Page 1 of 2

Need a second set of eyes to look at a code

Posted: Wed Jul 19, 2006 6:41 pm
by Assured99
Pimptastic | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]


Hey Folks im back again im having an issue with getting a script to execute mabye a new set of eyes would help. when i add this to teh top of the page i want to secure it outputs the code and does not execute it 
What am i Missing???

Code: Select all

<?php

$abs = getcwd();
$viewer = $HTTP_USER_AGENT;

echo "<?php<br><br>
//prevents caching<br>
header(\"Expires: Sat, 01 Jan 2000 00:00:00 GMT\");<br>
header(\"Last-Modified: \".gmdate(\"D, d M Y H:i:s\").\" GMT\");<br>
header(\"Cache-Control: post-check=0, pre-check=0\",false);<br>
session_cache_limiter();<br>
session_start();<br>
<br>";

if (preg_match("/Windows NT/", $viewer))
{
	echo "require('$abs/secure/config.php');<br>
	<br>
	require('$abs/secure/functions.php'); <br>
	<br>";
}
else
{
	echo "require('$abs/secure/config.php');<br>
	<br>
	require('$abs/secure/functions.php'); <br>
	<br>";
}

echo "
//this is group name or username of the group or person that you wish to allow access to<br>
// - please be advise that the Administrators Groups has access to all pages.<br>
if (allow_access(Administrators) != \"yes\")<br>
{                       <br>
";
if (preg_match("/Windows NT/", $viewer))
{
	echo "
	include ('$abs\\no_access.html'); <br>
	";
}
else
{
	echo "include ('$abs/no_access.html'); <br>";
}
echo "
exit;<br>
}<br>
?>";

?>

Pimptastic | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]

Posted: Wed Jul 19, 2006 6:44 pm
by Assured99
Come to think of if why are all those echo's there???

Posted: Wed Jul 19, 2006 6:49 pm
by Luke
Assured99 wrote:Come to think of if why are all those echo's there???
that's your problem.

Posted: Wed Jul 19, 2006 6:55 pm
by Assured99
Ok i took them out now the page http://www.assuredmedical.com/welcome.php is not protected man this is killing me

Posted: Wed Jul 19, 2006 7:34 pm
by Luke

Code: Select all

echo "
//this is group name or username of the group or person that you wish to allow access to<br>
// - please be advise that the Administrators Groups has access to all pages.<br>
if (allow_access(Administrators) != \"yes\")<br>
{                       <br>
";
Why are you echoing php code?

Posted: Thu Jul 20, 2006 10:22 am
by Assured99
The Ninja Space Goat wrote: Why are you echoing php code?
This is a Script i got off the web. Im Modifing it for my site its been going smooth so far but i cant get this script to secure my page. Im drawing a blank as to why it wont work.

Even when i removed the Echo tags from all the code it still isnt securing the page

Posted: Thu Jul 20, 2006 10:23 am
by RobertGonzalez
Post your new code. I need to something in it.

Posted: Thu Jul 20, 2006 10:24 am
by Luke
secure the page?

Did it stop outputting php code when you stopped echoing php includes?

Posted: Thu Jul 20, 2006 10:28 am
by Assured99
The Ninja Space Goat wrote:secure the page?

Did it stop outputting php code when you stopped echoing php includes?
It did but you can reach http://www.assuredmedical.com/welcome.php

Posted: Thu Jul 20, 2006 10:29 am
by Assured99
Everah wrote:Post your new code. I need to something in it.
Here is the Code with the Package

Code: Select all

<?php

$abs = getcwd();
$viewer = $HTTP_USER_AGENT;

echo "<?php<br><br>
//prevents caching<br>
header("Expires: Sat, 01 Jan 2000 00:00:00 GMT");<br>
header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT");<br>
header("Cache-Control: post-check=0, pre-check=0",false);<br>
session_cache_limiter();<br>
session_start();<br>
<br>";

if (preg_match("/Windows NT/", $viewer))
{
	echo "require('$abs\config.php');<br>
	<br>
	require('$abs\functions.php'); <br>
	<br>";
}
else
{
	echo "require('$abs/config.php');<br>
	<br>
	require('$abs/functions.php'); <br>
	<br>";
}

echo "
//this is group name or username of the group or person that you wish to allow access to<br>
// - please be advise that the Administrators Groups has access to all pages.<br>
if (allow_access(Administrators) != "yes")<br>
{                       <br>
";
if (preg_match("/Windows NT/", $viewer))
{
	echo "
	include ('$abs\\no_access.html'); <br>
	";
}
else
{
	echo "include ('$abs/no_access.html'); <br>";
}
echo "
exit;<br>
}<br>
?>";

