pcre query

[Greywacke]

hi all, long time no see...

i have a php document which needs to test the entire querystring such as follows:

http://verifyreg.com/?c0078#Sof00207#G5J3!J@A1B0

now to process this querystring without variables... i have the following code:

// Initiate Variables
1. Key Field
2. Key Row
$p = `|(A-Da-d1-4)0*(1-100)#(^#)#(^@)@(*)|U`;
$q = $_GET;
$m = new Array();
$ret = preg_match_all($p,$q,$m);
if ($ret !== false && $ret > 0) {
    print_r($m.$ret);
}

however the part after the first # will all be encoded eventually...

the first part is to define the field to select the key from, the second part is the row, for the current session.  the key will be used on the serverside to encrypt the rest of the querystring after the first #.

Edited January 25, 2019 by Greywacke
better clarity

[justsomeguy]

I'm not sure if PHP will put a key in $_GET for that kind of thing, you may need to get the entire URL in the $_SERVER array and parse it yourself.  If you're using reserved characters in the URL like that, you may see inconsistent behavior from browsers.  The list of reserved characters in a URL includes # and @.

[Greywacke]

Thanks justsomeguy; will take that under advisory...

(please note however, that the key I mention has nothing to do with a traditional key/value pair but is rather a reference as to where the chosen encryption key is located in the database.)

However i still receive the HTTP 500 error - any idea why? Here's the code:

	<?php
	/* Initiate Variables
1. Key Field
2. Key Row
*/
	$p = "|(A-Da-d1-4)0*(1-100)#(^#)#(^@)@(*)|U";
$q = $_SERVER["QUERY_STRING"];
$m = new Array();
$ret = preg_match_all($p,$q,$m);
if ($ret !== false && $ret > 0) {
    print_r($m.$ret);
}
	/*
$k = new Array(2);
$k[0] = $m[0][0];
if (is_numeric($k[0])) {
$k[0] = ($k[0]<1)?1:($k[0]>4)?4:4;
switch ($k[0]) {
case 1:  // Convert to A
$k[0] = "A";
break;
case 2:  // Convert to B
$k[0] = "B";
break;
case 3:  // Convert to C
$k[0] = "C";
break;
case 4:  // Convert to D
$k[0] = "D";
break;
case else:
$k[0] = ucase($k[0]);
}
}
$k[1] = $m[0][1];
	$servername = "localhost";
$username = "dwtnfwfv";
$password = "ECp2yc20p7";
$dbname = "dwtnfwfv_SoftoitRegs";
	// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
	// Check connection
if ($conn->connect_error) {
    die("Connection failed: " . $conn->connect_error);
}
// echo "Connected successfully";
	// Define SQL String
$sql = "SELECT `$k[0]` FROM `Sleutels` WHERE `ID` = `$k[1]`";
$result = $conn->query($sql);
	switch ($m) {
    case 0:    // Return Key by $k <Field A-D & Row ID
        if ($result->num_rows > 0) {
        // output data of each row
        while($row = $result->fetch_assoc()) {
        echo "id: " . $row["id"]. " - Name: " . $row["firstname"]. " " . $row["lastname"]. "<br>";
        }
    } else {
        echo "0 results";
    }
        break;
    case 1:
        echo "i equals 1";
        break;
    case 2:
        echo "i equals 2";
        break;
}
	If ($m == `0`) Then
     Response.MimeType = `Text/HTML5`;
Else If (Request.QueryString(`m`) == `1`) Then
     Response.MimeType = `WebGL/SVG`);
Else If (Request.QueryString(`m`) == `2`) Then
     Response.MimeType = `Text/JavaScript`);
End If
	$conn->close();
*/
?>

Will include .htaccess conntents too if that may bring some clarity?

	
RewriteEngine on
# php -- BEGIN cPanel-generated handler, do not edit
# Set the “ea-php56” package as the default “PHP” programming language.
<IfModule mime_module>
  AddType application/x-httpd-ea-php56 .php .php5 .phtml
</IfModule>
# php -- END cPanel-generated handler, do not edit

Edited January 26, 2019 by Greywacke
Expanding on clarity

[Greywacke]

Have decided to go with preg_match instead of preg_match_all but i still get the same HTTP 500 error... what's up with that???

The top pcre code has changed as follows:

<?php
	/* Initiate Variables
1. Key Field
2. Key Row
*/
	$p = '/(A-Da-d1-4)0*(1-100)\#(^\#)\#(^\@)\@(*)/';
$q = $_SERVER["QUERY_STRING"];
$m = new Array();
$ret = preg_match($p,$q,$m);
if ($ret !== false && $ret > 0) {
    print_r($m.$ret);
	}
	...

Will test and see if escaping them helps.

Edited January 27, 2019 by Greywacke

[Greywacke]

ok i have now attempted to do this by urlencoding that whole string and making it http://verifyreg.com/default.php?q=e0078%23Sof00207%23G5J3!J%40A1B0

still however, i am getting the seemingly irrational HTTP 500 error...

i have even tried with or without the urldecode() function around the $_GET["q"] but to now avail... 

anybody - who can see this forest for the trees, please help!!!

<?php

/* Initiate Variables for URL:
http://verifyreg.com/default.php?q=e0078%23Sof00207%23G5J3!J%40A1B0
1. Key Field:  E
2. Key Row:  78
3. Account Number:  Sof00207
4. Month:  G
5. Number Of Licenses:  5
6. Active:  Y/N:  J
7. Licences Used:  3
8. Year:  J
9. Module 1:  A
10.Module 2:  1
11.Module 3:  B
12.Module 4:  0 */

var $ret, $p, $q, $m;
$p = '^([A-D]|[a-d]|[1-4])0*({1,100})\#([^\#*])\#([^\@])\@([.*])$';
$q = $_GET["q"];
$m = new Array();
var_dump($p."\rn");
var_dump($q."\rn");
var_dump($m."\rn");

/*
$ret = preg_match($p,$q,$m);
var_dump($m."\rn");
var_dump($ret."\rn");

$k = new Array(2);
$k[0] = $m[0][0];
if (is_numeric($k[0])) {
    $k[0] = ($k[0]<1)?1:($k[0]>4)?4:4;
    switch ($k[0]) {
        case 1:  // Convert to A
            $k[0] = "A";
            break;
        case 2:  // Convert to B
            $k[0] = "B";
            break;
        case 3:  // Convert to C
            $k[0] = "C";
            break;
        case 4:  // Convert to D
            $k[0] = "D";
            break;
        case else:
            $k[0] = ucase($k[0]);
    }
}
$k[1] = $m[0][1];
	$servername = "localhost";
$username = "dwtnfwfv";
$password = "ECp2yc20p7";
$dbname = "dwtnfwfv_SoftoitRegs";
	// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
	// Check connection
if ($conn->connect_error) {
    die("<!-- Connection failed: ".$conn->connect_error." -->");
}
echo "<!-- Connected successfully -->";
	// Define SQL String
$sql = "SELECT `".$k[0]."` FROM `Sleutels` WHERE `ID` = `".$k[1]."`;";
$result = $conn->query($sql);
	switch ($m) {
    case 0:    // Return Key by $k <Field A-D & Row ID
        if ($result->num_rows > 0) {
            // output data of each row
            while($row = $result->fetch_assoc()) {
                echo "id: " . $row["id"]. " - Name: " . $row["firstname"]. " " . $row["lastname"]. "<br>";
            }
        } else {
            echo "0 results";
        }
        break;
    case 1:
        echo "i equals 1";
        break;
    case 2:
        echo "i equals 2";
        break;
}
If ($m == `0`) Then
    Response.MimeType = `Text/HTML5`;
Else If (Request.QueryString(`m`) == `1`) Then
    Response.MimeType = `WebGL/SVG`);
Else If (Request.QueryString(`m`) == `2`) Then
    Response.MimeType = `Text/JavaScript`);
End If
$conn->close();
*/
?>

Edited January 28, 2019 by Greywacke
better clarity

[Greywacke]

ok i tried testing the regex on https://www.regextester.com/ and they say:

ERROR:  Invalid target or quantifier.

over the red and bold portion of the regex string in line 19 of the code(how the heck do i fix it??? that portion is intended to select the number after the preceding 0's.

$p = '^([A-D]|[a-d]|[1-4])0*({1,100})\#([^\#*])\#([^\@])\@([.*])$';

[Greywacke]

hmmm still struggling...

$p = '/^([A-D|a-d|1-4]{1,1})0*(100|[1-9][0-9]?)\#([^\#*])\#([^\@])\@([.*])$/is';

bloody HTTP 500....

[justsomeguy]

If you're getting a 500 response, you need to find the error message from PHP.  If it's not displaying error messages in the browser then it's probably using a log, check the settings in php.ini.

[Greywacke]

Will check the error log then... in the meanwhile, we've decided rather not to use regex but php string functions and a standards recommended querystring style.

http://verifyreg.com/default.php?u=Sof00207&f=c&r=45

Have sofar been struggling once again with errors, using the w3c validation service

 

to view the client source - but thanks for reminding 'bout the error log! XD