jazzman1
Staff Alumni-
Posts
2,713 -
Joined
-
Last visited
-
Days Won
12
Everything posted by jazzman1
-
No. Use only one query as ginerjm already mentioned to fetch the data from both email and pwd columns. "SELECT email, pwd FROM gbook WHERE email = '$email'"
-
yeah or pdo.
-
Are you using mysqli library rather mysql one? What php db library are you using in your app? You cannot mix them.
-
Can we see the script of your req.php file?
-
Following the logic of your script, I modified it a little and got 4 bbbb's. Here it is, freaks_bash #!/bin/bash string_gen(){ declare -a chars=('a' 'b') remainder=0 current=1 combination=" " max=4 n=0 let length=${#chars[@]}-1 for i in `seq 0 $max`; do let n=$n*$length+$length done while [[ $n -gt $current ]]; do remainder=$current%$length if [[ $remainder -eq 0 ]]; then combination="$combination"${chars[$length]} else combination="$combination"${chars[$remainder]} current = $current/$length fi let current=current+1 done echo $combination; } string_gen # call the function Result: [lxc@lxc-box ~]$ ./freaks_bash bbbb What result are you expecting to get?
-
I learned programming and Unix systems many years ago purely out of my personal interest and have absolutely no formal education on them. If you want to teach yourself in linux system administration area. I'd advise to start learning on redhat servers and lately getting some redhat certificate. The previous programming experience will help a lot.
-
I started reading a book.
-
Shebang maybe? Right permission on the file? What errors do you get?
-
Hey sKunKbad, what I read this morning at Ubuntu documentation, that the root account password in Ubuntu is locked by default. I didn't know that, I am with RedHat based distros. No. In both cases you will find yourself into the user's shell with root environment. I think, the alias of sudo su is just sudo -s.
-
The -i (simulate initial login) option runs the shell specified by the password database entry of the target user as a login shell in that case sudo it will read the skunkbad's password. If you create another regular user account, for instance jazzman:password and grant it as root using the sudoers security policy, sudo will read his password when you're logged in to his current shell. As for the last question, running a su command, it seems that your "skunkbad" account is not permitted to use it. Su and Sudo are not the same.
-
file get contents with complicated (?) login first
jazzman1 replied to muppet77's topic in PHP Coding Help
I did it. You had to tell me about that So, there is no way to login using curl to this page, at least I don't know how to do this task. Sorry....maybe somebody would help you here I will try later on. -
file get contents with complicated (?) login first
jazzman1 replied to muppet77's topic in PHP Coding Help
You are still continue to teach me how the server and client works. No problem, no offense is taken by me Now, I already know that there is not way php to detect if javascript is enabled / disabled in my browser when I make an ajax call to the server. So, back to the OP problem, here is the logic credentials: #!/bin/bash NAME='user' PASS='pass' referer='http%3a%2f%2fwww.bet365.com%2fxtra%2fen%2f' #curl --cookie-jar cjar --output /dev/null 'https://members.bet365.com/Members/lp/default.aspx' curl --cookie cjar --cookie-jar cjar 'https://members.bet365.com/Members/lp/default.aspx' --data "ctl00_AjaxScriptManager_HiddenField=&__EVENTTARGET=ctl00%24HeaderPlaceHolder%24HeaderControl%24Login%24Go&__EVENTARGUMENT=&__VIEWSTATE=%2FwEPDwULLTE0OTk1NjUxNDBkZM%2F826rAqHRdNx1mZCnaiwnKJMB7&__PREVIOUSPAGE=b_rpb_GyZeP1TGPyzN2vQPsEv-IJbnLMMZcHunMJW9JgkSoJrqm6glz93dN4lmrcFcwnZGiTdwRvEiEWZLRm3YVm7wU1&__EVENTVALIDATION=%2FwEWDQKgifDsDwLBpdiBBQKF1rTBCwKg14akCAL%2FnP6QCgK6iKG3CgLx%2BNLkCwLk5KvOAwLBnamGCALUi53qCALxrtCaBwLNvuHaCQK24aRbEcr2XoX5okTIDQsKsnM8zQd6ypk%3D&ctl00%24HeaderPlaceHolder%24ctl00%24hidSessionTimestamp=&ctl00%24HeaderPlaceHolder%24ctl00%24hidSessionHashvalue=&ctl00%24HeaderPlaceHolder%24ctl00%24hidSessionTimeoutDuration=&ctl00%24HeaderPlaceHolder%24ctl00%24hidSessionAppPath=&ctl00%24HeaderPlaceHolder%24HeaderControl%24Login%24Username=${NAME}&ctl00%24HeaderPlaceHolder%24HeaderControl%24Login%24InitialPassword=Password&ctl00%24HeaderPlaceHolder%24HeaderControl%24Login%24ProtectedPassword=${PASS}&txtPassword=${PASS}&txtUserName=${NAME}&txtTKN=7EDA0805C01A4AD3AA96165DA59A4461000003&txtLH=0f740fa6750303c821740356981f2e1123e37676&txtTS=20140919204322079&txtType=2&txtSTKN=695060f20f99447ea7406c3d37a75491&txtScreenSize=1280+x+800&txtFlashVersion=11.2.202" --referer=${referer} curl --cookie cjar --output ~/bet365.html 'http://www.bet365.com/extra/en/' I'm not finding myself in login action using curl. Ideas instead of teaching each others what is AJAX? -
file get contents with complicated (?) login first
jazzman1 replied to muppet77's topic in PHP Coding Help
Ok, do it for me and send me the login credentials. -
file get contents with complicated (?) login first
jazzman1 replied to muppet77's topic in PHP Coding Help
Jacques, who is talking about how the server treats the http post/get form? I am talking about that there is no way to make an ajax call without javascript and this could be easily checked (if js is enabled/disabled by php ( php is cross-side language)) CroNiX in the official docs of cURL, there is nothing about js and curl implementation. I don't think your example is possible to send data in this way by curl. muppet77, what is your username and password. Send me a PM if you want it, to check if it's possible to use curl and lately I'll post the solution to the forum. -
file get contents with complicated (?) login first
jazzman1 replied to muppet77's topic in PHP Coding Help
Ok, how will you send an ajax request (if the script is required) without javascript? -
Is this PDO database connection/ insertion secure from injection?
jazzman1 replied to ageattack's topic in MySQL Help
This is all I have related to mysql. [lxc@lxc-centos ~]$ php -i | grep mysql /etc/php.d/mysql.ini, /etc/php.d/mysqli.ini, /etc/php.d/pdo_mysql.ini, mysql MYSQL_SOCKET => /var/lib/mysql/mysql.sock MYSQL_INCLUDE => -I/usr/include/mysql MYSQL_LIBS => -L/usr/lib64/mysql -lmysqlclient mysql.allow_local_infile => On => On mysql.allow_persistent => On => On mysql.connect_timeout => 60 => 60 mysql.default_host => no value => no value mysql.default_password => no value => no value mysql.default_port => no value => no value mysql.default_socket => /var/lib/mysql/mysql.sock => /var/lib/mysql/mysql.sock mysql.default_user => no value => no value mysql.max_links => Unlimited => Unlimited mysql.max_persistent => Unlimited => Unlimited mysql.trace_mode => Off => Off mysqli MYSQLI_SOCKET => /var/lib/mysql/mysql.sock mysqli.allow_local_infile => On => On mysqli.allow_persistent => On => On mysqli.default_host => no value => no value mysqli.default_port => 3306 => 3306 mysqli.default_pw => no value => no value mysqli.default_socket => no value => no value mysqli.default_user => no value => no value mysqli.max_links => Unlimited => Unlimited mysqli.max_persistent => Unlimited => Unlimited mysqli.reconnect => Off => Off PDO drivers => mysql, sqlite pdo_mysql pdo_mysql.default_socket => /var/lib/mysql/mysql.sock => /var/lib/mysql/mysql.sock- 15 replies
-
- sql injection
- database
-
(and 3 more)
Tagged with:
-
file get contents with complicated (?) login first
jazzman1 replied to muppet77's topic in PHP Coding Help
This login page requires javascript to be enabled in your browser. No way to use cURL. -
Is this PDO database connection/ insertion secure from injection?
