How to @include() my secret file without error text (when there's no file) but with error text if any error is in this file?
Question
$admpage=md5($_SERVER[DOCUMENT_ROOT]).'.php';
if(!@include($admpage)){echo "error opening Adminpage";}
So, in case there's no such file there should be error error opening Adminpage .
But if in included file IS error in code, it shows nothing.
In other words, I need to turn off errors reporting while including, but turn them on while executing included file.
PS
I tried eval() but that is much worse then @include()
PPS
I need to include any files, but if error (while encluding or executing), then show error but never show filename
3 answers
solution1
2 ACCPTED 2013-09-29 13:40:28
It seems, your goal is to suppress error messages from including a non-existent file.
This is how you could do this:
$old = ini_set('display_errors', 0); // Do not show errors to client
$fileExists = file_exists($someFile) && is_readable($someFile);
ini_set('display_errors', $old); // Restore old value
if (!$fileExists)
die('Error opening admin page');
include($someFile);
Why the many steps?
file_exists and also is_readable will print error messages on certain conditions: there could be a safe_mode or open_basedir restriction issue (not everyone uses PHP 5.3 already). The server might also run with suPHP which will make a file unreadable, too.
Why is it wrong?
Your concept : Relying on an obscured file's name for pseudo-authentication is called "security by obscurity". For example, anyone with access to your browser history would know the URL. This isn't very safe...
My answer : Simply turning off display_errors is as safe as setting error_reporing to zero: simply not. Eg: once a custom error handler is being installed, both these settings are "ignored". It is the custom error handler's responsibility to check these values accordingly.
You might consider using different php.ini settings for both your production and development environment. The first should ideally show no error messages whatsoever, whereas the the latter should spill all of them.
Read up on:
solution2
0 2013-09-29 13:14:41
What's about file_exists ?
if(!file_exists($admpage)){echo "error opening Adminpage";}
If you really want to just turn off error reporting while including like this: @include("script.php"); then wrap the code in the file in a function, eg myFunc() and then call that after the include.
solution3
0 2013-09-29 13:16:42
Only include when the file does exist using:
if (file_exists($admpage) && is_readable($admpage)) {
include($admpage);
}
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.