Posts by cereal

Concerning the undefined function it seems a known bug: http://drupal.org/node/481758
Try to increase the max_execution_time in php.ini and reload Apache after editing to load the changes.

Regarding the other question, I didn't understood. Can you explain it better?

Yes you can, just change the first SELECT statement with a DELETE as this:

DELETE FROM wp_options, (SELECT SUBSTR(option_name,20) AS string FROM wp_options WHERE STRCMP(option_name,'_transient_timeout_') = 1 AND option_value < unix_timestamp()) AS sub WHERE option_name IN (CONCAT('_transient_',sub.string),CONCAT('_transient_timeout_',sub.string));

Bye!

Do you directly edit the file or you use resolvconf command?

Just to be clear, use: SUBSTR(option_name,20) instead of SUBSTR(option_name,-3,3)

Yes, start to count from the beginning, for example for:

_transient_timeout_gad_cache_5_776fa175e6cc472b8c7

we start to count up to _transient_timeout_ which is 19 and use SUBSTR to take the rest:

select substr('_transient_timeout_gad_cache_5_776fa175e6cc472b8c7',20) as string;
+---------------------------------+
| string                          |
+---------------------------------+
| gad_cache_5_776fa175e6cc472b8c7 |
+---------------------------------+

Ok, try:

SELECT * FROM wp_options AS main, (SELECT SUBSTR(option_name,-3,3) AS string FROM wp_options WHERE STRCMP(option_name,'_transient_timeout_') = 1 AND option_value < unix_timestamp()) AS sub WHERE option_name IN (CONCAT('_transient_',sub.string),CONCAT('_transient_timeout_',sub.string));

If it works then just convert the main query to delete. In my example I'm using:

SUBSTR(option_name,-3,3)

to extract the last 3 characters which are used as sub.string in the CONCAT statements, but you can rearrange it as you prefer, depending on the length of your unique values... for more info check:

• http://dev.mysql.com/doc/refman/5.0/en/string-functions.html#function_substring
• http://dev.mysql.com/doc/refman/5.0/en/string-comparison-functions.html#function_strcmp

Anyway, it would be easier to store a third column as timestamp, that way you could avoid the second row:

CREATE TABLE `wp_options` (
  `option_name` varchar(255) DEFAULT NULL,
  `option_value` varchar(255) DEFAULT NULL,
  `option_timeout` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP
) ENGINE=MyISAM DEFAULT CHARSET=utf8

Try:

DELETE FROM wp_options WHERE option_name IN ('_transient_timeout_xxx','_transient_xxx');

If using PHP then:

$options = implode(',',array("'_transient_timeout_xxx'","'_transient_xxx'"));
mysql_query("DELETE FROM wp_options WHERE option_name IN ($options)") or die(mysql_error());

You're welcome. What happens? The link is not displayed?

By placing it right after the ftp_close() it should work:

ftp_close($conn_id);
echo '<p><a href="another-file.php">Go back to the main page</a></p>';

To perform an automatic redirect, after displaying the output of the operation you can add a meta tag to the page. To simplify you can add an array to the top of the script $output = array(); and change all the echo statements to $output[] = 'message goes here'; and then print the output at the end.

Otherwise you can save $output to $_SESSION, redirect with header() to the form page and display the results.

In order to work you have to create an array and then loop it into single ftp_put() calls, so change the form so you can send an array of files, i.e. by changing the name attribute of the input field userfile:

<tr>
    <td align="left" valign="top">
        Select your file to upload:
    </td>
    <td>
        <input name="userfile[]" type="text" size="50" value="a.html" /><br />
        <input name="userfile[]" type="text" size="50" value="b.html" /><br />
        <input name="userfile[]" type="text" size="50" value="c.html" />
    </td>
</tr>

And change the script:

