|
Doesn't that raise a security issue? What if someone uploads a PHP scripts instead of an image and runs it...?
Unless I check mime type and rename files or something, but for some reasons I think someone could get around that still...
The word of the day is legs, let's go back to my house and spread the word
|
|
|
|
|
u will need to be checking the uploaded file type
its fairly straightforward
"there is no spoon" biz stuff about me
|
|
|
|
|
EDIT:
Turns out this is the reason why you can't set file permissions.
There is a module for apache that sets the EUID of the process to the owner of the CGI script. mod_su_exec or something, sorry I can´t remember the exact name. You should be able to find it on google now that you know what you need to look for... Maybe it´s an Apache2 module only. There is also one specific for PHP: suPHP. But a friend of mine just de-installed it because it has some security issues... hth, M.
HTH someone avoid the frustration I went through
I'm aware of checking MIME types, i've even gone to the extent of checking magic bytes in a file like the BM in bitmaps. What i'm afraid of is someone uploading an disguised script as an image and renaming it back to PHP once on the server via SQL injection hack or something.
Besides isn't MIME information provided by the client? I remember reading once that IE initialized MIME information by actually checking file contents and file extensions, but browser's like Mozilla, Opera didn't. If this is the case it wouldn't be hard to write a script to POST form data along with PHP files with PHP extension, but send with a MIME type of image/gif...?
It seems illogical that you couldn't restrict a directory from actually executing any code and only serve as a repository folder, doesn't it...?
Cheers
The word of the day is legs, let's go back to my house and spread the word
|
|
|
|
|
Hi
how do I go from a page that is divided in frames, to a page with no frames?
|
|
|
|
|
open that page in a new window using window.open() or <a href="newwindow.htm" target="_blank">New window without frames<a>
Cheers
The word of the day is legs, let's go back to my house and spread the word
|
|
|
|
|
tx, but I want don't want to open a new page, just want to load a page without frames in a page that was divided in frames...
|
|
|
|
|
It's been a while since I tinkered with frames (you should use tables it looks more pro) but anyways...
In the HTML file which contains the FRAMES tags I believe you will name the FRAME which you wish to load another htm page into
<FRAMES name="mywindow">
Then I think what you would do is inside your HTML page with links you do something like
<a href='newwindow.htm' target='mywindow'>
I believe thats how it's done
HTH
Cheers
The word of the day is legs, let's go back to my house and spread the word
|
|
|
|
|
In your link set the target to "_top" like this:
<a href="noframepage.htm" target="_top">
|
|
|
|
|
I am trying to embed some javascript into a php document w/ no success. Basically I want a confirmation messagebox to pop up when I am attempting to delete a record from a database and I need the PHP code to executed depending on the response (OK or Cancel). Can someone give me a small template as to how to put the two pieces of code together? Thanks in advance.
|
|
|
|
|
try something like:
<?
if($a==$b)
echo "<body onload=\"alert(\'You chose cancel\');\">";
else
echo "<body>"; // Normal no message
?>
The word of the day is legs, let's go back to my house and spread the word
|
|
|
|
|
what u want is this:
<a href='del_record.php?id=" . $row['id'] . "' onclick='if (confirm(\"DELETE RECORD - Are you sure?\") == false) return false'>[Del]</a>
"there is no spoon" biz stuff about me
|
|
|
|
|
|
hai,
I would like to get handle to window that opened by submit action.
explaination:
I have three html pages,one call to another.
The first page is a form.
By submitting this form the second page is opened.
The second page is a simple html page and by clicking one link the third page is open.
My goal is to navigate in this three pages by scripts in another extern page.
note:
I allready know that it's impossible to scripting between two pages that are not in the same domain.
I successed to fill the form and send it by scripting from the 4th page.
So after sending the form i would like to get handle to the second page that send to by the server.
Thank's,
Avi Vachnis
|
|
|
|
|
I don't understand you fully, but from what I can tell...
The only way you can get the handle to a window is if you open the window directly using window.open() .
I'm not aware of a way to retreive window objects that have been opened via a click on a hyperlink or anything...
Unless you can somehow enumerate instances of IE using JScript and I don't think you can...so I think yer up shite creek without a paddle.
Cheers
The word of the day is legs, let's go back to my house and spread the word
|
|
|
|
|
|
Hi,
i am the student of the Master of computer application from india,i am in the last semester and we have the four months project.I am devlop a mailserver i need the some idea to devlop smtp & pop3 protocol.
|
|
|
|
|
If you have to implement a smtp and pop3 mail server/client and have no idea where to start...I suggest....
1) Hiring me to do it for you...becuz you have alot of work ahead of you...
2) You can find some FTP client/server code in C++ section it'll give you a heads up and how and where to even start.
If as a project you have to develope a new protocol similar to smtp/pop3...I would suggest following through with one of the above...
Cheers
The word of the day is legs, let's go back to my house and spread the word
|
|
|
|
|
what server side language do u want to use?
all http servers can send mail easily enuff
php has some good pop3 functions too
dunno bout asp cos i dont use it
i wouldnt write ur own server as such unless u can avoid it
for details on the specs look up the relevant rfc docs
"there is no spoon" biz stuff about me
|
|
|
|
|
Hi all,
I have a programe below to access remote database on server by Access db.
But i doesn't work and have a error:
set conn = Server.CreateObject("ADODB.Connection")
set rs = Server.CreateObject("ADODB.Recordset")
strconn="Provider=MS Remote;" &_
"Remote Server=http://intranetbk;" &_
"Remote Provider=Microsoft.Jet.OLEDB.4.0;" &_
"Data Source=C:\Websites\Intranet_unique\Database\intranet.mdb;"
conn.open strconn
sql="select * from employees"
rs.Open sql,conn,
when i run there an error as follow:
Error Type:
Microsoft ADO/RDS (0x800A20FF)
Internet Server Error.
/testdb.asp, line 14
Do you know this error? or do you have any programe in asp by accessing Access Database from remote machine?
Thanks your help in advance.
|
|
|
|
|
make sure u have an obdc connection on the server machine that accesses the database
"there is no spoon" biz stuff about me
|
|
|
|
|
:-DA user has to log on to my website. If he requests a page and is not logged on, then he is directed to the logon page. Once logged he should be redirected to page that he/she originally requested. As far is what I can understand is the I have to use Request.ServerVariables("HTTP_REFERER"). The value is not passed through, it comes through blank. I have debugged it many times, still no luck. Is this something that must be set on IIS? Can some please help? And then secondly, is there any way that I can increase the security of my login code? Any help will be appreciated!!!
Here is my calling page:
<%@ LANGUAGE=VBScript ENABLESESSIONSTATE=True %>
<%
If IsEmpty(Session("username")) Then
Response.Redirect "login.asp"
End If
%>
Here is my ASP code on my login page:
<%@ LANGUAGE=VBScript ENABLESESSIONSTATE=True %>
<%
'-----------------------------------------------------------------------------
' Declare variables
'-----------------------------------------------------------------------------
Dim objConn, objRs
Dim strSQL
Dim boolIsPost
Dim strUserName, strPassword
Dim strErrorTitle, strError, boolHasError
'-----------------------------------------------------------------------------
' Setup the response object
'-----------------------------------------------------------------------------
Call SetupResponse()
'-----------------------------------------------------------------------------
' Open database connection
'-----------------------------------------------------------------------------
Set objConn = GetDBConnection()
'-----------------------------------------------------------------------------
' Determine whether form was posted
'-----------------------------------------------------------------------------
boolIsPost = CBool(Request.Form("IsPost"))
If boolIsPost Then
' Get username and password
strUserName = Request.Form("username")
strPassword = Request.Form("password")
If Len(strUserName) < 8 Or Len(strUserName) > 30 Then
boolHasError = True
ElseIf Len(strPassword) < 8 Or Len(strPassword) > 30 Then
boolHasError = True
Else ' If all is ok
Set objRs = Server.CreateObject("ADODB.Recordset")
strSQL = "SELECT User_Username FROM tblUser WHERE User_Username = '" & strUserName & "' " & _
"AND User_Password = '" & strPassword & "'"
objRs.Open strSQL ,objConn, adOpenKeyset, adLockOptimistic
' If no match was found
If objRs.EOF Then
boolHasError = True
Else
' Set the Session variables
Session("username") = strUserName
' Redirect to original page
Response.Redirect Request.ServerVariables("HTTP_REFERER")
'Response.Redirect "default.asp"
End If
' Close and release resources
objRs.Close
Set objRs = Nothing
End If
End If
%>
...Rest of HTML Code goes here...
|
|
|
|
|
Hi Brendan,
You can't depend on HTTP_REFERER always being populated. It will only be passed if the user clicks a link that leads to this page, and their browser supports it. So you'll want to have an alternate page to redirect them to in case there is no value present for HTTP_REFERER.
Datagrid Girl
|
|
|
|
|
An easy solution is to include a script in every page that needs login, which leads the user to the login page passing along the name of the script originally requested, in a variable. If the login was succesful, you can redirect to this page.
|
|
|
|
|
Can you please supply some sample code?
|
|
|
|
|
pseudocode:
<?
chk_user_logged_in("this_page_name.asp")
blah blah
?>
at the start of every page that needs a logged in user
a common file u include everywhere:
function chk_user_logged_in($referer)
{
// do the logged in check (cookies etc)
if (!logged_in)
do_user_login($referer)
return;
}
the login function / page
<?
// process login form and get user credentials
redirect($referer)
?>
hope that explains it
its real easy when u see the light
<hr size='1' color='darkblue'><font color=black><small><i>"there is no spoon"</i><br><a href="http://www.8028finder.com" target="_new"><small><b>biz stuff</b></small></a> <a href="http://www.8028finder.com/lauren" target="_new"><small><b>about me</b></small></a>
|
|
|
|