Path problem

roy17

Hi, I am trying to use a javascript editor called edit area into my web.
Maybe this post is out of place but I don't think the problem is in my javascript but instead on my php coding regarding path.

I am trying to use it's save feature. So what I type will be saved. If I open the link again. I will obtain the code that I just write .
What I want to create is a list of directory on the left of the page and the editor on the right in one web page. If I press the link, the file content will be loaded to the inside of the editor.

I have successfully implement the editor but it is on separate window. Not one page. I press the link. New window open. I press save. The new window with the editor closed. I don't want this one.

Below is my current code
index.php
This is my javascript code inside index.php

<script language="javascript" type="text/javascript" src="/editarea/edit_area/edit_area_full.js"></script>
<script language="javascript" type="text/javascript">
editAreaLoader.init({
	id : "content"		  	// textarea id
	,syntax: "c"				// syntax to be uses for highgliting
	,start_highlight: true		// to display with highlight mode on start-up
	,language:"en"
	,toolbar: "save,| ,undo, redo, |, search, go_to_line"
	,is_multiple_files:true
	,allow_toggle:false
        ,allow_resize:false
	,word_wrap:true
        ,replace_tab_by_spaces:4
        ,save_callback:"save_feature"
});

function save_feature(id, content)
{
    form1.content1.value=content;
    document.forms["form1"].submit();

}
</script>

if ($handle = opendir('.\\'.$folder.'\cfile\\')) 
{
    while (false !== ($file = readdir($handle))) 
    {
        if ($file != ".." && $file != ".") 
        {	
	echo "<a href=index.php?path=.&filename=$file>$file</a><br />";
        }
    }
    closedir($handle);
}

//EDITAREA
$path=$_REQUEST['path'];
$filename=$_REQUEST['filename'];
echo'
<textarea name=content id=content style="height:700px; width:900px">'; 
$script="edit";
if($filename!="scriptinclude.php")
    {
    include "scriptinclude.php";
    }
else
    {
    echo "Scriptinclude may not be edited";
    }
echo'
</textarea>
<form name=form1 method=post action=scriptupdate.php>
<table>
<tr><td><textarea name=content1 id=content1 style="display:none;">
</textarea></td></tr>
</table>';
//<textarea name=content1 id=content1 style="height: 0px; width: 0px;">
echo'
<input type=hidden name=path value='; 
echo $path;
echo"'>";

echo"<input type=hidden name=filename value='";
$filename;
echo "'>
</form>";

scriptinclude.php

<?php
if($script=="edit")
{
    //$lines = file("../$path/upload/$filename");
    //$lines = file("$path/upload/$filename");
    $lines = file($path."/".$_SESSION['folder']."/cfile/".$filename);
	foreach($lines as $line)
	{
	echo str_replace("</textarea>","<#textarea>",$line);
	}
}
else
    {
    $content= stripslashes(str_replace("<#textarea>","</textarea>",$_REQUEST['content1']));
    }
?>

scriptupdate.php

<?php
session_start();
//chdir($_REQUEST['path']."/upload");
chdir($_REQUEST['path']."/".$_SESSION['folder']."/cfile");
$fp = fopen($_REQUEST['filename'], 'w');
include "scriptinclude.php";
fwrite($fp, $content);
fclose($fp);
header('Location: ../index.php');
?>

Right now, I can load the file into the editor everytime I press the link.
However, everytime I press the save button

$path=$_REQUEST['path'];
$filename=$_REQUEST['filename'];

These two lines inside index.php always say that it is undefined.
Also,

$lines = file($path."/".$_SESSION['folder']."/cfile/".$filename);
	foreach($lines as $line)

These two line always have a warning message.
What am I missing? Please help.
Thanks in advance🙂

Weedpacket

I'll ask the question that is so obvious that it should not have to be asked:

roy17 wrote:
These two line always have a warning message.

What does the warning message say?

echo"<input type=hidden name=filename value='"; 
$filename; 
echo "'> 
</form>";

Perhaps you wanted to echo $filename here?

And perhaps you wanted at some stage to prevent people from supplying any path and filename that they liked (in other words: the path and filename to any file on your server?)

roy17

I'll ask the question that is so obvious that it should not have to be asked:

I am really sorry. I forgot to attach the warning message.
Below is the warning message that appear every time I press the save button on the toolbar of the javascript editor that I use.

<br />
<b>Warning</b>: file(/user_andrew/cfile/) [<a href='function.file'>function.file</a>]: failed to open stream: No such file or directory in <b>C:\Program Files\EasyPHP-5.3.9\www\index.php</b> on line <b>271</b><br />
<br />
<b>Warning</b>: Invalid argument supplied for foreach() in <b>C:\Program Files\EasyPHP-5.3.9\www\index.php</b> on line <b>272</b><br />

Line 271 and 272 is

$lines = file($path."/".$_SESSION['folder']."/cfile/".$filename);
            foreach($lines as $line)

Perhaps you wanted to echo $filename here?

