ERuiz Posted January 13, 2007 Share Posted January 13, 2007 I am passing a URL variable which is a username, but since the username includes a first and last name separated by a space, the url being passed looks like this:/login.php?btnSubmit=Login&username=Efrain%20RuizThe space is being converted to %20 before it reaches login.php, so the script is giving a user not found error.How can I prevent %20 from being added? Or is there a way for the login.php file to strip that %20 before it accepts the username variable?Regards,ERuiz Quote Link to comment https://forums.phpfreaks.com/topic/33994-how-to-prevent-20-from-being-passed/ Share on other sites More sharing options...
Jessica Posted January 13, 2007 Share Posted January 13, 2007 url_decode Quote Link to comment https://forums.phpfreaks.com/topic/33994-how-to-prevent-20-from-being-passed/#findComment-159780 Share on other sites More sharing options...
ERuiz Posted January 13, 2007 Author Share Posted January 13, 2007 Thanks for the reply, Jesirose. But, how would I implement that url_decode? Sorry for my ignorance... :-\ Quote Link to comment https://forums.phpfreaks.com/topic/33994-how-to-prevent-20-from-being-passed/#findComment-159786 Share on other sites More sharing options...
trq Posted January 13, 2007 Share Posted January 13, 2007 [code=php:0]$username = url_decode($_GET['username']);[/code] Quote Link to comment https://forums.phpfreaks.com/topic/33994-how-to-prevent-20-from-being-passed/#findComment-159788 Share on other sites More sharing options...
ERuiz Posted January 13, 2007 Author Share Posted January 13, 2007 [quote author=thorpe link=topic=122208.msg503830#msg503830 date=1168664395][code=php:0]$username = url_decode($_GET['username']);[/code][/quote]Hi Thorpe,Ok, here is the code which I believe gets the username from the URL:[code]if(@$_REQUEST["username"] || @$_GET["username"]) $smarty->assign("value_username","value=\"".htmlspecialchars(postvalue("username"))."\"");else $smarty->assign("value_username","value=\"".htmlspecialchars(refine(@$_COOKIE["username"]))."\"");[/code]How would I employ this url_decode into this?Thanks!ERuiz Quote Link to comment https://forums.phpfreaks.com/topic/33994-how-to-prevent-20-from-being-passed/#findComment-159793 Share on other sites More sharing options...
trq Posted January 13, 2007 Share Posted January 13, 2007 Honestly... if you didn't write the code your in the wrong place. Here...[code=php:0]$smarty->assign("value_username","value=\"".htmlspecialchars(postvalue(url_decode("username")))."\"");[/code] Quote Link to comment https://forums.phpfreaks.com/topic/33994-how-to-prevent-20-from-being-passed/#findComment-159794 Share on other sites More sharing options...
ERuiz Posted January 13, 2007 Author Share Posted January 13, 2007 Thorpe,I gave it a try and it didn't work. And honestly, I am way out of my league here! hahahaahah Sorry to bother you guys, but I just wanted to get this script working as I needed it to.Don't want to take a look at the whole code snippet and see what is wrong? It's ok if you say no, I won't mind... :) Quote Link to comment https://forums.phpfreaks.com/topic/33994-how-to-prevent-20-from-being-passed/#findComment-159795 Share on other sites More sharing options...
trq Posted January 13, 2007 Share Posted January 13, 2007 We'd need to see the postvalue() function as that is not a native php function. Find it, and post it. It'll look something like...[code=php:0]function postvalue ($str) { // contents}[/code]it might not be within the script itself, but one of the includes. Quote Link to comment https://forums.phpfreaks.com/topic/33994-how-to-prevent-20-from-being-passed/#findComment-159809 Share on other sites More sharing options...
