Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 12 of 12
  1. #1
    New Coder
    Join Date
    Jan 2012
    Posts
    10
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Question Problems protecting script file

    I've been messing with this for about half a day now and I've tried everything I can think of to make this work and it just won't work.

    I'm trying to make a simple port checker to see if a port in an ip address is open. I want to protect the script file from being accessed directly and I also want it to check to see if both fields have been filled out before it will do anything if not then display a message to go back and fill both fields out first.

    I've set up three different files. The form file, the script, config file. I'm out of ideas at this point even if you enter a ip address and port into the form and hit Test it displays a pursing error. I'm sure it's probably something really simple but I just can't figure it out some help would be greatly appreciated!

    Error(0): Failed to parse address "" or port is closed

    config.php
    PHP Code:
    <?php
        define
    ('NoAccess'1);
    ?>
    testPort.php
    Code:
    <html>
    <head>
      <title>Port Tester</title>
    </head>
    <body>
      <p>This is a script to test if a port is open on a certain ip address.</p>
      <form method="post" action="port.php">
      	IP Address:<br />
        <input id="ip" name="ip" type="text" size="20" /><br />
        Port:<br />
        <input id="port" name="port" type="text" size="10" /><br /><br />
        <input type="submit" name=submit" value="Test" />
      </form>
    
    </body>
    </html>
    port.php
    PHP Code:
    <?php

        
    require_once('config.php');

        if(!
    defined('NoAccess')){
            exit(
    'You cannot access this file directly.');
        }

        if (!isset(
    $_POST['ip']) || !isset($_POST['port'])) {
            
    missing("You must enter a IP Address/Hostname and port...<br><br>");
            echo 
    "<a href='testPort.php'>Go Back</a>";
        }
        
        
    $test = @fsockopen($ip$port$errno$errstr);
               
    $senddata      "GET / HTTP/1.0\r\n";
               
    $senddata     .= "Host: $ip\r\n";
               
    $senddata     .= "Connection: Close\r\n\r\n";
        
        if (
    $test)    {
            echo 
    "Port $port is currently open.";
        } else {
            echo 
    "Error($errno): $errstr or port is closed";
        }
        
        function 
    missing($msg) {
            echo 
    $msg;
            exit;
        }

        
    fclose($test);

    ?>
    Last edited by JoeBobJr; 01-15-2012 at 04:59 AM.

  • #2
    12k
    12k is offline
    New Coder
    Join Date
    Jan 2012
    Posts
    29
    Thanks
    0
    Thanked 6 Times in 6 Posts
    I would just use a htaccess

  • #3
    Supreme Master coder! _Aerospace_Eng_'s Avatar
    Join Date
    Dec 2004
    Location
    In a place far, far away...
    Posts
    19,291
    Thanks
    2
    Thanked 1,043 Times in 1,019 Posts
    Remove the @ from fsockopen, it is probably giving you the real error.
    ||||If you are getting paid to do a job, don't ask for help on it!||||

  • #4
    New Coder
    Join Date
    Jan 2012
    Posts
    10
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by _Aerospace_Eng_ View Post
    Remove the @ from fsockopen, it is probably giving you the real error.
    It's not I have already tried that and I tried it again just now to make sure. It still goes to the

    PHP Code:
    echo "Error($errno): $errstr or port is closed"
    and displays that on the port.php once the form is submitted

    But thanks you to mentioning that I remembered I had display_errors turned off in php.ini for when I was working on a php nuke website. That helped me figure out that my variables were missing.
    Last edited by JoeBobJr; 01-15-2012 at 05:26 AM.

  • #5
    New Coder
    Join Date
    Jan 2012
    Posts
    10
    Thanks
    0
    Thanked 0 Times in 0 Posts
    I just noticed that some how my variables got deleted I guess when I was changing around the code and didn't even notice it

    PHP Code:
    $ip $_POST['ip'];
    $port $_POST['port']; 
    That fixed one problem but now I have the issue I was having before where if I try to access the file directly it tells me I need to..

    You must enter a IP Address/Hostname and port...

    instead of giving the can't access this file error

    I also just noticed I have to move

    PHP Code:
    echo "<a href='testPort.php'>Go Back</a>"
    here

    PHP Code:
        function missing($msg) {
            echo 
    $msg;
            echo 
    "<a href='testPort.php'>Go Back</a>";
            exit;
        } 
    Last edited by JoeBobJr; 01-15-2012 at 05:34 AM.

  • #6
    Supreme Overlord Spookster's Avatar
    Join Date
    May 2002
    Location
    Marion, IA USA
    Posts
    6,280
    Thanks
    4
    Thanked 83 Times in 82 Posts
    Unless i'm misunderstanding your intention would it not just be easier to move those files above the web root if you do not want someone to access the script directly? Your scripts don't have to be in your web accessible directory (public_html, www) in order for you to use them in your site.
    Spookster
    CodingForums Supreme Overlord
    All Hail Spookster

  • #7
    New Coder
    Join Date
    Jan 2012
    Posts
    10
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by Spookster View Post
    Unless i'm misunderstanding your intention would it not just be easier to move those files above the web root if you do not want someone to access the script directly? Your scripts don't have to be in your web accessible directory (public_html, www) in order for you to use them in your site.
    I was eventually going to do that to be honest. I am only really messing around with php to learn how to keep a file from being accessed. In case there were to be some reason I needed it. That is definitely the best way I just wanted to learn this way just in case and just expand my learning some.

    EDIT: I also plan on removing the ip address box altogether once it's finished. I don't want my code used by spammers or to scan networks without that person's permission. I know some would use it in that manner. I am going to set the ip address to 127.0.0.1 and not allow the ip address to be entered at all. I don't want to go through the trouble of trying to set up something to check if the script has been used by a particular ip address and restrict access to the script for so many seconds before it can be used again. Although that could be an option but my intentions were to make it so that anyone can check their own network to see if a port is open if they are having issues with a web service or whatever.
    Last edited by JoeBobJr; 01-15-2012 at 06:07 AM.

  • #8
    New Coder
    Join Date
    Jan 2012
    Posts
    10
    Thanks
    0
    Thanked 0 Times in 0 Posts
    I was able to get everything working correctly except the file access part of the code something is still wrong having issues figuring it out. Here is the new code I changed some stuff around and simplified one of the if statements.

    If I access the file directly it's telling me I need to fill in ip address or port instead of saying you can't access the file directly it has to be something simple I am over looking.

    PHP Code:
    <?php

        
    require_once('config.php');

        if(!
    defined('NoAccess')){
            die(
    'You cannot access this file directly.');
        }

        
    $ip $_POST['ip'];
        
    $port $_POST['port'];
        
        if ((
    $ip == "") or ($port == "")) {
            
    missing("You must enter a IP Address/Hostname and port...<br><br>");
        }

        
    $test = @fsockopen($ip$port$errno$errstr);
               
    $senddata      "GET / HTTP/1.0\r\n";
               
    $senddata     .= "Host: $ip\r\n";
               
    $senddata     .= "Connection: Close\r\n\r\n";
        
        if (
    $test)    {
            echo 
    "Port $port is currently open.";
        } else {
            echo 
    "Port $port is closed";
        }
        
        function 
    missing($msg) {
            echo 
    $msg;
            echo 
    "<a href='testPort.php'>Go Back</a>";
            exit;
        }

        @
    fclose($test);

    ?>

  • #9
    Supreme Master coder! _Aerospace_Eng_'s Avatar
    Join Date
    Dec 2004
    Location
    In a place far, far away...
    Posts
    19,291
    Thanks
    2
    Thanked 1,043 Times in 1,019 Posts
    Yes it is, config.php has NoAccess defined in it so this
    PHP Code:
    if(!defined('NoAccess')){
            die(
    'You cannot access this file directly.');
        } 
    never happens. Remove it from config.php.
    ||||If you are getting paid to do a job, don't ask for help on it!||||

  • #10
    New Coder
    Join Date
    Jan 2012
    Posts
    10
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by _Aerospace_Eng_ View Post
    Yes it is, config.php has NoAccess defined in it so this
    PHP Code:
    if(!defined('NoAccess')){
            die(
    'You cannot access this file directly.');
        } 
    never happens. Remove it from config.php.
    If you do that then every time you hit the Test button it goes to port.php and says that you can't access the file directly. Even if you fill in the forms it breaks the whole script.

  • #11
    Supreme Master coder! _Aerospace_Eng_'s Avatar
    Join Date
    Dec 2004
    Location
    In a place far, far away...
    Posts
    19,291
    Thanks
    2
    Thanked 1,043 Times in 1,019 Posts
    I think you are going about this the wrong way. It is pretty clear that you want it to work if it comes from the form so try this
    PHP Code:
    <?php

        
    require_once('config.php');
        function 
    missing($msg) {
            echo 
    $msg;
            echo 
    "<a href='testPort.php'>Go Back</a>";
            exit;
        }
        if(isset(
    $_POST['ip']))
    {

        
    $ip $_POST['ip'];
        
    $port $_POST['port'];
        
        if ((
    $ip == "") or ($port == "")) {
            
    missing("You must enter a IP Address/Hostname and port...<br><br>");
        }

        
    $test = @fsockopen($ip$port$errno$errstr);
               
    $senddata      "GET / HTTP/1.0\r\n";
               
    $senddata     .= "Host: $ip\r\n";
               
    $senddata     .= "Connection: Close\r\n\r\n";
        
        if (
    $test)    {
            echo 
    "Port $port is currently open.";
        } else {
            echo 
    "Port $port is closed";
        }

        @
    fclose($test);
    }
    ?>
    Now going to it will do nothing, it will only do things if the IP address is present in the $_POST array.
    ||||If you are getting paid to do a job, don't ask for help on it!||||

  • #12
    New Coder
    Join Date
    Jan 2012
    Posts
    10
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by _Aerospace_Eng_ View Post
    I think you are going about this the wrong way. It is pretty clear that you want it to work if it comes from the form so try this
    PHP Code:
    <?php

        
    require_once('config.php');
        function 
    missing($msg) {
            echo 
    $msg;
            echo 
    "<a href='testPort.php'>Go Back</a>";
            exit;
        }
        if(isset(
    $_POST['ip']))
    {

        
    $ip $_POST['ip'];
        
    $port $_POST['port'];
        
        if ((
    $ip == "") or ($port == "")) {
            
    missing("You must enter a IP Address/Hostname and port...<br><br>");
        }

        
    $test = @fsockopen($ip$port$errno$errstr);
               
    $senddata      "GET / HTTP/1.0\r\n";
               
    $senddata     .= "Host: $ip\r\n";
               
    $senddata     .= "Connection: Close\r\n\r\n";
        
        if (
    $test)    {
            echo 
    "Port $port is currently open.";
        } else {
            echo 
    "Port $port is closed";
        }

        @
    fclose($test);
    }
    ?>
    Now going to it will do nothing, it will only do things if the IP address is present in the $_POST array.
    That sounds like a good idea I think I had the wrong idea how it's all done anyways. I believe in order to block access to a file you have to pull that file into another script. Instead of trying to make my form send the data to another page I'd have to call the script inside my testPort.php script then if someone where to access the file directly it would give them access denied but it would be allowed as long as the script is pulled in from another script. I believe I had the whole concept wrong altogether.

    Which I have no problem with that's how I wanted to do it to begin with just have the script inside the testPort.php file also and display the results under the TEST button. I was just trying something different to see how php worked but I didn't grasp till now that if you block access to a file you can't display anything from that file directly. You have to call that file inside of another php script in order to access it I get that now I might be able to write something better.


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •