Scotty13 Posted February 23, 2012 Report Share Posted February 23, 2012 Building a photo album / upload image page in my website. I have a page that’s giving me trouble… action.php Error when I test in browser: HTTP 400 Bad Request / webpage cannot be found (highlighted below) <?php define('PHPWG_ROOT_PATH','./'); include_once(PHPWG_ROOT_PATH.'include/common.inc.php'); // Check Access and exit when user status is not ok check_status(ACCESS_GUEST); function guess_mime_type($ext) { switch ( strtolower($ext) ) { case "jpe": case "jpeg": case "jpg": $ctype="image/jpeg"; break; case "png": $ctype="image/png"; break; case "gif": $ctype="image/gif"; break; case "tiff": case "tif": $ctype="image/tiff"; break; case "txt": $ctype="text/plain"; break; case "html": case "htm": $ctype="text/html"; break; case "xml": $ctype="text/xml"; break; case "pdf": $ctype="application/pdf"; break; case "zip": $ctype="application/zip"; break; case "ogg": $ctype="application/ogg"; break; default: $ctype="application/octet-stream"; } return $ctype; } function do_error( $code, $str ) { set_status_header( $code ); echo $str ; exit(); } if (!isset($_GET['id']) or !is_numeric($_GET['id']) or !isset($_GET['part']) or !in_array($_GET['part'], array('t','e','i','h') ) ) { do_error(400, 'Invalid request - id/part');} $query = ' SELECT * FROM '. IMAGES_TABLE.' WHERE id='.$_GET['id'].' ;'; $result = pwg_query($query); $element_info = pwg_db_fetch_assoc($result); if ( empty($element_info) ) { do_error(404, 'Requested id not found'); } // $filter['visible_categories'] and $filter['visible_images'] // are not used because it's not necessary (filter <> restriction) $query=' SELECT id FROM '.CATEGORIES_TABLE.' INNER JOIN '.IMAGE_CATEGORY_TABLE.' ON category_id = id WHERE image_id = '.$_GET['id'].' '.get_sql_condition_FandF( array( 'forbidden_categories' => 'category_id', 'forbidden_images' => 'image_id', ), ' AND' ).' LIMIT 1 ;'; if ( pwg_db_num_rows(pwg_query($query))<1 ) { do_error(401, 'Access denied'); } include_once(PHPWG_ROOT_PATH.'include/functions_picture.inc.php'); $file=''; switch ($_GET['part']) { case 't': $file = get_thumbnail_path($element_info); break; case 'e': $file = get_element_path($element_info); break; case 'i': $file = get_image_path($element_info); break; case 'h': if ( $user['enabled_high']!='true' ) { do_error(401, 'Access denied h'); } $file = get_high_path($element_info); break; } if ( empty($file) ) { do_error(404, 'Requested file not found'); } if ($_GET['part'] == 'h') { pwg_log($_GET['id'], 'high'); } else if ($_GET['part'] == 'e') { pwg_log($_GET['id'], 'other'); } $http_headers = array(); $ctype = null; if (!url_is_remote($file)) { if ( !@is_readable($file) ) { do_error(404, "Requested file not found - $file"); } $http_headers[] = 'Content-Length: '.@filesize($file); if ( function_exists('mime_content_type') ) { $ctype = mime_content_type($file); } $gmt_mtime = gmdate('D, d M Y H:i:s', filemtime($file)).' GMT'; $http_headers[] = 'Last-Modified: '.$gmt_mtime; // following lines would indicate how the client should handle the cache /* $max_age=300; $http_headers[] = 'Expires: '.gmdate('D, d M Y H:i:s', time()+$max_age).' GMT'; // HTTP/1.1 only $http_headers[] = 'Cache-Control: private, must-revalidate, max-age='.$max_age;*/ if ( isset( $_SERVER['HTTP_IF_MODIFIED_SINCE'] ) ) { set_status_header(304); foreach ($http_headers as $header) { header( $header ); } exit(); } } if (!isset($ctype)) { // give it a guess $ctype = guess_mime_type( get_extension($file) ); } $http_headers[] = 'Content-Type: '.$ctype; if (!isset($_GET['view'])) { $http_headers[] = 'Content-Disposition: attachment; filename="'.$element_info['file'].'";'; $http_headers[] = 'Content-Transfer-Encoding: binary'; } else { $http_headers[] = 'Content-Disposition: inline; filename="' .basename($file).'";'; } foreach ($http_headers as $header) { header( $header ); } // Looking at the safe_mode configuration for execution time if (ini_get('safe_mode') == 0) { @set_time_limit(0); } @readfile($file); ?> Quote Link to comment Share on other sites More sharing options...
