Tom8001

<?php if($_SERVER['REQUEST_METHOD'] == "POST") { $to = $_POST['to']; $subject = $_POST['subject']; $message = $_POST['message']; $headers = "From: webmaster@domain.com"; $to = htmlspecialchars($to, ENT_QUOTES); $subject = htmlspecialchars($subject, ENT_QUOTES); $message = htmlspecialchars($message, ENT_QUOTES); $to = htmlentities($to, ENT_QUOTES); $subject = htmlentities($subject, ENT_QUOTES); $message = htmlentities($message, ENT_QUOTES); mail($to, $subject, $message, $headers); } ?> <html> <form action="" method="POST"> <h2>To Recipient:</h2><br> <input type="text" name="to" placeholder="To Recipient" /> <br><h2>Subject:</h2><br> <input type="text" name="subject" placeholder="Subject" /><br> <h2>Message:</h2><br> <textarea name="message"></textarea><br> </form> </html> Also make sure that you are sending the email on a live web server, If you try to send a email from your wamp or xampp localhost server it will not work. Hope this helps

Hello, I have a login script and i don't get any errors, it just redirects to the suspended.php Here is the PHP Code: <?php session_start(); require_once('./includes/global_config.php'); require('./includes/connect.php'); if($_SERVER['REQUEST_METHOD'] == "POST") { $username = $_POST['user']; $password = $_POST['pass']; $token = $_POST['token']; $username = htmlspecialchars($username, ENT_QUOTES); $password = htmlspecialchars($password, ENT_QUOTES); $token = htmlspecialchars($token, ENT_QUOTES); $username = htmlentities($username, ENT_QUOTES); $password = htmlentities($password, ENT_QUOTES); $token = htmlentities($token, ENT_QUOTES); $stmt = $conn->prepare("SELECT username, password, rank, active FROM users"); $stmt->bindParam("ss", $username, $password); $stmt->execute(); $fetch = $stmt->fetchAll(); $rank = $fetch['rank']; $active = $fetch['active']; if($stmt->rowCount() === TRUE) { if($rank == 1 || $active == 1) { $_SESSION['username'] = $username; $_SESSION['loggedIn'] = TRUE; $_SESSION['rank'] = $rank; echo '<meta http-equiv="refresh" content="0;./admincp/dashboard.php">'; } if($rank == 0 || $active == 1) { $_SESSION['username'] = $username; $_SESSION['loggedIn'] = TRUE; $_SESSION['rank'] = $rank; echo '<meta http-equiv="refresh" content="0;./usercp/dashboard.php">'; } if($rank == 0 && $active == 0) { $_SESSION['username'] = $username; $_SESSION['loggedIn'] = FALSE; $_SESSION['rank'] = FALSE; echo '<meta http-equiv="refresh" content="0;./suspended.php">'; } else { die("Login Failed."); } } } ?> Also i understand i haven't hashed the password yet, this is not public yet. I'm guessing the problem is $fetch = $stmt->fetchAll(); $rank = $fetch['rank']; $active = $fetch['active']; or $stmt = $conn->prepare("SELECT username, password, rank, active FROM users"); Every bit of help is much appreciated

Thanks everyone for helping me i appreciate it it's working now

Thanks, i got rid of the error but it's not listing any files.

<?php $source_folder = "archive"; if( !is_dir( $source_folder ) ) { die ( "Invalid directory.\n\n" ); } glob($source_folder, "*.html"); ?> Warning: glob() expects parameter 2 to be long, string given

It doesn't say anything about specifying the path in the manual for this function.

<?php foreach (glob("*.html") as $filename) { echo $filename; } ?> How can i get this to list files in another directory?

Hi How can i list files in directory that have a .html extension and get rid of . & .. Thanks, Help is very much appreciated.

Just one more question though, how can i display every website that is submitted, how can i fetch all of them from the directory and echo them with a link. Like this for example http://d3ltasecurity.com/defaces/archive.php

nvm i fixed it if($_SERVER['REQUEST_METHOD'] == "POST") { $url = $_POST['url']; $rand = rand(); $url = preg_replace('#^https?://#', '', $url); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_SSLVERSION,3); $data = curl_exec($ch); curl_close($ch); $destination = "archive/$rand-$url.html"; $file = fopen($destination, "w+"); fputs($file, $data, strlen($data)); fclose($file); } ?>

