greenace92
-
Posts
250 -
Joined
-
Last visited
Everything posted by greenace92
-
I had this before but unfortunately I lost a lot of code. After hunting through my various online accounts and looking at prior posts, I was not able to find the one that I needed. So let's say there are two forms, a login and a register, the two submit button values are: <form name="form1" action="login"> <input type="submit" name="submit1" value="login"> </form> <form name="form2" action="register"> <input type="submit" name="submit2" value="register"> </form> I have some idea of what it's supposed to be, it's an action catch or something inside the POST on the same page... something like: <?php if($_SERVER['REQUEST_METHOD']=='POST'){ If(POST['action'] == "login") { // read login input values, perform login } else if(POST['action'] == "register") { // read register input values, perform registration } } ?> I may vaguely recall the use of && and/or || not sure. I'd appreciate any help. -
Well error.log.1 is 656M so, I'm not sure why it isn't triggering, maybe I missed something... Maybe I have to set the top directories/files to have the .1 extension to zip that one, then by default the only one to be zipped is the regular error.log maybe... maybe not error running non-shared postrotate script for ...
-
I can't seem to call the regular script provided by the server provider manually.
-
I believe it is running because I just removed 8 zipped files which the file type gz was appended to the old logs by incremented numbers eg. access.log.2.gz Well there was a duplicate problem, I removed the initial script After implementing the script below from a tutorial (having changed directories to /var/log/apache2/access.log or error.log) When I try to manually call the logrotate by /etc/cron.daily/logrotate, nothing seems to happen. I check the directory and there aren't any new compressed files. hmm, I think I'll try the original and see what happens. /usr/local/apache2/logs/access_log /usr/local/apache2/logs/error_log { size 100M compress dateext maxage 30 postrotate /usr/bin/killall -HUP httpd ls -ltr /usr/local/apache2/logs | mail -s "$HOSTNAME: Apache restarted and log files rotated" ramesh@thegeekstuff.com endscript }
-
So I'm following a tutorial on rotating apache logs, I see that the /etc/logrotate.d/apache2 directory already has this in it: I won't overwrite as I don't understand what it is, I will add the new log rotate script directly below.
-
Hey requinix, I immediately contacted my hosting provider but they didn't really have any answers. I was panicking thinking "Oh my God was I hacked?" They weren't really much of help. When this happened I had posted on webhosting talk and I was told about df -h, du -sh /*, and du -sm /directory It appeared that /var/log had the highest at 8.3G (not shown above), just looking at my previous thoughts. This one file alone is already 1.1G in size error.log.1 under /var/log/apache2 It was suggested to set up the logrotate to catch 100M intervals and every hour. I'll look into that, I saw that it was already enabled.
-
I rent this 10 GB VPS and I am using 1.5 GB or less. This is the first time this has happened to me (I hope the last). I'm not sure what caused the problem but one day I could not log into PHPMyAdmin, after searching it turned out that it was because the server was full. Maybe it wasn't over night, maybe I just hadn't seen the storage in a while. Although I would have noticed on my server web panel at the hosting company's website. There was something about rotation of server logs. Disabling mysqld general logging. After deleting a lot of files, I still could not get rid of the 8 GB chunk... I didn't know where it was so I backed up my files/mysql databases and re-installed the server. I'd like to know how I could prevent this in the future. Any thoughts?
-
range request? I will look that up, thanks for the clarifications.
-
So I followed through your bullet points above: Do I need to replace the original file name with the random-generated name when serving the file? I'm assuming this is security through obscurity? Granted when serving the file, the file initial-uploaded-filename would be reflected by a match through the database. Oh man, I was hoping to make good progress today, looks like I hit a wall. I'm not sure if it was apparent but I intend to have the ability to cycle through songs, (probably using glob) and play them... this is the new wall. I don't know if I'm assuming that I need this thing called "audio wrapper" and music socket or something... I saw SoundManager2 which was suggested to handle playing files... I know that trying to reinvent the wheel wastes time, lowers productivity... but I want to learn how it works/how to make it from scratch... therefore I'm looking at html5 audio tags... ogg... If you have any tips/suggestions from what I've written that's immediately apparent to you, I'd appreciate hearing them. I'm making good progress, I set up the sub domains, I'm trying to figure out this "serve through proxy" as just simply saying below didn't work, white screen. I don't actually know what to expect, from reading the manual/comments it appears that readfile() is for downloading whereas I'm trying to stream... not sure if those are interchangeable since you are downloading to play. <?php $src "/uploads/music/7551248c23.mp3"; readfile($src); ?>
-
people suggested to use reseller hosting account(s) where the people I rented from could offer help as well. The professional hosting stuff is beyond me now. At this point I'd be happy to have a few clients that I designed/built their websites and hosted them. The Wordpress was potential cheap/easy businesses as far as hosting something that I don't have to deal with much. This seems to be how it is with OVH when I rent my VPS from them, complete freedom. Until something goes down... they also have 24/7 call support that's pretty nuts.
-
To what extent is "commercial hoster" ? What if when developing sites for persona/family-owned businesses, I also hosted those sites? Thanks for the suggestion on sandboxing, I'll have to research on that. I'm still working on the file upload process list you provided. What about hosting in general as far as hosting the websites I built... perhaps "management" is allowed edits where I have built in editing functions in pages almost like a blog. What does it take to not be unrealistic? More than one person? Years of experience? I am looking to rent public cloud server(s) (cheap) to use as overflow/backup that would be automated. I'm just wondering if I offer to develop websites then turn around say "Well, go find a host" and if they're in general not very well informed of the web, I would think that I could throw it on as a directory/new virtual host. I wouldn't say to the extent of reseller hosting... but anyway, thanks for your time.
-
Probably laughable to say but this is for my own hosting "business" (laughs at himself for ineptitude). When I had setup a Wordpress folder/installation for somebody, I had them point their domain to my server's ip address, I then had to create a directory for their domain, a new virtual host, then run the commands to install Wordpress. After that, I told them to go to their domain/wp-admin and that was that. Automate this process after payment. That's what I'm looking to do. Probably in over my head. (You a dummy boy!) Yeah, so that's why I'm asking.
-
For example the command to make a directory mkdir which php has a command for that... but other functions that may need to be ran through bash but I would like to be triggered by a button. To install a lamp server, I have to run a bunch of commands... apt-get install php5 apt-get install mysql-server apt-get install phpmyadmin etc... I'm aware that you can condense that into a single line, but how can I trigger this single line code that runs in bash, by clicking a button? I was told of some "tools?" that automate server commands, can't recall at the moment.
-
Jacques1 thanks a lot that was very informative. This really gives me a great starting point. The subdomain thing is interesting. Well I will work on this and see what I come up with, again thanks a lot for the information.
-
Yeah I thought I saw somewhere that a .mp3 file can't have files inside it (or it won't play) other than the music... but I don't know, I'm not sure either. I will definitely read a lot of sources, I'm really trying to be trustworthy/responsible. My worst nightmare would be one of those companies that end up on the news, "simple logic insert, dumps all table rows" or something haha. thanks for your help and everyone else's.
-
This is what I've got, I have since taken it down but I've posted two files, a 6 and a 4 MB .mp3 files. Now I have to figure out how to proxy and serve links that can't be accessed at the restricted directory or something like that. <?php session_start(); $user = $_SESSION['user']; if(empty($user)){ header("Location: https://www.cunninghamwebdd.com/brian-music"); } // standard error reporting mysqli_report(MYSQLI_REPORT_ALL); error_reporting(E_ALL); error_reporting(1); ini_set('display_errors',true); // redirects if session value is empty // test the file if($_SERVER['REQUEST_METHOD']=='POST'){ var_dump($_POST['fileToUpload']); echo basename($_FILES['fileToUpload']['name']); var_dump($_FILES['fileToUpload']); $uploaddir = '/uploads/music'; $uploadfile = $uploaddir . '/' . basename($_FILES['fileToUpload']['name']); echo $uploadfile; echo '<pre>'; if (move_uploaded_file($_FILES['fileToUpload']['tmp_name'], $uploadfile)) { echo "File is valid, and was successfully uploaded.\n"; } else { echo "Possible file upload attack!\n"; } echo 'Here is some more debugging info:'; print_r($_FILES); print "</pre>"; echo $_FILES['fileToUpload']['name'].'<br>'.'<br>'; echo $_FILES['fileToUpload']['size'].'<br>'.'<br>'; echo $_FILES['fileToUpload']['type'].'<br>'.'<br>'; echo $_FILES['fileToUpload']['error'].'<br>'.'<br>'; echo $_FILES['fileToUpload']['tmp_name']; echo '<br>'.'<br>'."erros"; var_dump($_FILES['fileToUpload']['error']); } ?> The output from last upload NULL Chocolate Puma & Junior Sanchez - Lost your Groove (Clobber Remix).mp3array(5) { ["name"]=> string(70) "Chocolate Puma & Junior Sanchez - Lost your Groove (Clobber Remix).mp3" ["type"]=> string(9) "audio/mp3" ["tmp_name"]=> string(14) "/tmp/phpHK71lk" ["error"]=> int(0) ["size"]=> int(4033462) } /uploads/music/Chocolate Puma & Junior Sanchez - Lost your Groove (Clobber Remix).mp3 File is valid, and was successfully uploaded. Here is some more debugging info:Array ( [fileToUpload] => Array ( [name] => Chocolate Puma & Junior Sanchez - Lost your Groove (Clobber Remix).mp3 [type] => audio/mp3 [tmp_name] => /tmp/phpHK71lk [error] => 0 [size] => 4033462 ) ) Chocolate Puma & Junior Sanchez - Lost your Groove (Clobber Remix).mp3 4033462 audio/mp3 0 /tmp/phpHK71lk errosint(0)
-
I don't understand what changed. Was I hacked and then someone fixed it backend? hahaha Oh man this is great. Now I gotta take this all down and work on the filtering... I think as far as I have it figured, I check for if it's empty, file type, check if it's a true image, there's a link I've bookmarked on stack overflow regarding potential security problems. Size for the convenience of the client. I didn't post in /tmp because of the executable shells risk if I understood that correctly, someone mentioned that as well. Thanks for the help to everyone
-
holy crap it uploaded!
