probably url_encode for me if needed. > > Actually in this example that would end up getting evil-payload.php.php > - probably not what your evil mind wanted. You could do this... > > index.php?page=http://evil-hacker-site.com/evil-payload > > ...assuming you know it's gonna stick .php on the end. Alternatively you > could do this... > > index.php?page=http://evil-hacker-site.com/evil-payload.php? > > Resulting in the appended .php being in the querystring. The easiest way > to protect your code from this is to always always prefix the string > with something as well as appending to it. For example... > > $page = dirname(__FILE__).'/'.$_GET['page'].'.php'; > if (file_exists ($page)) { > include ($page); > } > > But that doesn't prevent a malicious user including any PHP file on your > server. $_GET['page'] should be one of a known set of values. At the > very least it should be restricted to file in a particular directory. > > Something like the following would be much better (untested)... > > $page = realpath(dirname(__FILE__).'/inc/'.$_GET['page'].'.php'); > $expecteddir = realpath(dirname(__FILE__).'/inc'); > if (substr($page, 0, strlen($expecteddir)) != $expecteddir) > { > // Ideally return a 403 status here > die('Access denied'); > } > // Now we know it's a file in the right directory > if (file_exists($page)) > { > include($page); > } > else > { > // Return a 404 status here > die('Resource not found'); > } > > That should lock the requested page to the given directory. If anyone > can see any way around that I'd be interested in hearing about it. > > -Stut > Thanks to all who replied. Yes, that was *NOT* production code - merely an example. I know better than that!! =D ~Philip
Re: [PHP] file_exists
Instruct ICC wrote: Date: Thu, 15 Nov 2007 00:20:52 + From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] CC: php-general@lists.php.net Subject: Re: [PHP] file_exists Philip Thompson wrote: I've run into similar problems where I *thought* I was looking in the correct location... but I wasn't. Take this for example $page = $_GET['page']; if (file_exists ("$page.php")) { include ("$page.php"); } ?> I really hope this is not a piece of production code. If it is then you might want to think very hard about what it's doing. If you still can't see a problem let me know! -Stut -- http://stut.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php Called like this? index.php?page=http://evil-hacker-site.com/evil-payload.php And the browser will probably url_encode for me if needed. Actually in this example that would end up getting evil-payload.php.php - probably not what your evil mind wanted. You could do this... index.php?page=http://evil-hacker-site.com/evil-payload ...assuming you know it's gonna stick .php on the end. Alternatively you could do this... index.php?page=http://evil-hacker-site.com/evil-payload.php? Resulting in the appended .php being in the querystring. The easiest way to protect your code from this is to always always prefix the string with something as well as appending to it. For example... $page = dirname(__FILE__).'/'.$_GET['page'].'.php'; if (file_exists ($page)) { include ($page); } But that doesn't prevent a malicious user including any PHP file on your server. $_GET['page'] should be one of a known set of values. At the very least it should be restricted to file in a particular directory. Something like the following would be much better (untested)... $page = realpath(dirname(__FILE__).'/inc/'.$_GET['page'].'.php'); $expecteddir = realpath(dirname(__FILE__).'/inc'); if (substr($page, 0, strlen($expecteddir)) != $expecteddir) { // Ideally return a 403 status here die('Access denied'); } // Now we know it's a file in the right directory if (file_exists($page)) { include($page); } else { // Return a 404 status here die('Resource not found'); } That should lock the requested page to the given directory. If anyone can see any way around that I'd be interested in hearing about it. -Stut -- http://stut.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] file_exists
Ronald Wiplinger wrote: Stut wrote: Philip Thompson wrote: I've run into similar problems where I *thought* I was looking in the correct location... but I wasn't. Take this for example I really hope this is not a piece of production code. If it is then you might want to think very hard about what it's doing. If you still can't see a problem let me know! Ok, I let you know! I don't see it! I tried the full path like: if (file_exists('/srv/www///htdocs/images/pic412.jpg')) { echo ""; } else { echo " " //display space to make a table happy if picture is missing! } I also tried it with that line: if (file_exists('/images/pic412.jpg')) { or that line: if (file_exists('images/pic412.jpg')) { Basically I just want to avoid to show a "missing picture" ! If there is another solution for that problem I am happy too. bye Ronald I believe Stut was referring to the RFI vulnerability in that example not your ability to see the problem. Go to the web page that you're having the issue with and look at the page source from the browser. Find the img tag and see what is src="" and try to goto that file in your browser. Also can you use a pastebin and post your code and give his the url to the site in question? William Betts -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] file_exists - this part is of topic
Instruct ICC wrote: > > > Called like this? > > index.php?page=http://evil-hacker-site.com/evil-payload.php > > And the browser will probably url_encode for me if needed. > _ > Climb to the top of the charts! Play Star Shuffle: the word scramble > challenge with star power. > http://club.live.com/star_shuffle.aspx?icid=starshuffle_wlmailtextlink_oct > I do hope that some hackers will get a great jail sentence. Sometimes the law takes a long time (see spamers get now also jailed). I do not see any difference between a "Terrorist" sending people to heaven with a bomb or by hacking or sending virus so that a company has to lay off a lot of employees and so "kills" families over the time! I had a bad experience! 20 years ago, when we had no Internet one of my employees brought a floppy with a game to the office. The virus nested itself to the login of the Novel network. First the virus played music with the internal speakers. During that time you could not work. It was only once an hour! Then the virus played 55 minutes per hour To print a letter we had to run twice the only virus utility we got (per mail!!!) to be able to print one document. After that the virus took over again. I had to take drastically measurements, and lay off 50% of my work force! Nobody was happy about it. No answer needed! bye Ronald -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] file_exists
Stut wrote: > Philip Thompson wrote: >> I've run into similar problems where I *thought* I was looking in the >> correct location... but I wasn't. Take this for example >> >> > $page = $_GET['page']; >> if (file_exists ("$page.php")) { >> include ("$page.php"); >> } >> ?> > > I really hope this is not a piece of production code. If it is then > you might want to think very hard about what it's doing. If you still > can't see a problem let me know! Ok, I let you know! I don't see it! I tried the full path like: if (file_exists('/srv/www///htdocs/images/pic412.jpg')) { echo ""; } else { echo " " //display space to make a table happy if picture is missing! } I also tried it with that line: if (file_exists('/images/pic412.jpg')) { or that line: if (file_exists('images/pic412.jpg')) { Basically I just want to avoid to show a "missing picture" ! If there is another solution for that problem I am happy too. bye Ronald -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] file_exists
