Solved

PHP and Perl function in a PHP page

Posted on 2008-06-16
13
258 Views
Last Modified: 2012-05-05
Hi guys.
Last question on this type so sorry if im getting boring :>)
Im not sure if I need to use php AND perl to do this, but hopefully you guys will know.
I have php files that follow the SAME naming standard that I have defined.

-------------
Examples:
-------------
192.168.2.100/simeswiki/menu4_it_hware_dell_focusHERE.php
192.168.2.100/simeswiki/menu4_it_auditing_disk_focusHERE.php
192.168.2.100/simeswiki/menu4_it_hware_hp_focusHERE.php
192.168.2.100/simeswiki/menu4_it_scripting_vbscript_focusHERE.php

------------------------
Naming Convention:
------------------------
So, in the above, the standard is, is that anything after menu4 and delimited by an underscore, is a folder on disk, except the last bit, which is 'focusHERE.php', which is common to all pages, along with menu4.
So, for example, for 192.168.2.100/simeswiki/menu4_it_auditing_disk_focusHERE.php,
there will be a folder structure as follows..    /simeswiki/it/auditing/disk

--------------------------
Reason for Question:
--------------------------
Within each php file above, I have 2 divs that each build an iframe.
Currently im hardcoding this path to the iframe.
But because the path to the iframe follows the SAME naming standard as the php filename that houses them, id like to build a string in place of the hardcoded paths to make life easier.

I have attached a screendump of what im trying to and the sequence i think i need.
I hope this helps.

Also the below php file is basically what I have, as contents for many php files at the moment.
They are all located in /var/www/html/simeswiki

The only other locations that are important are:

/cgi-bin
which has
filechucker_prefs.cgi
and
filechucker.cgi

---------------
SUMMARY:
---------------
A || Create a php or perl function that does the following.......
__________________________________________________
1) Get the filename from the currently viewed php page
2) Manipulate this filename so that
(i) The first chars up to and including the first underscore of the filename are removed
(ii) Chars starting from the end, up to and including the last underscore, are removed
(iii) The underscores will be replaced by forward slashes
(iv) /simeswiki will be contatenated with the result
(v) $folderpath = '/simeswiki/ . <result of steps (i) --> (iv)   eg. '/simeswiki/it/hware/dell';

B || Create a perl or php function that does the following...
__________________________________________________
1) Has access to the value of $folderpath above in the current php page.
2) It then, reads the contents of the file /cgi-bin/filechucker_prefs.cgi, and searches for the following string:

# ooPLACEHOLDERoo #               <------- Search for this line
$PREF{uploaded_files_dir} = '/simeswiki';    <--------- This is the next line after # --PLACEHOLDERoo

3) Once it finds the above string, the function would:
(i) Remove the contents of the very next line after # ooPLACEHOLDERoo #
(ii) Replace that line it just cleared with the following..
$PREF{uploaded_files_dir} = '<the_value_returned_from_$folderpath>;

For example, it might now look like below...

$PREF{uploaded_files_dir} = '/simeswiki/it/hware/dell';

4) The above cgi file is saved and closed, then continuing on with the php page code..
(i)  2 divs are formed, each containing an iframe as below...

                        <iframe src = "/cgi-bin/filechucker.cgi?>" width="490px" height="650px"> </iframe>
                </div>

                <div id="download" style="position:fixed">
                        <iframe src = "/cgi-bin/filechucker.cgi?action=listfiles" width="750px" height="650px"> </iframe>
                </div>
(ii) Because the earlier function updated the value of $PREF{uploaded_files_dir} with $folderpath, when the iframes are displayed, it will show a different folder path to upload to based on all of the above actions.

I hope all this makes sense.

Any help greatly appreciated as always :>)

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.oxhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">

<head><!-- Put IE into quirks mode -->

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<link rel="stylesheet" type="text/css" href="includes/menu.css" />

<?php

include("includes/sitewide.php");

?>

<title><?php echo $title ?></title>

</head>

 

 

<body>

 

 

<div id="container">

 

        <div id="titlecontent">

                <h1><?php echo $title ?></h1>

                <h4><script src="includes/function_date.js"></script></h4>

        </div>

 

        <div id="maincontent">

 

 

                <div id="upload" style="float:left" margin:0; padding:0;>

                        <iframe src = "/cgi-bin/filechucker.cgi?>" width="490px" height="650px"> </iframe>

                </div>

 

                <div id="download" style="position:fixed">

                        <iframe src = "/cgi-bin/filechucker.cgi?action=listfiles" width="750px" height="650px"> </iframe>

                </div>

        </div>

</div>

 

</body>

</html>

Open in new window

requirements.jpg
0
Comment
Question by:Simon336697
  • 9
  • 4
13 Comments
 
LVL 49

Expert Comment

by:Roonaan
ID: 21792054
Hi,

Part A:

function getFolderPath($filename) {
   $fileparts = explode('_', $filename);
   return '/simeswiki/'.implode(array_slice($fileparts, 1, count($fileparts)-2));
}

So

$folderpath = getFolderPath($_SERVER['SCRIPT_FILENAME']);

Then part B:
$lines = file('/cgi-bin/filechucker_prefs.cgi');
foreach($lines as $index => $line) {
  if(trim($line) == '# ooPLACEHOLDERoo#') {
     $lines[$index+1] = '$PREF{uploaded_files_dir} = \''.$folderpath."'\n";
     break;
  }
}

$f = fopen('/cgi-bin/filechucker_prefs.cgi','w');
fwrite($f, implode('', $lines));
fclose($f);

Kind regards

-r-

0
 
LVL 1

Author Comment

by:Simon336697
ID: 21798212
Hi Roonaan,
Thanks so much for your help.