Wickham Posted February 23, 2012 Report Share Posted February 23, 2012 include/common.inc.php...webpage cannot be found. Should it have two extensions .inc and .php ? Quote Link to comment Share on other sites More sharing options...
Scotty13 Posted February 23, 2012 Author Report Share Posted February 23, 2012 include/common.inc.php...webpage cannot be found. Should it have two extensions .inc and .php ? Yes, thats the name of the file. I've downloaded this script for free from a php script website. I just test that page and got the error... Fatal error: Hacking attempt! in /home/myglobal/public_html/root/myvcphotos6/include/common.inc.php on line 1 Heres the script... <?php defined('PHPWG_ROOT_PATH') or trigger_error('Hacking attempt!', E_USER_ERROR); // determine the initial instant to indicate the generation time of this page $t1 = explode( ' ', microtime() ); $t2 = explode( '.', $t1[0] ); $t2 = $t1[1].'.'.$t2[1]; @set_magic_quotes_runtime(0); // Disable magic_quotes_runtime // // addslashes to vars if magic_quotes_gpc is off this is a security // precaution to prevent someone trying to break out of a SQL statement. // if( !@get_magic_quotes_gpc() ) { function sanitize_mysql_kv(&$v, $k) { $v = addslashes($v); } if( is_array( $_GET ) ) { array_walk_recursive( $_GET, 'sanitize_mysql_kv' ); } if( is_array( $_POST ) ) { array_walk_recursive( $_POST, 'sanitize_mysql_kv' ); } if( is_array( $_COOKIE ) ) { array_walk_recursive( $_COOKIE, 'sanitize_mysql_kv' ); } } if ( !empty($_SERVER["PATH_INFO"]) ) { $_SERVER["PATH_INFO"] = addslashes($_SERVER["PATH_INFO"]); } // // Define some basic configuration arrays this also prevents malicious // rewriting of language and otherarray values via URI params // $conf = array(); $page = array(); $user = array(); $lang = array(); $header_msgs = array(); $header_notes = array(); $filter = array(); if (is_file(PHPWG_ROOT_PATH .'local/config/multisite.inc.php')) { include(PHPWG_ROOT_PATH .'local/config/multisite.inc.php'); define('PWG_LOCAL_DIR', $conf['local_dir_site']); } else { define('PWG_LOCAL_DIR', 'local/'); } @include(PHPWG_ROOT_PATH.PWG_LOCAL_DIR .'config/database.inc.php'); if (!defined('PHPWG_INSTALLED')) { header('Location: install.php'); exit; } foreach( array( 'array_intersect_key', //PHP 5 >= 5.1.0RC1 'hash_hmac', //(hash) - enabled by default as of PHP 5.1.2 'preg_last_error', // PHP 5 >= 5.2.0 'json_encode', // PHP 5 >= 5.2.0 ) as $func) { if (!function_exists($func)) { include_once(PHPWG_ROOT_PATH . 'include/php_compat/'.$func.'.php'); } } include(PHPWG_ROOT_PATH . 'include/config_default.inc.php'); @include(PHPWG_ROOT_PATH. 'local/config/config.inc.php'); if (isset($conf['local_dir_site'])) { @include(PHPWG_ROOT_PATH.PWG_LOCAL_DIR. 'config/config.inc.php'); } // that's for migration from 2.2, will be deprecated in 2.4 if (isset($conf['order_by'])) { $conf['order_by_custom'] = $conf['order_by']; } if (isset($conf['order_by_inside_category'])) { $conf['order_by_inside_category_custom'] = $conf['order_by_inside_category']; } include(PHPWG_ROOT_PATH .'include/dblayer/functions_'.$conf['dblayer'].'.inc.php'); if(isset($conf['show_php_errors']) && !empty($conf['show_php_errors'])) { @ini_set('error_reporting', $conf['show_php_errors']); @ini_set('display_errors', true); } include(PHPWG_ROOT_PATH . 'include/constants.php'); include(PHPWG_ROOT_PATH . 'include/functions.inc.php'); include( PHPWG_ROOT_PATH .'include/template.class.php'); // Database connection try { $pwg_db_link = pwg_db_connect($conf['db_host'], $conf['db_user'], $conf['db_password'], $conf['db_base']); } catch (Exception $e) { my_error(l10n($e->getMessage()), true); } pwg_db_check_charset(); load_conf_from_db(); if (!