|
PHP - Blocking <script> In Php?
Well people who hate my site have been coming on and making a site with my site maker . And instead of filling in proper info they put <script> which redirects. And when they finish it saves into mysql and when i view the list of sites it redirects me to another site, Anyone know what can solve this?
Similar TutorialsHow can I block a text that contains only spaces? Right now I have done if ($body == "") { die("<font color='red'><font size='15'><strong><center>Your post did not contain any text!"); } But that's extremely insufficient, as any user can easily post " " Any ideas? Code: [Select] i have this to vlock bots out why is the pregmatch part receiving inserts of "http" ???? [cdoe] if (empty($_POST['Main']) && !empty($_POST['CustomerEmail']) && !preg_match("/http/i","$RequestText")) { mail($to, $subject, $message, $headers); $url_success = "confirmation.php"; echo("<meta http-equiv = refresh content=0;url=".$url_success.">"); } elseif (empty($email)) { exit(); } else { exit(); } Im not sure if this is the correct section so sorry for that in advance, i have this URL on my website inside an iframe: http://gorillavid.com/cna/zwzcpyvcfi7j What im wanting to do is somehow either remove all the ads that are shown, or make sure all of the ads are muted and cant make any noise. is this possible? Seany I have found that when I go to a page on my website, it can cause my IP to get blocked for 1/2 hour by their servers. I have confirmed this by using a proxy to see the site is still up and running. I contacted tech support for the server and after hours and hours of not being able to identify the issue, their tech support accused me of writing bad PHP code. The code has not changed, and this has been a recent issue with the server (last few months). The web page queries a SQL database and displays many small thumbnails. So I took the code from that page, trimmed it down to just get the contents of the image directory and display the thumbnails. Very basic, whereas before it queried the database for specific images, and created thumbnails on the fly. And so the very basic page (link below) without all that extra stuff STILL causes my IP to be blocked from the site when I access the page. http://www.1966-67chargerregistry.com/gallery/indexTest.php Can you guys confirm that it's not a coding issue? Sure I could split up the images onto multiple pages, but there should be nothing here that a decent server can't handle, right? All thumbnails are 2-3 kb and there's typically maybe 1000 of them. Thanks!!! Re-factored PHP code below: <html> <head><title></title></head> <body> <table align="center" width="1000"> <?php //get contents of image directory so we can look for existing images later in loop $filePath = '../66pics/seppics'; $imageFiles = scandir($filePath); $output = ''; $added = 0; //walk through each of the directory image results for($i = 0; $i < count($imageFiles); $i++) { //only display thumbnail images if(substr($imageFiles[$i], 0, 1) == 'T' && strlen($imageFiles[$i]) > 10) { //save each image in a table cell to write out later $output .= chr(13).'<td><center><img src="'.$filePath.'/'.$imageFiles[$i].'"></center></td>'; $added++; //write out 7 pictures on each table row if($added%7 == 0) { echo chr(13).'<tr>'.$output.chr(13).'</tr>'; $output = ''; } } } //end for loop //output final incomplete line if(strlen($output) > 0) { echo chr(13).'<tr>'.$output.chr(13).'</tr>'; } ?> </table></body></html> Could somebody please point me in the right direction.... I want to block the US, AUS, NZ, CAN, IRE from the index.php of my site. But not the rest of the site. The following site (like many others) provides a pretty neat list for the htaccess http://www.ipinfodb.com/ip_country_block.php I did a test. I got the list for blocking the UK. After copying the UK list to my htaccess i couldn't view my site. The thing i don't get is... my ip address was not in the list but i was still blocked, The 1st 2 sets from my ip are '2.100' The only ip's in the list starting with 2 a deny from 2.24.0.0/13 deny from 2.96.0.0/13 deny from 2.120.0.0/12 deny from 2.136.0.0/13 How exactly is this all working? And what's the best way of blocking the above countries from just my index.php? Any links to manuals or anything here would be great... Thank You. John im sure i am missing something simple. but this is killing me. i get this to work: Code: [Select] $url = (isset($_POST['url'])) ? $_POST['url'] : ''; $BlockedNames = array('nepwk', 'teleworm'); $BlockedDomains = array('nepwk.com', 'teleworm.com', 'yopmail.com', 'adf.ly', 'www.nepwk.com'); @list($name, $domain) = explode("http://", $url); else if(in_array($name, $BlockedNames) || in_array($domain, $BlockedDomains)) { $mesaj = "<div class=\"msg\"<div class=\"error\">Your URL has been blocked by our system!</div></div>"; } now the above works if i type the whole domain for every single url i want to block but i want to know is how would i add a catch all of sorts to the domain so say the domain is: http://www.google.com i want to block everything google so all of the following would be blocked as well http://www.google.com/whatever http://www.google.com/anything http://www.google.com/something i want all of those to be blocked automatically without having to add each individual one im trying to block adf.ly links which change for each person and each url they mask and i want to take proactive measure to just block them from being added into my form instead of having them added to my database then having to go and manually delete them. any questions or if this doesn't make sense let me know. thanks in advance (and maybe this is bad code im a noob so go easy ) This topic has been moved to Apache HTTP Server. http://www.phpfreaks.com/forums/index.php?topic=359622.0 I have around 14 script files for an admin page.
