|
PHP - Granting Admins Access To Proxy Normal Users
Hello all,
I have a social network site that has users. Each user has a profile and a id. Myself and two other people are admins and are granted access to certain pages via $admin = true. I have recently hashed everyones passwords. I need to allow admins the ability to proxy a user or login as a different user or become another user for moderation purposes. via OOP there is a $auth->id which is the person's id who is logged in or their user id and $prof->id which is another persons id I am looking at. Meaning if I am looking at someones profile, it is their user id. I am trying to figure out a simple page to create where if $admin you can type a desired id in a input box, press enter and you are all of a sudden logged in as that id. Thanks in advance Similar TutorialsI just discovered that I have a major security flaw with my website. Anyone who logs in to the website can easily access other users information as well as delete and edit other users information just by changing the ID variable in the address bar. I have user ID Session started on these pages but still people can do anything they like with other users information just by editing the address bar. For example if your logged in in the address bar of www.mywebsite.com/delete_mystuff.php?id=5 and change the "5" say to a "9" then you will have access to user#9 information. Every important page that I have has this code: Code: [Select] session_start(); if (!isset($_SESSION['user_id'])) { // Start defining the URL. $url = 'http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']); // Check for a trailing slash. if ((substr($url, -1) == '/') OR (substr($url, -1) == '\\') ) { $url = substr ($url, 0, -1); // Chop off the slash. } // Add the page. $url .= '/index.php'; ob_end_clean(); // Delete the buffer. header("Location: $url"); exit(); // Quit the script. } else { //Else If Logged In Run The Script if((isset($_GET['id'])) && (is_numeric($_GET['id']))) { $id = (int) $_GET['id']; } elseif ((isset($_POST['id'])) && (is_numeric($_POST['id']))) { $id = (int) $_POST['id']; } else { echo ' No valid ID found, passed in url or form element'; exit(); } What am I doing wrong? Please help if you know how to correct this. Many thanks in advance. Hello
I am trying to work out how many regular users I have to my site and how long those users tend to be users..
So, I have a table that logs every time a user visits my site and logs in, it stores the date / time as a unix timestamp and it logs their user id.
I started by getting the id's of any user who logs in more than 5 times in a specified period, but now I want to extend that...
SELECT userID as user, count(userID) as logins FROM login_history where timestamp > UNIX_TIMESTAMP('2014-06-01 00:00:00') and timestamp < UNIX_TIMESTAMP('2014-07-01 00:00:00') group by user having logins > 5;
Hey guys im fairly new to php i cant really keep using that as an excuse anyway im to the point where i am comfortable with procedural php style programming and i have moved on to object orientated and prepared statements etc. Anyways this has no relevance to that sorry. Ok when using $_GET in php say for example i wanted to log a user out i would use ?status=logout or whatever i have started to instead use that use codes like ?abihcofscj=21904jkq i know this looks weird and there is probs no need but does any over sites use this type of behavior or am i just being retarded haha thanks hello i have some normal php functions that i want to put into a oop class. i cant seem to make the right changes to make it work. could some one help please. thanks these are the php functions Code: [Select] <?php function hasChild($parent_id) { $sql = "SELECT COUNT(*) as count FROM category WHERE parent_id = '" . $parent_id . "'"; $qry = mysql_query($sql); $rs = mysql_fetch_array($qry); return $rs['count']; } function CategoryTree($list,$parent,$append) { $list = '<li>'.$parent['name'].'</li>'; if (hasChild($parent['id'])) // check if the id has a child { $append++; $list .= "<ul class='child child".$append."'>"; $sql = "SELECT * FROM category WHERE parent_id = '" . $parent['id'] . "'"; $qry = mysql_query($sql); $child = mysql_fetch_array($qry); do{ $list .= CategoryTree($list,$child,$append); }while($child = mysql_fetch_array($qry)); $list .= "</ul>"; } return $list; } function CategoryList() { $list = ""; $sql = "SELECT * FROM category WHERE (parent_id = 0 OR parent_id IS NULL)"; $qry = mysql_query($sql); $parent = mysql_fetch_array($qry); $mainlist = "<ul class='parent'>"; do{ $mainlist .= CategoryTree($list,$parent,$append = 0); }while($parent = mysql_fetch_array($qry)); $list .= "</ul>"; return $mainlist; } ?