Home
Saturday, June 24, 2017
1:33:30 PM
Users online: 0   You are here >> Home > Programming

Forums | Programming Forums search
Forum FAQ
   
  1  
PHP conundrum: parsing PHP in files served by CGIs
stickmangumby 
11/8/08 5:03:01 PM
Champion

At work we use a proprietary software setup that is very much out of date. Every day I have to bend it to do things that it was never intended to do, and I've finally hit a brick wall.

Basically, the software interfaces with the database solution by the same company, and pulls content out of that to make a dynamic website.

It interfaces with the database using binary CGIs. Some of these CGIs also automatically concatenate header and footer HTML files onto the template files that get populated from the database.

For example, the website is set up so that you link to /file.cgi?FILE=index.html for the home page. This automatically inserts header.html and footer.html before and after the contents of index.html.

Now, this whole setup was on the market way before SEO was even conceived :P. Hence, our website massively fails at Google, which is not what we want.

I'm currently trying to get some dynamic <title> tags going. However, the <title> tag is in header.html. I've installed PHP (web server is Apache, OS is Windows XP), and of course when you navigate to /file.cgi?FILE=test.php, the actual PHP in test.php is not parsed - it just gets spat out as HTML.

I cannot for the life of me figure out how to have these pages that are served up by CGIs PHPed. However, just accessing /test.php works, so PHP is certainly working to some extent.

I've thought about several workarounds, but none of them are likely to be very maintanable.

So, the question is, does anyone have any idea how to make PHP parse files that are retrieved by CGIs as above?

-----

eckythump 
12/8/08 12:20:14 AM
Overlord

Make sure your php.ini has:
allow_url_fopen = On
allow_url_include = On

Then you should be able to just go:
<?php 
include " http://a.b.c/file.html";
?>
and all of the PHP code i nthe included URL will be parsed.

This doesn't work for versions < 4.3.0 on Windows. So check that you're using > 4.3.0 before you start tearing out your hair because it doesn't work.

Naturally there are security considerations here. You probably want to leave allow_url_include turned off in the php.ini and turn it on just in the .htaccess file for that dir/website.

Alternately, you could do away with teh binary CGIs and fetch teh DB data yourself and produce your own HTML output.

-----
"Grandfather had an accident, he got burnt." "Oh no, how bad?" "Well, they don't fuck around at the crematorium."

stickmangumby 
12/8/08 10:36:18 AM
Champion

Thanks for the reply eckythump.

I am running PHP5. I don't fully understand your suggestion... I know what the include function does, and understand the security risks, but I'm not sure how it will help.

To reiterate, when I access /file.cgi?FILE=whatever.php, file.cgi whacks header.html and footer.html around whatever.php, and my web browser recieves something like:

 
<!-- HTML from header.html -->
<div id="header">Header stuff</div>

<!-- Unparsed contents of whatever.php -->
<?php
echo "Test";
?>

<!-- HTML from footer.html -->
<div id="footer">Footer stuff</div>


So the browser doesn't just get the word "Test"; it gets the actual uninterpreted PHP code that was in whatever.php.

I would kill to get rid of their CGIs, but the data isn't even in a relational database... it's some kind of flat file binary crap :O There's no documentation for querying it or anything!!

Guess which software company hasn't had any new customers in the last 5 years? :P

-----

robzy 
12/8/08 12:31:21 PM
Hero
Immortal


Did you...

Make sure your php.ini has:
allow_url_fopen = On
allow_url_include = On

??

Rob.

-----
&#1506;&#1501; &#1497;&#1513;&#1512;&#1488;&#1500; &#1495;&#1497;

stickmangumby 
12/8/08 1:24:50 PM
Champion

Quote by robzy
Did you...

Make sure your php.ini has:
allow_url_fopen = On
allow_url_include = On

??

Rob.



I'll check it when I'm next in at work. IIRC I haven't changed any defaults, so I think that means allow_url_fopen is set to On and allow_url_include is set to Off ( http://au2.php.net/manual/en/filesystem.configuration.php ).

-----

zephyr 
12/8/08 1:25:16 PM
Hero
Titan


Quote by stickmangumby
So, the question is, does anyone have any idea how to make PHP parse files that are retrieved by CGIs as above?



you probably can't do it by accessing file.cgi?whatever, because it looks to me like the CGI is pulling the PHP file directly from the filesystem, and not through HTTP.

you might be able to run it through php afterwards, ie have file.php get the querystring, and then call the cgi using include, but that would be inefficient.

-----
The most likely way for the world to be destroyed, most experts agree, is by accident. That's where we come in. We're computer professionals. We cause accidents. (N. Borenstein)

eckythump 
12/8/08 3:45:48 PM
Overlord

Quote by stickmangumby
Thanks for the reply eckythump.

I am running PHP5. I don't fully understand your suggestion... I know what the include function does, and understand the security risks, but I'm not sure how it will help.


Let's say you have this URL:
http://a.b.c/blah.cgi?args=foo

When you go to this URL it spits out this HTML:
 
<!-- HTML from header.html -->
<div id="header">Header stuff</div>

<!-- Unparsed contents of whatever.php -->
<?php
echo "Test";
?>

<!-- HTML from footer.html -->
<div id="footer">Footer stuff</div>


Now let's have another URL:
http://a.b.c/blooble.php

The code of blooble.php is:
When you go to this URL, you'll get what you got before, 'cept the PHP code will have been processed.

And of course, you could pass args to blooble.php and have them then passed to the CGI it's fetching to keep it nice and dynamic.

Is this not what you're after?

-----
"Grandfather had an accident, he got burnt." "Oh no, how bad?" "Well, they don't fuck around at the crematorium."

zephyr 
12/8/08 9:49:30 PM
Hero
Titan


Quote by eckythump
And of course, you could pass args to blooble.php and have them then passed to the CGI it's fetching to keep it nice and dynamic.

Is this not what you're after?




Well, that was my suggestion too, so if you're wrong, I am too... I don't think you made it terribly clear that's what you were suggesting the first time though :-)

Instead of the CGI wrapping the PHP, he needs the PHP interpreter to interpret the output of the CGI.

Unfortunately this is going to result in twice as many page loads, and extra processing overhead...

-----
The most likely way for the world to be destroyed, most experts agree, is by accident. That's where we come in. We're computer professionals. We cause accidents. (N. Borenstein)

stickmangumby 
14/8/08 11:31:40 AM
Champion

Thanks a lot eckythump and zephyr, that sounds like the best possible solution. Server load is currently so far from a concern that it's not funny!

-----

  1  
Forums | Programming