leafer

In terms of security, is there any advantage to choosing a protected variable over a local variable in the following examples? Thx protected function getPage() { $this->_ch = curl_init(); curl_setopt($this->_ch, CURLOPT_USERAGENT, $this->_userAgent); curl_setopt($this->_ch, CURLOPT_URL, $this->_url); curl_setopt($this->_ch, CURLOPT_REFERER, $this->_referrer); curl_setopt($this->_ch, CURLOPT_FOLLOWLOCATION, false); curl_setopt($this->_ch, CURLOPT_FRESH_CONNECT, true); curl_setopt($this->_ch, CURLOPT_HEADER, false); curl_setopt($this->_ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($this->_ch, CURLOPT_CONNECTTIMEOUT, $this->_timeout); $this->_result = curl_exec($this->_ch); curl_close($this->_ch); return $this->_result; } protected function getPage() { $ch = curl_init(); curl_setopt($ch, CURLOPT_USERAGENT, $this->_userAgent); curl_setopt($ch, CURLOPT_URL, $this->_url); curl_setopt($ch, CURLOPT_REFERER, $this->_referrer); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, false); curl_setopt($ch, CURLOPT_FRESH_CONNECT, true); curl_setopt($ch, CURLOPT_HEADER, false); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, $this->_timeout); $this->_result = curl_exec($ch); curl_close($ch); return $this->_result; }

It's not entered in with double quotes I just used double quotes to signify the entire sentence I used.

"I'm going over to John's house"

No one?

It's the key to the left of enter not the one with the tilde sign (~). I tried your method above but now the line itself doesn't display.

I've tried everything (htmlspecialchars, htmlentities, html_entity_decode with ENT_QUOTES) and nothing seems to work. It keeps displaying a blue boxed question mark in place of the single quote. The portion of the sentence not displaying properly is "john's". I've manually inserted the info using myphpadmin if that makes a difference. Thx

I even tried something like this: $(document).ready(function() { $(".forumPaster").hide(); $(".ForumPasteButton:button").bind('click', function() { $(".forumPaster").each(function(){ $(this).toggle(); }); }); }); Nothing. I can't seem to find anything that says only the next one only.

I've been at this on and off for a week but it never seems to work quite right. Basically I have multiple divs that are hidden preceded by a button before each one but it has to start hidden on load. All I want is any of the buttons to only open the div directly after it. At the moment it seems to want to open all of them. Here is the snippet of code: <div class="buttonClass"><button class="ForumButton" type="button">Click to open</button></div><div class="forumPaster">Hidden information</div> Here's what I have so far: $(document).ready(function() { $(".forumPaster").hide(); $(".ForumPasteButton:button").bind('click', function() { $(".forumPaster").toggle(); }); });

Excellent Dave. It works perfectly.

Here's the statement that doesn't entirely work the way it should: $query = "SELECT name FROM thedatabase "; $query .= "WHERE position LIKE '%$position1%' OR position LIKE '%$position2%' OR position LIKE '%$position3%' "; $query .= "OR position LIKE '%$position4%' AND league = '$league' ORDER BY rank ASC LIMIT 5"; Now within my code I have a broad statement which doesn't use the "AND league = '$league'" part and it works perfectly. Once I include the and league part it's almost as if the statement isn't even there. With and without that portion the result is the same. Basically what I'm trying to accomplish with this statement is: If any of the positions exist BUT contain StringX within the league column then return ORDER BY rank ASC LIMIT 5. It seems as if it's treating that AND statement as an OR and once it finds a match ignores the rest. Any ideas?