<?php
if($_SERVER['REQUEST_METHOD'] == 'POST')
{
    # verify the files
    function checkfiles($path,$files,$default_files)
    {
        $result = array();

        if(count(array_filter($files)) == 0)
        {
            # default array of files, loaded in case $_POST['userfile'] is empty
            $files = $default_files;
        }

        foreach($files as $file)
        {
            $file = pathinfo(parse_url($file,PHP_URL_PATH),PATHINFO_BASENAME);
            if(file_exists($path.$file) && is_file($path.$file))
            {
                $result[] = $file;
            }
            else
            {
                echo "<p>file $file not found!</p>";
            }
        }
        return $result;
    }

    # default array of files
    $default_files = array('a.html','b.html','c.html','d.html','e.html');

    # variables for local server
    $local_path = $_SERVER['DOCUMENT_ROOT'].'/ftp/'; # change this to match yours
    $local_files = checkfiles($local_path,$_POST['userfile'],$default_files);

    if(count($local_files) == 0)
    {
        echo '<p>Error, files not founded!</p>';
        exit;
    }

    # ftp credentials and remote path
    $ftp_user_name = $_POST['user'];
    $ftp_user_pass = $_POST['password'];
    $ftp_server = $_POST['server'];
    $ftp_port = in_array(intval($_POST['port']),array(0,1)) ? 21:intval($_POST['port']); # default port 21
    $remote_path = rtrim($_POST['pathserver'],'/');

    // set up a connection to ftp server
    $conn_id = ftp_connect($ftp_server,$ftp_port);

    // login with username and password
    $login_result = ftp_login($conn_id, $ftp_user_name, $ftp_user_pass);

    if ((!$conn_id) || (!$login_result))
    {
       echo "<p>FTP connection has encountered an error!</p>";
       echo "<p>Attempted to connect to $ftp_server for user $ftp_user_name....</p>";
       exit;
    } else { …

Ok, the second and third errors are related to the index.php file, you don't need the <?php and ?> since it's plain html, so your index page becomes something like:

<!DOCTYPE html>
<html>
    <head>
        <title>ftp test</title>
    </head>
    <body>
        <h2 align="center">FTP form</h2>
        <form action="step-1-upload.php" method="POST">
            <table align="center">
                <tr>
                    <td align="left">
                        Server:
                    </td>
                    <td>
                        <input size="50" type="text" name="server" value="" />
                    </td>
                </tr>
                <tr>
                    <td align="left">
                        Port:
                    </td>
                    <td>
                        <input size="50" type="text" name="port" value="21" />
                    </td>
                </tr>
                <tr>
                    <td align="left">
                        Username:
                    </td>
                    <td>
                        <input size="50" type="text" name="user"  value="" />
                    </td>
                </tr>
                <tr>
                    <td align="left">
                        Password:
                    </td>
                    <td>
                        <input size="50" type="text" name="password" value="" />
                    </td>
                </tr>
                <tr>
                    <td align="left">
                        Path on the server:
                    </td>
                    <td>
                        <input size="50" type="text" name="pathserver" value="public_html/" readonly />
                    </td>
                </tr>
                <tr>
                    <td align="left">
                        Select your file to upload:
                    </td>
                    <td>
                        <input name="userfile" type="text" size="50" value="a.html" />
                    </td>
                </tr>
                <tr>
                    <td align="left" colspan="2" height="1">
                    </td>
                </tr>
                <tr>
                    <td align="left">
                    </td>
                    <td>
                        <input type="submit" name="submit" value="Start Installation" />
                    </td>
                </tr>
            </table>
        </form>
    </body>
</html>

The other two errors are occuring because the paths are not defined, in my previous example I was checking if the file existed, but when setting $filep I wasn't adding the local path, probably this caused your error, anyway here's a working version:

<?php
if($_SERVER['REQUEST_METHOD'] == 'POST')
{
    # variables for local server
    $local_path = $_SERVER['DOCUMENT_ROOT'].'/ftp/'; # change this to match yours
    $filename = pathinfo(parse_url($_POST['userfile'],PHP_URL_PATH),PATHINFO_BASENAME);

