diff --git a/.gitignore b/.gitignore index 2b21a16..ea050b8 100644 --- a/.gitignore +++ b/.gitignore @@ -1,4 +1,5 @@ .vagrant ubuntu*.log *.retry -.idea \ No newline at end of file +.idea +sqlite_data \ No newline at end of file diff --git a/.shogun/Dockerfile.dojo-basic b/.shogun/Dockerfile.dojo-basic index 2b4c56f..6ba3eed 100644 --- a/.shogun/Dockerfile.dojo-basic +++ b/.shogun/Dockerfile.dojo-basic @@ -1,8 +1,13 @@ # Dockerfile.dojo-basic FROM php:7.4.27-apache-bullseye -RUN docker-php-ext-install pdo_mysql mysqli -RUN apt-get update && apt-get install -y dnsutils +RUN docker-php-ext-install pdo_mysql mysqli \ + && apt-get update \ + && apt-get install -y dnsutils + +# Set the environment variable for database type +ENV DOJO_DB_TYPE=mysql + COPY ./src/basic /var/www/html LABEL org.opencontainers.image.source=https://github.com/SamuraiWTF/samurai-dojo LABEL org.opencontainers.image.description="Basic PHP 7.4.27-apache-bullseye image with dojo-basic and mysql support." diff --git a/.shogun/Dockerfile.dojo-basic-lite b/.shogun/Dockerfile.dojo-basic-lite new file mode 100644 index 0000000..e4f884d --- /dev/null +++ b/.shogun/Dockerfile.dojo-basic-lite @@ -0,0 +1,17 @@ +# Dockerfile.dojo-basic +FROM php:7.4.27-apache-bullseye + +# Install dependencies +RUN apt-get update && apt-get install -y \ + sqlite3 \ + libsqlite3-dev \ + dnsutils \ + && rm -rf /var/lib/apt/lists/* + +# Set the environment variable for database type +ENV DOJO_DB_TYPE=sqlite + +COPY ./src/basic /var/www/html +LABEL org.opencontainers.image.source=https://github.com/SamuraiWTF/samurai-dojo +LABEL org.opencontainers.image.description="Basic PHP 7.4.27-apache-bullseye image with dojo-basic with sqlite support." +LABEL org.opencontainers.image.licenses="lgpl" \ No newline at end of file diff --git a/.shogun/docker-compose-dojo-basic-lite.yml b/.shogun/docker-compose-dojo-basic-lite.yml new file mode 100644 index 0000000..9eed115 --- /dev/null +++ b/.shogun/docker-compose-dojo-basic-lite.yml @@ -0,0 +1,12 @@ +version: '3' +services: + dojo-basic-lite: + build: + context: .. + dockerfile: .shogun/Dockerfile.dojo-basic-lite + ports: + - "8080:80" + environment: + - DOJO_DB_TYPE=sqlite + volumes: + - ./sqlite_data:/var/www/html/db \ No newline at end of file diff --git a/docker-compose.yml b/docker-compose.yml index 9b02264..daae00a 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -32,7 +32,7 @@ services: build: src ports: - "32080:80" - - "32443:80" + - "32443:443" volumes: - ./src/helpdesk:/var/www/html links: @@ -40,6 +40,19 @@ services: depends_on: - basicdb + dojo-basic-lite: + build: src + ports: + - "33080:80" + - "33443:443" + environment: + - DOJO_DB_TYPE=sqlite + extra_hosts: + - "dojo-basic:127.0.0.2" + - "dojo-basic.wtf:127.0.0.2" + volumes: + - ./sqlite_data:/var/www/html/db + - ./src/basic:/var/www/html basicdb: image: mysql:5.7 diff --git a/src/Dockerfile b/src/Dockerfile index 12380f3..e55b987 100644 --- a/src/Dockerfile +++ b/src/Dockerfile @@ -3,3 +3,5 @@ FROM php:7.4.27-apache-bullseye RUN docker-php-ext-install pdo_mysql mysqli RUN apt-get update && apt-get install -y dnsutils + +ENV DOJO_DB_TYPE=mysql \ No newline at end of file diff --git a/src/basic/add-to-your-blog.php b/src/basic/add-to-your-blog.php index a01e98b..669f8b6 100644 --- a/src/basic/add-to-your-blog.php +++ b/src/basic/add-to-your-blog.php @@ -11,16 +11,16 @@ real_escape_string($_REQUEST["input"]); +$inputfromform = db_escape_string($conn, $_REQUEST["input"]); $showonlyuser = $_REQUEST["show_only_user"]; if ($inputfromform <> "") { $query = "INSERT INTO blogs_table(blogger_name, comment, date) VALUES ('". $logged_in_user . "', '". $inputfromform . "', " . - " now() )"; + db_now() . ")"; -$result = $conn->query($query); +$result = db_query($conn, $query); } $query = "SELECT * FROM blogs_table WHERE @@ -28,11 +28,11 @@ ORDER BY date DESC LIMIT 0 , 100"; -$result = $conn->query($query) or die(mysqli_error($conn) . '

