Php Security?

windows

Guest
<? include "include.php?forum_id=3&post_count=7"; ?><br /><br />I run a phpbb forum and I have a script that takes threads (in this case 7) from a given forum (in this case 3) and posts them wherever this above it posted.<br /><br />The thing is this doesn't run on my main page. I was thinking this was a security issue?<br /><br />Any suggestions?<br /><br />Thanks, X<!--content-->
Sorry, dont know the answer, but moving for better exposure & organization.<!--content-->
it has to be a problem with <? include ... ?> part because if you go to:<br /><br /><br /><a href="http://www.angrymob.org/include.php?forum_id=3&post_count=10" target="_blank">http://www.angrymob.com/include.php?forum_id=3&post_count=10</a> you will get the 3rd forum and 10 threads.<!--content-->
as a matter of fact i can't even get simple scripts like<br /><br /><? echo "hello"; ?> <br /><br />to work<br /><br />Im stumped.<!--content-->
xag, you might want to read this thread:<br /><!--quoteo--><div class='quotetop'>QUOTE</div><div class='quotemain'><!--quotec--><a href="http://www.totalchoicehosting.com/forums/index.php?showtopic=10965&hl=include" target="_blank">http://www.totalchoicehosting.com/forums/i...0965&hl=include</a><!--QuoteEnd--></div><!--QuoteEEnd--><br /><br />is your .org a parked domain on a .com??<!--content-->
<!--QuoteBegin-bizzar+Dec 29 2004, 02:03 PM--><div class='quotetop'>QUOTE(bizzar @ Dec 29 2004, 02:03 PM)</div><div class='quotemain'><!--QuoteEBegin-->xag, you might want to read this thread:<br /><!--quoteo--><div class='quotetop'>QUOTE</div><div class='quotemain'><!--quotec--><a href="http://www.totalchoicehosting.com/forums/index.php?showtopic=10965&hl=include" target="_blank">http://www.totalchoicehosting.com/forums/i...0965&hl=include</a><!--QuoteEnd--></div><!--QuoteEEnd--><br /><br />is your .org a parked domain on a .com??<br /><div align="right"><a href="http://www.totalchoicehosting.com/forums/index.php?act=findpost&pid=105703"><img src='http://www.totalchoicehosting.com/forums/style_images/1/post_snapback.gif' alt='*' border='0' /></a></div><br /><!--QuoteEnd--></div><!--QuoteEEnd--><br /><br />hmm dont think so<!--content-->
Xaq, I don't think that having the variables in there will do anything, because they will not be passed into PHP like they would if you had them in an URL.<br /><br />You'll need to declare those variables before the include() and use them inside that script.<br />Try something like:<br /><!--c1--><div class='codetop'>CODE</div><div class='codemain'><!--ec1--><?php<br />   $forum_id = 3;<br />   $post_count = 7;<br />   include("include.php");<br />?><!--c2--></div><!--ec2--><br /><br />Note that if you're accessing those URL variables with $_GET (as you should <img src="http://www.totalchoicehosting.com/forums/style_emoticons/default/wink.gif" style="vertical-align:middle" emoid=";)" border="0" alt="wink.gif" />), you'll need to change that and use only the variable names. I'm not sure if you have to declare them as global before using them or not, but try it and you'll find out <img src="http://www.totalchoicehosting.com/forums/style_emoticons/default/smile.gif" style="vertical-align:middle" emoid=":)" border="0" alt="smile.gif" /><!--content-->
hmm nothing is still coming up... and i think the script im running allows you to change the variables through the url... not positive though.<br /><br />i cant even run simple echo scripts though. would you know why?<!--content-->
Try adding <b>error_reporting(E_ALL);</b> to the top of the script and see if it spits any errors.<!--content-->
You need to use <br /><!--c1--><div class='codetop'>CODE</div><div class='codemain'><!--ec1--><? include "http://www.angrymob.org/include.php?forum_id=3&post_count=7"; ?><!--c2--></div><!--ec2--><br />the way you have it causes the include to look for a file named "include.php?forum_id=3&post_count=7".<!--content-->
