PHP - Server Referer Issue

I need to close a window if referer not valid, but it cannot be in HTML, needs to be php. This is what I have so far:

Code: [Select]
if (ereg("http://www.mysite.com/test.php", $_SERVER['HTTP_REFERER']) != true){
header('Location: ?????????');
exit;
} I get a header already sent message if I use a URL. I need it to close the window after 3 seconds.

Any ideas?

I have a website uploaded onto Host Gator hosting and the sessions are carried over to the other pages ok.
When using the same website in XAMPP it does not carry over the session to the next page and need to login again.

If i log in it puts the following after the URL - ?sid=3b71942d410d84c45f9f4433561c325a
The when i go to another link it loses the sid and i'll need to manualy past it into the next URL to get it working unless i log in again on the new page.

This is only happening with XAMPP but working fine in the Host Gator hosting environment.

Please help!

My login is integrated with the phpbb3 login.

This is the code at the beginning of every page -

Code: [Select]
<?php
ob_start();
define('IN_PHPBB', true);
$phpbb_root_path = './phpbb3/';
$phpEx = substr(strrchr(__FILE__, '.'), 1);
include($phpbb_root_path . 'common.' . $phpEx);
// Start session management
$user->session_begin();
$auth->acl($user->data);
$user->setup();
?>

I'm getting the error below when I run my script on my remote server.  I'm providing a relative path to this file and it works on my local server (XAMPP).  I've researched it a bit and I think it has to do with how I indicate the path to the file on the remote server.  I don't know what to do about it, however.  I hope someone can help me.  The file is in the indicated directory on the remote server and there are no permissions issues that I am aware of.  The mystery phrase is:

include_path='.:/opt/cpanel/ea-php73/root/usr/share/pear'

 

--Kenoli

Warning: require(bootstrap/start.php): failed to open stream: No such file or directory in /home4/ournight/public_html/tio-new/__classes/pi_admin.php on line 3
Warning: require(bootstrap/start.php): failed to open stream: No such file or directory in /home4/ournight/public_html/tio-new/__classes/pi_admin.php on line 3
Fatal error: require(): Failed opening required 'bootstrap/start.php' (include_path='.:/opt/cpanel/ea-php73/root/usr/share/pear') in /home4/ournight/public_html/tio-new/__classes/pi_admin.php on line 3

 

Hi Everyone,

Hopefully someone will be able to assist with my problem. Basically, my situation is that we have a server which hosts multiple websites using multiple IP address. One of the new sites we are moving to this server needs an LDAP connection outside of our network. The outside LDAP has already been enabled to accept requests from the specific IP assigned to this site. However, other sites on this server are using other IP addresses.

It seems as if the LDAP authentication request is getting sent by a IP address which is not authorized by the firewall on the outside LDAP server. Thus trouble authenticating.

So, my question is, is there a way to force the ldap_bind request to use a specific IP address to send the request for authentication? Supposedly this can be done using an event handler. However, I don't have much experience with event handlers so am not sure how to go about doing this.

I would appreciate any help or ideas to resolve this situation. Thanks!

- Jodie

now i use this code to show where the visitors came from to my site.

<?php
$referer=$_SERVER['HTTP_REFERER'];
echo $referer;
?>

now, i want to show the  5 latest vistors referer's site url on my site ?

I have a PHP web system that store in a windows server. In the system, there is a function for user to upload files to another server (Shared server in Unix).

When i try to upload a file, it gives warning:

Warning: move_uploaded_file(\\unixserver/sharedfolder/upload/test.txt) [function.move-uploaded-file]: failed to open stream: Permission denied in C:\wamp\www\upload\index.php on line 40

For your information, my username has been assigned in xxx's group that has access to read and write on that folder. Besides, i'm able to open,create and delete files on that folder's server manually (samba).

The safe mode setting is off.

Does anybody has any idea why this thing happen?

I'm trying to make a simple website where people register to my website.

When the user doesn't fill anything inside the boxes they get a message "Please fill all required fields" on the register.php page

On my local host require_once works good. It shows up.