ERuiz Posted January 13, 2007 Author Share Posted January 13, 2007 Here is the entire code for the login.php file. I looked at a file called dbconnection which has all function calls and no reference is made to postvalues.[code]<?phpini_set("display_errors","1");ini_set("display_startup_errors","1");set_magic_quotes_runtime(0);include("include/dbcommon.php");if(@$_REQUEST["a"]=="logout" || @$_GET["a"]=="logout"){ session_unset(); setcookie("username","",time()-365*1440*60); setcookie("password","",time()-365*1440*60); header("Location: login.php"); exit();}if(!@$_SESSION["MyURL"]) session_unset();include('libs/Smarty.class.php');$smarty = new Smarty();$myurl=@$_SESSION["MyURL"];unset($_SESSION["MyURL"]);$defaulturl=""; $defaulturl="pirep_list.php";$strMessage="";if(@$_COOKIE["username"] || @$_COOKIE["password"]) $smarty->assign("checked"," checked");if (@$_REQUEST["btnSubmit"] == "Login"){ if(@$_REQUEST["remember_password"] == 1) { setcookie("username",postvalue("username"),time()+365*1440*60); setcookie("password",postvalue("password"),time()+365*1440*60); $smarty->assign("checked"," checked"); } else { setcookie("username","",time()-365*1440*60); setcookie("password","",time()-365*1440*60); $smarty->assign("checked",""); }// username and password are stored in the database $conn=db_connect(); $strUsername = (string)postvalue("username"); $strPassword = (string)postvalue("password"); $sUsername=$strUsername; $sPassword=$strPassword; $rstemp=db_query("select * from `jos_users` where 1=0",$conn); if(FieldNeedQuotes($rstemp,$cUserNameField)) $strUsername="'".db_addslashes($strUsername)."'"; else $strUsername=(0+$strUsername); if(FieldNeedQuotes($rstemp,$cPasswordField)) $strPassword="'".db_addslashes($strPassword)."'"; else $strPassword=(0+$strPassword); $strSQL = "select * from `jos_users` where ".AddFieldWrappers($cUserNameField). "=".$strUsername." and ".AddFieldWrappers($cPasswordField). "=".$strPassword; if(function_exists("BeforeLogin")) if(!BeforeLogin(postvalue("username"),postvalue("password"))) $strSQL="select * from `jos_users` where 1<0"; $rs=db_query($strSQL,$conn); $data=db_fetch_array($rs); if($data && @$data[$cUserNameField]==$sUsername && @$data[$cPasswordField]==$sPassword) { $_SESSION["UserID"] = postvalue("username"); $_SESSION["AccessLevel"] = ACCESS_LEVEL_USER; $_SESSION["OwnerID"] = $data["id"]; $_SESSION["GroupID"] = ""; if(function_exists("AfterSuccessfulLogin")) AfterSuccessfulLogin(); if($myurl) header("Location: ".$myurl); else header("Location: ".$defaulturl); return; } else { if(function_exists("AfterUnsuccessfulLogin")) AfterUnsuccessfulLogin(); $strMessage = "Invalid Login"; }}$_SESSION["MyURL"]=$myurl;if($myurl) $smarty->assign("url",$myurl);else $smarty->assign("url",$defaulturl);if(@$_REQUEST["username"] || @$_GET["username"]) $smarty->assign("value_username","value=\"".htmlspecialchars(postvalue("username"))."\"");else $smarty->assign("value_username","value=\"".htmlspecialchars(refine(@$_COOKIE["username"]))."\"");if(@$_REQUEST["password"]) $smarty->assign("value_password","value=\"".htmlspecialchars(postvalue("password"))."\"");else $smarty->assign("value_password","value=\"".htmlspecialchars(refine(@$_COOKIE["password"]))."\"");if(@$_GET["message"]=="expired") $strMessage = "Your session has expired. Please login again.";$smarty->assign("message",$strMessage);$smarty->display("login.htm");?>[/code] Quote Link to comment https://forums.phpfreaks.com/topic/33994-how-to-prevent-20-from-being-passed/#findComment-159812 Share on other sites More sharing options...
ERuiz Posted January 13, 2007 Author Share Posted January 13, 2007 Here is the info! It was in a file called commonfunctions.php ;)[code]// return refined POST or GET value - single value or arrayfunction postvalue($name){ if(array_key_exists($name,$_POST)) $value=$_POST[$name]; else if(array_key_exists($name,$_GET)) $value=$_GET[$name]; else return ""; if(!is_array($value)) return refine($value); $ret=array(); foreach($value as $key=>$val) $ret[$key]=refine($val); return $ret;}[/code] Quote Link to comment https://forums.phpfreaks.com/topic/33994-how-to-prevent-20-from-being-passed/#findComment-159813 Share on other sites More sharing options...
ERuiz Posted January 13, 2007 Author Share Posted January 13, 2007 This code appears BEFORE the code above:[code]// refine value passed by POST or GET methodfunction refine($str){ $ret=$str; if(get_magic_quotes_gpc()) $ret=stripslashes($str); return html_special_decode($ret);}[/code] Quote Link to comment https://forums.phpfreaks.com/topic/33994-how-to-prevent-20-from-being-passed/#findComment-159817 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.