Search Results

Search found 43347 results on 1734 pages for 'php security'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 255/1734 | < Previous Page | 251 252 253 254 255 256 257 258 259 260 261 262  | Next Page >

  • configuration issue with respect to .htaccess file on ubuntu

    - by Registered User
    I am building an application tshirtshop I have following configuration in /etc/apache2/sites-enabled/tshirtshop <VirtualHost *:80> ServerAdmin webmaster@localhost DocumentRoot /var/www/tshirtshop <Directory /var/www/tshirtshop> Options Indexes FollowSymLinks AllowOverride All Order allow,deny allow from all </Directory> ErrorLog ${APACHE_LOG_DIR}/error.log # Possible values include: debug, info, notice, warn, error, crit, # alert, emerg. LogLevel warn CustomLog ${APACHE_LOG_DIR}/access.log combined </VirtualHost> and following in .htaccess file in location /var/www/tshirtshop/.htaccess <IfModule mod_rewrite.c> # Enable mod_rewrite RewriteEngine On # Specify the folder in which the application resides. # Use / if the application is in the root. RewriteBase /tshirtshop #RewriteBase / # Rewrite to correct domain to avoid canonicalization problems # RewriteCond %{HTTP_HOST} !^www\.example\.com # RewriteRule ^(.*)$ http://www.example.com/$1 [R=301,L] # Rewrite URLs ending in /index.php or /index.html to / RewriteCond %{THE_REQUEST} ^GET\ .*/index\.(php|html?)\ HTTP RewriteRule ^(.*)index\.(php|html?)$ $1 [R=301,L] # Rewrite category pages RewriteRule ^.*-d([0-9]+)/.*-c([0-9]+)/page-([0-9]+)/?$ index.php?DepartmentId=$1&CategoryId=$2&Page=$3 [L] RewriteRule ^.*-d([0-9]+)/.*-c([0-9]+)/?$ index.php?DepartmentId=$1&CategoryId=$2 [L] # Rewrite department pages RewriteRule ^.*-d([0-9]+)/page-([0-9]+)/?$ index.php?DepartmentId=$1&Page=$2 [L] RewriteRule ^.*-d([0-9]+)/?$ index.php?DepartmentId=$1 [L] # Rewrite subpages of the home page RewriteRule ^page-([0-9]+)/?$ index.php?Page=$1 [L] # Rewrite product details pages RewriteRule ^.*-p([0-9]+)/?$ index.php?ProductId=$1 [L] </IfModule> the site is working on localhost and is working as if there is no .htaccess rule specified i.e. if I were to view a page as http://localhost/tshirtshop/nature-d2 then I get a 404 Error but if I view the same page as http://localhost/tshirtshop/index.php?DepartmentId=2 then I can view it. What is the mistake if any one can point out in above configuration, or else I need to check any thing else? sudo apache2ctl -M Loaded Modules: core_module (static) log_config_module (static) logio_module (static) mpm_prefork_module (static) http_module (static) so_module (static) alias_module (shared) auth_basic_module (shared) authn_file_module (shared) authz_default_module (shared) authz_groupfile_module (shared) authz_host_module (shared) authz_user_module (shared) autoindex_module (shared) cgi_module (shared) deflate_module (shared) dir_module (shared) env_module (shared) mime_module (shared) negotiation_module (shared) php5_module (shared) reqtimeout_module (shared) rewrite_module (shared) setenvif_module (shared) status_module (shared) Syntax OK I am using Apache2 on Ubuntu 12.04

    Read the article

  • The IT Security Bubble Has Popped

    The blank check IT security enjoyed has been pulled off the table as businesses reassess how much they spend to stay safe. Need some data on the mood? McAfee reports nearly three-quarters of SMBs have cut security spending, even though 71 percent believe a serious attack would put them out of business.

    Read the article

  • The IT Security Bubble Has Popped

    The blank check IT security enjoyed has been pulled off the table as businesses reassess how much they spend to stay safe. Need some data on the mood? McAfee reports nearly three-quarters of SMBs have cut security spending, even though 71 percent believe a serious attack would put them out of business.

    Read the article

  • How do I configure IIS to allow access to network resources for PHP scripts?

