New Xampp Security Concept

Problems with the Windows version of XAMPP, questions, comments, and anything related.

New Xampp Security Concept

Postby broadlighter » 19. September 2009 01:16

I am working on a pet project using PHP and MySQL (see my signature below for versions.)

I am creating a form with text fields. I want to take the text strings in the form fields and post them to a MySQL database. I've tested the insert query using just the strings and LAST_INSERT_ID() to enter the ID field and that is working fine.

My problem comes with using the $_POST[] global variable. I keep getting errors with it, so I just tried to use a simple echo command. Here is the code I'm using:

This is the form part of the HTML file where I create a text box, named "Form." Below it is a submit button.
-----------------------------------------------
<form method="post" action="<?php echo $_Server['PHP_SELF'] ?>">

<label>From:&nbsp;&nbsp;</label>
<input type="text" name="From" size="30" /></br>

<p id="button"><input type="submit" value="Submit" /></p></form>

--------------------------------------------------

The next part is the PHP code that calls the text captured in the text box and simply prints it to the page:
--------------------------------------------------------
<?php

$from = $_POST['From']
echo $from

?>
---------------------------------------------------------

What I get on the resulting webpage is this:
---------------------------------------------------
Access forbidden!

New XAMPP security concept:

Access to the requested object is only available from the local network.

This setting can be configured in the file "httpd-xampp.conf".

If you think this is a server error, please contact the webmaster.
Error 403
localhost
9/18/2009 3:11:36 PM
Apache/2.2.12 (Win32) DAV/2 mod_ssl/2.2.12 OpenSSL/0.9.8k mod_autoindex_color PHP/5.3.0 mod_perl/2.0.4 Perl/v5.10.0
-------------------------------------------------------------

I looked at the httpd-xampp.conf file and the only section that indicates where this error is coming from is this:
-------------------------------------------------------------
# New XAMPP security concept
#
<LocationMatch "^/(?i?:xampp|security|licenses|phpmyadmin|webalize r|server-status|server-info))">
Order deny,allow
Deny from all
Allow from ::1 127.0.0.0/8 \
fc00::/7 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 \
fe80::/10 169.254.0.0/16

ErrorDocument 403 /error/HTTP_XAMPP_FORBIDDEN.html.var
</LocationMatch>

------------------------------------------------------------------

I'm not sure what this means, but if there is something I can change here, please let me know.

Thanks,

Bliter
__________________


Apache 2.2.12
PHP 5.3.0
MySQL 5.1.37
broadlighter
 
Posts: 2
Joined: 19. September 2009 01:10

Re: New Xampp Security Concept

Postby Wiedmann » 19. September 2009 01:25

Code: Select all
<form method="post" action="<?php echo $_Server['PHP_SELF'] ?>">

There is no array "$_Server" with the key "PHP_SELF" in PHP.

The next part is the PHP code that calls the text captured in the text box and simply prints it to the page:

There are some semicolons missing in this code part.
Wiedmann
AF Moderator
 
Posts: 17106
Joined: 01. February 2004 12:38
Location: Stuttgart / Germany

Re: New Xampp Security Concept

Postby broadlighter » 19. September 2009 07:21

I found that PHP_SELF item in a book and when I used it, my inserts started working with the PHP code in the original HTML file with the form tags in it. If that was some fluke, okay. I'm new to PHP so I am looking for some answers.

I noticed the missing semicolons and put them in. Ran the script again and got the same error message.
broadlighter
 
Posts: 2
Joined: 19. September 2009 01:10

Re: New Xampp Security Concept

Postby Wiedmann » 19. September 2009 12:52

found that PHP_SELF item in a book

I don't think it's "$_Server['PHP_SELF']" in this book. It must be "$_SERVER['PHP_SELF']".
Wiedmann
AF Moderator
 
Posts: 17106
Joined: 01. February 2004 12:38
Location: Stuttgart / Germany


Return to XAMPP for Windows

Who is online

Users browsing this forum: No registered users and 31 guests