
hadoob024
Members-
Posts
192 -
Joined
-
Last visited
Everything posted by hadoob024
-
Cool. Thanks for the tip. I couldn't figure out why it wouldn't let me include my code. Anyway, the code for what I'm doing is located at: [a href=\"http://pastebin.com/631485\" target=\"_blank\"]http://pastebin.com/631485[/a] However, all this ends up displaying is garbage like the following: "ÿØÿàJFIFddÿìDuckyPÿî&AdobedÀ MÍ„IÇü¢ÿÛ„ ÿÂÿÄ 0@P`1!"2#%345&p°$A!1Aq"Qa?‘2# 0@P¡ÑBRr‚’34`±ÁbC$Sƒ5ðáñcD%¢²s“Tdt°Â³Eu1!P`2 0@pA"Qa€?Àq‘±B ¡b1!AQaq@P?‘¡± 0`ÁÑðáñp°ÿÚ…üÿhðR˜ð?‡´û*Äý|>€†&ÙÑÓÞøîwÏmµ69®YÅĬa?Nœ˜¾¶Ö«¥*i¯Ól¦{o½~lÉ|´Zk söä3Üao–ã¿&÷lðµ¼e—NS.Œ]©{·,á¯4í|å‚ø!Â-63tŽ•PN\$BaCdpz.g;SM›¿3žþ€Äk‡õù’àȼ•k%ƒ|˜r^ÖNK¦°'/£‘¦€P˜Ÿ;|žÏµ©‘Ñ ç’{.ÀÅ€°8øêà&,×ÍHÕ!ªÅµZßU®š]tÖ©®G=²` #¯ÍïÍyÀ?Έ`HPêƒØq¹ÔFXbˆˆ‚sÚ÷'–à¯;ôn`›Î?Bçä?H>“ç*›¦€=ïÉúiÓÁzæÓ¤€š‡'îrß7x&ÍÕç÷nÜ»˜± £ÅŸŠæ¾]ź'ƒØ¨øo½Þ÷D{ôž{ÍâÊse†ìèõÝèÝÅ€f:8K:8ÀŠ¤[ôO®7_–ùÜ>óofO(Ù¹#tá¯;ý.²7™[{1Úί×3çÎçû7û ÐßT˾-6^ZÅÞµäo2°Öz½PñÕçþ†mÊüL5`êÛ¢¸}€6|?Íæ0ˆëÓ¼?æSXë´Oì^@ói¿ùÕ%Ï¿Iª§Ïç‘Î5¾©Òû*R§‘L^³c¢ÃIŽýmµ?Ù¾*®¢ÞÀ%N¿7¼5ç~-@J·èn\t7À|ÐŽý;är?+¾Ûÿ›]S²d.±?*mw¦Ó'‰ž‹èZSò(4OBÛן]'¾Ù¾xÊeç·¤•åÒú©û×L—ÂßL}µôÓ)[tæù÷Mêü"0í5žø½P¹üÇÎÝæÄí:wlÌÞH ôk¿säL>Ç£Ôw°~RœúlÙï9qú`HŸ$?ú5?9ò|(JÚÓ3z¾‡WÞÀÌGæ1òú;®= HŸ$?z6?¹ñæT&m%e3?µ*-ktÒ_ÔYõûE½EýVõâ×”™ÓÙåëݪOÇÒ+Å4Ÿ8½j€±ð|Ì&¤kzßcÊ>žÅýE‘QuµÅmy[_Rr›ÚÍÕf©ôør÷ø»«0yù6[€îg'§´ç¸Oñ¹‡Óà>Ÿ¢$¡î³ö¢kVvÏs‹¾=Np@GAS=¤œ;vÌ·™ðq«UjÍjÍÍfâ“sY¾Î×›šÍÅfµfµ^҇В÷ÓyÝ×ô|…é¤AÅë{Š3ÊÛÌQ˜ñåKð}À>À|•)‹kE?ãJ÷¸¿F¾—ÏøœâxÃ?ÔËÓP H·˜µšÛLQVœBh¯œÜæ*I¹ÍV“qš½&ë9¼Îo3¶G;^gkÊMÝ&â³}Xöä*íÖ‹+gxÇi[ ka¥m/ÚVÞÑozÛ^(^-oZ‹kÇ™„ª–{WõÏ»€“”by›Ðº¦–ÊÓˆ÷EÎsw’ã9¸Ên²\ç7™ÎGd³¶G+ßçkªMÅgÐÀ"o‚Þñmx¡zÚÞ(^-¯Z‹m ?²« ¥ÄMÅf´*@‚Ö¿¨>¯>ÔmKó:tß·7ϦkžùÒ}¬*Öné75µÝ&î–«€ õÞ8>åBbÞËi‰¿¿üÚ ÔâsŒMLÓr÷;GŸžû÷??>»Ç" Any thoughts on what's going on? thanks!