When I load your code into my php page, im getting the following message....

<b>Warning</b>:  fopen(/var/www/cgi-bin/filechucker_prefs.cgi) [<a href='function.fopen'>function.fopen</a>]: failed to open stream: Permission denied in <b>/var/www/html/simeswiki/menu4_it_hware_dell_focusHERE.php</b> on line <b>38</b><br />
<br />
<b>Warning</b>:  fwrite(): supplied argument is not a valid stream resource in <b>/var/www/html/simeswiki/menu4_it_hware_dell_focusHERE.php</b> on line <b>39</b><br />
<br />
<b>Warning</b>:  fclose(): supplied argument is not a valid stream resource in <b>/var/www/html/simeswiki/menu4_it_hware_dell_focusHERE.php</b> on line <b>40</b><br />

=================== What I have done...
my /var/www/cgi-bin
This folder and all files within have a chmod 0777, so I dont know why Im getting a permission denied here.

Line 38 of my code is...

     38 $f = fopen('/var/www/cgi-bin/filechucker_prefs.cgi','w');
     39 fwrite($f, implode('', $lines));
     40 fclose($f);


 <?php
 

 function getFolderPath($filename) {

    $fileparts = explode('_', $filename);

    return '/simeswiki/'.implode(array_slice($fileparts, 1, count($fileparts)-2));

 }
 

 ?>
 

 <?php

 // Part A:

 //Get the folderPath variable for input into /cgi-bin/filechucker_prefs.cgi

 $folderpath = getFolderPath($_SERVER['SCRIPT_FILENAME']);

 ?>
 

 <?php

 // Part B:

 // With $folderpath, replace in /cgi-bin/filechucker_prefs.cgi
 

 $lines = file('/var/www/cgi-bin/filechucker_prefs.cgi');

 foreach($lines as $index => $line) {

   if(trim($line) == '# ooPLACEHOLDERoo #') {

      $lines[$index+1] = '$PREF{uploaded_files_dir} = \''.$folderpath."'\n";

      break;

   }

 }
 

 $f = fopen('/var/www/cgi-bin/filechucker_prefs.cgi','w');

 fwrite($f, implode('', $lines));

 fclose($f);
 

 ?>

Open in new window

0
 
LVL 1

Author Comment

by:Simon336697
ID: 21798316
Here are my permissions....

[root@localhost cgi-bin]# ls -ltra filechucker.cgi
-rwxrwxrwx 1 root root 370997 Jun 10 18:13 filechucker.cgi
[root@localhost cgi-bin]# ls -ltra filechucker_prefs.cgi
-rwxrwxrwx 1 root root 151466 Jun 17 08:43 filechucker_prefs.cgi
[root@localhost cgi-bin]#


0
 
LVL 1

Author Comment

by:Simon336697
ID: 21798355
Roonaan,

I pointed my php page to a different file, a text file called 'hi.txt', and place hi.txt into the same folder as where the php page is, just to see what would happen.
Here is the result, with the attached code Im using.
It looks like the cgi-bin folder is the problem?
Also, the $folderPath is not inserting forward slashes.

So instead of

   12 $PREF{uploaded_files_dir} = '/simeswiki/it/hware/dell'

Im getting..

   12 $PREF{uploaded_files_dir} = '/simeswiki/ithwaredell'

======================= http://192.168.2.100/simeswiki/menu4_it_hware_dell_focusHERE.php

<?php

function getFolderPath($filename) {
   $fileparts = explode('_', $filename);
   return '/simeswiki/'.implode(array_slice($fileparts, 1, count($fileparts)-2));
}

?>

<?php
// Part A:
//Get the folderPath variable for input into /cgi-bin/filechucker_prefs.cgi
$folderpath = getFolderPath($_SERVER['SCRIPT_FILENAME']);
?>

<?php
// Part B:
// With $folderpath, replace in /cgi-bin/filechucker_prefs.cgi

// $lines = file('/var/www/cgi-bin/filechucker_prefs.cgi');

$lines = file('hi.txt');
foreach($lines as $index => $line) {
  if(trim($line) == '# ooPLACEHOLDERoo #') {
     $lines[$index+1] = '$PREF{uploaded_files_dir} = \''.$folderpath."'\n";
     break;
  }
}

// $f = fopen('/var/www/cgi-bin/filechucker_prefs.cgi','w');

$f = fopen('hi.txt','w');
fwrite($f, implode('', $lines));
fclose($f);

?>

========================================================= hi.txt
This file gets updated by your code function, but the forward slashes are not there..

myabe


sss


s



# ooPLACEHOLDERoo #
$PREF{uploaded_files_dir} = '/simeswiki/ithwaredell'


sds

sdf

============================================ View Source for php page.
No errors in here.


