On Sat, 2002-05-11 at 14:53, Phil Powell wrote:
> TCL 1, PHP 0
>
> Ok, I am frustrated.. here is my code and this portion has to be done in
> PHP. I have a frame that can only be accessed if 1 of 2 things occur:
>
> 1) if $HTTP_REFERER has a specific value
> 2) if your nickname passed in the query string is found in the existing
> nicknames.txt file found in /chat/nicknames.txt
>
> Here is the code:
Notes:
o What version of PHP?
o Is register_globals on or off? i.e. are you sure $DOCUMENT_ROOT
has a value and that you're not trying to open '/chat/nicknames.txt'?
o Quote the 'r' in the fopen() call.
o Try this all with error_reporting(E_ALL) and fix (not with '@')
everything it complains about.
o Your second regex checks that $contents contains at least one alpha-
numeric or an underscore or a hyphen. Looks like it should be
checking that the string contains *only* those characters.
o fread() takes 2 parameters, not one.
o 'damage galore' doesn't tell us anything. What *exactly* is the
current result of running the below?
> <?
> // Security measure to prevent bookmarking of page unless nickname exists
> in nicknames.txt
> $contents = "";
> if (!preg_match("/\bchat_process_nickname\b/i", $HTTP_REFERER)) {
> $canAccessChatroom = 1;
> if (strlen($nickname) < 2) $canAccessChatroom = 0;
> if (!file_exists($DOCUMENT_ROOT . "/chat/nicknames.txt"))
> $canAccessChatroom = 0;
> if ($canAccessChatroom == 1) {
> $fileID = fopen($DOCUMENT_ROOT. "/chat/nicknames.txt", r) or die ("could
> not open file");
> if (!$fileID) {
> $canAccessChatroom = 0;
> } else {
> $contents = fread($fileID);
> fclose($fileID);
> }
> }
> if ($canAccessChatroom == 1 && strlen($contents) == 0) $canAccessChatroom
> = 0;
> if ($canAccessChatroom == 1 && !preg_match("/[a-zA-Z0-9_\-]+/",
> $contents)) $canAccessChatroom == 0;
> if ($canAccessChatroom == 1) {
> if (!preg_match("/\b$nickname\b/i", $contents)) $canAccessChatroom == 0;
> }
> if ($canAccessChatroom == 0) {
> echo "<meta http-equiv=Refresh content='1;URL=http://"; . $SERVER_NAME .
> "/chat/chat_login.php'>\n";
> echo "<script>\n<!--\n location.href='http://"; . $SERVER_NAME .
> "/chat/chat_login.php';\n\/\/-->\n</script>\n";
> }
> }
> ?>
>
> No matter what I do, however, the file cannot be accessed if it exists and
> causes damage galore. Can anyone out there help me figure out what I did
> wrong; I'm completely stumped and may have to rewrite this portion of the
> chatroom in TCL, all of my TCL scripts have had NO problems whatsoever
> accessing the txt files.
>
> Phil
--
Torben Wilson <[EMAIL PROTECTED]>
http://www.thebuttlesschaps.com
http://www.hybrid17.com
http://www.inflatableeye.com
+1.604.709.0506
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
