Jump to content

Tom10

Members
 View Profile  See their activity

  • Posts

    108

  • Joined

  • Last visited

 Content Type 

Posts posted by Tom10

    PHP - Upload image, store it, add mysql entry + create thumbnail.

    in PHP Coding Help

    Posted · Edited by Tom10 

    $mime = getimagesize($src);

		switch($mime['mime'])
		{

    Is unreliable

     

    Look into File Uploads

    <?php

if(isset($_REQUEST['upload']))
{

$dir = "./";
$file = $dir . basename($_FILES['userfile']['name']);
$ext = pathinfo($file, PATHINFO_EXTENSION);
$allowed = array('jpg', 'bmp', 'png', 'gif');

if($_FILES['userfile']['size'] > 500000)

{

die("File size is too large!");

} if(!in_array($ext != $allowed))
{

die("The selected file is not allowed to be uploaded. You may upload files with the following
extensions: jpg, png, bmp, gif");

} if(move_uploaded_file($_FILES['userfile']['tmp_name'], $file))
{

echo "Your file: ".$file." has been uploaded!";

} else 
{

echo "Upload failed";

echo "Here is some debugging information:";

print_r($_FILES);

}

if(is_uploaded_file($file))
{
die("A file with the same name has already been uploaded. Please re-name your file and try again.");
}

}

?>

    hasn't been tested just coded it purely as an example.

     

    blacknight's code looks ok apart from mime to check the file type so you can do it which ever way just add a sql record like blacknight has when the file is uploading.

    Case and Break

    in PHP Coding Help

    Posted 

    <?php

		if(isset($_GET['page']) && !empty($_GET['page']))
		{
			switch($_GET['page'])
			{
				case 'home':

						?>
							<html>
								<b>Home Page</b>
							</html>
						<?

				break;
				case 'challenge':

					?>
						<html>
								<b>Challenege</b>
						</html>
					<?

				break;

				case 'languages':

					?>
						<html>
								<b>Languages</b>
						</html>
					<?

				break;

				case 'passwords':

				?>

						<html>
							<b>Passwords</b>
						</html>

				<?

				break;
			}
		}
	?>

    Parse error: syntax error, unexpected end of file

    Case and Break

    in PHP Coding Help

    Posted · Edited by Tom10

    Here is an example i found, but i don't understand why he has put ?> closing tags

    if(isset($_GET['page']) && !empty($_GET['page'])) {
switch($_GET['page']) {
case 'home': {
?>
<CENTER>
<H1> <U> Home </U> </H1>
This is a sitemap of all the links and pages for this file, from here you can navigate to other pages.

<H3> <U> Sitemap </U> </H3>
<A HREF="<?php echo htmlspecialchars(htmlspecialchars($_SERVER['PHP_SELF'])) . '?page=home' ?>"> Home </A> <BR />
<A HREF="<?php echo htmlspecialchars(htmlspecialchars($_SERVER['PHP_SELF'])) . '?page=challenge' ?>"> Challenge </A> <BR />
<A HREF="<?php echo htmlspecialchars(htmlspecialchars($_SERVER['PHP_SELF'])) . '?page=languages' ?>"> Languages </A> <BR />
<A HREF="<?php echo htmlspecialchars(htmlspecialchars($_SERVER['PHP_SELF'])) . '?page=passwords' ?>"> Passwords </A> <BR />
<?php
}
break;
case 'challenge': {
?>
<CENTER>
<H1> <U> The Challenge </U> </H1>
Somewhere in this script is a vulnerability I have hidden! A key has been hidden somewhere which will lead on to the next part of the Challenge.

<BR /> <BR />
<H3> <U> Files on this server </U> </H3>
Below is a list of files in this directory so you can complete the challenge. This should be all you need to complete this challenge, the rest will test your hacking knowledge!
<BR /> <BR />

<H3> <U> File List </U> </H3>
<?php
foreach(preg_grep('/^([^.])/', scandir(getcwd())) as $files) {
if($files != '.' | $files != '..') {
print($files . ' <BR />');
}
}
}
break;

    Case and Break

    in PHP Coding Help

    Posted · Edited by Tom10

    I have another problem


    a9e38597c2855bef9f9b1d808c2234e0.png


    e06029245cdee95f56ced503667755f1.png


    When i click a link how do i clear everything and have a fresh page? when i click challenge the page stays the same except it echo's challenge page but is there a way when i click challenge to remove all the links and add new content?


    Case and Break

    in PHP Coding Help

    Posted · Edited by Tom10 

    <?php

if(isset($_GET['page']) && !empty($_GET['page']))
{
switch($_GET['page'])
{
case: 'home':
{
echo "<center><h1>Home Page</h1></center>";
}

break;

case: 'challenge':
{
echo "<center><h1>Challenege Page</h1></center>";
}

break;

case: 'languages':
{
echo "<center><h1>Languages Page</h1></center>"
}

break;

case: 'passwords':
{
echo "Passwords Page";
}

break;
}
}

?>


    <A HREF="<?php echo htmlspecialchars(htmlspecialchars($_SERVER['PHP_SELF'])) . '?page=home' ?>"> Home </A> <BR />
	<A HREF="<?php echo htmlspecialchars(htmlspecialchars($_SERVER['PHP_SELF'])) . '?page=challenge' ?>"> Challenge </A> <BR />
	<A HREF="<?php echo htmlspecialchars(htmlspecialchars($_SERVER['PHP_SELF'])) . '?page=languages' ?>"> Languages </A> <BR />
	<A HREF="<?php echo htmlspecialchars(htmlspecialchars($_SERVER['PHP_SELF'])) . '?page=passwords' ?>"> Passwords </A> <BR />
     