SQL Statement:' . $query);; +$result = db_query($conn, $query) or die(mysqli_error($conn) . '

SQL Statement:' . $query);; //echo $result; echo 'Entries:

'; -while($row = $result->fetch_assoc()) +while($row = db_fetch_assoc($result)) { echo "

{$row['blogger_name']}:({$row['date']})
{$row['comment']}

"; } diff --git a/src/basic/closedb.inc b/src/basic/closedb.inc index 123f7d8..cdb9351 100644 --- a/src/basic/closedb.inc +++ b/src/basic/closedb.inc @@ -1 +1,17 @@ - \ No newline at end of file +close(); + } else { + $conn->close(); + unset($conn); + } +} + +// Close the database connection +db_close($conn); +?> \ No newline at end of file diff --git a/src/basic/config.inc b/src/basic/config.inc index fdd1dd4..4e6510f 100644 --- a/src/basic/config.inc +++ b/src/basic/config.inc @@ -3,4 +3,5 @@ $dbhost = 'basicdb'; $dbuser = 'root'; $dbpass = 'samurai'; $dbname = 'samurai_dojo_basic'; +$db_type = getenv('DOJO_DB_TYPE') ?: 'mysql'; // 'mysql' or 'sqlite' ?> \ No newline at end of file diff --git a/src/basic/employee-directory.php b/src/basic/employee-directory.php index eceec86..1051eaa 100644 --- a/src/basic/employee-directory.php +++ b/src/basic/employee-directory.php @@ -13,7 +13,7 @@ function getEmployees($sortColumn = "last_name", $sortDirection = "DESC") { ORDER BY " . $sortOrder; // Execute the query - $result = $conn->query($query); + $result = db_query($conn, $query); // Check for errors without exposing the query if (!$result) { @@ -22,7 +22,7 @@ function getEmployees($sortColumn = "last_name", $sortDirection = "DESC") { } $employees = []; - while ($row = $result->fetch_assoc()) { + while ($row = db_fetch_assoc($result)) { $employees[] = $row; } return $employees; diff --git a/src/basic/header.php b/src/basic/header.php index 29ec2f1..5a26101 100644 --- a/src/basic/header.php +++ b/src/basic/header.php @@ -1,7 +1,10 @@ - "" and $password <> "") { $query = "SELECT * FROM accounts WHERE username='". $username ."' AND password='".stripslashes($password)."'"; - $result = $conn->query($query) or die(mysqli_error($conn) . '

SQL Statement:' . $query); - if ($result->num_rows > 0) { + $result = db_query($conn, $query); + if (db_num_rows($result) > 0) { // flag the cookie as secure only if it is accessed via SSL $ssl = FALSE; if (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off') { @@ -27,8 +30,9 @@ $value = md5($rndm); setcookie("sessionid", $value, 0, "/", "", $ssl, TRUE); // set uid to appropriate user - $row = $result->fetch_assoc(); - setcookie("uid", base64_encode($row['cid']), 0, "/", "", $ssl, FALSE); + $row = db_fetch_assoc($result); + setcookie("uid", base64_encode($row['cid']), 0, "/", "", $ssl, FALSE); + $failedloginflag=0; if ($_REQUEST["returnURL"] <> "") { echo ''; @@ -36,7 +40,6 @@ echo ''; } - } else { $failedloginflag=1; } @@ -60,7 +63,7 @@ } break; } - +ob_end_flush(); ?> @@ -91,11 +94,10 @@ --> query($query) or die(mysqli_error($conn) . '

