Page 1 of 1

PHP Source listing suggestion

Posted: Fri Aug 11, 2017 4:25 am
by sfws
A number of programmers have contributed PHP scripts to this support forum, and some include a self downloader.
e.g.

Code: Select all

if ( isset($_REQUEST['source']) && strtolower($_REQUEST['source']) == 'view' ) {
 $filenameReal=__FILE__;
 $download_size=filesize($filenameReal);
 header('Pragma: public');
 header('Cache-Control: private');
 header('Cache-Control: no-cache, must-revalidate');
 header('Content-type: text/plain');
 header('Accept-Ranges: bytes');
 header("Content-Length: $download_size");
 header('Connection: close');
 readfile($filenameReal);
 exit;
}

There does not appear to be consistency over the query-string used to initiate the source list, that example uses "&source=view" (e.g. cumulswebtags.php?source=view for script that is frequently used to provide values to a suite of web pages using PHP), but I have seen the variants "&sce=view", "&view=sce", "&view=src" and "&src=view" used amongst a handful of others, and one forum contributor uses "?view=getorfmiland" if you want to see the source of his widely used http://sandaysoft.com/forum/viewtopic.php?f=14&t=11397 script.

Most people who implement PHP on their web-sites do so because you can use several 'require' or 'include' to include several bits of common content on as many of their web pages as appropriate. The widely used self-downloader only lists the PHP source of a single file, not all the PHP sources involved in creating that web page. If you try each of the query-strings I have just quoted on a page you are looking at on the internet, it may be ignored and the page just reloaded, it might list the main script producing the web page, or it might list the first included script that contains a self-downloader snippet. It depends which script file includes the above code, and if more than one of the php script files includes the above code, the first file parsed that includes the code is actually listed. What you are never able to do is choose which file, if any, will have its source listed

I have implemented an alternative, a way to view the source of any of the scripts making up any web page, and thought I would share it, in the vain(?) hope that others might consider it as 'best practice' to adopt for their script writing. I realise that many authors want to protect their interlectual property and might not want to share their source script, but hopefully some people realise that by sharing their source they inspire others to learn programming. I am not an expert PHP programmer, but I am very grateful to those who by sharing their sources helped me to learn PHP by providing me with scripts that I could try tweaking and thus gain some understanding about how they worked. Of course I have not sought to make financial gain from the work of others, and there are those out there that might pinch ideas for financial gain.

As I report at http://sandaysoft.com/forum/viewtopic.php?f=10&t=4444#p127326, I have by incorporating my script snippets described below made it possible to display the source of any of my scripts that are being used on PaulMy's web site.

* I wanted to be able to decide script by script whether its source could be viewed (to exclude those containing passwords or other material that you would expect to remain hidden).
* I wanted to be able to choose which of the various scripts in any web page got listed by selecting the relevant script using a query-string.
* I wanted a way to optionally list the range of possible query-strings (for when I could not remember which scripts were included in a particular web page).
* Finally I needed the downloader to know the path names for each file as my individual scripts are not all in the same directory.

My code basically just uses standard PHP (with very little interllectual design content) that many other people incorporate in their code, and I would be pleased if this was used more widely to make it easier for amateurs experimenting with programming like myself to share code. However, it did need an eureka moment for me to work out that I could deal with my path-name uncertainty by storing the path name in an array together with a shorter-name appropriate to use in a query-string, so I would not want anybody else to use that script snippet which is my idea for their own profit!

In each of those individual scripts that offer viewing its source, I include something based on the following script extract (I have made it a bit complicated by including three different selector name alternatives as I want to make it easy to list my sources, but you can tailor the script you use according to which query-string selector you prefer):

Code: Select all

   #--------------------------------------------------------------------------#
   #    Just list the PHP source?    Start of common SPAWS snippet.      #
   #    Modify URL of calling web page by adding a query-string such as    #
   #    ?viewSource='xxxxx'" or "?src='xxxxx'" or "?sce='xxxxx'"          #
   # to see source for any file xxxxx.php whether web page or included file   #
   #--------------------------------------------------------------------------#   
   $path = /* put the path to where you have the common script here */;
   if(file_exists($path . '\sourceView.php'))    include_once $path . '\sourceView.php';      
   if(function_exists('add_source')) add_source(__FILE__, basename(__FILE__, '.php'));  # NB use of this magic constant represents the file in which it appears
      if(
                 // $_GET only returns parameters as part of a GET REQUEST, this is the one where (when you start (re-)loading the file), you read information from the query-string
                // $_POST only returns parameters as part of a POST request, this is when a form has been completed its contents are kept in HTTP for when page reloaded
               // $_REQUEST will return parameters found in COOKIE, GET or POST
         isset($_GET['viewSource']) && $_GET['viewSource'] == basename(__FILE__, ".php") or
         isset($_GET['sce']) && $_REQUEST['sce'] == basename(__FILE__, '.php') or
         isset($_REQUEST['src']) && $_REQUEST['src'] == basename(__FILE__, '.php')         
      ){
            if(function_exists('display_source'))   display_source (basename(__FILE__, '.php'));
      }   
   #-----------------------------------------------------------#
   #    End of common snippet to list source call         #
   #-----------------------------------------------------------#

The two functions add_source(x,y) and display_source(y) referenced in the snippet above are defined in the included file 'sourceView.php' shown below, that also defines a global array and can use an optional global variable (that I assign an arbitrary value to, in one of the scripts making up the page, when I want to be prompted with list of query-strings available):

Code: Select all

function display_source($filenameRequest)   {
   global $fileNameArray; // see other function for how this array set up
   $download_size = filesize($filenameRequest . ".php");
        header('Pragma: public');
        header('Cache-Control: private');
        header('Cache-Control: no-cache, must-revalidate');
        header("Content-type: text/plain");
        header("Accept-Ranges: bytes");
        header("Content-Length: $download_size");
        header('Connection: close');
   echo "<section class='b_LH'>"; // define background in CSS using a class so easier to read listing
   $fileName = $filenameRequest . ".php";
        readfile("$fileName",true);
   echo "</section>";// end defined background
    exit;
}

function add_source($pathName,$fileName)
 {
   global $fileNameArray, $list_sources_available, $list_query_string;
   // Note shared array holding path-names and file-names, and note optional variable which if included in calling script will produce output in final global array
   if(!isset($list_query_string)) $list_query_string = array();
   if(isset($list_sources_available))   $list_query_string[] = "<small>Use query-string <span class='blue'>?src=" . $fileName ."</span> to output PHP source for " . $pathName ." &nbsp; &nbsp; </small>";
   // Tailor the 'src' to whatever you prefer
   if (!isset($fileNameArray) or !in_array($fileName, $fileNameArray)) $fileNameArray["'" . $fileName . "'"] = "'" . $pathName . "'"; // If current script not already in array, add it
}