-
sorry. i'm having problems with new posts and editing prior ones. i keep getting this "403 Forbidden from editing index.php" error message. where can you edit the topic?
-
I've seen this issue posted a thousand times, but everyone else seems to have issues with the uploading part. My problem is with the displaying part. I read through the PHP manual about this, but it didn't answer my question. When I process an uploaded file, do I have to move or copy it prior to displaying it? I'm not interested in saving the file right now. I just want to verify that it was uploaded properly by displaying it. Here's my code for displaying the uploaded image file.
-
I was just doing some reading and came across the setting "session.cache_limiter". Could this have anything to do with my problem? The manual doesn't have too much information on this, regarding whether or not I can use it to help with my problem. Anyone have any experience with it? Thanks.
-
I'm not sure why this is happening and I tried doing some searches, but I haven't come across anything. Basically, in "form.php" I have a form. And I process the form in "formprocess.php". Now, through my verifying/sanitizing, if there was a problem with information submitted, "formprocess.php" handles it, and then tells the user to click on the back button on the browser (or the one that I supply). Now here's the weird thing. If I don't use sessions, when the user clicks to go back to the form, their information is preserved in the form. However, if I try to add sessions to the page (as a hidden token to help prevent CSRF), if the user makes a mistake and has to go back to the form, their entered information is cleared. Has anyone seen this? I'm pretty sure it's the sessions that's doing it, because if I comment out the session code, it works fine and preserves the users inputted info on the form. Here's basically what I have on "form.php": [code] session_start(); $secret = md5(uniqid(mt_rand(), true)); $_SESSION['secret'] = $secret; <input type="hidden" name="secret" value="<?php echo $secret; ?>" /> [/code] And on "formprocess.php": [code] session_start(); if (!isset($_POST['secret'])) errorcheck(2, 'User attempted accessing "addlistingprocess.php" without going through "addlisting.php".'); if (($_SESSION['secret'] != $_POST['secret']) || (!isset($_SESSION['secret']))) { //Call error handling function with $problem = 2 (minor security breach) errorcheck(2, 'User attempted accessing "addlistingprocess.php" without going through "addlisting.php".'); } else { //unset() session variable //unset($_SESSION['secret']); } [/code] What in this code could be causing the form fields to clear? Thanks!!!
-
Recently to help with security, I had my web hosting company create a directory for me that's outside of the web document tree. There's a directory called 'Includes' that's located on the same level as the directory 'html'. Anyway, in the 'Includes' directory, there is a sub-directory called 'Ads'. In this directory, there is a PHP file called 'banner_ads.php' and a bunch of JPG image files. In this php file, I run a simple command: [code] echo '<img src="/home/virtual/ofre.com/var/www/includes/Ads/ad1.jpg" border=0 />'; [/code] Anyways, when I call this file 'banner_ads.php' from a script that's in the web document tree like so: [code] include_once ('/home/virtual/ofre.com/var/www/includes/Ads/banner_ads.php'); [/code] This image does not get displayed. Is there an issue with the way PHP files are run when outside the web document tree? Am I having the command point to the wrong location/path? Thanks!