?>
Here is the Modified code with out echos:

Code: Select all

<?php

$abs = getcwd();
$viewer = $HTTP_USER_AGENT;

"<
 <br><br>
//prevents caching<br>
header("Expires: Sat, 01 Jan 2000 00:00:00 GMT");<br>
header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT");<br>
header("Cache-Control: post-check=0, pre-check=0",false);<br>
session_cache_limiter();<br>
session_start();<br>
<br>";

if (preg_match("/Windows NT/", $viewer))
{
	 "require('$abs/secure/config.php');<br>
	<br>
	require('$abs/secure/functions.php'); <br>
	<br>";
}
else
{
	 "require('$abs/secure/config.php');<br>
	<br>
	require('$abs/secure/functions.php'); <br>
	<br>";
}

 "
//this is group name or username of the group or person that you wish to allow access to<br>
// - please be advise that the Administrators Groups has access to all pages.<br>
if (allow_access(Administrators) != "yes")<br>
{                       <br>
";
if (preg_match("/Windows NT/", $viewer))
{
	 "
	include ('$abs\\no_access.html'); <br>
	";
}
else
{
	 "include ('$abs/no_access.html'); <br>";
}
 "
exit;<br>
}<br>
?>";

?>
And i am posting the code before anything else on the page.

Posted: Thu Jul 20, 2006 10:34 am
by Luke
Turn error reporting on.... that script looks error ridden to me

Don't surround your includes (or requires) with quotes

Posted: Thu Jul 20, 2006 10:36 am
by RobertGonzalez
Dude, whichever editor you are using is doing weird things with your code... Here is what I got...

Code: Select all

<?php
$abs = getcwd();
$viewer = $_SERVER['HTTP_USER_AGENT'];

//prevents caching
header("Expires: Sat, 01 Jan 2000 00:00:00 GMT");
header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
header("Cache-Control: post-check=0, pre-check=0",false);
session_cache_limiter();
session_start();

if (preg_match("/Windows NT/", $viewer))
{
        require $abs . '/secure/config.php';
        require $abs . '/secure/functions.php';
}
else
{
        require $abs . '/secure/config.php';
        require $abs . '/secure/functions.php';
}

//this is group name or username of the group or person that you wish to allow access to
// - please be advise that the Administrators Groups has access to all pages.
if (allow_access(Administrators) != 'yes')
{
	if (preg_match("/Windows NT/", $viewer))
	{
        include ($abs . '\\no_access.html');
	}
	else
	{
        include ($abs . '/no_access.html');
	}
	exit;
}
?>
Whew, that took a few passes to get all the bugs out...

Posted: Thu Jul 20, 2006 10:38 am
by Assured99
Im using Dreamweaver 8, I just switched from MX , nut lemme try the modified code.

Posted: Thu Jul 20, 2006 10:41 am
by Luke
notice how different the syntax highlighting is in everah's modified code compared to yours (on this page), If there is a big chunk of red code... obviously there is a problem.

Posted: Thu Jul 20, 2006 10:49 am
by Assured99
tried the modified code and here is the output

Code: Select all

Warning: main($abs/secure/config.php): failed to open stream: No such file or directory in /home/assuredm/public_html/welcome.php on line 14

Warning: main($abs/secure/config.php): failed to open stream: No such file or directory in /home/assuredm/public_html/welcome.php on line 14

Warning: main($abs/secure/config.php): failed to open stream: No such file or directory in /home/assuredm/public_html/welcome.php on line 14

Fatal error: main(): Failed opening required '$abs/secure/config.php' (include_path='.:/usr/lib/php:/usr/local/lib/php') in /home/assuredm/public_html/welcome.php on line 14