> Date: Thu, 15 Nov 2007 00:20:52 + > From: [EMAIL PROTECTED] > To: [EMAIL PROTECTED] > CC: php-general@lists.php.net > Subject: Re: [PHP] file_exists > > Philip Thompson wrote: >> I've run into similar problems where I *thought* I was looking in the >> correct location... but I wasn't. Take this for example >> >> > $page = $_GET['page']; >> if (file_exists ("$page.php")) { >> include ("$page.php"); >> } >> ?> > > I really hope this is not a piece of production code. If it is then you > might want to think very hard about what it's doing. If you still can't > see a problem let me know! > > -Stut > > -- > http://stut.net/ > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > Called like this? index.php?page=http://evil-hacker-site.com/evil-payload.php And the browser will probably url_encode for me if needed. _ Climb to the top of the charts! Play Star Shuffle: the word scramble challenge with star power. http://club.live.com/star_shuffle.aspx?icid=starshuffle_wlmailtextlink_oct -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] file_exists
Philip Thompson wrote: I've run into similar problems where I *thought* I was looking in the correct location... but I wasn't. Take this for example I really hope this is not a piece of production code. If it is then you might want to think very hard about what it's doing. If you still can't see a problem let me know! -Stut -- http://stut.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] file_exists
> >>> if (file_exists('/srv/www/../images/pic412.jpg') { Two left parens, one right, surprised you don't get a syntax error? Warren Vail -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] file_exists
On Nov 14, 2007 5:04 PM, Chris <[EMAIL PROTECTED]> wrote: > Ronald Wiplinger wrote: > > Chris wrote: > >> Ronald Wiplinger wrote: > >>> I am having troubles with the function file_exists() > >>> > >>> I tried the full path like: > >>> > >>> if (file_exists('/srv/www/../images/pic412.jpg') { > >>> echo ""; > >>> } else { > >>> echo " " //picture is missing! > >>> } > >>> > >>> No matter if I use the full path or just images/pic412.jpg, it always > >>> shows the picture is missing! > > > > Sorry, I expressed it wrong. > > > > The picture is displayed if it exists! > > However, when the picture does not exist, then the missing file is not > > recognized (hence the subject line "file_exists") > > Are you 100% sure you are looking for the file in the right place then? I've run into similar problems where I *thought* I was looking in the correct location... but I wasn't. Take this for example Notice that 'hello/hi.php' is being included from within index.php. So, references to images in 'hello/hi.php' will be the same as if called directly from index.php (if the images are in /images/ and index.php is in /): Ok, hope I didn't confuse things! Just something to consider. ~Philip
Re: [PHP] file_exists
Ronald Wiplinger wrote: Chris wrote: Ronald Wiplinger wrote: I am having troubles with the function file_exists() I tried the full path like: if (file_exists('/srv/www/../images/pic412.jpg') { echo ""; } else { echo " " //picture is missing! } No matter if I use the full path or just images/pic412.jpg, it always shows the picture is missing! Sorry, I expressed it wrong. The picture is displayed if it exists! However, when the picture does not exist, then the missing file is not recognized (hence the subject line "file_exists") Are you 100% sure you are looking for the file in the right place then? -- Postgresql & php tutorials http://www.designmagick.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] file_exists
Chris wrote: > Ronald Wiplinger wrote: >> I am having troubles with the function file_exists() >> >> I tried the full path like: >> >> if (file_exists('/srv/www/../images/pic412.jpg') { >> echo ""; >> } else { >> echo " " //picture is missing! >> } >> >> No matter if I use the full path or just images/pic412.jpg, it always >> shows the picture is missing! > Sorry, I expressed it wrong. The picture is displayed if it exists! However, when the picture does not exist, then the missing file is not recognized (hence the subject line "file_exists") With my if construction I try, if the picture does not exist, just to echo " " ( is necessary for the table in which the picture would be displayed) bye Ronald
Re: [PHP] file_exists
Ronald Wiplinger wrote: I am having troubles with the function file_exists() I tried the full path like: if (file_exists('/srv/www/../images/pic412.jpg') { echo ""; } else { echo " " //picture is missing! } No matter if I use the full path or just images/pic412.jpg, it always shows the picture is missing! That could be because you're not referencing the image properly in the Should that be ? How do you view the image in your browser? Take off the domain name and that's exactly what you need to show in the image source. ie if the right image source is: http://domain.com/images/image.jpg then your image source needs to be: /images/image.jpg The '/' at the start will make a big difference. -- Postgresql & php tutorials http://www.designmagick.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] file_exists
Ronald Wiplinger wrote: I am having troubles with the function file_exists() I tried the full path like: you are missing a closing parenthesis on your condition if (file_exists('/srv/www/../images/pic412.jpg') ) { if (file_exists('/srv/www/../images/pic412.jpg') { echo ""; } else { echo " " //picture is missing! } No matter if I use the full path or just images/pic412.jpg, it always shows the picture is missing! The file exist there! How can I do it? I want that in case the picture is really missing, a blank will be shown. bye Ronald -- Jim Lucas "Perseverance is not a long race; it is many short races one after the other" Walter Elliot "Some men are born to greatness, some achieve greatness, and some have greatness thrust upon them." Twelfth Night, Act II, Scene V by William Shakespeare -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] file_exists, is_readable & effective UID/GID
On 10/24/07, Jim Lucas <[EMAIL PROTECTED]> wrote: > Daniel Brown wrote: > > On 10/24/07, Manuel Vacelet <[EMAIL PROTECTED]> wrote: > >> Hi all, > >> > >> file_exists and is_readable perfom there test with real UID/GID. > >> Is there any functions that tests file existance with effective UID/GID ? > >> > >> Note: stat is not an option because it raises an E_WARNING if the file > >> is not readable. > >> > >> Thanks, > >> Manuel > >> > >> -- > >> PHP General Mailing List (http://www.php.net/) > >> To unsubscribe, visit: http://www.php.net/unsub.php > >> > >> > > > > That's what you have things like > > > > what about doing it like this? > > > $filename = __FILE__; > > $stat_info = @stat($filename); > > if ( $stat_info ) { > // do something... > } > > The '@' will suppress the E_WARNING notice > if stat fails the condition will fail. I much prefer the second solution (Jim's one) even if I find that php limitation amazing ! Thank you for your help. Cheers, Manuel -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] file_exists, is_readable & effective UID/GID
Daniel Brown wrote: On 10/24/07, Manuel Vacelet <[EMAIL PROTECTED]> wrote: Hi all, file_exists and is_readable perfom there test with real UID/GID. Is there any functions that tests file existance with effective UID/GID ? Note: stat is not an option because it raises an E_WARNING if the file is not readable. Thanks, Manuel -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php That's what you have things like what about doing it like this? http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] file_exists, is_readable & effective UID/GID
On 10/24/07, Manuel Vacelet <[EMAIL PROTECTED]> wrote: > Hi all, > > file_exists and is_readable perfom there test with real UID/GID. > Is there any functions that tests file existance with effective UID/GID ? > > Note: stat is not an option because it raises an E_WARNING if the file > is not readable. > > Thanks, > Manuel > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > That's what you have things like -- Daniel P. Brown [office] (570-) 587-7080 Ext. 272 [mobile] (570-) 766-8107 Give a man a fish, he'll eat for a day. Then you'll find out he was allergic and is hospitalized. See? No good deed goes unpunished -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] file_exists, Windows, and EasyPHP
