Moderators: FourthWorld, heatherlaine, Klaus, kevinmiller, robinmiller
Code: Select all
on exportRoutine
get the text of fld "testing2"
put it into myVar
put pathData into URL ("file:" & it & "myfile.php")
end exportRoutineCode: Select all
else if(isset($_GET['function']))Code: Select all
$variable=0 // 0 for yes 1 for noPlugins and PHP work at opposite ends of the communication: a Revlet comes alive only on the client, while PHP is alive only on the server.reelstuff wrote: so there is no real way to use the plugin to do some of the most common things in PHP?
Thanks for taking time to reply, I appreciate that, and yes I agree with you, I was hoping to find a better use than just a client side script, see what I really want is the irev capabilities, embodied into the revlet,FourthWorld wrote:Plugins and PHP work at opposite ends of the communication: a Revlet comes alive only on the client, while PHP is alive only on the server.reelstuff wrote: so there is no real way to use the plugin to do some of the most common things in PHP?
The Revlet can (with the user's permission) alter things on the user's drive, something PHP can't do.
And likewise, PHP can easily alter things on the server, but unless you set up a special mechanism for it you're likely very glad folks can't alter files on your server from their browser.
That "special mechanism" need not be a CGI (and CGI's need not be slow; the Rev engine is small enough that I'd be surprised if running a template through its merge function benchmarked much slower than a standard PHP installation). Revlets support many common client-server web communications methods, including FTP and rolling your own with sockets.
If you prefer PHP for your server-side processing (or mod_perl or anything else you like), you could write the server stuff there and call it from the client side in your Revlet.
Philhold wrote:Hi Tim,
Not at all my friend, my comments were meant to challenge the developers in the forum as well as the creators of the plugin to create a different use case one that could be used to do admin tasks on the server, since we have the ability to use passwords on a revlet, (or at least one would hope so) it could be made moderatly more secure than a PHP page, which as you see daily people break into from time to time to do bad things.I've just re read what I have written below and it sounds a bit more harsh than I mean it to. I honestly think that you need to get your understanding of how server side scripts work and communicate with client side "forms" before you start trying to write to files on the server.
not really, but I do understand your thinking, I think of the use of revlets as a two way street not a client only street, in my mind the revet can and should be used as any other language is used, PHP uses a browser to login into a wordpress website, is it not? so then why do we see the revlet as a client only vehicle, do you see what I am saying?What you are proposing to do in the way you describe is a massive security risk.
I understand it very well, as well I understand your thinking on this too, but I hope that the revlet will not be so constrained as we have discussed it, I hope it can evolve into a more productive tool, because if it is as described then it is not much of a tool, and I think that is not the case at all.You seem to fundamentally misunderstand how a client and server work.
The communication between the users browser or application and the PHP server sends variables as key-value pairs. The job of the browser form or RunRev application form is to collect those key-value pairs and send them to a script file on the server, the script file then decodes the key value pairs and validates them, to ensure that they do not contain malicious code, and then it does stuff with the now clean variables and then can send a message back to the user and/or store something on the server. Storage can be in text files or some sort of database but it is the PHP script (or Perl Script) or whatever on the server that does the saving of the data. This user generated saved data must IMHO only be used as variables by a server script and these must be revalidated when they are used.
Thanks for taking time to reply, I really do appreciate that, I often look for new ways to use old technology in this case new technology, as is so often the case in discussions very often people miss understand and so react in a negative way, but I believe that if not for good discussions, (and I believe this is one of those things() then we would be sad indeed.
have a very pleasant day.
In HTTP communication Runtime Revolution can only send variables to your server side script.
Alternatively if the application you are writing is only for use by people who have password protected ftp access to your server then you could have RunRev create a file locally and then have it drop that file onto the server using ftp.
I hope that this helps.
Cheers
Phil
Your inspiration is a good one, and can be realized within the bounds of reasonable security. In fact, given the confines of the browser, there is simply no other way.reelstuff wrote:...I push for different uses, because I do not see the use of the revlet as a client only use, because it is a container, that can communicate, it should be able to do more than just sit there as a client request, leaving aside the issue of security because we all know that you can only put so strong a lock on the door, someone will come along and break it eventually.
A plugin is a plugin. You could move to Flash, Java, JavaScript, or any other client-side solution, but the relationship between the client and PHP will remain the same.I will consider, your comments a little more, I just wish that there were not so many limits on the use of this resource and the irev tagging anyway thanks, for posting, I can see that it is time to abandon ship
Code: Select all
on exportRoutine
get the text of fld "testing2"
put urlEncode(it) into tMyVar
get url ("http://domain.com/cgi-bin/mythang.cgi?"& tMyVar)
if word 1 of it is "OK" then
answer "Data send successfully."
else
answer "An error occurred: "& it
end if
end exportRoutineCode: Select all
#!../../bin/rev -ui
-- use path appropriate to your server setup
on startup
-- Store incoming data into file:
put $QUERY_STRING into url "file:myfile.php"
-- Return "OK" with proper headers:
put "Content-Type: text/html" & cr &\
"Content-Length: 2"&cr&cr &\
"OK" &cr&cr
end startupProbably not in the real world, at least not for myself or my clients. I understand that everything -- even the Pentagon -- is hackable, but I do try to make it at least a challenge.Philhold wrote:Hi Richard,
Very interesting.
Would you allow a user to put an un-validated query string directly into a .php file?
The blog at revJournal.com does this, using just the standard Rev 3.5 runtime engine as a CGI:
But it was a fun exercise, and now I have total control over how the blog works, able to add anything I need for that and other sites whenever I needed it in a simple code base that's fun to work on.