PHP - Allowing Php Include
I've set up a staging server with Ubuntu 14.04, Apache, PHP, and MySQL, and I'm having a configuration issue that I need to resolve.
index.html uses a server side include. I was required to change the shtml file it references to a php file, but it's not working properly.
When my webpage uses the code:
<?php include ("footer.shtml"); ?>
then the page loads correctly
However, when I change it to:
<?php include ("footer.php"); ?>
then I instead see a message stating,
"This attachment was removed because it contains data that could pose a security risk."
I can't determine which configuration file I need to change, and what the change needs to be.
Similar TutorialsI was wondering if there was a way to allow users to input there own HTML and CSS in like a members only site using PHP? If so, how would it be done? Hey, I've created a messaging system for my site and I'm trying to make it so that a copy of the original message is included and automatically put into the message content box when somebody clicks to reply. I've done this literally just by making the "reply" button into a form which also posts the content of the message from the previous page and puts it into the content box. However I have some issues with it: firstly, wherever ' is used, it becomes \' and wherever " is used, the whole of the rest of the message is blanked out. Can anybody point me in the direction of the solutions I might need to make it so that ' and " both appear normally without cutting the rest of the message off? Thanks in advance & let me know if anything is missing! Would someone tell me how to allow foreign letters, normal english letters and numbers using the preg_replace php function? .dropbtn { background-color: #4CAF50; color: white; padding: 10px; font-size: 16px; border: none; } .dropdown { position: relative; display: inline-block; } .dropdown-content { display: none; position: absolute; background-color: #f1f1f1; min-width: 800px; box-shadow: 0px 8px 16px 0px rgba(0,0,0,0.2); z-index: 1; } .dropdown-content img { width: 32px; height: 32px; margin: 3px; position: relative; float: left; } .dropdown-content a { color: black; padding: 12px 16px; text-decoration: none; display: block; } .dropdown-content a:hover {background-color: #ddd;} .dropdown:hover .dropdown-content {display: block;} .dropdown:hover .dropbtn {background-color: #3e8e41;} /* HIDE RADIO */ [type=radio] { position: absolute; opacity: 0; width: 0; height: 0; } /* IMAGE STYLES */ [type=radio] + img { cursor: pointer; } /* CHECKED STYLES */ [type=radio]:checked + img { outline: 2px solid #f00; } <div class="dropdown"> <button class="dropbtn">Dropdown</button> <div class="dropdown-content"> <form name="form" action="icons-submit/submit_icon-default.php" method="post"> <input type="radio" id="icon_default" name="icon_default" value="icons/default.jpg" onchange='if(this.value != 0) { this.form.submit(); }'> <img src="icons/default.jpg"> <input type="text" id="id" name="id" value=" . $row['id'] . " style="background: transparent;border: none;font-size: 0;"> </form> <form name="form" action="icons-submit/submit_icon-default.php" method="post"> <input type="radio" id="icon_default" name="icon_default" value="icons/default.jpg" onchange='if(this.value != 0) { this.form.submit(); }'> <img src="icons/default.jpg"> <input type="text" id="id" name="id" value=" . $row['id'] . " style="background: transparent;border: none;font-size: 0;"> </form> <form name="form" action="icons-submit/submit_icon-Grass_Block.php" method="post"> <label> <input type="radio" id="icon_grass-block" name="icon_grass-block" value="icons/Grass_Block.png"onchange='if(this.value != 0) { this.form.submit(); }'> <img src="icons/Grass_Block.png"> </label> <input type="text" id="id" name="id" value=" . $row['id'] . " style="background: transparent;border: none;font-size: 0;"> </form> <form name="form" action="icons-submit/submit_icon-gear.php" method="post"> <label> <input type="radio" id="icon_gear" name="icon_gear" value="icons/Gear.png"onchange='if(this.value != 0) { this.form.submit(); }'> <img src="icons/Gear.png"> </label> <input type="text" id="id" name="id" value=" . $row['id'] . " style="background: transparent;border: none;font-size: 0;"> </form> </div> </div>
There are websites like Soundcloud, Soundclick, MySpace and more.
The Question:
How to not get a law suite as a website owner when copyright protected music or in other words music from the retail has gotten uploaded?
Will moderating it and having it frequently taken down do the job?
I know that the users themselves could get researched too. The site owner could get requested to give out IP addresses. Though, I kept this separately from that question.