On 6/18/07, Jim Lucas <[EMAIL PROTECTED]> wrote: Daniel Brown wrote: > On 6/18/07, Jim Lucas <[EMAIL PROTECTED]> wrote: >> First off, don't jack someone else's thread. > >Am I not getting all of the list messages today? I didn't see > where the thread hijacking occurred > -- Jim Lucas "Some men are born to greatness, some achieve greatness, and some have greatness thrust upon them." Twelfth Night, Act II, Scene V by William Shakespeare Weird, I didn't get those messages. I wasn't being a smartass, I was legitimately wondering if I was missing emails from the list today, and apparently I am. Thanks, Jim. -- Daniel P. Brown [office] (570-) 587-7080 Ext. 272 [mobile] (570-) 766-8107 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] file_exists, Windows, and EasyPHP
Daniel Brown wrote: On 6/18/07, Jim Lucas <[EMAIL PROTECTED]> wrote: First off, don't jack someone else's thread. Am I not getting all of the list messages today? I didn't see where the thread hijacking occurred -- Jim Lucas "Some men are born to greatness, some achieve greatness, and some have greatness thrust upon them." Twelfth Night, Act II, Scene V by William Shakespeare -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] file_exists, Windows, and EasyPHP
Jim Lucas wrote: First off, don't jack someone else's thread. Secondly, I think it might have something to do with the space in the file name. Try changing all spaces to %20 and see what happens. $string = str_replace(' ', '%20', $string); should do the trick -- Jim Lucas "Some men are born to greatness, some achieve greatness, and some have greatness thrust upon them." Twelfth Night, Act II, Scene V by William Shakespeare Since my own reader isn't threaded I wasn't aware of the threading issue. I'll keep this in mind in the future. I assume by spaces you are referring to E:\Program Files\. Well, if a php package for windows can't understand its own file system something is seriously wrong. But in fact that's not the case since dokuwiki runs on the system and uses io_readFile. Glad to see you are now crediting Shakespeare. -- _ Myron Turner http://www.room535.org http://www.bstatzero.org http://www.mturner.org/XML_PullParser/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] file_exists, Windows, and EasyPHP
On 6/18/07, Jim Lucas <[EMAIL PROTECTED]> wrote: First off, don't jack someone else's thread. Am I not getting all of the list messages today? I didn't see where the thread hijacking occurred -- Daniel P. Brown [office] (570-) 587-7080 Ext. 272 [mobile] (570-) 766-8107 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] file_exists, Windows, and EasyPHP
Myron Turner wrote: I've written a plugin for DokuWiki which uses the following DokuWiki function for reading files: function io_readFile($file,$clean=true){ $ret = ''; if(@file_exists($file)){ if(substr($file,-3) == '.gz'){ $ret = join('',gzfile($file)); }else if(substr($file,-4) == '.bz2'){ $ret = bzfile($file); }else{ $ret = join('',file($file)); } } if($clean){ return cleanText($ret); }else{ return $ret; } } On Linux machines, this seems to behave as you would hope, that is, if the file doesn't exist then you get back a null string. In any event, none of the users who have installed it on Linux machines have had a problem with it. And I have done several installs myself. But one user installed the plugin on a Windows machine and the code fell through to $ret = join('',file($file)) even though there was no $file. The result was an error message: Permission denied in *E:\Program Files\EasyPHP 2.0b1\www\dokuwiki\inc\io.php* on line *97 *Line 97 is the join. So the function is attempting to read a non-existent file. I was just wondering whether there is some difference in the way his PHP version handles the @ operator in: if(@file_exists($file)) That is, is it possible that by suppressing errors, this expression somehow returns true? And is it a bug? Thanks. Myron First off, don't jack someone else's thread. Secondly, I think it might have something to do with the space in the file name. Try changing all spaces to %20 and see what happens. $string = str_replace(' ', '%20', $string); should do the trick -- Jim Lucas "Some men are born to greatness, some achieve greatness, and some have greatness thrust upon them." Twelfth Night, Act II, Scene V by William Shakespeare -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] file_exists, Windows, and EasyPHP
Edward Vermillion wrote: On Jun 18, 2007, at 3:30 PM, Myron Turner wrote: I've written a plugin for DokuWiki which uses the following DokuWiki function for reading files: function io_readFile($file,$clean=true){ $ret = ''; if(@file_exists($file)){ if(substr($file,-3) == '.gz'){ $ret = join('',gzfile($file)); }else if(substr($file,-4) == '.bz2'){ $ret = bzfile($file); }else{ $ret = join('',file($file)); } } if($clean){ return cleanText($ret); }else{ return $ret; } } On Linux machines, this seems to behave as you would hope, that is, if the file doesn't exist then you get back a null string. In any event, none of the users who have installed it on Linux machines have had a problem with it. And I have done several installs myself. But one user installed the plugin on a Windows machine and the code fell through to $ret = join('',file($file)) even though there was no $file. The result was an error message: Permission denied in *E:\Program Files\EasyPHP 2.0b1\www\dokuwiki\inc\io.php* on line *97 *Line 97 is the join. So the function is attempting to read a non-existent file. I was just wondering whether there is some difference in the way his PHP version handles the @ operator in: if(@file_exists($file)) That is, is it possible that by suppressing errors, this expression somehow returns true? And is it a bug? Are you sure the file doesn't exist? Could it just be that it exists, but the permissions are not set correctly? Ed I don't really know, since I am depending on the user's feed-back. But apparently he hadn't done anything yet with the plugin, so no files would have been in that directory. But it's a possibility since the code doesn't check for whether the file is readable. It could just be a Windows issue, but I thought I'd check here, because if it's something that others have run into and which I can rectify I'd want to do it. -- _ Myron Turner http://www.room535.org http://www.bstatzero.org http://www.mturner.org/XML_PullParser/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] file_exists, Windows, and EasyPHP
On Jun 18, 2007, at 3:30 PM, Myron Turner wrote: I've written a plugin for DokuWiki which uses the following DokuWiki function for reading files: function io_readFile($file,$clean=true){ $ret = ''; if(@file_exists($file)){ if(substr($file,-3) == '.gz'){ $ret = join('',gzfile($file)); }else if(substr($file,-4) == '.bz2'){ $ret = bzfile($file); }else{ $ret = join('',file($file)); } } if($clean){ return cleanText($ret); }else{ return $ret; } } On Linux machines, this seems to behave as you would hope, that is, if the file doesn't exist then you get back a null string. In any event, none of the users who have installed it on Linux machines have had a problem with it. And I have done several installs myself. But one user installed the plugin on a Windows machine and the code fell through to $ret = join('',file($file)) even though there was no $file. The result was an error message: Permission denied in *E:\Program Files\EasyPHP 2.0b1 \www\dokuwiki\inc\io.php* on line *97 *Line 97 is the join. So the function is attempting to read a non- existent file. I was just wondering whether there is some difference in the way his PHP version handles the @ operator in: if(@file_exists($file)) That is, is it possible that by suppressing errors, this expression somehow returns true? And is it a bug? Are you sure the file doesn't exist? Could it just be that it exists, but the permissions are not set correctly? Ed -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] file_exists() behind firewall
On 17/06/06, Richard Lynch <[EMAIL PROTECTED]> wrote: I dunno if AJAX will let you quit partway through, but you could definitely do this with the lean and mean hand-coded XmlHttpRequest object and sending HEAD to see if the URL is "there" or not. For security reasons, an XMLHttpRequest objects can only communicate with the originating server. And even if it could, it supports only HTTP (so the PDFs have to be put on a web server behind the firewall). You might want to consider a client-side technology that supports more protocols than just HTTP (e.g a signed Java applet that prompts users for the necessary permissions, ?) if that's not the case (SSH, or even in a database.. ) /ahmed -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] file_exists() behind firewall
