Need a second set of eyes to look at a code

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

User avatar
Assured99
Forum Commoner
Posts: 81
Joined: Wed Jul 12, 2006 11:48 am
Location: California

Need a second set of eyes to look at a code

Post by Assured99 »

Pimptastic | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]


Hey Folks im back again im having an issue with getting a script to execute mabye a new set of eyes would help. when i add this to teh top of the page i want to secure it outputs the code and does not execute it 
What am i Missing???

Code: Select all

<?php

$abs = getcwd();
$viewer = $HTTP_USER_AGENT;

echo "<?php<br><br>
//prevents caching<br>
header(\"Expires: Sat, 01 Jan 2000 00:00:00 GMT\");<br>
header(\"Last-Modified: \".gmdate(\"D, d M Y H:i:s\").\" GMT\");<br>
header(\"Cache-Control: post-check=0, pre-check=0\",false);<br>
session_cache_limiter();<br>
session_start();<br>
<br>";

if (preg_match("/Windows NT/", $viewer))
{
	echo "require('$abs/secure/config.php');<br>
	<br>
	require('$abs/secure/functions.php'); <br>
	<br>";
}
else
{
	echo "require('$abs/secure/config.php');<br>
	<br>
	require('$abs/secure/functions.php'); <br>
	<br>";
}

echo "
//this is group name or username of the group or person that you wish to allow access to<br>
// - please be advise that the Administrators Groups has access to all pages.<br>
if (allow_access(Administrators) != \"yes\")<br>
{                       <br>
";
if (preg_match("/Windows NT/", $viewer))
{
	echo "
	include ('$abs\\no_access.html'); <br>
	";
}
else
{
	echo "include ('$abs/no_access.html'); <br>";
}
echo "
exit;<br>
}<br>
?>";

?>

Pimptastic | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]
User avatar
Assured99
Forum Commoner
Posts: 81
Joined: Wed Jul 12, 2006 11:48 am
Location: California

Post by Assured99 »

Come to think of if why are all those echo's there???
User avatar
Luke
The Ninja Space Mod
Posts: 6424
Joined: Fri Aug 05, 2005 1:53 pm
Location: Paradise, CA

Post by Luke »

Assured99 wrote:Come to think of if why are all those echo's there???
that's your problem.
User avatar
Assured99
Forum Commoner
Posts: 81
Joined: Wed Jul 12, 2006 11:48 am
Location: California

Post by Assured99 »

Ok i took them out now the page http://www.assuredmedical.com/welcome.php is not protected man this is killing me
User avatar
Luke
The Ninja Space Mod
Posts: 6424
Joined: Fri Aug 05, 2005 1:53 pm
Location: Paradise, CA

Post by Luke »

Code: Select all

echo "
//this is group name or username of the group or person that you wish to allow access to<br>
// - please be advise that the Administrators Groups has access to all pages.<br>
if (allow_access(Administrators) != \"yes\")<br>
{                       <br>
";
Why are you echoing php code?
User avatar
Assured99
Forum Commoner
Posts: 81
Joined: Wed Jul 12, 2006 11:48 am
Location: California

Post by Assured99 »

The Ninja Space Goat wrote: Why are you echoing php code?
This is a Script i got off the web. Im Modifing it for my site its been going smooth so far but i cant get this script to secure my page. Im drawing a blank as to why it wont work.

Even when i removed the Echo tags from all the code it still isnt securing the page
User avatar
RobertGonzalez
Site Administrator
Posts: 14293
Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA

Post by RobertGonzalez »

Post your new code. I need to something in it.
User avatar
Luke
The Ninja Space Mod
Posts: 6424
Joined: Fri Aug 05, 2005 1:53 pm
Location: Paradise, CA

Post by Luke »

secure the page?

Did it stop outputting php code when you stopped echoing php includes?
User avatar
Assured99
Forum Commoner
Posts: 81
Joined: Wed Jul 12, 2006 11:48 am
Location: California

Post by Assured99 »

The Ninja Space Goat wrote:secure the page?

Did it stop outputting php code when you stopped echoing php includes?
It did but you can reach http://www.assuredmedical.com/welcome.php
User avatar
Assured99
Forum Commoner
Posts: 81
Joined: Wed Jul 12, 2006 11:48 am
Location: California

Post by Assured99 »

Everah wrote:Post your new code. I need to something in it.
Here is the Code with the Package

