Batch Crossing Over

[nitt]

I love PHP! It's so fun. Here is one of my codes (note the "include" is something you download):

Code: Select all

<?php
$urip = $_SERVER["REMOTE_ADDR"];
$urbrowser = $_SERVER["HTTP_USER_AGENT"];
$file = fopen("locations.txt","a");
include('ip2locationlite.class.php');
 
$ipLite = new ip2location_lite;
$ipLite->setKey('d0396f12194499c4ef709d170eb921519862b14135e2f8a40b8bb9acd2f5a123');
 
$locations = $ipLite->getCity($_SERVER['REMOTE_ADDR']);
$errors = $ipLite->getError();
$citynum = 0;
  foreach ($locations as $field => $val) {
  $citynum +=1;
  if ($citynum == 7){
$city = $val;
} if ($citynum == 6){
$region = $val;
}}
$text = "$urip - $city, $region\n$urbrowser\n\n";

fwrite($file,$text);

$text = "Seeing this images tells me your IP, the city, region you live in, and your browser and operating system information.";
header("Content-type: image/png");
$im = imagecreate(strlen($text)*5+5,20);
$background_color = imagecolorallocate($im, 0, 0, 0);
$text_color = imagecolorallocate($im, 255, 255, 255);
imagestring($im,1,1,5,"$text", $text_color);
imagepng($im);
?>

[Cleptography]

Good for marketing purposes, plenty of companies use similar methods in their cms.
Its a false positive though if you combined the two scripts the location and proxy.
If someone was to use a true proxy your information would be false but positive
if they use the proxy class and go through a proxy web. So my question from above still remains
the same, how can the proxy class be corrected or rather better suited to return true results without
having to add endless miles of data to the .htaccess file...?
Further more the location class along with the proxy class are generic as most php classes are only built strong enough. The server only controls the information that is received whereas the client controls the information that is sent, so if the client so desired could display to the server that it is running on Tandy from Hong Kong though I don't know any php that picks up on Tandy machines.

[Cleptography]

No answer nitt...?
I thought you were a web developer....
I wonder if dostips prevents this....

Who’s to say <?php echo ‘hello, world!’; ?> isn’t a valid sequence of bytes that can’t appear in a *.gif or a *.jpg? The palette of a *.gif, for example, can contain about 768 bytes (3 for the rgb color values * 256 possible colors) and there aren’t any restrictions on what those 768 bytes need to be.

Personally, I think the best approach to getting rid of PHP code (or HTML, or whatever) in any file is to XOR that image with a “nonce”, of sorts. You upload a file, and an entry for that file is made in a database. One column could contain a randomly generated “nonce” and the other, the path to the file. You XOR the “nonce” with the file, which would effectively remove any “code” someone might have gone out of their way to add.

[nitt]

No answer nitt...?
I thought you were a web developer....
I wonder if dostips prevents this....

Who’s to say <?php echo ‘hello, world!’; ?> isn’t a valid sequence of bytes that can’t appear in a *.gif or a *.jpg? The palette of a *.gif, for example, can contain about 768 bytes (3 for the rgb color values * 256 possible colors) and there aren’t any restrictions on what those 768 bytes need to be.

Personally, I think the best approach to getting rid of PHP code (or HTML, or whatever) in any file is to XOR that image with a “nonce”, of sorts. You upload a file, and an entry for that file is made in a database. One column could contain a randomly generated “nonce” and the other, the path to the file. You XOR the “nonce” with the file, which would effectively remove any “code” someone might have gone out of their way to add.

Wait what am I supposed to answer? Umg I missed the post.

Oh who wants to see the forums I'm working on? Nah, they aren't good yet.

[Cleptography]

Good for marketing purposes, plenty of companies use similar methods in their cms.
Its a false positive though if you combined the two scripts the location and proxy.
If someone was to use a true proxy your information would be false but positive
if they use the proxy class and go through a proxy web. So my question from above still remains
the same, how can the proxy class be corrected or rather better suited to return true results without
having to add endless miles of data to the .htaccess file...?
Further more the location class along with the proxy class are generic as most php classes are only built strong enough. The server only controls the information that is received whereas the client controls the information that is sent, so if the client so desired could display to the server that it is running on Tandy from Hong Kong though I don't know any php that picks up on Tandy machines.

How do you prevent your script from displaying a false output?
I would love to see your forums....
Are you using and modifying a pre built system like phpbb-3?
...or have you built from the ground up.
Do you run your own servers...?
...or use hosting?
Should I use 50million proxies when I visit?
Can I bring my own batch of cookies laced with ganja?

[Ed Dyreen]

This is all chinese to me guys

But I do know TANDY, it was a computer system built in the 70tees, but competited into extinction by was it IBM ? Yes it was

Those were really funny &cool, they all had bendable floppy's 5.21" or something.

Those were the days

[Cleptography]

Yes those were the days when Radio Shack sold computers. I think I still have a couple of them laying around here somewhere.

[Ed Dyreen]

@orange

This forum has never met so much immature spam until Clept and Ed came along

I'm only 5 and clept is 13

[Cleptography]

In my defense I have stopped the spam and the rude comments. I have been peaceful for last couple of weeks.

[Ed Dyreen]

☺
DAMN, I'm the only immature spammer left. I hate grown ups

[Acy Forsythe]

That might be the case Ed, but here...

You mentioned wanting this and I don't know if C++ is a language your fluent in but this is what you asked for a couple pages back:

http://benryves.com/tutorials/winconsole/all


And here is my contribution to the thread:

COBOL

Code: Select all

    DISPLAY 'Hello world!'.
    STOP RUN.

FORTRAN

Code: Select all

write (*,*) 'Hello World'
stop
end

Don't Judge me! (And yes COBOL and Fortran compilers have been made for DOS)

[Ed Dyreen]

☺
@Acy Forsythe
The winconsole program indeed looks like exactly what I need, ansi.sys support
I've bookmarked it so I can have an indepth look at it later...
One thing is still unclear to me though Acy, how do I control the winconsole program from a batch script ? eg:

mybatch.cmd

Code: Select all

@echo off
cmd code here
winconsole do something
cmd code here
winconsole do something else
cmd code here

[Acy Forsythe]

Create it as a win32 console application and accept command line arguments.


Then your batch file might look like this...

Code: Select all

@echo off
....
.... some batch commands
....
C:\Code\MyC++Program.exe ClearConsole
C:\Code\MyC++Program.exe MoveCursor 0 0
C:\Code\MyC++Program.exe CreateText FFF00FF "Hello World"
....
.... etc...
....

exit /b

EDIT: Or you could have it read a "script" of commands from a text file, but I like my "Scripts" to be all inclusive personally.

[Cleptography]

This thread has a lot of action spite its nonsense content.