I dunno if AJAX will let you quit partway through, but you could definitely do this with the lean and mean hand-coded XmlHttpRequest object and sending HEAD to see if the URL is "there" or not. It will fail, of course, if they run this app from home or anything not behind the firewall. On Fri, June 16, 2006 1:57 am, George Pitcher wrote: > Hi, > > I have several websites that are using a common set of pages (to > reduce > maintenance, development and upgrading) and use configuration files to > give > the customer the feeling that it is their own unique site. The > customers are > all universities and use the sites to manage digitisation and > copyright > permission processes. These sites are all hosted om my company server. > > I would like them to be able to see whether a PDF file hosted by their > universities is available or not. > > Using file_exists($url) won't work because the actual PDFs should be > sitting > behind the universities' firewalls. > > I think that something working on the client-side, such as JavaScript > might > work, because it would be able to look from the client's machine to > the PDF, > both of which should be behind the firewall to the PDF. However, I > haven't > been able to find any js that looks like it will do that for me. > > Does anyone have any constructive suggestions? > > MTIA > > George in Oxford > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] file_exists() behind firewall
At 7:57 AM +0100 6/16/06, George Pitcher wrote: >Hi, > >I have several websites that are using a common set of pages (to reduce >maintenance, development and upgrading) and use configuration files to give >the customer the feeling that it is their own unique site. The customers are >all universities and use the sites to manage digitisation and copyright >permission processes. These sites are all hosted om my company server. > >I would like them to be able to see whether a PDF file hosted by their >universities is available or not. > >Using file_exists($url) won't work because the actual PDFs should be sitting >behind the universities' firewalls. > >I think that something working on the client-side, such as JavaScript might >work, because it would be able to look from the client's machine to the PDF, >both of which should be behind the firewall to the PDF. However, I haven't >been able to find any js that looks like it will do that for me. > >Does anyone have any constructive suggestions? > >MTIA > >George in Oxford George in Oxford: If it were my problem, I wouldn't use js. Instead, I would setup cron scripts at each of the universities, which would scan the PDF folders for PDF files once a day and then send a report (files and urls) to a common dB located at your choice. The common PDF-dB would be a repository for the existence and location of the PDF files and permissions would be granted to those universities and departments wanting to search your PDF-dB. The only requirement here is that each University place it's PDF's in a location that's known to your cron script AND that a password protection scheme be adapted by those wanting to review IF certain PDF's are available. Now, if someone searches your PDF-dB and finds a PDF they want to review, it's a simple matter to link and download the file once the url is known. At least, that's the way I would do it. You may make a contribution to me via PayPal :-) hth's tedd -- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] file_exists() to search for *.xml file with a wild card???
I like this one, the readdir() function. It look very promising. Thanks! Scott F. "Matt M." <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > > I would like to use the file_exists() or something similar to check for the > > existance of any of the xml files regardless of what filename it use. Like > > file_exist("*.xml") for example. Anyone know?? > > http://us3.php.net/readdir > > if ($handle = opendir('/path/to/files')) { > >while (false !== ($file = readdir($handle))) { >$path_parts = pathinfo($file) >if ($path_parts['extension'] == 'xml') { > //xml file >} >} >closedir($handle); > } > ?> -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] file_exists() to search for *.xml file with a wild card???
> I would like to use the file_exists() or something similar to check for the > existance of any of the xml files regardless of what filename it use. Like > file_exist("*.xml") for example. Anyone know?? http://us3.php.net/readdir -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] file_exists() to search for *.xml file with a wild card???
> I would like to use the file_exists() or something similar to check for the > existance of any of the xml files regardless of what filename it use. Like > file_exist("*.xml") for example. Anyone know?? You may use glob(), http://www.php.net/glob Regards, Philip -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] file_exists() to search for *.xml file with a wild card???
Scott Fletcher wrote: I would like to use the file_exists() or something similar to check for the existance of any of the xml files regardless of what filename it use. Like file_exist("*.xml") for example. Anyone know?? Try glob() -- ---John Holmes... Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/ php|architect: The Magazine for PHP Professionals – www.phparch.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] file_exists() to search for *.xml file with a wild card???
[snip] I would like to use the file_exists() or something similar to check for the existance of any of the xml files regardless of what filename it use. Like file_exist("*.xml") for example. Anyone know?? [/snip] Nope, no wildcard. You can only check for a specific file. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] File_exists result cached over a session?
Marek Kilimajer wrote: > Steve Magruder - WebCommons.org wrote: >> File_exists results (and the results from other file-related >> functions) are cached (according to the php doc) during the run of a >> script. For instance, if file_exists returns True for a file once, >> it won't actually test the file again if file_exists is run again >> against the file. >> >> What I need to know is whether this caching works over a session >> (not just during a single script run). >> >> Thanks. > > no Thanks. Does any documentation exist that covers this? -- Steve Magruder www.webcommons.org -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] File_exists result cached over a session?
Steve Magruder - WebCommons.org wrote: File_exists results (and the results from other file-related functions) are cached (according to the php doc) during the run of a script. For instance, if file_exists returns True for a file once, it won't actually test the file again if file_exists is run again against the file. What I need to know is whether this caching works over a session (not just during a single script run). Thanks. no -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] file_exists on different server...
Tristan -- ...and then [EMAIL PROTECTED] said... % % RTFM? % (Sorry, very newbie question) Sort of, yes :-) See The Jargon File at http://catb.org/esr/jargon/ or jump straight to How To Ask Questions The Smart Way http://www.catb.org/~esr/faqs/smart-questions.html for not only a definition but an explantion of RTFM and STFW. These are a couple of the numerous TLAs and FLAs out there with which you will soon, no doubt, become familiar. HTH & HAND (Hope This Helps & Have A Nice Day :-) :-D -- David T-G * There is too much animal courage in (play) [EMAIL PROTECTED] * society and not sufficient moral courage. (work) [EMAIL PROTECTED] -- Mary Baker Eddy, "Science and Health" http://justpickone.org/davidtg/ Shpx gur Pbzzhavpngvbaf Qrprapl Npg! pgp0.pgp Description: PGP signature
Re: [PHP] file_exists on different server...
