...

View Full Version : what am i doing wrong?



itsabilly
06-24-2010, 11:56 PM
Hello all, I seem to have a problem with a php script, it will run on my site,
but others sites it will not, I can not get it to work on xampp nor MAMP, so
im assuming the php script is not coded correctly, I'm still learning php, and
any pointers you can give would be great.

It's basically a php script to alter between css/skins...

the php script:


<?php setcookie ('sitestyle', $set, time()+31536000); header("Location: $HTTP_REFERER"); ?>

and the code within w/e page:


<link rel="stylesheet" type="text/css" media="screen" title="nav" href="<?php echo
(!$sitestyle)?'style/defaultstyle':$sitestyle ?>.css">

<link rel="alternate stylesheet" type="text/css" media="screen" title="user1" href="style/user1.css">
<link rel="alternate stylesheet" type="text/css" media="screen" title="user2"
</head>

<body>
<ul>
<li><a href="csscontrol.php?set=style/default">default</a></li>
<li><a href="csscontrol.php?set=style/user1">black/white</a></li>
<li><a href="csscontrol.php?set=style/user2">white/black</a></li>

when checking my php logs, it tells me undefined variable and seems to have an issues with the HTTP_REFERER, and the function sitestyle.

Is there a better way to code this? Am I missing something, maybe using
outdated php code, or wrong constants/functions?


thanks

bill

Fou-Lu
06-25-2010, 12:13 AM
You are relying on a deprecated directive called register_globals. As of 4.2.0+ it has been disabled by default, by 5.3.0 it has been officially deprecated (yay!), and is expected that 6.0.0 will be removed (ftw :D).

Fix by changing three things:

$HTTP_REFERER should be $_SERVER['HTTP_REFERER']
Same script, I don't know where $set comes from. If its in the URL, use $_GET['set'].
$sitestyle needs to be extracted into that variable. Best to do it this way since then its nice and easy to refer back to it:


<?php
// maybe you have some stuff here already, this just needs to go before $sitestyle is ever used. Also, best to choose a default when you can.
$sitestyle = isset($_COOKIE['sitestyle']) ? $_COOKIE['sitestyle'] : ''; // In the '', you can put your default.

// and some stuffs.
?>
<link rel="stylesheet" type="text/css" media="screen" title="nav" href="<?php echo
(!$sitestyle)?'style/defaultstyle':$sitestyle ?>.css">

<link rel="alternate stylesheet" type="text/css" media="screen" title="user1" href="style/user1.css">
<link rel="alternate stylesheet" type="text/css" media="screen" title="user2"
</head>

<body>
<ul>
<li><a href="csscontrol.php?set=style/default">default</a></li>
<li><a href="csscontrol.php?set=style/user1">black/white</a></li>
<li><a href="csscontrol.php?set=style/user2">white/black</a></li>



That should do it.

itsabilly
06-25-2010, 01:12 AM
Hmm, still seem to be getting errors.... heres what I have so far...



<?php $sitestyle = isset($_COOKIE['sitestyle']) ? $_COOKIE['sitestyle'] : 'defaultstyle'; ?>

<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>

<title>Internet Helpdesk 2.0</title>
<link rel="stylesheet" type="text/css" media="screen" title="nav" href="<?php echo
(!$sitestyle)?'style/defaultstyle':$sitestyle ?>.css">

<link rel="alternate stylesheet" type="text/css" media="screen" title="user1" href="style/user1.css">
<link rel="alternate stylesheet" type="text/css" media="screen" title="user2" href="style/user2.css">
<link rel="alternate stylesheet" type="text/css" media="screen" title="user3" href="style/user3.css">
<link rel="alternate stylesheet" type="text/css" media="screen" title="user4" href="style/user4.css">
<link rel="alternate stylesheet" type="text/css" media="screen" title="user5" href="style/user5.css">
</head>

I added the php string as you mentioned, when you say default, do you mean the default css? with file ext. or the title/call name defaultstyle?

here is the php...


<?php setcookie ('sitestyle', $set, time()+31536000); header($_SERVER['HTTP_REFERER']); ?>

I tried removing the $set statement with out any resolve, I added the $_SERVER[HTTP_REEFER] but I received various errors, so I removed the
header("Location: that receded it and I am presented with a blank page.


