Page 1 of 1

Should be a mini-tutorial or a "notice"?

Posted: Sat May 01, 2010 7:17 am
by DaveTheAve
Well PHPDN... not sure if you remember me - it's been a while - but I'm back in action! Wow things have changed... the whole board's design and if I recall correctly... perhaps the forum software as-well...

Enough will the past I was working on a small script for a client (BTW I need help with a ZF project i'm doing for myself as a portfolio piece: viewtopic.php?f=1&t=115985 ) when I found that the script works PERFECTLY on my Kubuntu installation but not the SAME EXACT script on his server.... long story short... His server was NOT sending header via fopen.

Here is how I bypassed the fopen issue with no sending headers:

Code: Select all

@ini_set('user_agent', "Mozilla 4.0\r\nCookie: ".$mycookies."\r\n"); 
I just sent them in the user-agent and exploited a small flaw! Now I can't take credit for this, I found it here: http://core.trac.wordpress.org/ticket/11888. But we should have this information on here for others to know about it sooner and they don't waste hours like i did finding this issue.

Re: Should be a mini-tutorial or a "notice"?

Posted: Sat May 01, 2010 9:23 am
by Jonah Bron
I remember your avatar, and your signature :)

So, to clarify to myself, are you tricking the target of fopen() into thinking that PHP is a browser?

Re: Should be a mini-tutorial or a "notice"?

Posted: Sat May 01, 2010 3:08 pm
by DaveTheAve
Yea I needed to stream a file to the user that is only accessible once the user is logged in. Hence the cookie issue... the PHP monster keep eating them. I should spank it. ;).... I would have much prefer using cURL but cURL can't stream.