CWOP Statistics Viewer Script

Absolutely true, but Yahoo (and an increasing number of others, apparently) have this turned off for security reasons. I’m not getting much traction on having it turned on for my tiny domain.

From the Yahoo Hosting answer http://help.yahoo.com/l/us/yahoo/smallbusiness/webhosting/php/php-37.html:

[quote]
The PHP community has identified certain PHP configurations and directives whose misuse can result in insecure code. To help protect all of our > customers, the following options will be disabled for all accounts beginning October 1, 2009:

Short answer, use a different host.

Fine, pithy little solution that would certainly work until PHP 5.3 is deployed or that host tightens security.

Thanks, Niko.

I think you are reading “the sky is falling” into Yahoo’s statement, but it really isn’t. I don’t believe this script includes register_globals so I don’t see that (5.3) is a concern. There are many users of the carterlake/ktrue page templates who are using hosts allowing this type of access to data from other sites, to quote your quote “misuse can result in insecure code”, the key is to have well designed scripts which avoid misuse. I think you just landed on a host that is more “consumer” oriented than most.

Certainly true…Yahoo Domains could be, admittedly “baby’s first web host”…but for my simple requirements and elementary html code a consumer-grade host is all I have needed for many years. This particular problem isn’t really enough to trigger what would become a major move (domain, host, multiple email accounts and ultimately registrar).

Perhaps I am expecting too much to be able to run this script on a Yahoo Domains site…I was just hoping someone with more fluency in the language could help me with a work-around or a direction to look…

Thanks anyway.

barryt.

Barry,

We’ve all been where you are at one point. To get all the functionality that most of the weather scripts provide, you need to take the step towards a “more capable” host. You can easily get by spending about $40-$50 ($10 host - $30 domain) which doesn’t break the bank. Caution must be taken though…this investment will most likely suck you into an endless weather website script frenzy. :lol: :lol:

Michael

Maybe $20/yr, $10 for hosting and $10 for the domain, get something like barrytwx, you can play on that site and iframe pages to your main site. No need to change emails or anything.

Maybe…If a new host is the best or only answer to this problem I’ll likely just kill the page, though. More trouble than the problem’s worth. It’s certainly not worth spending money and time on another domain.

One of the purposes of this whole thing is to just learn a little of a new language.

Again…thanks anyway.

Unfortunately a lot of the weather scripts do grab data from outside sources :frowning:

OK…I get it, guys. Yahoo sucks. I made a huge mistake setting up on to Yahoo Domains years ago. I hear you but it’s not in the cards to change or to add a domain right now. I’m simply trying to learn a little of a new language to do something cool in the process…It’s just not worth the time, money or hassle…even if it’s a Godaddy 10 buck domain.

So in an attempt to try and learn something about scripting, I’m going to try this again. I’m going to ask some very specific PHP-script-related questions. According to the log, the line that seems to be breaking is this:


$html4 = implode(’ ', file($url4));


I’m not understanding PHP documentation. What, exactly is going on in this line?

Assuming these variables:

$url4 = (“$fileName”);
$fileName = “http://weather.gladstonefamily.net/site/“.$cwop.”?days=“.$span2days[”$key"].";tile=10#Data”;
$cwop=d2611
$span2days = array(3, 7, 14, 28, 56, 91, 182, 273, 364);
$key = 0;

The resulting completed command line would be the following (assuming a default duration), right?

$html4 = implode(’ ', file(http://weather.gladstonefamily.net/site/d2611?days=28[0];tile=10#Data";));

  • What is the actual function of “implode”? What is the command actually doing?
  • What’s the function of the first ’ ’ in the line?
  • Is there another command that can achieve a similar result?

I assume this command sets the script up to query a dynamically-built CWOP page for the data which map to other variables in cwopstats.php. The script seems to have no problem pulling the graphics…only the data to support all of the other variables. Why would that be a problem and the graphics not be?

Thanks for your education.

Barry,

I believe it’s actually the file() function http://php.net/manual/en/function.file.php that is causing you problems. I find that googling things like “php file()” is very useful in learning what the various functions do.

  • Jim

GREAT! That gets me started again!

I’ve been Googling “Implode”…

THANK YOU!!!

The problem isn’t implode itself, which is just a text processing thing, it’s the fact that the server is not allowing you to get the text that implode needs from another server. A very clunky work around would be to run a regularly scheduled job on a local PC that grabs the file from the gladstone site, and FTP’s it to your server, and then point the implode at that local file. At least then you could see how it works.

I thought about that. I’m doing something like that to get my home network traffic data to the site (http://barryt.org/mrtg). In fact the data from my original station, an OS WMR968 using VWS 14, only uses only FTP to get its data to this site. All the web page creation gets done in VWS. Clunky but admittedly it works.

Doing that for this script gets into the “more trouble than it’s worth” neighborhood.

It still seems like the problem might get worse. The more I read on PHP sites about the “allow_url_fopen” function, the more it sounds like a security vulnerability that is gradually being closed.

Still exploring…

Nice network data display :smiley:

Just finished my page: http://www.daculaweather.com/cwop_stats.php

Great script! Thanks!

I’ll be darned if I didn’t find it!!! There IS a way around the "“allow_url_fopen=off” problem. :smiley:

It took me a while getting my head around PHP.net documentation but CURL functions are the answer:

Here is the code in that makes CWOPSTATS.PHP work on a host that does not allow direct URL file access: Replace these lines (#86):

//Start Parsing the City page $url4 = ("$fileName"); $html4 = implode(' ', file($url4)); $html4 = file_get_contents($url4);

With this:

//Start Parsing the City page $url4 = ("$fileName"); function get_content($url4) { $ch = curl_init();
curl_setopt ($ch, CURLOPT_URL, $url4);
curl_setopt ($ch, CURLOPT_HEADER, 0);

ob_start();

curl_exec ($ch);
curl_close ($ch);
$string = ob_get_contents();

ob_end_clean();

return $string;     

}

$html4 = get_content ($url4);

Here’s how it looks now: http://weather.barryt.org/cwop

Now I’m going get back to work on cosmetics…

Barryt

Thank you! I became aware of the script this morning, had the same problems, and was on the trail too. You have saved me a lot more work.
Steve

Would not agree with that.

You need to use proper coding to get around that type of restriction. I even restrict my clients from using those types of commands now as they typically use improper techniques and expose not only their own sites but others at the same time.

The solution is create a curl function and use that instead of file and you won’t have any problems and be more secure at the same time. Just like what barrytmedia posted.

You could even create a general function to use for all uses of file etc…