CODEWITHSUNDEEP
phpstring
StarFox
StarFox

Reputation: 141

String parsing error (multilines & variables)

I am making an install script for a website I'm working on, I'm having troubles making the scripts that generates the config.php file. Here is how I'm generating the string for the config file:

<?php
if (file_exists("config.php")) {
    header("Location: index.php");
} else {
    if (isset($_POST['smtp_password'])) {
        if (!($configFile = fopen("config.php", "c"))) {
            print("ERROR: Cannot write in this directory!");
            exit();
        }
$config = <<<EOT
<?php
    $_AMCFG['login_dir']        = '{$_POST['login_dir']}'; /* LINE 12 */
    $_AMCFG['server_key']       = '{$_POST['server_key']}';
    $_AMCFG['host']             = '{$_POST['host']}';
    $_AMCFG['database']         = '{$_POST['database']}';
    $_AMCFG['user']             = '{$_POST['user']}';
    $_AMCFG['password']         = '{$_POST['password']}';
    $_AMCFG['smtp_name']        = '{$_POST['smtp_name']}';
    $_AMCFG['smtp_mail']        = '{$_POST['smtp_mail']}';
    $_AMCFG['smtp_host']        = '{$_POST['smtp_host']}';
    $_AMCFG['smtp_port']        = {$_POST['smtp_port']};
    $_AMCFG['smtp_user']        = '{$_POST['smtp_user']}';
    $_AMCFG['smtp_password']    = '{$_POST['smtp_password']}';
?>
EOT;

        fwrite($configFile, $config);
        $db = mysqli_connect($_POST['host'], $_POST['user'], $_POST['password']);
        mysqli_select_db($db, $_POST['database']);
        $sqlFile = file_get_contents("install.sql");
        mysqli_multi_query($sqlFile);
        mysqli_query($db, "INSERT INTO admins (steamid, name, mail, disabled, superadmin) VALUES (\"".escape($_POST['admin_steamid'])."\", \"".escape($_POST['admin_name'])."\", \"".escape($_POST['admin_email'])."\", 0, 1)");
    }
}
?>

And here is the error I get in return: (line #12)

Parse error: syntax error, unexpected '' (T_ENCAPSED_AND_WHITESPACE), expecting identifier (T_STRING) or variable (T_VARIABLE) or number (T_NUM_STRING)

What am I doing wrong?

Upvotes: 2

Views: 130

Answers (4)

Funk Forty Niner
Funk Forty Niner

Reputation: 74220

Here is my contribution to this question, whether this is the expected results, see the results below.

<?php
$config = "<?php\n\n";
$config .= '$_AMCFG[\'login_dir\']'     . " = " . '$_POST[\'login_dir\']' . ";\n";
$config .= '$_AMCFG[\'server_key\']'    . " = " . '$_POST[\'server_key\']' . ";\n\n";
$config .= '$_AMCFG[\'host\']'          . " = " . '$_POST[\'host\']' . ";\n";
$config .= '$_AMCFG[\'database\']'      . " = " . '$_POST[\'database\']' . ";\n";
$config .= '$_AMCFG[\'user\']'          . " = " . '$_POST[\'user\']' . ";\n";
$config .= '$_AMCFG[\'password\']'      . " = " . '$_POST[\'password\']' . ";\n\n";
$config .= '$_AMCFG[\'smtp_name\']'     . " = " . '$_POST[\'smtp_name\']' . ";\n";
$config .= '$_AMCFG[\'smtp_mail\']'     . " = " . '$_POST[\'smtp_mail\']' . ";\n";
$config .= '$_AMCFG[\'smtp_host\']'     . " = " . '$_POST[\'smtp_host\']' . ";\n";
$config .= '$_AMCFG[\'smtp_port\']'     . " = " . '$_POST[\'smtp_port\']' . ";\n";
$config .= '$_AMCFG[\'smtp_user\']'     . " = " . '$_POST[\'smtp_user\']' . ";\n";
$config .= '$_AMCFG[\'smtp_password\']' . " = " . '$_POST[\'smtp_password\']' . ";\n\n";
$config .= "?>";

echo $config;

Which in HTML source echo'd:

<?php

$_AMCFG['login_dir'] = $_POST['login_dir'];
$_AMCFG['server_key'] = $_POST['server_key'];

$_AMCFG['host'] = $_POST['host'];
$_AMCFG['database'] = $_POST['database'];
$_AMCFG['user'] = $_POST['user'];
$_AMCFG['password'] = $_POST['password'];

$_AMCFG['smtp_name'] = $_POST['smtp_name'];
$_AMCFG['smtp_mail'] = $_POST['smtp_mail'];
$_AMCFG['smtp_host'] = $_POST['smtp_host'];
$_AMCFG['smtp_port'] = $_POST['smtp_port'];
$_AMCFG['smtp_user'] = $_POST['smtp_user'];
$_AMCFG['smtp_password'] = $_POST['smtp_password'];

?>

Upvotes: 1

Jonathan M
Jonathan M

Reputation: 17451

You've got two instances of <?php in your code. You only need the first one.

The second one, intended for the output file, needs to be escaped.

$config = <<<EOT
\x3C?php

The old version with two instances was confusing the php parser.

Upvotes: 0

Mike Brant
Mike Brant

Reputation: 71424

I think your problem is in using double quotes in first part of each line. You are trying to interpolate a value for $_AMCFG[*] when that is supposed to be just a literal string.

Try using single quotes around that part like this:

$config .= '    $_AMCFG['login_dir']        = \''.$_POST['login_dir']."';\n";

Alternately, can I suggest heredoc syntax for this? That would look like:

$config = <<<EOT
<?php
    $_AMCFG['login_dir']        = '{$_POST['login_dir']}';
    $_AMCFG['server_key']       = '{$_POST['server_key']}';
    ...
    $_AMCFG['smtp_password']    = '{$_POST['smtp_password']}';
?>
EOT;

Much cleaner. In fact, you could develop that config as a separate PHP file and just cut/paste it into place.

Upvotes: 0

manix
manix

Reputation: 14747

$config .= "    $_AMCFG['smtp_port']        = ".$_POST['smtp_port'].";\n";

Should be:

$config .= "    $_AMCFG['smtp_port']        = '".$_POST['smtp_port'].";\n";

I suppose that this code fails when is "evaled".

Upvotes: 0

Related Questions