[PHP] Re: php vulnerability
Shafiq Rehman <[EMAIL PROTECTED]> writes: > Hi all, > > Thanx to all of you. My server is running on Linux and there is not any > phpbb running on it. If vulnerability is in my code.. Is there any way that > I can find the buggy code on my server which allowed that trojan to write > into all the index files. > > I analyzed the apache logs but did not found any thing wrong. My server is > protected with firewar and only port 80 is opened. - If you have a backup of your data (which was taken before you detected the crack on your server), it would be a good idea to reload linux on your box and populate it with the sane data. - How did you analyze your apache logs ? - Check out http://public.yahoo.com/~radwin/talks/one-year-of-php-oscon2003.htm especially the "security" part. -- Raj Shekhar blog : http://rajshekhar.net/blog home : http://rajshekhar.net Disclaimer : http://rajshekhar.net/disclaimer -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[suspicious - maybe spam] [PHP] [suspicious - maybe spam] Re: [suspicious - maybe spam] Need advice or code
Death Gauge wrote: I've made a site with 5 sites in it and has about 6 MySQL/PHP News databases. A while back I tried to use drop-down combo boxes to make a single page that linked all 6 news scripts so I could pick one from the drop-down enter the news and hit submit to add it to the site. The down side is that it didn't work and deactivated the submit button. Is there a way to make a drop-down combo box so that when I pick the item name it loads the said page under the combo box and then lets you submit and pick another one if you need to post to another database. I have 6 scripts that post to each database. Any help, code, or advice would be greatly appreciated. --Death Gauge "How do you gauge your death?!" _ Express yourself instantly with MSN Messenger! Download today - it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ Maybe try a bit of XmlHTTPRequest and some Javascript. When the first item is selected (and maybe a submit button is pressed) it goes to the XmlHTTPRequest script, gets the data from a php script and echos the output. I'm only a beginner on XmlHTTPRequest, so I can't help you code-wise. Sorry. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Ahmed Abdel-Aliem has invited you to try Google Talk.
I've been using Google Talk and thought you might like to try it out. We can use it to call each other for free over the internet. Here's an invitation to download Google Talk. Give it a try! --- Ahmed Abdel-Aliem has invited you to sign up for Google Talk so you can talk to each other for free over your computers. Signing up also gives you Gmail, a free Google email account with over 2,000 megabytes of storage. To accept this invitation and get Google Talk and Gmail, visit: http://mail.google.com/mail/a-353c367f8f-9c28f4a6d8-e736913ada If you already have a Gmail account, please visit: http://mail.google.com/mail/b-353c367f8f-9c28f4a6d8-d3c240b87504c300 Google Talk is a downloadable Windows application that lets you send instant messages to your friends and make free phone calls over an internet connection. Google Talk offers excellent voice quality and works with any computer speaker and microphone. Gmail is Google's free email service, offering lots of free storage, powerful spam protection, built-in search for finding your messages, and a helpful way of organizing email into "conversations." And there are no pop-up ads or untargeted banners - just text ads and related information that are relevant to the content of your messages. Once you sign up, we'll notify Ahmed Abdel-Aliem of your new Gmail address and add you to each others' Friends lists so you can start talking right away. Gmail and Google Talk are still in beta. We're working hard to add new features and make improvements, so we might also ask for your comments and suggestions periodically. We appreciate your help in making our products even better! Thanks, The Gmail and Google Talk Teams To learn more about Gmail and Google Talk, visit: http://mail.google.com/mail/help/benefits.html http://www.google.com/talk/about.html (If clicking the URLs in this message does not work, copy and paste them into the address bar of your browser). -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] PHP MySql Extension No Loading
ensure you have php_mysql.dll on c:\PHP\ext and don't forget to check php.ini location, it must comply with httpd.conf ( see PHPIniDir ".") and restart apache after editing both of files. From: Glen Zimmerman [mailto:[EMAIL PROTECTED] Sent: Sat 27-Aug-2005 01:08 To: php-general@lists.php.net Subject: [PHP] PHP MySql Extension No Loading I am setting up Apache 2.0.54 with PHP 5.0.4 on a Windows 2000 work station running MySQL 4.1.12a-nt. When I start Apache, I receive the error message, "PHP Startup: Unable to load dynamic library 'C:\PHP\ext\php_mysql.dll'. I have C:\PHP set in the environment variable path. In the php.ini file I have the following set(I have tried it with both the final "\" included and excluded): extension_dir = "C:\PHP\ext\" I do not get an error when I try to load the php_oci8.dll. Just for php_mysql.dll. What am I missing? DISCLAIMER: The information in this email is confidential and proprietary. If you are not the intended recipient, please do not read, copy, use, or disclose the contents of this communication. Please permanently delete this e-mail and all copies that you may have. This information may be subject to privilege or may otherwise be protected by legal rules.
