Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question appears to be off-topic because it lacks sufficient information to diagnose the problem. Describe your problem in more detail or include a minimal example in the question itself.
Closed 8 years ago.
Improve this question
I know you can connect to a database with mysqli_connect("example.com","user","pass");, but wouldn't anyone who has access to the file have access to the database since he can see the user and password? How to change that?
PHP is a server-side language. You can't see php code in your browser. Unless your php "echo" or "output" something out. You can see "html","css","javascript" codes by clicking veiw source on your browser. But you'll never see "PHP" or "ASP" code because they are server side. The server process the command , not the browser. So you can be sure that no one will see your password unless they gain access to your website's files.
You always will need the password and username to connect.
You can of course deny access to the file that contains you data by a .htaccess file. However it is always smart to keep those settings in a settings file that is placed outside of your browse able content (and preferably your git or svn repo as well).
Like that people need access to your server (or a big error in the code) to be able to access that file.
Related
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question appears to be off-topic because it lacks sufficient information to diagnose the problem. Describe your problem in more detail or include a minimal example in the question itself.
Closed 8 years ago.
Improve this question
Can PHP pages be run locally?
I am trying several demos on creating a contact form, at the moment I am trying this one:
http://www.html-form-guide.com/contact-form/php-email-contact-form.html
I have downloaded the source files and put my own email address in, but when I click submit I get directed to the PHP page. The form's action attribute is set to that PHP page, so I was wondering if it is because PHP is not able to run locally? If I want the form to submit and send to my email would I need to put the downloaded source pages online to make them work?
This is not the only tutorial I've used where this happens.
Sorry if this is a silly question - newbie web developer :).
Thanks.
PHP, in this context, is a server side language. It must be run by a webserver.
The webserver can be installed and run locally.
PHP needs to be executed server-side, which means you will need to set up a local webserver.
The best way to go would be taking a look at WAMP or MAMP or LAMP, depending on your operating system.
You need to be running a PHP server locally, and have the file "hosted" by the server (in the same folder, but usually /var/www/). There are a verity of free programs for this. I like WAMP ( http://sourceforge.net/projects/wampserver/)
You should simple install WAMP server. If you use Windows I recommend this one: http://www.easyphp.org/
When you install it you should copy php file to projects directory and then you can run in your browser http://localhost/projects/ to see your file and to execute it
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 8 years ago.
Improve this question
I have LAMP installed in my server and I use virtualhosts to map domains to subdirectories. I need to allow my customers to upload files (including php) to their server using FTP.
The problem is that a customer using a domain xxx.com.br uploaded a file test.php and executed it like:
xxx.com.br/test.php
The content of test.php if file_put_contents("../../xxx.txt","teste") and it worked! The file xxx.txt was created 2 levels above his domain folder! How do I prevent this from happening?
Don't give the PHP process access to directories it isn't meant to reach.
That's kind of the point of the whole permission system.
In Linux, PHP will generally run as its own user, just make sure that user doesn't have read or write permission to any files you don't want exposed.
For this purpose exists open_basedir configuration directive. More information about it for example here.
Moreover it is good to use FastCGI which allows each script to be run under its owner. More information about it for example here.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 9 years ago.
Improve this question
I've got WAMP server on my Windows machine (just starting to study Servers and what not so I'm new to all this).
What I want to know is how can I give Apache permission to access a folder, but users should not be able to access that folder.
I've got a folder containing images which anyone would be able to view if they knew the structure of my server's file system and directories. Therefore, what I wish to do is that this folder should be accessible by my .html and .php pages but not by a user who inputs the URL of the folder/image directly in their browser.
I realize this may not be possible, but there must be some alternative to what I'm trying to achieve. I'm very new to all this so I'd like to know if I'm going about this wrong way, whether I'm on the right track or if I simply need to edit my permissions in the httpd.conf file.
Unfortunately that's not possible. The way the browser loads images when they're referenced in your website is not different from the way it does load them when a user enters the same URL directly. SO you get either both or none.
What you CAN do is: disable indexing, so entering just the directory name without the image name results in an "Access Forbidden" error. For that, put this anywhere in your Apache config:
<Directory c:/path/to/your/directory>
Options -Indexes
</Directory>
(You may have to use Backslashes on Windows, not sure. Haven't done any Apache config on Windows fore some time. Can anybody help me out here?)
Another thing you can do is to write an PHP (or use any other server side language) script that reads those images and pases them to the browser. That way, you could check the referrer the browser sends and react to it. But I would not recommend this, as it yields more trouble than it solves, therefore I won't give you a ready made script for this.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
Questions concerning problems with code you've written must describe the specific problem — and include valid code to reproduce it — in the question itself. See SSCCE.org for guidance.
Closed 9 years ago.
Improve this question
I am making an android app using php and mysql. I am using Dreamweaver while making this using phonegap. If I create this using index.html file. It works fine, But I dont want to use .html extension. I want to use .php. Where I can fetch my data form MYSQL and display my results after logged in into my app. Please share your views that how can I use index.php and other .php files in it.
I am having this error while using index.php
You can't, you have to set the index page to make a HTTP request.
http://phonegap.com/about/faq/
Q: Can you use PHP/ASP/JSF/Java/.NET with PhoneGap?
A: A PhoneGap application may only use HTML, CSS, and JavaScript.
However, you can make use of network protocols (XmlHTTPRequest, Web
Sockets, etc) to easily communicate with backend services written in
any language. This allows your PhoneGap app to remotely access
existing business processes while the device is connected to the
Internet.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 9 years ago.
Improve this question
Seomeone placed script in my site that send email, how I cant found this script ?
I use parallels and Linux CentOs.
I'm search keyword in site "mail(", but also cant be that code is like hash
It could be anywhere, and it could be anything. It could even have been deleted.
We did have a situation a while back where a client lost control of their password due to a keylogger and someone was uploading a CGI script to spam emails, running it then deleting it. We only found out via FTP logs what was going on.
Try checking your ftp logs, web server logs and if all that fails and you are sure it is php then try searching for eval( as that is an often used tactic to hide what a script is doing.
More importantly though, my suggestion would be to get someone who is experienced in server management to have a look at your site as a matter of urgency. If they were able to upload a file to your site once, then even if you remove it, it won't stop them doing it again until you find exactly how they were able to do it.
You might also have a look at your scripts. Is there a contact form somewhere on your site? You might have not escaped userinput very well, which gives an attacker the ability to send mails to other recipients.
I had a similar situation in my early days until the host blocked the script and told me to fix it.