FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » Imported messages » comp.lang.php » Beginner's trouble with substr
Show: Today's Messages :: Polls :: Message Navigator
Switch to threaded view of this topic Create a new topic Submit Reply
Beginner's trouble with substr [message #179454] Mon, 29 October 2012 17:20 Go to next message
C is currently offline  C
Messages: 24
Registered: January 2012
Karma: 0
Junior Member
What am I doing wrong in this? The substr part does not seem to get processed properly.

<?php

global $host;
$host=@gethostbyaddr($REMOTE_ADDR);
if ($HTTP_SERVER_VARS["HTTP_X_FORWARDED_FOR"] != "")
{$realhost = @gethostbyaddr($HTTP_SERVER_VARS["HTTP_X_FORWARDED_FOR"]);}
$referer = $HTTP_REFERER;

if (substr($host, -3) == ".xy") {exit;} //
if (substr($host, 6) == "abcd29") {exit;} //
if (substr($referer, -4) == ".xyz") {exit;} //

if ($found == 1) {include 'simple.html';} else {include 'home.html';}

?>
Re: Beginner's trouble with substr [message #179455 is a reply to message #179454] Mon, 29 October 2012 17:34 Go to previous messageGo to next message
Salvatore is currently offline  Salvatore
Messages: 38
Registered: September 2012
Karma: 0
Member
On 2012-10-29, wrong(dot)address(dot)1(at)gmail(dot)com <wrong(dot)address(dot)1(at)gmail(dot)com> wrote:
>
> What am I doing wrong in this? The substr part does not seem to get processed properly.
>
> <?php
>
> global $host;
> $host=@gethostbyaddr($REMOTE_ADDR);
> if ($HTTP_SERVER_VARS["HTTP_X_FORWARDED_FOR"] != "")
> {$realhost = @gethostbyaddr($HTTP_SERVER_VARS["HTTP_X_FORWARDED_FOR"]);}
> $referer = $HTTP_REFERER;
>
> if (substr($host, -3) == ".xy") {exit;} //
> if (substr($host, 6) == "abcd29") {exit;} //
> if (substr($referer, -4) == ".xyz") {exit;} //
>
> if ($found == 1) {include 'simple.html';} else {include 'home.html';}
>
> ?>

The first thing I see wrong is that the variable "$found" is not
declared.

What are you trying to achieve?

--
Blah blah bleh...
GCS/CM d(-)@>-- s+:- !a C++$ UBL++++$ L+$ W+++$ w M++ Y++ b++
Re: Beginner's trouble with substr [message #179456 is a reply to message #179455] Mon, 29 October 2012 17:40 Go to previous messageGo to next message
C is currently offline  C
Messages: 24
Registered: January 2012
Karma: 0
Junior Member
On 29 loka, 19:34, Salvatore <s...@yojimbo.hack.invalid> wrote:
> On 2012-10-29, wrong.addres...@gmail.com <wrong.addres...@gmail.com> wrote:
>
>
>
>
>
>
>
>
>
>
>
>> What am I doing wrong in this? The substr part does not seem to get processed properly.
>
>> <?php
>
>> global $host;
>> $host=@gethostbyaddr($REMOTE_ADDR);
>> if ($HTTP_SERVER_VARS["HTTP_X_FORWARDED_FOR"] != "")
>>    {$realhost = @gethostbyaddr($HTTP_SERVER_VARS["HTTP_X_FORWARDED_FOR"]);}
>> $referer = $HTTP_REFERER;
>
>> if (substr($host, -3) == ".xy") {exit;} //
>> if (substr($host, 6) == "abcd29") {exit;} //
>> if (substr($referer, -4) == ".xyz") {exit;} //
>
>> if ($found == 1) {include 'simple.html';} else {include 'home.html';}
>
>> ?>
>
> The first thing I see wrong is that the variable "$found" is not
> declared.
>
> What are you trying to achieve?
>
> --
> Blah blah bleh...
> GCS/CM d(-)@>-- s+:- !a C++$ UBL++++$ L+$ W+++$ w M++ Y++ b++

I took that code out which defines $found. The code is trying to avoid
some nasty visitors.
Re: Beginner's trouble with substr [message #179457 is a reply to message #179456] Mon, 29 October 2012 19:46 Go to previous messageGo to next message
Salvatore is currently offline  Salvatore
Messages: 38
Registered: September 2012
Karma: 0
Member
On 2012-10-29, C <wrong(dot)address(dot)1(at)gmail(dot)com> wrote:
> I took that code out which defines $found. The code is trying to avoid
> some nasty visitors.