Code: Select all

<?php

$abs = getcwd();
$viewer = $HTTP_USER_AGENT;

echo "<?php<br><br>
//prevents caching<br>
header("Expires: Sat, 01 Jan 2000 00:00:00 GMT");<br>
header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT");<br>
header("Cache-Control: post-check=0, pre-check=0",false);<br>
session_cache_limiter();<br>
session_start();<br>
<br>";

if (preg_match("/Windows NT/", $viewer))
{
	echo "require('$abs\config.php');<br>
	<br>
	require('$abs\functions.php'); <br>
	<br>";
}
else
{
	echo "require('$abs/config.php');<br>
	<br>
	require('$abs/functions.php'); <br>
	<br>";
}

echo "
//this is group name or username of the group or person that you wish to allow access to<br>
// - please be advise that the Administrators Groups has access to all pages.<br>
if (allow_access(Administrators) != "yes")<br>
{                       <br>
";
if (preg_match("/Windows NT/", $viewer))
{
	echo "
	include ('$abs\\no_access.html'); <br>
	";
}
else
{
	echo "include ('$abs/no_access.html'); <br>";
}
echo "
exit;<br>
}<br>
?>";

?>
Here is the Modified code with out echos:

Code: Select all

<?php

$abs = getcwd();
$viewer = $HTTP_USER_AGENT;

"<
 <br><br>
//prevents caching<br>
header("Expires: Sat, 01 Jan 2000 00:00:00 GMT");<br>
header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT");<br>
header("Cache-Control: post-check=0, pre-check=0",false);<br>
session_cache_limiter();<br>
session_start();<br>
<br>";

if (preg_match("/Windows NT/", $viewer))
{
	 "require('$abs/secure/config.php');<br>
	<br>
	require('$abs/secure/functions.php'); <br>
	<br>";
}
else
{
	 "require('$abs/secure/config.php');<br>
	<br>
	require('$abs/secure/functions.php'); <br>
	<br>";
}

 "
//this is group name or username of the group or person that you wish to allow access to<br>
// - please be advise that the Administrators Groups has access to all pages.<br>
if (allow_access(Administrators) != "yes")<br>
{                       <br>
";
if (preg_match("/Windows NT/", $viewer))
{
	 "
	include ('$abs\\no_access.html'); <br>
	";
}
else
{
	 "include ('$abs/no_access.html'); <br>";
}
 "
exit;<br>
}<br>
?>";

?>
And i am posting the code before anything else on the page.
User avatar
Luke
The Ninja Space Mod
Posts: 6424
Joined: Fri Aug 05, 2005 1:53 pm
Location: Paradise, CA

Post by Luke »

Turn error reporting on.... that script looks error ridden to me

Don't surround your includes (or requires) with quotes
User avatar
RobertGonzalez
Site Administrator
Posts: 14293
Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA

Post by RobertGonzalez »

Dude, whichever editor you are using is doing weird things with your code... Here is what I got...

Code: Select all

<?php
$abs = getcwd();
$viewer = $_SERVER['HTTP_USER_AGENT'];

//prevents caching
header("Expires: Sat, 01 Jan 2000 00:00:00 GMT");
header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
header("Cache-Control: post-check=0, pre-check=0",false);
session_cache_limiter();
session_start();

if (preg_match("/Windows NT/", $viewer))
{
        require $abs . '/secure/config.php';
        require $abs . '/secure/functions.php';
}
else
{
        require $abs . '/secure/config.php';
        require $abs . '/secure/functions.php';
}

//this is group name or username of the group or person that you wish to allow access to
// - please be advise that the Administrators Groups has access to all pages.
if (allow_access(Administrators) != 'yes')
{
	if (preg_match("/Windows NT/", $viewer))
	{
        include ($abs . '\\no_access.html');
	}
	else
	{
        include ($abs . '/no_access.html');
	}
	exit;
}
?>
Whew, that took a few passes to get all the bugs out...
Last edited by RobertGonzalez on Thu Jul 20, 2006 10:38 am, edited 1 time in total.
User avatar
Assured99
Forum Commoner
Posts: 81
Joined: Wed Jul 12, 2006 11:48 am
Location: California

Post by Assured99 »

Im using Dreamweaver 8, I just switched from MX , nut lemme try the modified code.
User avatar
Luke
The Ninja Space Mod
Posts: 6424
Joined: Fri Aug 05, 2005 1:53 pm
Location: Paradise, CA

Post by Luke »

notice how different the syntax highlighting is in everah's modified code compared to yours (on this page), If there is a big chunk of red code... obviously there is a problem.
User avatar
Assured99
Forum Commoner
Posts: 81
Joined: Wed Jul 12, 2006 11:48 am
Location: California

Post by Assured99 »

tried the modified code and here is the output

Code: Select all

Warning: main($abs/secure/config.php): failed to open stream: No such file or directory in /home/assuredm/public_html/welcome.php on line 14

Warning: main($abs/secure/config.php): failed to open stream: No such file or directory in /home/assuredm/public_html/welcome.php on line 14

Warning: main($abs/secure/config.php): failed to open stream: No such file or directory in /home/assuredm/public_html/welcome.php on line 14

Fatal error: main(): Failed opening required '$abs/secure/config.php' (include_path='.:/usr/lib/php:/usr/local/lib/php') in /home/assuredm/public_html/welcome.php on line 14
Post Reply