-
yes I did that is working right you can see in the third line above of uploads/music/filename
-
Something did change though... now I'm getting output... most of the lines were blank before I guess this means it went through but I can't find the file, let me try and find it by filetype NULL Chocolate Puma & Junior Sanchez - Lost your Groove (Clobber Remix).mp3array(5) { ["name"]=> string(70) "Chocolate Puma & Junior Sanchez - Lost your Groove (Clobber Remix).mp3" ["type"]=> string(9) "audio/mp3" ["tmp_name"]=> string(14) "/tmp/php1EJzTo" ["error"]=> int(0) ["size"]=> int(4033462) } uploads/music/Chocolate Puma & Junior Sanchez - Lost your Groove (Clobber Remix).mp3 Possible file upload attack! Here is some more debugging info:Array ( [fileToUpload] => Array ( [name] => Chocolate Puma & Junior Sanchez - Lost your Groove (Clobber Remix).mp3 [type] => audio/mp3 [tmp_name] => /tmp/php1EJzTo [error] => 0 [size] => 4033462 ) ) Chocolate Puma & Junior Sanchez - Lost your Groove (Clobber Remix).mp3 4033462 audio/mp3 0 /tmp/php1EJzTo errosint(0)
-
I'm trying to learn, there's a lot to know. But it's good, piece by piece. I'm supposed to end up being a "freelance web developer" hahaha I will try to remove, I will laugh so hard if that was the cause of the problem... I dumped the error.log as a person suggested from reddit There were multiple lines of this error, which I've "subdued" by turning off error reports, this was a solution, I can still insert/query databases. [sun Feb 28 06:42:53.485227 2016] [:error] [pid 2965] [client 71.15.4.51:56128] PHP Notice: Undefined index: fileToUpload in /var/www/html/brian-music/upload/index.php on line 43, referer: https://www.cunninghamwebdd.com/brian-music/upload/ Then there was this error which I don't understand, I set the max/post to use Megabytes, and also I read that one is multiplied by the number of total files supported so I've got it set as 15/300MB at the moment for 20 files, which is insane... but what I want is to hit an add button and this gives me a new input, can do with javascript, the problem would be the unique id's but that'll be later. [sun Feb 28 06:26:27.969938 2016] [:error] [pid 2764] [client 71.15.4.51:55769] PHP Warning: POST Content-Length of 4033831 bytes exceeds the limit of 15 bytes in Unknown on line 0, referer: https://www.cunninghamwebdd.com/brian-music/upload/ I get a null when doing var_dump($_POST['fileToUpload']);
-
Form markup? Html? Or part of the array? I mean I don't get how it's a file size, I made file size up to 100M and it was still saying a filesize error. Is there anywhere else to specify file size? I also tried 10M, 15M, 99M
-
Yes. I haven't implemented the file filter yet. Although I should take if down right away after figuring it out what is wrong. Let me try your solution, thanks for your time and concern. Bad news, still getting the error Out of curiosity what is the absolute worst that can happen with this setup? I'm wondering how else I could test this, local server I suppose. At the same time this is a "throw-away" server in a way. But I'm definitely working on being more secure, and I'm looking to implement the file type, size, name, mime verification on the server side.
-
This is what I've got, https://www.cunninghamwebdd.com/brian-music/upload.html This is the error output AWOLNATION - Woman Woman (Audio)array(5) { ["name"]=> string(32) "AWOLNATION - Woman Woman (Audio)" ["type"]=> string(0) "" ["tmp_name"]=> string(0) "" ["error"]=> int(2) ["size"]=> int(0) } /uploads/music/AWOLNATION - Woman Woman (Audio) Possible file upload attack! Here is some more debugging info:Array ( [fileToUpload] => Array ( [name] => AWOLNATION - Woman Woman (Audio) [type] => [tmp_name] => [error] => 2 => 0 ) ) AWOLNATION - Woman Woman (Audio) 0 2 errosint(2) Choose File upload
-
I pretty much used PHP.net's file upload script verbatim, and I edited PHP.ini to increase max file size/post size. I get error 2 which says file size problem. I called my server provider and they told me to use FTP, I'm not sure if they misunderstood what I was asking. I didn't mean for users on the Linux system. I meant simple HTML <input type=file" /> sort of deal. I could be wrong myself, I don't know, I started to install an FTP server which apparentlt would open port 21. Again unsure if not needed. Nine of the data from $_FILES['fileToUpload']['name'] would show up aside from name. The b- function that removes the ".mp3" from the file name wasn't working. I couldn't get the entire url with the file at the end only the location. Not sure if that makes sense because it hasn't been uploaded yet. Can't get file type either or size. Any help would be appreciated.