Re: [PHP] PHP Security
Richard Lynch wrote: The actual text is: "...in a Web service protocol FOR PHP" Good catch. The summary sent to the list was: "A new security flaw in the PHP Web service protocol used by a large number of Web applications could allow attackers to take control of vulnerable servers." Thanks for clarifying. Chris -- Chris Shiflett Brain Bulb, The PHP Consultancy http://brainbulb.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Apache Installation Error: Cannot load /usr/lib64/httpd/modules/libphp4.so into server: undefined symbol: unixd_config
Hello, guys I am trying to configure apache_1.3.33 with php 4.3.9 on my linux box. After adding LoadModule php4_module /usr/lib64/httpd/modules/libphp4.so to http.conf, I started httpd by "apachectl start" and got the following error message: Cannot load /usr/lib64/httpd/modules/libphp4.so into server: /usr/lib64/httpd/modules/libphp4.so: undefined symbol: unixd_config ./bin/apachectl start: httpd could not be started I have been beating my head against this for quite a while. Is there anyone who can help me figure it out? Many thanks Chinyi Woo -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] syntax for multiple boolean
I want to check if multiple fields are empty and want to find the best
shorthand way to do it. What are the rules with brackets in PHP.
if (empty ($fname){
//do something
}
if (empty ($sname){
//the same thing
}
if (empty ($address){
//do the same ting again
}
R.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] sscanf() not returning info
Can anyone tell me what is wrong here?
Pic 1";
$info = sscanf($data,"%s");
var_dump($info);
?>
Returns:
array(3) {
[0]=>
string(12) "new20030101""
[1]=>
NULL
[2]=>
NULL
}
I expect:
array(3) {
[0]=>
string(11) "new20030101"
[1]=>
string(10) "Zero01.jpg"
[2]=>
string(5) "Pic 1"
}
//Simon
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] syntax for multiple boolean
You could write what your code does now like this.
if (empty ($fname) || empty ($sname) || empty ($address))
{
// do something
}
If you want your first condition to be met and one of your second two
conditions to be met you can do it like this:
if (empty ($fname) && (empty ($sname) || empty ($address)))
{
// do something
}
Of course the first example will run the code if any of the fields are
empty. The second will run it if the first and second or third are empty.
Hope that helps.
Andrew Darrow
Kronos1 Productions
www.pudlz.com
- Original Message -
From: "Ross" <[EMAIL PROTECTED]>
To:
Sent: Saturday, August 27, 2005 10:42 AM
Subject: [PHP] syntax for multiple boolean
> I want to check if multiple fields are empty and want to find the best
> shorthand way to do it. What are the rules with brackets in PHP.
>
>
> if (empty ($fname){
>
> //do something
>
> }
>
> if (empty ($sname){
>
> //the same thing
>
> }
>
> if (empty ($address){
>
> //do the same ting again
>
> }
>
>
> R.
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
>
>
>
> --
> No virus found in this incoming message.
> Checked by AVG Anti-Virus.
> Version: 7.0.344 / Virus Database: 267.10.16/83 - Release Date: 8/26/2005
>
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] & and mySQL
Hi, I am trying to search mySQL for URLs that include & in them. I start with a standard URL that uses &, use str_replace to put in &, and then do a mySQL query. However, nothing is found when I run the search through PHP. When I do the search directly through phpMyadmin, it works fine. Anyone know what the problem is? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] PHP MySql Extension No Loading
Yes, I have the dll in the right place (C:\php\ext), and PHPIniDir is set to C:\php where php.ini is located. I know that php.ini is being picked up, because the changes I make to the file take affect when I restart Apache. PHP is loading properly as the php function, phpinfo, does display the proper information page when I run a test. I just cannot get php_mysql.dll to load. I have gone through the PHP installation documentation several times, but it has not made a difference. I just don't know what I have over looked.
