I have this code which logged if someone try to sql inject me. The problem is that doesn't want to write in that file. What can be the problem?
$queryString = strtolower($_SERVER['QUERY_STRING']);
if (strstr($queryString,"<") OR strstr($queryString,">") OR strstr($queryString,"(") OR strstr($queryString,")") OR
strstr($queryString,"..") OR
strstr($queryString,"%") OR
strstr($queryString,"*") OR
strstr($queryString,"+") OR
strstr($queryString,"!") OR
strstr($queryString,"#")) {
$loc = $_SERVER['PHP_SELF'];
$ip = $_SERVER['REMOTE_ADDR'];
$date = date ("d-m-Y # h:i:s");
$lfh = "try.txt";
$log = fopen ( $lfh,"a+" );
fputs ($log, "Attack Date: $date | Attacker IP: $ip | QueryString: $loc?=$queryString\n");
fclose($log);
echo "What are you doing?!"; exit;
The file is in the same folder.
#Niet the Dark Absol - >I use this to prevent sql injection. Is it good?
$username = htmlspecialchars(mysqli_real_escape_string($con, addslashes($_POST['username'])));
$password = sha1($_POST['password']);
$query = mysqli_query($con, "SELECT * FROM users WHERE username='".addSlashes($username)."' AND password='".addSlashes($password)."'");
You may right the script like this to save your txt file.
$arquivo = "Logger.txt";
$texto = "[".$hora."][".$ip."][".$_SESSION['username']."] > ".$msg." \n";
$manipular = fopen("$arquivo", "a+b");
fwrite($manipular, $texto);
fclose($manipular);
Related
I am developing a website where users can type message in a div.
This is the format of the message which will be saved in the file post_archieve.php.
The problem is that the most recent message is on the bottom, and the oldest message is on the top of the div which is the opposite of what I intended.
How can I get the messages to appear in the correct order?
$handle = fopen("post_archieve.php", "a") or die("error"); //deschid cu a ca sa pastreze continutul
$mesaj = $_POST['message'];
$timestamp = time()+ 60*60;
$Time = gmdate("d-m-Y H:i:s", $timestamp);
$postare = '<p class="paragraf">'.$Time."<br>".$username."\r\n"." : ".$mesaj.'</p>';
fwrite($handle, $postare);
fclose($handle);
Append mode adds what you write to the end of the file. If you want to insert at the beginning, you need to read the entire file into a variable, concatenate that to the new data, and rewrite the file.
$mesaj = $_POST['message'];
$timestamp = time()+ 60*60;
$Time = gmdate("d-m-Y H:i:s", $timestamp);
$postare = '<p class="paragraf">'.$Time."<br>".$username."\r\n"." : ".$mesaj.'</p>';
$contents = file_get_contents("post_archieve.php");
$contents = $postare . $contents;
file_put_contents("post_archieve.php", $contents);
Note also that your code is wide open to Cross-Site Scripting attacks. You should encode the message with:
$mesaj = htmlspecialchars($_POST['message']);
I've created data collection for a specific txt file. I need the script to separate records per days.
For example: today is 100 data and i need have a log16Jan.txt file, tomorrow we have 52 data and i need have a log17Jan.txt file?
How i can do that?
<?php
$name = $_POST['name'];
$tekst = "Name: $namee \r\n";
$uchwyt = fopen("log.txt", "a");
fwrite($uchwyt, $tekst);
fclose($uchwyt);
header("Location: http://#/complete.html");
?>
You can get the date using the date() function and add it to the file name, like this:
$name = $_POST['name'];
$tekst = "Name: $name \r\n";
// Adding today's date to the log file
$uchwyt = fopen("log".date("dM").".txt", "a");
fwrite($uchwyt, $tekst);
fclose($uchwyt);
header("Location: http://#/complete.html");
You could use the date() function.
And since you are creating log files you should consider using a log file name that will sort natively in date order in a directory listing. This will make it easier to find a specific log file in a large listing of files. It will also give you more log file cleanup/removal options.
For example:
// 2018-01-16-log.txt
$logFilename = date("Y-m-d") . "-log.txt";
$uchwyt = fopen($logFilename, "a");
UPDATE: per your request about adding a line number before each log line, there are many ways to do this and some depend on your server environment (Linux/Windows). You could read each line from the log and keep a counter. Or you could use a server utility, like Linux wc (Word Count). Here's one way to do it:
<?php
// 2018-01-16-log.txt
$logFilename = date("Y-m-d") . ".log";
echo "Log file = $logFilename\n";
if (! file_exists($logFilename)) {
$count = 0;
} else {
// use Linux wc utility
$count = system("wc -l < $logFilename");
$count = trim($count);
}
echo "Lines = '$count'\n";
$name = $_POST['name'];
if (! $name) {
$name = "NONE";
}
$tekst = "$count. Name: $name \n";
$uchwyt = fopen($logFilename, "a");
fwrite($uchwyt, $tekst);
fclose($uchwyt);
?>
I am working on this website(for minecraft servers) that when you enter in a few things about your server, it will upload the info onto the list of servers. The thing is, I am a complete noob at PhP.
Here is my form code:
http://pastie.org/8061636
And here is my php code:
<?php
$name = $_POST['sName'];
$ip = $_POST['sIp'];
$port = $_POST['sPort'];
$desc = $_POST['sDesc'];
$finalName = $ip."(".$port.").txt";
$file = fopen($finalName, "w");
$size = filesize($finalName);
if($_POST['submit']) fwrite($file, "$name, $ip, $port, $desc");
header( 'Location: http://www.maytagaclasvegas.com/uniqueminecraftservers/upload/' ) ;
?>
Now what I am trying to do it get do is create a new file name using $ip and $port, and put this into a table. Can anyone help a newbie out? Thanks
Try something like this
file_put_contents("/path/to/files/".$ip."-".$port.".dat",
$_POST['sName'].",".$_POST['sIp'].",".$_POST['sPort'].",".
$_POST['sDesc']);
Then to create your table you would need to do something like this.
$files = glob("/path/to/files/*.dat");
echo "<table>";
foreach($files as $file){
echo "<tr><td>".implode("</td><td>", explode(",",file_get_contents($file),4))."</td></tr>";
}
echo "</table>";
It would be a lot safer though to just use a database.
Try this one:
<?php
$name = $_POST['sName'];
$ip = $_POST['sIp'];
$port = $_POST['sPort'];
$desc = $_POST['sDesc'];
$finalName = $ip."(".$port.").txt";
if($_POST['submit']) {
$file = $finalName;
// Append a new person to the file
$content = "$name, $ip, $port, $desc";
// Write the contents back to the file
file_put_contents($file, $current);
}
?>
Note: Be sure you have write (may be 777 in linux) permission on your folder where you are saving the file.
hey guys i'm running a script on my site:
as a user logs into my website i write this days date into a text file so i can know at witch days the user was active on my website.
the thing is, if a user lets say didn't log out from the site for 2 days or more how can i check if he was on the site on those days? can some one give me a good suggestion?
here is the code i'm running as part of my login, just before i register the session: (by the way ill be glad to hear if there's a better way to do it?)
$log_file_name = "logfile.txt";
$log_file_path = "log_files/$id/$log_file_name";
if(file_exists($log_file_path)){
$not = "";
$todaydate = date('d,m,Y');
$today = "$todaydate;";
$strlength = strlen($today);
$file_contents = file_get_contents($log_file_path);
$file_contents_arry = explode(";",$file_contents);
if(!in_array($todaydate,$file_contents_arry)){
$append = fopen($log_file_path, 'a');
$write = fwrite($append,$today); //writes our string to our file.
$close = fclose($append); //closes our file
}
else if(in_array($todaytodaydate,$file_contents_arry)){}
}
else{
mkdir("log_files/$id", 0700);
$todaydate = date('d,m,Y');
$today = "$todaydate;";
$strlength = strlen($today);
$create = fopen($log_file_path, "w");
$write = fwrite($create, $today, $strlength); //writes our string to our file.
$close = fclose($create); //closes our file
}
This isn't something for a text-file to handle (as you will end up with hundreds of text-files), This should be handled with a database, and a set of Update Queries.
how can i customize the text name for the output on my fopen?
i tried using
$file = $Aname .'.txt';
but it won't output correctly, and also after creating the text file return to the page
and prompt the user regarding the creation of the file .
<?php
$saving = $_REQUEST['saving'];
if ($saving == 1){
$Aname = $_POST['Aname'];
$name = $_POST['name'];
$last = $_POST['last'];
$mob = $_POST['mob'];
$ext = $_POST['ext'];
$email = $_POST['email'];
$add = $_POST['add'];
$com = $_POST['com'];
$day = $_POST['day'];
$text = $_POST['text'];
$date = date("M j, Y ");
$data = "Date Sent: {$date}\n\nName: {$name} {$last}\nPhone : {$mob} ext: {$ext}\nCompany: {$com}\nAddress : {$add}\nE-mail : {$email}\nDay : {$day}\n\nNote :
\n{$text}\n---------------------------------------\n";
$file = $Aname.'.txt';
$fp = fopen($file, "a") or die("Couldn't open $file for writing!");
fwrite($fp, $data) or die("Couldn't write values to file!");
fclose($fp);
}
?>
and also instead of relocating the user to another page to give this error
die("Couldn't write values to file!");
just pop up an alert on the page.
Make sure that $_POST['Aname'] is actually populated (maybe it is coming from $_GET?).
Do note by the way that you have opened a rather big security issue here by using unsanitized data to write to disk. Potentially people could overwrite any file on your disk with PHP code and then execute that.
Try using file_put_contents(). It replaces the whole fopen, fwrite, fclose headache.
http://php.net/manual/en/function.file-put-contents.php
<?php
$saving = $_REQUEST['saving'];
if ($saving == 1){
$Aname = $_POST['Aname'];
$name = $_POST['name'];
$last = $_POST['last'];
$mob = $_POST['mob'];
$ext = $_POST['ext'];
$email = $_POST['email'];
$add = $_POST['add'];
$com = $_POST['com'];
$day = $_POST['day'];
$text = $_POST['text'];
$date = date("M j, Y ");
$data = "Date Sent: {$date}\n\nName: {$name} {$last}\nPhone : {$mob} ext: {$ext}\nCompany: {$com}\nAddress : {$add}\nE-mail : {$email}\nDay : {$day}\n\nNote :
\n{$text}\n---------------------------------------\n";
$file = $Aname.'.txt';
file_put_contents ( $file, $data );
}
?>
You should use an absolute path for the $filename parameter of fopen, so replace your following line:
$file = $Aname.'.txt';
for this one:
$file = dirname($_SERVER["SCRIPT_FILENAME"]) . '/' . $Aname.'.txt';
The above assumes your web server runs linux, if it's a windows one, you have to escape any backslashes, like fopen("c:\\my\\document_root\\myfile.txt", "a");