I recently saw a website in which the url was formulated like this:
http://subdomain.domain.com/script/?var=value
I was wondering how to do this in IIS, and how he put a slash in between the script and the GET variables, and how he had the script with no extension in the first place. Any help?
There are many ways to do this; I'll describe the simplest.
script is a folder containing a file called Default.aspx (or whatever is configured as the Default Document in IIS)
Therefore, when IIS sees a request to script/, it will send the request to Default.aspx, which then reads the query string.
Lack of filename defaults to the "index" entry, probably default.asp[x] there.
The best way to do it is with a URL Rewriter, like IIRF, or the built-in URL Rewriting module that's included with IIS7 and later.
Related
I have ran into a problem where by using /js/filename.js or /images/image.jpg etc is not loading anything on my WAMP Server. What it seems like is that its not getting the base url properly here. Screenshots will give you better idea.
Trying to reference the files with "/" in the start but it fails to load anything. I need to have it because i would be working with URL Rewrites so in that case it should load the files from there. Please let me know about any wamp server setting that is causing this issue.
Regards.
You are referring to your files with a root-path like "/my-file.txt" (i.e. having a slash at begin),
which would result to "C:/wamp/www/my-file.txt" being requested.
Change all your paths to be relative paths, for example to "./my-file.txt" path (i.e. with both dot and slash ./),
That would change the file request to something like "C:/wamp/www/my-project/public/my-file.txt" (if your HTML file is in public directory that is).
Actually I would not recommend you using relative paths like ./myfile.txt or something else, as it can get somewhat messy when you try MVC in your code.
Instead I would recommend you set up a virtual host on your wamp machne.
Here you can read more about setting up virtual host in wamp
https://john-dugan.com/wamp-vhost-setup/
Gone through related posts and found turning allow_url_include will does the trick. However when I did this :
remote file file.php at http://www.courierscripts.com
$content = file_get_contents('http://www.courierscripts.com/folder/file.php');
on my functions.php, was not able to use the functions of file.php. I also don't want to change my file.php to file.txt because everyone can see it.
Any other way?
If the file is on the same server, use absolute or relative path to it, not an url. Otherwise:
Short answer:
No, it's not possible.
Long answer:
Actually possible with conditions but I bet you won't like them.
It's obviously impossible if you don't have access to the target server (otherwise storing passwords in php config files like Wordpress does would be just one big security flaw).
First of all, file_get_contents returns a string. So you could eval it, but eval is very bad (you can search SO for the clues why).
OK, suppose you agree to eval what's coming from that server even after considering that someone might change the code and do whatever he wants on your machine. BUT you make an http request that is handles by the server (Apache, Nginx or whatever else).
The server knows that *.php files should not be handles as static files. For example, fastcgi. You can turn that off, for example, with RemoveHandler in Apache. But that would let everyone see the source code of files you expose this way.
So, after removing handlers and evaling the result, you could get the result. But be ready that someone you work with will punch you in the face for doing that ;)
UPD
For code sharing, use Composer to create a package and use it as a dependency.
I have a website wrote in PHP and running with WAMP server.
I am wondering if it's possible to access a file using a different URL of than original path??
Actually I have a file in X:/wamp/www/test/test2/index.php and I use localhost/test/test/index.php to access it. But can I create an alias or something to use localhost/index.php ?
One way to do this is via Apache's excellent ModRewrite.
http://httpd.apache.org/docs/current/mod/mod_rewrite.html
This is a beginner question; while Googling, I could not find the answer.
I understand that if I have a URL like this for a PHP page:
http://blah.tld/somearea/myfile.php?param1=foo¶m2=bar
That the page receiving the parameters foo and bar is myfile.php, but if I have a URL like this, what page is receiving the parameters:
http://blah.tld/somearea/?param1=foo¶m2=bar
Is it index.php under whatever /somearea is?
What actual program/file is called depends on the configuration of the web server. For example, in Apache, there's configuration parameter DirectoryIndex, which indicates what is called by default if no file is specified, for example,
DirectoryIndex index.php
will ensure that index.php is called in the above scenario. Moreover, this configuration can be set per directory so that in different directories different files/scripts will be invoked. Without knowing how the target server is configured, it is not possible to answer this question.
This is a server setting. For instance in Apache the setting is DirectoryIndex. Usually on a PHP server, the default is index.php.
If PHP is not installed, the default would be index.html or index.htm. On a ASP server the default would be default.aspx.
Yes in that case index.php will receive parameters.
It is the same file that is used when http://blah.tld/somearea/ is requested.
It may be index.php, or any other file. It may not be a file itself, but a function in a separate file if a framework is being used.
It is nothing but a re written URL using .htaccess so yes, you can and you've to fetch the GET params in the same way, so on index.php it will be
echo $_GET['param1'].' '.$_GET['param2']; //Will output foo bar
I'm developing a PHP application that has to respond to request from several clients, and I thinks "Can any of the clients see the PHP code that I'm writing?".
No, unless
There is a server misconfiguration
There is a bad echo/include somewhere
No. Unless you're echoing it to them under where you're actually using it.
Use includes from below or outside the www served directory. (can't +1 yet.. for Frankie)
Don't use symlinks for your http directories. I've intentionally used this to both show source and execute depending on user request path before, but that required httpd.conf changes (or misconfiguration) and can explicitly be disabled in httpd.conf.
If allowing downloads of files using fopen, don't pass anything the user creates to it or they could figure out how to get it to grab any file they can find.
Consider:
fopen('reports/' . $_GET['blah']);
where the user passes in '../index.php'
No, but you should take all measures to prevent it.
You should always set your sensitive code (heck, why not all?) in a directory bellow your server working dir (say /www), that way if the server gets messed up, it wont be able to show your code to the world because that code will be included by php that is not working in the first place.
If you have your webserver set to serve instead of parse your php yes. But then the clients wouldn't work. So the barring any security holes, answer is no.
No. Assuming you've installed a L/UAMP server properly, or aren't printing out (echo, print_r, etc.) and of the guts of your code, the PHP will be processed and the logic or HTML it's meant to output will be used on the page, not visible.
N.B. If there isn't an 'index' in a directory or a proper .htacess file, an Apache server will show a list of files in the directory, which can be downloaded and reviewed.
One mistake for it to happen is to paste a php tag inside a php string, example:
$string = "This is the answer: <s><?php echo $answer; ?></s>";
echo $string;
The person did a Ctrl+C and Ctrl+V of something that should be printed along the string, but the coder forgot to remove the php tags by distraction.