$conf['check_upgrade_feed']) { if (!isset($conf['piwigo_db_version']) or $conf['piwigo_db_version'] != get_branch_from_version(PHPWG_VERSION)) { redirect(get_root_url().'upgrade.php'); } } load_plugins(); // users can have defined a custom order pattern, incompatible with GUI form if (isset($conf['order_by_custom'])) { $conf['order_by'] = $conf['order_by_custom']; } if (isset($conf['order_by_inside_category_custom'])) { $conf['order_by_inside_category'] = $conf['order_by_inside_category_custom']; } include(PHPWG_ROOT_PATH.'include/user.inc.php'); if (in_array( substr($user['language'],0,2), array('fr','it','de','es','pl','hu','ru','nl') ) ) { define('PHPWG_DOMAIN', substr($user['language'],0,2).'.piwigo.org'); } elseif ('zh_CN' == $user['language']) { define('PHPWG_DOMAIN', 'cn.piwigo.org'); } else { define('PHPWG_DOMAIN', 'piwigo.org'); } define('PHPWG_URL', 'http://'.PHPWG_DOMAIN); if(isset($conf['alternative_pem_url']) and $conf['alternative_pem_url']!='') { define('PEM_URL', $conf['alternative_pem_url']); } else { define('PEM_URL', 'http://'.PHPWG_DOMAIN.'/ext'); } // language files load_language('common.lang'); if ( is_admin() || (defined('IN_ADMIN') and IN_ADMIN) ) { load_language('admin.lang'); } trigger_action('loading_lang'); load_language('lang', PHPWG_ROOT_PATH.PWG_LOCAL_DIR, array('no_fallback'=>true, 'local'=>true) ); // only now we can set the localized username of the guest user (and not in // include/user.inc.php) if (is_a_guest()) { $user['username'] = l10n('guest'); } // template instance if (defined('IN_ADMIN') and IN_ADMIN ) {// Admin template $template = new Template(PHPWG_ROOT_PATH.'admin/themes', $conf['admin_theme']); } else { // Classic template $template = new Template(PHPWG_ROOT_PATH.'themes', $user['theme'] ); } if ( !isset($conf['no_photo_yet']) ) { include(PHPWG_ROOT_PATH.'include/no_photo_yet.inc.php'); } if (isset($user['internal_status']['guest_must_be_guest']) and $user['internal_status']['guest_must_be_guest'] === true) { $header_msgs[] = l10n('Bad status for user "guest", using default status. Please notify the webmaster.'); } if ($conf['gallery_locked']) { $header_msgs[] = l10n('The gallery is locked for maintenance. Please, come back later.'); if ( script_basename() != 'identification' and !is_admin() ) { set_status_header(503, 'Service Unavailable'); @header('Retry-After: 900'); header('Content-Type: text/html; charset='.get_pwg_charset()); echo '<a href="'.get_absolute_root_url(false).'identification.php">'.l10n('The gallery is locked for maintenance. Please, come back later.').'</a>'; echo str_repeat( ' ', 512); //IE6 doesn't error output if below a size exit(); } } if ($conf['check_upgrade_feed']) { include_once(PHPWG_ROOT_PATH.'admin/include/functions_upgrade.php'); if (check_upgrade_feed()) { $header_msgs[] = 'Some database upgrades are missing, ' .'<a href="'.get_absolute_root_url(false).'upgrade_feed.php">upgrade now</a>'; } } if (count($header_msgs) > 0) { $template->assign('header_msgs', $header_msgs); $header_msgs=array(); } if (!empty($conf['filter_pages']) and get_filter_page_value('used')) { include(PHPWG_ROOT_PATH.'include/filter.inc.php'); } else { $filter['enabled'] = false; } if (isset($conf['header_notes'])) { $header_notes = array_merge($header_notes, $conf['header_notes']); } // default event handlers add_event_handler('render_category_literal_description', 'render_category_literal_description'); if ( !$conf['allow_html_descriptions'] ) { add_event_handler('render_category_description', 'nl2br'); } add_event_handler('render_comment_content', 'render_comment_content'); add_event_handler('render_comment_author', 'strip_tags'); add_event_handler('render_tag_url', 'str2url'); add_event_handler('blockmanager_register_blocks', 'register_default_menubar_blocks', EVENT_HANDLER_PRIORITY_NEUTRAL-1); trigger_action('init'); ?> Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.