I am looking to block the access to 10 of them with .htaccess, so they can not get called up through the URL with the web browser, by for example guessing the name.
<Files index.php>
Order Allow,Deny
Allow from all
</Files>
How to set up, so I can have "those" 10 files in there?
Also, when comes to having an admin page and blocking the access to "those" script files is this the proper way to do it?
I would appreciate the suggestions a lot!
Edited by glassfish, 25 October 2014 - 11:06 AM. has anyone here ever seen these 2 sites?
IP DENY
TOR EXIT NODES with regard to the former, the domain has one page per country I believe. so, you can get listings for like say, China and Russia on these 2 pages: China: https://www.ipdeny.com/ipblocks/data/countries/cn.zone Russia: https://www.ipdeny.com/ipblocks/data/countries/ru.zone my question to folks here is, would this information be useful to me? I am putting together some website content that I do not want everyone in the world to see. And, it is possible that by some miracle, the sophisticated hacker world outside the USA will want to take it down and/or disrupt the service offerings of it if they find out that it exists. Anyone got any advice on whether these resources are even worth the effort to use? and if they are, what is the best way to leverage them? e.g. - when pulling info from the server DB to display content on the page, check this IP data first to see who they are and whether I will allow them or block them? thanks. Adam @requinix, I know we've talked about blocking illegitimate traffic before. and I know you said I can't ever get rid of all of it. but this is new info that I've run across. Just wondering what you guys think of this. =) I am using the ReactPHP event loop with periodic timer. The code works but the browser always shows that the activity is going on (the circle on the chrome tab is always running, refer the link to image below) and it runs only once. Is it possible to get rid of the running circle and still the periodic loop should run in loop at given intervals to execute the code within the loop. Please advise. Circle on the tab Below is my code, Note: **getAll($temp) is a function with parameter in another .php file. I have got the file as include in my current .php file.
$Loop=React\EventLoop\Factory::create(); $Loop->addPeriodicTimer(5, function(React\EventLoop\TimerInterface $timer) use(&$temp, $Loop, &$Total) { try{ $Total = getAll($temp); echo"<script>document.getElementById('Overall').innerText=".$Total."</script>"; }catch (Exception $e){ echo "Error in Loop"; throw $e; } }); Hi, I upgraded my XAMPP to the version 1.8.3 (win32) recently. Apache failed to start and I got the following error Hi everyone! I've been working on a php script to replace links that contain a query with direct links to the files they would redirect to. I'm having trouble echoing $year in my script. Listed below is the script, just below ,$result = mysql_query("SELECT * FROM $dbname WHERE class LIKE '%$search%'") or die(mysql_error());, in the script I try to echo $year. It doesn't show up in the table on the webpage. Everything else works fine. Any help wold be appreciated greatly. Thanks in advance. <?php include 'config2.php'; $search=$_GET["search"]; // Connect to server and select database. mysql_connect($dbhost, $dbuser, $dbpass)or die("cannot connect"); mysql_select_db("vetman")or die("cannot select DB"); $result = mysql_query("SELECT * FROM $dbname WHERE class LIKE '%$search%'") or die(mysql_error()); // store the record of the "" table into $row //$current = ''; echo "<table align=center border=1>"; echo "<br>"; echo "<tr>"; echo "<td align=center>"; ?> <div style="float: center;"><a><h1><?php echo $year; ?></h1></a></div> <?php echo "</td>"; echo "</tr>"; echo "</table>"; // keeps getting the next row until there are no more to get if($result && mysql_num_rows($result) > 0) { $i = 0; $max_columns = 2; echo "<table align=center>"; echo "<br>"; while($row = mysql_fetch_array($result)) { // make the variables easy to deal with extract($row); // open row if counter is zero if($i == 0) echo "<tr>"; echo "<td align=center>"; ?