Running PHP from HTML

[stackdump]

Hi all, Im not an expert on PHP so I apologize if this turns out to be a dumb question.

I want ro run a PHP script from an HTML page. I cannot use an htaccess file to parse HTML as PHP since the ISP forbids it.

So...I made a test HTML file and tried doing;

<script src="my.php"></script>

Inside the php file I put

<?php
echo 'PHP file';
?>

when I load the page, it doesnt get executed.

What am I doing wrong?

 

[sleipnir214]

The <script> tag runs code on the client-side (at the browser). PHP does not run on the client, but rather on the server.

Why can you not simply create a .php file which is your script then point your browser to that script? Or does your ISP not make PHP available on the server?

Want the best answers? Ask the best questions!

TANSTAAFL!!

 

[stackdump]

I can run php scripts in files with the php extension. The problem is that if I want to add the php script into all of the html files for the site, I need to change every file name and also change all the links within those files for the whole site.

Since I cant use the htaccess file, Im trying to see if there is some devious way around this.

 

[sleipnir214]

Well, the <SCRIPT> tag certainly isn't it.

If your ISP doesn't allow you to use .htaccess files, there is nothing you can do other than change files.

Want the best answers? Ask the best questions!

TANSTAAFL!!

 

[stackdump]

Maybe, but from what you said earlier I think the easier solution might be to rewrite the script in a client side language. Just means I need to learn a new language, but thats fine.

 

[Vragabond]

While php manual lists <script> as an option to enclose php code, you need to understand that script in this case is preprocessed tag as well and works similarly to <?php ... ?>. This means that the file where script is included must be set up for parsing php blocks.

If your script does not output anything, you could opt for an invisible picture on your site. <img> tag is a replaced element, meaning that it loads something else in place of the original tag. If your php script needs only to process information, you could call it from the <img> tag.

As for your solution, I would reconsider. Firstly, there's a lot of stuff you cannot do via client-side scripting plus there's always the problem of users that turn off client-side scripting. I guess if we knew what you want, we could give you better suggestions if client side is possible and recommended.

 

[stackdump]

ok.

I am fixing an e-commerce site (it's actually for company product specifications which can only be accessed after registering, no money is involved). During registration a database is updated with members details. My boss wants me to exclude certain members and thus limit access for many html pages to registered members only.

To do this I have a legacy PHP script from the original coder, which compares the currently logged in user against the database and gives me a 1 or 0 as to whether access should be allowed. So my idea was to invoke this in each html page and continue or jump out as necessary.

Problem is that since I cannot use htaccess, if I want to change all of the files to php extension, I have to rename a huge number of files and carefully update hundreds of links.

Of course, I would love to rewrite all of this since technology has moved on, but time is against me and a quick solution is needed. I have also had various arguments with the hosting company about allowing overrides to permit use of htaccess. They wont move on this for various historical reasons.

 

[trollacious]

Renaming files should be pretty simple from a command prompt or with a batch file. As far as changing links on pages, opening all the files in a good text editor (Textpad works well for this) and doing a search and replace on all documents opened shouldn't take all that long. I did this kind recently changing from .htm to .asp extensions, including converting some client-side scripts to server-side. Getting the nearly 2000 pages changed over wasn't bad, and the roughest part was converting the scripting to make it all work as smoothly as it did all client side.

Once you get things converted, you can revise the HTML and create segments of a page that are the same on many pages, then just include that into each relevant set of pages to make updating easier in the future.

It'll make things MUCH easier in the long run if you take the time now to make the conversion.

Lee

 

[vacunita]

Have You tried using a iframe?, It is not nice alternative, but it should work. Crete a page with a singe iframe into which you call the web site files, and from outside the iframe run the php script. That way you only need to create one file and al the links in the pages remain intact.

So you check the logged in user and if it is valid yu chnge the url of the iframe to reflect the page. if not then you change the url to a "Sorry access is denied" page.

It will take a bit of programming, but should be simpler than learning a new language.

Hope this helps.

----------------------------------
Ignorance is not necessarily Bliss, case in point:
Unknown has caused an Unknown Error on Unknown and must be shutdown to prevent damage to Unknown.

 

[Vragabond]

What you want to do, shouldn't be done via client-side code, since that would be just superficial security. Anyone that actually wanted to see the protected pages could just do a view source and see what the pages were checking to let you in.

The same problem you would experience using vacunita's suggestion. The solution is only superficial, while if anyone wanted to see the pages, they would just load all html files without the embracing php page and that would be that.

 

[vacunita]

Well yes but since the calling page is generated via PHP. You get nothing in th source but a page with an iframe pointing to some html file. And unless the login is valid, all you are going to get is an Access denied page. Not Saying it's the most secure method, but is definetly better than doing it client-side where you run the risk of the client not having the scripting language turned on.

Changing the files to php is simple, it's going into each one and altering every single link that is going to take time. You could try some text editor with search and replace function, and look for anything that ends with .html or .htm and replace it with .php However, seeing as it is an e-commerce site, there might be some links generated dinamically, that wont show up until the page is displayed.

So to sum up, I think that any viable solution with a certain degree of security is going to take time. Learning a new language is definetly going to take more time than checking links, and replacing file extensions.

----------------------------------
Ignorance is not necessarily Bliss, case in point:
Unknown has caused an Unknown Error on Unknown and must be shutdown to prevent damage to Unknown.

 

[stackdump]

ok, I like the suggestions, thanks for your comments.

I do face one other problem (you'll hate this...), on the website there are pages called ProductXYZ.html and corresponding pages called ProductXYZ.php. So renaming is not straight forward.

I think the best thing I can do is work out some kind of a renaming scheme, maybe using a simple table, and then write some conversion code that parses each file on the site to make organized changes. I think I can do this quite quickly, I have worked out an algorithm that should work.

If he/she were still around I would like to "cause injury" to the original coder. Everything I am faced with has been caused by a badly thought out implementation and is a really good example of how not to build a site! I hate repairing legacy stuff...

Never mind, I always seem to get it done one way or another, but it looks like a few late nights for me this week...

 

[stackdump]

I need to work out a verification strategy for this too. I forgot to ask, but is there such a thing as a website "integrity" checker? e.g. something that can hunt around and weed out broken links?