SQL Statement:' . $query); - echo mysqli_error($conn); - echo mysqli_error($conn); - if ($result->num_rows > 0) { - while($row = $result->fetch_assoc()) + $result = db_query($conn, $query); + + if (db_num_rows($result) > 0) { + while($row = db_fetch_assoc($result)) { $logged_in_user = $row['username']; $logged_in_usersignature = $row['mysignature']; diff --git a/src/basic/opendb.inc b/src/basic/opendb.inc index 6956ecf..a3f8f77 100644 --- a/src/basic/opendb.inc +++ b/src/basic/opendb.inc @@ -1,3 +1,85 @@ +// opendb.inc + +function db_connect() { + global $db_type, $dbhost, $dbuser, $dbpass, $dbname; + + if ($db_type === 'mysql') { + $conn = new mysqli($dbhost, $dbuser, $dbpass, $dbname); + if ($conn->connect_error) { + die("Connection failed: " . $conn->connect_error); + } + } else { + $conn = new SQLite3('/var/www/html/db/' . $dbname . '.sqlite'); + } + + return $conn; +} + +function db_query($conn, $query) { + global $db_type; + + if ($db_type === 'mysql') { + $result = $conn->query($query); + if (!$result) { + die("Query failed: " . $conn->error . '

SQL Statement:' . $query); + } + } else { + $result = $conn->query($query); + if (!$result) { + die("Query failed: " . $conn->lastErrorMsg() . '

SQL Statement:' . $query); + } + } + + return $result; +} + +function db_now() { + global $db_type; + + if ($db_type === 'mysql') { + return "NOW()"; + } else { + return "date('now')"; + } +} + +function db_num_rows($result) { + global $db_type; + + if ($db_type === 'mysql') { + return $result->num_rows; + } else { + $count = 0; + $res = $result; + while ($res->fetchArray()) { + $count++; + } + $res->reset(); + return $count; + } +} + +function db_fetch_assoc($result) { + global $db_type; + + if ($db_type === 'mysql') { + return $result->fetch_assoc(); + } else { + return $result->fetchArray(SQLITE3_ASSOC); + } +} + +function db_escape_string($conn, $string) { + global $db_type; + + if ($db_type === 'mysql') { + return $conn->real_escape_string($string); + } else { + return SQLite3::escapeString($string); + } +} + +// Establish the database connection +$conn = db_connect(); +?> \ No newline at end of file diff --git a/src/basic/redirectandlog.php b/src/basic/redirectandlog.php index 401e22e..118e720 100644 --- a/src/basic/redirectandlog.php +++ b/src/basic/redirectandlog.php @@ -9,7 +9,7 @@ "Redirected user to: " . $forwardurl . "', ". " now() )"; //echo $query; -$result = $conn->query($query); +$result = db_query($conn, $query); echo mysqli_error($conn ); mysqli_close($conn); diff --git a/src/basic/register.php b/src/basic/register.php index b145384..98977e3 100644 --- a/src/basic/register.php +++ b/src/basic/register.php @@ -2,27 +2,95 @@ "; // Grab inputs -$username = $_REQUEST["user_name"]; -$password = $_REQUEST["password"]; -$passwordconfirm = $_REQUEST["password_confirm"]; -$mysignature = $_REQUEST["my_signature"]; +$username = isset($_REQUEST["user_name"]) ? $_REQUEST["user_name"] : ""; +$password = isset($_REQUEST["password"]) ? $_REQUEST["password"] : ""; +$passwordconfirm = isset($_REQUEST["password_confirm"]) ? $_REQUEST["password_confirm"] : ""; +$first_name = isset($_REQUEST["first_name"]) ? $_REQUEST["first_name"] : ""; +$last_name = isset($_REQUEST["last_name"]) ? $_REQUEST["last_name"] : ""; +$department = isset($_REQUEST["department"]) ? $_REQUEST["department"] : ""; +$mysignature = isset($_REQUEST["my_signature"]) ? $_REQUEST["my_signature"] : ""; if ($username =="") {?> -