I noticed! except... I probably already lost more then a bit Thanks again for the info, you probably switched the "rapidshare file check" part with Hotfile. preg_match("/<form action=\"([^\"]+)\" method=\"post\">/",$index,$match); //print $index; is only used for rapidshare in my code... but.. Your explanation was exactly what I needed! I finally understand it and realize that I was started wrong! I started from scratch again and its working now :-) Hip Hip if($row[2]==2) // Hotfile Check { $row[1]="http://www.".$row[1]; $index=getpage($row[1]); print "<a href=\"".$row[1]."\">".$row[1]."</a>\n"; if(strpos($index,"Downloading")===false) //check if page contains the word downloading if not = bad link { mysql_query("UPDATE `v2links` SET `checked`='-1',`lastcheck`=NOW() WHERE `id`=".$row[0]); print "bad link\n"; logstr("log-c.txt","bad link\n"); } else { $pattern = '/<table\sclass="downloading"\>.+<b>(.*?)\<\/b\>.+\<span\sclass="size"\>\| (.*?)\<\/span\>/'; preg_match($pattern, $index, $output); $caption=$output[1]; $fsize=$output[2]; print "$caption :: $fsize\n"; logstr("log-c.txt","$caption :: $fsize\n"); mysql_query("UPDATE `v2links` SET `checked`='1',`lastcheck`=NOW(),`fsize`='$fsize',`caption`='$caption' WHERE `id`=".$row[0]); unset($match); if(mysql_errno()) print mysql_error()."\n"; } } Works link a charm like this! Thanks again for your time and if you have a paypall email please pm me... I'm gonna pay you that BEER! Promised! Glad to hear it worked out for you. As far as the beer goes I only kid. As a fellow noob I enjoy giving back whenever I can. Have a good one.

The perfect word to explain regex is torture. It's an extremely powerful tool as long as your willing to lose a bit of hair in the process. Anyways, I'll assume the getpage() function is a curl call and your passing the url to it. I think I see your problem here and its a bit ironic. Remember I was asking you if you wanted to download the file? Thats exactly what it's trying to here by downloading the form code once it's successful: preg_match("/<form action=\"([^\"]+)\" method=\"post\">/",$index,$match); //print $index; See that. Its grabbing the form code when it should be going directly to the regex I gave you. So put in my regex into that place like so: $index=getpage($row[1]); if(strpos($index,"The file could not be found. Please check the download link.")===false && strpos($index,"Due to a violation of our terms of use, the file has been removed from the server.")===false) { preg_match("/<table\sclass="downloading"\>.+<b>(.*?)\<\/b\>.+\<span\sclass="size"\>\| (.*?)\<\/span\>/",$index,$match); //HERE Grab the $match[1] and $match which are the values we spoke about before THEN Insert into the DB or output to a txt file. Erase all of this: Reason I'm telling you to erase that part is because you mentioned you werent interesting in downloading anything just grabbing the link, file size and filename. That's it. Besides I wouldn't use that code anyhow and prefer a regex over it. Anyways removing all of that code should make it work especially since your first regex statement is NOT looking for a form but rather those values you wanted.

Here's a general function I use for simple curl checks. I'll remove the function part of it. $url = "http://whatever.com"; $agent - "Mozilla/5.0 (Windows; U; Windows NT 5.2 en-US;rv:1.9.0.7)Gecko/2009021910 Firefox/3.0.7"; $ch = curl_init(); curl_setopt($ch, CURLOPT_FAILONERROR, 1); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch , CURLOPT_CONNECTTIMEOUT, 10); curl_setopt($ch, CURLOPT_HEADER, 1); curl_setopt($ch, CURLOPT_TIMEOUT, 10); curl_setopt($ch, CURLOPT_USERAGENT, $agent); curl_setopt($ch, CURLOPT_URL, $url); $result = curl_exec($ch); curl_close($ch); $pattern = '/(?s)\<item\>.*?\<\/item\>/'; preg_match ($pattern, $result, $output); //ADD IN THE VARS TO GRAB EACH PORTION if $output is empty then = bad link. Else put vars into appropriate places Instead of that pattern, put the one I gave you and move the data into the appropriate vars.

