0
Hi have this code to manage my main page.
Everything works fine on my local server at home,i'm using easyphp.
But on my webhosting server i got this error:

Warning: scandir(D:\Hosting\12067690\html/,D:\Hosting\12067690\html/) [function.scandir]: Access is denied. (code: 5) in D:\Hosting\12067690\html\index_menu.php on line 65

Any ideas?
thank you in advance.

<?php
          $dir = $_SERVER['DOCUMENT_ROOT'].stripslashes(dirname($_SERVER['PHP_SELF'])).'/';

            if(!empty($_GET['p'])){

                $pages = scandir($dir, 0);
                unset($pages[0], $pages[1]);

                $p = $_GET['p'];

                if (in_array($p.'.htm', $pages)){
                    include($dir.'/'.$p.'.htm');
                }else{
                echo 'Sorry, page introuvable';                     
                }
            }else{
                include($dir.'/enter_index01.htm');
            }
        ?>

Edited by madmax9922

4
Contributors
7
Replies
63
Views
2 Years
Discussion Span
Last Post by broj1
1

Sounds like a permissions issue.You don't have the rights to access the file. You can check this with the is_readable('/location/') function.

0

Thank you. i would like to know how i'm suppose to do that proprely in my code. how i can give access to my folder to read those files. localy i don't have to do that.
Thanks.

1

You could make it simpler by using file_exists instead of using all the scandir stuff:

$p = $_GET['p']; // WARNING: sanitize this before using it in production app

if (file_exists($dir.'/'.$p.'.htm')){
    include($dir.'/'.$p.'.htm');
} else {
    echo 'Sorry, page introuvable';
}

And sanitize user input (such as limiting it to certain path, whitelisting etc).

1

sanitizing your code:

$p = $_GET['p'];
$new_p = filter_var($p, FILTER_SANITIZE_STRING);

for example

this is input of the user that has html codes
$p = <h1>Hello</h1>

this is the one sanitized it will remove all unwanted characters
$new_p = Hello

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.