Please choose the username, password and signature you wish to use:

-

User Name:

-

Password:

-

Password Confirm:

-

Signature:

-

+

Please register by entering all fields:

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ +
+ "") { if ($password == $passwordconfirm ) { - $query = "INSERT INTO accounts (username, password, mysignature) VALUES - ('" . $username ."', '" . $password . "', '" . $mysignature ."')"; - //echo $query; - $result = $conn->query($query); + $query = "INSERT INTO accounts (username, password, first_name, last_name, department, hire_date, mysignature) VALUES + ('" . db_escape_string($conn, $username) . "', + '" . db_escape_string($conn, $password) . "', + '" . db_escape_string($conn, $first_name) . "', + '" . db_escape_string($conn, $last_name) . "', + '" . $department . "', + " . db_now() . ", + '" . $mysignature . "')"; + $result = db_query($conn, $query); echo mysqli_error($conn); echo "Account Made"; } else { @@ -45,8 +113,8 @@ for more ways you can encode XSS attacks that may allow you to get around some filters.

- For SQL Injection: Mostly errors, but they reveal too much information about - the application. + For SQL Injection: Check all the fields. Some may not be vulnerable + but perhaps controls for some others were missed. '; } // End hints section diff --git a/src/basic/reset-db.php b/src/basic/reset-db.php index 77906bb..eda0b95 100644 --- a/src/basic/reset-db.php +++ b/src/basic/reset-db.php @@ -9,51 +9,72 @@ Dropping database..."); -$conn = new mysqli($dbhost, $dbuser, $dbpass) or die('Error connecting to mysql'); -$conn->query("DROP DATABASE IF EXISTS $dbname"); -echo mysqli_error($conn); +// Function to execute queries and handle errors for both MySQL and SQLite +function execute_query($conn, $query) { + if ($GLOBALS['db_type'] === 'mysql') { + $result = $conn->query($query); + echo mysqli_error($conn); + } else { + $result = $conn->exec($query); + echo $conn->lastErrorMsg(); + } + return $result; +} -echo("
Creating database..."); -$conn->query("CREATE DATABASE $dbname"); -echo mysqli_error($conn); +if ($db_type === 'mysql') { + echo("
Connecting to MySQL..."); + $conn = new mysqli($dbhost, $dbuser, $dbpass) or die('Error connecting to mysql'); + + echo("
Dropping database..."); + execute_query($conn, "DROP DATABASE IF EXISTS $dbname"); + + echo("
Creating database..."); + execute_query($conn, "CREATE DATABASE $dbname"); + + $conn->select_db($dbname); +} else { + echo("
Setting up SQLite..."); + $db_file = '/var/www/html/db/' . $dbname . '.sqlite'; + + // Delete the existing database file if it exists + if (file_exists($db_file)) { + echo("
Removing existing SQLite database..."); + unlink($db_file); + } + + echo("
Creating new SQLite database..."); + $conn = new SQLite3($db_file); +} echo("
Creating blogs table..."); -include 'opendb.inc'; $query = 'CREATE TABLE blogs_table( '. - 'cid INT NOT NULL AUTO_INCREMENT, '. + 'cid INTEGER PRIMARY KEY ' . ($db_type === 'mysql' ? 'AUTO_INCREMENT' : 'AUTOINCREMENT') . ', '. 'blogger_name TEXT, '. 'comment TEXT, '. - 'date DATETIME, '. - 'PRIMARY KEY(cid))'; -$result = $conn->query($query); -echo mysqli_error($conn ); + 'date DATETIME)'; +execute_query($conn, $query); echo("
