PHP Include not working! :(

PHP
1

On

www.animeomnitude.com

I have an include in the content area which is

<?php
/*
   Inklude v2.3
   By:        Kage (Alex)
   E-Mail:    Kage@DBZSC.com
   URL:       http://www.dbzsc.com/?dbzsc=phpinclude
   Copyright: © 2002-2005 Kage (Alex), All Rights Reserved.
*/

// Settings:

$abspath = ".";
// Set the above to your absolute path.  _DO NOT_ include a trailing slash.
// You can leave it as "." and it should work just fine.

$extension = "php";
// The extention of included files.  It is STRONGLY recommended you use a unique extension
// that will be used by NO other files except include files.  _DO NOT_ include a dot.
// It is also STRONGLY recommended that you absolutely DO NOT use PHP as include extentions.

$defaultfile = "";
// This is the default file that is called should no query be provided.  You MUST include the
// extension, however, _DO NO_ include the absolute path, that's already added by what you
// provided in $abspath.

$errorfile = "404.shtml";
// This is the error file included should someone provide a nonexistant query.  You MUST
// include the extension, however, _DO NO_ include the absolute path, that's already added
// by what you provided in $abspath.

$query = "page";
// This is the query used when calling include pages.
// Ex: main.php?id=blah -- id is the query

// End User Serviceable Parts

clearstatcache();
$includestring = "";
$mainpage = urldecode($$query);
$mainstring = $abspath."/".$mainpage.".".$extension;
if (!$mainpage) {
  $includestring = $abspath."/".$defaultfile;
} elseif (ereg("\\.\\.", $mainpage) || substr($mainpage,0,2) == "./" || substr($mainpage,0,3) == 

"../") {
  die("Screw off.");
} else {
  if (file_exists($mainstring) && is_file($mainstring)) {
   $includestring = $mainstring;
  } else {
   $includestring = $abspath."/".$errorfile;
  }
}
@include($includestring);
// End Of Inklude
?>

However when you try to click a link on the side it doesn’t load it up. Can anyone help me?

Cheers

2 
$extension = "php";

// The extention of included files.  It is STRONGLY recommended you use a unique extension
// that will be used by NO other files except include files.  _DO NOT_ include a dot.
// It is also STRONGLY recommended that you absolutely DO NOT use PHP as include extentions.

You are playing with fire here, and you should not be doing this without completely understanding all the risks you are taking then checking that this library’s security is up to scratch.

That said, to find out more about why it is failing get rid of the error suppression @ character on the last but one line and check your error messages, either by turning error reporting on ( on your development machine only!! ) or looking in your error log files.

3

Okay. I’ve played around with the abs path still nothing. What’s weird is that this used to work fine a year ago.

4

The comments tell you not to use .php files.

I’d be more careful of Path Traversal attacks to retrieve password files etc.

If you cannot satisfy yourself that this library protects you from this kind of attack, then you should not be using it.

Maybe you should be looking at playing with the abspath variable if it just items in a particular folder which are playing you up, or, just move things out of the folder?

5

Okay. I’ve been using this include for years and I don’t know what it doesn’t work anymore. I may possibly move back to .html extensions once I get it working again. Could you tell me the security issues here and how it could be exploited?

My current index.php is here

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<!-- <!DOCTYPE html 
     PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
     "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> -->
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta name="generator" content="HTML Tidy for Linux (vers 6 November 2007), see www.w3.org" />
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Anime Omnitude :: Anime with attitude Naruto,Bleach, Soul Eater, One Piece, Avatar, 

