Jump to content
Greywacke

pcre query

Recommended Posts

hi all, long time no see... ;)

i have a php document which needs to test the entire querystring such as follows:

http://verifyreg.com/?c0078#Sof00207#G5J3!J@A1B0

now to process this querystring without variables... i have the following code:

// Initiate Variables
1. Key Field
2. Key Row
$p = `|(A-Da-d1-4)0*(1-100)#(^#)#(^@)@(*)|U`;
$q = $_GET;
$m = new Array();
$ret = preg_match_all($p,$q,$m);
if ($ret !== false && $ret > 0) {
    print_r($m.$ret);
}


however the part after the first # will all be encoded eventually...

the first part is to define the field to select the key from, the second part is the row, for the current session.  the key will be used on the serverside to encrypt the rest of the querystring after the first #.

Edited by Greywacke
better clarity

Share this post


Link to post
Share on other sites

I'm not sure if PHP will put a key in $_GET for that kind of thing, you may need to get the entire URL in the $_SERVER array and parse it yourself.  If you're using reserved characters in the URL like that, you may see inconsistent behavior from browsers.  The list of reserved characters in a URL includes # and @.

Share this post


Link to post
Share on other sites

Thanks justsomeguy; will take that under advisory...

(please note however, that the key I mention has nothing to do with a traditional key/value pair but is rather a reference as to where the chosen encryption key is located in the database.)

However i still receive the HTTP 500 error - any idea why? Here's the code:

	<?php
	/* Initiate Variables
1. Key Field
2. Key Row
*/
	$p = "|(A-Da-d1-4)0*(1-100)#(^#)#(^@)@(*)|U";
$q = $_SERVER["QUERY_STRING"];
$m = new Array();
$ret = preg_match_all($p,$q,$m);
if ($ret !== false && $ret > 0) {
    print_r($m.$ret);
}
	/*
$k = new Array(2);
$k[0] = $m[0][0];
if (is_numeric($k[0])) {
$k[0] = ($k[0]<1)?1:($k[0]>4)?4:4;
switch ($k[0]) {
case 1:  // Convert to A
$k[0] = "A";
break;
case 2:  // Convert to B
$k[0] = "B";
break;
case 3:  // Convert to C
$k[0] = "C";
break;
case 4:  // Convert to D
$k[0] = "D";
break;
case else:
$k[0] = ucase($k[0]);
}
}
$k[1] = $m[0][1];
	$servername = "localhost";
$username = "dwtnfwfv";
$password = "ECp2yc20p7";
$dbname = "dwtnfwfv_SoftoitRegs";
	// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
	// Check connection
if ($conn->connect_error) {
    die("Connection failed: " . $conn->connect_error);
}
// echo "Connected successfully";
	// Define SQL String
$sql = "SELECT `$k[0]` FROM `Sleutels` WHERE `ID` = `$k[1]`";
$result = $conn->query($sql);
	switch ($m) {
    case 0:    // Return Key by $k <Field A-D & Row ID
        if ($result->num_rows > 0) {
        // output data of each row
        while($row = $result->fetch_assoc()) {
        echo "id: " . $row["id"]. " - Name: " . $row["firstname"]. " " . $row["lastname"]. "<br>";
        }
    } else {
        echo "0 results";
    }
        break;
    case 1:
        echo "i equals 1";
        break;
    case 2:
        echo "i equals 2";
        break;
}
	If ($m == `0`) Then
     Response.MimeType = `Text/HTML5`;
Else If (Request.QueryString(`m`) == `1`) Then
     Response.MimeType = `WebGL/SVG`);
Else If (Request.QueryString(`m`) == `2`) Then
     Response.MimeType = `Text/JavaScript`);
End If
	$conn->close();
*/
?>

Will include .htaccess conntents too if that may bring some clarity?

	
RewriteEngine on
# php -- BEGIN cPanel-generated handler, do not edit
# Set the “ea-php56” package as the default “PHP” programming language.
<IfModule mime_module>
  AddType application/x-httpd-ea-php56 .php .php5 .phtml
</IfModule>
# php -- END cPanel-generated handler, do not edit
Edited by Greywacke
Expanding on clarity

Share this post


Link to post
Share on other sites

Have decided to go with preg_match instead of preg_match_all but i still get the same HTTP 500 error... what's up with that???

The top pcre code has changed as follows:

<?php
	/* Initiate Variables
1. Key Field
2. Key Row
*/
	$p = '/(A-Da-d1-4)0*(1-100)\#(^\#)\#(^\@)\@(*)/';
$q = $_SERVER["QUERY_STRING"];
$m = new Array();
$ret = preg_match($p,$q,$m);
if ($ret !== false && $ret > 0) {
    print_r($m.$ret);
	}
	...