Ah, okay. I tried all the substr() calls and they appear to work properly.
However, the second substr() call is taking the last six characters off
the end of the string "$host", and not the first six characters as I
imagine you are trying to do.

Here's some sample code I put together to test this:

<?php
$host = 'a1b2c3d4e5f6';
$sub = substr($host, 6);
print "$sub\n";
?>

The above code results in the string "d4e5f6" being printed out, and not
"a1b2c3" as you may expect. If you want only the first six characters,
set the second parameter to 0 (zero) and the third parameter to 6.

--
Blah blah bleh...
GCS/CM d(-)@>-- s+:- !a C++$ UBL++++$ L+$ W+++$ w M++ Y++ b++
Re: Beginner's trouble with substr [message #179458 is a reply to message #179454] Mon, 29 October 2012 20:44 Go to previous messageGo to next message
Doug Miller is currently offline  Doug Miller
Messages: 171
Registered: August 2011
Karma: 0
Senior Member
wrong(dot)address(dot)1(at)gmail(dot)com wrote in news:c67eb83e-13d8-4263-b723-a10744fcd444
@googlegroups.com:

>
> What am I doing wrong in this? The substr part does not seem to get processed properly.

That is because you are not using it properly.
http://us3.php.net/manual/en/function.substr.php

The second parameter is the starting position, not (as you appear to believe) the length;
length is the *third* parameter.

>
> <?php
>
> global $host;
> $host=@gethostbyaddr($REMOTE_ADDR);
> if ($HTTP_SERVER_VARS["HTTP_X_FORWARDED_FOR"] != "")
> {$realhost = @gethostbyaddr($HTTP_SERVER_VARS
["HTTP_X_FORWARDED_FOR"]);}
> $referer = $HTTP_REFERER;
>
> if (substr($host, -3) == ".xy") {exit;} //
> if (substr($host, 6) == "abcd29") {exit;} //
> if (substr($referer, -4) == ".xyz") {exit;} //
>
> if ($found == 1) {include 'simple.html';} else {include 'home.html';}
>
> ?>
Re: Beginner's trouble with substr [message #179459 is a reply to message #179456] Mon, 29 October 2012 22:47 Go to previous messageGo to next message
Denis McMahon is currently offline  Denis McMahon
Messages: 634
Registered: September 2010
Karma: 0
Senior Member
On Mon, 29 Oct 2012 10:40:31 -0700, C wrote:

> On 29 loka, 19:34, Salvatore <s...@yojimbo.hack.invalid> wrote:
>> On 2012-10-29, wrong.addres...@gmail.com <wrong.addres...@gmail.com>
>> wrote:
>>
>>> What am I doing wrong in this? The substr part does not seem to get
>>> processed properly.
>>
>>> <?php
>>
>>> global $host;
>>> $host=@gethostbyaddr($REMOTE_ADDR);
>>> if ($HTTP_SERVER_VARS["HTTP_X_FORWARDED_FOR"] != "")
>>>    {$realhost =
>>>    @gethostbyaddr($HTTP_SERVER_VARS["HTTP_X_FORWARDED_FOR"]);}
>>> $referer = $HTTP_REFERER;
>>
>>> if (substr($host, -3) == ".xy") {exit;} //
>>> if (substr($host, 6) == "abcd29") {exit;} //
>>> if (substr($referer, -4) == ".xyz") {exit;} //
>>
>>> if ($found == 1) {include 'simple.html';} else {include 'home.html';}
>>
>>> ?>
>>
>> The first thing I see wrong is that the variable "$found" is not
>> declared.
>>
>> What are you trying to achieve?
>>
>> --
>> Blah blah bleh...
>> GCS/CM d(-)@>-- s+:- !a C++$ UBL++++$ L+$ W+++$ w M++ Y++ b++
>
> I took that code out which defines $found. The code is trying to avoid
> some nasty visitors.