> this is the class Code: [Select] <?PHP require_once(LIB_PATH.DS.'database.php'); class Menu extends DatabaseObject { protected static $table_name="menu"; protected static $db_fields = array( 'id', 'parent_id', 'name' ); public $id; public $parent_id; public $name; // "new" is a reserved word so we use "make"(or "build") public static function make( $id, $parent_id, $name) { if(!empty($id)) { $kw = new Menu(); $kw->id = (int)$id; $kw->parent_id = (int)$parent_id; $kw->name = $name; return $kw; }else{ return false; } } //end function make //PUT FUNCTIONS HERE...... function hasChild($parent_id) { $sql = "SELECT COUNT(*) as count FROM category WHERE parent_id = '" . $parent_id . "'"; $qry = mysql_query($sql); $rs = mysql_fetch_array($qry); return $rs['count']; } function CategoryTree($list,$parent,$append) { $list = '<li>'.$parent['name'].'</li>'; if (hasChild($parent['id'])) // check if the id has a child { $append++; $list .= "<ul class='child child".$append."'>"; $sql = "SELECT * FROM category WHERE parent_id = '" . $parent['id'] . "'"; $qry = mysql_query($sql); $child = mysql_fetch_array($qry); do{ $list .= CategoryTree($list,$child,$append); }while($child = mysql_fetch_array($qry)); $list .= "</ul>"; } return $list; } function CategoryList() { $list = ""; $sql = "SELECT * FROM category WHERE (parent_id = 0 OR parent_id IS NULL)"; $qry = mysql_query($sql); $parent = mysql_fetch_array($qry); $mainlist = "<ul class='parent'>"; do{ $mainlist .= CategoryTree($list,$parent,$append = 0); }while($parent = mysql_fetch_array($qry)); $list .= "</ul>"; return $mainlist; } ?> I have a string in php: Quote Sat, 28 Apr 2012 05:09:45 GMT I want to convert it to timestamp Example: 1335594473 Hi All, When I put echo memory_get_usage(); at the very beginning of a php file I get 51207808. Is this normal while there is not much processing to do ? This happens even for very small php files that only display html syntax. Thanks! i have Created a Session with this code $_SESSION['USER_NAME'] = trim($_POST['username']) How can i access the $_SESSION['USER_NAME'] in other Pages ; and will this code for $var = $_SESSION[USER_NAME] can i get the SESSIOn value in " $var" variable ?? Hello,
Is anybody aware of a statistical function in PHP which returns the inverse of the normal cumulative distribution, given a probability, mean and standard deviation as inputs? Thank you. I have this PHP script to fetch whois information of domain. It works, but when I try to connect whois server via proxy, then it doesnt work. The proxy ip is taken from proxylist.hidemyass.com. What I do wrong? Thank you for help.
$server = "whois.nic.cz";
$domain = "klikzone.cz";
function QueryWhoisServer($server, $domain){
$proxy = "85.111.25.189:8080";
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $server);
curl_setopt($ch, CURLOPT_PORT, 43);
curl_setopt($ch, CURLOPT_PROXY, $proxy);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($ch, CURLOPT_HEADER, 1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_TIMEOUT, 30);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, $domain . "\r\n");
$data = curl_exec($ch);
curl_close($ch);
return $data;
}
Hi, I'm trying to understand any how I can block all users trying to view my website through proxies. With the following code, what I have done is a quick version through php (with headers and ports) and not the firewall which isn't exactly the best way but still stops a lot of them.
<?php
$user_ip = $_SERVER['REMOTE_ADDR'];
$headers = array('CLIENT_IP','FORWARDED','FORWARDED_FOR','FORWARDED_FOR_IP','VIA','X_FORWARDED','X_FORWARDED_FOR','HTTP_CLIENT_IP','HTTP_FORWARDED','HTTP_FORWARDED_FOR','HTTP_FORWARDED_FOR_IP','HTTP_PROXY_CONNECTION','HTTP_VIA','HTTP_X_FORWARDED','HTTP_X_FORWARDED_FOR');
foreach ($headers as $header) {
if (isset($_SERVER[$header])) {
header("Location: /proxy-not-allowed/");
die;
}
}
$queryIP = "SELECT `user_ip_address` FROM `my_table` WHERE `user_ip_address` = :user_ip_address AND `user_blocked` = :user_blocked LIMIT 1";
$queryIP1 = $pdo->prepare($queryIP);
$queryIP1->execute(array(':user_ip_address' => $user_ip, ':user_blocked' => 'No'));
$queryIP2 = $queryIP1->rowCount();
if ($queryIP2 === 0) {
$ports = array(80, 81, 553, 554, 1080, 3128, 4480, 6588, 8000, 8080);
foreach ($ports as $port) {
$connection = @fsockopen($user_ip, $port, $errno, $errstr, 0.1);
if (is_resource($connection)) {
header("Location: /proxy-not-allowed/");
die;
}
}
}
?>
