the following script kindly provided by Mark L causes warnings to occur as the ini file on my hosts server has allow_call time pass reference set to off.
He insists that he sees evidence that there are no security implications by setting this ini value to on before he does so.
Ive trawled high and low and cant find any docs that indicate a security issue, in fact the only issues i can find relating to this are of a performance nature.
consequently id be grateful if someone could help modify this script to be allow_call_time_pass_refernce friendly or oint me in a direction which would satisfy my host.
the script
<form method="POST" action= "<?PHP echo($PHP_SELF); ?>">
Find an available domain name from Network Solutions:
<P>
<INPUT name="domain" SIZE="30" MAXLENGTH="30">
<P>
<INPUT TYPE="SUBMIT" VALUE="Check name">
<INPUT TYPE="RESET" VALUE="Clear">
</P>
</FORM>
<hr>
<?
//error_reporting (7); tried this didnt work 🙁
function whois($domain, $server="www.whois.co.uk")
{
$exts=array(".co.uk", ".org.uk", ".ltd.uk", ".plc.uk", ".net.uk", ".net", ".biz". ".info", ".com", ".org");
for ( $loop=0; $loop<count($exts); $loop++ )
{
$fp=fsockopen ($server, 80, &$errnr, &$errstr) or die("$errno: $errstr");
$getstr="GET http://www.whois.co.uk/cgi-bin/whois.pl?query=".$domain."&D1=".$exts[$loop]."&Go.x=7&Go.y=7 HTTP/1.0 \n\n";
fputs($fp, $getstr);
$ext=".non";
while (!feof($fp))
{
$linein=strtoupper(fgets($fp, 2048));
if ( strstr($linein, strtoupper($domain)) )
{
$bits=explode("-", $linein);
$bobs=explode(".", $bits[1]);
if ( strncmp(strtoupper($bobs[2]), "UK", 2) == 0 )
{
$ext=$bobs[1];
$ext.=".".substr($bobs[2], 0, 2);
}
else
{
$odds=explode(" ", $bobs[1]);
$ext=$odds[0];
}
}
if ( strstr($linein, "DOMAIN.AVAILABLE.GIF") )
{
echo "<B>".$domain.".".strtolower($ext)."</B> is available - ";
echo "<A href=\"application.php?domain=".$domain.".".strtolower($ext)."\">Click here</A> to register it.<P>";
}
}
fclose($fp);
}
return(1);
}
if ( isset($domain) )
{
$bits=explode(".", $domain);
$domain=$bits[0];
whois($domain);
}
?>
tia rob