Highschool of the dead, Code Geass, Eyeshield 21</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta content="watch anime online naruto,bleach, naruto anime, bleach 306, direct anime episode, 

code geass, highschool of the dead, direct anime episodes, anime, johnny bosch, johnny bosch 

interview, bleach cast interview, bleach english dub, steve prince, steve prince interview, animes, 

naruto 196, naruto 195, naruto 317, one piece 447, naruto 43, naruto 386, bleach 157, bleach 92, 

naruto 316, naruto episode 197, rmvb, episode, myspace layout, anime myspace layout, anime layout, 

naruto episode 195, naruto episode 196, bleach episode 92, bleach manga, naruto manga,avatar, 

avatar: the last airbender, avatar screen captures, avatar screen caps, screen captures, 

nickelodeon avatar, avatar pictures, prince zuko, aang, katara, sokka, momo, appa, uncle iroh, 

admiral zhao, fire lord ozai, the boy in the iceberg, the avatar returns, the southern air temple, 

warriors of kyoshi, king of omashu, imprisoned, winter solstice part 1, ther spirit world, winter 

solstice part 2, avatar roku, the waterbending scroll, jet, the great divide, the storm, the blue 

spirit, the fortuneteller, bato of the water tribe, the deserter, the northern air temple, the 

waterbending master, the siege of the north, the avatar state, the cave of two lovers, return to 

omashu, the swamp, firebending, airbending, earthbending, waterbending, avatar portal, the avatar 

portal, fan video, fan vids, fan videos, fan fiction, avatards, avatar sigs, avatar fan signitures, 

littlerain, little rain, Beastie, sam, characters, kataang, zutara, avatar forum, top site, avatar 

fan site, images, icons, biographies, bios, inforamtion, fan site, streams bleach anime" 

name="keywords" />
<meta content="849b9781784f195c" name="y_key" />
<meta content="The most down to earth source of free anime we offer anime episodes, manga chapters 

reviews and documentation on popular shonen anime such as Naruto and Bleach" name="description" />
<link type="image/x-icon" rel="shortcut icon" href="favicon.png" />
<link media="screen" type="text/css" rel="stylesheet" href="style.css" />
<link href="style.css" rel="stylesheet" type="text/css" media="screen" />
</head>
<body>
<div id="container">
<div id="topnav">
<ul>
<li><a href="">Home</a></li>
<li><a href="forums/index.php?act=Login&amp;CODE=00">Sign In</a></li>
<li><a href="forums/index.php?act=Reg&amp;CODE=00">Register</a></li>
<li><a href="#">Forums</a></li>
</ul>
</div>
<div id="header"><a href="#"></a></div>
<div id="headlinenews"></div>
<div id="nav">
<ul>
<li id="li_accountpanel">
<ul>
<li><a href="#">Login</a></li>
<li><a href="#">Register</a></li>
<li><a href="#">Visit the Forums!</a></li>
</ul>
</li>
<li id="li_main">
<ul>
<li><a href="#">Frontpage</a></li>
<li><a href="?page=content/main/history">About Us</a></li>
<li><a href="?page=content/main/contact_us">Contact</a></li>
<li><a href="?page=content/main/feedback">Feedback</a></li>
<li><a href="forums">Forums</a></li>
</ul>
</li>
<li id="li_information">
<ul>
<li><a href="?page=content/reviews/finalfantasyadventchildren/finalfantasyadventchildren">Advent 

Childen</a></li>
<li><a href="?page=content/reviews/beck/beck">Beck</a></li>
<li><a href="?page=content/reviews/bleach/bleach">Bleach</a></li>
<li><a href="?page=content/reviews/chobits/chobits">Chobits</a></li>
<li><a href="?page=content/reviews/cowboybebop/cowboybebop">Cowboy Bebop</a></li>
<li><a href="?page=content/reviews/dragonball/dragonball">Dragonball</a></li>
<li><a href="?page=content/reviews/dragonballz/dragonballz">Dragonball Z</a></li>
<li><a href="?page=content/reviews/dragonballgt/dragonballgt">Dragonball GT</a></li>
<li><a href="?page=content/reviews/elfenlied/elfenlied">Elfen Lied</a></li>
<li><a href="?page=content/reviews/fullmetalpanic/fullmetalpanic">Full Metal Panic</a></li>
<li><a href="?page=content/reviews/fullmetalalchemist/fullmetalalchemist">Full Metal 