Creating accounts table..."); $query = 'CREATE TABLE accounts( '. - 'cid INT NOT NULL AUTO_INCREMENT, '. + 'cid INTEGER PRIMARY KEY ' . ($db_type === 'mysql' ? 'AUTO_INCREMENT' : 'AUTOINCREMENT') . ', '. 'username TEXT, '. 'password TEXT, '. 'mysignature TEXT, '. 'first_name TEXT, '. 'last_name TEXT, '. 'department TEXT, '. - 'hire_date DATE, '. - 'PRIMARY KEY(cid))'; -$result = $conn->query($query); -echo mysqli_error($conn ); + 'hire_date DATE)'; +execute_query($conn, $query); echo("
Creating hitlog table..."); $query = 'CREATE TABLE hitlog( '. - 'cid INT NOT NULL AUTO_INCREMENT, '. + 'cid INTEGER PRIMARY KEY ' . ($db_type === 'mysql' ? 'AUTO_INCREMENT' : 'AUTOINCREMENT') . ', '. 'hostname TEXT, '. 'ip TEXT, '. - 'browser TEXT, '. - 'referer TEXT, '. - 'date DATETIME, '. - 'PRIMARY KEY(cid))'; -$result = $conn->query($query); -echo mysqli_error($conn ); + 'browser TEXT, '. + 'referer TEXT, '. + 'date DATETIME)'; +execute_query($conn, $query); echo("
Populating accounts table..."); $query = "INSERT INTO accounts (username, password, mysignature, first_name, last_name, department, hire_date) VALUES @@ -65,41 +86,43 @@ ('micwg', 'cim', 'Maple-flavored client-side security, eh?', 'Mic', 'Northguard', 'Engineering', '2019-11-30'), ('jasong', 'pentest', 'Extending security one suite at a time', 'Jason', 'Ideasmith', 'Engineering', '2020-09-22'), ('kevin', 'force42', 'May the security be with you, always', 'Kevin', 'Skyguard', 'Management', '2015-05-04')"; -//echo $query; -$result = $conn->query($query); -echo mysqli_error($conn ); +execute_query($conn, $query); echo("
Populating blogs table..."); -$query ="INSERT INTO `blogs_table` (`cid`, `blogger_name`, `comment`, `date`) VALUES - (1, 'adrian', 'Well, I''ve been working on this for a bit. Welcome to my crappy blog software. :)', '2009-03-01 22:26:12'), - (2, 'adrian', 'Looks like I got a lot more work to do. Fun, Fun, Fun!!!', '2009-03-01 22:26:54'), - (3, 'anonymous', 'An anonymous blog? Huh? ', '2009-03-01 22:27:11'), - (4, 'ed', 'I love me some Netcat!!!', '2009-03-01 22:27:48'), - (5, 'john', 'Listen to Pauldotcom!', '2009-03-01 22:29:04'), - (6, 'john', 'Why give users the ability to get to the unfiltered Internet? It''s just asking for trouble. ', '2009-03-01 22:29:49'), - (7, 'john', 'Chocolate is GOOD!!!', '2009-03-01 22:30:06'), - (8, 'admin', 'Fear me, for I am ROOT!', '2009-03-01 22:31:13'), - (9, 'ed', 'Hack the planet!', '2024-07-19 10:15:00'), - (10, 'justin', 'Remember: it''s not a bug, it''s an undocumented feature.', '2024-07-19 11:30:00'), - (11, 'micwg', 'Just spent 3 hours debugging. It was DNS. It''s always DNS!', '2024-07-19 14:45:00'), - (12, 'jasong', 'Did you hear about the Olympic size swimming pool on the roof?', '2024-07-19 16:20:00'), - (13, 'adrian', 'I''m not arguing, I''m just explaining why I''m right.', '2024-07-19 18:00:00'), - (14, 'john', 'There are 10 types of people in this world: those who understand binary and those who don''t.', '2024-07-19 20:30:00'), - (15, 'micwg', 'I''m not antisocial, I just like my space... 