FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » Imported messages » comp.lang.php » Beginner's trouble with substr
Show: Today's Messages :: Polls :: Message Navigator
Return to the default flat view Create a new topic Submit Reply
Re: Beginner's trouble with substr [message #179460 is a reply to message #179456] Mon, 29 October 2012 23:17 Go to previous messageGo to previous message
Denis McMahon is currently offline  Denis McMahon
Messages: 634
Registered: September 2010
Karma:
Senior Member
On Mon, 29 Oct 2012 10:40:31 -0700, C wrote:

> On 29 loka, 19:34, Salvatore <s...@yojimbo.hack.invalid> wrote:
>> On 2012-10-29, wrong.addres...@gmail.com <wrong.addres...@gmail.com>
>> wrote:
>>
>>> What am I doing wrong in this? The substr part does not seem to get
>>> processed properly.
>>
>>> <?php
>>
>>> global $host;
>>> $host=@gethostbyaddr($REMOTE_ADDR);
>>> if ($HTTP_SERVER_VARS["HTTP_X_FORWARDED_FOR"] != "")
>>>    {$realhost =
>>>    @gethostbyaddr($HTTP_SERVER_VARS["HTTP_X_FORWARDED_FOR"]);}
>>> $referer = $HTTP_REFERER;

/** NEED TO CHECK $host and $referer HERE **/

>>> if (substr($host, -3) == ".xy") {exit;} //
>>> if (substr($host, 6) == "abcd29") {exit;} //
>>> if (substr($referer, -4) == ".xyz") {exit;} //
>>
>>> if ($found == 1) {include 'simple.html';} else {include 'home.html';}
>>
>>> ?>
>>
>> The first thing I see wrong is that the variable "$found" is not
>> declared.
>>
>> What are you trying to achieve?

> I took that code out which defines $found. The code is trying to avoid
> some nasty visitors.

Read http://php.net/manual/en/function.substr.php

I think this line:

if (substr($host, 6) == "abcd29") {exit;} //

perhaps should be this:

if (substr($host, 0, 6) == "abcd29") {exit;} //

unless you actually want to match on 12 character long strings ending
with "abcd29"

substr( string, -n ) // reads the characters from -n to end of string
substr( string, n ) // reads the characters from n to end of string

If you want the first n characters, you want substr( string, 0, n )

Also, why do you use: $REMOTE_ADDR, $HTTP_SERVER_VARS
["HTTP_X_FORWARDED_FOR"] and $HTTP_REFERER instead of $_SERVER
['REMOTE_HOST'], $_SERVER['HTTP_X_FORWARDED_FOR'] and $_SERVER
['HTTP_REFERER']

In addition, relying on HTTP_X_FORWARDED_FOR and HTTP_REFERER is
unreliable, as these fields can be spoofed anyway!

Are you relying on register_globals? Are register_globals enabled (they
won't be if you have competent server admins)?

Have you made *any* tests (at the point I marked the quoted code with "/
** NEED TO CHECK $host and $referer HERE **/") to check that the string
$host or $referrer you're checking is actually what you think it is?

How do you know the gethostbyaddr($REMOTE_ADDR) and gethostbyaddr
($HTTP_SERVER_VARS["HTTP_X_FORWARDED_FOR"]) calls are not failing (which
would indicate you were incorrectly assuming register_globals)? You have
the calls set to fail silently, which means that they could be delivering
the binary value FALSE and you don't even know it.

Also see my other comments about using the web server to do this without
letting the "nasty visitors" near the php!

Rgds

Denis McMahon
[Message index]
 
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Previous Topic: Requesting Help with a Regular Expression
Next Topic: skipping question "Do you want to save or open the file"
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Thu Nov 28 02:50:46 GMT 2024

Total time taken to generate the page: 0.04887 seconds