homepage Welcome to WebmasterWorld Guest from 54.163.72.86
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Visit PubCon.com
Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
Forum Library, Charter, Moderators: coopster & jatar k

PHP Server Side Scripting Forum

    
Different results with different systems
Why doesn't this work over the loopback?
neiljones




msg:1294724
 12:25 pm on Aug 16, 2004 (gmt 0)

The following piece of code is a cutdown example that demonstrates the problem. I run Linux on my desktop and I have apache and php running via the loopback interface 127.0.0.1.
When I run this program on the desktop it just results in the page being reloaded and there is no attempt to load ch.php

However when I upload it to a live web server which is running under BSD it DOES work as expected.

I presume there is something wrong with my set up
can anyone help as this is a part of an application that HAS to run on the desktop.

<?
if ($submitj)
{

header("Location: ch.php");
}else{

print "<img src=\"dscn4727.jpg\">";

?>

<form method="post" action="">

<input name="entry" type="text" maxlength="90" class="textbox"
size="30" value="<?php echo $entry;?>" >
<input type="Submit" name="submitj" value="Enter Information">
</form>

<?
}
?>
</body>
</html>

 

Warboss Alex




msg:1294725
 2:37 pm on Aug 16, 2004 (gmt 0)

$submitj is $_POST variable ($_POST['submitj']), and if it's working like this on your remote server, it means that the server's configured with register_globals = on, whereas your local site has register_globals = off.

A setting of 'on' would allowed $submitj to be available directly, and not just through the $_POST array.

If this is the case, which I suspect it is, it's a poor choice by your web host. Globals on, especially on a live site, is a dangerous security issue; update your scripts accordingly.

ergophobe




msg:1294726
 3:53 pm on Aug 17, 2004 (gmt 0)

First, I completely agree that you should turn off register globals which may or may not cause security issues, depending on how the script is built, but it definitely can lead to bad code, and, as you have seen, unexpected results. Rewrite the scripts. As Chris Shifflet said in his OSCon presentation (Google for it if you want some good reading on PHP security), Register Globals "is not a security vulnerability, but it is a risk and a bad practice."

Now, stepping down from the pulpit... if for some reason you absolutely cannot rewrite the script, you can get it running by turning register_globals on by putting this in a .htaccess

php_flag register_globals On

Tom

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved