Topic: ?sce=view

[mackbig]

All ken's script's on his download pages use the ?sce=view so that you can see, then copy or save as his PHP scripts.  I was able to use this to look at sam's advisory script as he was having trouble with his time zones.... When I try use this behind my php scripts it attempts to load the script with errors...

Is there a setting you need on your server to enable ?sce=view?

Thanks
Andrew

[sam2004gp]

I am not aware of any secret setting there?

[mackbig]

I was going to add, we are both on goddady, so unless you recall doing the setting, guess that's not it.
So my question remains to anyone else, what drives this?

Andrew

ps: I have seen several other sites that ?sce=view does not work, or creates the same partially rendered page with errors.

I am not aware of any secret setting there?

[sam2004gp]

Maybe it has something to do with their version of PHP their server is using.  Even though you and I should be same version in theory. 

Perhaps its the permissions of your php file.  Another shot in the dark.

[saratogaWX]

The handling of '?sce=view' is done by a small chunk of code if (isset($_REQUEST['sce']) && strtolower($_REQUEST['sce']) == 'view' ) {
//--self downloader --
  $filenameReal = __FILE__;
  $download_size = filesize($filenameReal);
  header('Pragma: public');
  header('Cache-Control: private');
  header('Cache-Control: no-cache, must-revalidate');
  header("Content-type: text/plain");
  header("Accept-Ranges: bytes");
  header("Content-Length: $download_size");
  header('Connection: close');
  readfile($filenameReal);
  exit;
}
that appears just after the local parameter settings.  It should work on all PHP installations as it uses the default __FILE__ global as the target for the readfile($filenameReal);.  No extra PHP settings are required.

Some of the older versions of my scripts used $_SERVER["..."]; arguments for the __FILE__ and depending on the server (Apache v.s. IIS) it may not have had the particular $_SERVER[] value implemented .. that's why I'd switched to the __FILE__ which does work on Apache or IIS servers.

If you use the '?sce=view' on a page that has multiple includes (like wxadvisory.php), then the first script included on the page will respond and print it's contents, not the contents of the including page.

I, too, use this function frequently to help diagnose issues with script implementations on folks sites .. much easier than having them send the script and trying to replicate the issue on your server

Hope this helps...
Best regards,
Ken

[mackbig]

Ken
Thanks, knew there was an "easy" explanation....

Andrew

[sam2004gp]

So what Ken is saying here, is that Mack just needs to download and install an updated version of the script, to gain that function for his site.

Am I correct?

[mackbig]

Not that simple. Most of my php's are multiple call scripts. My php calling my or other's scripts.  The core ken php scripts will work.. I had not tested that yet.  If I add that code Ken posted to my scripts, it would display part of the code, and the rest would render what it was supposed to generate as if called without ?sce=view.

so for instance if I use ?sce=view with http://www.mackweather.com/ec-forecast.php?sce=view it displays the source code.  but index.php also has an include of ec-forecast.php so a ?sce=view shows gobbledegook.  I will add the code to a page and see how it behaves....

Andrew

So what Ken is saying here, is that Mack just needs to download and install an updated version of the script, to gain that function for his site.

Am I correct?

[saratogaWX]

Andrew,

The first script it encounters with a ?sce=view processor in it will try to use the function to print the contents of the page (whatever is the __FILE__ at that time).

When you do a ?sce=view on your index page, the first script it encounters with the routine is in ec-forecast.php.  Since your index page has already started putting out HTML, you get a series of Warning: header already started... messages, then the contents of ec-forecast.php is echoed to the page.  To see it, do a view source and it all makes sense

If you want to be able to ?sce=view for your index page, then you'll need to put the function at the top of your page (before any doctype or headers, inside a <?php .... ?> to make it just show the index page).

Best regards,
Ken

[mackbig]

Got it Ken, I just did not have time to add, was trying to explain something else... but should have left it to you...
Will add and try after kids to bed,  I am "parenting" this eve while wife is out.  Get in trouble when I call it babysitting...

Andrew

Andrew,

The first script it encounters with a ?sce=view processor in it will try to use the function to print the contents of the page (whatever is the __FILE__ at that time).

When you do a ?sce=view on your index page, the first script it encounters with the routine is in ec-forecast.php.  Since your index page has already started putting out HTML, you get a series of Warning: header already started... messages, then the contents of ec-forecast.php is echoed to the page.  To see it, do a view source and it all makes sense

If you want to be able to ?sce=view for your index page, then you'll need to put the function at the top of your page (before any doctype or headers, inside a <?php .... ?> to make it just show the index page).

Best regards,
Ken

[jachen]

The first script it encounters with a ?sce=view processor in it will try to use the function to print the contents of the page (whatever is the __FILE__ at that time).

Hi Ken (a long time ago)

I am trying to understand the magics behind "?sce=view 'processor'".

No chance to find out what happens behind the stage. Is there a security problem with it installed in scripts?

Maybe you find a second to let me know more about it.

Best regards
jachen

[Bushman]

http://www.wxforum.net/index.php?topic=4077.msg35308#msg35308  All is revealed!!

[saratogaWX]

Hi Jachen,

The ?sce=view capability is included in all my standalone (and the support scripts for the Saratoga template) to be able to see the source of the script for debugging.  None of the scripts that have 'secret stuff' in them would include that capability -- only the ones that use non-secret info like settings for data sourcing from URLs and internal configurations.  The main config files for the templates (Settings.php and Settings-weather.php) do not include that capability as you may have 'private' info like email address in it.

When you try ?sce=view on a wx....php page, the request will be 'intercepted' by the first script included on the page that has that capability in it -- usually the weather tags file, so it will display and not the source for the wx....php page itself.

Yes, there is likely a small security issue with the capability as it allows anyone to see the underlying source, but since all my scripts are free and in the public domain, disclosure of the source code entails no additional risk AFAIK.

Hope this helps...

Best regards,
Ken