-
Yeah. Basically, I'm using the following to clean my user inputs: [code] function cleanit($cleanedvar) { $badchars = array(';', '&', '|', '<', '>', '=', '/', '\\'); if (get_magic_quotes_gpc()) { $cleanedvar = stripslashes($cleanedvar); } $cleanedvar = trim($cleanedvar); $cleanedvar = strip_tags($cleanedvar); $cleanedvar = str_replace($badchars, '', $cleanedvar); if ((is_numeric($cleanedvar)) && ((intval($cleanedvar) == floatval($cleanedvar)))) return (intval($cleanedvar)); elseif ((is_numeric($cleanedvar)) && ((intval($cleanedvar) != floatval($cleanedvar)))) return (floatval($cleanedvar)); else return $cleanedvar; } [/code] And then after calling this function, I go back and check each of the inputted variables using eregi(), and then eventually use mysql_real_escape_string() before creating the SQL search string. Any suggestions on top of this? So what does everyone do to make sure that a user can't directly access a page that processes a form, and instead has to access the form page directly?
-
So, then in addition to adding the session token functionality, would it be helpful to add the functionality that if someone tries to access a page that processes a form, I want to check and make sure that they only got to that page by accessing the page that contains the actual form? And if not, re-direct them to the page with the form on it? And that I could do this by accessing the value from $_SERVER['REQUEST_URI']?
-
But I thought that you ALWAYS want to make sure that the form is being submitted from your site? It seems like there aren't that many benefits to being able to submit a form, and not doing so from my site. And it seems if they can submit from anywhere, that there would be a lot more probable security issues, so that I shouldn't allow it. Am I right, or just being paranoid?
-
This isn't all the security checking that I'm doing, but I thought that it might be useful. Let me know what everyone thinks. I was thinking of creating an array that contains all of the PHP pages that I have (well, the ones accessible by the browser and not just includes and such). And then at the beginning of every file, I wanted to check and see whether or not we came from one of the files listed in the array. If not, then do a re-direct on them to index.php or something similar to this. And I was thinking of checking the values by accessing the values stored in something like $_SERVER['HTTP_REFERER'] or maybe $_SERVER['REQUEST_URI']. Also, more specifically, if someone tries to access a page that processes a form, I want to check and make sure that they only got to that page by accessing the page that contains the actual form. If not, re-direct them to the page with the form on it. So, any thoughts on this?
-
cool. thanks. yeah, i should've just followed my own example. in my real script, the main script exits anyway, so i couldn't tell what was causing the script to end, just it running to completion, or the exit() being called in the included script. the closer i'm getting to this thing being done, the more re-assurance i need that something is correct. it's like i'm a 5 year old or something :)
-
I have a question regarding the exit() function. I read the manual on this, but it didn't really answer my question. Suppose I have the following: Script1.php: [code] require 'Script2.php'; blahblahblah(); echo 'junk'; [/code] And Script2.php: [code] function blahblahblah() { exit; } [/code] So basically my question is, when exit() gets called from within Script2.php, does it just stop the execution of Script2.php? Or does it also stop the execution of Script1.php? Thanks!
-
Cool. Thanks man. Yeah, I think I knew what the answer was, I'm just getting paranoid here the closer we get to our launch date.
-
I have a quick question concerning the document root directory. All my PHP files are in the directory: /var/www/html/ However, I also have several include files containing email addresses and MySQL login info in a separate directory. I was told that this is a good way to keep this information private and secure. These files are located in the following directory: /var/www/includes/ Is this directory considered out of the document root? Or does the document root start at the "/var/www" level?
-
Hello. I'm having problems with where my "ad" images are being displayed. It works fine in Netscape and Firefox, in that the sample ads are displayed properly below the menu on the left-hand side. However, in IE, the sample ads are displayed immediately to the right-side of the menu. Here's my site: [a href=\"http://www.ownersfinancingrealestate.com/searchlistings.php\" target=\"_blank\"]http://www.ownersfinancingrealestate.com/searchlistings.php[/a] Can anyone confirm this issue? Anyone know why it's happening? Thanks!!
-
Hmmm... I don't see anything wrong. It looks good to me. Everything's split up and arranged ok.
-
This is a weird problem that I just noticed and can't figure out why it's happening. If I fill out information on a form on my page, click "submit", then click the "back" button on the browser, the location of the table for the form shifts to the left. What would cause this? I'm just using simple tables, and I've set the "align" attribute of each table to "center". You can see it yourself at: [a href=\"http://www.ownersfinancingrealestate.com/addlisting.php\" target=\"_blank\"]Add Listing[/a]