RTFM? (Sorry, very newbie question) Jason Wong <[EMAIL PROTECTED]> 30/09/2003 12:26 Please respond to [EMAIL PROTECTED] To [EMAIL PROTECTED] cc Subject Re: [PHP] file_exists on different server... On Tuesday 30 September 2003 19:00, [EMAIL PROTECTED] wrote: > I'm referencing an image on a different server, and it keeps changing > URL's > Very odd, but t get round that, I tried... > > if (file_exists("http://www.othersite.com/image_1.gif";)) { > $image_show="http://www.othersite.com/image_1.gif";; > } else { > $image_show="http://www.mysite.com/image_1.gif";; > } > > but it always seems to do the else command, even though I know the file > DOES exist... RTFM Try fopen() or similar instead. -- Jason Wong -> Gremlins Associates -> www.gremlins.biz Open Source Software Systems Integrators * Web Design & Hosting * Internet & Intranet Applications Development * -- Search the list archives before you post http://marc.theaimsgroup.com/?l=php-general -- /* If you are over 80 years old and accompanied by your parents, we will cash your check. */ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php * The information contained in this e-mail message is intended only for the personal and confidential use of the recipient(s) named above. If the reader of this message is not the intended recipient or an agent responsible for delivering it to the intended recipient, you are hereby notified that you have received this document in error and that any review, dissemination, distribution, or copying of this message is strictly prohibited. If you have received this communication in error, please notify us immediately by e-mail, and delete the original message. ***
Re: [PHP] file_exists on different server...
On Tuesday 30 September 2003 19:00, [EMAIL PROTECTED] wrote: > I'm referencing an image on a different server, and it keeps changing > URL's > Very odd, but t get round that, I tried... > > if (file_exists("http://www.othersite.com/image_1.gif";)) { > $image_show="http://www.othersite.com/image_1.gif";; > } else { > $image_show="http://www.mysite.com/image_1.gif";; > } > > but it always seems to do the else command, even though I know the file > DOES exist... RTFM Try fopen() or similar instead. -- Jason Wong -> Gremlins Associates -> www.gremlins.biz Open Source Software Systems Integrators * Web Design & Hosting * Internet & Intranet Applications Development * -- Search the list archives before you post http://marc.theaimsgroup.com/?l=php-general -- /* If you are over 80 years old and accompanied by your parents, we will cash your check. */ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] file_exists() question
on 09/03/03 8:10 AM, Charles Kline ([EMAIL PROTECTED]) wrote: > if(file_exists('cherpdocs/$annrow[id].doc')){ > echo "Funding > details paper"; > } This is a pretty simple debugging type query, so: First things first, make sure that $annrow[id] is what you expect, by echoing it to the screen. "; ?> Then your file_exists() line has to use double quotes, because you're using a variable: file_exists("cherpdocs/$annrow[id].doc") Or better still, clarify exactly what you want by using {braces} or .'s file_exists("cherpdocs/{$annrow[id]}.doc") Or: file_exists("cherpdocs/" . $annrow[id] . ".doc") Same applies to your echo line. Summary, I think you can save yourself a little grief by making the following changes to your code. Personally, I prefer wrapping all vars in {braces} if inside a string. It also includes some minor debugging code, so that you can hunt down the issue. Funding details paper"; } else { echo "The file {$file} did not exist"; } ?> Justin -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] file_exists() question
At 22:40 08.03.2003, Khalid El-Kary said: [snip] >because you can't directly use the $annrow[id] within single quotes, you >should use double quotes to do so. > >file_exists("cherpdocs/$annrow[id].doc") > >or > >file_exists('cherpdocs/'.$annrow[id].'.doc') > >or > >file_exists("cherpdocs/".$annrow[id].".doc") > >Note: i heared it's prefered to always use the "." when including variables >within strings. [snip] Hmm - that's a bit different. 1) You can't use variables in singlequoted strings - these don't get parsed by PHP. 2) You can absolutely use variables in doublequoted strings as these do get parsed. 3) Array indices and object references must be enclosed in curly brackets when used within double quotes to tell PHP what the variable and what the string text is. Example: "cherpdocs/$annrow[id].doc" <== doesn't work correctly "cherpdocs/{$annrow['id']}.doc" <== will work "cherpdocs/$object->docname.doc" <== will not work "cherpdocs/{$object->docname}.doc" <== will work Note that you should quote non-numeric array indices to allow PHP to recognize it's not a defined value. Omitting quotes for index data would trigger a warning (something like 'using unknown identifier id, assuming "id"'). -- >O Ernest E. Vogelsinger (\)ICQ #13394035 ^ http://www.vogelsinger.at/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] file_exists() question
You will probably need to use file_exists("cherpdocs/{$annrow['id']}.doc") you could also use file_exists('cherpdocs/' . $annrow['id'] . '.doc') You should use single quotes to identify your element in an array, otherwise PHP will try to use it as a constant first. Jason On Sat, 2003-03-08 at 14:40, Khalid El-Kary wrote: > because you can't directly use the $annrow[id] within single quotes, you > should use double quotes to do so. > > file_exists("cherpdocs/$annrow[id].doc") > > or > > file_exists('cherpdocs/'.$annrow[id].'.doc') > > or > > file_exists("cherpdocs/".$annrow[id].".doc") > > Note: i heared it's prefered to always use the "." when including variables > within strings. > > Regards, > Khalid Al-Kary > http://creaturesx.ma.cx/kxparse/ > > > > > >Can anyone tell me why this code does not return true when the file in the > >directory cherpdocs/ with the file (which I see as being there) does exist? > > > >if(file_exists('cherpdocs/$annrow[id].doc')){ > > echo "Funding details > >paper"; > > } > > > >This is a path relative to the file calling it, should it be otherwise? > > > >Thanks > >Charles > > > > > >-- > >PHP General Mailing List (http://www.php.net/) > >To unsubscribe, visit: http://www.php.net/unsub.php > > > _ > Add photos to your e-mail with MSN 8. Get 2 months FREE*. > http://join.msn.com/?page=features/featuredemail -- Jason Sheets <[EMAIL PROTECTED]> -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] file_exists() question
because you can't directly use the $annrow[id] within single quotes, you should use double quotes to do so. file_exists("cherpdocs/$annrow[id].doc") or file_exists('cherpdocs/'.$annrow[id].'.doc') or file_exists("cherpdocs/".$annrow[id].".doc") Note: i heared it's prefered to always use the "." when including variables within strings. Regards, Khalid Al-Kary http://creaturesx.ma.cx/kxparse/ Can anyone tell me why this code does not return true when the file in the directory cherpdocs/ with the file (which I see as being there) does exist? if(file_exists('cherpdocs/$annrow[id].doc')){ echo "Funding details paper"; } This is a path relative to the file calling it, should it be otherwise? Thanks Charles -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php _ Add photos to your e-mail with MSN 8. Get 2 months FREE*. http://join.msn.com/?page=features/featuredemail -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] file_exists() question
