Question!!

Hi all,

Okay my question is revolving around PHP so if you have no knowledge whatsoever, your best to close this thread right now...

Okay, at the moment, i am doing an IPT assessment revolving around PHP and mySQL, I am wanting to create a page that has different outputs, via php...

Example:
This forum has, displaythread.php?=.....|

(Note: Of course the forum is a little technical, but you should get the idea.)

What i want to do is make it have different outputs depending on what is after the equals sign...
I have tried googling the information but need a little more help. I am slowly understanding PHP, the only thing i basically need to know is its features, functions, etc...

Thanks guys if you can help me...
Hope to hear from you guys soon...


-EDIT-
I just found something that might be useful to me, and i believe its straight forward:

Code:

<?php
$content = $HTTP_GET_VARS['content'];
if (!$content ¦¦ $content == "" )
{ echo blog(); }
else if (function_exists( "$content" ))
{ echo $content();}
else
{ echo error(); }
?> 

 

Um. You can do that the same way you get form fields I think... Havn't done any PHP in a long time...

 

That is a get method. That's all it is. So if you have such link like:

display.php?text=Hello

and then a php page like:

Code:

<?php

$string = $_GET['text'];

echo $string;

?>

You would see whatever is in the url after the = sign, which, in this case, you would see on the page:

Code:

Hello

And if you went to display.php?text=foobar, you would see:

Code:

foobar

Hope you understood that .


To further expand on this, you can also visit links like so:

display.php?text=foo&text2=bar

And then have a php page like this:

Code:

<?php

$string = $_GET['text'];
$string2 = $_GET['text2'];

echo $string . "" . $string2;

?>

And the page would display:

Code:

foobar

 

Yeah thanx deacon frost, i understood that far... but I still have issues, but this time its with the $_POST method, it's pissing me off because i fill in a form and then click submit, only to be faced with a blank screen...

I'll post the code up here, I believe I am doing everything right, I have looked at other tutorials and provide me no answer as to what is wrong with it...

Login.php:
(Is just a html file so I'll just show the form)

Code:

<form action="login2.php" method="post">
Username: <br><input name="username" type="text"><br>
Password: <br><input name="password" type="password"><br>
<input name="submit" type="submit" value="Login"> <input name="reset" type="reset" value="Reset"> 
</form>

Login2.php
(Merged with HTML and PHP, I'll post just the php section.)

Code:

<?php
if ($_POST[username]=="admin" && $_POST[password]=="password" ) {
	echo "Login successful, please wait while the web page redirects you";
	session_start();
	$_SESSION['value'] = 1;
	\\ redirection part here, when it works of course	
								} else {
								echo "Error: No such credentials exists, please try again.";
?>
    --DISPLAY LOGIN FORM AGAIN

<?
	}
?>

All help is appreciated and thanks in advance.

 

Code:

<?php
	session_start();

if ($_POST['username'] == "admin" && $_POST['password'] == "password" ) {
	echo "Login successful, please wait while the web page redirects you";

	$_SESSION['value'] = 1;
	\\ redirection part here, when it works of course	
 } 

else {							
session_destroy();
echo "Error: No such credentials exists, please try again.";

?>
    --DISPLAY LOGIN FORM AGAIN

<?
	}
?>

I think that'll work . You forgot your '' inside of the $_POST[] thing. I also moved your sessions around a bit. You always have to start a session before anything else...

I'm not too sure on all of it, because I suck at sessions still, but yeh, it should work.

 

Hmm, i had suspected that myself, but still get nothing on the other page...

It's just blank, and it's pissing me off D:
Thanks for the help though, the $_GET[] method is working fine, it must be the server the school's website is using.

I'll have to test it on another site, I'll look around for a free hosting one and get back to you.

-EDIT-
LMFAO, as i expected, works perfectly fine, the schools server is to blame, ahh, how can they expect me to do something if they got a shit server.
Thanks deacon, it works fine now... (well it always has)

Will take it up with the school though

 

Umm... Pretty sure you can exploit those via RFI.

 

Most major websites use them . Everything is exploitable >.>...GET/POST... it doesn't matter..

 

I know, but most major websites also have a little added security just in case. I don't know much PHP, however, I'm very sure there's a way(s) to make sure that the link after '?test=' is ending with whatever you specify.

 

Well, logically, you would first assign the request to a local variable before you use it, then you'd put it through a series of injection prevention, correction checks, etc...

The point of request variables is to retrieve dynamic data, the only thing you can do is make sure the data is not invalid for use in your script by running it through a series of checks and such.

 

Heh, no need to debate over something like this guys, this site is only for a school project to which i really couldn't care less if it is exploitable or not...