    # ftp credentials and remote path
    $ftp_user_name = $_POST['user'];
    $ftp_user_pass = $_POST['password'];
    $ftp_server = $_POST['server'];
    $ftp_port = in_array(intval($_POST['port']),array(0,1)) ? 21:intval($_POST['port']); # default …

Which errors you get? As suggested by c-tech you can use a conditional statement to submit the default value and use the form to only display the file name. Also, change your form to deal with strings and not with uploads, for example this:

<input name="userfile" type="file" size="50" value="a.html">

should be:

<input name="userfile" type="text" size="50" value="a.html">

since there are no uploads from the browser client to Server1, $_FILES will be empty, you don't need it because the script gets the file name from the $_POST array, for example:

# $filep=$_FILES['userfile']['tmp_name']; # remove this line
$file = pathinfo(parse_url($_POST['userfile'],PHP_URL_PATH),PATHINFO_BASENAME);
$path = '/local/path/';

if(file_exists($path.$file))
{
    $filep = $file;
}
else
{
    $filep = 'a.html';
}

Anyway, be more specific about the errors, so we can try to help you, bye!

Oh, ok. In this case you don't have to use $_FILES, since it's not an upload action, but a download from a remote server. So you don't need a file input field, use text field:

<input type="text" name="link" value="http://remote.dev/a.html" readonly />

In addition from your script you should check if:

• link is valid and allowed
• if the remote file is available
• and then you download it

Keep in mind that, even by placing readonly attribute to the field, the client can change the value of the form or try to submit a custom request by itself, by using cURL and submit whatever, so you should also:

• add a CSRF check;
• create a download queue list, to avoid multiple concurrent downloads;
• create a whitelist and check if the source server is allowed;
• get the header of the file and from there: 1. check the sizes of the file from the header response; 2. check the mime type of the file you are going to download;
• check the downloaded file (size and mime type) again;
• save the file inside a directory in which PHP is not executed.

Some info:
http://www.daniweb.com/web-development/php/threads/449496/my-site-was-hacked-by-c99-shell/
http://www.daniweb.com/web-development/php/threads/426854/how-to-create-an-image-downloader

Bye!

I'm not sure this is still possible, since modern browsers works in a sandbox, separated from the system, so you cannot execute or copy a local file directly from a remote script.

There is a flaw in my previous answer: if the other users are able to change their virtuahost, they can add the mod_fastcgi handler to their config file or to an .htaccess and override your scripts.

To fix this you could:

• install php5-fpm
• install Nginx
• host your website in Nginx
• make Nginx listen on a different port as 8000

So, you can use PHP-FastCGI through Nginx. Logically you have to remove mod_fastcgi and proxy_fcgi_module from Apache, so the users will not be able to add the handler or to redirect requests to FastCGI server.

To install Nginx run:

sudo apt-get install nginx

then create your virtual host:

sudo nano /etc/nginx/sites-available/my_server

and add a basic configuration:

server {
    listen 8000;
    server_name mywebsite.dev;

    access_log /var/log/nginx/mywebsite.access.log;
    root /var/www/mywebsite;

    location / {
            index index.php index.html index.htm;
    }

    location ~ \.php$ {
        include /etc/nginx/fastcgi_params;
        fastcgi_pass unix:/tmp/php.socket;
    }
}

Then save the file, enable it and reload the server:

sudo ln -s /etc/nginx/sites-available/mywebsite /etc/nginx/sites-enabled/mywebsite
sudo service nginx reload

Besides, I would run the users inside separated chroot environments, so they cannot access to your document root or each others, by simply changing theirs.

