Disable Magic_quotes_gpc In A .htaccess File
How do I disable magic quotes via .htaccess?
I put the following file in my webroot, but it does not disable
magic_quotes_gpc (according to phpinfo(), both the local and master value
are still "on")
<IfModule mod_php4.c>
php_value upload_max_filesize 8M
php_value magic_quotes_gpc 0
</IfModule>
The change to upload_max_filesize works (master is 2M, local value is 8M,
according to phpinfo())
View Complete Forum Thread with Replies
See Related Forum Messages: Follow the Links Below to View Complete Thread
.htaccess File
Can anyone tell me if the password is encrypted at all when this method of directory protection is used? If it isn't, is the only way to do this to use SSL?
Parsing .htaccess File
I want to parse the contents of an .htaccess file from within PHP. The contents of the .htaccess file looks like this: <Files foobar.tar.gz> AuthType Basic AuthUserFile /foobar AuthName "Foobar" <Limit GET> Require user FOOBAR </Limit> </Files> And so on. When I read in that file with the following code: $fd = fopen(".htaccess", 'rb'); while (!feof($fd)) { $line = fgets($fd, 1024); echo "|".$line."| "; } fclose($fd); Then I get empty lines for those lines containing <Files ...>, <Limit ...> and so on. How can I get at those lines as well? What I need to know is basically the information "which user can access which file?"
SALT Encryption Via Php To The .htaccess File
I have done this in perl before, but I am writing a username and password not only to a member database, but also to the .htacceess file that will contain the usrename and passwords (Apache stuff). Can someone point me in the right direction to write te right code to make that? crypt() I believe, but the rest of the syntax I am clueless on.
Htaccess File Not Working Any Deeper
i've htaccess (using FILES ) all directory in my site so as to obtain personalize urls. It works at the first directory but any deeper, the apache or php (I don't know) seems to take forever to load up the file. It's not loaded at all. For example: http://www.domain.com/service/mh so mh is a php file. A htaccess file is inside the service directory. Its working but http://www.domain.com/service/a_folder/mh5 A htaccess file is inside the a_folder directory so as to redirect any request to mh5 php file. This directory is not working. I'm sure everything in my htaccess is correct. Any ideas why?
.htaccess - Parsing A PHP File With A .html Extension?
Can I use .htaccess to parse a PHP file with a standard .html extension?? This doesn't seem to work: AddType text/html .html AddHandler server-parsed .html I'm using a remote host, so modifying the server's .conf file isn't really an option nor is modifying the php.ini file.
Uploading Of Larger Files, Ini_set(), .htaccess File
i set the values of upload_max_filesize and post_max_size through the . htaccess file. I managed to change the local values but i cannot change the master value of the php. ini. I tried uploading bigger files but still i cannot. . . what seems to be the problem here??? do the local and master values have to be the same for me to be able to upload large files??? I cannot locate the php. ini so . htaccess is my only choice of setting the values any idea??? I also tried setting the values through ini_set() but still no luck..
Magic_quotes_gpc ?
Are there any ideas of how to keep the magic_quotes_gpc variable in ini file - "On" or "Off". I just noticed the difference between local settings and server's ones.
Magic_quotes_gpc
I've got a form that inserts data to the mysql database. On the first page, I type: PHP Code:
Magic_quotes_gpc
can you dynamically set magic_quotes_gpc. I am running multiple domains on one server and need it off on one domain and on on the other domain.
Magic_quotes_gpc
Right now I am having to use stripslashes() on EVERY row I want to display from the database, and I really don't want to have to do this anymore. I want to figure out how to make it so the database automatically strips the slashes for you when displaying rows. I just tried this: ini_set('magic_quotes_gpc', 'off'); ini_set('magic_quotes_runtime', 'off'); It didn't do anything though...the slashes are still there. I'm really not sure what else to do.
Magic_quotes_gpc On By Default In PHP 4.3.3?
Prior to upgrading to PHP 4.3.3 (Windows), magic_quotes_gpc was turned off in the php.ini file. However, when I upgraded, I told the installer overwrite my previous php.ini files. I didn't have anything special in my previous version of php.ini and I wanted a clean slate. After I upgraded to 4.3.3, I noticed that my scripts were acting strange, specifically form input. I checked php.ini and found that magic_quotes_gpc was turned on. I unzipped the installer exe and upon inspecting the php.ini, I found the default php.ini included had magic_quotes_gpc On. I thought they were going to set magic_quotes_gpc off by default in the later versions. Anyone know why they did this? Was it a mistake?
