dev99

Can anyone help me with this? It's been so long...

ok found my answer just had to change the ^(www\.|) to ^(www\.|)?

After install php and apache on a debian server i found out that people who upload files under /var/www/users/username username is the users foldername... can access upper directory.. so they can see and edit files everywhere on the system... How can i prevent this? only way i found was to change open_basedir = . under php.ini but that also blocks from installation of many php scripts... Thanks

my script is to create a database with NO root priviliges... and i keep getting errors when i try to create one... <?php if (empty($_GET['mode'])) { echo "<form action='/create_db.php?mode=process' method='post'> <table border='0' cellpadding='2' cellspacing='0' width='100%'> <tr> <td valign='top' align='left'><b><u><font face='Arial,Helvetica,Geneva,Swiss,SunSans-Regular' size='-1'>Database Name:</font></u></b><br> <td valign='top' align='left'><input name='dbname' value=''></td> </tr> <tr> <td valign='top' align='left'><b><u><font face='Arial,Helvetica,Geneva,Swiss,SunSans-Regular' size='-1'>Login to Database:</font></u></b><br> <td valign='top' align='left'><input name='username' value=''></td> </tr> <tr> <td valign='top' align='left'><b><u><font face='Arial,Helvetica,Geneva,Swiss,SunSans-Regular' size='-1'>Password:</font></u></b><br> <td valign='top' align='left'><input type='password' name='pass'></td> </tr> <tr> <td valign='top' align='left'><b><u><font face='Arial,Helvetica,Geneva,Swiss,SunSans-Regular' size='-1'>Re-enter Password:</font></u></b><br> <td valign='top' align='left'><input type='password' name='pass2'></td> </tr> <tr> <td valign='top' align='middle' colspan='2'><br><input type='hidden' name='createdb' value='1'><input type='submit' value='Create Database'></td> </tr> </table> </form>"; } elseif ($_GET["mode"] == "process") { extract($_POST); if ($pass == $pass2) { mysql_connect("localhost","root","mypass"); $sql = "GRANT ALL PRIVILEGES ON $dbname.* TO '$username'@'localhost' IDENTIFIED BY 'pass'"; echo $sql; if (mysql_query($sql)) { echo "Successfully created user account $username <p>"; } else { echo mysql_error(); } mysql_close(); mysql_connect("localhost",$username,$pass); $sql = "CREATE DATABASE $dbname"; if (mysql_query($sql)) { echo "Database $dbname created successfully!"; } else { echo mysql_error(); } } else { echo "Your passwords do not match! Try again!"; } } ?>

RewriteMap lowercase int:tolower RewriteEngine on RewriteCond ${lowercase:%{HTTP_HOST}} !^$ RewriteCond ${lowercase:%{HTTP_HOST}} !^www\.hf-online.com$ RewriteCond ${lowercase:%{HTTP_HOST}} ^(www\.|)([^.]+)\.hf-online\.com$ RewriteRule ^(.+) ${lowercase:%{HTTP_HOST}}$1 [C] RewriteRule ^(www\.|)([^.]+)\.hf-online\.com(.*) /users/$2$3 [L] RewriteCond ${lowercase:%{HTTP_HOST}} ^(www\.|)[^.]+\.[^.]+\.hf-online\.com$ RewriteRule ^(.+) ${lowercase:%{HTTP_HOST}}$1 [C] RewriteRule ^(www\.|)([^.]+)\.([^.]+)\.hf-online\.com(.*) /users/$3/$2$4 [L] Code above works fine with apache 2.20 but with apache 1.3 apache won't start error: Syntax error on line 1082 of /etc/apache/httpd.conf: RewriteCond: cannot compile regular expression '^(www\.|)([^.]+)\.hf-online\.com$'