> <div style="float: left;"> <div><img src="<?php echo $image1; ?>"></div> </div> <?php echo "</td>"; // increment counter - if counter = max columns, reset counter and close row if(++$i == $max_columns) { echo "</tr>"; $i=0; } // end if } // end while } // end if results // clean up table - makes your code valid! if($i > 0) { for($j=$i; $j<$max_columns;$j++) echo "<td> </td>"; echo '</tr>'; } mysql_close(); ?> </table> Hi i have this upload script which works fine it uploads image to a specified folder and sends the the details to the database. but now i am trying to instead make a modify script which is Update set so i tried to change insert to update but didnt work can someone help me out please this my insert image script which works fine but want to change to modify instead Code: [Select] <?php mysql_connect("localhost", "root", "") or die(mysql_error()) ; mysql_select_db("upload") or die(mysql_error()) ; // my file the name of the input area on the form type is the extension of the file //echo $_FILES["myfile"]["type"]; //myfile is the name of the input area on the form $name = $_FILES["image"] ["name"]; // name of the file $type = $_FILES["image"]["type"]; //type of the file $size = $_FILES["image"]["size"]; //the size of the file $temp = $_FILES["image"]["tmp_name"];//temporary file location when click upload it temporary stores on the computer and gives it a temporary name $error =array(); // this an empty array where you can then call on all of the error messages $allowed_exts = array('jpg', 'jpeg', 'png', 'gif'); // array with the following extension name values $image_type = array('image/jpg', 'image/jpeg', 'image/png', 'image/gif'); // array with the following image type values $location = 'images/'; //location of the file or directory where the file will be stored $appendic_name = "news".$name;//this append the word [news] before the name so the image would be news[nameofimage].gif // substr counts the number of carachters and then you the specify how how many you letters you want to cut off from the beginning of the word example drivers.jpg it would cut off dri, and would display vers.jpg //echo $extension = substr($name, 3); //using both substr and strpos, strpos it will delete anything before the dot in this case it finds the dot on the $name file deletes and + 1 says read after the last letter you delete because you want to display the letters after the dot. if remove the +1 it will display .gif which what we want is just gif $extension = strtolower(substr($name, strpos ($name, '.') +1));//strlower turn the extension non capital in case extension is capital example JPG will strtolower will make jpg // another way of doing is with explode // $image_ext strtolower(end(explode('.',$name))); will explode from where you want in this case from the dot adn end will display from the end after the explode $myfile = $_POST["myfile"]; if (isset($image)) // if you choose a file name do the if bellow { // if extension is not equal to any of the variables in the array $allowed_exts error appears if(in_array($extension, $allowed_exts) === false ) { $error[] = 'Extension not allowed! gif, jpg, jpeg, png only<br />'; // if no errror read next if line } // if file type is not equal to any of the variables in array $image_type error appears if(in_array($type, $image_type) === false) { $error[] = 'Type of file not allowed! only images allowed<br />'; } // if file bigger than the number bellow error message if($size > 2097152) { $error[] = 'File size must be under 2MB!'; } // check if folder exist in the server if(!file_exists ($location)) { $error[] = 'No directory ' . $location. ' on the server Please create a folder ' .$location; } } // if no error found do the move upload function if (empty($error)){ if (move_uploaded_file($temp, $location .