I have found the reason as to why the PHP coding wasn't working for me;

Quote from:
http://www.php-mysql-tutorial.com/wikis/php-tutorial/opening-amp-closing-php-tags.aspx

The school's server didn't have the short tags enabled, so therefore killed all mine, due to me being lazy and always using short tags.

Thanks for the help though guys, really appreciated it.

 

That's retarded. Tell your school to get with the damn program. Like that post said, I have never seen a host that doesn't support short tags.


Wow. Lol.

 

Lol, i recon... Fails badly.

Rofl, but now I am having another problem, I am still receiving a blank page, but my PHP tags have been fixed, I'd presume its something else, so see if anyone here can identify it for me, cause i am clueless... :S

Login.php Is a mixture of HTML and PHP

Code:

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD><TITLE>.</TITLE>
<META http-equiv=Content-Type content="text/html; charset=utf-8">
<META http-equiv=EXPIRES content=0>
<META content="Microsoft FrontPage 6.0" name=GENERATOR><LINK title=RSS 
href="backend.php" type=application/rss+xml rel=alternate><LINK 
href="EoC_files/style.css" type=text/css rel=StyleSheet>
</HEAD>
<BODY text=#FFFFFF link="#DD0000" vlink="#DEE3E7" alink="#445588">
<TABLE cellSpacing=0 cellPadding=0 width="95%" align=center border=0>
  <TBODY>
  <TR>
    <TD class=lefttd noWrap width=10></TD>
    <TD width="100%">
      <TABLE cellSpacing=0 cellPadding=0 width="100%" border=0 height="13">
        <TBODY>
        <TR>
          <TD class=navpic noWrap width=170 height="13">
            <DIV align=left></DIV></TD>
          <TD class=navpic noWrap align=middle width="100%" height="13"></TD>
          <TD class=navpic noWrap width=170 height="13">
            <DIV align=right>
            </DIV></TD></TR></TBODY></TABLE>
      <TABLE cellSpacing=0 cellPadding=0 width="100%" align=center border=0>
        <TBODY>
        <TR vAlign=top>
          <TD><IMG height=1 alt="" src="EoC_files/7px.gif" width=1 
            border=0></TD></TR></TBODY></TABLE>
      <TABLE cellSpacing=0 cellPadding=0 width="100%" align=center border=0>
        <TBODY>
        <TR vAlign=top>
          <TD vAlign=top width=1 background=EoC_files/7px.gif>
            <BR></TD>
          <TD vAlign=top width="100%">
            <TABLE cellSpacing=0 cellPadding=5 width="100%" border=0>
              <TBODY>
              <TR>
                <TD>
                  <TABLE cellSpacing=0 cellPadding=1 width="100%" border=0>
                    <TBODY>
                    <TR>
                      <TD bgColor=#a9b8c2>
                        <TABLE cellSpacing=0 cellPadding=1 width="100%" border=0>
                          <TBODY>
                          <TR>
                            <TD bgColor=#ffffff>
                              <TABLE cellSpacing=0 cellPadding=0 width="100%" 
                              border=0>
                                <TBODY>
                                <TR>
                                <TD bgColor=#ffffff>
                                <TABLE cellSpacing=0 cellPadding=2 width="100%" 
                                border=0>
                                <TBODY>
                                <TR>
                                <TD height="250">
                                <p align="center">
								<BR></TD></TR></TBODY></TABLE></TD></TR></TBODY></TABLE></TD></TR></TBODY></TABLE></TD></TR></TBODY></TABLE>
                  <TABLE class=tbl cellSpacing=0 cellPadding=0 border=0>
                    <TBODY>
                    <TR>
                      <TD class=tbll><IMG height=4 alt="" 
                        src="EoC_files/spacer.gif" width=8></TD>
                      <TD class=tblbot><IMG height=4 alt="" 
                        src="EoC_files/spacer.gif" width=8></TD>
                      <TD class=tblr><IMG height=4 alt="" 
                        src="EoC_files/spacer.gif" 
                  width=8></TD></TR></TBODY></TABLE></TD></TR></TBODY></TABLE><BR>
            <TABLE cellSpacing=0 cellPadding=5 width="100%" border=0>
              <TBODY>
              <TR>
                <TD height="100%">
                  <TABLE class=forumline cellSpacing=1 cellPadding=0 
                  width="100%" border=0; border-width: 1px">
                    <TBODY>
                    <tr>
                      <TH width="100%" height=20>
                        <DIV align=center>Please type in your username and password:</DIV></TH>
                    </tr>
                    <TR>
                      <TD class=row1 height="100%">
					  <?PHP
						if ($_GET['msg'] != '') {
							echo "<DIV align=center> $_GET['msg'] </DIV>";
						}
						