Alchemist</a></li>
<li><a href="?page=content/reviews/gitssac1stgig/gitssac1stgig">GITS</a></li>
<li><a href="?page=content/reviews/hellsing/hellsing">Hellsing</a></li>
<li><a href="?page=content/reviews/kanon/kanon">Kanon</a></li>
<li><a href="?page=content/reviews/lovehina/lovehina">Love Hina</a></li>
<li><a href="?page=content/reviews/naruto/naruto">Naruto</a></li>
<li><a href="?page=content/narutoshipuuden/Naruto_Shipuuden">Naruto Shipuuden</a></li>
<li><a href="?page=content/narutoshippuuden/Naruto_Shippuuden">Naruto Shippuuden</a></li>
<li><a href="?page=content/movies/narutomovie4/naruto-the-movie-4">Naruto Movie 4</a></li>
<li><a href="?page=content/movies/narutomovie4/naruto-shippuden-the-movie">Naruto Movie 4</a></li>
<li><a href="?page=content/reviews/outlawstar/outlawstar">Outlaw Star</a></li>
<li><a href="?page=content/reviews/rurounikenshin/kenshin">Rurouni Kenshin</a></li>
<li><a href="?page=content/reviews/saiyuki/saiyukireview">Saiyuki</a></li>
<li><a href="?page=content/reviews/saiyukireloadgunlock/saiyukireloadgunlock">Saiyuki Reload 

Gunlock</a></li>
<li><a href="?page=content/reviews/samuraideeperkyo/samuraideeperkyo">Samurai Deeper Kyo</a></li>
<li><a href="?page=content/reviews/scryed/scryed">Scryed</a></li>
<li><a href="?page=content/reviews/trigun/trigun">Trigun</a></li>
<li><a href="?page=content/reviews/whistle/whistle">Whistle</a></li>
<li><a href="?page=content/interviews/johnnybosch/johnnybosch">Johnny Bosch</a></li>
<li><a href="?page=content/interviews/michelleruff/michelleruff">Michelle Ruff</a></li>
<li><a href="?page=content/interviews/stephaniesheh/stephaniesheh">Stephanie Sheh</a></li>
<li><a href="?page=content/interviews/steveprince/steveprince">Steve Prince</a></li>
</ul>
</li>
</ul>
<ul>
<li id="li_media">
<ul>
<li><a href="?page=media/anime/animeepisodes">Anime Downloads</a></li>
<li><a href="?page=media/manga/mangascans">Manga Downloads</a></li>
<li><a href="?page=media/animedvdguide">Anime DVDs</a></li>
<li><a href="?page=myspace/anime-myspace-layouts">Anime Bittorents</a></li>
<li><a href="?page=media/ost/osts">Anime Music Downloads</a></li>
<li><a href="?page=media/movies/animemovies">Anime Movies</a></li>
<li><a href="?page=media/roms/animeroms">Anime Roms</a></li>
<li><a href="?page=myspace/anime-myspace-layouts">MySpace Layouts</a></li>
<li><a href="#">Caring for your manga</a></li>
<li><a href="?page=content/jplessons/japaneselessons">Japanese Lessons</a></li>
</ul>
</li>
<li id="li_fanarea">
<ul>
<li><a href="?page=content/fan/amvs">Anime Music Videos</a></li>
<li><a href="?page=content/fan/animefanfiction">Anime Fan Fiction</a></li>
</ul>
</li>
<form method="post" action="https://www.paypal.com/cgi-bin/webscr"><input value="_s-xclick" 

name="cmd" type="hidden" /><input alt="Make payments with PayPal - it's fast, free and secure!" 

name="submit" src="https://www.paypal.com/en_US/i/btn/btn_donate_LG.gif" type="image" /><img alt="" 

src="https://www.paypal.com/en_US/i/scr/pixel.gif" width="1" border="0" height="1" /> <input 

value="-----BEGIN PKCS7-----

MIIHVwYJKoZIhvcNAQcEoIIHSDCCB0QCAQExggEwMIIBLAIBADCBlDCBjjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAY

DVQQHEw1Nb3VudGFpbiBWaWV3MRQwEgYDVQQKEwtQYXlQYWwgSW5jLjETMBEGA1UECxQKbGl2ZV9jZXJ0czERMA8GA1UEAxQIbG

l2ZV9hcGkxHDAaBgkqhkiG9w0BCQEWDXJlQHBheXBhbC5jb20CAQAwDQYJKoZIhvcNAQEBBQAEgYAz4/2m1DP1Za7jMOrbG802P

