Page 1 of 2
Need a second set of eyes to look at a code
Posted: Wed Jul 19, 2006 6:41 pm
by Assured99
Pimptastic | Please use Code: Select all
and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read: [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]
Hey Folks im back again im having an issue with getting a script to execute mabye a new set of eyes would help. when i add this to teh top of the page i want to secure it outputs the code and does not execute it
What am i Missing???
Code: Select all
<?php
$abs = getcwd();
$viewer = $HTTP_USER_AGENT;
echo "<?php<br><br>
//prevents caching<br>
header(\"Expires: Sat, 01 Jan 2000 00:00:00 GMT\");<br>
header(\"Last-Modified: \".gmdate(\"D, d M Y H:i:s\").\" GMT\");<br>
header(\"Cache-Control: post-check=0, pre-check=0\",false);<br>
session_cache_limiter();<br>
session_start();<br>
<br>";
if (preg_match("/Windows NT/", $viewer))
{
echo "require('$abs/secure/config.php');<br>
<br>
require('$abs/secure/functions.php'); <br>
<br>";
}
else
{
echo "require('$abs/secure/config.php');<br>
<br>
require('$abs/secure/functions.php'); <br>
<br>";
}
echo "
//this is group name or username of the group or person that you wish to allow access to<br>
// - please be advise that the Administrators Groups has access to all pages.<br>
if (allow_access(Administrators) != \"yes\")<br>
{ <br>
";
if (preg_match("/Windows NT/", $viewer))
{
echo "
include ('$abs\\no_access.html'); <br>
";
}
else
{
echo "include ('$abs/no_access.html'); <br>";
}
echo "
exit;<br>
}<br>
?>";
?>
Pimptastic | Please use Code: Select all
and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read: [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]
Posted: Wed Jul 19, 2006 6:44 pm
by Assured99
Come to think of if why are all those echo's there???
Posted: Wed Jul 19, 2006 6:49 pm
by Luke
Assured99 wrote:Come to think of if why are all those echo's there???
that's your problem.
Posted: Wed Jul 19, 2006 6:55 pm
by Assured99
Ok i took them out now the page
http://www.assuredmedical.com/welcome.php is not protected man this is killing me
Posted: Wed Jul 19, 2006 7:34 pm
by Luke
Code: Select all
echo "
//this is group name or username of the group or person that you wish to allow access to<br>
// - please be advise that the Administrators Groups has access to all pages.<br>
if (allow_access(Administrators) != \"yes\")<br>
{ <br>
";
Why are you echoing php code?
Posted: Thu Jul 20, 2006 10:22 am
by Assured99
The Ninja Space Goat wrote:
Why are you echoing php code?
This is a Script i got off the web. Im Modifing it for my site its been going smooth so far but i cant get this script to secure my page. Im drawing a blank as to why it wont work.
Even when i removed the Echo tags from all the code it still isnt securing the page
Posted: Thu Jul 20, 2006 10:23 am
by RobertGonzalez
Post your new code. I need to something in it.
Posted: Thu Jul 20, 2006 10:24 am
by Luke
secure the page?
Did it stop outputting php code when you stopped echoing php includes?
Posted: Thu Jul 20, 2006 10:28 am
by Assured99
The Ninja Space Goat wrote:secure the page?
Did it stop outputting php code when you stopped echoing php includes?
It did but you can reach
http://www.assuredmedical.com/welcome.php
Posted: Thu Jul 20, 2006 10:29 am
by Assured99
Everah wrote:Post your new code. I need to something in it.
