Jump to content

action.php HTTP 400 Bad Request - What 'am I missing?


Scotty13

Recommended Posts

Building a photo album / upload image page in my website.

I have a page that’s giving me trouble… action.php

 

Error when I test in browser: HTTP 400 Bad Request / webpage cannot be found (highlighted below)

 

<?php

 

define('PHPWG_ROOT_PATH','./');

include_once(PHPWG_ROOT_PATH.'include/common.inc.php');

 

// Check Access and exit when user status is not ok

check_status(ACCESS_GUEST);

 

function guess_mime_type($ext)

{

switch ( strtolower($ext) )

{

case "jpe": case "jpeg":

case "jpg": $ctype="image/jpeg"; break;

case "png": $ctype="image/png"; break;

case "gif": $ctype="image/gif"; break;

case "tiff":

case "tif": $ctype="image/tiff"; break;

case "txt": $ctype="text/plain"; break;

case "html":

case "htm": $ctype="text/html"; break;

case "xml": $ctype="text/xml"; break;

case "pdf": $ctype="application/pdf"; break;

case "zip": $ctype="application/zip"; break;

case "ogg": $ctype="application/ogg"; break;

default: $ctype="application/octet-stream";

}

return $ctype;

}

 

function do_error( $code, $str )

{

set_status_header( $code );

echo $str ;

exit();

}

 

 

if (!isset($_GET['id'])

or !is_numeric($_GET['id'])

or !isset($_GET['part'])

or !in_array($_GET['part'], array('t','e','i','h') ) )

{

do_error(400, 'Invalid request - id/part');}

 

$query = '

SELECT * FROM '. IMAGES_TABLE.'

WHERE id='.$_GET['id'].'

;';

 

$result = pwg_query($query);

$element_info = pwg_db_fetch_assoc($result);

if ( empty($element_info) )

{

do_error(404, 'Requested id not found');

}

 

// $filter['visible_categories'] and $filter['visible_images']

// are not used because it's not necessary (filter <> restriction)

$query='

SELECT id

FROM '.CATEGORIES_TABLE.'

INNER JOIN '.IMAGE_CATEGORY_TABLE.' ON category_id = id

WHERE image_id = '.$_GET['id'].'

'.get_sql_condition_FandF(

array(

'forbidden_categories' => 'category_id',

'forbidden_images' => 'image_id',

),

' AND'

).'

LIMIT 1

;';

if ( pwg_db_num_rows(pwg_query($query))<1 )

{

do_error(401, 'Access denied');

}

 

include_once(PHPWG_ROOT_PATH.'include/functions_picture.inc.php');

$file='';

switch ($_GET['part'])

{

case 't':

$file = get_thumbnail_path($element_info);

break;

case 'e':

$file = get_element_path($element_info);

break;

case 'i':

$file = get_image_path($element_info);

break;

case 'h':

if ( $user['enabled_high']!='true' )

{

do_error(401, 'Access denied h');

}

$file = get_high_path($element_info);

break;

}

 

if ( empty($file) )

{

do_error(404, 'Requested file not found');

}

 

if ($_GET['part'] == 'h') {

pwg_log($_GET['id'], 'high');

}

else if ($_GET['part'] == 'e')

{

pwg_log($_GET['id'], 'other');

}

 

$http_headers = array();

 

$ctype = null;

if (!url_is_remote($file))

{

if ( !@is_readable($file) )

{

do_error(404, "Requested file not found - $file");

}

$http_headers[] = 'Content-Length: '.@filesize($file);

if ( function_exists('mime_content_type') )

{

$ctype = mime_content_type($file);

}

 

$gmt_mtime = gmdate('D, d M Y H:i:s', filemtime($file)).' GMT';

$http_headers[] = 'Last-Modified: '.$gmt_mtime;

 

// following lines would indicate how the client should handle the cache

/* $max_age=300;

$http_headers[] = 'Expires: '.gmdate('D, d M Y H:i:s', time()+$max_age).' GMT';

// HTTP/1.1 only

$http_headers[] = 'Cache-Control: private, must-revalidate, max-age='.$max_age;*/

 

if ( isset( $_SERVER['HTTP_IF_MODIFIED_SINCE'] ) )

{

set_status_header(304);

foreach ($http_headers as $header)

{

header( $header );

}

exit();

}

}

 

if (!isset($ctype))

{ // give it a guess

$ctype = guess_mime_type( get_extension($file) );

}

 

$http_headers[] = 'Content-Type: '.$ctype;

 

if (!isset($_GET['view']))

{

$http_headers[] = 'Content-Disposition: attachment; filename="'.$element_info['file'].'";';

$http_headers[] = 'Content-Transfer-Encoding: binary';

}

else

{

$http_headers[] = 'Content-Disposition: inline; filename="'

.basename($file).'";';

}

 

foreach ($http_headers as $header)

{

header( $header );

}

 

// Looking at the safe_mode configuration for execution time

if (ini_get('safe_mode') == 0)

{

@set_time_limit(0);

}

 

@readfile($file);

 

?>

Link to comment
Share on other sites

include/common.inc.php...webpage cannot be found. Should it have two extensions .inc and .php ?