						// Includes database information, stored to variables $user, $password & $database
						include("dbinfo.inc.php");
						
						// Check if the form has sent it's self some information for it to work on, else log in...
						if (isset($_POST['username'])) {
							// Start session, to keep data for the computer to identify if your logged in.
							session_start();
							
							// Connect to database and select the columns ID, Password, Userlevel, First and Last Name.
							mysql_connect("localhost",$user,$password) or die( "Unable to connect to server");
							mysql_select_db($database) or die("Unable to select database");
							$form_user = mysql_real_escape_string($_POST['username']);
							$form_pass = mysql_real_escape_string($_POST['password']);
							$query = "SELECT 'id', 'password', 'userlevel', 'first', 'last' FROM employee WHERE id = '$form_user' AND password = '$form_pass'";
							$result = mysql_query($query) or die("Unable to collect information from database.");
							
							
							if ($row = mysql_fetch_array($result)) {
									// A result has returned true, there for sets the session variables to true, etc. 
									$_SESSION['view'] = 1;
									$_SESSION['id'] = $row['1'];
									$_SESSION['userlevel'] = $row['10'];
									$_SESSION['fullname'] = "$row['2'] $row['3']";
									
									// Also redirects user to next page.
									header("Location: employee.php");
							
								} else {
							
								// --Else the while loop has not recorded any results from table.
								echo "Error: No such credentials exists, please try again.\n";
								echo "<DIV align=center><form name='Login' method='post' action='login.php'>\n";
								echo "Username: <br><input name='username' type='text'><br>\n";
								echo "Password: <br><input name='password' type='password'><br>\n";
								echo "<input name='submit' type='submit' value='Submit Form'> <input name='reset' type='reset' value='Reset'></form>\n"; 
								
								// Destroy the session and delete all information recorded.
								session_destroy();
								}
					?>
					
					
				  </font></DIV></p></TD></TR></TBODY></TABLE></TD></TR></TBODY></TABLE><p><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR></TD>
          <TD vAlign=top width=170 rowspan="2"></TD></TR>
        <TR vAlign=top>
          <TD vAlign=top background=EoC_files/7px.gif colspan="2" height="7">
            <p align="center"><FONT color=black>Website design created by David de Nava</FONT></TD>
          </TR></TBODY></TABLE>
      </TD>
    <TD class=righttd noWrap width=10>&nbsp;</TD></TR></TBODY></TABLE>
      <TABLE cellSpacing=0 cellPadding=0 width="100%" border=0 id="table1">
        <TBODY>
        <TR>
          <TD vAlign=center width="60%" background="EoC_files/bg.jpg">
			<IMG 
            src="EoC_files/banner.gif" border=0 width="32" height="32"></A></TD>
          <TD width="40%" 
        background="EoC_files/bg.jpg"></TD></TR></TBODY></TABLE>
      	
</BODY></HTML>
					<?PHP
								} else {
					?>
					  <FONT color=black><DIV align=center><form action="login.php" method="post">
						Username: <br><input name="username" type="text"><br>
						Password: <br><input name="password" type="password"><br>
						<input name="submit" type="submit" value="Login"> <input name="reset" type="reset" value="Reset"> 
						</form>
						</font></DIV></TD></TR></TBODY></TABLE>
                  </TD></TR></TBODY></TABLE>
			<p>
            <BR><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR></TD>
          <TD vAlign=top width=170 rowspan="2"></TD></TR>
        <TR vAlign=top>
          <TD vAlign=top background=EoC_files/7px.gif colspan="2" height="7">
            <p align="center"><FONT color=black>Website design created by David de Nava</FONT></TD>
          </TR></TBODY></TABLE>
      </TD>
    <TD class=righttd noWrap width=10>&nbsp;</TD></TR></TBODY></TABLE>
      <TABLE cellSpacing=0 cellPadding=0 width="100%" border=0 id="table1">
        <TBODY>
        <TR>
          <TD vAlign=center width="60%" background="EoC_files/bg.jpg">
			<IMG 
            src="EoC_files/banner.gif" border=0 width="32" height="32"></A></TD>
          <TD width="40%" 
        background="EoC_files/bg.jpg"></TD></TR></TBODY></TABLE>
      
</BODY></HTML>

				<?PHP
							}
				?>

My teacher was telling me that I cannot have a header tag before all html output?
Is that correct? Thanks again guys,

 

Uhm, all header/session_start()/etc HAS to go before any other data. It has to load first.