Question: .htaccess is not enough for your friends? You can do almost everything from there a part changing the DocumentRoot http://httpd.apache.org/docs/current/howto/htaccess.html

Hmm, I didn't tested this, but you could use php-fpm to start a FastCGI socket and assign a specific uid and gid to it, read:

1. http://wiki.apache.org/httpd/PHP-FPM
2. http://php.net/manual/en/install.fpm.install.php
3. http://www.php.net/manual/en/install.fpm.configuration.php
4. http://www.howtoforge.com/using-php5-fpm-with-apache2-on-ubuntu-12.10

If you have linux ubuntu and PHP5 run:

sudo apt-get install php5-fpm libapache2-mod-fastcgi

then edit the php.ini related to fpm:

sudo nano /etc/php5/fpm/php.ini

And add a user and a group (previously created) specific for the FPM processes:

user string
group string

Change your scripts so they are owned by this new user and setup your virtual host to listen the FPM socket:

<VirtualHost *:80>
    ...
    <IfModule mod_fastcgi.c>
        AddHandler php5-fcgi .php
        Action php5-fcgi /php5-fcgi
        Alias /php5-fcgi /usr/lib/cgi-bin/php5-fcgi
        FastCgiExternalServer /usr/lib/cgi-bin/php5-fcgi -socket /var/run/php5-fpm.sock -pass-header Authorization
    </IfModule>
</VirtualHost>

So, at the end, the other virtual hosts will run the normal Server API: Apache 2.0 Handler and yours the FPM/FastCGI, you can check it with phpinfo(). Hope it helps, bye!

Also mysql.log.1 is not the current log file, it's an old copy, so it can be moved to another location for further analysis or deleted, the main in use is mysql.log. Since it's a general log you can stop it, by commenting the line related to the general_log_file.
Just enable: error.log, mysql-slow.log and expires_logs_days, so you can limit the amount of data. To edit these options run:

sudo editor_of_choice /etc/mysql/my.cnf

Example settings:

#general_log_file        = /var/log/mysql/mysql.log
#general_log             = 1
log_error = /var/log/mysql/error.log
log_slow_queries = /var/log/mysql/mysql-slow.log
long_query_time = 2
log-queries-not-using-indexes
expire_logs_days = 10

Reload mysql after you've done.

Have you tried union all?

(select * from table1 where field1 = 'value to search') union all (select * from table2 where field1 = 'value to search') union all (select * from table3) order by field1;

Read this: http://dev.mysql.com/doc/refman/5.0/en/union.html

@CodeAngry
I tried to adapt my code to yours, now it's much better:

<?php
$function_names = array('myvalueone','myvaluetwo','myvaluethree','myvaluefour','myvaluefive');
$functions = array();
foreach($function_names as $function_name){

    ${$function_name} = function($name = false) use ($function_name){ // <-- USE
        return 'The name of the function is ', ($name === false ? $function_name:$name), PHP_EOL;
    };
}

echo $myvalueone();
echo $myvaluetwo('hello');
?>

Yup, check if in ~/.config/geany/colorschemes/ there are files and set one of those as default, for example: color_scheme=github.conf, include the extension, if there aren't any files then you have two choices:

1. reinstall Geany, so uninstall the programm and delete the configuration folder under your profile, i.e. ~/.config/geany/, not the .config directory itself, because it contains other software data;
2. download some themes and save them to the colorschemes directory and edit geany.conf.

Note: I'm suggesting to edit geany.conf because the switcher interface doesn't work properly. Hope it helps, bye!

Check the color scheme inside .config/geany/geany.conf. Before editing the value, close Geany otherwise the current window will overwrite your changes.

The problem is that the loop goes to overwrite the function value and even the name. But this seems to work fine for me:

<?php
$myarray = array('myvalueone','myvaluetwo','myvaluethree','myvaluefour','myvaluefive');
$n=count($myarray);
for($i=0; $i < $n; $i++)
{
    define('FUNCTIONNAME'.$i,$myarray[$i]); # define the value
    ${$myarray[$i]} = create_function('$name = FUNCTIONNAME'.$i, 'return "The name of the function is ". $name;');
}
echo $myvaluefive();
echo "\n";
echo $myvalueone();
?>

Output:

The name of the function is myvaluefive

The name of the function is myvalueone

I tried also __FUNCTION__ instead of $name but it outputs __lambad_func or closure depending on the methods: create_function or anonymous functions. Hope it helps.

Check your IF statements, this <src="index.php?lang=nl"> is not a tag, so you have to change them all, also there is no default condition.

