Page 1 of 1

Where's my mistake?

Posted: Wed Dec 26, 2012 4:49 pm
by SicX
Hey guys,
im working next to school on a little 'CMS' (just for fun). It's pretty simple, just a site-selection, the textarea to edit and a save button. It actually works fine, I can see all my content and also can edit it an save it, but when I hit the save-button (in german: speichern) it all get's save at the index.php.
For example: I'm at site 'geschichte.php' with the content 'abc' and I edit the content to 'abcdef' it's get saved in index.php.
(As always, I'm having a hard time to explain :) )

Here is my script:
<html>
		<form method="post" action="">
			<select name="seitenauswahl" size="1">
				<option value="blabla/index.php">Index</option>
				<option value="blabla/geschichte.php">Geschichte</option>
			</select>  

			<input name="enter" type="submit" value="Auswählen"/>
		</form>
		<hr />
		
		<!-- Quelltext-Editor (Script)-->
		<?php
			$Seite = $_POST["seitenauswahl"]; /* preeeeetty messy part :'D */
			$edit = $Seite;
			if (empty($edit)) {
					$edit ="blabla/index.php"; 
					$Seite = $edit; /* preeeeetty messy part :'D */
			}
			
			if(isset($_POST["dateiinhalt"]) && $dateiinhalt = $_POST["dateiinhalt"])
			{
	
			$handle = fopen($edit,"w");
			fwrite($handle,$dateiinhalt);
			fclose($handle);
			
			echo '<p style="color:green;margin-bottom:20px;">'."\n";
			echo 'Datei erfolgreich editiert!'."\n";
			echo '</p>'."\n";
			}
			$fileinhalt = file_get_contents($edit); 
		?>
	
			
		<!-- Quelltext-Editor (Eingabefeld)-->

		<form action="" method="post">
			Quelltext von der Datei im Pfad "<?php echo "$Seite"; ?>" bearbeiten:<br><br> 

		<!-- Currently editing file.... if you don't understand it :') -->

			<textarea style="width:1500px;height:300px;" name="dateiinhalt">
			<?php echo $fileinhalt; ?>
			</textarea><br><br>

			<input type="submit" name="submit" value="Speichern">
		</form>
</html>
I somehow need to write, when I hit save (=Speichern) that it should save the content on the current file (which I'm editing) and not at index.php.

Aww man it's soo easy and I don't get it :@
Anyways, I hope someone can help me! :)

Re: Where's my mistake?

Posted: Wed Dec 26, 2012 5:33 pm
by ExtremeGaming
I'm not too sure I understand you. fwrite() will remove all data on the file you want to edit, then add. Also, remove the variables calling on variables. $Seite is pointless. You can call everything you need by $edit. If you need to edit other files, you need to add more options to your dropdown.

Re: Where's my mistake?

Posted: Wed Dec 26, 2012 5:55 pm
by SicX
Yea, I've commented it, that the part with $Seite is pretty messy :P Don't know what i've thought while writing this :D
Well my problem is not, that i can only edit 2 sites. My problem is:

If I go at the selection to site2 and type "Hello World" and hit save, the content (-> "Hello World") gets save in site1 and not, as thought, in site2. Also, if i edit site3 and hit save, it'll get saved in site1! :/

I somehow need to write, that when I hit save, the content will get saved in the current file (like in example site2) and not in the first file (site1) :?:

Re: Where's my mistake?

Posted: Wed Dec 26, 2012 7:06 pm
by ExtremeGaming
Remove $edit = $Seite; I'm not sure why that's your problem but it seems it is. Change all $Seite to $edit or vice versa.

Re: Where's my mistake?

Posted: Wed Dec 26, 2012 8:07 pm
by SicX
Well if I'm doing it like that:
<?php
			$edit = $_POST["seitenauswahl"];
			
			if(isset($_POST["dateiinhalt"]) && $dateiinhalt = $_POST["dateiinhalt"])
			{
	
			$handle = fopen($edit,"w");
			fwrite($handle,$dateiinhalt);
			fclose($handle);
			
			echo '<p style="color:green;margin-bottom:20px;">'."\n";
			echo 'Datei erfolgreich editiert!'."\n";
			echo '</p>'."\n";
			}
			$fileinhalt = file_get_contents($edit); 
?>
It'll say: Warning: fopen(): Filename cannot be empty
But I've set what file I want to edit :/

Re: Where's my mistake?

Posted: Wed Dec 26, 2012 8:30 pm
by ExtremeGaming
That means, for whatever reason, the $_POST["seitenauswahl"] is not in the post array and your earlier if(empty($edit)) { was taking over. Add print_r($_POST); before the fopen and post whatever is shown

Re: Where's my mistake?

Posted: Wed Dec 26, 2012 8:59 pm
by SicX
Well, if I enter the site it says:

Warning: file_get_contents(): Filename cannot be empty [...]

If I choose a site, it seems all good

and when I hit save:

Array ( [dateiinhalt] => My Content [submit] => Speichern ) Warning: fopen(): Filename cannot be empty [...]

If I understood you right I should do it like that:
<?php
			
			$edit = $_POST["seitenauswahl"];
			
			if(isset($_POST["dateiinhalt"]) && $dateiinhalt = $_POST["dateiinhalt"])
			{
			
			print_r($_POST);
			
			$handle = fopen($edit,"w");
			fwrite($handle,$dateiinhalt);
			fclose($handle);
			
			echo '<p style="color:green;margin-bottom:20px;">'."\n";
			echo 'Datei erfolgreich editiert!'."\n";
			echo '</p>'."\n";
			}
			$fileinhalt = file_get_contents($edit); 
		?>

Re: Where's my mistake?

Posted: Wed Dec 26, 2012 9:22 pm
by ExtremeGaming
It means your drop down is not submitting properly. Post the exact code you have for your html form

Re: Where's my mistake?

Posted: Wed Dec 26, 2012 9:51 pm
by SicX
<html>
	<head>
		<title>CMS</title>
	</head>

	<body>
<form action="" method="POST">
			<select name="seitenauswahl" size="1">
				<option value="CT/index.php">Index</option>
				<option value="CT/geschichte.php">Geschichte</option>
				<option value="CT/blog.php">Blog</option>
				<option value="CT/server.php">Server</option>
			</select>  
			<input type="submit" name="enter"  value="Auswählen"/>
		</form>
		<hr />
		
		<!-- Quelltext-Editor (Script)-->
		<?php
			
			$edit = $_POST["seitenauswahl"];
			
			if(isset($_POST["dateiinhalt"]) && $dateiinhalt = $_POST["dateiinhalt"])
			{
			
			$handle = fopen($edit,"w");
			fwrite($handle,$dateiinhalt);
			fclose($handle);
			
			echo '<p style="color:green;margin-bottom:20px;">'."\n";
			echo 'Datei erfolgreich editiert!'."\n";
			echo '</p>'."\n";
			}
			$fileinhalt = file_get_contents($edit); 
		?>
	
			
		<!-- Quelltext-Editor (Eingabefeld)-->
		<form action="" method="post">
			Quelltext von der Datei im Pfad "<?php echo $edit; ?>" bearbeiten:<br><br>
			<textarea style="width:1500px;height:300px;" name="dateiinhalt">
			<?php echo $fileinhalt; ?>
			</textarea><br><br>
			<input type="submit" name="submit" value="Speichern">
		</form>
	</body>
</html>

Re: Where's my mistake?

Posted: Wed Dec 26, 2012 10:40 pm
by ExtremeGaming
There were a few issues I found when running the code on my site. First, textareas take empty spaces very seriously. All that empty space you had between the opening <textarea> and closing </textarea> caused your fopen() issue. Second, you aren't checking if $_POST['seitenauswahl'] even exists. Third, you should move all php validation and such to the top of the page. Here is a working version of your file. I have no idea why your print_r() did not show the dropdown but mine did.
<html>
	<head>
		<title>CMS</title>
	</head>
 
	<body>
		<form action="" method="POST">
			<select name="seitenauswahl" size="1">
				<option value="CT/index.php">Index</option>
				<option value="CT/geschichte.php">Geschichte</option>
				<option value="CT/blog.php">Blog</option>
				<option value="CT/server.php">Server</option>
				</select> 
			<input type="submit" name="enter"  value="Auswählen"/>
		</form>
                <hr />
               
                <!-- Quelltext-Editor (Script)-->
       
                <?php
                
                
                if(empty($_POST["seitenauswahl"])) {
                        
                        $edit = "CT/index.php";
                        	
		} else {
                        
			$edit = $_POST["seitenauswahl"];
                       
		}
                       
                        if(isset($_POST["dateiinhalt"]) && $dateiinhalt = $_POST["dateiinhalt"])
                        {
                        
                        $handle = fopen($edit,"w");
                        fwrite($handle,$dateiinhalt);
                        fclose($handle);
                       
                        echo '<p style="color:green;margin-bottom:20px;">'."\n";
                        echo 'Datei erfolgreich editiert!'."\n";
                        echo '</p>'."\n";
                        }
                        
                        $fileinhalt = file_get_contents($edit);
                  
                ?>
                       
                <!-- Quelltext-Editor (Eingabefeld)-->
                <form action="" method="post">
                        Quelltext von der Datei im Pfad "<?php echo $edit; ?>" bearbeiten:<br><br>
                        <textarea style="width:1500px;height:300px;" name="dateiinhalt"><?php echo $fileinhalt; ?></textarea><br><br>
                        <input type="submit" name="submit" value="Speichern">
                </form>
        </body>
</html>

Re: Where's my mistake?

Posted: Thu Dec 27, 2012 1:06 pm
by SicX
Aah I see :) Yeah it works fine, but i've got my old problem:

If i switch at the selection to site 2 and type "ABC" and hit save, "ABC" will get saved in site 1 and not in site 2! :/

Re: Where's my mistake?

Posted: Thu Dec 27, 2012 4:11 pm
by ExtremeGaming
Ah yes...silly me. You have two forms. So your dropdown will only work if you submit at the top of the page, which will also not allow for editing of the file. Combine the form into one and it will work. Something like this:
<?php

if(empty($_POST['seitenauswahl'])) {

	$edit = "CT/index.php";

} else {

	$edit = $_POST["seitenauswahl"];

}

if(isset($_POST["dateiinhalt"]) && $dateiinhalt = $_POST["dateiinhalt"]) {

	$handle = fopen($edit,"w");
	fwrite($handle,$dateiinhalt);
	fclose($handle);

	$success = '<p style="color:green;margin-bottom:20px;">'."\n";
	$success .= 'Datei erfolgreich editiert!'."\n";
	$success .= '</p>'."\n";

}

$fileinhalt = file_get_contents($edit);

?>

<html>
	<head>
		<title>CMS</title>
	</head>

<body>
	<form action="" method="POST">
		<select name="seitenauswahl" size="1">
			<option value="CT/index.php">Index</option>
			<option value="CT/geschichte.php">Geschichte</option>
			<option value="CT/blog.php">Blog</option>
			<option value="CT/server.php">Server</option>
		</select> 
		<input type="submit" name="enter"  value="Auswählen"/>
	<hr />
	
	<?php

	if(isset($success)) {
	
		echo $success;
		
	}

	?>

		 Quelltext von der Datei im Pfad "<?php echo $edit; ?>" bearbeiten:<br><br>
		<textarea style="width:1500px;height:300px;" name="dateiinhalt"><?php echo $fileinhalt; ?></textarea><br><br>
		<input type="submit" name="submit" value="Speichern">
	</form>
</body>
</html>

Re: Where's my mistake?

Posted: Fri Dec 28, 2012 5:46 pm
by SicX
All right! :)
Works men, thanks! I wish you a happy new year :)

One littel question: htaccess is save and can't be cracked (expect you're using a simpel password -> brut force attack), am I right? :) So I could possibly use this little CMS on a homepage, in a folder which is locked by htaccess and htpasswd (best would be using it with SSL)?

Re: Where's my mistake?

Posted: Fri Dec 28, 2012 7:49 pm
by Helx
SicX wrote:So I could possibly use this little CMS on a homepage, in a folder which is locked by htaccess and htpasswd (best would be using it with SSL)?
Use htaccess to block everyone but your own IP.
If your IP changes, just update the file.
order deny,allow
deny from all
allow from 127.0.0.1

Re: Where's my mistake?

Posted: Fri Dec 28, 2012 9:20 pm
by SicX
Ok, best would be using dyndns I think! Because changing everyday the htaccess would... :D
Does htaccess work with IPv6?

Re: Where's my mistake?

Posted: Sat Dec 29, 2012 2:03 am
by jacek
SicX wrote:Ok, best would be using dyndns I think! Because changing everyday the htaccess would... :D
Does htaccess work with IPv6?
Should do, never tested it though. I don't think any routers use IPv6 yet though do they ?

Re: Where's my mistake?

Posted: Sat Dec 29, 2012 12:15 pm
by SicX
Hmm yeah, I was just asking :)
Back to the htaccess code, I've heard of tools which changes your IP! Wouldn't it be pretty simple to crack? And, does this IP thingy works together with htpasswd?

@jacek As you might have seen, I'm learning myself into fopen, fwrite and fclose. Could you please do a tutorial about it, and show how to edit a file (e.g. cfg) on another server (e.g. a gaming-server like Minecraft, Call of Duty etc. (You can also post a link, where you have used it))! It would help me so much! :)

I'm not sure how to set the server adress - just like that (?):
<php 
$filename = 'myserver:25565/test.txt'; 
?>

Re: Where's my mistake?

Posted: Sat Dec 29, 2012 5:50 pm
by ExtremeGaming
I don't see the need of editing a file on another server. In fact, I think it's illegal (depending on their TOS). Yes, there are proxy servers out there to mask IP addresses, however an IP block affects the single IP throughout the whole site unless you use another htaccess.

Re: Where's my mistake?

Posted: Sat Dec 29, 2012 10:39 pm
by SicX
ExtremeGaming wrote:I don't see the need of editing a file on another server.
Would be nice to have all functions of your servers on one page ;) But I think if you want to realize this, you'll need an own root server where your gamingserver is, your webspace and so on! :)

Thanks for helping guys! (:

Re: Where's my mistake?

Posted: Sun Dec 30, 2012 2:53 am
by Helx
You digress.

Continue this conversation in a new thread - locking this one for now (so it doesn't have hundreds of pages :P )
If you want it unlocked again just PM me or any other forum Admin/Mod.