possible to execute a text file?

juschillinnow

here's my code:

$file = @join(" ", @file("./dbconnect.php"));
$file = @ereg_replace('<?', "", $file);
$file = @ereg_replace('?>', "", $file);
$file = @ereg_replace("%server%", $server, $file);
$file = @ereg_replace("%user%", $user, $file);
$file = @ereg_replace("%pass%", $pass, $file);
$file = @ereg_replace("%db%", $db, $file);
//$file = htmlspecialchars($file);
echo $file;

what I trying to do is test the connection before creating the dbconnect file. so I want to "run" the file first to make sure it doesn't return any errors.

possible?

tomhath

Can't you just eval the string?

http://www.phpbuilder.com/manual/function.eval.php

juschillinnow

maybe I'm not using eval right...

$file = @join(" ", @file("./dbconnect.php"));
$file = @ereg_replace('<?', "", $file);
$file = @ereg_replace('?>', "", $file);
$file = @ereg_replace("%server%", $server, $file);
$file = @ereg_replace("%user%", $user, $file);
$file = @ereg_replace("%pass%", $pass, $file);
$file = @ereg_replace("%db%", $db, $file);
$file = @ereg_replace("\<\?", "", $file);
$file = @ereg_replace("\?\>", "", $file);
//$file = htmlspecialchars($file);
eval($file);
echo $file;

all this does is substitute the value of %server% for the actual server which is passed in by a form. This is great, but I need a way to "execute" the script to see if the sub-ed values actually work.

diego25

Read the documentation for eval() that tomhath posted. It says that eval requires <? ?> in the evaluated string.

Diego

juschillinnow

right. I tried it like that but it returns an error that says unexpected < on line 1 of (eval)'d

diego25

Can we see your code?

Diego

juschillinnow

<html>
<body>
<?if(!isset($step)){?>
<form action="<?$PHP_SELF?>?step=2" method=post>
<table border=0 cellspacing=0 cellpadding=0>
<tr><td colspan="3">You must change the permissions on the following files to 0777 before proceeding</td></tr>
<tr><td>db_fns.php</td><td>dbconnect.php</td></tr>
<tr><td>Database Server</td><td><input type="text" name="server"></td><td>Example: db.server.com</td></tr>
<tr><td>DatabaseUser Name</td><td><input type="text" name="user"></td><td>Example: my_user_name; provided by web host.</td></tr>
<tr><td>Database Password</td><td><input type="password" name="pass"></td><td>Example: my_pass; provided by web host</td></tr>
<tr><td>Database Name</td><td><input type="text" name="db"></td><td>Example: icart</td></tr>
<tr><td colspan=3 align=center><input type=image src="./images/admin_submit_submit.gif"></td></tr>
</table>
</form>
<?
}
if($step == "2")
{
$file = join("", @file("./dbconnect.php"));
$file = ereg_replace("%server%", $server, $file);
$file = ereg_replace("%user%", $user, $file);
$file = ereg_replace("%pass%", $pass, $file);
$file = ereg_replace("%db%", $db, $file);
$file = ereg_replace("\<?", "", $file);
eval($file);
echo $file;
/*$open = @fopen("./dbconnect.php", "w");
@fwrite($open, $file);
@fclose($open);
$file1 = @join("", @file("./db_fns.php"));
$file1 = @ereg_replace("%server%", $server, $file1);
$file1 = @ereg_replace("%user%", $user, $file1);
$file1 = @ereg_replace("%pass%", $pass, $file1);
$file1 = @ereg_replace("%db%", $db, $file1);
$open = @fopen("./db_fns.php", "w");
@fwrite($open, $file1);
@fclose($open);

$file = @join("", @file("./dbconnect.php"));
if(@preg_match("/%server%/", $file)){$error .= "Server not written | dbconnect.php<br>";}
if(@preg_match("/%user%/", $file)){$error .= "User Name not written | dbconnect.php<br>";}
if(@preg_match("/%pass%/", $file)){$error .= "Password not written | dbconnect.php<br>";}
if(@preg_match("/%db%/", $file)){$error .= "Database not written | dbconnect.php<br>";}
$file = @join("", @file("./db_fns.php"));
if(@preg_match("/%server%/", $file)){$error .= "Server not written | db_fns.php<br>";}
if(@preg_match("/%user%/", $file)){$error .= "User Name not written | db_fns.php<br>";}
if(@preg_match("/%pass%/", $file)){$error .= "Password not written | db_fns.php<br>";}
if(@preg_match("/%db%/", $file)){$error .= "Database not written | db_fns.php<br>";}
if(!isset($error))
{
?>
<OBJECT classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000"
 codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=6,0,0,0"
 WIDTH="400" HEIGHT="25" id="slider" ALIGN="">
 <PARAM NAME=movie VALUE="./images/slider.swf"> <PARAM NAME=quality VALUE=high> <PARAM NAME=scale VALUE=noscale> <PARAM NAME=wmode VALUE=transparent> <PARAM NAME=bgcolor VALUE=#FFFFFF> <EMBED src="./images/slider.swf" quality=high scale=noscale wmode=transparent bgcolor=#FFFFFF  WIDTH="400" HEIGHT="25" NAME="slider" ALIGN=""
 TYPE="application/x-shockwave-flash" PLUGINSPAGE="http://www.macromedia.com/go/getflashplayer"></EMBED>
</OBJECT>
<SCRIPT LANGUAGE="JavaScript">
redirTime = "5000";
redirURL = "<?$PHP_SELF?>?step=3";
function redirTimer() { self.setTimeout("self.location.href = redirURL;",redirTime); }
redirTimer();
</script>
<?
echo "Testing Connection";
}
else
{
echo "Your files did not register correctly due to the following.  Please go back and try again. Check you permissions!<br>$error";
}
}
if($step == "3")
{
include("dbconnect.php");
    if(!$db_error)
    {
    echo "You have succesfully connected to your database. Please set permissions for file 'dbconnect.php' to original server settings";
    }
    else
    {
    echo "We have encountered problems with your settings.<br>Error $db_error<br><br>Please click 'Reset' then try again. If problem persists please contact vendor";
    }
 */
}
?>
</body>
</html>

dbconnect.php file:

<?
    if(!$mysql_link = mysql_connect("%server%", "%user%", "%pass%"))
    {
    echo "<p>Error 1142: Could not connect to the database!";
    $db_error .= "1142";
    }
    elseif(!mysql_select_db("%db%", $mysql_link))
    {
    echo "<p>Error 1143: Could not select the database!";
    $db_error .= "1143";
    }
?>

diego25

You can print $file to see if it's what you actually expect.

But anyway, I think
$file = ereg_replace("<?", "", $file);

that line would mess your $file up.

Diego

juschillinnow

print???

do you mean like:

printf("%s", $file);

????

Let's say I take out that line, what do you mean by printing? echoing should produce the same result correct?

but it doesn't, believe me, I have tried several things. I have tried quote meta, addslashes, taking out the <? altogether and adding slashes to it and leaving it as is. NOTHING!

It seems like it should work, but it flunks out.

It either:

a) echoes the error with some of the code (so I know it's not working)

b) returns and error about the > or <

c) return some weird error when I do some other configuration. I've never seen the error before and when I did a search for it, the only related was for a BB programming language, which I've never heard of either.

Any other suggestions?

diego25

Yeah, just a

print $file;

I'm not saying that that will solve your problem. I recommende you print (or echo) the $file variable so that you can see what's in it, and check that it's correct. You can, for example, then copy and paste what was printed/echoed to your PHP editor with syntax highlighting and find the error in the eval'ed code.

Diego