The error I receive...



Parse error: syntax error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING in /home/bnale/public_html/web/csscontrol.php on line 1

Fou-Lu
06-25-2010, 01:39 AM
Location is required. Use this: header("Location: {$_SERVER['HTTP_REFERER']}");.
Thats my bad I should have paid closer attention to your code. This is what I mean by default


$sitestyle = isset($_COOKIE['sitestyle']) ? $_COOKIE['sitestyle'] : 'style/defaultstyle';

Then, change the href in link to


<link rel="stylesheet" type="text/css" media="screen" title="nav" href="<?php echo $sitestyle; ?>.css">

itsabilly
06-25-2010, 04:19 AM
hmm, Im still getting error:


T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING

I have for csscontrol.php:


<?php setcookie ('sitestyle', $_GET['set'], time()+31536000); header("Location: ($_SERVER['HTTP_REFERER'])"); ?>

And for my html/php page I have:


<?php $sitestyle = isset($_COOKIE['sitestyle']) ? $_COOKIE['sitestyle'] : 'style/defaultstyle'; ?>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>

<title>Internet Helpdesk 2.0</title>

<link rel="stylesheet" type="text/css" media="screen" title="default" href="<?php echo $sitestyle; ?>.css">

<link rel="alternate stylesheet" type="text/css" media="screen" title="user1" href="style/user1.css">
<link rel="alternate stylesheet" type="text/css" media="screen" title="user2" href="style/user2.css">
<link rel="alternate stylesheet" type="text/css" media="screen" title="user3" href="style/user3.css">
<link rel="alternate stylesheet" type="text/css" media="screen" title="user4" href="style/user4.css">
<link rel="alternate stylesheet" type="text/css" media="screen" title="user5" href="style/user5.css">
</head>

<body>

if we have the sitestyle declared at the top now, what good is the other php/script, I know I have to have the HTTP_REFERER, but what does the
sitestyle and cookie reference do on the csscontrol?


thanks,

bill

itsabilly
06-25-2010, 04:27 AM
I forgot the {} on:


<?php setcookie ('sitestyle', $_GET['set'], time()+31536000); header("Location: {$_SERVER['HTTP_REFERER']}"); ?>

and it is now working, but if you could explain how the script you had me add
to the top of html/php works and how the same setcookie, and sitestyle works
one the external, I understand what a function is and a class, but how they
play with each other here, would be greatly appreciated!

Thanks, for your help!

Fou-Lu
06-25-2010, 04:49 PM
Register_globals was a terrible idea that was added many years ago. Essentially, it pulls any known user supplied data from ENV (environment), GET (url), POST (posted from a form), COOKIE (given to us by a client), SESSION (generated by us) and promotes them to a global scope for immediate use.
That is what you were using when referring to $set, $sitestyle, and $HTTP_REFERER. These came from $_GET['set'], $_COOKIE['sitestyle'], and $_SERVER['HTTP_REFERER'].
Nowadays, we control these by extracting them manually from each of these superglobals (arrays that span any scope in a script).
The threat with this is as follows, these are generally mistakes made by new developers, particularily ones whom have come from either non-strict language backgrounds or starting with PHP:


<?php
// Register_globals are on in here.
// $some_control is passed from GET
$some_control = $_GET['some_control'];

if ($some_control == 'home') // Something nice and simple
{
$fileToOpen = '/location/to/some/file/';
}

$fh = fopen($fileToOpen, 'rw');
...

Now, with register_globals off if $some_control has not been set or does not match 'home', fopen will fail with an unable to open file. On the other hand, should $fileToOpen variable name be known and register_globals are enabled, a user can skip the some_control in their url, and pass a custom fileToOpen variable '/etc/shadow' for example. This is very bad. This can be corrected by initializing all variables prior to use.

This here:


<?php setcookie ('sitestyle', $_GET['set'], time()+31536000); header("Location: {$_SERVER['HTTP_REFERER']}"); ?>

Was modified to add a cookie value for the 'set' from GET, and 'HTTP_REFERER' from SERVER.