Living With Magic_quotes_gpc()
My ISP used to have php version 3 only. magic_quotes_gpc() was turned OFF. My ISP recently added php version 4. magic_quotes_gpc() was turned ON. To switch from php 3 to php 4, I started to change my code. After looking through the code I could see a lot of work. In calls to MySQL I had used "addslashes" to "escape" quotes that users typed. Since "magic_quotes_gpc()" was already adding slashes, I now had to delete these "addslashes". As well, I now had to insert "stripslashes" in other places that were already working -- to use strlen() to get the "real" length of strings -- to compare an "input string" with a "MySQL string" -- to send data to the screen in "forms" or "query strings". In all these situations, the slashes added by "magic_quotes_gpc()" were not wanted. All this editing had to be wrong -- it was going to be too much work!!! Instead I added a function to the beginning of each page. (Actually each page already calls a "start" function; so I was lucky -- the new function was just added to the "start" function.) The following function just "stripslashes()" if php "magic_quotes_gpc()" is turned on. Code:
SQL Injection And Magic_quotes_gpc
I've designed a simple form and scripted some PHP without any of the recommended security measures one normally employs to prevent SQL injection attacks. My aim in this was to experiment with SQL injection as I had never really understood it. Much to my chagrin, all of my injections seemed to have been escaped without my knowledge! I did some reading and found that a setting in my php.ini file escaped all of the input, magic_quotes_gpc. Now, my question is this: Just how effective is magic_quotes_gpc at preventing SQL injection attacks? Given my limited knowledge of the field, I figured I'd ask the experts (every forum has at least two).
What Are The Pros And Cons For Magic_quotes_gpc
My first impulse was to turn it off. But maybe I'm wrong. Or is it one of those 6 of one half a dozen of the other things? From what I'm seeing on a search it might improve performance slightly but with some s/w there are security issues... (We have register_globals turned off). General working env. is mySql, but might switch to PostGres in the future. Right now I'm using Perl::DBI to access the database, but that's because I don't know PHP data access methods yet and have some already written stuff to work with.
Image From DB + New Server With Magic_quotes_gpc: On
I mode a site from to a new server where trere is: PHP Version 4.3.2 and magic_quotes_gpc On On magic_quotes_runtime Off Off magic_quotes_sybase Off Off since i moved the site i can't get images from DB correctly images are stored in a "mediumblob" field if i use mysql front to view images in DB i see them correctly, but when i retrive them by php they are messed up i store images with INSERT INTO file (tab,mime,x,y,file) VALUES ('news','$mime',$x,$y,'".addslashes(fread($fd,$userfile_size))."') and i get them with Header("Content-type: $mime"); $img_from_db_out = $query->getField("file"); echo $img_from_db_out;
Magic_quotes_gpc Isn't Adding Slashes?
I've enabled magic_quotes_gpc in my php.ini. I'm running PHP 4.3.1, btw. And when I insert data from a input form with an ' I get an error of course. I'm unsure why PHP isn't adding the before ' Secondly, where in my script would I add the addslashes() string. Does it go within my INSERT string or do you set it up as a variable?
Htaccess Needs Saving To .htaccess
Windows won't let me change htaccess-dist to .htaccess - saying it needs a file type..!! is there another way in which I can save it other than just trying to rename it.
Disable Cookie
I am using cookie to hide a variabe in send.php3 as following:send.php3: PHP Code:
Disable Checkbox
I have a checkbox that I set by php code to be either "checked" or "". I want to disable the ability of the user to check or uncheck it. I tried "readonly", but that didn't work.
Can I Disable $PHP_AUTH_PW?
Is there any way I can disable the setting of the environment variable $PHP_AUTH_PW? I'm authenticating via LDAP, and don't need (or want) the password available to PHP. I also don't need $PHP_AUTH_USER; the current authenicated user is available in $LDAP_USER.
Disable (grey Out) A Button.
Experienced programmer but new to PHP. Moreover I'm to use PHP with Xoops on top (this adds object orientation?). I don't seem to find a xoops Usenet group? Whatever the case (and presumably a Xoops property): how does one disable (grey-out) a button?
