Xammp

10/01/2012 18:40 mlejnek2#1
ok im asking what version of exammp to use for this script to get my registration working the other one i used said xammp security problems




<?php

$host = "(local)\\RappelzSQL"; // your sql instance
$user = "sa"; // username
$pw = ""; // password
$db = "Auth"; // db
$md5_key = "2011"; // your md5 key

$connect = mssql_connect($host,$user,$pw)
or die("Can't connect to the datebase.");

mssql_select_db($db,$connect)
or die("Can't select the datebase");

?>

<html>
<head>
<title>Register</title>
<center>
<h3 style="color:red">Rappelz : Register Page ( Pls insert more then 4 chars ! )</h3>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="POST">
Username : <input type="text" size="20" name="username" /><br />
Password : <input type="password" size="20" name="password" /><br /><br />
<input type="submit" value="Register now !" name="senden" />
</form>
<?php

$usr = $_POST['username'];
$pass = $_POST['password'];
$endPw = $md5_key . $pass;
$md5 = md5($endPw);

$results = mssql_query("SELECT * FROM dbo.Accounts WHERE '$usr' LIKE login_name");
$res = mssql_num_rows($results);

if(strlen($usr) > 4 && strlen($pass) > 4)
{
if($res > 0)
{
echo "Account Exists !";
}
else
{
mssql_query("INSERT INTO dbo.Accounts(login_name,password,block,withdraw_re main_time,age,auth_ok,pcbang,last_login_server_idx ,event_code,result) VALUES('$usr','$md5',0,0,18,1,1,1,0,1)");
echo "Registration Success !";
}
}
else
{
echo "Username or Password to small...";
}

?>
</center>
</head>
</html>
10/01/2012 18:46 Vagabund9#2
xampp 1.7.7
10/01/2012 19:25 mlejnek2#3
ok but i still get this error how to i fix this


Access forbidden!



--------------------------------------------------------------------------------

New XAMPP security concept:

Access to the requested directory is only available from the local network.

This setting can be configured in the file "httpd-xampp.conf".

--------------------------------------------------------------------------------



If you think this is a server error, please contact the webmaster.

Error 403

omegas.no-ip.org
10/1/2012 1:24:07 PM
Apache/2.2.17 (Win32) mod_ssl/2.2.17 OpenSSL/0.9.8o PHP/5.3.4 mod_perl/2.0.4 Perl/v5.10.1
10/01/2012 19:40 Vagabund9#4
change configurated file "httpd-xampp.conf".
10/01/2012 19:41 mlejnek2#5
were is that located i cant seem to find it in the xammp folder and what on it do i change
10/01/2012 21:47 LeoMessi1899#6
If you want , i can upload my Fully-Configured Files - Fully Working ;)
PM me if you want ;)
10/01/2012 23:15 JohnHeatz#7
Quote:
Originally Posted by mlejnek2 View Post
were is that located i cant seem to find it in the xammp folder and what on it do i change
That would depend on where did you install your XAMP; easy way on finding a file will always be just by going to the installation location and search for the file with the full name, as all the change you need to do is on that specific file.
10/01/2012 23:50 mlejnek2#8
httpd-xampp.conf found this file and what do i need to do to allow my registration page to work ? any help would be nice here is what it looks like



#
# XAMPP settings
#

<IfModule env_module>
SetEnv MIBDIRS "/xampp/php/extras/mibs"
SetEnv MYSQL_HOME "\\xampp\\mysql\\bin"
SetEnv OPENSSL_CONF "/xampp/apache/bin/openssl.cnf"
SetEnv PHP_PEAR_SYSCONF_DIR "\\xampp\\php"
SetEnv PHPRC "\\xampp\\php"
SetEnv TMP "\\xampp\\tmp"
UnsetEnv PERL5LIB
</IfModule>

#
# PHP-Module setup
#
LoadFile "/xampp/php/php5ts.dll"
LoadModule php5_module modules/php5apache2_2.dll

<IfModule php5_module>
<FilesMatch "\.php$">
SetHandler application/x-httpd-php
</FilesMatch>
<FilesMatch "\.phps$">
SetHandler application/x-httpd-php-source
</FilesMatch>

PHPINIDir "/xampp/php"
</IfModule>

#
# PHP-CGI setup
#
<IfModule !php5_module>
<FilesMatch "\.php$">
SetHandler application/x-httpd-php-cgi
</FilesMatch>
<IfModule actions_module>
Action application/x-httpd-php-cgi "/php-cgi/php-cgi.exe"
</IfModule>
</IfModule>