If you know who your "nasty visitors" are, is it not possible (and maybe
better) to block them in the server config? eg for apache2:

# Stop these bastards accessing any php files
<Files ~ "\.php$">
SetEnvIf Remote_Host ^abcd29 bastard
Order allow,deny
Allow from all
Deny from .xy
Deny from .xyz
Deny from env = bastard
</Files>

Rgds

Denis McMahon
Re: Beginner's trouble with substr [message #179460 is a reply to message #179456] Mon, 29 October 2012 23:17 Go to previous messageGo to next message
Denis McMahon is currently offline  Denis McMahon
Messages: 634
Registered: September 2010
Karma: 0
Senior Member
On Mon, 29 Oct 2012 10:40:31 -0700, C wrote:

> On 29 loka, 19:34, Salvatore <s...@yojimbo.hack.invalid> wrote:
>> On 2012-10-29, wrong.addres...@gmail.com <wrong.addres...@gmail.com>
>> wrote:
>>
>>> What am I doing wrong in this? The substr part does not seem to get
>>> processed properly.
>>
>>> <?php
>>
>>> global $host;
>>> $host=@gethostbyaddr($REMOTE_ADDR);
>>> if ($HTTP_SERVER_VARS["HTTP_X_FORWARDED_FOR"] != "")
>>>    {$realhost =
>>>    @gethostbyaddr($HTTP_SERVER_VARS["HTTP_X_FORWARDED_FOR"]);}
>>> $referer = $HTTP_REFERER;

/** NEED TO CHECK $host and $referer HERE **/

>>> if (substr($host, -3) == ".xy") {exit;} //
>>> if (substr($host, 6) == "abcd29") {exit;} //
>>> if (substr($referer, -4) == ".xyz") {exit;} //
>>
>>> if ($found == 1) {include 'simple.html';} else {include 'home.html';}
>>
>>> ?>
>>
>> The first thing I see wrong is that the variable "$found" is not
>> declared.
>>
>> What are you trying to achieve?

> I took that code out which defines $found. The code is trying to avoid
> some nasty visitors.

Read http://php.net/manual/en/function.substr.php

I think this line:

if (substr($host, 6) == "abcd29") {exit;} //

perhaps should be this:

if (substr($host, 0, 6) == "abcd29") {exit;} //

unless you actually want to match on 12 character long strings ending
with "abcd29"

substr( string, -n ) // reads the characters from -n to end of string
substr( string, n ) // reads the characters from n to end of string

If you want the first n characters, you want substr( string, 0, n )

Also, why do you use: $REMOTE_ADDR, $HTTP_SERVER_VARS
["HTTP_X_FORWARDED_FOR"] and $HTTP_REFERER instead of $_SERVER
['REMOTE_HOST'], $_SERVER['HTTP_X_FORWARDED_FOR'] and $_SERVER
['HTTP_REFERER']

In addition, relying on HTTP_X_FORWARDED_FOR and HTTP_REFERER is
unreliable, as these fields can be spoofed anyway!

Are you relying on register_globals? Are register_globals enabled (they
won't be if you have competent server admins)?

Have you made *any* tests (at the point I marked the quoted code with "/
** NEED TO CHECK $host and $referer HERE **/") to check that the string
$host or $referrer you're checking is actually what you think it is?

How do you know the gethostbyaddr($REMOTE_ADDR) and gethostbyaddr
($HTTP_SERVER_VARS["HTTP_X_FORWARDED_FOR"]) calls are not failing (which
would indicate you were incorrectly assuming register_globals)? You have
the calls set to fail silently, which means that they could be delivering
the binary value FALSE and you don't even know it.

Also see my other comments about using the web server to do this without
letting the "nasty visitors" near the php!

Rgds

Denis McMahon
Re: Beginner's trouble with substr [message #179461 is a reply to message #179457] Tue, 30 October 2012 05:18 Go to previous messageGo to next message
C is currently offline  C
Messages: 24
Registered: January 2012
Karma: 0
Junior Member
On 29 loka, 21:46, Salvatore <s...@yojimbo.hack.invalid> wrote:
> On 2012-10-29, C <wrong.addres...@gmail.com> wrote:
>
>> I took that code out which defines $found. The code is trying to avoid
>> some nasty visitors.
>
> Ah, okay. I tried all the substr() calls and they appear to work properly.
> However, the second substr() call is taking the last six characters off
> the end of the string "$host", and not the first six characters as I
> imagine you are trying to do.

Yes, that is my mistake. Thanks.