The headers script blocks any proxy sending those headers while the ports script blocks those using any assigned ports I add. I have tested this which seems to be good, though it won't block all proxies due to the assigned one I have. Is this the best way to go about blocking scripts if I don't have access to the firewall? What I am trying to do is allow users to view my HTTPS website normally and block all proxies. Even if I have some users blocked, I do not want them to be cheeky and use a proxy or even register on my website through a proxy. I was thinking of just using the 443 port as my website is https (is that wise?). Any advice would be great. Edited January 4, 2019 by Cobra23 Could someone give me a cross-domain proxy script? I am trying to post data to mysql databases on two servers. I need a proxy that would enable me to use curl with another ip address. How do I find a paid proxy server that supports curl? Hi I need a script to hide IP address with proxy and read a web page
$username="myuser"; The script doesn't work, it doesn't show me the page output. Any solution? using curl, ive managed to get my program to log me into a proboards site. I can view the main forum page. The problem is, the links to viewing the page is something like href="index.cgi?board=general&thread=1111&page=45" I did a str_replace to replace the index.cgi to href= "link_processor?board=general&thread=1111&page=45" The idea was that link_processor would contain the data "board=general&thread=1111&page=45" However, i now realise that the way the php would see that as 4 different get variables link processor = board=general thread = 1111 page = 45 How could i make it all part of the link_processor variable because if i can keep the string intact, i just have to pass it to a curl function and i can display the page easily! Hi, I am using PHP mail() function to sent message. Following is the code, the message is received in email account, but as attachment, not displayed in the body section as normal message would. Please can you guys help, as why is this message going as attachment, but not being displayed in the body of email. Below is the url which gives preview as to what I mean. http://i56.tinypic.com/29fujxf.jpg Code: [Select] $to = $_POST['to']; $subject = ' web visior'; $customer = stripslashes($_POST['customer']); $email = stripslashes($_POST['email']); $contactinfo = stripslashes($_POST['contactinfo']); $body = stripslashes($_POST['enquiry']); $header = 'From:'.$email.'\r\n'; $header = 'Reply-To:'.$email.'\r\n'; $header = 'X-Mailer: PHP/' . phpversion(); $header = 'Content-type: text/html\r\n'; $message = '<html><body> <table> <tr><td>From:'.$customer.'</td></tr> <tr><td>Email:'.$email.'</td></tr> <tr><td>Contact No'.$contactinfo.'</td></tr> <tr><td style="center"><b>Message:</b></td></tr> <tr><td>'.$body.'</td></tr> </body></html>'; Regards, Abhishek hi
i want to use proxy in php with curl for scraping contet .but some proxy not suport post request .
plz tell me how to chek before use proxy post request suported or not also want proxy speed in ms..
plz help me out .
thanks .
Edited by ShivaGupta, 23 May 2014 - 04:49 PM. I was wondering if there was a way or if it's even possible to determine the type of a proxy using php. When I say type I mean http, socks4 or socks5. Using cURL I think it's safe to assume that if a proxy returns a code of 200 then that proxy is good and http, correct? However, how would I go about determining the type of proxies I have in a list, assuming they are good and socks4 and/or socks5? I was on a proxy and it didnt detect it, idk why. if(!empty($_SERVER['HTTP_X_FORWARDED_FOR']) || !empty($_SERVER['HTTP_X_FORWARDED']) || !empty($_SERVER['HTTP_FORWARDED_FOR']) || empty($_SERVER['HTTP_CONNECTION']) || $hostaddr == "." || stripos($hostaddr, "tor-exit") || !empty($_SERVER['HTTP_VIA']) || empty($_SERVER['HTTP_ACCEPT_ENCODING']) || in_array($_SERVER['REMOTE_PORT'], array(8080,80,6588,8000,3128,553,554)) ) { die('on Proxy'); Hello Is there any way to find out what is type of proxy? I mean Anonymous, Transparent etc. Guys, I recently came across this about using a tor socks proxy as a default proxy server in my local home network. So, to my centos-box, I've set the service up with a default soks-port 9050 and the local ip address of this machine is 10.10.1.5. Here's a part of the tor's config file:
SocksPort 10.10.1.5:9050
[jazz@centos-box ~]$ top -u jazz | grep tor 3413 jazz 20 0 76256 32m 9720 S 0.0 0.3 0:01.55 tor [jazz@centos-box ~]$ nmap -Pn 10.10.1.5 | grep 9050 9050/tcp open tor-socks Now, I'm completely able to use that socks proxy from the centos-box with my default browser / curl or whatever you want to be, but if I go to my laptop and set the proxy-socket up to its browser, I've got a message of "TOR is not an HTTP proxy" and half or more ( not all of them ) of my bookmarks web-sites don't work. However, a message when I'm running this service says: Sep 12 13:16:01.769 [notice] You configured a non-loopback address '10.10.1.5:9050' for SocksPort. This allows everybody on your local network to use your machine as a proxy. Make sure this is what you wanted. Sep 12 13:16:01.769 [notice] Opening Socks listener on 10.10.1.5:9050 Ideas? Edited by jazzman1, 12 September 2014 - 12:39 PM. |
|||||||