    - by Dereleased
    I am currently working on a PHP front-end that joins together a series of applications running on separate servers; many of these applications generate files that I need access to, but these files (for various reasons) reside on their parent servers. If I, from the command line, issue a bit of script such as: <?php var_dump(glob("\\\\machine-name\\some\\share\\*")); I will get the full contents of that directory, proving that there's no problem programmatically with PHP reading the contents of a UNC share. However, if I try to execute the same script from the web server, I get an empty array -- more specifically, if I use more explicitly functions designed to "open" a directory like it was a file, I get access errors. I believe this to be a permissions issue, but I am not a server/network administrator type, so I'm not sure what I need to do to correct this and get my script running, and the links I've checked out have not been a terrible amount of help, perhaps due to my background, or lack thereof as far as IIS is concerned, coupled with the fact that we are not actually using .NET for this. Relevant Stats: Windows Server 2008 Standard SP2 IIS 7.0 PHP 5.2.9 I will be connecting to two types of servers: a few other nearly-identical Server 2008 machines, and a machine running embedded XP. Links that have not been particularly helpful but maybe I am just misreading: http://support.microsoft.com/?id=306158 http://support.microsoft.com/kb/207671/EN-US/ http://support.microsoft.com/kb/280383/

    Read the article

  • GPL question : web application using Imagick and GhostScript => Which would be the final licence?

    - by sdespont
    I am a bit confusing and I need your help to undertand my problem. I have developed a web application (PHP, JQuery) for one of my customer. Recently, my customer ask me to add a new feature permitting PDF to JPG conversion. After web browsing, I have discovered that iMagick (Apache licence) PHP extension with GhostScript (GPL licence) is the only solution. But, as my customer want to sell the web application to others companies, I have to use non-GPL licences. By the way, this feature is OPTIONAL and the final user must download and install manually iMagick and GhostScript if he his interesting by using the PDF conversion. Is there someone to tell me if the fact to use Imagick to convert PDF to JPG (and therefore use GhostScript) turns my current proprietary licence to GPL? And what about if I don't use Imagick but call GhostScript using PHP exec() function? Is there others non-GPL projects to convert PDF to JPG that I could use with PHP? Any help would be greatly appreciated.

    Read the article

  • How to give specific url using htaccess? [on hold]

    - by Dash
    I am a web developer using codeigniter.I want to give a specific url to certain pages on my website.Is it possible using htaccess?I visited following sites but couldn't find anything such there: Bluehost Tutplus and some others too. What i really wanna do is when the admin is logged in the link should be http://localhost/admin-ci/index.php/admin/index.php/dashboard and if user logs in then the link should be http://localhost/admin-ci/user/index.php/dashboard.Will htaccess be able to do this?

    Read the article

  • php extensions & apache mods gone/not working after server restart?

    - by user1782359
    I was wondering if anyone has ever come across this before, as I'm pretty stumped to be honest, and my server admin knowledge isn't particular good so I'm not sure what could even be wrong, let alone how to fix it. Basically, Thursday last week everything was fine on our server. I come in on Friday and it's a mess: php extensions are missing/not working, apache modules are gone. (e.g. oci_* was gone completely, odbc_ not working but still there, the apache ntlm_auth for single sign on was gone and so the website wasn't even loading in IE). I'm ruling out anything deliberate because it's just incredibly unlikely. The only thing that really happened between thursday & friday is that on thursday evening one of the network guys did a RAM upgrade on the server and restarted it. That's it, nothing else. Now I'm wondering if somehow those extensions and such which we installed months ago were somehow only saved in a local memory of sorts, and a restart has wiped them? But we installed them all as root, so I don't see why it should be any different from installing anything else. It makes little/no sense to me. To expand on an example of something that's gone very wrong, the php odbc_ extension: It's still on the server, it doesn't return undefined function or anything. But it just cannot connect to the datasource any more. I've tested it through the command line and it's working perfectly fine with that datasource and login details, but all of a sudden having it in the php odbc_connect() function and it just can't connect. ( [S1000][unixODBC][FreeTDS][SQL Server]Unable to connect to data source. ) But unixODBC is set up fine. Like I say i've tested it all through the terminal and it can connect, and we've not changed anything, it's just now all of a sudden not working through the PHP function. Anyone have any ideas whatsoever as to what could be going on? This is on CentOS 5.x by the way.