Yes, thats the name of the file. I've downloaded this script for free from a php script website. I just test that page and got the error...

 

Fatal error: Hacking attempt! in /home/myglobal/public_html/root/myvcphotos6/include/common.inc.php on line 1

Heres the script...

 

<?php

 

defined('PHPWG_ROOT_PATH') or trigger_error('Hacking attempt!', E_USER_ERROR);

 

// determine the initial instant to indicate the generation time of this page

$t1 = explode( ' ', microtime() );

$t2 = explode( '.', $t1[0] );

$t2 = $t1[1].'.'.$t2[1];

 

@set_magic_quotes_runtime(0); // Disable magic_quotes_runtime

 

//

// addslashes to vars if magic_quotes_gpc is off this is a security

// precaution to prevent someone trying to break out of a SQL statement.

//

if( !@get_magic_quotes_gpc() )

{

function sanitize_mysql_kv(&$v, $k)

{

$v = addslashes($v);

}

if( is_array( $_GET ) )

{

array_walk_recursive( $_GET, 'sanitize_mysql_kv' );

}

if( is_array( $_POST ) )

{

array_walk_recursive( $_POST, 'sanitize_mysql_kv' );

}

if( is_array( $_COOKIE ) )

{

array_walk_recursive( $_COOKIE, 'sanitize_mysql_kv' );

}

}

if ( !empty($_SERVER["PATH_INFO"]) )

{

$_SERVER["PATH_INFO"] = addslashes($_SERVER["PATH_INFO"]);

}

 

//

// Define some basic configuration arrays this also prevents malicious

// rewriting of language and otherarray values via URI params

//

$conf = array();

$page = array();

$user = array();

$lang = array();

$header_msgs = array();

$header_notes = array();

$filter = array();

 

if (is_file(PHPWG_ROOT_PATH .'local/config/multisite.inc.php'))

{

include(PHPWG_ROOT_PATH .'local/config/multisite.inc.php');

define('PWG_LOCAL_DIR', $conf['local_dir_site']);

}

else

{

define('PWG_LOCAL_DIR', 'local/');

}

 

@include(PHPWG_ROOT_PATH.PWG_LOCAL_DIR .'config/database.inc.php');

if (!defined('PHPWG_INSTALLED'))

{

header('Location: install.php');

exit;

}

 

foreach( array(

'array_intersect_key', //PHP 5 >= 5.1.0RC1

'hash_hmac', //(hash) - enabled by default as of PHP 5.1.2

'preg_last_error', // PHP 5 >= 5.2.0

'json_encode', // PHP 5 >= 5.2.0

) as $func)

{

if (!function_exists($func))

{

include_once(PHPWG_ROOT_PATH . 'include/php_compat/'.$func.'.php');

}

}

 

include(PHPWG_ROOT_PATH . 'include/config_default.inc.php');

@include(PHPWG_ROOT_PATH. 'local/config/config.inc.php');

if (isset($conf['local_dir_site']))

{

@include(PHPWG_ROOT_PATH.PWG_LOCAL_DIR. 'config/config.inc.php');

}

 

// that's for migration from 2.2, will be deprecated in 2.4

if (isset($conf['order_by']))

{

$conf['order_by_custom'] = $conf['order_by'];

}

if (isset($conf['order_by_inside_category']))

{

$conf['order_by_inside_category_custom'] = $conf['order_by_inside_category'];

}

 

include(PHPWG_ROOT_PATH .'include/dblayer/functions_'.$conf['dblayer'].'.inc.php');

 

if(isset($conf['show_php_errors']) && !empty($conf['show_php_errors']))

{

@ini_set('error_reporting', $conf['show_php_errors']);

@ini_set('display_errors', true);

}

 

include(PHPWG_ROOT_PATH . 'include/constants.php');

include(PHPWG_ROOT_PATH . 'include/functions.inc.php');

include( PHPWG_ROOT_PATH .'include/template.class.php');

 

// Database connection

try

{

$pwg_db_link = pwg_db_connect($conf['db_host'], $conf['db_user'],

$conf['db_password'], $conf['db_base']);

}

catch (Exception $e)

{

my_error(l10n($e->getMessage()), true);

}

 

pwg_db_check_charset();

 

load_conf_from_db();