 

But when i upload the files to my sever the require_once does not show up on the register.php

It just refreshes and i dont get the message "Please fill all required fields"

 

This is the code that works in local host but not in a live server

<?php require_once 'messages.php'; ?>

 

 

Here is my full code

 

Register page:

<html>


<?php require_once 'messages.php'; ?>

<br><br>


<form action="register-clicked.php" method="POST">

Username:<br>
<input type="text" name="usernamebox" placeholder="Enter Username Here">
<br><br>
Email:<br>
<input type="text" name="emailbox" placeholder="Enter email here">
<br><br>
Password:<br>
<input type="password" name="passwordbox" placeholder="Enter password here">
<br><br>
Confirm Password:<br>
<input type="password" name="passwordconfirmbox" placeholder="Re-enter password here">
<br><br>

<input type="submit" name="submitbox" value="Press to submit">
<br><br>

</form>

</html>

 

 

Register clicked

<?php


session_start();



$data = $_POST;

if( empty($data['usernamebox']) ||
    empty($data['emailbox']) ||
    empty($data['passwordbox']) ||
    empty($data['passwordconfirmbox'])) {
    $_SESSION['messages'][] = 'Please fill all required fields';
    header('Location: register.php');
    exit;

}




if ($data['passwordbox'] !== $data['passwordconfirmbox']) {
    $_SESSION['messages'][] = 'Passwords do not match';
    header('Location: register.php');
    exit;
}


$dsn = 'mysql:dbname=mydatabase;host=localhost';
$dbUser='myuser';
$dbPassword= 'password';

try{
$connection = new PDO($dsn, $dbUser, $dbPassword);
} catch (PDOException $exception){
    $_SESSION['messages'][] = 'Connection failed: ' . $exception->getMessage();
    header('Location: register.php');
    exit;
}

 

 

messages.php

<?php
session_start();

if (empty($_SESSION['messages'])){
    return;
}

$messages = $_SESSION['messages'];
unset($_SESSION['messages']);
?>



<ul>
    <?php foreach ($messages as $message): ?>
        <li><?php echo $message; ?></li>
    <?php endforeach; ?>
</ul>

 

Edited Wednesday at 12:49 AM by bee65

Hi,  I am not a PHP programmer.

I took on a new client with a simple PHP site, without any databases.
The site is up and running on the web.
I would like to get it running on my local machine for further development.
I have latest version of WAMP installed, running Apache version 2.2.11 and PHP version 5.3.0
I created a directory in the WAMP "www" project directory and it shows up there like it's supposed to when I browse to "localhost"

Problem:

The home page of website displays text but no, images, styles, footer, header, nav links, etc.


Here is the code for the home page:

<?
  define("NAV","home");
require_once('local/local.php');
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
  <head>
    <title>TITLE</title>
    <meta name="keywords" content="">
    <meta name="Description" content="">

<? include("common/dochead.php"); ?>

    </head>

<body onLoad="<? include('common/preloads.php'); ?>">

<!-- ============================ main ============================= -->
<div id="main-frame"><div id="main" class="noCollapse">

<? include("common/sign.php"); ?>

<div id="right-frame">

<? include("common/navigation.php"); ?>

<div id="content-frame">
<div id="content">


<h1>Welcome</h1>
<p>This is the content area. This is the content area. This is the content area. </p>


</div><!-- end content -->
</div><!-- end content-frame -->

</div><!-- end right-frame -->

<div class="clearFloats"></div>

</div><!-- end main --></div><!-- end main-frame -->

<? include("common/footer.php"); ?>

   </body>
</html>



Any help would be greatly appreciated. I have spent many hours on this.

Regards

Hi folks,

I'm curious if I can for example, save a file from my server and it will save to all other servers - obviously if they accepted the connection first. It's for a software I developed and is almost complete and know there will be frequent updates to it. Instead of users downloading upates, I want the update files from my server to somehow synchronize to their server automatically?

Anything called this??

Thanks for info.