    Read the article

  • xdebug 2.2.1 installed but not working with cgi

    - by ts01
    I've installed (via pecl) xdebug. It is installed (as phpinfo() output indicates), but it doesn't seems to work with CGI (with CLI it works). I've restarted apache, without result. Any ideas? Some config details (as parsed by http://xdebug.org/wizard.php) Xdebug installed: 2.2.1 Server API: Apache 2.0 Handler Windows: no Zend Server: no PHP Version: 5.3.10-1 Zend API nr: 220090626 PHP API nr: 20090626 Debug Build: no Thread Safe Build: no Configuration File Path: /etc/php5/apache2 Configuration File: /etc/php5/apache2/php.ini Extensions directory: /usr/lib/php5/20090626+lfs

    Read the article

  • trouble executing php scripts with nginx

    - by lovesh
    My nginx config looks like this server { listen 80; server_name localhost; location / { root /var/www; index index.php index.html; autoindex on; } location /folder1 { root /var/www/folder1; index index.php index.html index.htm; try_files $uri $uri/ index.php?$query_string; } location /folder2 { root /var/www/folder2; index index.php index.html index.htm; try_files $uri $uri/ index.php?$query_string; } location ~ \.php$ { fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; include fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; } } The problem with the above setup is that i am not able to execute php files. Now as per my understanding of nginx config rules, when i am in my webroot(/) which is /var/www the value of $document_root becomes /var/www so when i request for localhost/hi.php the fastcgi_param SCRIPT_FILENAME becomes /var/www/hi.php and that is the actual path of the php script. Similarly when i request for localhost/folder1/hi.php the $document_root becomes /var/www/folder1 because this is specified as the root in folder1's location block so again the fastcgi_param SCRIPT_FILENAME becomes /var/www/folder1/hi.php. But because the above configuration does not work so there is something wrong with my understanding. Please help?

    Read the article

  • How do I setup an Alias on Apache with XAMPP on Linux ? (Permission problem)

    - by knarf
    XAMPP works fine but I want to have http://localhost/f to point to /home/knarf/prog/php/fwyxz. I've chmod -R 777 /home/knarf/prog/php/fwyxz I've added Alias /f /home/knarf/prog/php/fwyxz at the end of the httpd.conf And when I try to access it, I get a 403. From the apache error_log: [error] [client 127.0.0.1] (13)Permission denied: access to /f denied. I've already tried several solutions (userdir and symlinks) but they both failed with the same error. I've also tried to add this after the Alias: <Directory "/home/knarf/prog/php/fwyxz"> Order allow,deny Allow from all </Directory> But again, permission denied. Now if I change the User/Group under which apache runs from nobody to knarf, it seems to work (static files are ok) but PHP can't use/initialize sessions : [error] [client 127.0.0.1] PHP Warning: session_start() [function.session-start]: open(/tmp/sess_r5nrmu4ugqguqqe83rs53lq6k0, O_RDWR) failed: Permission denied (13) in /home/knarf/prog/php/fwyxz/index.php on line 3 [error] [client 127.0.0.1] PHP Warning: Unknown: open(/tmp/sess_r5nrmu4ugqguqqe83rs53lq6k0, O_RDWR) failed: Permission denied (13) in Unknown on line 0 [error] [client 127.0.0.1] PHP Warning: Unknown: Failed to write session data (files). Please verify that the current setting of session.save_path is correct () in Unknown on line 0 This is really frustrating.

    Read the article

  • The requested operation has failed! (cannot find answer)

    - by Geoff
    I know this problem is plastered all over the web but I've been searching and trying for hours with no luck. Can someone please give me some help? I originally installed Apache 2.0.64 along with PHP 5.2.17, I went through all of the steps in this tutorial with no luck, I found that the culprit was the LoadModule line. After looking on the internet I found a whole bunch of stuff but a lot of it was referring to PHP 5 and Apache 2.2. Since there seemed to be more info on apache 2.2 I removed apache 2.0.64 and installed 2.2. I added the code to LoadModule in the conf file but I got the same problem. I then followed the steps in this tutorial because it was slightly different with some things I hadn't tried yet but still I get the same problem. If I comment out LoadModule... it works fine but otherwise I get "The requested operation has failed!". This is what I ended up keeping since it works only having to comment one line. LoadModule php5_module "c:/php/php5apache2_2.dll" <IfModule mod_php5.c> AddType application/x-httpd-php .php PHPIniDir "c:/php" DirectoryIndex index.php </IfModule> EDIT: How can I stop getting this error message? UPDATE: Also, please note that I took note of the message in the PHP site that stated if PHP 5.2 was to be run with Apache to use the VC6 and not VC9. I had VC9 so I replaced it with VC6, the file is labeled php-5.2.17-nts-Win32-VC6-x86.zip

    Read the article

  • How do you code against CSRF malicious requests?

    - by user355950
    how to Decline malicious requests.... Cross-Site Request Forgery Severity: Medium Test Type: Application Remediation Tasks: Decline malicious requests Reasoning: The same request was sent twice in different sessions and the same response was received. This shows that none of the parameters are dynamic (session identifiers are sent only in cookies) and therefore that the application is vulnerable to this issue.

    Read the article

  • How do I uncompress data in PHP which was originally compressed using zlib?

    - by Gaurav Arora
    Hello Everyone, I am quite new to Iphone development , so please bear me if I ask some some common questions. In my application I have to transfer data from my Iphone app to a PHP server and for this I have to compress the NSdata in my Iphone app and then pass it on to the PHP server and then Uncompress it in PHP and process the data sent by Iphone in PHP. For compressing the data in Iphone I have used zlib library.Now on PHP side I want to uncompress this data , but I am unable to do so. Can anyone help me in uncompressing this data in PHP. Thanks in Advance. Gaurav Arora

    Read the article

  • Ajax/PHP contact form not able to send mail

    - by Steph
    The funny thing is it did work for one evening. I contacted my host, and they are saying there's no reason it should not be working. I have also attempted to test it in Firebug, but it seemed to be sending. And I specifically put the email address (hosted in my domain) on my email safe list, so that is not the culprit either. Would anyone here take a look at it for me? I'd be so grateful. In the header I have: <script type="text/javascript"> $(document).ready(function() { var options = { target: '#alert' }; $('#contactForm').ajaxForm(options); }); $.fn.clearForm = function() { return this.each(function() { var type = this.type, tag = this.tagName.toLowerCase(); if (tag == 'form') return $(':input',this).clearForm(); if (type == 'text' || type == 'password' || tag == 'textarea') this.value = ''; else if (type == 'checkbox' || type == 'radio') this.checked = false; else if (tag == 'select') this.selectedIndex = -1; }); }; </script> Here is the actual form: <form id="contactForm" method="post" action="sendmail.php"> <fieldset> <p>Email Me</p> <div id="fieldset_container"> <label for="name">Your Name:</label> <input type="text" name="name" id="name" /><br /><br /> <label for="email">Email:</label> <input type="text" name="email" id="email" /><br /><br /> <span style="display:none;"> <label for="last">Honeypot:</label> <input type="text" name="last" value="" id="last" /> </span><br /><br /> <label for="message">Comments &amp; Inquiries:</label> <textarea name="message" id="message" cols="" rows=""></textarea><br/> </div> <div id="submit_button"> <input type="submit" name="submit" id="submit" value="Send It" /> </div> </fieldset> </form> <div class="message"><div id="alert"></div></div> Here is the code from my validating page, sendmail.php: <?php // Who you want to recieve the emails from the form. (Hint: generally you.) $sendto = '[email protected]'; // The subject you'll see in your inbox $subject = 'SH Contact Form'; // Message for the user when he/she doesn't fill in the form correctly. $errormessage = 'There seems to have been a problem. May I suggest...'; // Message for the user when he/she fills in the form correctly. $thanks = "Thanks for the email!"; // Message for the bot when it fills in in at all. $honeypot = "You filled in the honeypot! If you're human, try again!"; // Various messages displayed when the fields are empty. $emptyname = 'Entering your name?'; $emptyemail = 'Entering your email address?'; $emptymessage = 'Entering a message?'; // Various messages displayed when the fields are incorrectly formatted. $alertname = 'Entering your name using only the standard alphabet?'; $alertemail = 'Entering your email in this format: <i>[email protected]</i>?'; $alertmessage = "Making sure you aren't using any parenthesis or other escaping characters in the message? Most URLS are fine though!"; //Setting used variables. $alert = ''; $pass = 0; // Sanitizing the data, kind of done via error messages first. Twice is better! ;-) function clean_var($variable) { $variable = strip_tags(stripslashes(trim(rtrim($variable)))); return $variable; } //The first if for honeypot. if ( empty($_REQUEST['last']) ) { // A bunch of if's for all the fields and the error messages. if ( empty($_REQUEST['name']) ) { $pass = 1; $alert .= "<li>" . $emptyname . "</li>"; } elseif ( ereg( "[][{}()*+?.\\^$|]", $_REQUEST['name'] ) ) { $pass = 1; $alert .= "<li>" . $alertname . "</li>"; } if ( empty($_REQUEST['email']) ) { $pass = 1; $alert .= "<li>" . $emptyemail . "</li>"; } elseif ( !eregi("^[_a-z0-9-]+(.[_a-z0-9-]+)*@[a-z0-9-]+(.[a-z0-9-]+)*(.[a-z]{2,3})$", $_REQUEST['email']) ) { $pass = 1; $alert .= "<li>" . $alertemail . "</li>"; } if ( empty($_REQUEST['message']) ) { $pass = 1; $alert .= "<li>" . $emptymessage . "</li>"; } elseif ( ereg( "[][{}()*+?\\^$|]", $_REQUEST['message'] ) ) { $pass = 1; $alert .= "<li>" . $alertmessage . "</li>"; } //If the user err'd, print the error messages. if ( $pass==1 ) { //This first line is for ajax/javascript, comment it or delete it if this isn't your cup o' tea. echo "<script>$(\".message\").hide(\"slow\").show(\"slow\"); </script>"; echo "<b>" . $errormessage . "</b>"; echo "<ul>"; echo $alert; echo "</ul>"; // If the user didn't err and there is in fact a message, time to email it. } elseif (isset($_REQUEST['message'])) { //Construct the message. $message = "From: " . clean_var($_REQUEST['name']) . "\n"; $message .= "Email: " . clean_var($_REQUEST['email']) . "\n"; $message .= "Message: \n" . clean_var($_REQUEST['message']); $header = 'From:'. clean_var($_REQUEST['email']); //Mail the message - for production mail($sendto, $subject, $message, $header, "[email protected]"); //This is for javascript, echo "<script>$(\".message\").hide(\"slow\").show(\"slow\").animate({opacity: 1.0}, 4000).hide(\"slow\"); $(':input').clearForm() </script>"; echo $thanks; die(); //Echo the email message - for development echo "<br/><br/>" . $message; } //If honeypot is filled, trigger the message that bot likely won't see. } else { echo "<script>$(\".message\").hide(\"slow\").show(\"slow\"); </script>"; echo $honeypot; } ?>

