FRIHOST FORUMS SEARCH FAQ TOS BLOGS COMPETITIONS
You are invited to Log in or Register a free Frihost Account!


Show PHP Code





yule
Hello all,

Some websites like php.net allow you to see there source code. Well here is how you can do it on your website. It is very simple and give syntax higlighting and all. Just use the following code to show the source code of a file on your website.

Code:

<?php
show_source("filename.php");
?>



Then just save the file to your webserver and try it out. It should hilight all the PHP code and of course show the code. Enjoy!
izcool
The other alternative to that is by renaming the page to ".phps" (PHP Source). It highlightes the syntax in colors for easy reading. I believe you have to add a new Apache module and enable it in the PHP configuration for it to work properly. Confused

- Mike.
jajarvin
Show the source of the current file:
Code:
<?php

  $a = 5;
  $b = 4;
  $c = $a + $b;
  echo $c;

  show_source(__FILE__);
?>
codersfriend
You can also use Syntax Highlighter
http://alexgorbatchev.com/SyntaxHighlighter/
Marcuzzo
I don't see the point of showing actual "live" source code on a website.
usually you would use a syntaxhighlighter like the one suggested by Codersfriend, or you could use another sollution like embedding an external snipped like a jsfiddle or a github gist
Possum
Quote:
The other alternative to that is by renaming the page to ".phps"



wow... love this
Peterssidan
I guess this could be a good idea if you want your website to be open source, but note that the method shown by jajarvin only shows the current file. It doesn't show files that the current file includes or files that includes the current file.
Possum
Would there be a way to have link on your page that would open a *.php file as a *.phps file.

So you would not have to upload both a *.php file and a phps file.
Peterssidan
Possum wrote:
Would there be a way to have link on your page that would open a *.php file as a *.phps file.

So you would not have to upload both a *.php file and a phps file.

You could pass the filename to a PHP file using URL parameters and use the show_source function to show it.
Code:
<?php // showsource.php
if (isset($_GET['file']) && !empty($_GET['file']))
{
   show_source($_GET['file']);
}
?>

Then you could use showsource.php?file=foo.php to show the source code of foo.php.

You need to be careful with this though, because it allow people to see all your code. If you store passwords or other sensitive information in the files you might not want use this , or at least you probably should put in some extra protection.
Possum
Nice code Peterssidan

thx
qndel
The whole point of php is to hide the source, why would you do this? Very Happy
sailor69
qndel wrote:
The whole point of php is to hide the source, why would you do this? Very Happy


Exactly. It could be useful when debugging your own code, but it seems a kinda dumb way to do it, no offense. Anything that shows the filename of a page, like the url of the page this form is on, http://www.frihost.com/forums/posting.php?mode=quote&p=1205866, could give a hacker information about your source code and how to hack in to Frhost or at least your site.

If that command is not disabled on Frihost, I would prefer to be able to disable it within my own account.

There are other ways to see the code in your file when you are logged in, which I believe are the same whether in CPanel or DirectAdmin. You could call it up in File Manager's file editor within Frihost. You could download the file and view it in a text editor on your computer or whatever you use for script editing.

Doing stuff like that can be a little cool, but don't screw around with that if you don't have to.

Edit: I'm rethinking using PHP at all, since I'd have to use PHP filenames.
Peterssidan
qndel wrote:
The whole point of php is to hide the source, why would you do this?

I disagree that the whole point of PHP is to hide code. There are a lot of popular open source software (e.g. phpMyAdmin and phpBB) where the code is publicly available.

sailor69 wrote:
If that command is not disabled on Frihost, I would prefer to be able to disable it within my own account.

If you don't want to show the source code there is no reason why you would call show_source in the first place.
sailor69
Quote:
If you don't want to show the source code there is no reason why you would call show_source in the first place.


The point is, if a hacker were somehow able to get in, this command would enable another way to get filenames the file management system on the server might not detect. It is unnecessary.
Peterssidan
Do you also want to disable readfile, file_get_contents, and other functions that allow you to read from files?

I doubt you can use PHP to read files that you otherwise don't have access to in your Frihost account. If you can then something has obviously not been setup correctly and you should tell an admin so that they can fix it.
sailor69
Peterssidan wrote:
Do you also want to disable readfile, file_get_contents, and other functions that allow you to read from files?


Not for now. It looks like I've got a lot of homework to do. I assume that thorough testing has been done for the purpose of determining if hackers can get deeper into an account in this and other ways? know about using $_SERVER['PHP_SELF'] and the like, and recall testing them on Frihost.
Related topics
PHP Tutorial: Basic Shoutbox w/ MySQL
PHP CODE INCLUSION
mySQL Query/PHP code - get the highest value...
my PHP code benchmark script that got some problems
PHP code snippit?
Php code messed up. What's wrong?
CSS for making images go through a php code.
Gradient Fill Cell
What is a good or bad php code?
PHP Code to HTML
I want PHP Code to ......
Help With Simple PHP Code Snipit
removing DirectAdmin part of URL makes php code work
Highlight PHP-code in a HTML-document
Reply to topic    Frihost Forum Index -> Scripting -> Php and MySQL

FRIHOST HOME | FAQ | TOS | ABOUT US | CONTACT US | SITE MAP
© 2005-2011 Frihost, forums powered by phpBB.