Gingechilla
-
Posts
34 -
Joined
-
Last visited
Posts posted by Gingechilla
-
-
I have a file called index.php and I want to have a file called index.php
What I don't want, is for the ability of the public to be able to type domain.com/index.php/what-ever-words-they-want-to-type.
At the moment when they go to domain.com/index.php/what-ever-words-they-want-to-type it loads my domain.com/index.php.
I'm not sure why this happens.
-
Hi,
No, never.
You can write anything after index.php/ and the index.php file loads up. Any resources on the page with a relative url won't work though. So ../image.jpg will work on index.php but not index.php/about-us.
I can only assume there's an on/off setting. I have PHP 5.6 installed.
-
Hi,
I'm not sure why but search engines are indexing the following urls on my site:
domain.com/index.php/about-us
domain.com/index.php/contacto
domain.com/index.php/any-word-can-go-here
These aren't URLs I'm using or are in my sitemap.
Can anyone tell me how I can turn off these URLs after the .php ?
I'm not sure why this is happening or what words to use to find out what my problem is.
-
Hi,
Thank you for your help. I will add that in to my code.
For some reason and I'm not sure why... I changed the connection user to root and it worked. I then granted all possible permissions to the user I was previously using but nothing. So I went back and added a brand new user with the some privileges and it worked. Really not sure what went wrong but it's working now. (XAMMP).
Thank you.
-
Hi,
Im having a problem and I can't seem to figure it out or find anything on the net.
If I use the following code the script successfully updates every row in the table:
mysqli_query($con,"UPDATE Ads SET Ads_LocalArea='Stroud'");
However if I try updating the table using the WHERE clause in any of the combinations below nothing happens.
mysqli_query($con,"UPDATE Ads SET Ads_LocalArea='Stroud' WHERE Ads_ID=$DBROWID");
----------------------------------------------------------------------
My Script:
mysqli_query($con,"INSERT INTO Ads (Ads_ID, Ads_AID, Ads_Title) VALUES ('', '$Polished_AdRef', '$Polished_AdTitle')"); $DBROWID = mysqli_insert_id($con); mysqli_query($con,"UPDATE Ads SET Ads_AID='Stroud' WHERE Ads_ID=$DBROWID"); // TRIED THESE TOO // mysqli_query($con,"UPDATE Ads SET Ads_AID='Stroud' WHERE Ads_ID='$DBROWID'"); // mysqli_query($con,"UPDATE Ads SET Ads_AID='Stroud' WHERE Ads_ID='5'");Does any one know where I am going wrong?
-
Hi,
I have this file: http://www.cineworld.co.uk/syndication/film_times.xml
I want to extract all the film information with anything that equals <row key="90">
I can't however seem to get find a way of targeting that row.
<?php $getfile = file_get_contents('http://www.cineworld.co.uk/syndication/film_times.xml'); $arr = simplexml_load_string($getfile); foreach($arr->row as $a => $b) { echo "<br>".$a,'="',$b,"\"\n"; } ?>Could someone point me in the direction that I can find some help please?
-
Oh and the data from the form will be used between other elements and saved in a file for inclusion into the main file. So for example the data from the form might be between stylesheet tags ect.
Only thing I can think of would be importing a CSS file like so:
@import'http://ha.ckers.org/xss.css';
-
I'm attempting to clean out all unwanted input from user posted data. The user can put anything in the input box but when it goes through to my php page I filter through it with the following:
function cleanxss($input) { /// Prevents XXS Attacks www.itshacked.com $search = array( '@<script[^>]*?>.*?</script>@si', // Strip out javascript '@<[\/\!]*?[^<>]*?>@si', // Strip out HTML tags '@<style[^>]*?>.*?</style>@siU', // Strip style tags properly '@<![\s\S]*?--[ \t\n\r]*>@' // Strip multi-line comments ); $inputx = preg_replace($search, '', $input); $inputx = trim($inputx); if(get_magic_quotes_gpc()) { $inputx = stripslashes($inputx); } $input = htmlspecialchars($input); /// MYSQL USE ONLY: $inputx = mysql_real_escape_string($inputx); return $inputx; } //apply the function to an array of user submitted data... ///$_POST = array_map('clean', $_POST); //or individually like... $message = cleanxss($_POST['data']);I've pasted all the data from http://ha.ckers.org/xss.html into the form and it results in no vulnerabilities. Is this right?
-
Oh I've got it! I just had to remove the " " either side of checkU in the replacement code.
Thank you so much for your help! :-)
-
Thank you very much for your reply however I don't think it has worked properly.
HTML Input:
[u]Hello[/u]
HTML Output:
checkU('Hello') -
My code for replacing user input is as follows:
function Replace_BB($text) { $bb = array( '@\[u\](.*?)\[\/u\]@is', '@\[i\](.*?)\[\/i\]@is', '@\[b\](.*?)\[\/b\]@is', '@\[img\](.*?)\[/img\]@is', '@\[url\](.*?)\[/url\]@is', '@\[url=http://(.*?)\](.*?)\[/url\]@is' ); $html = array( '<u>$1</u>', '<em>$1</em>', '<strong>$1</strong>', '<img src="$1" />', '<a href="$1">$1</a>', '<a href="$1">$2</a>' ); return preg_replace($bb, $html, $text); } print_r (Replace_BB($_POST['data']));How can I use an if statement to decide how to put in my replacement.
So for example:
$html = array( 'IF XXXXXX THEN DO THIS>>>>> <u>$1</u> ELSE DO THIS >>>> <u>$1 Error</u>',
-
OK feeling a bit silly now... but where exactly is the typo I need to change to get it to work?