>
> Here's some sample code I put together to test this:
>
> <?php
> $host = 'a1b2c3d4e5f6';
> $sub = substr($host, 6);
> print "$sub\n";
> ?>
>
> The above code results in the string "d4e5f6" being printed out, and not
> "a1b2c3" as you may expect. If you want only the first six characters,
> set the second parameter to 0 (zero) and the third parameter to 6.
>
> --
> Blah blah bleh...
> GCS/CM d(-)@>-- s+:- !a C++$ UBL++++$ L+$ W+++$ w M++ Y++ b++
Re: Beginner's trouble with substr [message #179462 is a reply to message #179458] Tue, 30 October 2012 05:19 Go to previous messageGo to next message
C is currently offline  C
Messages: 24
Registered: January 2012
Karma: 0
Junior Member
On 29 loka, 22:44, Doug Miller <doug_at_milmac_dot_...@example.com>
wrote:
> wrong.addres...@gmail.com wrote in news:c67eb83e-13d8-4263-b723-a10744fcd444
> @googlegroups.com:
>
>
>
>> What am I doing wrong in this? The substr part does not seem to get processed properly.
>
> That is because you are not using it properly.http://us3.php.net/manual/en/function.substr.php
>
> The second parameter is the starting position, not (as you appear to believe) the length;
> length is the *third* parameter.
>

Yes, that is what I did wrong. Thanks.

>
>
>> <?php
>
>> global $host;
>> $host=@gethostbyaddr($REMOTE_ADDR);
>> if ($HTTP_SERVER_VARS["HTTP_X_FORWARDED_FOR"] != "")
>>    {$realhost = @gethostbyaddr($HTTP_SERVER_VARS
>
> ["HTTP_X_FORWARDED_FOR"]);}
>
>
>
>
>
>
>
>> $referer = $HTTP_REFERER;
>
>> if (substr($host, -3) == ".xy") {exit;} //
>> if (substr($host, 6) == "abcd29") {exit;} //
>> if (substr($referer, -4) == ".xyz") {exit;} //
>
>> if ($found == 1) {include 'simple.html';} else {include 'home.html';}
>
>> ?>
Re: Beginner's trouble with substr [message #179463 is a reply to message #179459] Tue, 30 October 2012 05:21 Go to previous messageGo to next message
C is currently offline  C
Messages: 24
Registered: January 2012
Karma: 0
Junior Member
On 30 loka, 00:47, Denis McMahon <denismfmcma...@gmail.com> wrote:
> On Mon, 29 Oct 2012 10:40:31 -0700, C wrote:
>> On 29 loka, 19:34, Salvatore <s...@yojimbo.hack.invalid> wrote:
>>> On 2012-10-29, wrong.addres...@gmail.com <wrong.addres...@gmail.com>
>>> wrote:
>
>>>> What am I doing wrong in this? The substr part does not seem to get
>>>> processed properly.
>
>>>> <?php
>
>>>> global $host;
>>>> $host=@gethostbyaddr($REMOTE_ADDR);
>>>> if ($HTTP_SERVER_VARS["HTTP_X_FORWARDED_FOR"] != "")
>>>>    {$realhost =
>>>>    @gethostbyaddr($HTTP_SERVER_VARS["HTTP_X_FORWARDED_FOR"]);}
>>>> $referer = $HTTP_REFERER;
>
>>>> if (substr($host, -3) == ".xy") {exit;} //
>>>> if (substr($host, 6) == "abcd29") {exit;} //
>>>> if (substr($referer, -4) == ".xyz") {exit;} //
>
>>>> if ($found == 1) {include 'simple.html';} else {include 'home.html';}
>
>>>> ?>
>
>>> The first thing I see wrong is that the variable "$found" is not
>>> declared.
>
>>> What are you trying to achieve?
>
>>> --
>>> Blah blah bleh...
>>> GCS/CM d(-)@>-- s+:- !a C++$ UBL++++$ L+$ W+++$ w M++ Y++ b++
>
>> I took that code out which defines $found. The code is trying to avoid
>> some nasty visitors.
>
> If you know who your "nasty visitors" are, is it not possible (and maybe
> better) to block them in the server config? eg for apache2:

This is new to me. I can look up how to do this.