It has nothing to do with the code that cereal and I provided.

Sorry LM but the code I wrote is exactly to check who and when reads the newsletters (when the images are enabled in the HTML version). The key is to use unique image links for each recipient, or at least different links for each campaign. This can be done easily if the used platform provides the correct instruments.

For example: MailChimp provides an API which allows to submit contents from a personal interface, so the image links can be autogenerated by a script, otherwise (more easier) there is the chance to create unique links to a remote image by using their Merge Tags mechanism, and include them in the template, something like:

http://my_webserver.tld/img/*|CAMPAIGN_UID|*/*|EMAIL|*/dot.jpg

will become:

http://my_webserver.tld/img/23/abc@cba.com/dot.jpg

And when a user opens the HTML version of the newsletter, will perform a GET connection to our server and load the script that renders the remote image, throught that you can solve the problem. I hope this is useful, I don't know which service is used by the OP, but this it may give an hint.

For more information check this: http://kb.mailchimp.com/article/can-i-create-a-different-link-for-each-recipient-using-the-merge-tags

Bye! :)

A simple method, for example, is this:

<?php
    # declare variables to register
    $path = '/images/';
    $image = $_GET['image'];
    $ip = $_SERVER['REMOTE_ADDR'];
    $browser = $_SERVER['HTTP_USER_AGENT'];
    $date = date('Y-m-d G:i:s');
    $cid = $GET_['campaign_id']; # so you can identify the newsletter
    $ucode = $_GET['user_code']; # so you can identify each user opening the newsletter

    # check if variables contents are true
    if(/* check */) # true
    {
        // database connection . . .

        $q = "insert into newsletter_stats (`ip`,`browser`,`open_date`,`campaign_id`,`user_code`) values('$ip','$browser','$date','$cid','$ucode')";

        # insert data
        mysql_query($q) or die(mysql_error()); # consider using mysqli
    }

    # display the image, this could be a simple image 1x1 or your company logo
    if(file_exists($path.$image))
    {
        header("Content-Type: image/jpeg");
        echo file_get_contents($path.$image); # image to display
    }
    else
    {
        echo 'image not found';
    }
?>

The link to the image should be something like this:

http://localhost/img.php?image=dot.jpg&campaign_id=23&user_code=md5_hash_here

But you can use .htaccess and mod_rewrite to create a link easier to read:

http://localhost/img/md5_hash/23/dot.jpg

Obviously there will be a different md5 hash for each user, so you may have to automate the process. But if you are not interested on checking specific user habits then you need only links to identify the newsletter:

http://localhost/img/23/dot.jpg

And so on...

Downsides about this method: if you have many access there will be a lot of write activity to the database and by consequence to the disk, so you could use a work queue (as beanstalkd or gearman) to perform background inserts, or write them to the memory engine …

You can type python inside the terminal to get the interpreter, if you want a GUI version then install idle3 by typing:

sudo apt-get install idle3

After that just run idle3 to load the GUI.

Read this: https://help.ubuntu.com/community/Grub2
Grub2 is a bit complex. At the end of the linked page there are some links that explain how to edit the config files.

@Tony I can understand, it happens also to me! ;)

It doesn't work because mysql_query() cannot handle more then a query:

mysql_query() sends a unique query (multiple queries are not supported)

http://php.net/manual/en/function.mysql-query.php

To do that use mysqli: http://www.php.net/manual/en/mysqli.multi-query.php

You don't find ekhtml inside pecl because it isn't a PHP extension.

In order to remove it run sudo make uninstall in the source directory of ekhtml. If you deleted that, download it again and compile it with the same parameters and then run the uninstall command. That should remove everything related to ekhtml. By the way: to get more information about parameters run ./configure --help (for parameters strictly related to the program to compile) and make --help to get more information about the compiling process.

But I did not learn how to create those steps by thinking.