what does $annrow[id] return? I HAVE found that I have to refer to a file when using file_exists() from / so file_exists("/path/to/me/cherpdocs/filename.doc") for it to work right. Jim - Original Message - From: "Charles Kline" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Saturday, March 08, 2003 1:10 PM Subject: [PHP] file_exists() question > Can anyone tell me why this code does not return true when the file in > the directory cherpdocs/ with the file (which I see as being there) > does exist? > > if(file_exists('cherpdocs/$annrow[id].doc')){ > echo "Funding > details paper"; > } > > This is a path relative to the file calling it, should it be otherwise? > > Thanks > Charles > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] file_exists()
You're right - the example is wrong. Neil Anthony Ritter wrote: > ** > This Message Was Virus Checked With : SAVI 3.58 May 2002 > Last Updated 14th June 2002 > ** > > > I have a question about the PHP function file_exists(): > > This is taken from a textbook entitled "PHP Professional Projects" by > Wilfred, Gupta, Bhatnagar (Premier Press 2002 - ISBN1-931841-53-5) on page > 261 under the chapter titled "Handling Files". > > The authors write... > > "Consider the following code to understand the file_exists() function. > > if (!(file_exists("data.dat"))) > { > echo "The file exists"; > } > else > { > echo "The file does not exist."; > } > > "In the above code, the existence of the file data.dat is being verified > with the help of the statement if (file_exists("data.dat")). > > [End of quote] > . > > What I don't understand is why the author(s) have put the negation symbol of > > ! > > in the preceding code. > > It would seem to follow that in plain English that the above code statement > would read as... > > If the file data.dat does *not* exist - then execute the following > condition which will print to the browser: > "The File exists." > > Huh? > > Please advise. > Thank you. > > Tony Ritter > > > > > > -- Work: [EMAIL PROTECTED] Home: [EMAIL PROTECTED] Web: www.curvedvision.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] file_exists
On 6 May 2002 at 20:30, Craig Westerman wrote: > File is on another server. Is there a way to check if file exists on > another server? I wrote the following function a while ago to do this. It works with http URLs and should also work with https and ftp, but I have only tested http. I hope it's useful to you. function RemoteFileExists($url, $referer) { $url_parts = parse_url($url); if ($url_parts["scheme"] != "http" && $url_parts["scheme"] != "https" && $url_parts["scheme"] != "ftp") { // Don't currently handle shemes other than HTTP and HTTPS, so assume the file exists for now return TRUE; } $ch = curl_init(); $urltoget = $url_parts["scheme"]."://".$url_parts["host"].$url_parts["path"]; if (isset($url_parts["query"])) $urltoget .= "?".$urltoget["query"]; curl_setopt ($ch, CURLOPT_URL, $urltoget); if ($url_parts["scheme"] == "http" || $url_parts["scheme"] == "https") { curl_setopt($ch, CURLOPT_HEADER, 1); curl_setopt($ch, CURLOPT_NOBODY, 1); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); curl_setopt($ch, CURLOPT_REFERER, $referer); } curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); $reply = curl_exec($ch); curl_close($ch); if ($url_parts["scheme"] == "http" || $url_parts["scheme"] == "https") { $result = explode(" ", $reply); $reply = ($result[1] == "200"); } return $reply; } -- Stuart -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] file_exists
Not until 4.3. On Mon, 6 May 2002, Jonathan Rosenberg wrote: > Does fopen() actually work for https connections? I thought this > implementation was not yet released. > > > -Original Message- > > From: Austin Marshall [mailto:[EMAIL PROTECTED]] > > Sent: Monday, May 06, 2002 9:40 PM > > To: Craig Westerman > > Cc: php-general-list > > Subject: Re: [PHP] file_exists > > > > > > Craig Westerman wrote: > > > I found my problem. > > Try fopen() if it fails it will return false, > > otherwise it will return > > an integer file pointer. You get use it to fetch > > files via http://, > > https://, ftp://, and more. > > > > > > > > From manual: > > > "file_exists() will not work on remote files; the > > file to be examined must > > > be accessible via the server's filesystem. " > > > > > > File is on another server. Is there a way to check > > if file exists on another > > > server? > > > > > > Craig ><> > > > [EMAIL PROTECTED] > > > > > > > > > -Original Message- > > > From: Craig Westerman [mailto:[EMAIL PROTECTED]] > > > Sent: Monday, May 06, 2002 7:58 PM > > > To: php-general-list > > > Subject: [PHP] file_exists > > > > > > > > > What am I doing wrong? I get parse error between > > first echo statement and > > > else. > > > > > > Thanks > > > > > > Craig ><> > > > [EMAIL PROTECTED] > > > > > > > > > > > $fn = "image.gif"; > > > if (!file_exists($fn)) { > > > echo ""; > > > else > > > echo ""; > > > } > > > ?> > > > > > > > > > -- > > > PHP General Mailing List (http://www.php.net/) > > > To unsubscribe, visit: http://www.php.net/unsub.php > > > > > > > > > > > > > -- > > PHP General Mailing List (http://www.php.net/) > > To unsubscribe, visit: http://www.php.net/unsub.php > > > > > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] file_exists
On Mon, 6 May 2002, Craig Westerman wrote: > What am I doing wrong? I get parse error between first echo statement and > else. > > $fn = "image.gif"; > if (!file_exists($fn)) { > echo ""; > else > echo ""; > } > ?> You open the brace for the positive branch of the if and then leave it open surrounding the else condition. WRONG: if (condition) { do something; else do something else; } RIGHT: if (condition) { do something; } else { do something else; } As for "finding the problem" with file_exists' limitation to local files, that's a different problem. miguel -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] file_exists
Does fopen() actually work for https connections? I thought this implementation was not yet released. > -Original Message- > From: Austin Marshall [mailto:[EMAIL PROTECTED]] > Sent: Monday, May 06, 2002 9:40 PM > To: Craig Westerman > Cc: php-general-list > Subject: Re: [PHP] file_exists > > > Craig Westerman wrote: > > I found my problem. > Try fopen() if it fails it will return false, > otherwise it will return > an integer file pointer. You get use it to fetch > files via http://, > https://, ftp://, and more. > > > > > From manual: > > "file_exists() will not work on remote files; the > file to be examined must > > be accessible via the server's filesystem. " > > > > File is on another server. Is there a way to check > if file exists on another > > server? > > > > Craig ><> > > [EMAIL PROTECTED] > > > > > > -Original Message- > > From: Craig Westerman [mailto:[EMAIL PROTECTED]] > > Sent: Monday, May 06, 2002 7:58 PM > > To: php-general-list > > Subject: [PHP] file_exists > > > > > > What am I doing wrong? I get parse error between > first echo statement and > > else. > > > > Thanks > > > > Craig ><> > > [EMAIL PROTECTED] > > > > > > > $fn = "image.gif"; > > if (!file_exists($fn)) { > > echo ""; > > else > > echo ""; > > } > > ?> > > > > > > -- > > PHP General Mailing List (http://www.php.net/) > > To unsubscribe, visit: http://www.php.net/unsub.php > > > > > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] file_exists