I got it to work fine, but i want to save the file with the url name in it and i am using the $url variable to do it and i get these errors, here is my code <?php if($_SERVER['REQUEST_METHOD'] == "POST") { $url = $_POST['url']; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_SSLVERSION,3); $data = curl_exec($ch); curl_close($ch); $destination = "archive/".$url.""; // The error is coming from here, i put it as archive/source_1.html and it saved fine into the directory, but this gives me an error Warning: fopen(archive/http://example.com): failed to open stream: Invalid argument in C:\xampp\htdocs\defaces\index.php on line 14 $file = fopen($destination, "w+"); fputs($file, $data, strlen($data)); fclose($file); } ?> Errors: Warning: fopen(archive/http://example.com): failed to open stream: Invalid argument in C:\xampp\htdocs\defaces\index.php on line 14 Warning: fputs() expects parameter 1 to be resource, boolean given in C:\xampp\htdocs\defaces\index.php on line 15 Warning: fclose() expects parameter 1 to be resource, boolean given in C:\xampp\htdocs\defaces\index.php on line 16

I want to get the webpage and save it locally to the archive directory

I'm new to learning curl and have a few errors, this is my code <?php if($_SERVER['REQUEST_METHOD'] == "POST") { $url = $_POST['url']; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_SSLVERSION,3); $data = curl_exec($ch); curl_close($ch); $destination = "archive"; $file = fopen($destination, "w+"); fputs($file, $data); fclose($file); } ?> I'm trying to get the script to download a web page from a URL that has been entered in the HTML form. I'm getting these errors: Warning: fopen(archive): failed to open stream: Permission denied in C:\xampp\htdocs\defaces\index.php on line 14 Warning: fputs() expects parameter 1 to be resource, boolean given in C:\xampp\htdocs\defaces\index.php on line 15 Warning: fclose() expects parameter 1 to be resource, boolean given in C:\xampp\htdocs\defaces\index.php on line 16

So, when the person enters a URL and the form is submitted, how can you save the webpage as a local file?

Don't use md5 for hashing your password it is very easy to crack use this instead $enc_pass = hash('ripemd320', $password); and in your sql query replace $password with $enc_pass

I don't understand how i can make this work

how can you save it with CURL?

how would you actually do this? the only way i can think of is by using file_get_contents(); and saving the html into a file, would this work?

I am curious on how i can create an archive like this, http://d3ltasecurity.com/defaces/

Why not echo the data and then kill the script?

Thanks this helped a lot

Basically i want to target the URL and if someone tries to use XSS or SQL Injection and enters a keyword like union, <, >, (, ), alert To then redirect them

Yeah like CroNiX said if you do not have session_start() and you try to use $_SESSION your going to get an error, and have you tried making a functions.php file and adding session expressions into it? because then you can just include the functions.php file into all the other .php files. Also if you want to display the username do the following i'll add security in this example: <?php //Get values sent from form $username = $_POST['username']; $password = $_POST['password']; //Strip tags from string $username = strip_tags($username); $password = strip_tags($password); //Encrypt password $password = hash('fnv164', $password); //Escape from HTML $username = mysqli_real_escape_string($username); $password = mysqli_real_escape_string($password); //Convert special characters $username = htmlspecialchars($username, ENT_QUOTES); $password = htmlspecialchars($password, ENT_QUOTES); //If you are on another page and you want to echo the username session_start(); //Critical this MUST be at the top of the page. //Check if SESSION is set if(isset($_SESSION[''])) { $_SESSION['username'] = $username; } echo "Welcome, ".$username."!"; ?> Not sure if i went to over the top there but hopefully it should help you out

password hashing is encrypting your database passwords so if a hacker uses SQL Injection to display confidential information the web page from your database the passwords will not display as the normal password for example $2y$12$QjSH496pcT5CEbzjD/vtVeH03tfHKFy36d4J0Ltp3lRtee9HDxY3K That's what the password would look like but it depends on the algorithms you use. Example: <?php //Get values $username = $_POST['username']; $password = $_POST['password']; //Hash the password $password = hash('md5', $password); ?> Now obviously you would have to use escape string and strip tags on the two variables, but that is just an example do not use md5 it's too common and it's the easiest to decrypt You can display a list of algorithms on a webpage and pick one. <?php print_r(hash_algos()); ?>

Hello, i am currently working on a project and i have been on google and nothing has helped i am trying to detect characters in the URL so for example XSS if someone typed in the URL: home.php?=<script>document.cookie();</script> OR home.php?=<?php echo file_get_contents("document.txt", "a"); How would i be able to make a kind of firewall to detect this? and if it does then redirect to another page. Thanks.