Will test and see if escaping them helps.

Edited by Greywacke

Share this post


Link to post
Share on other sites

ok i have now attempted to do this by urlencoding that whole string and making it http://verifyreg.com/default.php?q=e0078%23Sof00207%23G5J3!J%40A1B0

still however, i am getting the seemingly irrational HTTP 500 error... -_-

i have even tried with or without the urldecode() function around the $_GET["q"] but to now avail... -_-

anybody - who can see this forest for the trees, please help!!!

<?php

/* Initiate Variables for URL:
http://verifyreg.com/default.php?q=e0078%23Sof00207%23G5J3!J%40A1B0
1. Key Field:  E
2. Key Row:  78
3. Account Number:  Sof00207
4. Month:  G
5. Number Of Licenses:  5
6. Active:  Y/N:  J
7. Licences Used:  3
8. Year:  J
9. Module 1:  A
10.Module 2:  1
11.Module 3:  B
12.Module 4:  0 */

var $ret, $p, $q, $m;
$p = '^([A-D]|[a-d]|[1-4])0*({1,100})\#([^\#*])\#([^\@])\@([.*])$';
$q = $_GET["q"];
$m = new Array();
var_dump($p."\rn");
var_dump($q."\rn");
var_dump($m."\rn");

/*
$ret = preg_match($p,$q,$m);
var_dump($m."\rn");
var_dump($ret."\rn");

$k = new Array(2);
$k[0] = $m[0][0];
if (is_numeric($k[0])) {
    $k[0] = ($k[0]<1)?1:($k[0]>4)?4:4;
    switch ($k[0]) {
        case 1:  // Convert to A
            $k[0] = "A";
            break;
        case 2:  // Convert to B
            $k[0] = "B";
            break;
        case 3:  // Convert to C
            $k[0] = "C";
            break;
        case 4:  // Convert to D
            $k[0] = "D";
            break;
        case else:
            $k[0] = ucase($k[0]);
    }
}
$k[1] = $m[0][1];
	$servername = "localhost";
$username = "dwtnfwfv";
$password = "ECp2yc20p7";
$dbname = "dwtnfwfv_SoftoitRegs";
	// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
	// Check connection
if ($conn->connect_error) {
    die("<!-- Connection failed: ".$conn->connect_error." -->");
}
echo "<!-- Connected successfully -->";
	// Define SQL String
$sql = "SELECT `".$k[0]."` FROM `Sleutels` WHERE `ID` = `".$k[1]."`;";
$result = $conn->query($sql);
	switch ($m) {
    case 0:    // Return Key by $k <Field A-D & Row ID
        if ($result->num_rows > 0) {
            // output data of each row
            while($row = $result->fetch_assoc()) {
                echo "id: " . $row["id"]. " - Name: " . $row["firstname"]. " " . $row["lastname"]. "<br>";
            }
        } else {
            echo "0 results";
        }
        break;
    case 1:
        echo "i equals 1";
        break;
    case 2:
        echo "i equals 2";
        break;
}
If ($m == `0`) Then
    Response.MimeType = `Text/HTML5`;
Else If (Request.QueryString(`m`) == `1`) Then
    Response.MimeType = `WebGL/SVG`);
Else If (Request.QueryString(`m`) == `2`) Then
    Response.MimeType = `Text/JavaScript`);
End If
$conn->close();
*/
?>
Edited by Greywacke
better clarity

Share this post


Link to post
Share on other sites

ok i tried testing the regex on https://www.regextester.com/ and they say:

ERROR:  Invalid target or quantifier.

over the red and bold portion of the regex string in line 19 of the code(how the heck do i fix it??? that portion is intended to select the number after the preceding 0's.

$p = '^([A-D]|[a-d]|[1-4])0*({1,100})\#([^\#*])\#([^\@])\@([.*])$';

Share this post


Link to post
Share on other sites

hmmm still struggling...

$p = '/^([A-D|a-d|1-4]{1,1})0*(100|[1-9][0-9]?)\#([^\#*])\#([^\@])\@([.*])$/is';

-_-

bloody HTTP 500....

Share this post


Link to post
Share on other sites

If you're getting a 500 response, you need to find the error message from PHP.  If it's not displaying error messages in the browser then it's probably using a log, check the settings in php.ini.

Share this post


Link to post
Share on other sites

Will check the error log then... in the meanwhile, we've decided rather not to use regex but php string functions and a standards recommended querystring style.

http://verifyreg.com/default.php?u=Sof00207&f=c&r=45

Have sofar been struggling once again with errors, using the w3c validation service

 

to view the client source - but thanks for reminding 'bout the error log! XD

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

×
×
  • Create New...