>
> # Stop these bastards accessing any php files
> <Files ~ "\.php$">
> SetEnvIf Remote_Host ^abcd29 bastard
> Order allow,deny
> Allow from all
> Deny from .xy
> Deny from .xyz
> Deny from env = bastard
> </Files>
>
> Rgds
>
> Denis McMahon
Re: Beginner's trouble with substr [message #179464 is a reply to message #179460] Tue, 30 October 2012 05:30 Go to previous message
C is currently offline  C
Messages: 24
Registered: January 2012
Karma: 0
Junior Member
On 30 loka, 01:17, Denis McMahon <denismfmcma...@gmail.com> wrote:
> On Mon, 29 Oct 2012 10:40:31 -0700, C wrote:
>> On 29 loka, 19:34, Salvatore <s...@yojimbo.hack.invalid> wrote:
>>> On 2012-10-29, wrong.addres...@gmail.com <wrong.addres...@gmail.com>
>>> wrote:
>
>>>> What am I doing wrong in this? The substr part does not seem to get
>>>> processed properly.
>
>>>> <?php
>
>>>> global $host;
>>>> $host=@gethostbyaddr($REMOTE_ADDR);
>>>> if ($HTTP_SERVER_VARS["HTTP_X_FORWARDED_FOR"] != "")
>>>>    {$realhost =
>>>>    @gethostbyaddr($HTTP_SERVER_VARS["HTTP_X_FORWARDED_FOR"]);}
>>>> $referer = $HTTP_REFERER;
>
> /** NEED TO CHECK $host and $referer HERE **/
>
>>>> if (substr($host, -3) == ".xy") {exit;} //
>>>> if (substr($host, 6) == "abcd29") {exit;} //
>>>> if (substr($referer, -4) == ".xyz") {exit;} //
>
>>>> if ($found == 1) {include 'simple.html';} else {include 'home.html';}
>
>>>> ?>
>
>>> The first thing I see wrong is that the variable "$found" is not
>>> declared.
>
>>> What are you trying to achieve?
>> I took that code out which defines $found. The code is trying to avoid
>> some nasty visitors.
>
> Readhttp://php.net/manual/en/function.substr.php
>
> I think this line:
>
> if (substr($host, 6) == "abcd29") {exit;} //
>
> perhaps should be this:
>
> if (substr($host, 0, 6) == "abcd29") {exit;} //
>
> unless you actually want to match on 12 character long strings ending
> with "abcd29"
>
> substr( string, -n ) // reads the characters from -n to end of string
> substr( string, n ) // reads the characters from n to end of string
>
> If you want the first n characters, you want substr( string, 0, n )

Yes, this is clear to me now. Thanks.

>
> Also, why do you use: $REMOTE_ADDR, $HTTP_SERVER_VARS
> ["HTTP_X_FORWARDED_FOR"] and $HTTP_REFERER instead of $_SERVER
> ['REMOTE_HOST'], $_SERVER['HTTP_X_FORWARDED_FOR'] and $_SERVER
> ['HTTP_REFERER']

What is the difference?

>
> In addition, relying on HTTP_X_FORWARDED_FOR and HTTP_REFERER is
> unreliable, as these fields can be spoofed anyway!

I can use $_SERVER[***], but why are they more reliable?

>
> Are you relying on register_globals? Are register_globals enabled (they
> won't be if you have competent server admins)?

I have no idea. I am only recording some of these variables in a file.
I am not "relying" on them to do anything serious with them in the
code.

>
> Have you made *any* tests (at the point I marked the quoted code with "/
> ** NEED TO CHECK $host and $referer HERE **/") to check that the string
> $host or $referrer you're checking is actually what you think it is?

Yes, they seem to be working all right. The referer is often fake and
I am intending to use that also to keep out undesirable people. They
seem to fake it in certain ways.

>
> How do you know the gethostbyaddr($REMOTE_ADDR) and gethostbyaddr
> ($HTTP_SERVER_VARS["HTTP_X_FORWARDED_FOR"]) calls are not failing (which
> would indicate you were incorrectly assuming register_globals)? You have
> the calls set to fail silently, which means that they could be delivering
> the binary value FALSE and you don't even know it.

That is correct. Sometimes I get only the IP numeric address, and
sometimes the hostname.

>
> Also see my other comments about using the web server to do this without
> letting the "nasty visitors" near the php!

Yes. Thanks for all this.

>
> Rgds
>
> Denis McMahon
  Switch to threaded view of this topic Create a new topic Submit Reply
Previous Topic: Requesting Help with a Regular Expression
Next Topic: skipping question "Do you want to save or open the file"
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Wed Nov 27 22:07:04 GMT 2024

Total time taken to generate the page: 0.03136 seconds