    Read the article

  • Preventing $.POST hijack

    - by Jamie
    I'm currently building a facebook application. Lets say I have a variable $uid that identifies the user so I can store this in my database along with their submitted data. I pass $uid and $data via json encoded values using $.post. However, this doesn't prevent someone changing $uid to save data as someone else. I have been thinking about how to overcome this, so far I haven't found a solution apart from: create database with $uid $secretkey on first page load. When $.post send $secretkey with the post and then retrieve the $uid from the database. Would this be the correct approach to use?

    Read the article

  • Is it dangerous to keep an admin page to administer your database?

    - by Scarface
    Hey guys I have an admin page that checks if you are admin before submitting any queries, and contains a header to the index page if you are not admin, but I am worried about protecting the page. I am concerned someone may be able to destroy my database with it. Does anyone have any recommendation into protecting a page like this, if not, should I just manually admin my database through phpmyadmin and delete the page all together?

    Read the article

  • PHP Error - Login Script

    - by gamerzfuse
    I am creating a new login script/members directory. I am creating it from scratch without any frameworks (advice on this matter would also be appreciated). The situation: // Look up the username and password in the database $query = "SELECT admin_id, username FROM admin WHERE adminname = '$admin_user' AND password = SHA1('$admin_pass')"; $data = mysqli_query($dbc, $query); if (mysqli_num_rows($data) == 1) { This bit of code keeps giving me an error (the last line in particular): Warning: mysqli_num_rows() expects parameter 1 to be mysqli_result, boolean given in /home8/craighoo/public_html/employees/security/dir_admin.php on line 20 When echoing the query I get: SELECT admin_id, username FROM admin WHERE adminname = 'admin' AND password = SHA1('tera#byte') Thanks in advance!

    Read the article

  • Best way to implement a Rest API with PHP on Wamp web server

    - by DomingoSL
    Hello, i own a web server running windows (WAMP). I want to know the best way to implement a Rest API (a very simple one) in order to let a user do something. Diagram flow: I have programming skills, in fact, i developed some time ago a web server in VB6 who process the querys and when it find the command (http:/serverIP/webform.php?cmd=run&item=any) it do something, but know i really want to develop a solution using the WAMP server. Some people consider the solution of executing a exe when a command is detected a bad solution for security issues, but this specific proyect i have is for the use of only some people (trusted people) who dont have intentions of hacking the server. So, what do you think? Remember: Its not a public API, its for some people and some programs who will use the API Its a very simple one, only one command using POST or GET. Thanks

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 251 252 253 254 255 256 257 258 259 260 261 262  | Next Page >