<IfModule mime_module>
AddType text/html .php .phps
</IfModule>

ScriptAlias /php-cgi/ "/xampp/php/"
<Directory "/xampp/php">
AllowOverride None
Options None
Order deny,allow
Deny from all
<Files "php-cgi.exe">
Allow from all
</Files>
</Directory>

<Directory "/xampp/cgi-bin">
<FilesMatch "\.php$">
SetHandler cgi-script
</FilesMatch>
<FilesMatch "\.phps$">
SetHandler None
</FilesMatch>
</Directory>

<Directory "/xampp/htdocs/xampp">
<IfModule php5_module>
<Files "status.php">
php_admin_flag safe_mode off
</Files>
</IfModule>
AllowOverride AuthConfig
</Directory>

<IfModule alias_module>
Alias /security "/xampp/security/htdocs/"
<Directory "/xampp/security/htdocs">
<IfModule php5_module>
<Files "xamppsecurity.php">
php_admin_flag safe_mode off
</Files>
</IfModule>
AllowOverride AuthConfig
</Directory>

Alias /licenses "/xampp/licenses/"
<Directory "/xampp/licenses">
Options +Indexes
<IfModule autoindex_color_module>
DirectoryIndexTextColor "#000000"
DirectoryIndexBGColor "#f8e8a0"
DirectoryIndexLinkColor "#bb3902"
DirectoryIndexVLinkColor "#bb3902"
DirectoryIndexALinkColor "#bb3902"
</IfModule>
</Directory>

Alias /phpmyadmin "/xampp/phpMyAdmin/"
<Directory "/xampp/phpMyAdmin">
AllowOverride AuthConfig
</Directory>

Alias /webalizer "/xampp/webalizer/"
<Directory "/xampp/webalizer">
<IfModule php5_module>
<Files "webalizer.php">
php_admin_flag safe_mode off
</Files>
</IfModule>
AllowOverride AuthConfig
</Directory>
</IfModule>

#
# New XAMPP security concept
#
<LocationMatch "^/(?i:(?:xampp|security|licenses|phpmyadmin|webalize r|server-status|server-info))">
Order deny,allow
Deny from all
Allow from ::1 127.0.0.0/8 \
fc00::/7 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 \
fe80::/10 169.254.0.0/16

ErrorDocument 403 /error/HTTP_XAMPP_FORBIDDEN.html.var
</LocationMatch>
10/02/2012 00:33 JohnHeatz#9
All you need to do is comment the last part of it, let me show you:

Code:
#
# New XAMPP security concept
#
<LocationMatch "^/(?i?:xampp|security|licenses|phpmyadmin|webalize r|server-status|server-info))">
Order deny,allow
[B][COLOR="Red"]#[/COLOR][/B]Deny from all
Allow from ::1 127.0.0.0/8 \
fc00::/7 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 \
fe80::/10 169.254.0.0/16

ErrorDocument 403 /error/HTTP_XAMPP_FORBIDDEN.html.var
</LocationMatch>
By commenting the "Deny" on it, this won't be an issue anymore
10/02/2012 00:52 Tekknoid#10
xampp-win32-1.8.0-VC9-installer

Safe it with standard as you see on your ("error"löl) , a good SecuritySuite like Agnitum and simply .htaccess.

Define subfolders(like"register") with extra .htaccess options, for that you can found many guides at google.

Simply if you host a webite on a another server (iam prefer that) allow only connections from this ip. and bound that with iframe!!! (i hope you have an Webserver/page on apache)^^

"order allow,deny
deny from all
allow from 127.0.0.1
allow from "xxx.xxx.xxx.xxx" <---Webserver ip there

you have to configure the MSSQL plugin as useable, on your apache config to connect for the register action. That is in the "PHP.ini"!!!! on standard install pf xamp 1.8.0 line = 1001 = extension=php_mssql.dll
found in /xampp/php/php.ini



mfg Tekk

PS: other hint: change your ports like html:80 ,
Code:
you can simply add this modifikation on every URL or IP with an :yourport
all other parts of xampp you dont need!!!

Quote:
Originally Posted by JohnHeatz View Post
All you need to do is comment the last part of it, let me show you:

Code:
#
# New XAMPP security concept
#
<LocationMatch "^/(?i?:xampp|security|licenses|phpmyadmin|webalize r|server-status|server-info))">
Order deny,allow
[B][COLOR="Red"]#[/COLOR][/B]Deny from all
Allow from ::1 127.0.0.0/8 \
fc00::/7 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 \
fe80::/10 169.254.0.0/16

ErrorDocument 403 /error/HTTP_XAMPP_FORBIDDEN.html.var
</LocationMatch>
By commenting the "Deny" on it, this won't be an issue anymore
That is no reason, only to open all for every freak^^