I know this is a security threat and is bad from a security aspect alltogether, but for a specific reason, i need this to work. I have a program running on Ubuntu 16.04. Let's say for this example, that it's a DNS server or whatever.
What i'm trying to do, is edit the DNS server configuration file, located in /etc/xxx from a web page, which is using PHP fopen, fwrite and fclose. Because you can't access a file directly located in /etc/xxx/somecfg.cfg anyways, since it doesn't have www-data permissions, i've tried linking it to /var/www/html, both soft and hard linking it. When i create a hard link, it changes the original cfg file too if i edit it by hand, but as soon as i edit it via PHP, only the hard-link file changes, but not the original file.
I've been trying to fix this during the weekend but i can't seem to be able to do it.
Does anyone have an idea on how i would go about fixing this? I'm open to other ideas too. The main goal is to edit a package configuration file from within a web page.
TL;DR: I'm trying to edit a config file in /etc/xxx from /var/www/html/someaction.php and doing it directly doesn't work (obviously), but hard links and soft links are acting weird - the links' content changes, but the original cfg file doesn't.
Thanks!
The issue was that i accidentally put unlink at the beginning of the code and the hard link was deleted, so i basically made a new file each time i wrote to it.
It's fixed now.
Related
I've got a legacy PHP project to fix a thing or two. I've downloaded it via FileZilla and served it on my local machine with a local copy of the database. The project is exactly the same with the live one, yet the live one can open the url/contact.html but on my machine it says no such file is found. All other pages go for url/categories/ or url/products/ so I've tried altering the url but no use.
All the other pages within the site are simple: one .php controller one .php model and one .tpl smarty template view. Requiring no .html at all. But this one is somehow different. The .htaccess file is exactly the same as the live version. I've tried adding a rewrite rule to direct every .html to .php but didn't work. I'm lost and out of options, please help? It doesn't even have to be an answer,"Try looking into that" would work too.
I'm working via XAMPP on windows, and I've configured the https:// to http:// on my project but that's all. Even hidden files are checked and confirmed.
have checked that contact.html is a static file (like a real existing html file?)
is there some kind of "routing" within the PHP of the project? If there is route urls might be really anyware.. in the mysql database, redis, a json file and whatnot.. have seen them all.
try to debug where and how it works on the "production" server by using some logging to a file edit the file through filezilla and log to a 'mylog.log' file until you find out what is going on.. or if the site is not used all the time by clients - you can just try to echo stuff to figure out how this exact /contact.html works
I would like to change the theme file through the Wordpress Admin Panel, in menu Appearance > Theme Editor, but I've got the message:
Something went wrong. Your change may not have been saved. Please try again. There is also a chance that you may need to manually fix and upload the file over FTP.
Everything was working correctly before I've made some changes in the file and upload it through the FTP back to the server. I am able to change every other file in Theme Editor, but this one. The rights are the same as in other files I am able to change, the owner and group are the same too. It looks that everything should work, but this and only this one file I have updated via FTP I am not able to change through the Theme Editor of Wordpress Admin Panel.
Any idea what could be possibly wrong? What I have done wrong? Please help me somebody, in the most of the time I am on the "safe" network, and the server FTP is not accessible from my computer.
Thank you.
Check Theme Permission
One of the first things you got to check the theme files and folder permissions.
If you are running on shared hosting then mostly it would be alright. However, if using VPS or Cloud then you got to ensure the same user owns theme files as web server (Nginx or Apache HTTP) running.
Modify File Permissions with chmod
FYR :- https://www.linode.com/docs/tools-reference/tools/modify-file-permissions-with-chmod/
Check Security Plugins
Are you using any security plugins? Do you have the option to check their logs to see how exactly your request is being treated?
Alternatively, you can quickly disable the security plugin and verify if that works.
I have finally solved the problem. There were two things with I have mislead my question.
The first one was that I wrote "Everything was working correctly before I've made some changes in the file and upload it through the FTP" and after that I wrote it again in the comment of the answer - I was so sure that I have tried the same file before, but I have not, it definitely was another one, I am sorry.
And the second was that I did not write specific file name. The file was includes/_wp_utils.php. Somebody would maybe notice that this is the biggest file in that directory. And that was the problem. I do not know why - maybe it was too big for server processing or something else (120KB), but I noticed it later, and I have tried to split the file to a few smaller files and I have included them into the includes/_wp_utils.php with the command include_once __DIR__ . '/_wp_utils/_nth_part_of_original_wp_utils.php';.
Thank you #G.D Udara Lahiru Sampath, I absolutely liked your answer. It was useful and very important to check.
I'm doing some analysis on user keystroke patterns for a biometrics-related prototype that I'm building. I'm having an issue where I pass variables via POST to another webpage, and that webpage calls a script that writes to the local server in a directory based on the data that's passed to it.