Craig Westerman wrote: > I found my problem. Try fopen() if it fails it will return false, otherwise it will return an integer file pointer. You get use it to fetch files via http://, https://, ftp://, and more. > > From manual: > "file_exists() will not work on remote files; the file to be examined must > be accessible via the server's filesystem. " > > File is on another server. Is there a way to check if file exists on another > server? > > Craig ><> > [EMAIL PROTECTED] > > > -Original Message- > From: Craig Westerman [mailto:[EMAIL PROTECTED]] > Sent: Monday, May 06, 2002 7:58 PM > To: php-general-list > Subject: [PHP] file_exists > > > What am I doing wrong? I get parse error between first echo statement and > else. > > Thanks > > Craig ><> > [EMAIL PROTECTED] > > > $fn = "image.gif"; > if (!file_exists($fn)) { > echo ""; > else > echo ""; > } > ?> > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] file_exists
I found my problem. >From manual: "file_exists() will not work on remote files; the file to be examined must be accessible via the server's filesystem. " File is on another server. Is there a way to check if file exists on another server? Craig ><> [EMAIL PROTECTED] -Original Message- From: Craig Westerman [mailto:[EMAIL PROTECTED]] Sent: Monday, May 06, 2002 7:58 PM To: php-general-list Subject: [PHP] file_exists What am I doing wrong? I get parse error between first echo statement and else. Thanks Craig ><> [EMAIL PROTECTED] "; else echo ""; } ?> -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] file_exists problems
I've since tried that also. It too seems to return the same error. I'm curious if the file_exists can't use relative positionslike it has to be in the same folder or you have to use the whole line like c:\ I'm working on a box that isn't mine of the net...if that's the case I don't know my full directory line. Just a thought but I'm not sure. I'll include my full code below...as it sits now. Maybe you can see something that I can't. - \n"; echo "ImageInfo\n"; do { //filename is the item number + t.jpg -- t shorthand for thumbnail $picname = "$itemnumber t.jpg"; print (""); //if the file exists then print it. Otherwise print a generic image saying it doesn't exist. if (file_exists ("/images/$picname t.jpt") { print (''); print (" $dn $sp - $val $size : \$$priceRelease: $release Preorder This Item\n"); } else { print (""); print (" $dn $sp - $val $size : \$$priceRelease: $release Preorder This Item\n"); } } while ($myrow = mysql_fetch_array($result)); print ("\n)"; //if no results found display this message } else { echo "Sorry, no records were found!"; } $dn = "$myrow["driver_name"]"; $sp = "$myrow["sponsor"]"; $val = "$myrow["value"]"; $size = "$myrow["size"]"; $price = "$myrow["price"]"; $release = "$myrow["release"]"; $itemnumber = "$myrow[item_number]"; ?> - maybe that will help. -Jordan "Faeton" <[EMAIL PROTECTED]> wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Hello Prolog, > > > Hm... And what about: > print ''; > instead of readfile? > > > P> if(file_exists(/images/$filename)) > P> { > P> readfile(/images/$filename); > P> } > P> else > P> { > P> readfile(images/npat.jpg); > P> } > > > > > Ivan 'Faeton aka xetrix' Danishevsky > ICQ(240266) [EMAIL PROTECTED] www.xemichat.com > ::: Ñòîèò òîëüêî çàîñòðèòü âîïðîñ, êàê ñðàçó ïðîñÿò çàêðóãëÿòüñÿ. ::: > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] file_exists problems
Hello Prolog, Hm... And what about: print ''; instead of readfile? P> if(file_exists(/images/$filename)) P> { P> readfile(/images/$filename); P> } P> else P> { P> readfile(images/npat.jpg); P> } Ivan 'Faeton aka xetrix' Danishevsky ICQ(240266) [EMAIL PROTECTED] www.xemichat.com ::: Ñòîèò òîëüêî çàîñòðèòü âîïðîñ, êàê ñðàçó ïðîñÿò çàêðóãëÿòüñÿ. ::: -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] file_exists bug?
As documented: http://php.net/clearstatcache -Rasmus On Mon, 6 Aug 2001, Ken Williams wrote: > Am I an idiot? > (View this message as text) > > > > $bIsFileOne = is_file("/tmp/test.txt"); # Will be true cause test.txt will > exist > > sleep (5); # Sleep while you telnet in and remove test.txt quickly! > $sTemp = `/bin/rm -R /tmp/test.txt`; # Or just remove it automatically > sleep (5); # Sleep just to be safe > > $bIsFileTwo = file_exists("/tmp/test.txt"); > $bIsFileThree = is_file("/tmp/test.txt"); > ?> > > File1: > File2: > File3: > > File 2 and 3 should show false or 0 cause the file is gone, but they say 1 > just like bIsFileOne! > > > > Linux 2.2.18 > PHP 4.0.6 > > > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] file_exists with remote file???
On Tue, Apr 24, 2001 at 12:20:01AM -0300, Paulo - Bruc Internet wrote: > Can anyone help me? > > The sintax of function file_exists is: > > if(file_exists("t.txt")) > { > print... > } > > Does anybody knows how can work with remote files? > This is not working: > if(file_exists("http://www.ttt.com/t.txt";)) > { > print... > } > > Thanks for any help, > > Paulo Roberto Ens - Brazil > Bruc Sistemas para Internet Ltda > mailto:[EMAIL PROTECTED] > http://www.bruc.com.br > > Diversão ou Cultura? CuritibaWeb.com - O Melhor Guia de Curitiba! > http://www.curitibaweb.com >From the manual.. file_exists() will not work on remote files; the file to be examined must be accessible via the server's filesystem. Try something like this instead: if (($fd = fopen ("http://url/file.ext";, "r"))) { print... } -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] File_exists function question.
Gerry, the following is your problem: you fetch a row from the query result in each iteration: > while ($row = mysql_fetch_array($sql_result)) { and the use the value of $ID. > $fn = "/images/$ID.jpg"; you need to fetch the value of the ID column into the ID variable before. Assuming your select looks like the following: select ID, description, blah from images; you need to do something like $ID = $row[0]; $description = $row[1]; $blah = $row[2]; Or you just change your while condition to while( list( $ID, $description, $blah ) = mysql_fetch_row( $result ) ) { Cheers, Ben Gerry wrote: > > Hello again: > > Ben Peter wrote: > > > > Gerry, > > > > could you give us a bit more code, esp. the while or for loop that > > surrounds the code you have quoted? > > > > Cheers, > > Ben > > Sorry for the confusion, and yes I did mispelled camera in english. Here > is more of my sloppy code. I might have an extra }...not sure though > since I have anther couple of "ifs" above it. the code works fine, but > not the "(!$file_exists)" part since it seams it is not checking and it > gives the same result all over the table--"no image". I did change > things as suggested I think, but stll get the same thing. > > echo" width=\"100%\" bgcolor=\"ff\"\n>"; > echo"/n"; > > while ($row = mysql_fetch_array($sql_result)) { > > echo"/n"; > echo $row["name"]; > echo "\n"; > echo"/n"; > echo $row["Color"]; > echo "\n"; > echo""; > echo $row["Size"]; > echo "\n"; > echo" "; > echo""; > if (!file_exists($fn)) { > echo "not working yet"; > } else { > echo'http://site.com/images/camera.gif\">'; > clearstatcache(); > } > echo""; > } > echo""; > } > > -- > Gerry Figueroa > -- - - - --* > War does not determine who is right, war determine who is left. > > |XXX|--^|XX| > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] File_exists function question.
