Hi,

I'm working on a complicated set of PHP scripts on my home machine at the moment. When at a friends house demonstrating one of them, I wanted to show him the source of a script. Sure, I could have SSH'ed in, but I couldn't be bothered - I needed a quick demo.

I thought it would be really nice to have a *.phps version of every *.php file I have in my webserver. I am not bothered about secret scripts being read by the public - there's a .htaccess password protection on the whole webserver directory, and the scripts aren't at all secret.

I thought of two possible solutions. The second best would be some kind of folder action or something which meant that every time a file named *.php was added to the webserver directory, a symbolic link to the file, named *.phps, was added to the same directory. This method would have to cope with file renaming, moved files and deleted files too - can't really see it working.

The better solution would be some Apache config trickery. I don't know if this is possible, but it would be great.

Would there be a way for Apache to accept an incoming request for *.phps (a file which doesn't exist), find instead the equivalent *.php (i.e. as per the standard Apache alias directive), but hand it to the x-httpd-php-source application rather than the usual x-httpd-php. This would be perfect for me, as it doesn't require any extra files, and the files and filenames would always be up-to-date. I read bits of the Apache manual yesterday, but couldn't quite see if this would be possible. I have CGI PHP too - maybe I could use that somehow?

Please DON'T worry about security for this - I'll sort that out when I have a solution!

This is so easy you're going to smack yourself for not thinking of it. Takes 2 minutes, works on any server and you even get nice colour syntax highlighting.

add the following to `phpsource.php` (or whatever name turns your crank) in your www folder:
<?php
highlight_file($file);
?>

Then call it with "http://www.mysite.com/phpsource.php?file=webpage.phtml"

As for security, if no one knows it's there they can't run it*, and passwords and such should be in a web-inaccessable include file.


*yes, obscurity is not to be depended upon.

:mad: :mad: :mad: :mad: :eek: :mad: :eek: :confused: :( :mad: :eek: :( :mad: :confused: :eek: :mad: :mad: :mad: :mad: :mad: :mad: :mad: :mad: :mad:

but now:

:D


Thank you. Why do I always have to try and be clever?

OK, well, it didn't last long.

Your solution is great, but, I want to stretch my Apache/PHP understanding a bit further.

Have a look at the first user comment here:
http://www.php.net/highlight_file

This sounds cool. I'd like to do it like that.

I did this:

Alias /source/ "/Library/WebServer/Documents/"

in the aliases section of httpd.conf, and:

<LocationMatch "^/source/.*?\.(php|inc)$">
ForceType application/x-httpd-php-source
</LocationMatch>

At the bottom of the file.

Doesn't work yet - what did I do wrong? The alias works OK (i.e. a php file with a /source/ prefix loads OK) but the php is still being parsed. The LocationMatch bit is obviously wrong, or in the wrong place or something.

Thanks!

I think it's the regexp which is wrong.

If I put:
<LocationMatch "^/source/">

it works OK. I might leave it like that, unless anyone has a suggestion?

the script at php.net does basically the same thing as my code, but is more restrictive about filetypes and has to jump through more hoops to get the filename.

Kudos for wanting to explore the Apache/PHP relationship more, but tweaking your server 9 ways from sunday has the following problems:

1) only works on YOUR server. Won't port to other servers or shared hosting.

2) usually breaks at the next upgrade.

3) can create unknown security issues that become apparent only when someone else's site replaces your own.

4 ) consumes staggering amounts of valuable time.