Sorry for that, sometimes I just write too much.. :D

With mysqli you can perform multiple queries in a single call: http://www.php.net/manual/en/mysqli.multi-query.php check the examples and the comments in the manual to get an idea of the method to apply. If you still have doubts post an example of data you want to submit and the table structure. Bye!

This is part of Gnome and it's used by the system when you connect to a remote server (ftp, webdav, ssh):

userspace virtual filesystem - server
gvfs is a userspace virtual filesystem where mount runs as a separate processes which you talk to via D-Bus. It also contains a gio module that seamlessly adds gvfs support to all applications using the gio API. It also supports exposing the gvfs mounts to non-gio applications using fuse.
This package contains the gvfs server that provides gvfs mounts to all gio applications, and the minimal set of backends.

http://packages.ubuntu.com/lucid/gvfs

If you run "Connect to server" and then browse inside .gvfs through the terminal, you will find the map tree of the remote resource.

It seems there's a bug related to your problem, for more information check:

• https://bugs.launchpad.net/ubuntu/+source/php5/+bug/774452
• http://stackoverflow.com/questions/8367748/pecl-install-pecl-http-gives-no-releases-available

Is this happening only with html_parse package?

Anyway try by adding sudo:

sudo pecl install html_parse

Otherwise write the specific package version:

sudo pecl install channel://pecl.php.net/html_parse-1.0.0

And if it doesn't work, download it and run pecl with the local file:

wget http://pecl.php.net/get/html_parse-1.0.0.tgz
sudo pecl install ./html_parse-1.0.0.tgz

If still you have problems you can compile it. Since html_parse depends from ekhtml you have to install it:

wget http://sourceforge.net/projects/ekhtml/files/latest/download
tar xvf download
cd ekhtml-0.3.2
./configure
make
sudo make install

And then do the same with html_parse:

tar xvf html_parse-1.0.0.tgz
cd html_parse-1.0.0
phpize
./configure
make
sudo make install

And it should work.

Try mysql-server and mysql-client, these are metapackages that redirect to the latest version available in repositories. If it doesn't match try dpkg -l mysql-* it will list all the packages related to mysql. And to remove them all, you can run dpkg -r mysql-*

EDIT
You can use --purge to remove also the config files: dpkg --purge mysql-*

I tried the form from the pastebin and it seems to work fine for me, I get:

Array
(
    [name] => Anonymous
    [email] => 
    [title] => 
    [contents] => 
    [id] => 30
    [pid] => 21
    [cid] => 1
)

I just hardcoded $this->id and $this->pid, so check if there is something wrong in the generated source of page.html, which should be page.php, unless your server is handling .html as .php

757 will allow everyone to write, this is not good. The directories hosting the website needs to be owned by the same user running Apache, so set:

• 644 for directories
• 755 for files

If it doesn't work check your configuration.

The problem could be also MySQL, if the bind-address is not on 127.0.0.1 or the firewall is not setted properly, then an attacker can perform a bruteforce, gain access and use mysql shell to read and write files to the system, something like for example:

select "<?php echo 'hello'; ?>" INTO OUTFILE "/var/www/test/hack.php"

This works even as SQL Injection, this is why I asked you to post your code..

Remove all the break from the switch statment, actually when it resolves a condition it doesn't go further to check the others, read this:

It is important to understand how the switch statement is executed in order to avoid mistakes. The switch statement executes line by line (actually, statement by statement). In the beginning, no code is executed. Only when a case statement is found with a value that matches the value of the switch expression does PHP begin to execute the statements. PHP continues to execute the statements until the end of the switch block, or the first time it sees a break statement. If you don't write a break statement at the end of a case's statement list, PHP will go on executing the statements of the following case.

http://php.net/manual/it/control-structures.switch.php

A simple example:

<?php
    $a = array(
        'alpha',
        'bravo',
        'gamma'
    );

    switch($a)
    {
        case $a[0] == 'alpha' && $a[1] == 'bravo':
            echo 'first step';
        case $a[0] == 'alpha' && $a[2] == 'gamma':
            echo 'second step';
        case $a[0] == 'alpha' && $a[1] == 'bravo' && $a[2] == 'gamma':
            echo 'third step';
    }
?>

Bye!