I basically would be looking to be safe and not get a law suite.
I would appreciate the suggestions a lot.
Hy! Any help on this topic would be much appreciated. Here is the deal. I need to redirect some countries to another URL. But I need to allow a free access for search engine's bots even if they come from those countries. Here is what I did until now: Used MaxMind PHP API and databases to establish redirect. And then tried to modify the code to redirect ONLY if user is from blocked country AND IS NOT allowed crawler... suprise suprise, it's not working as I imagined:)! Here is the code so far: #!/usr/bin/php -q <?php // This code demonstrates how to lookup the country by IP Address include("geoip.inc"); // Uncomment if querying against GeoIP/Lite City. // include("geoipcity.inc"); $gi = geoip_open("GeoIP.dat",GEOIP_STANDARD); $country = geoip_country_code_by_addr($gi, $_SERVER['REMOTE_ADDR']); geoip_close($gi); $my_countries = array('de', 'se', 'no', 'ee', 'it', 'lv', 'cz', 'dk', 'sk', 'at', 'ch', 'lu', 'nl', 'es', 'hu', 'sg', 'gr', 'ua', 'fi', 'ru', 'cn', 'hk', 'my', 'id', 'us', 'ar', 'mx', 'ec', 'cr', 'py', 'br'); $allowed_spiders = array('Googlebot', 'Yammybot', 'Openbot', 'Yahoo', 'MSNbot', 'Ask Jeeves', 'Teoma', 'Architext spider', 'FAST-WebCrawler', 'Slurp', 'Yahoo Slurp', 'ia_archiver', 'Scooter', 'crawler@fast', 'Crawler', 'InfoSeek sidewinder', 'Lycos_Spider_(T-Rex)'); $agent_name = $_SERVER['HTTP_USER_AGENT']; if (in_array(strtolower($country), $my_countries)) { foreach($allowed_spiders as $s){ if(!strpos($s,$agent_name)){ header('Location: www.REDIRECT URL.com'); } } exit; } ?> How I imagined this code should work is: First check from where is user coming. Then compare GeoIP shortcode for country to shortcodes for banned countries. AND then if traffic is indeed from banned country also check if user agent name has anything in it from an array of allowed spider names (Googlebot can be Googlebot, or Googlebot/2.1 for an example). And if it's not allowed spider then redirect user to another address. I tried many variations of this but nothing seems to work. Each time that I tried to fetch page as a googlebot in webmaster, I got 302 redirection. Any help or guidance here MUCH appreciated. Thank you PHP JEDI in advance !! I would like to allow special characters in my script like: ஆஇஊஎஐஓ But I don't want to allow HTML like: <b>bold</b> At first I was using htmlentities() when PRINTING OUT (NOT when or before inserting in the query) . Data shows up in MySQL as ᇋᇄᇝᇠᇤᇢᇦ And it was also printed out that way, I'd like to have it translated into it's actual form (ஆஇஊஎஐஓ), yet I don't want <b>bold</b> to be translated as well, I want it to stay <b>bold</b> Is there any way I can do this? I also tried htmlspecialchars() but that didn't do the trick either. If you need script examples let me know. EDIT: To bring it to the point, I want it to be just like in this forum post. The special chars are showing up, and the html is just being printed as <b></b>. Hello Guys, I check the price field on the server side and I am trying to figure out how to allow a comma in the price field example 2,300 Here is the code I use to check the price. Code: [Select] function check_Price($price,$member_id,$description,$ip){ if (isset($price) && (!is_numeric($price))) { do something here } } Thanks in Advance! Dan Hey guys, OK, so actually I have two questions that are kind of related. The first one is how I can allow users to use <i>, <b>, <strong> tags when submitting information in a form. I would like to allow certain tags so they can emphasize things in their text, but I still want to strip the rest for security reasons. I tried using strip_tags() with some exceptions as a second parameter, but as far as I understand, that just allows them to be displayed as text, not for the browser to make text bold for instance. Below is what I have now. function stripdata($data) { return trim(htmlentities(stripslashes($data), ENT_QUOTES)); } echo stripdata($someDataFromMySQL); I also want to ask if the solution above is 100% safe so that users can not submit malicious code that can execute when users' visit a page of mine that displays that code. Thank you in advance. hi i was wondering how i would make a website that allowed a user to login and edit there website ... like im a hoster and they can have a webpage on my server... how would i do this? allow them to create a database , and use all types of code? please help me this is important , if i didnt explain good enough please tell me I have text with an apostrophe (Bill's car) that has been encrypted and decrypted, then inserted into