This was added (also, I just noticed that you had a ternary in use with the original anyway. Meh):


$sitestyle = isset($_COOKIE['sitestyle']) ? $_COOKIE['sitestyle'] : 'style/defaultstyle'; ?>

To set a $sitestyle from either a provided cookie value or default to style/defaultstyle. This is ternary operation: (condition) ? true : false.

Another potentially better solution is to simply use sessions for this. Sessions are more reliable than cookies since they can be passed through get when not in use:


<?php
session_start();
if (isset($_GET['set']))
{
$_SESSION['sitestyle'] = $_GET['set'];
}
header('Location: ' . $_SERVER['HTTP_REFERER']);
exit
?>


And


<?php
session_start();
$sitestyle = 'style/defaultstyle';
if (isset($_SESSION['sitestyle']) && !empty($_SESSION['sitestyle']))
{
if (file_exists(dirname(__FILE__) . '/' . $_SESSION['sitestyle'] . '.css'))
{
$sitestyle = $_SESSION['sitestyle'];
}
}
?>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>

<title>Internet Helpdesk 2.0</title>

<link rel="stylesheet" type="text/css" media="screen" title="default" href="<?php echo $sitestyle; ?>.css">

<link rel="alternate stylesheet" type="text/css" media="screen" title="user1" href="style/user1.css">
<link rel="alternate stylesheet" type="text/css" media="screen" title="user2" href="style/user2.css">
<link rel="alternate stylesheet" type="text/css" media="screen" title="user3" href="style/user3.css">
<link rel="alternate stylesheet" type="text/css" media="screen" title="user4" href="style/user4.css">
<link rel="alternate stylesheet" type="text/css" media="screen" title="user5" href="style/user5.css">
</head>

<body>


Even better would be to use an integer to control your style, and lookup what style is in use. Always be cautious with user supplied data; rule of thumb: never trust your users.

itsabilly
07-01-2010, 08:05 PM
I appreciate all your help Fou-Lu., and while your last post is certainly interesting, this wiki/site will only be accessed by a mer 20 people, so security
with php in question is not something I'm concerned about. I have the site
working great, and once I get the chance will post it so you can see the final
piece, I just ran into once issue, I cant get the style/defaultstyle to load by
default once the site is first visited, the cookies and skins work great, its
just getting the default skin to load on first visit...

I have tried altering the code for the stylesheet...

What you previously suggested:


<link rel="stylesheet" type="text/css" media="screen" title="default" href="<?php echo $sitestyle; ?>.css">

one of the various things I have tried


<link rel="stylesheet" type="text/css" media="screen" title="default" href="<?php echo
(['styles/navstyle':$sitestyle]) ?>.css">


actual default code that works w/out defaultstyle loading on visit:


<?php $sitestyle = isset($_COOKIE['sitestyle']) ? $_COOKIE['sitestyle'] : 'style/defaultstyle'; ?>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>

<title>Internet Helpdesk 2.0</title>

<link rel="stylesheet" type="text/css" media="screen" title="default" href="<?php echo $sitestyle; ?>.css">

<link rel="alternate stylesheet" type="text/css" media="screen" title="user1" href="style/user1.css">
<link rel="alternate stylesheet" type="text/css" media="screen" title="user2" href="style/user2.css">
<link rel="alternate stylesheet" type="text/css" media="screen" title="user3" href="style/user3.css">
<link rel="alternate stylesheet" type="text/css" media="screen" title="user4" href="style/user4.css">
<link rel="alternate stylesheet" type="text/css" media="screen" title="user5" href="style/user5.css">
</head>

<body>
<div id="nav">


Am I going about the right way, including code in the style rel? or should I
include this code in the php string above?


thanks,

bill

Fou-Lu
07-07-2010, 03:53 AM
Sorry, kinda overlooked your reply. I'll take a look tomorrow when I get to a pc.
In the meantime you can try this: <?php $sitestyle = isset($_COOKIE['sitestyle']) && !empty($_COOKIE['sitestyle']) ? $_COOKIE['sitestyle'] : 'style/defaultstyle'; ?>
As well, ensure you check the generated source, if it shows a value for that href, php is happy and the fault is the href path.
You should also consider using sessions instead of cookies. The are easier and more reliable.



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum