Posts by cereal

Hi,

drop the table and retry. If it does not work check the status:

show engine innodb status\G

And verify if there are errors, you could also perform check table infracom_admin but this can stop the server, read the documentation before you try. Your issue can happen if you move the data files from a server to another. Refer to:

• https://dev.mysql.com/doc/refman/5.6/en/innodb-migration.html
• https://dev.mysql.com/doc/refman/5.6/en/check-table.html
• https://dev.mysql.com/doc/refman/5.6/en/innodb-monitors.html
• http://www.mysqlperformanceblog.com/2006/07/17/show-innodb-status-walk-through/

Regarding the queries use prepared statements, so consider to switch from the MySQL API to PDO or MySQLi:

• http://php.net/pdo.prepared-statements
• http://php.net/manual/en/mysqli.quickstart.prepared-statements.php

About the APIs:

• https://php.net/manual/en/mysqlinfo.api.choosing.php

Then change username and password of your database, since these were hardcoded in the source, the attacker probably tried to read them. Change them because from a MySQL shell it is possible to write or read files in the remote server and this means access without limits to the server. And if he can connect to the database from remote, then he can alter the contents whenever he wants.

A part that, filter and sanitize everything you receive from the client, never trust POST, GET, COOKIEs, and headers. For example, if from $_GET['page'] you expect an integer, then be sure you get that type of data, use at least intval, so instead of:

$page_cur = (isset($_GET['page'])) ? $_GET['page'] : 1;

Use:

if(isset($_GET['page']))
{
    $page_cur = intval($_GET['page']);
    if($page_cur == 0) $page_cur = 1;
}

More about security:

• https://www.owasp.org/index.php/PHP_Security_Cheat_Sheet
• http://www.php.net/manual/en/security.php
• http://www.php.net/manual/en/book.filter.php

Bye! :)

Hi, show your query, the table structure and the output of explain over the query. Otherwise it is difficult to give correct suggestions.

Ok, now I see: the page is not complete. If you check the headers you will see that the server returns status code 500:

HTTP/1.1 500 Internal Server Error
Connection: close
Content-Type: text/html
Date: Tue, 11 Mar 2014 17:16:39 GMT
Server: Apache
Transfer-Encoding: chunked
X-Powered-By: PleskLin

You should check the Apache error log, and also the PHP error log. You could also enable the error reporting by adding:

error_reporting(E_ALL);

to the top of page, by reloading the page you should see eventual errors in the script.

If my code works perfectly before. then is the problem is the php compiler on my webhosting sites? or any chenges from the new PHP version? what do you think. this code also run perfectly on my localhost.

Yes, it could be a problem with the hosting configuration if, for example, your version of PHP loads a module that is missing in the hosting version.

Sorry I missed your reply. So, the rewrite is ignored because it is conflicting with the previouses rules.

You can try to move them to the top of the block of rules, and it should work fine:

############################################
## enable rewrites
    Options +FollowSymLinks
    RewriteEngine on

    RewriteCond %{HTTP_HOST} ^site1.ci
    RewriteCond %{REQUEST_URI} logo.png
    RewriteRule ^logo\.png$ logo1.png [L]

    RewriteCond %{HTTP_HOST} ^site2.ci
    RewriteCond %{REQUEST_URI} logo.png
    RewriteRule ^logo\.png$ logo2.png [L]

    RewriteRule ^ - [PT]
############################################
## you can put here your magento root folder
## path relative to web root
    #RewriteBase /magento/
############################################
## uncomment next line to enable light API calls processing
#    RewriteRule ^api/([a-z][0-9a-z_]+)/?$ api.php?type=$1 [QSA,L]
############################################
## rewrite API2 calls to api.php (by now it is REST only)
    RewriteRule ^api/rest api.php?type=rest [QSA,L]
############################################
## workaround for HTTP authorization
## in CGI environment
    RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
############################################
## TRACE and TRACK HTTP methods disabled to prevent XSS attacks
    RewriteCond %{REQUEST_METHOD} ^TRAC[EK]
    RewriteRule .* - [L,R=405]
############################################
## redirect for mobile user agents
    #RewriteCond %{REQUEST_URI} !^/mobiledirectoryhere/.*$
    #RewriteCond %{HTTP_USER_AGENT} "android|blackberry|ipad|iphone|ipod|iemobile|opera mobile|palmos|webos|googlebot-mobile" [NC]
    #RewriteRule ^(.*)$ /mobiledirectoryhere/ [L,R=302]
############################################
## always send 404 on missing files in these folders
    RewriteCond %{REQUEST_URI} !^/(media|skin|js)/
############################################
## never rewrite for existing files, directories and links
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteCond %{REQUEST_FILENAME} !-l
############################################
## rewrite everything else to index.php
    RewriteRule .* index.php [L]

Just remember to change the paths and check if the other rules are working fine.

Did you solved the problem? Looking at the linked page, it seems all fine now. An evident error, in the above code is this:

$q="select count(*) \"total\"  from comments";

Because with the aliases and the column names you have to use the backticks not the quotes. So:

$q = "select count(*) as `total` from comments";

Documentation: http://dev.mysql.com/doc/refman/5.6/en/identifiers.html

But the problem now is. I get the error message: 'Unable to select table.'?

You get that because of:

or die( "<p><span style=\"color: red;\">Unable to select table</span></p>");

To get the real error message use mysql_error() after the query:

$result = mysql_query("INSERT INTO festivals (name, logo, country, city, deadline, date_from, venue, date_to, info_page, web, about, open_for, flag)". "VALUES('NULL','$name', '$logo', '$country', '$city', '$deadline', '$date_from', '$venue',, '$date_to', '$info_page', '$web', '$about', '$open_for', '$flag')") or die(mysql_error());

If you're referring to the datepicker then yes, use dateFormat:

$("#datepicker").datepicker({
    dateFormat: 'dd-mm-yy'
});

Documentation:

• http://api.jqueryui.com/datepicker/#option-dateFormat
• http://api.jqueryui.com/datepicker/#utility-formatDate

And if you add or die(mysql_error()) to mysql_query() do you receive an error?

mysql_query("INSERT INTO festivals (name, logo, country, city, deadline, date_from, place, id, date_to, info, web, about, open_for, flag) VALUES ('$name', 'logo', 'country', '$city', '$deadline', '$date_from', '$place', '$id', '$date_to', '$info', '$web', '$about', '$open_for', '$flag')") or die(mysql_error());

Hi, can you show us your code? Otherwise it not simple to help.

Hehe don't worry, it happens to do a mistake! :)

This is working, but the problem is sometimes it return an empty array

It can happen if the range in the WHERE statement is not matched, but MySQL does not return arrays, the PHP API can return an array, so if you have problems show the PHP code.

If for some reason you absolutely need to get at least a row with 0, then you can override the empty set by using a variable and applying the IFNULL to the variable. Because if the query returns empty, the variable will be NULL.

Example:

create table D (id int unsigned not null auto_increment primary key, dt datetime not null) engine = myisam;

insert into D (dt) values(now());
insert into D (dt) values(date_add(now(), interval 2 day));
insert into D (dt) values(date_add(now(), interval 3 day));
insert into D (dt) values(date_add(now(), interval 4 day));
insert into D (dt) values(date_add(now(), interval 1 week));
insert into D (dt) values(date_add(now(), interval 2 week));
insert into D (dt) values(date_add(now(), interval 3 week));
insert into D (dt) values(date_sub(now(), interval 1 day));
insert into D (dt) values(date_sub(now(), interval 2 day));
insert into D (dt) values(date_sub(now(), interval 3 day));
insert into D (dt) values(date_sub(now(), interval 1 week));
insert into D (dt) values(date_sub(now(), interval 2 week));
insert into D (dt) values(date_sub(now(), interval 3 week));

-- select
select * from D;
+----+---------------------+
| id | dt                  |
+----+---------------------+
|  1 | 2014-03-11 13:18:50 |
|  2 | 2014-03-12 13:18:50 |
|  3 | 2014-03-13 13:18:50 |
|  4 | 2014-03-16 …

Hi,

in this case IFNULL() is not useful, because count() will return 0 in case the value you submit is NULL, and 1 if you submit a string or a boolean:

select count(null);
+-------------+
| count(null) |
+-------------+
|           0 |
+-------------+
1 row in set (0.00 sec)

-- with IFNULL()
select ifnull(count(null), 123);
+--------------------------+
| ifnull(count(null), 123) |
+--------------------------+
|                        0 |
+--------------------------+
1 row in set (0.00 sec)

So IFNULL can be removed from the query:

"SELECT count(id) AS ctr FROM table WHERE date >= $from_date AND date <= $to_date GROUP BY WEEK(table.date)"

By the way, AND cannot be used with the GROUP BY otherwise you get a syntax error.

it is returning an empty array rather than {0, 0, 0, ... }

I do not understand, are you referring to the result set in the MySQL client or to the result of a (PHP) script?

That is a user defined function, check within the included files.
For example check in wds.php, as you see the header.inc.php file is included after wds.php.

Check the .htaccess file, there is probably a rewrite to match the switch cases in header.inc.php. Also check the code of the getCurrentFilename() function, that should give some hints about the url manipulation.

I see you are redirecting both now:

• http://fmscopk.com/skin/frontend/default/f001/images/logo.png
• http://mianbros.com/skin/frontend/default/f001/images/logo.png

If you do not want these redirects and if you can access the server config or the virtual host context, then you can enable the rewrite log and check the reason why the rule is not working correctly. To enable it, write:

RewriteLog "/tmp/rewrite.log"
RewriteLogLevel 9

Set back the flag to [L] to generate the error and reload Apache, otherwise the log file will not be created. You can change the path for the rewrite log. After you finish the debug remember to disable it or to low the log level to 2, otherwise the website can slow down, since level 9 is very verbose.

More information:

• http://httpd.apache.org/docs/2.2/mod/mod_rewrite.html#rewritelog
• http://httpd.apache.org/docs/2.2/mod/directive-dict.html#Context

Hi,

if you're using Apache and you can use the .htaccess file, then you can apply these rules:

<IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /

    RewriteCond %{HTTP_HOST} ^site1.tld
    RewriteCond %{REQUEST_URI} logo.png
    RewriteRule ^logo\.png$ logo1.png [L]

    RewriteCond %{HTTP_HOST} ^site2.tld
    RewriteCond %{REQUEST_URI} logo.png
    RewriteRule ^logo\.png$ logo2.png [L]

    RewriteRule ^ - [PT]
</IfModule>

So create a link to the logo.png file, for example:

<img src="/logo.png" />

When you access to http://site1.tld/ the rewrite rule will load logo1.png, when accessing http://site2.tld/ will load logo2.png. This is not a redirect, it's working as an alias and will return status code 200 or 304.

Docs: http://httpd.apache.org/docs/2.2/rewrite/flags.html

Hi, check if this thread helps with your issue:

• http://www.daniweb.com/web-development/databases/mysql/threads/473216/alternative-way-of-an-insert-with-where-clause

No problem. Assign the name attribute to the select tag, for example:

<select name="fruits">

So, when the form is submitted you can check the value of $_POST['fruits']. Now, if you submit something like this:

<select name="fruits">
    <option>---</option>
    <option>Apples</option>
    <option>Oranges</option>
    <option>Cherries</option>
</select>

the value of $_POST['fruits'] will be chosen from the content of the option tag, if you select the second option, the value will be Apples. If, instead, you add the value attribute, then this will be considered instead of the text, for example:

<select name="fruits">
    <option value="">---</option>
    <option value="fujiapple">Apples</option>
    <option value="vanillaorange">Oranges</option>
    <option value="pandoracherry">Cherries</option>
</select>

So, in this case, if we choose the first valid option, the value of $_POST['fruits'] will not be Apples but fujiapple.

If you want to enable multiple choices, then there are few a small changes to apply: add two square bracktes [] to the value of the name attribute, the meaning is that we are going to collect an array of values and not a single string. Then add the multiple attribute. So:

<select name="fruits[]" multiple>

When you receive the POST request, the values will be served as an array:

[fruits] => Array
    (
        [0] => fujiapple
        [1] => pandoracherry
    )

Instead of the traditional:

[fruits] => orange

Note: when submitting a multiple select, the user can deselect all the options, in this case the fruits index will be missing from the $_POST array, as the checkboxes. When using the single select, instead, an option of the …

Hello,

can you explain the issue? Currently I see few errors in the first method, as you are not declaring the variables checked by the IF statement.

Also the second method, i.e. addLeads_duplicate(), seems to be truncated. This in particular:

$result=$res->result_array();enter code here

Will generate an error because enter code here must be commented or removed.

I'm glad you've solved, bye! :)

Download this:

• http://windows.php.net/downloads/qa/test/php-5.3.2-debug-Win32-VC6-x86.zip

Inside you will find the php5apache2.dll file, hope it works! But if you can, I suggest you to upgrade to Apache 2.2. As you have seen it is more supported.

The error happens because of:

$query = mysql_query( "SELECT * FROM `users` WHERE `user` = '{$uname}'",$con );

You're using $uname instead of $user and for this reason mysql_query() returns boolean FALSE. When in doubt, you should use mysql_error() right after the query:

$q = mysql_query("...") or die(mysql_error());

Consider also that the mysql_* API functions are going to be deprecated and removed soon from PHP, you should use MySQLi or PDO:

• http://php.net/manual/en/mysqlinfo.api.choosing.php

But I want to point you to another problem, this:

array_map( 'stripslashes',$_POST );
array_map( 'mysql_real_escape_string',$_POST );

It must be:

$_POST = array_map( 'stripslashes',$_POST );
$_POST = array_map( 'mysql_real_escape_string',$_POST );

Because the array_map will not overwrite the original array, example:

$a = array("hello", "wor\ld");
array_map('stripslashes', $a);

print_r($a);

# output:
Array
(
    [0] => hello
    [1] => wor\ld
)

$b = array_map('stripslashes', $a);
print_r($b);

# output:
Array
(
    [0] => hello
    [1] => world
)

An alternative to avoid the extra query, is to inject the user session with a variable that will log out the user as soon he performs an action.

So, when you go to logoutuser.php, submit the session id of the user instead of the user id, for example:

/logoutuser.php?sid=2ehks4jp50u6s5isv4713l6uk1

And, from there, call a command line script:

<?php

    $sid = $_GET['sid'];
    exec("php destroy.php {$sid}");

    . . .

The destroy.php script will look like:

<?php

    $sid = $argv[1];

    # load user session
    session_id($sid);
    session_start();

    # inject the new value
    $_SESSION['deleteme'] = TRUE;

Now, in the pages accessed by the users, set a filter like this:

<?php

    session_start();

    if(array_key_exists('deleteme', $_SESSION))
    {
        # bye bye
        header('Location: logout.php');
    }

In theory you could destroy the session from the command line script, but it cannot delete the session cookie, that resides in the user's browser. Bye!

It happens because you have to use the php tags:

<form action="<?php echo $_SERVER['PHP_SELF']"; ?> class="form-horizontal" method="post">

Also 74 of the same file you have to use the closing PHP tag, so this:

}
<html>

Becomes:

}
?>
<html>

And you have to remove the one at the end of the file:

</html>
?>

For more information check these links:

• http://www.php.net/manual/en/language.basic-syntax.phpmode.php
• http://www.php.net/manual/en/tutorial.php

Hi, this:

$zip = $_['zip'];

Must be:

$zip = $_POST['zip'];

Then, if you still get an error, post the details of the error, otherwise it becomes difficult to help.

Hi, I'm not sure this is the best solution, but if you open the file jquery.poptrox.js, at line 253 you will find:

_caption
    .on('update', function(e, s) {

        if (!s || s.length == 0)
            s = settings.popupBlankCaptionText;

            _caption.html(s);

    });

Change it to:

_caption
    .on('update', function(e, s) {

        if (!s || s.length == 0)
            s = settings.popupBlankCaptionText;

        if(s.indexOf('|') != -1)
        {
            var part = s.split('|');
            var a = $('<a>', {
                text:$.trim(part[0]),
                href:$.trim(part[1])
            });
        }
        else
        {
            var a = s;
        }

        _caption.html(a);

    });

Then in the title attribute of the image tag set the text and the link separated by the pipe character |, so Title|http://mylink.tld/, example:

<img title="Halloween 2013|https://youtu.be/uci_1MYA2J8" src="image.jpg" />

The above modification will check if there is the pipe | character in the title attribute, if this is matched then it will attemp to create a link, otherwise it will return plain-text.

The $.trim() function will remove extra spaces, in case you want to use them near the pipe:

Halloween 2013 | https://youtu.be/uci_1MYA2J8

Note: for the edit I'm referring to the current version of poptrox.js:

• https://github.com/n33/jquery.poptrox

Bye!

I don't have other ideas, try follow the suggestions of this post:

• http://www.cyberciti.biz/tips/troubleshooting-debian-ubuntu-package-upgrades-removals.html

The file to check it should be /var/lib/dpkg/info/vsftpd.postinst and in practice you have to check if there is something like this:

#!/bin/sh -e

Or:

#!/bin/sh

set -e

And in the first case remove -e, in the second remove set -e. If it still does not work, repeat it for all these files:

ls /var/lib/dpkg/info/vsftpd.*

Hope it helps. Bye!

The unable to select dataid error is probably in the included file:

include('../includes/koneksi.php');

Regarding line 137 this problem is caused by end() because the first argument must be an array:

This array is passed by reference because it is modified by the function. This means you must pass it a real variable and not a function returning an array because only actual variables may be passed by reference.

Ref. http://www.php.net/end

So, save the result of explode() in a variable and then use end() against this variable, for example:

$exts = explode('.', $_FILES["image"]["name"]);
$extension = end($exts);

Ok, then check the dpkg log:

sudo less /var/log/dpkg.log

Go to the end of the file, you should find more information about the error. Or try to remove the package directly from the dpkg tool:

sudo dpkg --purge vsftpd

The apt is, in practice, an interface for the dpkg command:

• http://debian-handbook.info/browse/stable/sect.manipulating-packages-with-dpkg.html

Ok,

regarding the dependency issue it could be, if Apache is 2.2 and the library is for Apache 2.0. In this case you need php5apache2_2.dll.

A suggestion: this does not solve the problem if the client disables javascript. The suggestion of network18 is correct, in your server side you should check if the index key exists. So instead of:

if($_POST['wdays1']=='')
    echo $wdays1v = 0;
else
    echo $wdays1v = 1;

It should be:

# default
$wdays1v = 0;

# if exists
if(array_key_exists('wdays1', $_POST))
{
    # and if it is not empty
    if( ! empty($_POST['wdays1'])
    {
        $wdays1v = 1;
    }
}

Hi,

what error do you get when you try the above commands? And have you tried to stop the service? For example:

sudo service vsftpd stop
sudo apt-get remove vsftpd

Ok, the LoadModule directive does not require opening and closing tags as < />. So, it should not be:

<LoadModule php5_module "C:/SERVER/PHP/ext/php5apache2.dll" />

But simply:

LoadModule php5_module "C:/SERVER/PHP/ext/php5apache2.dll"

You can place the directive at the end of the httpd.conf file. If instead you want to check if a module is loaded then you can use the IfModule directive, for example:

<IfModule mod_rewrite.c>
    # rules
</IfModule>

Docs:

• http://httpd.apache.org/docs/2.2/mod/mod_so.html#loadmodule
• http://httpd.apache.org/docs/current/mod/core.html#ifmodule

Try to start Apache with the -t argument, this will:

Run syntax tests for configuration files only. The program immediately exits after these syntax parsing tests with either a return code of 0 (Syntax OK) or return code not equal to 0 (Syntax Error). If -D DUMP_VHOSTS is also set, details of the virtual host configuration will be printed. If -D DUMP_MODULES is set, all loaded modules will be printed.

In practice run httpd -t from the command line. Otherwise check if there is the read-only attribute on the php5apache2.dll file, and remove it.

Hi, check the Apache error log, you should find an extended error message, if you have doubts post the errors here.

Hi, from the psql client you can use \dt, it will list something like this:

\dt
           List of relations
 Schema |   Name    | Type  |  Owner   
--------+-----------+-------+----------
 public | cities    | table | cereal
 public | provinces | table | cereal
 public | weather   | table | cereal
 (3 rows)

Otherwise use a query like this:

select table_name from information_schema.tables where table_schema = 'public' and table_type = 'BASE TABLE';

If you remove the WHERE condition then you get also the information_schema tables.

Docs:

• http://www.postgresql.org/docs/9.3/static/infoschema-tables.html

Add an else statement to stop the script basing on the result of the filter. Here you can redirect it to your previous page or to a specific error page. You can use the session to collect the errors and display them to the redirected page or, in alternative, you can log the errors quietly by using error_log().

As example with a simple redirect:

<?php

$_POST = array_map('trim', $_POST);

if( filter_var($_POST['email'], FILTER_VALIDATE_EMAIL) !== FALSE)
{
    $email = $_POST['email'];
}

else
{
    header("Location: error_page.html");
}

$name = $_POST['name'];
$message = $_POST['message'];
$formcontent="From: $name \n Message: $message";
$recipient = "jadon.mayhew@me.com";
$subject = "Contact Form";
$mailheader = "From: $email \r\n";
mail($recipient, $subject, $formcontent, $mailheader) or die("Error!");
header("Location: emailsent.html");

Another example:

<?php

$email = FALSE;
$_POST = array_map('trim', $_POST);

if( filter_var($_POST['email'], FILTER_VALIDATE_EMAIL) !== FALSE)
{
    $email = $_POST['email'];
}

if($email !== FALSE)
{
    $name = $_POST['name'];
    $message = $_POST['message'];
    $formcontent="From: $name \n Message: $message";
    $recipient = "jadon.mayhew@me.com";
    $subject = "Contact Form";
    $mailheader = "From: $email \r\n";
    mail($recipient, $subject, $formcontent, $mailheader) or die("Error!");
    header("Location: emailsent.html");
}
else
{
    header("Location: error_page.html");
}

Or simply:

<?php

$email = $_POST['email'];
if(filter_var($_POST['email'], FILTER_VALIDATE_EMAIL) === FALSE)
{
    header("Location: error_page.html");
}

Or:

<?php

if($email = filter_var($_POST['email'], FILTER_VALIDATE_EMAIL))
{
    $name = $_POST['name'];
    $message = $_POST['message'];
    $formcontent="From: $name \n Message: $message";
    $recipient = "jadon.mayhew@me.com";
    $subject = "Contact Form";
    $mailheader = "From: $email \r\n";
    mail($recipient, $subject, $formcontent, $mailheader) or die("Error!");
    header("Location: emailsent.html");
}

else
{
    header("Location: error_page.html");
}

There are many ways to write this. If still in trouble I'll …

Use this:

<?php

$_POST = array_map('trim', $_POST);

if( filter_var($_POST['email'], FILTER_VALIDATE_EMAIL) !== FALSE)
{
    $email = $_POST['email'];
}

$name = $_POST['name'];
$message = $_POST['message'];
$formcontent="From: $name \n Message: $message";
$recipient = "jadon.mayhew@me.com";
$subject = "Contact Form";
$mailheader = "From: $email \r\n";
mail($recipient, $subject, $formcontent, $mailheader) or die("Error!");
header("Location: emailsent.html");
?>

It works. The filter_var function verifies if the $_POST['email'] is a valid email address. This could be false, as example abc@cba.tld but you cannot always verify if a mail is currently active or not.

Regarding this error:

Warning: trim() expects parameter 1 to be string, array given in /home/bdurodjc/public_html/Home/mail.php on line 2

This is due to another error done by me, I tested your script using a string version:

$email = trim($_POST['email']);

But when I wrote the example I translated that to the entire $_POST array, my fault, the correct version needs the implementation of array_map():

$_POST = array_map('trim', $_POST);

The array_map works essentially as a loop, like this:

foreach($_POST as $key => $value)
{
    $_POST[$key] = trim($value);
}

Docs: http://php.net/array_map

Ok, I'm terrible sorry, my further mistake, not two ending parentheses but one:

<?php
    $_POST = trim($_POST);
    if( filter_var($_POST['email'], FILTER_VALIDATE_EMAIL) !== FALSE)
    {
        $email = $_POST['email'];
    }
    $name = $_POST['name'];
    $message = $_POST['message'];
    $formcontent="From: $name \n Message: $message";
    $recipient = "jadon.mayhew@me.com";
    $subject = "Contact Form";
    $mailheader = "From: $email \r\n";
    mail($recipient, $subject, $formcontent, $mailheader) or die("Error!");
    header("Location: emailsent.html");
    ?>

Testing the form and the scripts now it works fine.

This is what it happens when I have the flu and under antivirals o_o'

Sorry that's my mistake, in my first example I didn't close the IF statement:

if( filter_var($_POST['email'], FILTER_VALIDATE_EMAIL) !== FALSE)

It should be:

if( filter_var($_POST['email'], FILTER_VALIDATE_EMAIL) !== FALSE))

With two ending parentheses.

I have no idea why the "Send Message" thing is white and not green, like it should be. It seems to have swapped itself, when I hover over it, it goes green, however it's supposed to be the other way around. Nothing changed in the CSS either.

Probably because of this rule:

form input.button,
form input.text,
form select,
form textarea
{
    -webkit-appearance: none;
    display: block;
    border: 0;
    background: #f5f5f5;
    width: 100%;
    padding: 0.75em;
    -moz-transition: background-color 0.35s ease-in-out;
    -webkit-transition: background-color 0.35s ease-in-out;
    -o-transition: background-color 0.35s ease-in-out;
    -ms-transition: background-color 0.35s ease-in-out;
    transition: background-color 0.35s ease-in-out;
}

The form input.button, declaration overrides this one:

.button
{
    position: relative;
    display: inline-block;
    border: 0;
    background: #35b88f;
    color: #fff;
    text-shadow: 0 0 0.5px rgba(255,255,255,0.25);
    cursor: pointer;
    text-decoration: none;
    outline: 0;
    padding: 1em 3em 1em 3em;
    text-align: center;
    border-radius: 3em;
    font-weight: 400;
    -moz-transition: background-color 0.35s ease-in-out, color 0.35s ease-in-out;
    -webkit-transition: background-color 0.35s ease-in-out, color 0.35s ease-in-out;
    -o-transition: background-color 0.35s ease-in-out, color 0.35s ease-in-out;
    -ms-transition: background-color 0.35s ease-in-out, color 0.35s ease-in-out;
    transition: background-color 0.35s ease-in-out, color 0.35s ease-in-out;
}

So just remove the form input.button from that rule and it should work fine.

The CSS issue happens because of:

3) Sort rules with the same importance and origin by specificity of selector: more specific selectors will override more general ones. Pseudo-elements and pseudo-classes are counted as normal elements and classes, respectively.
4) Finally, sort by order specified: if two declarations have the same weight, origin and specificity, the latter specified wins. Declarations …

In addition: the eregi() function is weak, an attacker can submit extra code by using a null byte character. For example:

<?php

    $email = $_GET['email'];

    if(eregi("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$", $email))
    {
        echo "<strong>$email</strong> is correct";
    }
    else
    {
        echo "<strong>$email</strong> is wrong";
    }

And submit these links:

# first
http://localhost/test.php?email=my@mail.co

# second
http://localhost/test.php?email=my@mail.co%20,another@mail.co

# third
http://localhost/test.php?email=my@mail.co%00,another@mail.co

The first will return true as expected, the second false as expected because we are trying to submit two mails at the same time, the third instead will return true and will allow to insert two emails instead of one.

More information:

• http://projects.webappsec.org/w/page/13246949/Null%20Byte%20Injection

Bye!

Josh suggestion is syntactically correct but you cannot include javascript in the recipient value, i.e. in the first argument of the mail() function.

The above should be:

<?php

    $name = $_POST['name'];
    $email = $_POST['email'];
    $message = $_POST['message'];
    $formcontent="From: $name \n Message: $message";
    $recipient = "jadon.mayhew@me.com";
    $subject = "Contact Form";
    $mailheader = "From: $email \r\n";
    mail($recipient, $subject, $formcontent, $mailheader) or die("Error!");
    header("Location: emailsent.html");

?>

My previous suggestion about the filter_var() instead was an example, based on an hypotetical to input field, something like:

<input type="text" name="to" />

So you have to change it to match your form, in your case:

<?php

    $email = FALSE;

    if(filter_var($_POST['email'], FILTER_VALIDATE_EMAIL) !== FALSE))
    {
        $email = $_POST['email'];
    }

    $name = $_POST['name'];
    $message = $_POST['message'];
    $formcontent="From: $name \n Message: $message";
    $recipient = "jadon.mayhew@me.com";
    $subject = "Contact Form";
    $mailheader = "From: $email \r\n";
    mail($recipient, $subject, $formcontent, $mailheader) or die("Error!");
    header("Location: emailsent.html");

    ?>

If it does not validate then apply the trim() function to $_POST['email'] or simply test an hardcoded email:

if(filter_var('your@mail.tld', FILTER_VALIDATE_EMAIL) !== FALSE))
{
    echo 'The mail is correct';
}

This will validate:

$email = 'your@mail.tld';

This instead it will not:

$email = ' your@mail.tld';

Because of the extra space, so if you want to apply trim, at the top of the script place:

$_POST = trim($_POST);

Complete example:

<?php

    $email = FALSE;
    $_POST = trim($_POST);

    if(filter_var($_POST['email'], FILTER_VALIDATE_EMAIL) !== FALSE))
    {
        $email = $_POST['email'];
    }

    $name = $_POST['name'];
    $message = $_POST['message'];
    $formcontent="From: $name \n Message: $message";
    $recipient = "jadon.mayhew@me.com";
    $subject …

Hi, check my previous updated answer, i.e. remove the Javascript code from the PHP block and it should work fine.

Can you show the updated code? Currently it seems that the javascript code is still in the PHP block, as example:

<?php

$recipient = "jadon.mayhew@me.com";

/* <![CDATA[ */
(function(){try{var s,a,i,j,r,c,l,b=document.getElementsByTagName("script");l=b[b.length-1].previousSibling;a=l.getAttribute('data-cfemail');if(a){s='';r=parseInt(a.substr(0,2),16);for(j=2;a.length-j;j+=2){c=parseInt(a.substr(j,2),16)^r;s+=String.fromCharCode(c);}s=document.createTextNode(s);l.parentNode.replaceChild(s,l);}}catch(e){}})();
/* ]]> */

The var keyword in the Javascript code, will generate your error, but only because the engine is trying to interpretate the Javascript as PHP, so remove the Javascript from there, if you want to validate the email, use the filter_var() function:

if( filter_var($_POST['to'], FILTER_VALIDATE_EMAIL) !== FALSE)
{
    $email = $_POST['to'];
}

Docs:

• http://php.net/filter_var
• http://us3.php.net/manual/en/tokens.php

Hi,

you cannot submit javascript as recipient, so this:

$recipient = "jadon.mayhew@me.com<script type="text/javascript">
/* <![CDATA[ */
(function(){try{var s,a,i,j,r,c,l,b=document.getElementsByTagName("script");l=b[b.length-1].previousSibling;a=l.getAttribute('data-cfemail');if(a){s='';r=parseInt(a.substr(0,2),16);for(j=2;a.length-j;j+=2){c=parseInt(a.substr(j,2),16)^r;s+=String.fromCharCode(c);}s=document.createTextNode(s);l.parentNode.replaceChild(s,l);}}catch(e){}})();
/* ]]> */
</script>";

must be:

$recipient = "jadon.mayhew@me.com";

check the available formats for the first argument of the mail() function:

• http://www.php.net/manual/en/function.mail.php

Try with the DateTime class:

<?php

$minute = 45;
$second = 01;

# value to test
$test = new DateTime();
$time = $test->setTime(0, $minute, $second);

# match this
$minDate = new DateTime();
$min = $minDate->setTime(0, 45, 0);

if($min->diff($time)->i == 0 && $minute == 45 && $min->diff($time)->s > 0)
{
    echo 'Alert';
}
else
{
    echo 'Ok';
}

Note that the difference for the minute $min->diff($time)->i will return 0 for all the values between 44:01 and 45:59, so it is important to check also the value of the original variable $minute, and to restrict the match only to 45:01 - 45:59 we have to check also the seconds with $min->diff($time)->s > 0.

Docs:

• http://php.net/manual/en/datetime.settime.php
• http://php.net/manual/en/datetime.diff.php

So another problem, when the student request on tuesday, the expected date of release is next tuesday. etc.

So, a delay of 4 working days? In MySQL you can create a function based on WEEKDAY() which:

Returns the weekday index for date (0 = Monday, 1 = Tuesday, … 6 = Sunday).

Now, here the code to run in a MySQL client:

drop function if exists releasedate;
delimiter //

CREATE FUNCTION releasedate(date1 DATETIME, ninterval INT UNSIGNED)
RETURNS DATETIME DETERMINISTIC
BEGIN
DECLARE dt DATETIME;
DECLARE i INT UNSIGNED;
DECLARE wd INT UNSIGNED;
SET i = 0;
SET wd = WEEKDAY(date1);
SET dt = date1;
WHILE i < ninterval DO
    SET dt:=DATE_ADD(dt, INTERVAL 1 DAY);
    SET wd:=WEEKDAY(dt);
    CASE WHEN wd in(0,1,2,3) THEN SET i:=i+1;
    ELSE SET i:=i;
    END CASE;
END WHILE;
RETURN dt;
END//

delimiter ;

The WHILE loop will check each date since the starting time and it will add 1 to an internal counter each time the new date is a weekday between 0 and 3. At each loop it will overwrite the dt variable which saves the new date. The loop finishes when the internal counter hits the second argument of the function. The returned value is defined by:

RETURNS DATETIME DETERMINISTIC

And actually returned by:

RETURN dt;

And you can use it like this:

select releasedate(now(), 4) as release_date;
+---------------------+
| release_date        |
+---------------------+
| 2014-03-03 22:03:16 |
+---------------------+
1 row in set (0.04 sec)

Where the first argument is …

Duplicate entry '0' for key 'post_ID'

it happens because post_ID is probably a unique key, in the static_page table, but not the primary key, otherwise the message would be a bit different:

ERROR 1062 (23000): Duplicate entry '0' for key 'PRIMARY'

instead of:

ERROR 1062 (23000): Duplicate entry '0' for key 'post_ID'

it happens because post_ID misses the auto_increment attribute: for this reason, to the first inserted image will be assigned a value of 0, when you try to add a new image you get the Duplicate entry '0' error.

You can fix that by adding the attribute to the column:

alter table static_page modify post_ID int unsigned not null auto_increment unique;