1

Hi,

if you can edit the main php.ini file, change the option to on:

allow_url_fopen=on

then reload the phpinfo page to see if it applied. The location of the file is defined in the Configuration File (php.ini) Path of the phpinfo view. If you cannot edit the main php.ini, you can try to create a new php.ini file in the document root. And just add the options you want to change. The Loaded Configuration File field of the phpinfo view should show if the new file is loaded.

Note: some times, the configuration (of PHP or of the web server) does not allow to override the settings through custom php.ini files, so you may need to contact your hosting support to make changes.

For more info, see the HOST and PATH directives:

0

Yes, it's the same on tcpiputils: https://www.tcpiputils.com/browse/domain/stacychristine.com

And if you see the result of the WHOIS you can see who is the real registrant:

Registrant Name: CCA, Lt webPHOTOMaster, Betcha Private Registration

Which is:

It seems they developed the website, registered the godaddy DNS management for your client, then saved the website into Netsuite. If your client does not have the credentials to enter in Netsuite, then she can only ask to webPHOTOMaster support. I have some doubts you would be able to access that account. It will more probable that you could only point the DNS somewhere else, from godaddy panel, and start the website from zero. Good luck! :)

Besides: the hosting in use is powered by ASP.NET, not PHP:

> http head stacychristine.com                                                                   

HTTP/1.1 301 Moved Permanently
Cache-Control: private
Connection: keep-alive
Date: Tue, 30 May 2017 14:32:14 GMT
Location: http://www.stacychristine.com
Server: akka-http/10.0.0-100-netsuite-02
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
0

It seems godaddy was used to register and manage the DNS. Enter into the domain management page and see where it points. From those IPs you should be able to find the hosting company. The same can be done through tools like dig and whois:

> dig daniweb.com ANY

...
daniweb.com.        299 IN  A   198.23.117.137
...

> whois 198.23.117.137

...
Organization:   SoftLayer Technologies Inc. (SOFTL)
...

or through a service like:

for example, if you search daniweb.com you get a summary with the hosting company name:

Domain daniweb.com is listed in the top million list of Alexa ... This domain is hosted by SoftLayer Technologies Inc. (AS36351)...

Which is http://www.softlayer.com/

1

Hi,

at line 7 you have:

$update_id = $post_id;

while $post_id is initialized at line 68:

$post_id = $row_post['post_id'];

Which in practice depends on $edit_id defined at line 60:

$edit_id = $_GET['edit_post'];

So, it seems that you open the page like this:

page.php?edit_post=123

All you have to do is to initialize $edit_id on top, at line 4, so that is available to the POST conditional statement and to the other code.

Do not use $_GET directly, filter the variable:

$edit_id = filter_input(INPUT_GET, 'edit_post', FILTER_VALIDATE_INT, ['options' => ['default' => NULL]]);

Then replace:

$update_id = $post_id;

With:

$update_id = $edit_id;

Or simply adjust the following code to use $edit_id. Use the filter functions also for the other input coming from POST and GET requests, and use prepared statements too:

1

Hello Dani,

I don't think it's the user agent, I'm testing with Phantomjs and it uses this user agent:

Mozilla/5.0 (Unknown; Linux i686) AppleWebKit/538.1 (KHTML, like Gecko) PhantomJS/2.1.1 Safari/538.1

The testing script render.js:

var page   = require('webpage').create(),
    system = require('system'),
    vsize  = {width: 1280, height: 1024},
    address, output;

address = system.args[1];
output  = system.args[2];

page.viewportSize = vsize;
page.clipRect = {
  top: 0,
  left: 0,
  width: vsize.width,
  height: vsize.height
};

page.open(address, function() {
  page.render(output);
  phantom.exit();
});

Execution:

./phantomjs render.js LINK output.png

And it works fine. In this specific case Microsoft is rejecting HEAD requests, it allows GET requests, in fact, it returns 200, but the page has no contents because are loaded by Javascript: test with Postman to see how it renders. So, it seems it needs a rendering engine to show the contents.

2

Hi! You can use pathinfo() or a directory iterator:

$ext = pathinfo($file)['extension'];

BUT right now the img() function can, potentially, allow the access to the contents of any directory on the server, by adding ../ to the variable, as example you can write the following and access /etc/:

pictures.php?imageID=images/../../../../etc

It depends on the position of the document root in the file system. You could use an integer and make sure it's valid, for example:

$imageID = filter_input(INPUT_GET, 'imageID', FILTER_VALIDATE_INT, ['options' => ['default' => NULL]]);

if(TRUE === is_null($imageID))
{
    # redirect or show 404
}

# continue if $imageID is valid

See also: https://www.owasp.org/index.php/Path_Traversal

Votes + Comments
thank you @cereal
2

Hmm, the session in this case it is not, probably, the best approach: what happens if, in the current session, you open multiple tabs of A.php with different IDs?

A.php?id=123
A.php?id=124
A.php?id=125
...

It would screw up, because the session value would be rewritten by the latest loaded tab. Append the query string to B.php, so if you are using a form you can do:

<form method="get" action="B.php?id=123">

Or hide it in the input fields:

<input type="hidden" name="id" value="123">

If you want more appropriated help, share an example of what you are trying to do.

Votes + Comments
Good shout about multiple tabs +1 - a common gotcha!
0

Thank you Jim! Yes, that works fine and also counting the resulting array works fine.

The original query is not like in the above example: I was using FOUND_ROWS() in a PHP PDO class, to automatically extract the number of rows, but it was not working appropriately. So I started playing with an example table and added SQL_CALC_FOUND_ROWS too and came down with the above test.

Even by doing:

SELECT SQL_CALC_FOUND_ROWS * FROM `test` LIMIT 3;

then FOUND_ROWS() should return 5, instead it returns 1. In practice, I do not understand why it does not output the expected result.

I just did a test on MariaDB 10.0.28 and MariaDB 10.1.19 and returns 5, as expected. My current instead is 10.0.29, so it may be a bug.

//EDIT

@Dani, yes, I added SQL_CALC_FOUND_ROWS just to test the query.

0

Hello,

so, I'm playing a bit with MariaDB 10.0.29 and I cannot understand why FOUND_ROWS() keeps returning the 1 whatever happens to the latest select query. Here's my test:

> CREATE TABLE `test` (`id` INT UNSIGNED AUTO_INCREMENT PRIMARY KEY, `msg` VARCHAR(100) NULL) ENGINE = InnoDB;
Query OK, 0 rows affected
Time: 0.782s

> INSERT INTO `test` (`msg`) VALUES('apples'), ('oranges'), ('strawberries'), ('cherries'), ('random');
Query OK, 5 rows affected
Time: 0.180s

> SELECT SQL_CALC_FOUND_ROWS * FROM `test`;
+------+--------------+
|   id | msg          |
|------+--------------|
|    1 | apples       |
|    2 | oranges      |
|    3 | strawberries |
|    4 | cherries     |
|    5 | random       |
+------+--------------+
5 rows in set
Time: 0.003s

> SELECT FOUND_ROWS();
+----------------+
|   FOUND_ROWS() |
|----------------|
|              1 |
+----------------+
1 row in set
Time: 0.002s

Expected result 5. The same happens with MyISAM engine.

Any clue why this happens? To avoid any possible backside issue, I have tested from a fresh connection through the command line client, but it does not seems to make difference.

The online test with MySQL 5.6, instead, returns 0, it is accessible here:

For the online test result I'm not sure it depends on SQLfiddle or it is MySQL 5.6.