-
Actually maybe there is something wrong with the first array:
preg_match_all("/<bla>(.*)<\/bla>/", $html2, $matches40); print_r($matches40);When I echo the count:
$matches = $matches40; $matches_count = count($matches); echo count($matches);
It only counts 2 and changes two of the 'Tom' to 'Ben'
--------------
HTML Input:
<bla>Tom</bla> <bla>Tom</bla> <bla>Tom</bla> <bla>John</bla> <bla>Cliff</bla> <bla>Tom</bla>
--------------
Array Out:
Array ( [0] => Ben [1] => Ben [2] => Tom [3] => John [4] => Cliff [5] => Tom )
-
Oh!
I'm such an idiot! I did work! Thank you so much!
However... It only works on the first 'Tom'. If I type in Tom twice ect only the first one changes.
-
Thanks for the fast reply,
It just seems to print out the following:
Array ( [0] => Ben [1] => Cliff [2] => Dave [3] => Ned [4] => Austin )HTML Input:
<bla>Tom</bla> <bla>Cliff</bla> <bla>Dave</bla> <bla>Ned</bla> <bla>Austin</bla>
PHP Code:
$html2 = $_POST['fname']; preg_match_all("/<bla>(.*)<\/bla>/", $html2, $matches40); print_r($matches40); $matches = $matches40; $matches_count = count($matches); $replace_array = array( "Tom", "John", "Edward" ); $replacewith_array = array( "Ben", "John2", "EdWaRd....." ); for($i=0;$i<$matches_count;$i++){ $matches[1][$i] = str_replace($replace_array,$replacewith_array,$matches[1][$i]); } print_r($matches[1]); -
Hello again,
I have some form data, which I then search through for particular code data like so:
$html2 = $_POST['fname']; preg_match_all("/<bla>(.*)<\/bla>/", $html2, $matches40);So the above searches for all the data between <bla>XXXXXX</bla> from $POST
Which I then print to my page using:
(Only so I can see while developing)
print_r($matches40);
This displays HTML output like so:
Array ( [0] => Array ( [0] => Hello [1] => My [2] => Name [3] => Is [4] => Tom ) [1] => Array ( [0] => Hello [1] => My [2] => Name [3] => Is [4] => Tom ) )
What I am trying to do is again use the preg_match_all function to look through the array output and find data that I want to remove. E.g. If one of the variables from $matches40 is 'Tom' I want to find and replaces this with 'Ben'.
I spent a day searching Google but to not success. Any help?
-
I guess I get it. I mean I'm only aiming for 300 users so if a user wanted their own personalised template I could check through their code first.
-
Hmm
I guess they would only be hacking themselves though?
I mean, if I give each user their own hosting account through my reseller hosting, and they can only use the style sheet on one page of their website, which doesn't link to any other user account... it should be fine?
PS: I'm building like a profile page for each user which is separated from others by different hosting accounts.
PPS: Oh and people who view the page are the general public and not logged into anything.
------
PPPS: I just copied every single code off the http://ha.ckers.org/xssAttacks.xml site and out in in my style sheet. No pop-ups or anything.
-
Hello,
I'm creating an application where a user can input there own CSS. The problem I'm having is understanding if this will open security holes if...
1. Users input is saved to a file called style.css
2. Each user is on their own a sub-domain from my reseller hosting plan.
3. The style.css file will be included in the page code like so:
<link type='text/css' rel='stylesheet' href='style.css' />
Any advice?
-
Ok I sorta got it going, you have to do this to get anything:
SELECT * FROM items WHERE title LIKE $VARIABLENAME ORDER BY title LIMIT 10
You need to make a variable somewhere, no idea why it works like this though O-o
-
That just shows me what I asked to search the database for :--/
SELECT * FROM items WHERE title LIKE snowball ORDER BY title LIMIT 10
-
I have read through and tried the results of questions like this but found nothing that helped.
// If current page number, use it // if not, set one! if(!isset($_GET['page'])){ $page = 1; } else { $page = $_GET['page']; } $search=$s; $search=$_POST["search"]; $CATSEARCH=$CAT; $CATSEARCH=$_POST["CAT"]; $CATPAGE=$_POST["CAT"]; // Define the number of results per page if($mR > 50){ $max_results = 50; } else { $max_results = $mR; } // Figure out the limit for the query based // on the current page number. $from = (($page * $max_results) - $max_results); // Perform MySQL query on only the current page number's results $sql = "SELECT * FROM items WHERE title LIKE snowball ORDER BY title LIMIT 10"; $query = mysql_query($sql); while($r = mysql_fetch_array($query)); { [color=red]<<<<<<<<<<<<<<<<< LINE 76 >>>>>>>>>>>>>>[/color] $title=$r["title"]; $code=$r["code"]; $message=$r["message"]; $no problem=$r["no problem"]; $cat1=$r["cat1"]; $cat2=$r["cat2"]; $cat3=$r["cat3"]; $id=$r["id"]; // Build formatted results here. echo "$title<p>"; }I get this error:
Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /results.php on line 76
I have checked the names of the tables and fields over and over, I have also tried the "die" result and that did not tell me anything.
-
How can I do that with a search?
E.g:
Search and get all items
Search and get all users items
compare
show results?
-
I have the following tables in my database:
items < Holds all over the items information ect.
userinfo < Holds information on user
usersitems < Holds what the user has got.
From the search page a user can add things from the items table into the usersitems table, that works fine.
The problem I have is, how can I show what items a user does not have?
index.php/random-word-here
in Miscellaneous
Posted
Hi.
Thanks for your help.
In the end I canonical link the file to where I wanted it to go. After that I just chose to redirect anyone who tries going to domain.com/index.php/* back to domain.com/