Greywacke Posted January 25, 2019 Share Posted January 25, 2019 (edited) hi all, long time no see... i have a php document which needs to test the entire querystring such as follows: http://verifyreg.com/?c0078#Sof00207#G5J3!J@A1B0 now to process this querystring without variables... i have the following code: // Initiate Variables 1. Key Field 2. Key Row $p = `|(A-Da-d1-4)0*(1-100)#(^#)#(^@)@(*)|U`; $q = $_GET; $m = new Array(); $ret = preg_match_all($p,$q,$m); if ($ret !== false && $ret > 0) { print_r($m.$ret); } however the part after the first # will all be encoded eventually... the first part is to define the field to select the key from, the second part is the row, for the current session. the key will be used on the serverside to encrypt the rest of the querystring after the first #. Edited January 25, 2019 by Greywacke better clarity Link to comment Share on other sites More sharing options...
justsomeguy Posted January 25, 2019 Share Posted January 25, 2019 I'm not sure if PHP will put a key in $_GET for that kind of thing, you may need to get the entire URL in the $_SERVER array and parse it yourself. If you're using reserved characters in the URL like that, you may see inconsistent behavior from browsers. The list of reserved characters in a URL includes # and @. Link to comment Share on other sites More sharing options...
Greywacke Posted January 26, 2019 Author Share Posted January 26, 2019 (edited) Thanks justsomeguy; will take that under advisory... (please note however, that the key I mention has nothing to do with a traditional key/value pair but is rather a reference as to where the chosen encryption key is located in the database.) However i still receive the HTTP 500 error - any idea why? Here's the code: <?php /* Initiate Variables 1. Key Field 2. Key Row */ $p = "|(A-Da-d1-4)0*(1-100)#(^#)#(^@)@(*)|U"; $q = $_SERVER["QUERY_STRING"]; $m = new Array(); $ret = preg_match_all($p,$q,$m); if ($ret !== false && $ret > 0) { print_r($m.$ret); } /* $k = new Array(2); $k[0] = $m[0][0]; if (is_numeric($k[0])) { $k[0] = ($k[0]<1)?1:($k[0]>4)?4:4; switch ($k[0]) { case 1: // Convert to A $k[0] = "A"; break; case 2: // Convert to B $k[0] = "B"; break; case 3: // Convert to C $k[0] = "C"; break; case 4: // Convert to D $k[0] = "D"; break; case else: $k[0] = ucase($k[0]); } } $k[1] = $m[0][1]; $servername = "localhost"; $username = "dwtnfwfv"; $password = "ECp2yc20p7"; $dbname = "dwtnfwfv_SoftoitRegs"; // Create connection $conn = new mysqli($servername, $username, $password, $dbname); // Check connection if ($conn->connect_error) { die("Connection failed: " . $conn->connect_error); } // echo "Connected successfully"; // Define SQL String $sql = "SELECT `$k[0]` FROM `Sleutels` WHERE `ID` = `$k[1]`"; $result = $conn->query($sql); switch ($m) { case 0: // Return Key by $k <Field A-D & Row ID if ($result->num_rows > 0) { // output data of each row while($row = $result->fetch_assoc()) { echo "id: " . $row["id"]. " - Name: " . $row["firstname"]. " " . $row["lastname"]. "<br>"; } } else { echo "0 results"; } break; case 1: echo "i equals 1"; break; case 2: echo "i equals 2"; break; } If ($m == `0`) Then Response.MimeType = `Text/HTML5`; Else If (Request.QueryString(`m`) == `1`) Then Response.MimeType = `WebGL/SVG`); Else If (Request.QueryString(`m`) == `2`) Then Response.MimeType = `Text/JavaScript`); End If $conn->close(); */ ?> Will include .htaccess conntents too if that may bring some clarity? RewriteEngine on # php -- BEGIN cPanel-generated handler, do not edit # Set the “ea-php56” package as the default “PHP” programming language. <IfModule mime_module> AddType application/x-httpd-ea-php56 .php .php5 .phtml </IfModule> # php -- END cPanel-generated handler, do not edit Edited January 26, 2019 by Greywacke Expanding on clarity Link to comment Share on other sites More sharing options...
Greywacke Posted January 27, 2019 Author Share Posted January 27, 2019 (edited) Have decided to go with preg_match instead of preg_match_all but i still get the same HTTP 500 error... what's up with that??? The top pcre code has changed as follows: <?php /* Initiate Variables 1. Key Field 2. Key Row */ $p = '/(A-Da-d1-4)0*(1-100)\#(^\#)\#(^\@)\@(*)/'; $q = $_SERVER["QUERY_STRING"]; $m = new Array(); $ret = preg_match($p,$q,$m); if ($ret !== false && $ret > 0) { print_r($m.$ret); } ... Will test and see if escaping them helps. Edited January 27, 2019 by Greywacke Link to comment Share on other sites More sharing options...