a database. After it is decrypted but before inserting it, I process it with $field1 = mysqli_real_escape_string($cxnA, $field1) When I insert the field and view it in MySQL Query Browser, it shows the converted apostrophe: Bill's car When I select on the field Code: [Select] select * from table1 where field1='Bill\'s car'this returns no records I have to use Code: [Select] select * from table1 where field1='Bill's car'to get the record, which is very inconvenient If I display this field in a browser using <input type='text' name=field1 value='".htmlentities($field1Value, ENT_QUOTES, 'UTF-8')."' maxlength='50'> I get - Bill's car - in the browser, which is not what I want. I have to use <input type='text' name=field1 value='".htmlspecialchars_decode(htmlentities($field1Value, ENT_QUOTES, 'UTF-8'), ENT_QUOTES)."' maxlength='50'> to get Bill's car to display. The strange thing is that when I echo field1 before it is inserted, it shows Bill's car. I have even tried the following to get it to insert the proper value: $field1 = htmlspecialchars_decode(mysqli_real_escape_string($cxnA, $field1), ENT_QUOTES); but this doesn't work either. How do you prevent this from happening? Thanks. I know the title is a bit confusing but I wasn't exactly sure how to describe my issue and none of my numerous searches online and here returned any positive results for a solution. What I'm trying to do is allow a user to 'choose' one set from multiple sets of numbers for inclusion into the database. The image below should with the visualization of my goal. As you can see from the above image, there's a "button" to the right that states "keep this set". My goal is to allow the user to click the button and the corresponding set of values is then entered into the database as a string (the values aren't being used in any calculations afterwards just being displayed on screen.) The following code below works for auto-insertion if there's only one set generated but nothing I've attempted so far works when it comes to allowing the user to choose one set they'd like entered. <?php additional code here... echo '<table><tr><td>'; for($i=1; $i<=$Sets; $i++){ $Stat_Results = GenStats($uId, $StartSet, $SetOption); echo "Stat values for ".$SetGenerated[$i]; foreach($Stat_Results as $key => $DisplayStats){ echo $DisplayStats.', '; } if($Sets == 1){ $SetResults = implode(',',$Stat_Results); DB_Insert($uId, $SetResults, $TimeStamp); }else if($Sets >= 2){ echo "</td><td> => <input type='button' name='submit' value='keep this set'></td> <tr><td>"; } } echo '</td></tr></table>'; ?> html below here....Variables: $sId, $StartSet, $SetOption, $Sets, $uId, and $TimeStamp are all set in a section not shown in this snippet. I've tried Javascript but too be honest, I'm not all that familiar with it (though I am trying to become more fluid in it) and I've went so far as to try to create the multiple sets as a dropdown box thinking the user could simply select it from there and it be treated as a dynamic form and php would do the rest. But that didn't work either. The form button for submission is the remnant of the <select> list I tried to generate. The form is no longer there. I left the button in to generate the image you see above and has since been removed from the actual code. I admit, I'm stuck and need some guidance because I can't seem to make this work no matter what I do. I realize $Stat_Results is a multidimensional array and contains all the values of each set in their respective array, but so far, I'm at a stand still on properly retrieving those values for insertion. Thanks to all who read and attempt to help! Edited by Cryotech, 01 December 2014 - 03:08 PM. My server is Linux/Apache/PHP.
When a file is uploaded, I use PHP's finfo_open to confirm that the file have the correct file extension matches and delete them if it doesn't match. I also which file mimi types and size could be uploaded.
Things I do with the files include:
Upload user's files and store them in some public directory (/var/www/html/users_public_directory/), and allow other users to directly download them.
Upload user's files and store them in some private directory (/var/www/users_private_directory/), and allow other users to download them using X-Sendfile.
Upload user's ZIP files and convert them to PDF files (unzip the ZIP file, and uses Libreoffice and Imagemagick's convert to convert them to PDFs).
From the server's prospective, what are the risks of allowing users to upload files? Are there some file types which are more dangerous to the server? Could they be executed on the server, and if so, how could this be prevented?