<!--QuoteBegin-TCH-Dick+Dec 29 2004, 03:15 PM--><div class='quotetop'>QUOTE(TCH-Dick @ Dec 29 2004, 03:15 PM)</div><div class='quotemain'><!--QuoteEBegin-->You need to use <br /><!--c1--><div class='codetop'>CODE</div><div class='codemain'><!--ec1--><? include "http://www.angrymob.org/include.php?forum_id=3&post_count=7"; ?><!--c2--></div><!--ec2--><br />the way you have it causes the include to look for a file named "include.php?forum_id=3&post_count=7".<br /><div align="right"><a href="http://www.totalchoicehosting.com/forums/index.php?act=findpost&pid=105716"><img src='http://www.totalchoicehosting.com/forums/style_images/1/post_snapback.gif' alt='*' border='0' /></a></div><!--QuoteEnd--></div><!--QuoteEEnd--><br /><br />hmm already tried that, after that didn't work I went to just using the include.php.<!--content-->
no php script will run on my site. i have no idea why.<br /><br /><? echo "Hello"; ?> <br /><br />^ won't even work<!--content-->
Lets try something very basic.<br />create a text file with notepad<br />containing<br /><br /><?php echo "hello"; ?> <br /><br /><br />save as hello.php and ftp it to your site,<br />goto your site path/hello.php<br />and see what happens.<!--content-->
hmm that actually worked, yet that exact script doesnt run in my index<!--content-->
What is the full name of your index page<br />index.php or index.html ?<!--content-->
<!--QuoteBegin-TCH-Don+Dec 29 2004, 07:47 PM--><div class='quotetop'>QUOTE(TCH-Don @ Dec 29 2004, 07:47 PM)</div><div class='quotemain'><!--QuoteEBegin-->What is the full name of your index page<br />index.php or index.html ?<br /><div align="right"><a href="http://www.totalchoicehosting.com/forums/index.php?act=findpost&pid=105748"><img src='http://www.totalchoicehosting.com/forums/style_images/1/post_snapback.gif' alt='*' border='0' /></a></div><!--QuoteEnd--></div><!--QuoteEEnd--><br /><br />ive tried both and i get the same result, not a thing.<!--content-->
If you are to use php, the extension must be .php<br />unless you added something to you .htacces file to parse .htm .html for php.<br /><br />Try index.php and use the long tags <br /><?php at the start of the script<br />I am not sure about the syntax of your include, but that will give it a chance.<!--content-->
<!--QuoteBegin-TCH-Don+Dec 29 2004, 07:52 PM--><div class='quotetop'>QUOTE(TCH-Don @ Dec 29 2004, 07:52 PM)</div><div class='quotemain'><!--QuoteEBegin-->If you are to use php, the extension must be .php<br />unless you added something to you .htacces file to parse .htm .html for php.<br /><br />Try index.php and use the long tags <br /><?php at the start of the script<br />I am not sure about the syntax of your include, but that will give it a chance.<br /><div align="right"><a href="http://www.totalchoicehosting.com/forums/index.php?act=findpost&pid=105750"><img src='http://www.totalchoicehosting.com/forums/style_images/1/post_snapback.gif' alt='*' border='0' /></a></div><!--QuoteEnd--></div><!--QuoteEEnd--><br /><br />heh that worked... long tags + index.php<br /><br />I had index.php and <? and it didn't<br /><br />odd... anyone know why that is?<br /><br /><br /><br /><br />I appreciate all the help you guys have given me<!--content-->
The long tags are recommended for the future,<br />so I am using them all the time now.<br />And you might run into trouble with the short tags if your are using xhtml strict as your doctype as they are considered xml tags.<!--content-->
I actually thought of that (short tags) as a possible source of the problem but after checking my account's phpinfo() output, I saw short_open_tag is turned on, so that shouldn't be a problem... I'm guessing your server has short_open_tag turned off. Either that, or you just discovered a bug in PHP <img src="http://www.totalchoicehosting.com/forums/style_emoticons/default/tongue.gif" style="vertical-align:middle" emoid=":P" border="0" alt="tongue.gif" /><!--content-->
 
Back
Top