Yes. In the working solution for the save button for this editor, I use echo $filename. However, that working solution doesn't show the editor in the same page as the directory. It will open another page.

And perhaps you wanted at some stage to prevent people from supplying any path and filename that they liked (in other words: the path and filename to any file on your server?)

I currently not concerned by that matter at the moment.

roy17

The message shows that you're trying to access a directory called "user_andrew" in the root of your drive (e.g. "C:\user_andrew\"). Is that correct?

No, user_andrew is located inside my webroot. I know this is a bad practice, but I just wanted to know whether it will work first.

user_andrew is the $_SESSION['folder']

echo"<input type=hidden name=filename value='"; 
$filename; 
echo "'> 
</form>";

I used the code above because I manage to get a working solution. However, this working solution produced a new window which is not as I wanted it to do. I wanted it to be in one window.

This is the working solution.

index.php

if ($handle = opendir('.\\'.$folder.'\cfile\\')) 
{
    while (false !== ($file = readdir($handle))) 
    {
        if ($file != ".." && $file != ".") 
        {	
	echo "<a href=scriptedit.php?path=.&filename=$file>$file</a><br />";
        }
    }
    closedir($handle);
}

scriptedit.php

<?php
$path=$_REQUEST['path'];
$filename=$_REQUEST['filename'];
?>
<html>
<head>
<title>Script example</title>
	<script language="Javascript" type="text/javascript" src="../edit_area/edit_area_full.js"></script>
	<script language="Javascript" type="text/javascript">
		// initialisation
		editAreaLoader.init({
			id: "content"	// id of the textarea to transform		
			,start_highlight: true	// if start with highlight
			,allow_resize: "both"
			,allow_toggle: true
			,word_wrap: true
			,language: "en"
			,syntax: "c"	
			,toolbar: "  save, |, search, go_to_line, |, undo, redo,"

		,save_callback: "my_save"
		});

	// callback functions
	function my_save(id, content){
	form1.content1.value=content;
	document.forms["form1"].submit();
			}


</script>
</head>
<body>
<textarea name=content id=content style="height: 700px; width: 780px;"><?php 
$script="edit";
if($filename!="scriptinclude.php"){
include "scriptinclude.php";
}
else{ echo "Scriptinclude may not be edited";}
?>
</textarea>
<form name=form1 method=post action=scriptupdate.php>
<table>
<tr><td><textarea name=content1 id=content1 style="height: 0px; width: 0px;">
</textarea></td></tr>
</table>
<input type=hidden name=path value='<?php echo $path;?>'>
<input type=hidden name=filename value='<?php echo $filename;?>'>
</form>
</body>
</html>

scriptinclude.php

<?php
session_start();
if($script=="edit")
{
    //$lines = file("../$path/upload/$filename");
    //$lines = file("$path/upload/$filename");
    $lines = file($path."/".$_SESSION['folder']."/cfile/".$filename);
	foreach($lines as $line)
	{
	echo str_replace("</textarea>","<textarea>",$line);
	}
}
else
    {
    $content= stripslashes(str_replace("<textarea>","</textarea>",$_REQUEST['content1']));
    }
?>

scriptupdate.php

<?php
session_start();
//chdir($_REQUEST['path']."/upload");
chdir($_REQUEST['path']."/".$_SESSION['folder']."/cfile");
$fp = fopen($_REQUEST['filename'], 'w');
include "scriptinclude.php";
fwrite($fp, $content);
fclose($fp);
//include 'vars.php';
header('Location: ../index.php');
?>

All of these script works from the functionality works as I wanted. It is just it is not in the same page. It open a new window.

where do you ever define the variables $script, $path, and $filename ?

Sorry, I am new to PHP. I though that

include "scriptinclude.php";

is just a link so that you don't have to write the code all over again. As I study authentication for the mysql database. Usually the mysql_connect..... always using include.
So, as all of them are linking to index.php. I don't have to define it again. May I know how to define it in the script include?

$filename does exist, it must have an empty/NULL value.

Yes, I notice it from the watch variable. That it didn't receive any value.
I believe it come from this part

$path=$_REQUEST['path']; 
$filename=$_REQUEST['filename'];

how can I obtain it the value for $filename?

Weedpacket

roy17 wrote:
Yes, I notice it from the watch variable. That it didn't receive any value.
I believe it come from this part
$path=$_REQUEST['path'];
$filename=$_REQUEST['filename'];

Yes, because $_REQUEST['filename'] is empty.

how can I obtain it the value for $filename?

Already explained: you're not putting the value for $filename in the hidden field.

bradgrafelman wrote:
echo"<input type=hidden name=filename value='";
$filename;
echo "'>
</form>";
might as well be written as this:
echo"<input type=hidden name=filename value='";
echo "'>
</form>";
since you aren't actually doing anything with $filename.

You might want to look at the HTML source your browser is receiving; you can learn things from that as well (like the fact that your hidden filename field has an empty value).