127.0.0.1 is where the heart is.', '2024-07-20 09:15:00'), - (16, 'justin', 'Keep calm and sudo on!', '2024-07-20 11:45:00'), - (17, 'ed', 'I don''t always test my code, but when I do, I do it in production.', '2024-07-20 14:00:00'), - (18, 'jasong', 'Life is short, use Python.', '2024-07-20 16:30:00'), - (19, 'kevin', 'Just found a way to bypass the firewall. Don''t tell the admin!', '2024-07-21 09:15:00'), - (20, 'kevin', 'Pro tip: \"P@ssw0rd\" is not a strong password, no matter how many times you use it.', '2024-07-21 11:30:00'), - (21, 'kevin', 'Today''s goal: Stay away from the cookie jar. And by cookie jar, I mean other people''s session cookies.', '2024-07-21 14:45:00'), - (22, 'kevin', 'Remember, kids: SQL injection is like adding hot sauce. A little goes a long way, but too much and you''ll regret it.', '2024-07-22 10:00:00'), - (23, 'kevin', 'Breaking news: I found a security flaw in our coffee machine. It''s now brewing espresso for everyone. You''re welcome.', '2024-07-22 16:45:00')"; -//echo $query; -$result = $conn->query($query); -echo mysqli_error($conn ); +$query ="INSERT INTO `blogs_table` (`blogger_name`, `comment`, `date`) VALUES + ('adrian', 'Well, I''ve been working on this for a bit. Welcome to my crappy blog software. :)', '2009-03-01 22:26:12'), + ('adrian', 'Looks like I got a lot more work to do. Fun, Fun, Fun!!!', '2009-03-01 22:26:54'), + ('anonymous', 'An anonymous blog? Huh? ', '2009-03-01 22:27:11'), + ('ed', 'I love me some Netcat!!!', '2009-03-01 22:27:48'), + ('john', 'Listen to Pauldotcom!', '2009-03-01 22:29:04'), + ('john', 'Why give users the ability to get to the unfiltered Internet? It''s just asking for trouble. ', '2009-03-01 22:29:49'), + ('john', 'Chocolate is GOOD!!!', '2009-03-01 22:30:06'), + ('admin', 'Fear me, for I am ROOT!', '2009-03-01 22:31:13'), + ('ed', 'Hack the planet!', '2024-07-19 10:15:00'), + ('justin', 'Remember: it''s not a bug, it''s an undocumented feature.', '2024-07-19 11:30:00'), + ('micwg', 'Just spent 3 hours debugging. It was DNS. It''s always DNS!', '2024-07-19 14:45:00'), + ('jasong', 'Did you hear about the Olympic size swimming pool on the roof?', '2024-07-19 16:20:00'), + ('adrian', 'I''m not arguing, I''m just explaining why I''m right.', '2024-07-19 18:00:00'), + ('john', 'There are 10 types of people in this world: those who understand binary and those who don''t.', '2024-07-19 20:30:00'), + ('micwg', 'I''m not antisocial, I just like my space... 127.0.0.1 is where the heart is.', '2024-07-20 09:15:00'), + ('justin', 'Keep calm and sudo on!', '2024-07-20 11:45:00'), + ('ed', 'I don''t always test my code, but when I do, I do it in production.', '2024-07-20 14:00:00'), + ('jasong', 'Life is short, use Python.', '2024-07-20 16:30:00'), + ('kevin', 'Just found a way to bypass the firewall. Don''t tell the admin!', '2024-07-21 09:15:00'), + ('kevin', 'Pro tip: \"P@ssw0rd\" is not a strong password, no matter how many times you use it.', '2024-07-21 11:30:00'), + ('kevin', 'Today''s goal: Stay away from the cookie jar. And by cookie jar, I mean other people''s session cookies.', '2024-07-21 14:45:00'), + ('kevin', 'Remember, kids: SQL injection is like adding hot sauce. A little goes a long way, but too much and you''ll regret it.', '2024-07-22 10:00:00'), + ('kevin', 'Breaking news: I found a security flaw in our coffee machine. It''s now brewing espresso for everyone. You''re welcome.', '2024-07-22 16:45:00')"; +execute_query($conn, $query); +if ($db_type === 'mysql') { + $conn->close(); +} else { + $conn->close(); + unset($conn); +} echo "

