Here is my code relating to the question:
$theurl = trim($_POST['url']);
$md5file = md5_file($theurl);
if ($md5file != '96a0cec80eb773687ca28840ecc67ca1') { echo 'Hash doesn\'t match. Incorrect file. Reupload it and try again';
When I run this script, it doesn't even output an error. It just stops. It loads for a bit, and then it just stops.
Further down the script I implement it again, and it fails here, too:
while($row=mysql_fetch_array($execquery, MYSQL_ASSOC)){
$hash = #md5_file($row['url']);
$url = $row['url'];
mysql_query("UPDATE urls SET hash='" . $hash . "' WHERE url='" . $url . "'") or die("There was a problem: ".mysql_error());
if ($hash != '96a0cec80eb773687ca28840ecc67ca1'){
$status = 'down';
}else{
$status = 'up';
}
mysql_query("UPDATE urls SET status='" . $status . "' WHERE url='" . $url . "'") or die("There was a problem: ".mysql_error());
}
And it checks all the URL's just fine, until it gets to one with an IP instead of a domain, such as:
http://188.72.216.143/~waffle/udp.php
In which, again, the script then just loads for a bit, and then stops.
Any help would be much appreciated, if you need any more information just ask.
EDIT: It seems to work with SOME IP's, but not others
I thought that md5_file worked only with local files. The documentation certainly doesn't mention requests or anything. If you get the file manually you can use md5 to calculate the hash of the document. Try giving it a whirl.
<?php
$contents = file_get_contents('http://stackoverflow.com');
$md5file = md5($contents);
echo $md5file;
?>
Related
So, I have an image link that has this href:
http://www.app.com/link?target=www.target.com¶m1=abc¶m2=xyz
This is processed like so (I use laravel):
function out (Request $request) {
$url = $request->target;
$qs = $request->except('target');
if ( !empty($qs) ) {
$url .= strpos($url, '?') !== false ? '&' : '?';
$url .= http_build_query($qs);
}
return redirect($url);
}
Most of the time, this works. However, lately, we've been experiencing an issue where param1 and param2 are attached to the URL in a seemingly infinite loop causing us to hit a 414 Request URI too long Error.
The problem is that it happens so randomly that I really don't know where to check because I added a checker before the return statement.
if ( substr_count($url, 'param1') > 1 ) {
$file = storage_path() . '/logs/logger.log';
$log = "[ " . date("d-m-Y H:i:sa") . " ] [ {$request->ip()} ] - {$url} \n";
file_put_contents($file, $log, FILE_APPEND);
}
And it hasn't logged a single hit. Even after our testers experienced the bug.
Is it possible that the receiving application is breaking the URL somehow?
What information should I be looking out for? Have you seen an issue like this before?
Is it the http_build_query that could be causing this and that my checker just doesn't work as expected (though, I did test it and it logged my test URL).
Any help on the matter would be great.
Assuming and issue with http_build_query:
Well, one attempt you may try is to rewrite the code without $request->except and http_build_query.
If you don't have any special reason to use http_build_query i would suggest to use $request->input.
Example with $request->input:
function out (Request $request) {
$url = $request->target;
$param1 = $request->input('param1', '');
$param2 = $request->input('param2', '');
if (!empty($param1) || !empty($param2)) {
$url .= '?';
}
if (!empty($param1) && !empty($param2)) {
$url .= 'param1=' . $param1 . '¶m2=' . $param2;
} else {
$url .= !empty($param1) 'param1=' . $param1 : '';
$url .= !empty($param2) 'param2=' . $param2 : '';
}
return redirect($url);
}
The solution is a little bit more verbose but with that, you should be sure 100% that is not the code to generate the redundancy.
Absurd, remote possibility:
The second thing I would try is to check you log system. For instance if you are running under apache you should have a file called access.log under /var/log/apache2/ (or under /var/log/nginx/ with nginx).
In there you should have the history of all your http requests.
Maybe there is a chance that some of the wired requests with multiple params are from a strange IP address.
If this is the case, it means that some company is monitoring and testing the website (potentially with the strange parameters) for security reasons.
If this is the case, I guess you are under http and you should switch to https.
Anyway, with the new code, you should be sure about the code and be able to investigate any other part of the system.
I spoke to the one.com support who said that their servers times out after 50 seconds.
The problem is, that it the script times out before it's finished. How can I make the script loop until it is finished?