As suggested by pritaeas:

Are you sure your upload script was the way the script got onto your server in the first place?

For example from ftp? Have you tried to change user and password? Do you know if PUT is enabled? Can you show your code? Also since they don't want to enable .htaccess support I would consider to change the hosting service.

In addition to previous suggestions, you can mitigate the problem by adding an .htaccess file to the directory in which are hosted the images and specify to treat them with the default handler for static files:

SetHandler default-handler

If you upload a php file to this directory and try to open it, this will not be executed but downloaded as a simple file. Another measure is to add this line to the .htaccess file:

php_flag engine off

If you click on the links you will get error 404, I've seen this error when trying to download from a local mirror but in your case the fetch is done from the main server... so try to download directly from the repositories:

http://packages.ubuntu.com/quantal/mysql-server-5.5
http://packages.ubuntu.com/quantal/mysql-client-5.5

...and so on for the other dependencies. By the way, have you tried to run apt-get update ?

Configuring a firewall for example, or using a version control system as git or subversion, ssh, PECL and PEAR if you are using PHP, building and using a chroot, dealing with compilation of a program: it's not true that if not compiled is not stable, imagemagick for example is available by apt but you must compile it from source to tune or just to match your server and application features, same story for nginx, apache, gearman, php and mysql. But there is a lot more to take in consideration, it depends on your role (configuring everything or just the httpd server?) and in the application you want to develop.

This is my little list of test tools:

• http://code.google.com/p/skipfish/
• http://cirt.net/nikto2
• http://w3af.org/
• http://wapiti.sourceforge.net/
• http://sourceforge.net/projects/sqlmap/

Consider also to use BackTrack or Samurai, a live distro focused only in web sites testings. Bye!

Change both or die("error") with:

or die(error_log(mysql_error(),0));

Add one also to the query, if the id is something like int(9) not null auto_increment primary key then you don't need to declare with NULL value, otherwise it will return a boolean FALSE. After these changes check /var/log/php_errors.log or the specified file inside /etc/php5/cli/php.ini. Bye!

The problem is here:

//fetching each row as an array and placing it into a holder array ($aData)
while($row=mysql_fetch_assoc($Result)){
$aData[] = $row;
}
//feed the final array to our formatting function...
$contents=getExcelData($aData);

Since you are not declaring $aData before the while loop, if the result set is empty then $aData doesn't exist. To solve add $aData = array(); before the loop and check also if you get something from the query, so you can stop the process, for example:

$aData = array();

if(mysql_num_rows($Result) > 0)
{
    //fetching each row as an array and placing it into a holder array ($aData)
    while($row=mysql_fetch_assoc($Result)){
    $aData[] = $row;
    }
}
else
{
    die('no data');
}

//feed the final array to our formatting function...
$contents=getExcelData($aData);

The expected value for $staff['isadmin'] is a boolean true/false or a string? If it's a boolean then change it to:

if($staff['isadmin'] === 1)

If you have doubts use var_dump($staff['isadmin']); to get the type of value.

Yes, AND is defined by the standard ANSI/SQL.

There is also the strong tag inside the href attribute:

http://www.famaspain.com/<strong>dogfactstemplate.php</strong>?name=$name

Remove it:

http://www.famaspain.com/dogfactstemplate.php?name=$name

Use AND OR not comma. The logical operators available for MySQL are these: http://dev.mysql.com/doc/refman/5.0/en/logical-operators.html

So your query becomes:

$query = "SELECT * FROM customers WHERE firstname = '$firstname' AND lastname = '$lastname'";

Change line 5 and 6:

$query = "SELECT * FROM customers WHERE firstname = '$firstname'";
$result = mysql_query($query);

In case you want to use a different name, it can also be used an alias:

$this->load->model('Model_name', 'admin_user');
$this->admin_user->something();

http://ellislab.com/codeigniter/user-guide/general/models.html#anatomy