0
 
LVL 1

Author Comment

by:Simon336697
ID: 21798460
If i change my code to point to hi.txt in the cgi-bin folder, albeit with chmod 0777 on hi.txt, i get a permission denied
0
 
LVL 1

Author Comment

by:Simon336697
ID: 21798463
Is this an apache configuration issue with the cgi-bin folder?
0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 
LVL 49

Expert Comment

by:Roonaan
ID: 21801034
return '/simeswiki/'.implode(array_slice($fileparts, 1, count($fileparts)-2));
Should be
return '/simeswiki/'.implode('/', array_slice($fileparts, 1, count($fileparts)-2));

As to the cgi file. I am a bit confused about having a single cgi file for all your webpages. Shouldn't there be a specific one for each php url? Otherwise no two people can use the application at the same time.
0
 
LVL 1

Author Comment

by:Simon336697
ID: 21801114
Hi Roonaan,
Mate you have been so helpful.
Thanks for the above.
Ive got it writing now to the cgi-bin folder so your code is working fantastic!

The only thing is, that when it writes to the file, the format is below....

$PREF{uploaded_files_dir} = '/simeswiki/it/hware/dell;'

Its getting a semicolon BEFORE the last quote, instead of what it should be which is below.

$PREF{uploaded_files_dir} = '/simeswiki/it/hware/dell';

Here is the code im using....

The reason im using the one cgi file is because I will be the only user, and its to change the folderpath for a php page that im currently viewing.




 <?php
 

 function getFolderPath($filename) {

    $fileparts = explode('_', $filename);

    return '/simeswiki/'.implode('/',array_slice($fileparts, 1, count($fileparts)-2));

 }
 

 ?>
 

 <?php

 // Part A:

 //Get the folderPath variable for input into /cgi-bin/filechucker_prefs.cgi

 $folderpath = getFolderPath($_SERVER['SCRIPT_FILENAME']);

 ?>
 

 <?php

 // Part B:

 // With $folderpath, replace in /cgi-bin/filechucker_prefs.cgi
 

 // $lines = file('/var/www/cgi-bin/filechucker_prefs.cgi');
 

 $lines = file('/var/www/cgi-bin/hi.txt');

 foreach($lines as $index => $line) {

   if(trim($line) == '# ooPLACEHOLDERoo #') {

      $lines[$index+1] = '$PREF{uploaded_files_dir} = \''.$folderpath."'\n";

      break;

   }

 }
 

 // $f = fopen('/var/www/cgi-bin/filechucker_prefs.cgi','w');
 

 $f = fopen('/var/www/cgi-bin/hi.txt','w');

 fwrite($f, implode('', $lines));

 fclose($f);
 

 ?>

Open in new window

0
 
LVL 49

Expert Comment

by:Roonaan
ID: 21801143
I can't say I see where the cemi colon is coming from strangely enough.

Can you do an echo of the folderpath and see if the semi colon is in there?

echo  $folderpath;
0
 
LVL 1

Author Comment

by:Simon336697
ID: 21801154
Roonaan, no wonder youre a genius....that was my mistake........i tinkered and that is why the semicolon was there.
Your code was great..
This is what your code currently gives.....

$PREF{uploaded_files_dir} = '/simeswiki/it/hware/dell'

So it just doesnt put a semicolon at then end, which is what it needs :>) as follows...

$PREF{uploaded_files_dir} = '/simeswiki/it/hware/dell';
0
 
LVL 49

Accepted Solution

by:
Roonaan earned 500 total points
ID: 21801161
Change
$lines[$index+1] = '$PREF{uploaded_files_dir} = \''.$folderpath."'\n";
To
$lines[$index+1] = '$PREF{uploaded_files_dir} = \''.$folderpath."';\n";
0
 
LVL 1

Author Comment

by:Simon336697
ID: 21801176
YOURE A GENIUS!!!!!!

Thanks so much Roonaan.........THAT DID IT...

Thanks so much for your great help mate.
0
 
LVL 1

Author Comment

by:Simon336697
ID: 21801187
Roonaan, just to let you know mate...the issue with my cgi-bin folder with permission denied messages originally was because my redhat box was running selinux in enforcing mode.

I found this out by typing:
#getenforce
Enforcing
I then set this to:
#setenforce 0
then
#getenforce
Permissive

Loaded the page and I could then write to this folder.

Thanks so much for your help
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

These days socially coordinated efforts have turned into a critical requirement for enterprises.
Nothing in an HTTP request can be trusted, including HTTP headers and form data.  A form token is a tool that can be used to guard against request forgeries (CSRF).  This article shows an improved approach to form tokens, making it more difficult to…
The viewer will learn how to dynamically set the form action using jQuery.
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now