$appendic_name)) { // insert data into database first are the field name teh values are the variables you want to insert into those fields appendic is the new name of the image mysql_query("INSERT INTO image (myfile ,image) VALUES ('$myfile', '$appendic_name')") ; exit(); } } else { foreach ($error as $error) { echo $error; } } //echo $type; ?> I'm trying to use this script known as SimpleImage.php that can be found here <a href="http://www.white-hat-web-design.co.uk/articles/php-image-resizing.php">link</a> I'm trying to include what is on the bottom of the page to my existing script can anyone help me I've tried several ways but its not working. Code: [Select] <?php session_start(); error_reporting(E_ALL); ini_set('display_errors','On'); //error_reporting(E_ALL); // image upload folder $image_folder = 'images/classified/'; // fieldnames in form $all_file_fields = array('image1', 'image2' ,'image3', 'image4'); // allowed filetypes $file_types = array('jpg','gif','png'); // max filesize 5mb $max_size = 5000000; //echo'<pre>';print_r($_FILES);exit; $time = time(); $count = 1; foreach($all_file_fields as $fieldname){ if($_FILES[$fieldname]['name'] != ''){ $type = substr($_FILES[$fieldname]['name'], -3, 3); // check filetype if(in_array(strtolower($type), $file_types)){ //check filesize if($_FILES[$fieldname]['size']>$max_size){ $error = "File too big. Max filesize is ".$max_size." MB"; }else{ // new filename $filename = str_replace(' ','',$myusername).'_'.$time.'_'.$count.'.'.$type; // move/upload file $target_path = $image_folder.basename($filename); move_uploaded_file($_FILES[$fieldname]['tmp_name'], $target_path); //save array with filenames $images[$count] = $image_folder.$filename; $count = $count+1; }//end if }else{ $error = "Please use jpg, gif, png files"; }//end if }//end if }//end foreach if($error != ''){ echo $error; }else{ /* -------------------------------------------------------------------------------------------------- SAVE TO DATABASE ------------------------------------------------------------------------------------ -------------------------------------------------------------------------------------------------- */ ?> Hello, I stored a fsockopen function in a separate "called.php" file, in order to run it as another thread when it needs. The called script should return results to the "master.php" script. I'm able to run the script to get the socket working, and I'm able to get results from the called script. I tried for hours but I can't do the twice both My master.php script (with socket working): Code: [Select] <?php $command = "(/mnt/opt/www/called.php $_SERVER[REMOTE_ADDR] &) > /dev/null"; $result = exec($command); echo ("result = $result\r\n"); ?> and my called.php script Code: [Select] #!/mnt/opt/usr/bin/php-cli -q <?php $device = $_SERVER['argv'][1]; $port = "8080"; $fp = fsockopen($device, $port, $errno, $errstr, 5); fwrite($fp, "test"); fclose($fp); echo ("normal end of the called.php script"); ?> In the master script, if I use Code: [Select] $command = "(/mnt/opt/www/called.php $_SERVER[REMOTE_ADDR] &) > /dev/null"; the socket works, but I have nothing in $result (note also that I don't anderstand why the ( ... &) are needed!?) and if I use Code: [Select] $command = "/mnt/opt/www/called.php $_SERVER[REMOTE_ADDR]"; I have the correct text "normal end of the called.php script" in $result but the socket connection is not performed (no errors in php logs) Could you help me to find a way to let's work the two features correctly together? Thank you. hey guys im really just after a bit of help/information on 2 things (hope its in the right forum).
1. basically I'm wanting to make payments from one account to another online...like paypal does...im wondering what I would need to do to be able to do this if anyone can shine some light please?
2.as seen on google you type in a query in the search bar and it generates sentences/keywords from a database
example:
so if product "chair" was in the database
whilst typing "ch" it would show "chair" for a possible match
I know it would in tale sql & json but im after a good tutorial/script of some sort.
if anyone can help with some information/sites it would be much appreciated.
