| |
| |
| |
|
Page: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29
Comments:
<0> PHP is server side, they would have to hack into the server computer through a back door or something in order too.
<0> And every AV can catch a back-door virus, they are all RootKits.
<1> Donkano: Well, yeah, but isn't that where the p***word is stored in the first place? On the server computer through a back door.
<2> not every :)
<3> jmut, sort of, trying to get '-3' to look like "GMT-03' or '10' to look like 'GMT+10' with the least amount of coding, thought sprintf('GMT%+02d",value) would have done the trick
<0> Every backdoor virus I ever heard of was a RootKit.
<3> The '+' directs it to show either + or - and the 02 means to pad to 2 digits with zeros
<0> Anyway, I am going to bed.
<3> Both work in isolation, but not combined together
<4> richardlynch" it says unexpected "," in line 10
<4> http://24.117.96.59/upload/testopen2.php
<3> ItR20, http://pastebin.com/752868
<4> Parse error: syntax error, unexpected ',' in C:\xampp\htdocs\UPLOAD\testopen2.php on line 10
<2> go to line 10, and make sure there are no ,'s that aren't quoted
<1> SquidWard_: Change print to echo.
<5> how can i let a user select a file then put the contents of it into a database?
<3> mmiikkee12, that's a rather big question
<4> richardlynch: thanks man, i think ive got it from here
<5> Wolfie7AU, um, another version: how can i get the contents of a user-selected file (on their hd, not the server's)?
<1> mmiikkee12: Search http://php.net for "file upload feature" And don't put the file in the db, but store it on the server, outside the webtree, and put the path to it in the db.
<1> ltR20: You still here?
<4> richardlynch: actually, all you did was undue my work and take a shortcut, i was trying to identify the directories and files and then have the directories print before the files
<1> mmiikkee12: They HAVE to do a file upload. You cannot read the files on my hard drive!
<1> SquidWard_: Aha! Hold on.
<1> ltR20: http://l-i-e.com/ltR20/ http://l-i-e.com/ltR20/index.phps I think your config.php is the problem.
<5> richardlynch, i know. but can i check the contents of that file first to make sure it's valid?
<5> (and not a hacking attempt or anything)
<1> mmiikkee12: That's why we have http://php.net/is_uploaded_file and you can the check what is in there BEFORE you do anything with it.
<4> richardlynch: do you need me to post it again?
<1> SquidWard_: http://php.pastebin.com/752872
<4> bah, not in an array
<1> SquidWard_: You want to collect all the directories into some common container. PHP has only two aggregate data structures. Array and Object.
<4> http://24.117.96.59/upload/opendirectory.php
<1> SquidWard_: If you don't want to use those, use $directory .= and then you can echo out just $directory.
<4> i did that on my own, i was only trying to get the directories up top
<4> and files on bottom
<4> i attempted at the dir scan and for them to be named $directory all the others would be named $file
<4> then to print $directory before $file
<4> that was the original i sent you
<1> SquidWard_: http://php.pastebin.com/752876
<4> richardlynch: http://24.117.96.59/upload/testopen2.php
<4> thats the output i had and was hoping you could fix, that is the one u just sent me
<4> you*
<1> SquidWard_: Get rid of the dang ' in the last two echo lines.
<4> richardlynch: sorry i was unclear with what i was aiming at, but its perfect now, thanks a lot for your patients
<1> SquidWard_: No worries: But for your own sake, in the future, show us the "working" version, and say what you want changed. Could saved you hours, man.
<4> haha thanks for the tip/knowledge
<6> COME TO PAPA!
<7> LOL - hubba hubba baby
<1> You guys got bots to toss out these remarks when it's too quiet or what? :-)
<7> nope - they just let Jymmm make fun of me and my big butt
<8> Can someone have a look at this for me pls ... I've been staring at it for a while now ... http://pastebin.com/752897
<9> Okie- got a little job for me. Write a function that strips out all non-alphanumeric characters from a string. $10.
<8> who's Okie ?
<9> Okie = okay.
<1> rixth: $alph = preg_replace('/[^a-z0-9]/i', '', $alph);
<9> Coulda sweared I tried that. Want your $10?
<7> why write a function when you can use regex
<9> Well, a function that uses regex.
<1> rixth: Go buy a CD, any CD, from http://cdbaby.com
<1> rixth: Go buy a CD, any CD, from http://cdbaby.com/browse/from/lynch
<1> That second one gets me a whole dollar from the sale.
<9> richardlynch, from buying any CD?
<7> expensive aren't ya richardlynch
<7> hehe
<1> Every CD you buy within 24 hours of that URL, from CDBaby, I get a buck.
<9> richardlynch, my mum buys a lot of stuff from CD Baby, if she can get everything and give you a commission on all of it, she'd be happy to.
<1> lig: Hey, he offered!
<9> I'm not in the USA though, and I don't have a creditcard.
<1> rixth: Just tack on /from/lynch to any URL, and it will show "from lynch" in the TITLE, and I get the buck.
<9> Awesome, I'll tell Mum.
<1> rixth: He'll ship to any country except that one where the Post Office is so corrupt, it's all stolen before it gets there.
<7> hm - sounds like Guam :)
<1> rixth: I think he'll also take a check, if you don't mind waiting.
<6> guam ****s
<9> Paypal?
<1> Not Guam. Cambodia? It's next door to India.
<9> Yes, paypal.
<1> He lost a few hundred bucks over several orders before he just gave up on the whole country.
<1> babo: Your first problem is that you are building query after query after query... And then execute only the last one.