My prototype is simple: the user types some data into a text form, the keystrokes are collected, the user clicks submit at the end of the task, and that data is sent off to the server to be analyzed. However, PHP refuses to write to the directory specified via the web. If I go into the command-line PHP, it works. I even tried changing POST to GET in insertData, and passing in the data manually.
Here are a few things I think could be wrong:
My AJAX is wrong. It worked locally, but doesn't work on the web. However, I could have inadvertently changed something, and that's the source of this issue.
My file permissions for apache are incorrect. It's odd, though, because Apache owns the folder/file in question. SELinux is disabled, so that's one thing off of the list. I even tried chmod 777 on the folders in question, to no avail.
There's a directive in httpd.conf that I'm missing, and apache is just not allowing web writes.
Server information:
CentOS 5
Apache2.2
PHP 5.3.6
Here is the source code for clarification. Assume all site names et al are correct.
http://jyaworski.pastebin.us/2799
GatherData.php
http://jyaworski.pastebin.us/2800
GatherData.js
htt://jyaworski.pastebin.us/2801 //sorry. SO won't let newbies post more than 2 links. Add a "p" to http
InsertData.php
Thank you in advance; this issue has been plaguing me for some time.
Apache probably doesn't have write permissions on ".". Try putting it in /tmp and see if that fixes your problem. If so leave it there or add write permissions for apache in the directory you're trying to save the data to.
$dir = '/tmp/userdata/'.$id.'/';
A while back I asked how to open a file in actionscript to supply information for my flash banner.
It works nicely when I just open the flash file on my computer, but when I upload it to my website it does not show the data from the remote text file...
I know that the file reading bit of the program is correct, as it reads local files on the same web server just fine. So I assume it has something to do with either PHP or the FlashPlayer.
Thanks for any help you can give me!
===
How stupid of me to forget to mention that the file being loaded is from a remote server.
Thus the path to it is an actual URL. As I said this works fine on the computer regardless of whether the file is local or a remote file.
But on the PHP webserver it only wants to read the local files, it doesn't Read the Remote ones...
===Update
I've tried the crossdomain.xml solution, but it seems not to be working.
The banner is located on the actual webserver (http://forum.mydomainhere.com/)
while the text file is located at:
http://files.mydomainhere.com/ - this is a DNS reference to my file server.
The xml file i created looks like:
<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="www.forum.mydomainhere.com/" />
</cross-domain-policy>
As it said I put it on the http://files.mydomainhere.com/ server.
==
EDIT
I changed the www. simply to a * which made it work. That's when I removed the www. bit and it still works like a charm. my quess is my forum doesn't work at www. but just a http://
Thanks for all the help people :)
You're probably having a path issue, meaning Flash can't find the specified file. Flash loads external files starting from its containing page location, eg: the PHP page that contains it, not where the SWF is located.
Further, path may be handled differently on the web server than on the local file system. If you are using relative paths, try adding "./" onto the path, or removing "./" if it is already there.
If you are using absolute paths, make sure the path is in the same domain as the SWF. If the browser is at http://www.mysite.com but Flash is loading the file from http://mysite.com (no www) it is actually in a different security domain, and outside of your sandbox. Make sure they are the same.
If you post some more details, we'll be better able to identify your problem.
I hope that helps,
Edit
Based on comment below, you need a cross domain file on the other server. Lots of info on the web about those, start here for a good guide: http://kb2.adobe.com/cps/142/tn_14213.html
SWF's have different security rules based on where you are running them, when you are debugging through one of the IDE's the security settings are very relaxed.
I have an index.html in my wampserver www directory. On this html, there is a link for a user to upload file. When I hit the link, I select files to upload but instead of the uploadmanager.php which i have tested in my eclipse debugg environment to work, it displays the some part of the code on the web page without doing anything thing. This is not what I expect. Can someone please tell me what is wrong? Thank you.
sound like you are using php-short-open-tags (<? instead of <?php) without enabling this in your php.ini. change your php.ini or use the standart open-tags to solve this.
Are you sure you enabled PHP in WAMP?
Try creating a new uploadmanager.php file directly in wamp/www (or whatever subdirectory) and paste the code from your tested uploadmanager script into the new file. Then try to run it in WAMP.
I think it is a permissions problem. I copied an index.php file into a c:/wamp/www/subdirectory and it only displayed the code. Once I created a new index.php file and pasted the contents of the old file into it, it worked perfectly.
Are you posting to the uploadmanager.php page? Are you getting an error or just seeing the code? Can you post the code from the index.html page that handled the form and the part of the php code you're seeing for us to look at?
Every now and then I have Apache serving the .php as downloadable files instead processing them on the server, but only with random requests.
Some reasons, why this might happen, are
PHP misconfiguration
PHP-files in a directory without execute rights
wrong content type sent
timeout from script execution
In my situation the last bullet is the most dangerous, but luckily it seems to show up only immediately after modifying some of the .php files. I haven't tracked the problem any deeper yet, but it seems to relate some filesystem level operations (as the disk I/O is a bottleneck) and presents itself only in testing env.