S1Mq+fdtkGErrDcrv1NM8PCa3fT8ji3nYQYXtV2sWokiqHOx9OiJyg6cUB9Ls6zTDoPGWFkyXFPX8rbejZRA6reYTt62qnCLWBC

p+b7bKZanae8pA49dq/gaFOsRZrtj1rLVaEIUKLbfWxZhPioMDELMAkGBSsOAwIaBQAwgdQGCSqGSIb3DQEHATAUBggqhkiG9w0

DBwQI6KvctowlblWAgbA20y5DFKiO/jFIaAkF4nP5ixWpwXlFswwfn8dQSfG/1gaVbg1K3BHHdmKXqilx5nLgmJxiwIa5CMCPDU

SpN59NviD/oIgM+gfV8UPKTa0AjWwwxjqZJwM5amMKf2tGZmVYU99uDpkcWIp0zSe7Z8E+7ZRkBq3yjlTPARKuc62ANlqiFtfLI

E+kSB1ao3yv439qCiqByr9jWiWxao8rmbEzJ4xjJC2j8ufgouCqY3s6d6CCA4cwggODMIIC7KADAgECAgEAMA0GCSqGSIb3DQEB

BQUAMIGOMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExFjAUBgNVBAcTDU1vdW50YWluIFZpZXcxFDASBgNVBAoTC1BheVBhbCB

JbmMuMRMwEQYDVQQLFApsaXZlX2NlcnRzMREwDwYDVQQDFAhsaXZlX2FwaTEcMBoGCSqGSIb3DQEJARYNcmVAcGF5cGFsLmNvbT

AeFw0wNDAyMTMxMDEzMTVaFw0zNTAyMTMxMDEzMTVaMIGOMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExFjAUBgNVBAcTDU1vd

W50YWluIFZpZXcxFDASBgNVBAoTC1BheVBhbCBJbmMuMRMwEQYDVQQLFApsaXZlX2NlcnRzMREwDwYDVQQDFAhsaXZlX2FwaTEc

MBoGCSqGSIb3DQEJARYNcmVAcGF5cGFsLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAwUdO3fxEzEtcnI7ZKZL412X

vZPugoni7i7D7prCe0AtaHTc97CYgm7NsAtJyxNLixmhLV8pyIEaiHXWAh8fPKW+R017+EmXrr9EaquPmsVvTywAAE1PMNOKqo2

kl4Gxiz9zZqIajOm1fZGWcGS0f5JQ2kBqNbvbg2/Za+GJ/qwUCAwEAAaOB7jCB6zAdBgNVHQ4EFgQUlp98u8ZvF71ZP1LXChvsE

NZklGswgbsGA1UdIwSBszCBsIAUlp98u8ZvF71ZP1LXChvsENZklGuhgZSkgZEwgY4xCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJD

QTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEUMBIGA1UEChMLUGF5UGFsIEluYy4xEzARBgNVBAsUCmxpdmVfY2VydHMxETAPBgN

VBAMUCGxpdmVfYXBpMRwwGgYJKoZIhvcNAQkBFg1yZUBwYXlwYWwuY29tggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQ

ADgYEAgV86VpqAWuXvX6Oro4qJ1tYVIT5DgWpE692Ag422H7yRIr/9j/iKG4Thia/Oflx4TdL+IFJBAyPK9v6zZNZtBgPBynXb0

48hsP16l2vi0k5Q2JKiPDsEfBhGI+HnxLXEaUWAcVfCsQFvd2A1sxRr67ip5y2wwBelUecP3AjJ+YcxggGaMIIBlgIBATCBlDCB

jjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRQwEgYDVQQKEwtQYXlQYWwgSW5jLjE

TMBEGA1UECxQKbGl2ZV9jZXJ0czERMA8GA1UEAxQIbGl2ZV9hcGkxHDAaBgkqhkiG9w0BCQEWDXJlQHBheXBhbC5jb20CAQAwCQ