Greywacke Posted January 28, 2019 Author Share Posted January 28, 2019 (edited) ok i have now attempted to do this by urlencoding that whole string and making it http://verifyreg.com/default.php?q=e0078%23Sof00207%23G5J3!J%40A1B0 still however, i am getting the seemingly irrational HTTP 500 error... i have even tried with or without the urldecode() function around the $_GET["q"] but to now avail... anybody - who can see this forest for the trees, please help!!! <?php /* Initiate Variables for URL: http://verifyreg.com/default.php?q=e0078%23Sof00207%23G5J3!J%40A1B0 1. Key Field: E 2. Key Row: 78 3. Account Number: Sof00207 4. Month: G 5. Number Of Licenses: 5 6. Active: Y/N: J 7. Licences Used: 3 8. Year: J 9. Module 1: A 10.Module 2: 1 11.Module 3: B 12.Module 4: 0 */ var $ret, $p, $q, $m; $p = '^([A-D]|[a-d]|[1-4])0*({1,100})\#([^\#*])\#([^\@])\@([.*])$'; $q = $_GET["q"]; $m = new Array(); var_dump($p."\rn"); var_dump($q."\rn"); var_dump($m."\rn"); /* $ret = preg_match($p,$q,$m); var_dump($m."\rn"); var_dump($ret."\rn"); $k = new Array(2); $k[0] = $m[0][0]; if (is_numeric($k[0])) { $k[0] = ($k[0]<1)?1:($k[0]>4)?4:4; switch ($k[0]) { case 1: // Convert to A $k[0] = "A"; break; case 2: // Convert to B $k[0] = "B"; break; case 3: // Convert to C $k[0] = "C"; break; case 4: // Convert to D $k[0] = "D"; break; case else: $k[0] = ucase($k[0]); } } $k[1] = $m[0][1]; $servername = "localhost"; $username = "dwtnfwfv"; $password = "ECp2yc20p7"; $dbname = "dwtnfwfv_SoftoitRegs"; // Create connection $conn = new mysqli($servername, $username, $password, $dbname); // Check connection if ($conn->connect_error) { die("<!-- Connection failed: ".$conn->connect_error." -->"); } echo "<!-- Connected successfully -->"; // Define SQL String $sql = "SELECT `".$k[0]."` FROM `Sleutels` WHERE `ID` = `".$k[1]."`;"; $result = $conn->query($sql); switch ($m) { case 0: // Return Key by $k <Field A-D & Row ID if ($result->num_rows > 0) { // output data of each row while($row = $result->fetch_assoc()) { echo "id: " . $row["id"]. " - Name: " . $row["firstname"]. " " . $row["lastname"]. "<br>"; } } else { echo "0 results"; } break; case 1: echo "i equals 1"; break; case 2: echo "i equals 2"; break; } If ($m == `0`) Then Response.MimeType = `Text/HTML5`; Else If (Request.QueryString(`m`) == `1`) Then Response.MimeType = `WebGL/SVG`); Else If (Request.QueryString(`m`) == `2`) Then Response.MimeType = `Text/JavaScript`); End If $conn->close(); */ ?> Edited January 28, 2019 by Greywacke better clarity Link to comment Share on other sites More sharing options...
Greywacke Posted January 28, 2019 Author Share Posted January 28, 2019 ok i tried testing the regex on https://www.regextester.com/ and they say: ERROR: Invalid target or quantifier. over the red and bold portion of the regex string in line 19 of the code(how the heck do i fix it??? that portion is intended to select the number after the preceding 0's. $p = '^([A-D]|[a-d]|[1-4])0*({1,100})\#([^\#*])\#([^\@])\@([.*])$'; Link to comment Share on other sites More sharing options...
Greywacke Posted January 28, 2019 Author Share Posted January 28, 2019 hmmm still struggling... $p = '/^([A-D|a-d|1-4]{1,1})0*(100|[1-9][0-9]?)\#([^\#*])\#([^\@])\@([.*])$/is'; bloody HTTP 500.... Link to comment Share on other sites More sharing options...
justsomeguy Posted January 28, 2019 Share Posted January 28, 2019 If you're getting a 500 response, you need to find the error message from PHP. If it's not displaying error messages in the browser then it's probably using a log, check the settings in php.ini. Link to comment Share on other sites More sharing options...
Greywacke Posted January 30, 2019 Author Share Posted January 30, 2019 Will check the error log then... in the meanwhile, we've decided rather not to use regex but php string functions and a standards recommended querystring style. http://verifyreg.com/default.php?u=Sof00207&f=c&r=45 Have sofar been struggling once again with errors, using the w3c validation service to view the client source - but thanks for reminding 'bout the error log! XD Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now