jazzman1 replied to ageattack's topic in MySQL Help
Based on Bill Kawin's cite: Here's my original code tested a mount and half ago. I've got an error without calling PDO::closeCursor(). <?php ini_set('display_startup_errors',1); ini_set('display_errors',1); error_reporting(-1); $database_options = array( PDO::ATTR_EMULATE_PREPARES => false , PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION , PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC ); $database = new PDO('mysql:host=lxc.centos.local;dbname=test;charset=utf8', 'lxc', 'password', $database_options); show_prepared_statements(); // *One* prepared statement $stmt = $database->prepare('SELECT 1 + 1 FROM DUAL'); // ... getting executed 10 times for($i = 0; $i < 10; $i++){ $stmt->execute(); } $rs1 = $stmt->fetch(); //$stmt->closeCursor(); echo '<br>'; show_prepared_statements(); echo "<br>"; echo '<pre>' . print_r($rs1, true) . '</pre>'; function show_prepared_statements() { global $database; $statements = $database->query("SHOW SESSION STATUS LIKE 'Com_stmt_%'"); foreach ($statements as $statement) { echo $statement['Variable_name'] . ': ' . $statement['Value'] . '<br>'; } } Result: Mysql server version - 5.5.38 Php - 5.4.29- 15 replies
-
- sql injection
- database
-
(and 3 more)
Tagged with:
-
After select statement, you should specify your select expression. Most often, it indicates a column that you want to retrieve. This is invalid sql syntax - select from.... More information can be found here.
-
Is this PDO database connection/ insertion secure from injection?
jazzman1 replied to ageattack's topic in MySQL Help
Yeah, you are right. I found it - "SQLSTATE[HY000]: General error: 2014 Cannot execute queries while other unbuffered queries are active" , then I googled it and found Bill Karwin's solution very useful for me. I think at that time ( more than a mount and something ago ) the server version was 5.1.x, so this testing server version is 5.5.38. Anyway....sorry, if this is an off topic sor somebody- 15 replies
-
- sql injection
- database
-
(and 3 more)
Tagged with:
-
Is this PDO database connection/ insertion secure from injection?
jazzman1 replied to ageattack's topic in MySQL Help
That wasn't the error I think. Give me 10 minutes to fixed my local DNS server, b/s at that moment I don't have an access to mysql PS: It's weird, now it's running without any errors. I will try to find tomorrow morning the error from the mysql_error log file and I'll post the result, but there were errors for sure.- 15 replies
-
- sql injection
- database
-
(and 3 more)
Tagged with:
-
Is this PDO database connection/ insertion secure from injection?
jazzman1 replied to ageattack's topic in MySQL Help
By closing the statement I meant to kill the statement (bad habit from linux machines), but not the entire object as in the example above. If you want to execute the statement more than once along with others, we can use closeCursor(). This is your example, so I wasn't able to run this script without PDOStatement::closeCursor() and I am interested on how you did <?php $database_options = array( PDO::ATTR_EMULATE_PREPARES => false , PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION , PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC ); $database = new PDO('mysql:host=localhost;dbname=test;charset=utf8', 'root', '', $database_options); show_prepared_statements(); // *One* prepared statement $stmt = $database->prepare('SELECT 1 = :x'); // ... getting executed 10 times for ($i = 1; $i <= 10; $i++) { $stmt->execute(array('x' => $i)); } echo '<br>'; show_prepared_statements(); function show_prepared_statements() { global $database; $statements = $database->query("SHOW SESSION STATUS LIKE 'Com_stmt_%'"); foreach ($statements as $statement) { echo $statement['Variable_name'] . ': ' . $statement['Value'] . '<br>'; } }- 15 replies
-
- sql injection
- database
-
(and 3 more)
Tagged with:
-
Is this PDO database connection/ insertion secure from injection?
jazzman1 replied to ageattack's topic in MySQL Help
In addition to these as has been mentioned above you should always be closing the statement as soon as it's not longer needed. If two applications are running and one is trying to modify something like update or delete table / column records or so, while the second one is accessing those objects as far as I know you will receive an mysql error.- 15 replies
-
- sql injection
- database
-
(and 3 more)
Tagged with:
-
Depends. What's the purpose of this web-site? So, explain everything in more detail and someone could point you out in the right direction.