Thank you
Well the subject line is pretty explicit. I found this script that uploads a picture onto a folder on the server called images, then inserts the the path of the image on the images folder onto a VACHAR field in a database table. Code: [Select] <?php //This file inserts the main image into the images table. //address error handling ini_set ('display_errors', 1); error_reporting (E_ALL & ~E_NOTICE); //authenticate user //Start session session_start(); //Connect to database require ('config.php'); //Check whether the session variable id is present or not. If not, deny access. if(!isset($_SESSION['id']) || (trim($_SESSION['id']) == '')) { header("location: access_denied.php"); exit(); } else{ // Check to see if the type of file uploaded is a valid image type function is_valid_type($file) { // This is an array that holds all the valid image MIME types $valid_types = array("image/jpg", "image/jpeg", "image/bmp", "image/gif"); if (in_array($file['type'], $valid_types)) return 1; return 0; } // Just a short function that prints out the contents of an array in a manner that's easy to read // I used this function during debugging but it serves no purpose at run time for this example function showContents($array) { echo "<pre>"; print_r($array); echo "</pre>"; } // Set some constants // This variable is the path to the image folder where all the images are going to be stored // Note that there is a trailing forward slash $TARGET_PATH = "images/"; // Get our POSTed variable $image = $_FILES['image']; // Sanitize our input $image['name'] = mysql_real_escape_string($image['name']); // Build our target path full string. This is where the file will be moved to // i.e. images/picture.jpg $TARGET_PATH .= $image['name']; // Make sure all the fields from the form have inputs if ( $image['name'] == "" ) { $_SESSION['error'] = "All fields are required"; header("Location: member.php"); exit; } // Check to make sure that our file is actually an image // You check the file type instead of the extension because the extension can easily be faked if (!is_valid_type($image)) { $_SESSION['error'] = "You must upload a jpeg, gif, or bmp"; header("Location: member.php"); exit; } // Here we check to see if a file with that name already exists // You could get past filename problems by appending a timestamp to the filename and then continuing if (file_exists($TARGET_PATH)) { $_SESSION['error'] = "A file with that name already exists"; header("Location: member.php"); exit; } // Lets attempt to move the file from its temporary directory to its new home if (move_uploaded_file($image['tmp_name'], $TARGET_PATH)) { // NOTE: This is where a lot of people make mistakes. // We are *not* putting the image into the database; we are putting a reference to the file's location on the server $sql = "insert into images (member_id, image_cartegory, image_date, image) values ('{$_SESSION['id']}', 'main', NOW(), '" . $image['name'] . "')"; $result = mysql_query($sql) or die ("Could not insert data into DB: " . mysql_error()); header("Location: images.php"); echo "File uploaded"; exit; } else { // A common cause of file moving failures is because of bad permissions on the directory attempting to be written to // Make sure you chmod the directory to be writeable $_SESSION['error'] = "Could not upload file. Check read/write persmissions on the directory"; header("Location: member.php"); exit; } } //End of if session variable id is not present. ?> The script seems to work fine because I managed to upload a picture which was successfully inserted into my images folder and into the database. Now the problem is, I can't figure out exactly how to write the script that displays the image on an html page. I used the following script which didn't work. Code: [Select] //authenticate user //Start session session_start(); //Connect to database require ('config.php'); $sql = mysql_query("SELECT* FROM images WHERE member_id = '".$_SESSION['id']."' AND image_cartegory = 'main' "); $row = mysql_fetch_assoc($sql); $imagebytes = $row['image']; header("Content-type: image/jpeg"); print $imagebytes; Seems to me like I need to alter some variables to match the variables used in the insert script, just can't figure out which. Can anyone help?? Hi, I am trying to run two scripts on one page. When I use just one script on the page they work however when I place both scripts on the same page one of them disrupts the other script. This script prevents the other following script from working: Code: [Select] ini_set('display_errors', 1); error_reporting(-1); { $query = "SELECT * FROM answers ORDER BY `aid` DESC LIMIT 0, 11"; } $result = mysql_query($query); while($row = mysql_fetch_assoc($result)) { $answer = $row['answer']; $aid = $row['aid']; echo " <div class='questionboxquestion'> <a href= 'http://www.domain.co.uk/test/easy/answer.php?aid=$aid' class='questionlink'>$answer</a> </div> <div class='questionboxnotes'> </br> </div> <div class='questionboxlinks'> <div class='questionboxcategory'> <div class='questionboxcategorytitle'> Category: </div> <a href= 'http://www.domain.co.uk/test/easy/furniture-category.php' class='questionanswerlink'></a> </div> <div class='questionboxanswerlink'> <a href= 'http://www.domain.co.uk/test/oeasy/index.php' class='questionanswerlink'>Answer</a> </div> </div> "; } Code: [Select] <?php if($error) echo "<span style=\"color:#ff0000;\">".$error."</span><br /><br />"; ?> <label for="username">Username: </label> <input type="text" name="username" value="<?php if($_POST['username']) echo $_POST['username']; ?>" /><br /> <label for="password">Password: </label> <input type="password" name="password" value="<?php if($_POST['password']) echo $_POST['password']; ?>" /><br /> <label for="password2">Retype Password: </label> <input type="password" name="password2" value="<?php if($_POST['password2']) echo $_POST['password2']; ?>" /><br /> <label for="email">Email: </label> <input type="text" name="email" value="<?php if($_POST['email']) echo $_POST['email']; ?>" /><br /><br /> <input type="submit" name="submit" value="Register" /> How would I go about making it to where,, I can tell the script to use a certain extension of php in the script like curl.. ? Thanks |
|||||||