[PHP] Image Rendering/Generation Options
Hello, all - I've seen a few times, albeit I don't know how, people generate images on a page in different ways, such as maybe using base64 to output the raw image data into a page? Is this correct? If so, what does it "look" like? How would one go about doing this? If not, what are my options to achieve something like this? What are my alternatives? What kind of performance impact, if any, does this make on both the load on the server and the rendering time for a given image to the client? Last but certainly not least, is this a dumb idea? What I'm looking to do is to deliver dynamic content to the browser, without writing images to disk. I simply want what would be written to disk, be displayed in a specific area I'm talking about. I'm sorry if this is a dumb question. Once I get a few more clues here, I'll be able to figure the rest of this out pretty well, I'm quite sure. As always, thanks for the time -dant -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Image Rendering/Generation Options
Well, you can't output HTML *and* an image in the same request. What you can do is generate HTML in one script, put image tags in the HTML that references a another script, which actually outputs the image. So something like: Then in myimage.php you would output the correct headers (such as "Content-Type: image/gif" for example) and output the raw binary data that makes up the image. You can probably glean a lot of useful information from the GD portion of the manual: http://www.php.net/gd Chris Dan Trainor wrote: Hello, all - I've seen a few times, albeit I don't know how, people generate images on a page in different ways, such as maybe using base64 to output the raw image data into a page? Is this correct? If so, what does it "look" like? How would one go about doing this? If not, what are my options to achieve something like this? What are my alternatives? What kind of performance impact, if any, does this make on both the load on the server and the rendering time for a given image to the client? Last but certainly not least, is this a dumb idea? What I'm looking to do is to deliver dynamic content to the browser, without writing images to disk. I simply want what would be written to disk, be displayed in a specific area I'm talking about. I'm sorry if this is a dumb question. Once I get a few more clues here, I'll be able to figure the rest of this out pretty well, I'm quite sure. As always, thanks for the time -dant -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Image Rendering/Generation Options
Dan Trainor wrote:
I've seen a few times, albeit I don't know how, people generate images
on a page in different ways, such as maybe using base64 to output the
raw image data into a page? Is this correct?
If so, what does it "look" like? How would one go about doing this?
If not, what are my options to achieve something like this? What are my
alternatives? What kind of performance impact, if any, does this make
on both the load on the server and the rendering time for a given image
to the client? Last but certainly not least, is this a dumb idea?
What I'm looking to do is to deliver dynamic content to the browser,
without writing images to disk. I simply want what would be written to
disk, be displayed in a specific area I'm talking about.
I'm sorry if this is a dumb question. Once I get a few more clues here,
I'll be able to figure the rest of this out pretty well, I'm quite sure.
To output it directly on the page (with base64 or otherwise), you need
to make use of the data: URI scheme [1]. This is, unfortunately, not
supported by (you guessed it) MSIE, although I believe Gecko-based
browsers have support. Not sure about Opera.
However, the usual way to go about this is to do something like:
in the HTML, and then in some_script.php put the following code:
header('Content-Type: image/jpeg'); //or whatever image type
and use GD functions [2] to create and output the image.
HTH
Jasper
[1] http://www.faqs.org/rfcs/rfc2396.html
[2] http://www.php.net/gd
--
Jasper Bryant-Greene
Freelance web developer
http://jasper.bryant-greene.name/
If you find my advice useful, please consider donating to a poor
student! You can choose whatever amount you think my advice was
worth to you. http://tinyurl.com/7oa5s
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP]Re: Need advice or code
I would do that but my preferences don't include XML. Right now I code in just PHP/MySQL/Javascript/Java/C++/ASM and that is it(of course C++ and ASM don't count as web languages heh). --Death Gauge "How do you gauge your death?!" Maybe try a bit of XmlHTTPRequest and some Javascript. When the first item is selected (and maybe a submit button is pressed) it goes to the XmlHTTPRequest script, gets the data from a php script and echos the output. I'm only a beginner on XmlHTTPRequest, so I can't help you code-wise. Sorry. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php _ On the road to retirement? Check out MSN Life Events for advice on how to get there! http://lifeevents.msn.com/category.aspx?cid=Retirement -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP]Re: Need advice or code
You don't need to use XML with XmlHTTPRequest. The returned data can be a simple text string. XmlHTTPRequest is the best javascript technology to come out. It's done wonders for the interactivity of my websites. It's well worth the time to learn. -Original Message- From: Death Gauge [mailto:[EMAIL PROTECTED] Sent: Saturday, August 27, 2005 8:17 PM To: php-general@lists.php.net Subject: RE: [PHP]Re: Need advice or code I would do that but my preferences don't include XML. Right now I code in just PHP/MySQL/Javascript/Java/C++/ASM and that is it(of course C++ and ASM don't count as web languages heh). --Death Gauge "How do you gauge your death?!" Maybe try a bit of XmlHTTPRequest and some Javascript. When the first item is selected (and maybe a submit button is pressed) it goes to the XmlHTTPRequest script, gets the data from a php script and echos the output. I'm only a beginner on XmlHTTPRequest, so I can't help you code-wise. Sorry. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php _ On the road to retirement? Check out MSN Life Events for advice on how to get there! http://lifeevents.msn.com/category.aspx?cid=Retirement -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
