I've been coding on my Local Machine recently using PHP 5.6.30 Built-in Server, just today I moved my local host files to my Amazon EC2 Windows Server with PHP 5.6.30 already installed, scanning my website with Acunetix, I saw a bug/vulnerability which downloaded my source code just by changing .php (Small Letter) to .PHP(Capital Letter).
The Question is This:
Is this Normal for the Built-in Server to download my source code to visitor or hacker when .php is capitalized or my bug, I always try to prevent myself from being hacked by all means...
E.g
I have index.php on my localhost served through PHP 5.6.30 Built-In Server.
When User visit same page (index.PHP), it download the code...
I was able to figure this out by replacing the server PHP.ini to the php.ini-production, moving the server to APACHE and it stopped acting that way.
# castis hinted me on that word "production".
Thanks.
Related
I'm an absolute beginner when it comes to PHP. I have a standard html/css/js project that I'm editing with VS code and running a development server with the Live Server extension, which is running on localhost:5500.
I'd like to integrate a single .php file into my project which will handle a form submission.
Will I need xampp running on my local machine in order for the .php file to work?
At the moment the form action is sending a post request to my .php file but I get a 405 error from the browser.
Yes, A PHP processor is needed for the PHP code to work. If you have XAMPP installed (which means you have php), you can run
php -S localhost:5501 (make sure C:/xampp/php is in your PATH environment variable)
in the root directory of your project, this will start a PHP server and you don't have to move everything to the htdocs folder.
You need a server capable of processing PHP.
That doesn't need to be Apache HTTPD. If you do pick Apache HTTPD then you don't need to install it as part of XAMPP.
The Live Server extension is not capable of processing PHP so you need a different server. (I think I saw a PHP capable equivalent in the extensions library in VS Code, but I recall it being quite fiddly to configure.)
Yes, you need a server (apache or nginx) + php.
Xampp include all this in one application: x (SO) A (apache) M(mysql) P(perl) P(php)
HI I am trying to configure IIS7 to run PHP on a windows 2008 server machine.
I have followed this guide, php running on IIS7
Everything went well and I am sure it was working!!
However now when I try and run phpinfo.php the browser wants to download the page rather than running the script.
The handler mapper is configured the same as the the example. fastCGI/CGI is installed and enabled.
a normal index.html open no problem.
I have checked permissions, created a new empty site apart from phpinfo.php
I developed the site on my pc in a xampp environment where everything work great. First time I have tried to convert a site from xampp to IIS.
Their is no entry in the MIME Types, I am wondering if the WEB.CONFIG file is the issue but I don't know enough about what the file should/shouldn't contain.
thanks for any help
you can use http://php.iis.net/ to install php into your IIS setup. It comes with a manager to help you easily implement php in to your iis server and is way easier then trying to configure it manually. Hope this helps.
I am very new to web development and I have decided to learn the ropes of php with mysql. I am currently taking an online course from Lynda.com teaching me on concepts of php and mysql.
I have installed the WAMP server on windows 2008 box and I can start all the apache services and when I go to http://localhost it opens up the WAMP webpage and when I click on phpinfo() it takes me to my php page showing me the version (5.5.12)
I have also configured IIS using this link but no luck when I open my php file I get the source code display in my internet explorer with all the html formatting. Its just a simple "hello world" file and the file extension is *.php
Ok, I think I know where I was going wrong.. I had created folder on my desktop and then saved the php file in it and was browsing to that file from IE.
What I need to do is browse using http://localhost... so I placed the same file in the www folder under the WAMP directory and then did http://localhost/helloworld.php and it opened up!
But there should be away I can use files from my desktop instead of placing the files in the www folder...
I have found a very good gallery (EasyGallery) script that I integrated into my website and it was working fine on the wamp server on my computer. However, when I uploaded it to my web hosting (paid, supports php, databases etc) the script would not load. I tried 3 different web hostings both the original version of the script and modified version that I integrated into my website.
So my question is why the gallery script that can be found here http://www.freitagmorgen.de/#/
works with WAMP on my computer but does not work on the servers.
PHP versions:
Paid Hosting - PHP Version 5.2.17
Wamp - 5.3.13
Other Web Hostings - 5+ (correct ones)
Required by the script: 4+
Regarding the instruction on their website:
I have set the right permissions for Pictures folder (+subfolders) - 0755
the address of the website and the gallery is http://dmbathrooms.co.uk/test/gallery.php#/
it can read the styles bit, hence the grey background but not the rest
By far the most likely cause is that there is a relative/absolute path issue, so on your local computer it works but when put online the paths are computed incorrectly. Without code or a link to the broken page I can't say just what path is set incorrectly, but this is an extremely common cause of problems when going from localhost development to publishing a website online.
The other most common cause is directory permissions, as this is almost never an issue on localhost and almost always an issue on a hosted server. That's something that only you can check, however.
From the same website:
INSTALLATION
Extract and copy to your Webserver
Make the PICTURES/ folder writeable (chmod 775)
Copy your images to the PICTURES/ folder
You need a Webserver with at least PHP 4 installed.
check php version on your server.
I'm starting a new project using Linux and PHP, but for the early dev state i'm now, I'm trying to use XAMPP for now.
I'm Running Ubuntu 10.04 x64 on a laptop, And got everything I need. The site I should build is based upon CodeIgniter and some implementation of smarty, but I think this is not that important because the same site runs pretty well on windows (with XAMPP )
The Problem I have is, if I put some php file on the root (like foo.php) with phpinfo() on it, the server parsed it as it should be, but when I try to get the url for one CodeIgniter app (as http://localhost/site/site.php ), Firefox tries to download the file & Chrome alerts some server error.
Again, the site as it works perfectly on windows (I share code using mercurial, if that's important)
I have around 3 codeigniter apps sharing the same System folder, and those get pickup by the loader (as site.php, admin.php...), but anyone I pick I still getting the same msg.
Also, the server list all the files perfectly, and tried to rename the file and then asked for the same (to see if the problem is cache or something) but I get a 404.
I'm also a newbie on apache and linux in general, I don't know what to do...
Check your apache.conf and httpd.conf. There are configuration entries called AddHandler which assign a module to each file extension which should handle this. If no module is provided the apache will send the file as plain text to the client.