2

I am making an install script for a website I'm working on, I'm having troubles making the scripts that generates the config.php file. Here is how I'm generating the string for the config file:

<?php
if (file_exists("config.php")) {
    header("Location: index.php");
} else {
    if (isset($_POST['smtp_password'])) {
        if (!($configFile = fopen("config.php", "c"))) {
            print("ERROR: Cannot write in this directory!");
            exit();
        }
$config = <<<EOT
<?php
    $_AMCFG['login_dir']        = '{$_POST['login_dir']}'; /* LINE 12 */
    $_AMCFG['server_key']       = '{$_POST['server_key']}';
    $_AMCFG['host']             = '{$_POST['host']}';
    $_AMCFG['database']         = '{$_POST['database']}';
    $_AMCFG['user']             = '{$_POST['user']}';
    $_AMCFG['password']         = '{$_POST['password']}';
    $_AMCFG['smtp_name']        = '{$_POST['smtp_name']}';
    $_AMCFG['smtp_mail']        = '{$_POST['smtp_mail']}';
    $_AMCFG['smtp_host']        = '{$_POST['smtp_host']}';
    $_AMCFG['smtp_port']        = {$_POST['smtp_port']};
    $_AMCFG['smtp_user']        = '{$_POST['smtp_user']}';
    $_AMCFG['smtp_password']    = '{$_POST['smtp_password']}';
?>
EOT;

        fwrite($configFile, $config);
        $db = mysqli_connect($_POST['host'], $_POST['user'], $_POST['password']);
        mysqli_select_db($db, $_POST['database']);
        $sqlFile = file_get_contents("install.sql");
        mysqli_multi_query($sqlFile);
        mysqli_query($db, "INSERT INTO admins (steamid, name, mail, disabled, superadmin) VALUES (\"".escape($_POST['admin_steamid'])."\", \"".escape($_POST['admin_name'])."\", \"".escape($_POST['admin_email'])."\", 0, 1)");
    }
}
?>

And here is the error I get in return: (line #12)

Parse error: syntax error, unexpected '' (T_ENCAPSED_AND_WHITESPACE), expecting identifier (T_STRING) or variable (T_VARIABLE) or number (T_NUM_STRING)

What am I doing wrong?

Improve this question
12
  • 1
    What line of code? Why not use heredoc syntax for this? It would be much cleaner. Commented Nov 4, 2014 at 21:50
  • 1
    Can you include an example of the code's output? It's hard to guess what's wrong without it. Commented Nov 4, 2014 at 21:56
  • @Jonathan M I cannot show you any output since I can't run the script, the closing ?> is here it's just the editors that removed it for some reason. As I said the config.php is an example, it is from before I started working on the install script. Commented Nov 4, 2014 at 22:26
  • @Starfox64, Ah, I see. It looks like your error is on line 2, but you've not shown us all of the generator code, so we can't see line 2. Can you post the exact error message and the code section referred to by the error message? Commented Nov 4, 2014 at 22:34
  • @Jonathan M By line 2 I meant line 2 on the snipset of code I posted, the rest doesn't concern the error it justs writes the string into the config file and sets up the MySQL Database. Commented Nov 4, 2014 at 22:37

4 Answers 4

Reset to default
1

Here is my contribution to this question, whether this is the expected results, see the results below.

<?php
$config = "<?php\n\n";
$config .= '$_AMCFG[\'login_dir\']'     . " = " . '$_POST[\'login_dir\']' . ";\n";
$config .= '$_AMCFG[\'server_key\']'    . " = " . '$_POST[\'server_key\']' . ";\n\n";
$config .= '$_AMCFG[\'host\']'          . " = " . '$_POST[\'host\']' . ";\n";
$config .= '$_AMCFG[\'database\']'      . " = " . '$_POST[\'database\']' . ";\n";
$config .= '$_AMCFG[\'user\']'          . " = " . '$_POST[\'user\']' . ";\n";
$config .= '$_AMCFG[\'password\']'      . " = " . '$_POST[\'password\']' . ";\n\n";
$config .= '$_AMCFG[\'smtp_name\']'     . " = " . '$_POST[\'smtp_name\']' . ";\n";
$config .= '$_AMCFG[\'smtp_mail\']'     . " = " . '$_POST[\'smtp_mail\']' . ";\n";
$config .= '$_AMCFG[\'smtp_host\']'     . " = " . '$_POST[\'smtp_host\']' . ";\n";
$config .= '$_AMCFG[\'smtp_port\']'     . " = " . '$_POST[\'smtp_port\']' . ";\n";
$config .= '$_AMCFG[\'smtp_user\']'     . " = " . '$_POST[\'smtp_user\']' . ";\n";
$config .= '$_AMCFG[\'smtp_password\']' . " = " . '$_POST[\'smtp_password\']' . ";\n\n";
$config .= "?>";