If you see no errors above, it should be done. Continue back to the frontpage."; ?> - + \ No newline at end of file diff --git a/src/basic/show-log.php b/src/basic/show-log.php index 7e16e35..fb0640f 100644 --- a/src/basic/show-log.php +++ b/src/basic/show-log.php @@ -2,11 +2,11 @@ query($query) or die(mysqli_error($conn) . '

SQL Statement:' . $query);; +$result = db_query($conn, $query) or die(mysqli_error($conn) . '

SQL Statement:' . $query);; //echo $result; echo ''; echo ""; -while($row = $result->fetch_assoc()) +while($row = db_fetch_assoc($result)) { echo "\n"; } diff --git a/src/basic/text-file-viewer.php b/src/basic/text-file-viewer.php index 5b297cc..d4d43c2 100644 --- a/src/basic/text-file-viewer.php +++ b/src/basic/text-file-viewer.php @@ -1,6 +1,6 @@

Hacker text files of old

-Take the time to read some of these great old school hacker text files. Just choose one form the list and submit. +TTake the time to read some of these great old school hacker text files. Just choose one form the list and submit. "; @@ -24,10 +24,40 @@ // Grab inputs $textfilename=$_REQUEST["text_file_name"]; -if ($textfilename <>"") { - $handle = fopen($textfilename, "r"); - echo stream_get_contents($handle); - fclose($handle); +if ($textfilename != "") { + // echo "Attempting to open file: $textfilename
"; + + // Check if it's a full URL or just a filename + if (strpos($textfilename, 'http://') !== 0 && strpos($textfilename, 'https://') !== 0) { + $textfilename = "http://" . $_SERVER['HTTP_HOST'] . "/readingroom/" . $textfilename; + } + + // echo "Full URL: $textfilename
"; + + // Use cURL to fetch the content + $ch = curl_init(); + curl_setopt($ch, CURLOPT_URL, $textfilename); + curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); + curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true); + curl_setopt($ch, CURLOPT_TIMEOUT, 5); // 5 seconds timeout + + $content = curl_exec($ch); + + if ($content !== false) { + echo "
" . htmlspecialchars($content) . "
"; + } else { + echo "Failed to load the file. Error: " . curl_error($ch) . "
"; + echo "Error number: " . curl_errno($ch) . "
"; + + // Additional debugging information + echo "Server IP: " . $_SERVER['SERVER_ADDR'] . "
"; + echo "Server Name: " . $_SERVER['SERVER_NAME'] . "
"; + echo "HTTP Host: " . $_SERVER['HTTP_HOST'] . "
"; + } + + curl_close($ch); +} else { + echo "No filename provided.
"; } ?> diff --git a/src/basic/user-info.php b/src/basic/user-info.php index 047a2eb..4b905cf 100644 --- a/src/basic/user-info.php +++ b/src/basic/user-info.php @@ -22,9 +22,9 @@ query($query) or die(mysqli_error($conn) . '

SQL Statement:' . $query); -if ($result->num_rows > 0) { - while($row = $result->fetch_assoc()) { ?> +$result = db_query($conn, $query) or die(mysqli_error($conn) . '

SQL Statement:' . $query); +if (db_num_rows($result) > 0) { + while($row = db_fetch_assoc($result)) { ?>
">

diff --git a/src/basic/view-someones-blog.php b/src/basic/view-someones-blog.php index 992c1fa..573d3d0 100644 --- a/src/basic/view-someones-blog.php +++ b/src/basic/view-someones-blog.php @@ -4,13 +4,13 @@ echo ""; $query = "SELECT * FROM accounts"; -$result = $conn->query($query) or die(mysqli_error($conn) . '

SQL Statement:' . $query);; +$result = db_query($conn, $query) or die(mysqli_error($conn) . '

SQL Statement:' . $query);; //echo $result; echo '

'; echo '

Show only:

HostnameIPBrowser AgentPage ViewedDate/Time
{$row['hostname']}{$row['ip']}{$row['browser']}{$row['referer']}{$row['date']}