This is my script:
<?php
//$id = $_GET['id'];
//$content = file_get_contents("http://www.boligsiden.dk/salg/$id");
$con=mysqli_connect("danico.dk.mysql","danico_dk","password hidden","danico_dk");
// Check connection
if (mysqli_connect_errno()) {
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$result = mysqli_query($con,"SELECT * FROM elements");
$int = 0;
while($row = mysqli_fetch_array($result)) {
if($int < 500 && $row['link'] != "," && $row['link'] != "") {
$link = $row['link'];
$content = file_get_contents("http://www.boligsiden.dk/salg/$link");
preg_match('#"LatLng":{"Lat":(.*?),"Lng":#', $content, $match1);
$lat = $match1[1];
echo "<tr>";
echo "<td>" . $lat . "</td>";
echo "</tr>";
$int = $int + 1;
}
}
?>
The time limit can not be overwritten. The default value on one.com host is always 50 seconds.
Like other answers said, you should use set_time_limit( int $seconds_before_timeout ) but no need to put it in the loop:
set_time_limit(0) will cut off any timing out (except in safe mode).
You should add a caching system: once you've retried your data with file_get_contents(), you could save it to a local file (like /cache/boligsiden/salg/$link.dat) so next time, if the cache is recent (you decide what "recent" means), you'll get the local file instead of doing a long-time-consumming http request.
One solution:
<?php
$con=mysqli_connect("danico.dk.mysql","danico_dk","password hidden","danico_dk");
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
exit();
// else, script will continue...
// You could use a throw new Exception(...) instead
}
$result = mysqli_query($con,"SELECT * FROM elements WHERE `link`!=',' and `link`!='' LIMIT 500");
// Way easier to put the conditions on the query itself
// as your query is not reused anywhere else
set_time_limit(0); // No timeout
while($row = mysqli_fetch_array($result))
{
// No more if there since the query itself managed it faster
$link = $row['link'];
$content = file_get_contents("http://www.boligsiden.dk/salg/$link");
preg_match('#"LatLng":{"Lat":(.*?),"Lng":#', $content, $match1);
$lat = $match1[1];
echo "<tr><td>$lat</td></tr>";
}
set_time_limit(30); // From now on, script will timeout again
// That line can be removed depending on what's coming next
// Aka if you still want the script to not timeout, remove that line
?>
set_time_limit() : http://php.net/set_time_limit
You can change the time the script is allowed to run:
set_time_limit(300); // allow a maximum execution time of 5 minutes
Warning
This function has no effect when PHP is running in safe mode. There is no workaround other than turning off safe mode or changing the time limit in the php.ini.
Warning
Be careful with this option. Wrong usage can lead to scripts that never end. Putting in a definite time limit, at the top of your script is the safest way to go.
I have the the following code however the data only goes into the applicant table and not the applicant_edit table, and apparently I am having this error around the program, I may think it has something to do with the $_post but im not sure, also I have the same exact application running on another computer and it works fine, here is what i did, on this new machine, whiche seems to not be working well, I installed apache, then copied over my entire server folder with all the setting from my other machine, most things seem to be working however when it comes to $_post, thats where errors occur. Please Id love some help and suggestions.
<?php
include("config.php"); // put the *FULL* path to the file.
$url = 'index.php';
header('Location: ' . $url);
//header('Location: ' . $url);
$values = $_POST;
foreach ($values as &$value) {
$value = mysql_real_escape_string($value);
}
$sq1="INSERT INTO applicant (app_trn,app_file_id, app_fname, app_lname,app_mid_name, app_strt_add_1, app_strt_add_2,app_city, app_parish, app_postal,
app_hme_cntct, app_cell1_cntct, app_cell2_cntct, app_email, app_gov_agncy, app_gov_agncy_strt,app_gov_agncy_city, app_gov_agncy_parish, app_post,
app_grade,app_appointment_date,app_salary,app_gov_last_agncy1,app_gov_last_agncy1_street,app_gov_last_agncy1_city,app_gov_last_agncy1_parish,
app_gov_last_agncy1_contact, app_gov_last_agncy2, app_gov_last_agncy2_street,app_gov_last_agncy2_city,app_gov_last_agncy2_parish,app_gov_last_agncy2_contact,
app_gov_last_agncy3,app_gov_last_agncy3_street,app_gov_last_agncy3_city,app_gov_last_agncy3_parish,app_gov_last_agncy3_contact)
VALUES
('$values[app_trn]','$values[app_file_id]', '$values[app_fname]','$values[app_lname]', '$values[app_mid_name]','$values[app_strt_add_1]', '$values[app_strt_add_2]',
'$values[app_city]', '$values[app_parish]', '$values[app_postal]', '$values[app_hme_cntct]', '$values[app_cell1_cntct]', '$values[app_cell2_cntct]',
'$values[app_email]', '$values[app_gov_agncy]', '$values[app_gov_agncy_strt]', '$values[app_gov_agncy_city]', '$values[app_gov_agncy_parish]','$values[app_post]',
'$values[app_grade]','$values[app_appointment_date]','$values[app_salary]','$values[app_gov_last_agncy1]','$values[app_gov_last_agncy1_street]',
'$values[app_gov_last_agncy1_city]','$values[app_gov_last_agncy1_parish]','$values[app_gov_last_agncy1_contact]', '$values[app_gov_last_agncy2]',
'$values[app_gov_last_agncy2_street]','$values[app_gov_last_agncy2_city]','$values[app_gov_last_agncy2_parish]','$values[app_gov_last_agncy2_contact]',
'$values[app_gov_last_agncy3]','$values[app_gov_last_agncy3_street]','$values[app_gov_last_agncy3_city]','$values[app_gov_last_agncy3_parish]',
'$values[app_gov_last_agncy3_contact]')";
$result = mysql_query($sq1);
if (!$result) {
die('Invalid query: ' . mysql_error());
}
mysql_query("INSERT INTO applicant_edit (applicant_edit_id,edit_app_trn)
VALUES ('','$values[app_trn]')");
?>
You're redirecting all traffic to index.php before anything happens
$url = 'index.php';
header('Location: ' . $url);
Remove that and see what happens
1- Remove header redirect code as mentioned by Paul
2- Try to print out one value
echo $values[app_trn];
echo "'$values[app_trn]'"; //test same case (double quota and single quota)
if it works, then, it will be sql error, try to print
echo mysql_error();
3-
I also suggest to use:
foreach ($values as &$value) {
$value = mysql_real_escape_string($value);
}
after this add:
foreach ($values as $kc => $vc){
$$kc = $vc;
}
now all values can be accessed by using key names:
VALUES
('$app_trn','$app_file_id', '$valuesapp_fname', ...
I have this code, to get followers and friends(peeps you are following), However I'm completely lost, I want to get a "Who's not following back" page. Whats the best way to go about this? Should I manually search for strings or . . .
Pseudo :: $riends-$followers
$user = $query[1];
if (!$user) {
user_ensure_authenticated();
$user = user_current_username();
}
$folwers = API_URL."statuses/followers/{$user}.xml";
$folwin = API_URL."statuses/friends/{$user}.xml";
$tl = lists_paginated_process($request);
$content = theme('followers', $tl);
theme('page', 'Followers', $content);
}
Thanks
This might not be the most optimal answer out there, but you might want to read the following link:
https://dev.twitter.com/docs/api/1/get/friendships/exists
Since you're able to get all profiles that you're following, you could easily just loop the array of usernames and curl to the "friendship verification"-page. Check out the snippet below:
<?php
$link = 'http://api.twitter.com/1/friendships/exists.xml?screen_name_a=php_net&screen_name_b=';
foreach( $usernames as $username ) {
//Create a curl handler and make sure we return to a variable
$ch = curl_init($link . $username);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$status = strip_tags(curl_exec($ch)); //Should return: true
curl_close($ch);
//Output based on the results
if( $status == 'true' ) echo $username , ' isn\'t following you. <br />';
else echo $username , ' is following you. <br />';
}
?>
It might at least be worth a shot, although I'm pretty sure that there are better ways to accomplish what you're looking for. Good luck!
I am working on a osCommerce project, which is accessible on the main server, but when i try to access the admin portion of the project on my LOCALHOST the login page do accepts my login, ideally it should accept my login and redirect me to index,php..
below is the login script i am using..
<?php
require('includes/application_top.php');
if ($session_started == false) {
echo 'session not started';
}
$error = false;
if (isset($HTTP_GET_VARS['action']) && ($HTTP_GET_VARS['action'] == 'process')) {
$email_address = tep_db_prepare_input($HTTP_POST_VARS['email_address']);
$password = tep_db_prepare_input($HTTP_POST_VARS['password']);
// Check if email exists
$check_admin_query = tep_db_query("select admin_id as login_id, admin_groups_id as login_groups_id, admin_firstname as login_firstname, admin_email_address as login_email_address, admin_password as login_password, admin_modified as login_modified, admin_logdate as login_logdate, admin_lognum as login_lognum from " . TABLE_ADMIN . " where admin_email_address = '" . tep_db_input($email_address) . "'");
if (!tep_db_num_rows($check_admin_query)) {
$HTTP_GET_VARS['login'] = 'fail';
} else {
$check_admin = tep_db_fetch_array($check_admin_query);
//BOF code for cPanel installer - convert password to cre hash
$check_password = $check_admin['login_password'];
if (substr($check_password, 0, 8) == '_cPanel_'){
$check_password = substr($check_password, 8);
$password_hash = tep_encrypt_password($check_password);
tep_db_query("UPDATE " . TABLE_ADMIN . " SET admin_password = '" . $password_hash . "'");
$check_admin_query = tep_db_query("select admin_id as login_id, admin_groups_id as login_groups_id, admin_firstname as login_firstname, admin_email_address as login_email_address, admin_password as login_password, admin_modified as login_modified, admin_logdate as login_logdate, admin_lognum as login_lognum from " . TABLE_ADMIN . " where admin_email_address = '" . tep_db_input($email_address) . "'");
$check_admin = tep_db_fetch_array($check_admin_query);
}
//EOF code for cPanel installer - convert password to cre hash
// Check that password is good
if (!tep_validate_password($password, $check_admin['login_password'])) {
$HTTP_GET_VARS['login'] = 'fail';
} else {
if (tep_session_is_registered('password_forgotten')) {
tep_session_unregister('password_forgotten');
}
$login_id = $check_admin['login_id'];
$login_groups_id = $check_admin[login_groups_id];
$login_firstname = $check_admin['login_firstname'];
$login_email_address = $check_admin['login_email_address'];
$login_logdate = $check_admin['login_logdate'];
$login_lognum = $check_admin['login_lognum'];
$login_modified = $check_admin['login_modified'];
tep_session_register('login_id');
tep_session_register('login_groups_id');
tep_session_register('login_firstname');
//$date_now = date('Ymd');
tep_db_query("update " . TABLE_ADMIN . " set admin_logdate = now(), admin_lognum = admin_lognum+1 where admin_id = '" . $login_id . "'");
if (($login_lognum == 0) || !($login_logdate) || ($login_email_address == 'admin#localhost') || ($login_modified == '0000-00-00 00:00:00')) {
tep_redirect(tep_href_link(FILENAME_ADMIN_ACCOUNT, '', 'SSL'));
} else {
tep_redirect(tep_href_link(FILENAME_DEFAULT, '', 'SSL'));
}
}
}
}
require(DIR_WS_LANGUAGES . $language . '/' . FILENAME_LOGIN);
include('includes/functions/rss2html.php');
?>
I tried tracking the issue, whenever I login with correct email and password it doesnt give me the "$HTTP_GET_VARS['action']"
Could someone guide me whats going wrong here?
ACCORDING TO THE INITIAL REPLIES
i have register_long_arrays enabled in my localhost and it is working very well in case of wrong input of email address and password..
Variables such as HTTP_GET_VARS are called long-arrays, and are deprecated -- and can be disabled.
See the register_long_arrays directive, about this : maybe it's disabled on your server ?
Instead of $HTTP_GET_VARS, you should be using the $_GET super-global array.
For a couple of references, see :
$_GET
Predefined Variables
Note : OS-commerce is a quite old piece of software, and was developped before long-arrays were deprecated -- which is probably why they are used... and why it is possible to enable the register_long_arrays directive in PHP's configuration.
Of course, this is not recommended for new software... But if you have to work with that... it might be easier than replacing every instance of $HTTP_GET_VARS.
$HTTP_GET_VARS is old and deprecated, use $_GET instead. Same applies to other superglobals as well: $_POST, $_REQUEST, $_SERVER, $_COOKIES, $_FILES, etc.
Try $_GET['action'] instead of $HTTP_GET_VARS['action']. I suggest you entirely replace $HTTP_GET_VARS with $_GET.
As of PHP 5.0.0, the long PHP
predefined variable arrays may be
disabled with the register_long_arrays
directive.
From PHP 5.0.3 long predefined arrays such HTTP_GET_VARS got disabled by default. Use this instead:
$_GET['action'];