echo $config;

Which in HTML source echo'd:

<?php

$_AMCFG['login_dir'] = $_POST['login_dir'];
$_AMCFG['server_key'] = $_POST['server_key'];

$_AMCFG['host'] = $_POST['host'];
$_AMCFG['database'] = $_POST['database'];
$_AMCFG['user'] = $_POST['user'];
$_AMCFG['password'] = $_POST['password'];

$_AMCFG['smtp_name'] = $_POST['smtp_name'];
$_AMCFG['smtp_mail'] = $_POST['smtp_mail'];
$_AMCFG['smtp_host'] = $_POST['smtp_host'];
$_AMCFG['smtp_port'] = $_POST['smtp_port'];
$_AMCFG['smtp_user'] = $_POST['smtp_user'];
$_AMCFG['smtp_password'] = $_POST['smtp_password'];

?>
Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

Thanks you very much, finally got rid of that error.
Actually, the OP wants the actual values for the right-hand side. But I think this solves it.
@Starfox64 You're welcome. Once I got the first line going and had the right formulae, the rest followed.
@JonathanM This one was quite tricky, a bit of escaping to do.
0 
$config .= "    $_AMCFG['smtp_port']        = ".$_POST['smtp_port'].";\n";

Should be:

$config .= "    $_AMCFG['smtp_port']        = '".$_POST['smtp_port'].";\n";

I suppose that this code fails when is "evaled".

Improve this answer

4 Comments

depends on the value of the port. If it's a number, then it doesn't need the quote.
Shouldn't the port in an int?
@Starfox64, can you echo the value of the port to prove to yourself it is a number?
@Jonathan M It would be a string since it's entered through an input text but I'm not putting the "" since it's supposed to be a number.
0

I think your problem is in using double quotes in first part of each line. You are trying to interpolate a value for $_AMCFG[*] when that is supposed to be just a literal string.

Try using single quotes around that part like this:

$config .= '    $_AMCFG['login_dir']        = \''.$_POST['login_dir']."';\n";

Alternately, can I suggest heredoc syntax for this? That would look like:

$config = <<<EOT
<?php
    $_AMCFG['login_dir']        = '{$_POST['login_dir']}';
    $_AMCFG['server_key']       = '{$_POST['server_key']}';
    ...
    $_AMCFG['smtp_password']    = '{$_POST['smtp_password']}';
?>
EOT;

Much cleaner. In fact, you could develop that config as a separate PHP file and just cut/paste it into place.

Improve this answer

2 Comments

I just tried to use heredoc syntax, it is in fact cleaner but I am still having the same error. Code: puu.sh/cDth9.png
Just updated my answer for what I think was you initial problem. When you try heredoc, what error do you get?
0

You've got two instances of <?php in your code. You only need the first one.

The second one, intended for the output file, needs to be escaped.

$config = <<<EOT
\x3C?php

The old version with two instances was confusing the php parser.

Improve this answer

4 Comments

Thanks for the help but that did not fix the error.
@JonathanM Is this true about escaping the tag? Not sure why php tags would be considered anything special inside, in essence, a doubly quoted string. For example, one could easily do $var = "<?php"; without any problems. I have never tried this usage personally and can't find any documentation to support this, so I am interested in this.
It did not work, it probably has something to do with the '' and "".
@MikeBrant, well an unescaped ?> can drop you out. See here: php.net/manual/en/language.basic-syntax.phpmode.php#92643 . However, per the latest comment, this appears to be barking up the wrong tree. I think your line of thinking in your answer is right.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.