I want to keep it simple, no download, just check if a link exists, if so I want to parse filename and size and write that down. as you can see in the curent code.. the script first checks first the link is ok : if(strpos($index,"Downloading")===false-) if not ok it prints 'bad link' If link ok... else Then I would like to parse filename and filesize ( using your pattern) and write that down in the text file as you can see in my code. the link checking part works fine, I'm getting following output: [1] hotfile.com/dl/6491715/ca36ee7/BURP_Kenshi.part02.rar.html bad link [2] hotfile.com/dl/10201361/1867cae/H.P.5.Order.of.Phoenix.2007.DvD.RiP.Hindi.By.Innov bad link [3] hotfile.com/dl/11825481/1c87a38/2009_-_Magical_Mystery_Tour_Stereo_Remaster.part2.rar.html :: [4] hotfile.com/dl/10201433/68abce6/Harry.Potter.6.Half.Blood.Prince.2009.Hindi.By.Inn bad link [5] hotfile.com/dl/11629240/a9f4bec/Please_Please_Me-Mono_2009_Remastered.part1.rar.html :: I just not getting the filename and filesize from the good links. So what I would like to see: [1] hotfile.com/dl/6491715/ca36ee7/BURP_Kenshi.part02.rar.html bad link [2] hotfile.com/dl/10201361/1867cae/H.P.5.Order.of.Phoenix.2007.DvD.RiP.Hindi.By.Innov bad link [3] hotfile.com/dl/11825481/1c87a38/2009_-_Magical_Mystery_Tour_Stereo_Remaster.part2.rar.html 2009_-_Magical_Mystery_Tour_Stereo_Remaster.part2.rar :: 55MB [4] hotfile.com/dl/10201433/68abce6/Harry.Potter.6.Half.Blood.Prince.2009.Hindi.By.Inn bad link [5] hotfile.com/dl/11629240/a9f4bec/Please_Please_Me-Mono_2009_Remastered.part1.rar.html Please_Please_Me-Mono_2009_Remastered.part1.rar :: 75MB Here is my full code: }if($row[2]==2) // Hotfile check { $row[1]="http://www.".$row[1]; $index=getpage($row[1]); preg_match_all('/(<td>Downloading <b>)(.*)(<\/b>)/',$index,$match); if($match[1]) $desc=mysql_real_escape_string(strip_tags($match[1])); if(strpos($index,"Downloading")===false || !$desc) { mysql_query("UPDATE `v2links` SET `checked`='-1',`lastcheck`=NOW() WHERE `id`=".$row[0]); print "bad link\n"; logstr("log-c.txt","bad link\n"); } else { print "$output[1] :: $output[2]\n"; logstr("log-c.txt","$output[1] :: $output[2]\n"); mysql_query("UPDATE `v2links` SET `checked`='1',`lastcheck`=NOW(),`fsize`='$output[2]',`caption`='$output[1]' WHERE `id`=".$row[0]); unset($desc); if(mysql_errno()) print mysql_error()."\n"; } } Then add a curl routine to the good links found which visits the link, grabs the output and parses the filename and size. Basically: }if($row[2]==2) // Hotfile check { $row[1]="http://www.".$row[1]; $index=getpage($row[1]); preg_match_all('/(<td>Downloading <b>)(.*)(<\/b>)/',$index,$match); if($match[1]) $desc=mysql_real_escape_string(strip_tags($match[1])); if(strpos($index,"Downloading")===false || !$desc) { mysql_query("UPDATE `v2links` SET `checked`='-1',`lastcheck`=NOW() WHERE `id`=".$row[0]); print "bad link\n"; logstr("log-c.txt","bad link\n"); } else { 1) Curl good link and return output 2) Then use my pregmatch to grab the file name and size 3) Then print "$filename $output1 $output2" 4) Insert into DB print "$output[1] :: $output[2]\n"; logstr("log-c.txt","$output[1] :: $output[2]\n"); mysql_query("UPDATE `v2links` SET `checked`='1',`lastcheck`=NOW(),`fsize`='$output[2]',`caption`='$output[1]' WHERE `id`=".$row[0]); unset($desc); if(mysql_errno()) print mysql_error()."\n"; } } If you want. PM me the entire code your using with all of the sensitive data removed (including curl statement). Firing off the second curl statement should work though. My method for that would be: 1) Pulls links from DB. 2) Send curl statement 3) If link not correct return "bad link" 4) If link good return output, pregmatch the necessary info. Actually you shouldn't need the 2nd statement. Post the actual curl statement your using and from there I can easily give you the routine.

Do you want to check if the link exists: <a href="http://hotfile.com/dl/13717843/4c6dfad/cl_backup.part3.rar.html?uploadid=13717843&fname=cl_backup.part3.rar.html&hash=4c6dfad&lang=it">Italian</a> Or turn what you've got into a link to then begin a download. Basically simulating a click on regular download? http://hotfile.com/get/13717843/4ac4ddbd/24c4d38/cl_backup.part3.rar If thats the case you need to grab all of the form values: Then craft a post statement and wait for the link to come out. The LiveHTTPHeaders for firefox will help you find out the exact structure of the url.