This isn't exactly an application design question, but rather a system design one.   I am about to install an Inventory Control System inside this store I work in.   The store itself also owns a Linode VPS running Centos 6.4 which hosts our website.   This new Inventory System will come built in with a Microsoft SQL Server, and supposedly it is a SQL Anywhere database, but I'm not too sure what that means.     I need to make this database publicly accessible, but only via the Linode VPS.  Surely, setting restrictions is easy enough to address that issue.  That isn't my question.   My first idea is to put this server into the DMZ, easy.  But it doesn't exactly sound safe.  So my next idea was to put a middleman server in the DMZ, this way the Linode can send queries to that middleman server and it will send that data to the SQL Server and back.  This is very vaguely described I know, but I don't want to get too much into details, but rather, understand how I can create that middleman server, and what could Install onto it that would allow me to securely process queries?   My first thought was to install a webservice, that accepts an XML/JSON request and returns an XML/JSON response. Then, I realized directly afterwards that I don't have any experience setting up a webservice like that. What kind of options are there out there?
  Ultimately, my question is, should I just put the Server in the DMZ or should I create the middleman, and if so, can someone point me in the right direction as to getting a webservice set up?
Edited by Zane, 15 July 2014 - 11:28 PM.

Following a tutorial on udemy, i tried to learn the very basics of mvc structure. I built the same project on my local server and it worked without giving me any error. but when i tried it on live server. its not working as it should. not showing any error. I tried to figure out the problem and found that for every page loading, it stops at the same line in my main.php file.

<?php require($view); ?>

starting from the above line. it stops. i came here to share my problem but i am unable to upload my files here. if there is a way to upload and share my files, please guide. zip file size of the whole project is 31.6 kb

(This might be the wrong forum; it might be server-side configuration, but alas it is the code that *calls* fwrite, so I'll start here.)

I have written a script, and one thing it does is generate a file to disk using fwrite. No big deal.

Here's what interests me:
On most servers, the file is written successfully when the folder's permissions are 755 with recursive permissions. On some servers, 755 fails. Only 777 works.
How could this be? Are permissions=permissions=permissions? Why will 755 work on one machine but not another?

I'm just a logic guy; I know very little of server-side configuration and/or why there would be a difference here. Just trying to learn.

Hey. I am wanting to move a couple of files from my current server to another.

If i am uploading the file this is fine but if it is already on the server then im not sure how to move it.

When uploading I can just use ftp_put($conn_id, $destination_file, $myFile, FTP_BINARY);

What i need to do is figure out how to get a hold of the file and store it in $myFile then this would work fine.

Is this possible?

Cheers

I have two servers: WebServer and FaxServer.  WebServer needs to send a fax.  Is my approach shown below fairly secure?

Before sending a fax, ServerWeb needs to store a record in a table representing the message, and I am using a pseudo random value for the PK which is generated as 2147483648+mt_rand(-2147483647,2147483647).

WebServer then generates a hash equal to hash('sha256',$pk.'secretCodeWhichOnlyWebServerAndFaxServerKnow').

WebServer then sends curl request to FaxServer using POST which includes $pk, the hash, the fax number, some text to include in the fax, and an optional array of document to include (array(array('id'=>321,'name')=>'fileName.pdf')).

FaxServer verifies that the hash is correct given $pk, that the minimum information has been received, and that the fax number is a valid phone number, and quickly responds to WebServer by echoing 0 or 1 so the code in the WebServer could continue and inform the user.  If all looks okay, a new instance of PHP is started.
 

if(missingInformation) {echo(0);}
else {
   session_start();
   $_SESSION['_xfr']=$_POST;
   exec('/usr/bin/php -q /path/to/send_fax.php '.session_id().' >/dev/null &');
   echo(1);
}

New instance of PHP send_fax.php then does the following:
 

session_id($argv[1]);//Set by parent
session_start();
$data=$_SESSION['_xfr'];

$doc_list=null;
foreach ($data['documents'] AS $doc)
{
    if(ctype_alnum($doc['id']))
    {
        $file='/some/tmp/directory/'.$doc['id'];
        if(!file_exists($file))
        {
            $url='http://machine.WebServer.com/index.php?task=displayDocument&id='.$doc['id'].'&x='.hash('sha256','displayDocument'.$doc['id'].'secretCodeWhichOnlyWebServerAndFaxServerKnow');
            $cmd='wget -O '.$file.' '.escapeshellarg($url);
            exec($cmd);
        }    
        $doc_list.=' '.$file;
    }
    exit('invalid document');
}

//Send the fax...

//Send another CURL request to the WebServer similar to the wget giving the fax status.
exit;

When WebServer receives the wget request for a document, it confirms the hash and sends the document to the FaxServer using X-Sendfile.

When WebServer receives the CURL request regarding status, it updates the database for the applicable message.   Seem reasonably secure?