<9> Shipping to New Zealand is $7 =(
<1> rixth: This was where the Post Office workers order the CDs to fake addrs to steal them. God knows why, when so many Indies have such a tough time sellling them in the first place, you have to wonder where they find an outlet to sell them...
<8> richardlynch: cambodia isn't next to india ... I've been there though, and it's really corrupt ...
<1> babo: Whatever I'm thinking of, it's next to India, almost for sure... I could ask him next time I communicate.
<1> rixth: Just have your mom do the /from/lynch thing. It's all good.
<1> I think I need to boot us all :-)
<9> Happy to do it. And thanks for the regex.
<10> hey guys, I'm worried about security on this form I wrote
<10> I want to allow people to just upload to a temp place on my site
<10> But I need to filter certain files, like PHP and such.
<1> rixth: For better value, you could search for 3 $5 CDs and see if shipping is cheaper/same on 3 then 1... $5 specials from homepage, I think.
<8> richardlynch, yes but the statement only gets executed one time ... it should work ...
<10> The thing is I don't know exactly which files to filter... any suggestions?
<1> babo: So you have a loop for no real reason? Okay. Should work. What's the not working part?
<1> Sages: What kind of files are you EXPECTING?
<10> I have, .php, .pl, .cgi but I'm sure there must be more
<10> images, zip files
<1> Sages: The images, by definition, should respond well to http://php.net/getimagesize
<8> richardlynch: the db entry returns false. Although the sql statement itself if perfect ...
<1> That will make sure that at least the frist N bytes LOOK like an image.
<10> so you're saying I should have an approved list instead of an ignored list?
<10> I guess that makes sense
<1> Similarly, PHP could have zip extension compiled in, and you can unzip the file to be SURE it's a zip, and then check each file within it to be SURE it's an image -- Or at least that the first N bytes are.
<10> well the thing is it isn't just for images
<1> Sages: It's ALWAYS better in security to say "This is allowed, and nothing else" then "These are all the things I think are bad, but I'm sure I missed some"
<10> basically I want everything except images
<10> err
<11> Or check the extension and ***ume the people ont he server arn't idiots.
<10> I see
<12> I'm planning to add a few ajax-features in a project. there seems to be a lot of them available, so could anyone recommend a good ajax cl***?
<10> I'm basically copying a friends idea - http://andyc.org/media/upload.php
<10> very simple
<1> Sages: Viruses and executables are not images. You want those? :-) You really should try to list all the kinds you DO want, and be as stringent as you can to make sure they are the kind you want.
<10> I think I agree with you though richardlynch
<11> I'm encountering a problem with == and boolean vars, please see: http://pastebin.com/752907
<11> And http://freeone3000.be:8080/ for the full script, not just that nice pared-down case...
<1> babo: Echo out mysql_error() just to see what it says.
<13> Anyone willing to help me shorten/clean up http://pastebin.com/752888?
<14> can a salt used with crypt-md5 contain non-alphanumeric characters?
<1> kamoricks: Echo out $file just BEFORE the false is echoed out. Perhaps it doesn't have what you think it has. And then it ends up being blank. And then when you echo it out, well, it's still blank. Or the preg may be wiping it all out.
<11> Yeah, $file contains text...
<11> Achd, just noticing for the ones that SHOULD print true are also printing false. Quite odd.
<15> quick question: how does e-commerce usually work for medium sized sites? do they auto process the credit card charge or do they just store the credit info to be processed by ppl later?
<1> kamoricks: Tell us exactly what is in $file, and the PCRE variables.
<1> samuel: NEVER store the damn credit card! :-)
<15> richardlynch, lol, true, but!... how is it usually done? by sites...?
<11> richardlynch: $file contains a directory name, and ...PCRE? $banner_found, I'm ***uming. $banner_found's a boolean, initially false, but changed if a banner is found to true... Which is probably giving a scoping problem, now that I look at it a bit harder.
<1> samuel: Obviously, somebody somewhere does have to store it, but leave that to experts at HUMUNGOUS banks with the resources to fight off an army.
<1> kamoricks: I'm asking about $to_repl, $replacements variables.
<11> richardlynch: I set it well before it's used to false. I change it about 6 indents over to true. The change should be visible, right?
<11> richardlynch: Ah, for $to_repl, it's array('_', '/'), and for $replacements it's array(' ', '')
<15> richardlynch, so how do medium and small sized sites do e-commerce? is there an api to interface with bank charging programs?
<16> if i ahve a variable $i that ranges from 0 to 9, and i want to display it as 00 - 09
<1> samuel: Bingo. And there are PHP scripts and shopping carts wrapped around those.
<16> how do it as efficient as possible
<1> TestiCalls: http://php.net/sprintf
<16> i know of printf, anything else
<11> ...What's wrong with printf?
<16> just curious if there's anything else
<11> '0'.$i.
<11> But that doesn't work too well for larger values.
<16> well ok i lied, i tcould go past 10
<16> right
<15> richardlynch, you wouldnt happen to know of any such php scripts would you? are there any open source scripts?
<17> str_pad()
<1> samuel: You can google for "PHP Shopping cart" but they all ****. :-v
<18> oscommerce... but, well.
Return to
#php
or
Go to some related
logs:
ubuntu hang enterprise volume management
wine compatible flstudio
#python
hardening xubuntu
#ubuntu
ubuntu samba amarok can't find
#centos
Debian VITESSE VSC8201 LAN
#lisp
rar non-free xubuntu
|
|