    Hi so i am currently learning about case and break and i am getting the following error
    Parse error: syntax error, unexpected ':' in 
    case: 'home':

    Apparently is where the error is coming from

    Setting user levels when logging in with sessions

    in PHP Coding Help

    Posted · Edited by Tom10

    Here is an example which may help you but as gingerjm said there is not much we can do please post your code in this thread and list the errors you are getting

    <?php

require 'connect.php';

session_start();

@error_reporting(E_ALL | E_NOTICE); //set to 0 when on a live server

@ini_set('display_errors', 1); //set to 0 when on a live server

if($_SERVER['REQUEST_METHOD'] == "POST") {

$username = $_POST['user'];
$password = $_POST['pass'];

$username = strip_tags($username);
$username = htmlentities($username, ENT_QUOTES);
$username = htmlspecialchars($username, ENT_QUOTES);

if(preg_match("#[^\w\b\s]#", $username)) {

echo "<h1><span style='color: #222; font-weight: bold; font-size: 38px; font-family: sans-serif;'>Username has been rejected.</h1>";

echo "<h3><u>Your requested username:</u> ".$username." </h3>";

echo "<h3><u>Why has my username been disallowed?</u></h3><br>";

echo "<li>Your username contains illeagal characters such as: !&*(#~{;$%^+=</li>";

die();
}

$password = hash('gost-crypto', $password);

$stmt = $handler->prepare("SELECT * FROM users WHERE BINARY username = BINARY '{$username}' AND BINARY password = BINARY '{$password}'");
$stmt->execute();

$row = $stmt->fetch(PDO::FETCH_ASSOC);

if($stmt->rowCount() > 0) {

if($row['rank'] > 0) {

$_SESSION['username'] = $username;
$_SESSION['loggedIn'] = 1;
$_SESSION['rank'] = 1;
$_SESSION['status'] = 1;

echo '<meta http-equiv="refresh" content="0;admin.php" />';

} else if($row['rank'] < 1) {

$_SESSION['username'] = $username;
$_SESSION['loggedIn'] = 1;
$_SESSION['rank'] = 0;
$_SESSION['status'] = 1;

echo '<br><br><br><br><br><br><br>';

echo '<center><img src="https://ers.snapuptickets.com/ers/images/loading-spiral.gif" width="100" /></center>';

echo '<center><br><h3><b>Loading. Please wait..</b></h3></center>';

echo '<meta http-equiv="refresh" content="3;user.php" />';

exit();

} else if($row['rank'] < 0) {

die("Error: Your account has been banned!");
}

} else {

die("

<h1>Username or Password incorrect.</h1> <br>

<u><b>Please note:</b></u>
<li>Usernames and passwords are case-sensitive!</li>

");

}

}

?>

     

    Here is an example i coded a while back, not the best but should be ok for your question.

    Upload script

    in PHP Coding Help

    Posted 

    if($_SERVER['REQUEST_METHOD'] == "POST")
{
	$dir = "./";
	$file = $dir . basename($_FILES['userfile']['name']);
	$ext = pathinfo($file, PATHINFO_EXTENSION);
	$filename = $_FILES['userfile']['name'];

	$allowed = array('jpg', 'png', 'gif', 'bmp');

	if($_FILES['userfile']['size'] > 10000)
	{
		die("File is too large!");
	}
	if($ext != $allowed)
	{
		die("Invalid Image File. Possible hack attempt!");
	}
	if(move_uploaded_file($_FILES['userfile']['tmp_name'], $dir))
	{
		echo "File: ".$_FILES['userfile']['name']." has been uploaded to ".$dir."! ";
	} else
	{
		die("Error: ".$_FILES['userfile']['error']." ");
	}
}

    This part is the problem

    if($ext != $allowed)
	{
		die("Invalid Image File. Possible hack attempt!");
	}

    Upload script

    in PHP Coding Help

    Posted 

    if($_SERVER['REQUEST_METHOD'] == "POST")
{
	$dir = "./";
	$file = $dir . basename($_FILES['userfile']['name']);
	$ext = pathinfo($file, PATHINFO_EXTENSION);
	$filename = $_FILES['userfile']['name'];

	$allowed = array('jpg', 'png', 'gif', 'bmp');

	if($_FILES['userfile']['size'] > 10000)
	{
		die("File is too large!");
	}
	if($ext != $allowed)
	{
		die("Invalid Image File. Possible hack attempt!");
	}
	if(move_uploaded_file($_FILES['userfile']['tmp_name'], $dir))
	{
		echo "File: ".$_FILES['userfile']['name']." has been uploaded to ".$dir."! ";
	} else
	{
		die("Error: ".$_FILES['userfile']['error']." ");
	}
}

    i get no errors but 

    if($ext != $allowed)
	{
		die("Invalid Image File. Possible hack attempt!");
	}

    is the problem, it just says Invalid Image File. Possible hack attempt!

     

    scandir()

    in PHP Coding Help

    Posted

    Hi i am currently going through functions trying to learn more about php and i used the scandir() function, is there a way to get the output on the page without using print_r() ?

     

    Thanks :)

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.