Here is the Code with the Package
Code: Select all
<?php
$abs = getcwd();
$viewer = $HTTP_USER_AGENT;
echo "<?php<br><br>
//prevents caching<br>
header("Expires: Sat, 01 Jan 2000 00:00:00 GMT");<br>
header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT");<br>
header("Cache-Control: post-check=0, pre-check=0",false);<br>
session_cache_limiter();<br>
session_start();<br>
<br>";
if (preg_match("/Windows NT/", $viewer))
{
echo "require('$abs\config.php');<br>
<br>
require('$abs\functions.php'); <br>
<br>";
}
else
{
echo "require('$abs/config.php');<br>
<br>
require('$abs/functions.php'); <br>
<br>";
}
echo "
//this is group name or username of the group or person that you wish to allow access to<br>
// - please be advise that the Administrators Groups has access to all pages.<br>
if (allow_access(Administrators) != "yes")<br>
{ <br>
";
if (preg_match("/Windows NT/", $viewer))
{
echo "
include ('$abs\\no_access.html'); <br>
";
}
else
{
echo "include ('$abs/no_access.html'); <br>";
}
echo "
exit;<br>
}<br>
?>";
?>
Here is the Modified code with out echos:
Code: Select all
<?php
$abs = getcwd();
$viewer = $HTTP_USER_AGENT;
"<
<br><br>
//prevents caching<br>
header("Expires: Sat, 01 Jan 2000 00:00:00 GMT");<br>
header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT");<br>
header("Cache-Control: post-check=0, pre-check=0",false);<br>
session_cache_limiter();<br>
session_start();<br>
<br>";
if (preg_match("/Windows NT/", $viewer))
{
"require('$abs/secure/config.php');<br>
<br>
require('$abs/secure/functions.php'); <br>
<br>";
}
else
{
"require('$abs/secure/config.php');<br>
<br>
require('$abs/secure/functions.php'); <br>
<br>";
}
"
//this is group name or username of the group or person that you wish to allow access to<br>
// - please be advise that the Administrators Groups has access to all pages.<br>
if (allow_access(Administrators) != "yes")<br>
{ <br>
";
if (preg_match("/Windows NT/", $viewer))
{
"
include ('$abs\\no_access.html'); <br>
";
}
else
{
"include ('$abs/no_access.html'); <br>";
}
"
exit;<br>
}<br>
?>";
?>
And i am posting the code before anything else on the page.
Posted: Thu Jul 20, 2006 10:34 am
by Luke
Turn error reporting on.... that script looks error ridden to me
Don't surround your includes (or requires) with quotes
Posted: Thu Jul 20, 2006 10:36 am
by RobertGonzalez
Dude, whichever editor you are using is doing weird things with your code... Here is what I got...
Code: Select all
<?php
$abs = getcwd();
$viewer = $_SERVER['HTTP_USER_AGENT'];
//prevents caching
header("Expires: Sat, 01 Jan 2000 00:00:00 GMT");
header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
header("Cache-Control: post-check=0, pre-check=0",false);
session_cache_limiter();
session_start();
if (preg_match("/Windows NT/", $viewer))
{
require $abs . '/secure/config.php';
require $abs . '/secure/functions.php';
}
else
{
require $abs . '/secure/config.php';
require $abs . '/secure/functions.php';
}
//this is group name or username of the group or person that you wish to allow access to
// - please be advise that the Administrators Groups has access to all pages.
if (allow_access(Administrators) != 'yes')
{
if (preg_match("/Windows NT/", $viewer))
{
include ($abs . '\\no_access.html');
}
else
{
include ($abs . '/no_access.html');
}
exit;
}
?>
Whew, that took a few passes to get all the bugs out...
Posted: Thu Jul 20, 2006 10:38 am
by Assured99
Im using Dreamweaver 8, I just switched from MX , nut lemme try the modified code.
Posted: Thu Jul 20, 2006 10:41 am
by Luke
notice how different the syntax highlighting is in everah's modified code compared to yours (on this page), If there is a big chunk of red code... obviously there is a problem.
Posted: Thu Jul 20, 2006 10:49 am
by Assured99
tried the modified code and here is the output
Code: Select all
Warning: main($abs/secure/config.php): failed to open stream: No such file or directory in /home/assuredm/public_html/welcome.php on line 14
Warning: main($abs/secure/config.php): failed to open stream: No such file or directory in /home/assuredm/public_html/welcome.php on line 14
Warning: main($abs/secure/config.php): failed to open stream: No such file or directory in /home/assuredm/public_html/welcome.php on line 14
Fatal error: main(): Failed opening required '$abs/secure/config.php' (include_path='.:/usr/lib/php:/usr/local/lib/php') in /home/assuredm/public_html/welcome.php on line 14