 

if (!$conf['check_upgrade_feed'])

{

if (!isset($conf['piwigo_db_version']) or $conf['piwigo_db_version'] != get_branch_from_version(PHPWG_VERSION))

{

redirect(get_root_url().'upgrade.php');

}

}

 

load_plugins();

 

// users can have defined a custom order pattern, incompatible with GUI form

if (isset($conf['order_by_custom']))

{

$conf['order_by'] = $conf['order_by_custom'];

}

if (isset($conf['order_by_inside_category_custom']))

{

$conf['order_by_inside_category'] = $conf['order_by_inside_category_custom'];

}

 

include(PHPWG_ROOT_PATH.'include/user.inc.php');

 

if (in_array( substr($user['language'],0,2), array('fr','it','de','es','pl','hu','ru','nl') ) )

{

define('PHPWG_DOMAIN', substr($user['language'],0,2).'.piwigo.org');

}

elseif ('zh_CN' == $user['language']) {

define('PHPWG_DOMAIN', 'cn.piwigo.org');

}

else {

define('PHPWG_DOMAIN', 'piwigo.org');

}

define('PHPWG_URL', 'http://'.PHPWG_DOMAIN);

 

if(isset($conf['alternative_pem_url']) and $conf['alternative_pem_url']!='')

{

define('PEM_URL', $conf['alternative_pem_url']);

}

else

{

define('PEM_URL', 'http://'.PHPWG_DOMAIN.'/ext');

}

 

// language files

load_language('common.lang');

if ( is_admin() || (defined('IN_ADMIN') and IN_ADMIN) )

{

load_language('admin.lang');

}

trigger_action('loading_lang');

load_language('lang', PHPWG_ROOT_PATH.PWG_LOCAL_DIR, array('no_fallback'=>true, 'local'=>true) );

 

// only now we can set the localized username of the guest user (and not in

// include/user.inc.php)

if (is_a_guest())

{

$user['username'] = l10n('guest');

}

 

// template instance

if (defined('IN_ADMIN') and IN_ADMIN )

{// Admin template

$template = new Template(PHPWG_ROOT_PATH.'admin/themes', $conf['admin_theme']);

}

else

{ // Classic template

$template = new Template(PHPWG_ROOT_PATH.'themes', $user['theme'] );

}

 

if ( !isset($conf['no_photo_yet']) )

{

include(PHPWG_ROOT_PATH.'include/no_photo_yet.inc.php');

}

 

if (isset($user['internal_status']['guest_must_be_guest'])

and

$user['internal_status']['guest_must_be_guest'] === true)

{

$header_msgs[] = l10n('Bad status for user "guest", using default status. Please notify the webmaster.');

}

 

if ($conf['gallery_locked'])

{

$header_msgs[] = l10n('The gallery is locked for maintenance. Please, come back later.');

 

if ( script_basename() != 'identification' and !is_admin() )

{

set_status_header(503, 'Service Unavailable');

@header('Retry-After: 900');

header('Content-Type: text/html; charset='.get_pwg_charset());

echo '<a href="'.get_absolute_root_url(false).'identification.php">'.l10n('The gallery is locked for maintenance. Please, come back later.').'</a>';

echo str_repeat( ' ', 512); //IE6 doesn't error output if below a size

exit();

}

}

 

if ($conf['check_upgrade_feed'])

{

include_once(PHPWG_ROOT_PATH.'admin/include/functions_upgrade.php');

if (check_upgrade_feed())

{

$header_msgs[] = 'Some database upgrades are missing, '

.'<a href="'.get_absolute_root_url(false).'upgrade_feed.php">upgrade now</a>';

}

}

 

if (count($header_msgs) > 0)

{

$template->assign('header_msgs', $header_msgs);

$header_msgs=array();

}

 

if (!empty($conf['filter_pages']) and get_filter_page_value('used'))

{

include(PHPWG_ROOT_PATH.'include/filter.inc.php');

}

else

{

$filter['enabled'] = false;

}

 

if (isset($conf['header_notes']))

{

$header_notes = array_merge($header_notes, $conf['header_notes']);

}

 

// default event handlers

add_event_handler('render_category_literal_description', 'render_category_literal_description');

if ( !$conf['allow_html_descriptions'] )

{

add_event_handler('render_category_description', 'nl2br');

}

add_event_handler('render_comment_content', 'render_comment_content');

add_event_handler('render_comment_author', 'strip_tags');

add_event_handler('render_tag_url', 'str2url');

add_event_handler('blockmanager_register_blocks', 'register_default_menubar_blocks', EVENT_HANDLER_PRIORITY_NEUTRAL-1);

trigger_action('init');

?>

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
×
  • Create New...