php script calling another php script

macpaul

I want to be able to pull in 'mini' php scripts into some text. The context is a CMS. I have prepared scripts that generate a contact form for example. I want to be able to include it in the flow of editable text with something like [script]contactform.php[/script].

The only way I can get it to work is to 'require' it as the CMS is parsing the text. Unfortunately, this means it gets output right then, rather than appearing within the text at the point of the [script] tag.

I realise the problem is that PHP is running as it's reading, so it might be an impossible task.

Has anyone tried anything like this? Thanks!

mrmigu

if youre trying to read the file, instead of execute it, use file_get_contents()

macpaul

Yes, this does pull in the content, but the content can't contain any PHP, as it's just pulled in, not executed. For pulling in HTML snippets, this works great.

I suspect that what I want to do can't be done: how can a running PHP script insert more PHP and run that before continuing?.. :bemused:

mrmigu

I dont quite get what youre trying to do?
are you trying to input it into a textarea, and then save it, and have it run later?
Please try explaining again

etully

include("file2.php");

macpaul

Ok, here's the scenario:

A textarea in a CMS is used to put text onto a web page. So far so good, fairly standard stuff. Somewhere amongst that text is a call to an external snippet of php. Example text in the textarea:

[FONT=Courier New]Please complete the form below to register

[script]form.php[/script]

Don't forget to complete all fields[/FONT].

The CMS will parse this and output the result to the web page. When it hits [script]form.php[/script] it will pull in that external PHP file, which will contain some PHP and some HTML.

Then this whole block of text will be output. The problem is, this whole block of text will contain various other tags that PHP is happily turning into HTML (ie an will be turned into a standard <img> tag). The processing of all of this text is not finished when a [script] tag is found: in the example above, there's additional text after the [script] tag.

How to tell PHP to effectively process that external snippet and place the result of the processing into the text at the point of the [script] tag, as HTML. Calling include() or require() will cause that snippet to be processed and output at the point it's called, not along with the rest of the text.

etully

So you have a web based editor for adding text (which is a mixture of text and html and php) to your web page - and you want to be able to put [script]file.php[/script] into that web based editor. Then when the CMS delivers the page to the user, it displays all the text and html and a processed version of the PHP that's in file.php.

Is that right?

macpaul

etully wrote:
So you have a web based editor for adding text (which is a mixture of text and html and php) to your web page - and you want to be able to put [script]file.php[/script] into that web based editor. Then when the CMS delivers the page to the user, it displays all the text and html and a processed version of the PHP that's in file.php.

Is that right?

That sounds about it!

etully

So when the CMS parses the text and it sees this: [script]file.php[/script] it's obtaining the text in that file (which is PHP code) and instead of letting PHP parse that file, it's displaying the PHP code?

If that's what it's doing, then it sounds like you need to modify the CMS so that instead of echo'ing the contents of that file, it does an include of that file or an eval() of that text. Similarly, you could add a new tag to the CMS. You might call it something like [eval] or [exec] or [run] or whatever.

That should work fine - except for that little problem of this being a huge security hole. There's no security hole if you are the only person who can put text into that web based text editor. But if users can see or use that text editor, then do not modify the CMS as described.

I think the reason you were seeing this as "impossible" was that it's not a function of the CMS in the first place - which they probably left out for security purposes.

If you do decide to alter the CMS, make sure that the PHP in your [script]file.php[/script] file doesn't alter any variables that the CMS uses - or alter the environment in a way that the CMS doesn't expect.

macpaul

Firstly, it's my own CMS, so I can do whatever I like with it! Secondly, there wouldn't be a security issue initially because clients don't have the ability to create their own scripts: it's for me to make reusable items for different pages.

Thirdly, using an include makes the PHP get processed right there, not with the flow of the text.

However, eval might work, so I'll look into that and report back!