Disable Right Click In Opera
In my website there is requirement to disable rightclick. I am providing the code and it is working in I.E ,Netscape and Mozilla.But not working in Opera browser. My code is <body oncontextmenu='return false;'> The above single line code is working very fine in the above browsers not in Opera.
Disable Phpinfo In Php3
In PHP4 there is the posibility to disable the use of phpinfo() by putting "disable_functions = phpinfo" in the php.ini-file. Is this also possible with PHP3 (in php3.ini) or is there another way of disabling this function?
How To Disable PHPSESSID From Posting In URL
I don't want the URL to display this info. I never notcied this being displayed before but all of a sudden it seemed to pop-up. I don't host my own server so any access to the php.ini file is not possible. Any ideas out there?
How To Completely Disable Openbase_dir?
I'm using php 4.3.4 and have an intermitent problem with gallery (gallery.sourceforge.net) regarding the open_basedir restriction in php. The error I am getting is: ------ PHP Warning: (null)(): Failed opening '/home/httpd/vhosts/mydom.com/httpdocs/gallery2/main.php' for inclusion (include_path='.:/usr/share/pear') in Unknown on line 0, referer: http://mydom.com/gallery2/main.php ------ I have disabled safemode and open_basedir in php.ini and have verified through a phpinfo() call that they are disabled. Actually, open_basedir is reported as being set to "no value" and safemode is reported as disabled. The strange thing is that this does not happen every time i access this page. It is only 1 out of 10 times and usually it is the first time i access the page for the day(but not always). I have restarted httpd and the server just in case. I also checked .htaccess but it shouldnt matter since phpinfo() says it is not set. This is baffling to me! If I could rip this feature out I would. It was installed by default on my dedicated server.
How Do You Disable The Close (x) On A Window
I'm running a PHP script on page1.php that takes a few seconds, once it has run the page then redirects to page2.php automatically sending variables . However, if the user shuts page1.php by pressing the X on the top right of the screen, the redirect doesn't happen!! Does anyone know how to disable the X and stop the page being closed down please?? or another solution??
How Do I Unclock The URL/disable Frameset?
I have a few websites out there and set up alittle script for my friends to auto register subdomains for their affiliate sites. Problem is, some affiliate programs don't allow URL MASKING and I can not figure out HOW to disable it within the script. Could someone take a look at this and help me? I'm trying to disable the frames in forward.php, along with whatever it gets linked to (i'm very new to this, so i included a link to whole script incase there is more then just forward.php I need to edit). Code:
Disable The Values In Address Bar??
Am trying with a social network site... i want to disable the values in address bar which are passing as string variables, My pages are included in the index page.. and my values are passing like that... by changing the values in address bar my page is changing.. How can i solve this issue... i think anyone can change my site using this address bar.. how could i prevent this???
Disable Right-click On Mouse
Is there a php script that wil disable the right-click on mouse or maybe disable the copy and paste feature of the browser? because i have a client, wherein he wants to prevent public viewing his website from copying his website content?
Disable Command Line Arguments For Php-cli
i have been trying to disable the -n and -c arguments that you can use with php from the command prompt. this is because these features can effectively disable my php.ini which has a whole mess of disabled_functions (that i want to ensure remain disabled). my best idea for going about doing this so far has been to download the source for the newest php, with hopes to compile my own which will ignore arguments other than a filename. so far the closest i have got is to the the zend_API.c which has the follow function: Code:
Disable .php Handler For A Specific Browser,
I would like to know if there is a way to remove/disable .php handler when the request come from a specific Browser. I ask this because I use dreamweaver / webdav to edit my .php files. But when I try to open the .php file in dreamweaver, what I see if the result of the .php executions, not the .php source files. I know that you can create an Alias location "/dav", and disable the ..php handler for this location. It's a solution, but not the best I think. It would be better if we can disable .php runtime where dreamweaver Get the files.
Disable Backbutton - When Page Has Expired...
I have this on the page: <?php header("Pragma: no-cache"); header("Expires: -1"); ?> but I want it so, that when the user goes back, (s)he might not be allowed too - say the session has expired. How can i achive that?
Disable Coding In Textboxes/Textfields
Is there a way to disable PHP, HTML, and the sort in textboxes and input fields? There are things called SQL Injections which are usually used in an url or input field to steal data from the database.
Why Does PHP As Apache Module Disable PHP's Java()?
My site was suddenly running HTTP authentication and was faster. But if this was a problem from the past, now a entire part of my site does't work because my calls i had to function Java() now generate this output: Fatal error: Call to a member function on a non-object HTTP authentication(PHP as Apache module) versus Java Virtual Machine what's the relation between them, how can i restore Java() to work properly. Is it on httpd.conf? why does not PHP call Java extension if it is installed on Apache as a module?
Disable Safe Mode Without Loss Of Security ?
I'm trying to disable safe mode from my php installation. First because this functionality will be removed in PHP6, and because it's very restrictive and it's giving me headaches when configuring frameworks and other applications. Moreover, it's said on the php website that the safe mode solution is not a good thing... I'm looking for a tutorial which indicates what to configure on a server in order to have a secured installation of PHP, but without safe mode. I can't find it...
Enable/disable Html In Form Processing
I've got a form, where it submits some info and adds it to a txt file. The file is then displayed on the front page of my site; however, there is a security problem i'd like to fix dealing with html. How would you go about disabling the use of html in a form?
PHP Script To Disable/enable Internet Access
We are finally getting DSL again... but our PC is in the living room... and the youngest has figured out that if he hits the right keys... he can bring up Internet Explorer. All is fine and dandy right now, but come next week... that things wont be so dandy. I am setting our LInux router/server back up soon, and would like a quick, easy way to enable and disable our internet access. What I would like to do is have a simple PHP page that says (iff network status = inactive) Your Internet Access is DISABLED Enter passcode to enable internet access [TEXTBOX] Then [OK] so on clicking "OK" if password = suchandsuch then run script" "/sbin/network start" or whatever the script is and refresh the page then iff network = active Your Internet Access is ENABLED [DISABLE] upon clicking of "DISABLE" run script /sbin/network stop and refresh the page Something to that effect.
Disable Passing Arrays In Query String?
Is there any way to stop PHP from turning a query string like this: ?var[] into an array when it is read by $_GET['var']? I have quite a few input validations that are easily screwed up by this strange (and apparently undocumented???) feature...
Disable Submit Button If Text Field Is Empty
I am unsure if this must be done with Ajax, or if it can be done with PHP. I have a simple search page where I want the submit button to be disabled if there is nothing entered in the text field, and once something IS entered, then the search button is enabled. I was thinking Ajax, because I am looking for it to be real time and I am not sure if its possible with PHP as I am just a novice when it comes to certain things. So the button is always disabled when there is nothing, and enabled when the user enters something. And lets say the user enters something and removes it, then the button disables again? Is this possible to do with PHP and if so, could someone please help me tackle this . Code:
Mail() Function Blocks Webpage For Nameserver Lookup ! How Can I Disable It?
When mail() function reaches a wrong email address or a down domain name (which it can not resolve it to its IP address) it blocks PHP page for a while. How can I disable this behaviour? I was able to disable this in mail clients such as Pine by setting an option that tells "Do not make DNS lookups before ading mail to queue" . Is there anything in PHP for doing this?
How To Use Php In .htaccess?
hi, does anyone knows how to write php in a .htaccess file? coz all i want to do is to have every member his own database with his own username and password, so that only hisself can access his own directory. but my membership creation is a web-based, so that i can't create the user's own password database by hand, so it must be done when a new user is created automatically. are there any ways to do that? Also, I tried to use php to call htpasswd but it seemed didn't work by the script: exec("htpasswd -b -c /usr/local/apache/passwd/perry perry perry");
Htaccess And PHP
Does anyone know how to use the htaccess password algorithm from a PHP script ive tried crypt it's not the same. I need to encrypt a word and return it but it has to work with htaccess.
Htaccess And PHP
I have set up .htaccess for one of my pages... and one of the protected files is a PHP script. Now, my question is, I want to use the username from htaccess in my PHP script, how do I get it? Eg. you log in to my htaccess protected page and then you come to a page that say this "Hello, you are logged in as <username>"
PHP And .htaccess
Howdy! Anyone have any ideas how to manipulate a .htaccess to enable security on a specific directory via PHP.... More specifically, I need to allow an administrative user to add other users / passwords for a specific directory tree.
.htaccess
I'm building my website and i wanted to put a htaccess in a protected dir... and place a login form somewhere to access my protected directory so my login collect username and pass and try to go at my dir specific url like this: user:pass@mysite.com but it works on some computer and doesn't for others. Is there any reason?
|
TRACKER