Hello again: Ben Peter wrote: > > Gerry, > > could you give us a bit more code, esp. the while or for loop that > surrounds the code you have quoted? > > Cheers, > Ben Sorry for the confusion, and yes I did mispelled camera in english. Here is more of my sloppy code. I might have an extra }...not sure though since I have anther couple of "ifs" above it. the code works fine, but not the "(!$file_exists)" part since it seams it is not checking and it gives the same result all over the table--"no image". I did change things as suggested I think, but stll get the same thing. echo""; echo"/n"; while ($row = mysql_fetch_array($sql_result)) { echo"/n"; echo $row["name"]; echo "\n"; echo"/n"; echo $row["Color"]; echo "\n"; echo""; echo $row["Size"]; echo "\n"; echo" "; echo""; $fn = "/images/$ID.jpg"; if (!file_exists($fn)) { echo "not working yet"; } else { echo'http://site.com/images/camera.gif\">'; clearstatcache(); } echo""; } echo""; } -- Gerry Figueroa -- - - - --* War does not determine who is right, war determine who is left. |XXX|--^|XX| -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] File_exists function question.
Gerry, could you give us a bit more code, esp. the while or for loop that surrounds the code you have quoted? Cheers, Ben Gerry wrote: > > Hello everyone: > > I'm trying to build a table with the last row being a check function for > an image, where it checks if the item image exists in the image > directory and either echos "no image" or places a small icon of > something (I guess you could say Ebay style). > > The problem is that the fuction checks for an image matching the first > row item id and then it copies the same result to the remaning item > rows weather they have images or not. I read that I could use the > clearstatcache() to clear the cache and start again but there must be > something wrong with the way I persive the use of this. > > this is the code: > > $fn = "directory/images/$id.gif"; > if (!file_exists($fn)) { > echo "no image"; > } else { > echo""; > > clearstatcache(); > } > > Could anyone that sees what's wrong with this drop me a line? > > Thanks in advance: > -- > Gerry Figueroa > -- - - - --* > War does not determine who is right, war determine who is left. > |XXX|-^|XX| > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] file_exists search the include_path?
It doesn't. Some of the file-related functions have that capability and some don't. This may be what you're looking for: function file_exists_in_path($file) { foreach(split(':', ini_get('include_path')) as $dir) { if ($dir[sizeof($dir)-1] != '/') { $dir.='/'; } if (file_exists($dir.$file)) { return TRUE; } } return FALSE; } On Thu, 25 Jan 2001, Dean Hall wrote: > I thought I saw in one of the older manuals that there is an optional second >parameter to 'file_exists' that will tell it too search the 'include_path' for a file >instead of using an absolute path. However, I can't seem to find this documentation >any more. > > Does anyone know if this still works? How it works? If it's just a second boolean >parameter or what? > > In other words, instead of: > > if (file_exists("/www/inc/my_script.php")) {...} > > I'd like to say: > > if (file_exists("my_script.php", TRUE)) {...} // or something like this > > assuming "/www/inc" is part of my include_path. > > Thanks. > Dean. > -- John Donagher Application Engineer Intacct Corp. - Powerful Accounting on the Web 408-395-0989 720 University Ave. Los Gatos CA 95032 www.intacct.com -BEGIN PGP PUBLIC KEY BLOCK- Version: GnuPG v1.0.1 (GNU/Linux) Comment: For info see http://www.gnupg.org mQGiBDnCZ1oRBACFgkFCV6p3dWic1qm1FLhip5beIyzZSt+ccTDYQQdPZA/t5H+k PZ7ZFBIUrXz/oEqwQwlEKlg8JQqg7hgtcL+xrIJ0BInLeSJG4lvvB551g59Thr7/ OsdxNVxKci775+K+GkdAz4xcULMuB+QE7t665Ri46EAS8ALos5UG6DGmhwCguD0v 1cxwy/KlKr+oi4sWM9caueED/RmjiSD3vmBZQt6PMisVe1AmkEf6cJoemduCSJxu 0eMz/LIeu+CqfpuJH2N/dZ3hRj9xMSHF4l71wKqV99zhm58kDGwG1u3yVzULPDqz 0yL+8nunlkoOUyn3zOnh3Zmz4POFVMZQ5oian3QkLllUwly5JCi5tWULxZ2vOkb0 zzjuA/4jigNxYV4NAyCl+wAbnyzk9/Iz8EHv4/0Ex8ytlcMtvBJKa9HjJxlyIl74 yOILHk3+GSAdM0b3ZmbavpoCpebinOMBhqEVBwCI4VUIAqf86gx+2dKBGxfKPnU4 Xxvqs/BOl/EbeJjyd4uieYndGRaWg+kYXqZ7SxrlFN24fohnd7QgSm9obiBEb25h Z2hlciA8am9obkB3ZWJtZXRhLmNvbT6IVgQTEQIAFgUCOcJnWgQLCgQDAxUDAgMW AgECF4AACgkQIt6tVu6+jd3SHwCgjssFktMXf8NjE9JBR+sJ2gDIsW8An0CFNdFd dU+DJYC6ogYP9AsVfM27uQENBDnCZ2MQBAD8E0qe1gBKjtoRmyiyORtwhOz/2XZE mqiZN2NouAUWRRZd4dHggFAA1jUsp2MVIZZQyY9ajNVy3Oaxj5kYz8LR5GItxxcD jC8RFXKM40ZfTJeR7fH6eJa689w+le71Tt4ALyN4xcjSWuksr8795AhHFjonDi8D rgGIq6GtWvi/KwADBgQAmeBbcjPzhqR2M8TdvEyNfVTQSSp/RNoTjNNWpHui8V0p kiQ49tbsqeMjXGToGgMugfmrX77JidXyuVjgYjT9xUdaaA25qKAR75M9izDliT7Y h5L+QZTAw0/5X9go7XK3WI3LYfFrp4TP0veXgSWxDqccqsRzWKW7IoXsliTCbVqI RgQYEQIABgUCOcJnYwAKCRAi3q1W7r6N3YIcAKCkJMTPLu6tOPnXPl2s3xmnSawy BACeOx83WlBhVScYWo+BUzntJ6ks4T0= =OkJU -END PGP PUBLIC KEY BLOCK- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]