YFKw4DAhoFAKBdMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTA4MDExOTIzMDMxNFowIwYJKoZIh

vcNAQkEMRYEFHapdR1hpHuCjX5LGhZ52uNY3xIlMA0GCSqGSIb3DQEBAQUABIGAX8Ks8bBkI3yavmoZ6qaE3+6kp4zicOot14PF

IbZtZ+2s2C3hciBnSYtx0mqfDwuxPT1W1jA6dyJP6VY/814rXx251wqtWSnRguzs/kaVVpc8H705f9G63BxI8mD0D/AHnKiOaIw

6GTdnI3agD1KGQjvfy9XO+cdA39GPfoOEB5Q=-----END PKCS7----- " name="encrypted" type="hidden" 

/>_donators">
<ul>
<li><a href="#">None</a></li>
<li>





</form>
</li>
</ul>
</li>
<li id="li_partners">
<ul>
<li><a href="http://anime-wallpapers.com">Anime Wallpapers</a></li>
<li><a href="http://www.animebreaker.com/">Anime Breaker</a></li>
<li><a href="http://www.cyber12.com">Cyber12</a></li>
</ul>
</li>
</ul>
</div>
<div id="maincontent">
<div class="latest" id="latestanime"><img src="images/test.gif" alt="Latest Anime Picture" /></div>
<div class="latest" id="latestmanga"><img src="images/test.gif" alt="Latest Manga Picture" /></div>
<div class="latest" id="latestsite"><img src="images/test.gif" alt="Latest Site Picture" /></div>
<div id="advertisements"></div>
<div id="articles"></div>

<?php

/*

   Inklude v2.3

   By:        Kage (Alex)

   E-Mail:    Kage@DBZSC.com

   URL:       http://www.dbzsc.com/?dbzsc=phpinclude

   Copyright: © 2002-2005 Kage (Alex), All Rights Reserved.

*/



// Settings:



$abspath = ".";

// Set the above to your absolute path.  _DO NOT_ include a trailing slash.

// You can leave it as "." and it should work just fine.



$extension = "php";

// The extention of included files.  It is STRONGLY recommended you use a unique extension

// that will be used by NO other files except include files.  _DO NOT_ include a dot.

// It is also STRONGLY recommended that you absolutely DO NOT use PHP as include extentions.



$defaultfile = "news.php";

// This is the default file that is called should no query be provided.  You MUST include the

// extension, however, _DO NO_ include the absolute path, that's already added by what you

// provided in $abspath.



$errorfile = "404.shtml";

// This is the error file included should someone provide a nonexistant query.  You MUST

// include the extension, however, _DO NO_ include the absolute path, that's already added

// by what you provided in $abspath.



$query = "page";

// This is the query used when calling include pages.

// Ex: main.php?id=blah -- id is the query



// End User Serviceable Parts



clearstatcache();

$includestring = "";

$mainpage = urldecode($$query);

$mainstring = $abspath."/".$mainpage.".".$extension;

if (!$mainpage) {

  $includestring = $abspath."/".$defaultfile;

} elseif (ereg("\\.\\.", $mainpage) || substr($mainpage,0,2) == "./" || substr($mainpage,0,3) == 



"../") {

  die("Screw off.");

} else {

  if (file_exists($mainstring) && is_file($mainstring)) {

   $includestring = $mainstring;

  } else {

   $includestring = $abspath."/".$errorfile;

  }

}

include($includestring);

// End Of Inklude

?>


<div><embed src="http://animeo.chatango.com/group" bgcolor="#FFFFFF" width="550" height="309" 

wmode="transparent" allowScriptAccess="always" allowNetworking="all" type="application/x-shockwave

-flash"></embed><br />

[ <a href="http://animeo.chatango.com/clonegroup">Copy this</a> | <a 

href="http://chatango.com/creategroup">Start New</a> | <a href="http://animeo.chatango.com">Full 

Size</a> ]</div><br />
</div></div>

</div>
<div id="footer">
<p>&amp;copyCopyright AnimeOmnitude 2005-2006<br />
Template coded by <a href="http://www.nickohrn.com">Nick Ohrn</a></p>
</div>
</div>
</body>
</html>

Removed the @ and there are now errors displayed. It just won’t include files into the current area when you click their links in the sidebar