PHP question

[chris_uk_83]

Sorry for the multitude of posts today but I'm being quite busy and productive!

I'm in the process of teaching myself PHP from online resources I can find, and I have a pretty basic question.

What's the benefit of using the $_POST or $_GET variables over the $_REQUEST one, which will get the data from either method?

It seems to me that $_REQUEST makes the other two redundant.

[chris_uk_83]

Here's another:

When you're writing to a file using fwrite() or fputs(), how do you make it go on to the next line? /n and <br/> won't work.

[Simetrical]

1) You might not want to accept GET data. For instance, logout links in some software require some kind of POST parameter so people annoy people by getting them to click on logout links. There's no particular reason to accept GET instead of POST or vice versa anyway, assuming you know which kind of submission your application actually generates.

2) You want "\n". Note both direction of slash, and the use of double rather than single quotes. The contents of single quotes are treated as absolutely literal with the exception of backslashes (must be escaped as \\) and single quotes (obviously must be escaped as \'). For fancier stuff, like special characters or the ever-convenient variable interpolation, you need double quotes. Heredoc also works, of course. For details, see the explanation of strings in the PHP manual. Note that if you're writing to HTML, linebreaks will show up in the source but not in the rendered content, outside of whitespace-preserved areas like <pre>. You have to use <br /> or <p>...</p> or such there.

[chris_uk_83]

Haha, that was a stupid mistake on my part, I had the slash backwards!

I have yet another question if anybody fancies answering it.

I'd like to make a kind of login type thing for a website I host. Basically I want to force somebody to type their name in (whether it be real or not, I just want them to type something), before being redirected to my download page.

I thought I could do this using filters, but my ISP's CGI server only supports PHP version 4.3.10 (I think) and filters only come in on version 5. Does anyone know any other way to do this?

[kshcshbash]

Do you have access to a mySQL database?
You could always just stick the name in a text file...
catch me on MSN like...now for personalized help ;-)

[Simetrical]

Filters are unnecessary for such a simple thing. What you want to do is, ideally, to use a rewrite rule along the lines of

RewriteRule ^/path/to/folder/(.*)$ /path/to/script/script.php?file=$1

So if the files you want to restrict access to are in /myfiles/ and your script is in /myscripts/accessctl.php, something like

RewriteRule ^/myfiles/(.*)$ /myscripts/accessctl.php?file=$1

should do the trick. That's for Apache, other servers will vary. You can drop it in a .htaccess file if that's enabled. But this will (if I haven't screwed up the black magic of RewriteRules) make all attempts to access your files from the Internet be sent to this script instead.

Your script might look something like this:

PHP Code:

<?php

// This is the path to my files from this script
define( 'DIRPATH', '../myfiles/' );

// Remove anything including a slash before the filename, to avoid access
// to arbitrary files (note that as written this will prevent access to
// subdirectories too)
$filename = preg_replace( '!^.*/!', '$1', $_REQUEST['file'] );

if( $_REQUEST['name'] ) {
  $fileexists = file_exists( DIRPATH . $filename );
  // Write out the name to your records and provide the file . . . this I leave
  // as an exercise because I've gotten bored of coding
} else {
  // Present a handy little form
  $encodedfilename = urlencode($filename);
  // The name of this file.  Probably a better way to get it somehow
  $scriptname = preg_replace( '!^.*/!', '$1', __FILE__ );

  echo <<< HTML
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html dir="ltr" lang="en">
<head>
  <title>Confirmation form</title>
</head>
<body>
  <p>Please enter your name for my records.</p>
  <form action="$scriptname?file=$encodedfilename" method="get">
    <input type="text" name="name" value="Your name here" tabindex="1" />
  </form>
</body>
</html>
HTML;
}

I haven't tested this at all, so it may fail horribly, but perhaps I've given you a starting point. Good luck, and feel free to ask any further questions.