FRIHOSTFORUMSFAQTOSBLOGSDIRECTORY
You are invited to Log in or Register a Frihost Account!

SOS Guys I realy need ur help!

   Frihost Forum Index -> Scripting -> Php and MySQL
 


Aalia
So, I have this site, wich I need to modify - www.west-prom.com.ua
The files in it are .inc I don't know how tomodify them at all...Can somebody help me with it? Crying or Very sad Rolling Eyes
Stubru Freak
Aalia wrote:
So, I have this site, wich I need to modify - www.west-prom.com.ua
The files in it are .inc I don't know how tomodify them at all...Can somebody help me with it? Crying or Very sad Rolling Eyes


If you use windows, open it in Notepad. The files probably contain a server side scripting language, but I don't know what one. If you're lucky just php
Aalia
There file's like this mainpage.inc consist of this -

Code:
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
 <? include "./".$GLOBALS["version_name"]."/_data/meta.inc"; ?>
 <title><? echo str4title($activePage["fullTitle"]); ?></title>
<?
echo '<style>'; include "./css/main.css"; echo '</style>';
echo '<script>'; include "./js/main.js"; echo '</script>';
?>
 <link rel="shortcut icon" href="/favicon.ico">
</head>
<?
$total = 760;
$w[0] = 12;
$w[1] = 27; $wp[1] = ceil($total*$w[1]/100);
$w[2] = 73; $wp[2] = ceil($total*$w[2]/100);
$src4preloading[] = "/i/i_main_o.gif";
$src4preloading[] = "/i/i_sitemap_o.gif";
$src4preloading[] = "/i/i_feedback_o.gif";
?>
<body bgcolor="#E3E4E5" text="#585858" link="#0073AE" alink="#0073AE" vlink="#0073AE" onload="init()">
<table cellspacing="0" cellpadding="0" border="0" width="100%" style="background:#E2E3E4 url(/i/h_bg_c.gif) repeat-x top">
<tr valign="top">
 <td>
 <table cellspacing="0" cellpadding="0" border="0" width="100%">
 <tr valign="top">
 <td width="<?=$w[0]?>" style="background:#EBEBEC url(/i/h_bg_l.gif) repeat-x top;border-top:4px solid #4D4D4D"><div style="width:<?=$w[0]?>px;height:54px"><spacer width="<?=$w[0]?>" height="54"></div></td>
 <td style="padding:19px 0 0 25px;border-top:4px solid #000">
 <table cellspacing="0" cellpadding="0" border="0" width="100" id="icons">
 <tr>
 <td width="33%"><? icmp("main", "", $lang["common"]["mainpage"]); ?></td>
 <td width="33%" align="center"><? icmp("sitemap", "sitemap/", $lang["common"]["sitemap"]); ?></td>
 <td width="33%" align="right"><? icmp ("feedback", "contact/feedback/", $lang["contact"]["feedback"]); ?></td>
 </tr>
 </table>
 </td>
 </tr>
 </table>
 </td>
 <td>
 <? require "./_design/menu_1.inc"; ?>
 </td>
</tr>
<tr>
 <td width="<?=$w[1]?>%" bgcolor="#FFFFFF">
 <table cellspacing="0" cellpadding="0" border="0">
 <tr>
 <td bgcolor="#4D4D4D"><div style="width:<?=$w[0]?>px;height:1px"><spacer width="<?=$w[0]?>" height="1"></div></td>
 <td><div style="width:<?=($wp[1]-$w[0])?>px;height:1px"><spacer width="<?=($wp[1]-$w[0])?>" height="1"></div></td>
 </tr>
 </table>
 </td>
 <td width="<?=$w[2]?>%" bgcolor="#4D4D4D"><div style="width:<?=$wp[2]?>px;height:1px"><spacer width="<?=$wp[2]?>" height="1"></div></td>
</tr>
</table>
<table cellspacing="0" cellpadding="0" border="0" width="100%" bgcolor="#FFFFFF">
<tr valign="top">
 <td align="center" style="background:url(/i/logo_bg.gif) repeat-x top;border-bottom:1px solid #E5E5E5">
 <table cellspacing="0" cellpadding="0" border="0" width="100%">
 <tr align="center">
 <td width="<?=$w[0]?>" style="background:#143B6A url(/i/main/bg_l.jpg) repeat-x top"><div style="width:<?=$w[0]?>px;height:198px"><spacer width="<?=$w[0]?>" height="198"></div></td>
 <td width="100%">
 <div style="padding:33px 25px 33px 25px"><? icmp("main", "", $lang["title"], 'west-prom.gif', 'west-prom.gif', 'width="140" height="90"'); ?></div>
 </td>
 </tr>
 </table>
 </td>
 <td bgcolor="#000000" style="background:#143B6A url(/i/main/bg_r.jpg) repeat-x top">
 <table cellspacing="0" cellpadding="0" border="0" width="100%" style="background:url(/i/main/bg_main.jpg) no-repeat top right">
 <tr>
 <td><div style="width:1px;height:198px"><spacer width="1" height="198"></div></td>
 <td width="100%" style="padding-left:30px;font-size:22px;color:#FFF">
 Трубы и&nbsp;металлопрокат<br>в&nbsp;ассортименте
 </td>
 </tr>
 </table>
 </td>
</tr>
<tr bgcolor="#FFFFFF">
 <td width="<?=$w[1]?>%">
 <table cellspacing="0" cellpadding="0" border="0">
 <tr>
 <td bgcolor="#E2E3E4"><div style="width:<?=$w[0]?>px;height:1px"><spacer width="<?=$w[0]?>" height="1"></div></td>
 <td><div style="width:<?=($wp[1]-$w[0])?>px;height:1px"><spacer width="<?=($wp[1]-$w[0])?>" height="1"></div></td>
 </tr>
 </table>
 </td>
 <td width="<?=$w[2]?>%"><div style="width:<?=$wp[2]?>px;height:1px"><spacer width="<?=$wp[2]?>" height="1"></div></td>
</tr>
</table>
<table cellspacing="0" cellpadding="0" border="0" width="100%" bgcolor="#FFFFFF" style="border-left:<?=$w[0]?>px solid #F4F4F5">
<tr valign="top">
 <td width="100%" style="padding:30px 0 20px 0">
 <table cellspacing="0" cellpadding="0" border="0" width="100%">
 <tr valign="top">
 <td width="50%" style="padding:0 20px 0 50px">
<?
echo '<div style="font-size:14px;color:#000"><b>'.$lang["main"]["news"]."</b></div><br>";
if ($c->select("SELECT news_title, news_id, news_date FROM news WHERE news_version_id = '".$GLOBALS["version_id"]."' AND news_is_active = 1 AND news_is_onmain >= 0 ORDER BY news_is_onmain DESC, news_date DESC, news_id DESC LIMIT 0, ".$commonData["news"]["announceOnMain"]."") )
{
 echo '
 <table cellspacing="0" cellpadding="0" border="0" width="100%">
 ';
 for ( $news = array() ; $row = $c->fetch_assoc() ; )
 {
 $news[] = $row;
 }
 $c->free_result();
 function cmp($a, $b)
 {
 $result = 0;
 if ( 0 == ($result = strcmp($b["news_date"], $a["news_date"])) )
 {
 $result = strcmp($b["news_id"], $a["news_id"]);
 }
 return $result;
 }
 usort($news, "cmp");
 for ($i = 0; list(, $row)=each($news); $i++)
 {
 echo '
 <tr valign="top">
 <td class="n-d">'.date("d.m.Y", strtotime($row["news_date"])).'</td>
 <td class="n-b"><div><spacer width="5" height="5"></div></td>
 <td class="n-t"><a href="/'.$activePage["langURLPrefix"].$commonData["news"]["path"].'/'.date(str_replace("id", $row["news_id"], $commonData["news"]["urlFormat"]), strtotime($row["news_date"])).'/">'.addDotAtTheEnd($row["news_title"]).'</a></td>
 </tr>
 ';
 } unset($news);
 echo '
 <tr valign="top">
 <td colspan="3" style="padding-bottom:10px"><div style="width:180px;height:1px;background-color:#E3E4E5"><spacer width="180" height="1"></div></td>
 </tr>
 <tr valign="top">
 <td align="right"><a href="/'.$activePage["langURLPrefix"].$commonData["news"]["path"].'/subscribe/"><img src="/i/main/subcribe.gif" width="38" height="20" alt="'.$lang["main"]["subscribe"].'"></a></td>
 <td class="n-b"><div><spacer width="5" height="5"></div></td>
 <td><a href="/'.$activePage["langURLPrefix"].$commonData["news"]["path"].'/subscribe/">'.$lang["main"]["subscribe"].'</a></td>
 </tr>
 </table>
 ';
}
else
{
 echo "<br>", $lang["main"]["nonews"];
}
?>
 </td>
 <td width="25%" align="center" style="border-left:1px solid #E3E4E5;padding:15px 20px 20px 20px">
 <a href="/<?=$activePage["langURLPrefix"]?>products/"><img src="/i/folder.jpg" width="100" height="123" alt="<?=str4alt($lang["main"]["products"])?>"></a>
 <div style="padding:5px 0 0 0"><a href="/<?=$activePage["langURLPrefix"]?>products/" style="font-size:11px"><?=$lang["main"]["products"]?></a></div>
 </td>
 <td width="25%" align="center" style="border-left:1px solid #E3E4E5;padding:15px 20px 20px 25px">
 <a href="/<?=$activePage["langURLPrefix"]?>directory/"><img src="/i/book.jpg" width="140" height="110" alt="<?=str4alt($lang["main"]["directory"])?>" vspace="6"></a>
 <div style="padding:5px 0 0 0"><a href="/<?=$activePage["langURLPrefix"]?>directory/" style="font-size:11px"><?=$lang["main"]["directory"]?></a></div>
 </td>
 </tr>
 </table>
 </td>
</tr>
</table>
<table cellspacing="0" cellpadding="0" border="0" width="100%" bgcolor="#F4F4F5" style="border-left:<?=$w[0]?>px solid #143B6A">
<tr valign="top">
 <td width="50%" style="padding:25px 20px 0 50px">
 <div style="font-size:14px;color:#000"><b>Прайс-листы</b></div>
<?
$filesize = array();
if ($handle = opendir('./download')) {
 while (false !== ($file = readdir($handle)))
 {
 if ($file != "." && $file != "..")
 {
 preg_match("/\](.*)\./", $file, $matches);
 $filesize[$matches[1]] = sprintf("%.0f", filesize('./download/'.$file)/1024);
 }
 }
 closedir($handle);
}
echo '
 <table cellspacing="0" cellpadding="3" border="0" style="margin:10px 0 20px 0">
 <tr valign="top">
 <td style="padding:8px 5px 0 0"><div style="width:3px;height:3px;background-color:#A1A6AF"><spacer width="3" height="3"></div></td>
 <td style="font-size:11px"><a href="/'.$activePage["langURLPrefix"].'products/price-special/">Сортовой прокат</a> <nobr><a href="/'.$activePage["langURLPrefix"].'products/price-special/" style="color:#A1A6AF;text-decoration:none">ZIP ('.$filesize["special"].' Кб)</span></a></nobr></td>
 </tr>
 <tr valign="top">
 <td style="padding:8px 5px 0 0"><div style="width:3px;height:3px;background-color:#A1A6AF"><spacer width="3" height="3"></div></td>
 <td style="font-size:11px"><a href="/'.$activePage["langURLPrefix"].'products/price-pipe/">Трубы</a> <nobr><a href="/'.$activePage["langURLPrefix"].'products/price-pipe/" style="color:#A1A6AF;text-decoration:none">ZIP ('.$filesize["pipe"].' Кб)</span></a></nobr></td>
 </tr>
 <tr valign="top">
 <td style="padding:8px 5px 0 0"><div style="width:3px;height:3px;background-color:#A1A6AF"><spacer width="3" height="3"></div></td>
 <td style="font-size:11px"><a href="/'.$activePage["langURLPrefix"].'products/price-full/">Вся продукция</a> <nobr><a href="/'.$activePage["langURLPrefix"].'products/price-full/" style="color:#A1A6AF;text-decoration:none">ZIP ('.$filesize["full"].' Кб)</span></nobr></td>
 </tr>
 </table>
';
?>
 </td>
 <td width="50%" style="padding:25px 20px 20px 0">
<?
if ( is_array($_SESSION["u"]) && isset($_SESSION["u"]["id"]) )
{
 echo '
 <div style="font-size:14px;color:#000"><b>'.$lang["partnership"]["4partners"].'</b></div>
 <table cellspacing="0" cellpadding="3" border="0" style="margin:10px 0 20px 0">
 <tr valign="top">
 <td style="padding:8px 5px 0 0"><div style="width:3px;height:3px;background-color:#A1A6AF"><spacer width="3" height="3"></div></td>
 <td style="font-size:11px"><a href="/'.$activePage["langURLPrefix"].'partnership/profile/">'.$lang["partnership"]["profile"].'</a></td>
 </tr>
 <tr valign="top">
 <td style="padding:8px 5px 0 0"><div style="width:3px;height:3px;background-color:#A1A6AF"><spacer width="3" height="3"></div></td>
 <td style="font-size:11px"><a href="/'.$activePage["langURLPrefix"].'partnership/exit/">'.$lang["partnership"]["exit"].'</a></td>
 </tr>
 </table>
 ';
}
else
{
 echo '
 <div style="font-size:14px;color:#000;padding:0 0 10px 0"><b>'.$lang["partnership"]["4сlients"].'</b></div>
 <script>
 function f(form)
 {
 if (form.login.value == "" && form.password.value == "")
 {
 return false;
 }
 return true;
 }
 </script>
 <form method="post" action="/'.$activePage["langURLPrefix"].'partnership/" onsubmit="return f(this)" name="authorization">
 <table cellspacing="0" cellpadding="0" border="0">
 <tr valign="top">
 <td style="padding:4px 5px 0 0;font-size:11px;color:#666">'.$lang["partnership"]["login"].'&nbsp;</td>
 <td><input type="text" name="login" value="" style="width:80px;font-size:11px"></td>
 <td style="padding:4px 0 0 15px;font-size:11px;color:#666">'.$lang["partnership"]["password"].'&nbsp;</td>
 <td><input type="password" name="password" value="" style="width:80px;font-size:11px"></td>
 <td style="padding:0 0 0 5px"><input type="submit" value="'.$lang["partnership"]["enter"].'" class="s" style="font-size:11px"></td>
 </tr>
 </table>
 </form>
 <table cellspacing="0" cellpadding="0" border="0" style="margin-top:10px">
 <tr valign="top">
 <td><img src="/i/form/key.gif" width="58" height="35" alt=""></td>
 <td style="padding-left:10px;font-size:11px;line-height:150%">
 <a href="/'.$activePage["langURLPrefix"].'partnership/register/">'.$lang["partnership"]["register"].'</a><br>
 <a href="/'.$activePage["langURLPrefix"].'partnership/forgetpassword/">'.$lang["partnership"]["forget"].'</a>
 </td>
 </tr>
 </table>
 ';
}
?>
 </td>
</tr>
</table>
<table cellspacing="0" cellpadding="0" border="0" width="100%" style="background:#E3E4E5 url(/i/f_bg.gif) repeat-x top">
<tr valign="top">
 <td width="<?=$w[0]?>"><div style="width:<?=$w[0]?>px;height:1px"><spacer width="<?=$w[0]?>" height="1"></div></td>
 <td style="padding:17px 0 0 15px;color:#989899;font-size:11px">
 &copy;&nbsp;<nobr><? echo (date("Y")==$commonData["common"]["year"])?$commonData["common"]["year"]:$commonData["common"]["year"].'&ndash;'.date("Y");?></nobr>
 <br><?=$lang["title"]?>
 </td>
 <td>
 <table cellspacing="0" cellpadding="0" border="0">
 <tr valign="top">
 <td style="padding:21px 0 15px 0"><a href="http://www.reactor.com.ua" rel="nofollow" target="_blank"><img src="/i/reactor.gif" width="67" height="22" alt="<?=str4alt(substr($lang["common"]["designed_by"], 0, strpos($lang["common"]["designed_by"], '<br>')))?>"></a></td>
 <td width="100%" style="padding:17px 0 0 15px;font-size:11px;color:#989899"><? echo $lang["common"]["designed_by"]; ?></td>
 </tr>
 </table>
 </td>
</tr>
<tr>
 <td width="<?=$w[0]?>"><div style="width:<?=$w[0]?>px;height:1px"><spacer width="<?=$w[0]?>" height="1"></div></td>
 <td width="<?=$w[1]?>%"><div style="width:<?=$wp[1]?>px;height:1px"><spacer width="<?=$wp[1]?>" height="1"></div></td>
 <td width="<?=$w[2]?>%"><div style="width:<?=$wp[2]?>px;height:1px"><spacer width="<?=$wp[2]?>" height="1"></div></td>
</tr>
</table>
<?
require "./_data/counter.inc";
if (count($src4preloading))
{
 echo '
<script>
img_1 = new Array();
';
 foreach ($src4preloading as $key => $value)
 {
 echo ' img_1['.$key.']="'.$value.'";
';
 }
 echo '
img = new Array();
for (i = 0; i < img_1.length; i++)
{
 img[i] = new Image();
 img[i].src = img_1[i];
}
</script>
 ';
}
?>
</body>
</html>
Stubru Freak
That's just html and something that seems php.
ccarter24
Stubru Freak wrote:
That's just html and something that seems php.


I agree. Certain function in there are from the PHP manual. Also, the syntax looks to be PHP too. The .inc files will also likely be in PHP, since including a file in php usually will be in PHP or html.
AftershockVibe
That's definitely PHP alongside HTML.

I can only assume the author used the extension .inc to denote that they are include()-ed files.

However, realise that if someone knows the name of this file they will be able to see all the PHP code within it as your host probably isn't setup to parse .inc files as PHP and will probably just display them as text. Certainly don't keep any passwords in there!
omeration
its php

use any php editor you have to work with it


I have noticed an increase use in common.inc or global.inc files. This is a good common practice although it could lead to be a major security issues.

I first noticed this problem while browsing Microsoft's site. (even though it is in asp - it works the same for php) Anyways, a server error had occurred and told me what line it occurred on and revealed some of the text where the error occurred near. This text happened to be a common.inc file revealing some critical information. If you take this file and append to your url - it reveals the source code.

An Include(.inc) file isn't parsed by the server correctly unless configured by your administrator. This isn't the case normally so the server will just try it like a .txt file.

There are a few different solutions to this security issue. You can configure your server to avoid this.(difficult solution and not possible for everyone) You can write a custom .htaccess file. Or the best solution is to use a common.htm file. As long as you have your open/close(<? ?>) tags the server won't reveal the source code. It works just the same!
Stubru Freak
Best thing to do is just to put them in a /includes directory and completely disable access to that directory by http by placing the following code inside your .htaccess:

Code:
<Limit GET POST>
    order deny,allow
    deny from ALL
</Limit>
Reply to topic    Frihost Forum Index -> Scripting -> Php and MySQL

FRIHOST HOME | FAQ | TOS | ABOUT US | CONTACT US | SITE MAP
© 2005-2007 Frihost, forums powered by phpBB.