CanI put one INCLUDE statement INSIDE of another INCLUDE statement? Hi Still a new comer when it comes to PHP. I have a situation where I want to use an include within an include and I am having trouble with my file paths. My main header include, includes everything for each page of my site, beyond the opening of the body to incorporate my navigation etc conditionally loading in css, and loading in titles and meta data etc depending on the page in question. This header needs to reference another include called the-pod.php which is required for every page, the only trouble is I want to use / to reference the root of the server and this is breaking my code. I can't use ../../ etc as its a different path depending on where the master file is located. So my question is how do I get around this? Can the root of the server or path to the root be stored in a variable? and if so how would I write this. Any tips / advice will be greatly appreciated. Hi Guys.. Merry Christmas Im kinda new to this fantastic world of PHP and i have a little problem i hope you can help me with. Im trying to build a website where I use include() to genereate my content. On my index.php i have a menu which includes content in a content div from external .php pages, my structure kinda goes like this.. (simplified) site/ index.php content/ fronpage.php products.php contact.php The HTML looks like this. <div id="menu"> <ul> <li><a href="index.php?page=frontpage">frontpage</a></li> <li><a href="index.php?page=products">frontpage</a></li> <li><a href="index.php?page=contact">frontpage</a></li> </ul> </div <div id="main"> <?php include('/content/'.$_GET['page'].'.php'); ?> </div> This all works very fine, but my problem is, can I have a include inside an already included page? I would like to have a menu on my products.php site, but that page is already included from above, and i would like the menu on the products.php site to stay as the content from the nested include changes with input from the /products folder. my idea was something like this. site/ index.php content/ frontpage.php products.php contact.php products/ product1.php product2.php the HTML on the index.php is the same as above and then i would add the include() on the products.php page, so its kinda the same thing, but one inside the other. HTML inside the products.php folder <div id="sub_menu"> <ul> <li><a href="#">frontpage</a></li> <li><a href="#">frontpage</a></li> <li><a href="#">frontpage</a></li> </ul> </div <div id="sub_main"> <?php include('/content/products'.$_GET['#'].'.php'); ?> </div> I dont know how to link to the new files so they will be included while the first include still stays on the page. Any of you know how and if this can be done? Or maybe at better way to do it? Hope this made sense, my first PHP question Thanks I am trying to allow the user to update a variable he chooses by radio buttons, which they will then input text into a box, and submit, to change some attributes. I really need some help here. It works just fine until I add the second layer of variables on top of it, and I can't find the answer to this question anywhere. <?PHP require('connect.php'); ?> <form action ='' method='post'> <select name="id"> <?php $extract = mysql_query("SELECT * FROM cars"); while($row=mysql_fetch_assoc($extract)){ $id = $row['id']; $make= $row['make']; $model= $row['model']; $year= $row['year']; $color= $row['color']; echo "<option value=$id>$color $year $make $model</option> ";}?> </select> Which attribute would you like to change?<br /> <input type="radio" name="getchanged" value="make"/>Make<br /> <input type="radio" name="getchanged" value="model"/>Model<br /> <input type="radio" name="getchanged" value="year" />Year<br /> <input type="radio" name="getchanged" value="color" />Color<br /><br /> <br /><input type='text' value='' name='tochange'> <input type='submit' value='Change' name='submit'> </form> //This is where I need help... <?PHP if(isset($_POST['submit'])&&($_POST['tochange'])){ mysql_query(" UPDATE cars SET '$_POST[getchanged]'='$_POST[tochange]' where id = '$_POST[id]' ");}?> I have code written for image uploading, but it doesn't allow multiple images on a single upload, and doesn't re-size. Anyone willing to share a good upload script that will do the following?: -Allow multiple image uploads (10+ per submission), -Re-size images on upload, and -Rename images. Thanks Brett I havent included the whole title as it wouldnt let me but I was wondering if someone could help me on this? I know this is possible as torrentflux caters for this but unsure of where to start. I dont want to allow file or directory uploads or creation in my /etc/php.ini file (this is turned off). Yet then torrentflux allows me to link a torrent from an external source (using legal downloads of course ) but then it uploads it on my server and creates folders on a per user basis. How is this possible can someone give me some pointers please? I look forward to any replies, Jeremy. When I put this above all else in my document and test it offline, all I see is code in the browser. But when I test it on my web server, I can view the markup and whatnot. Does anyone know why this is? |