Damn. Great idea. Thx

lol no worries man. You've been more then helpful. I immediately went to the php session docs to whip up a solution. I'm about to put the finishing touches on my learning website to finally get this out of the way. I had to learn passing cookies before the website went live anyhow so I'm glad I'm forced into it. I've been putting off the website for a while now because I've already moved on to the projects I wanted to start before I began learning PHP. Anyways here's what I came up with: Inside index.php session_start(); $string = "abc"; $key = hash_hmac('ripemd160', $string, '1234567890'); $_SESSION['key']=$key; 1.php session_start(); if(!isset($_SESSION['key'])) { header("Location: 404.php"); } Obviously the hash_hmac part is unnecessary but it's something I could use down the line by bringing in random code from my DB based on some random changing value. I was thinking time or something of that nature but for now that's more then enough. It will never be a perfect solution because even that above I can easily simulate a curl call to grab the cookie along with the info needed. I've noticed a few forums beginning to use JS to salt the session ID before its being passed which gave me a bit of difficulty to fool but I'm chalking it up to my skill set rather then being a foolproof solution. I've realized if they want it they'll get it. thanks a million 5kyy8lu3.

Giving this a try at the moment. Haven't used sessions that often but it seems that may do the trick.

As I said several replies ago it simply makes a http request, just as someone would if they browsed to the file. There isn't really anything you can do. you couldn't use $_SERVER['HTTP_REFERER'] then and check to see that it came from index.php? EDIT: i guess if it's just a plain http request even that won't work huh, that sucks Thought of the referrer trick but I might as well just leave it open if thats the case. Extremely easy to fake. I looked throughout the entire list of php globals, env variables to see if there is anything but nothing. As thorpe mentioned its an http call either way. I'm surprised there isn't some simple solution or .htaccess entry I could use to limit access only when coming from that specific file.

Correct. Tried this: die($_SERVER['PHP_SELF']); and it echos this: /php/1.php so i made the edit: <?php if ( $_SERVER['PHP_SELF'] != '/php/1.php' ) { header("Location: 404.php"); } ?> and put that at the top of 1.php. I don't know JS very well, so does jquery INCLUDE 1.php or does it link to it? like if you're viewing 1.php, does your address bar show index.php or does it show 1.php? if it "includes" or "loads" 1.php but index.php remains in the address bar, then you need to change the script to '/php/index.php'. that way, only index.php can load 1.php. I removed the jquery call entirely and just put a regular <a href="/php/1.php">Link</a> into the page just to eliminate it as a possibility. Same. I click the link to the 1.php which contains: 404 redirect. Here is my directory structure: / | |-index.php | | -----/php/1.php which makes a require call to a file outside of the webroot a few directories back. The call works fine without all of this.

IIRC it means the the column name ID exists in both tables.

Correct. Tried this: die($_SERVER['PHP_SELF']); and it echos this: /php/1.php so i made the edit: <?php if ( $_SERVER['PHP_SELF'] != '/php/1.php' ) { header("Location: 404.php"); } ?> and put that at the top of 1.php. Still accessible. Checked directory and file permissions just in case: Directory: 755 File: 644 Which is normal.

As I typed the statement I immediately wanted to eliminate ajax as the problem. I then made the exact link somewhere else on the page without any JS interaction and same result. Is there no way around this? I gave you a solution... Here... read how I use the script, and you might see it's the same scenario as you: index.php on my website is the backbone... it loads all my content pages with includes depending on a value i set in my session variable. so... if I click a link for "home", it reloads index.php and then index.php include()'s home.php. the problem is, I have index.php load a header for each page, so I don't want people directly accessing my php files, home.php for example. so... i put that script at the top of home.php and then if someone try's to directly access it, the script sees that index.php isn't he parent document so it redirects them to 404. if index.php accesses it on the other hand, the script sees that the parent document IS index.php so it doesn't redirect and everything works just fine. I'm pretty sure this would work for your situation. Heck, tell me the name of the html file and I'll even write the exact script you can copy/paste into the top of 1.php. The actual names of the files are: index.php /php/1.php which contains (require("/journal/round-one.php") ../../journal/Round_one.php I've tried all of the following: <?php if ($_SERVER['PHP_SELF'] != '1.php') { header("Location: 404.php"); } require("/journal/round-one.php") ?> <?php if ($_SERVER['PHP_SELF'] != 'php/1.php') { header("Location: 404.php"); } require("/journal/round-one.php") ?> <?php if ($_SERVER['PHP_SELF'] != 'index.php') { header("Location: 404.php"); } require("/journal/round-one.php") ?> Nothing on all three. Access to the file is prevented on the index.php but when called via hyperlink its a no go. Access denied.