Re: Re: [PHP] Possible My Website was hacked... with PHP... please tell me what this is???
Hi guys what does trolling mean? Never heard of it before. Angelo -Original Message- From: Joel Rees <[EMAIL PROTECTED]> To: "Joe Harman" <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]> Date: Thu, 31 Jul 2003 16:10:24 +0900 Subject: Re: [PHP] Possible My Website was hacked... with PHP... please tell me what this is??? Assuming you are not just trolling, > Fortunatly I don't think they were doing something correctly, cause it > didn't deface my site like some of the others Don't count on it. They only deface servers they don't want to use. > ... > everyone can execute shell commands via system(); on your server. > -> delete the script ;) Oh, by all means, delete it if you want. But it's not the hole it came in through, and it's not the real backdoor. It's so blatent, I'd guess it's a script kiddy or a decoy. Even if it's a script kiddy, you _want_ to know how it got on the box. I'd take the box offline, back up all the data and configuration files, and re-install the whole system and all programs from scratch. Go over every configuration file with a fine-tooth comb. If the machine is on a subnet and I controlled the subnet, I think I'd take the whole subnet down, including the firewall, and clean every machine up, not putting any machine back on the subnet until it was clean and any holes patched. If I didn't control the subnet, I'd make sure the persons who did know there had been a break-in. And if you have any valuable data, consider it to have been stolen. If you have credit card numbers, report the possibility of theft to the credit card companies. Etc. If you're trolling, go away. -- Joel Rees, programmer, Systems Group Altech Corporation (Alpsgiken), Osaka, Japan http://www.alpsgiken.co.jp -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Calling a function at a certain time of day.
thanks craig, just what I was looking for!! >>> "Craig Donnelly" <[EMAIL PROTECTED]> 7/30/2004 1:22:56 PM >>> Have a look at Cron http://www.webmasters-central.com/t/cron.shtml HTH Craig "Angelo Zanetti" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > HI, > > Im slightly in the dark as to do the following. What I need is a thread of > some sort that runs and when the time is midnight, it automatically calls a > script that does something. Can anyone point me in the right direction as to > where to start. Thanks > > Angelo > > > Disclaimer > This e-mail transmission contains confidential information, > which is the property of the sender. > The information in this e-mail or attachments thereto is > intended for the attention and use only of the addressee. > Should you have received this e-mail in error, please delete > and destroy it and any attachments thereto immediately. > Under no circumstances will the Cape Technikon or the sender > of this e-mail be liable to any party for any direct, indirect, > special or other consequential damages for any use of this e-mail. > For the detailed e-mail disclaimer please refer to > http://www.ctech.ac.za/polic or call +27 (0)21 460 3911 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php Disclaimer This e-mail transmission contains confidential information, which is the property of the sender. The information in this e-mail or attachments thereto is intended for the attention and use only of the addressee. Should you have received this e-mail in error, please delete and destroy it and any attachments thereto immediately. Under no circumstances will the Cape Technikon or the sender of this e-mail be liable to any party for any direct, indirect, special or other consequential damages for any use of this e-mail. For the detailed e-mail disclaimer please refer to http://www.ctech.ac.za/polic or call +27 (0)21 460 3911 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Number validation
Nice one John, Come on guys, please read the manual or do some searching before posting. Cheers for now Angelo >>> John Nichel <[EMAIL PROTECTED]> 7/30/2004 4:07:33 PM >>> Andre wrote: > Hello > I need one script in PHP to validate only numbers inserted from a form. > For example like a telephone number. > Thanks. > Well, you could RTFM on regular expressions http://us4.php.net/preg_match Or you could STFW for how to match a phone number... http://www.google.com/search?hl=en&lr=&ie=UTF-8&q=php+regular+expression+match+phone+number&btnG=Search Or you could STFA to see if this has already been asked... http://marc.theaimsgroup.com/?l=php-general&w=2&r=1&s=validate+phone+number&q=b Or you could pay me, and I'll write it for you... $65/hr, 3 hour minimum. -- John C. Nichel ÜberGeek KegWorks.com 716.856.9675 [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php Disclaimer This e-mail transmission contains confidential information, which is the property of the sender. The information in this e-mail or attachments thereto is intended for the attention and use only of the addressee. Should you have received this e-mail in error, please delete and destroy it and any attachments thereto immediately. Under no circumstances will the Cape Technikon or the sender of this e-mail be liable to any party for any direct, indirect, special or other consequential damages for any use of this e-mail. For the detailed e-mail disclaimer please refer to http://www.ctech.ac.za/polic or call +27 (0)21 460 3911 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] html problem
Hi Brent, Looks like the urldecode() method can help you. Check it out in the manual Angelo >>> "Brent Clark" <[EMAIL PROTECTED]> 6/17/2004 2:51:23 PM >>> Hi all When ever I do echo on my variable I get the following out: Business%20Class is there a way to strip the %20, or what ever be displaying if the future. If someone could assist, it would be most appreciated. Kind Regards Brent Clark -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php Disclaimer This e-mail transmission contains confidential information, which is the property of the sender. The information in this e-mail or attachments thereto is intended for the attention and use only of the addressee. Should you have received this e-mail in error, please delete and destroy it and any attachments thereto immediately. Under no circumstances will the Cape Technikon or the sender of this e-mail be liable to any party for any direct, indirect, special or other consequential damages for any use of this e-mail. For the detailed e-mail disclaimer please refer to http://www.ctech.ac.za/polic or call +27 (0)21 460 3911 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Object is not instatiated on POST, Fatal error
Hi all,
I have a PHP file. and when it loads it creates an object for my
database :
include("db_class.inc");
fine.
I make a couple of calls to the database class this is also working
fine. Then I post the page but to itself and then I go into a function
(lets call it xfunction) which is ONLY accessed once the form has been
posted and I get a fatal error:
Fatal error: Call to a member function on a non-object in c:\program
files\apache group\apache\htdocs\zero\opdocument.php on line 98
>From what I've read my database object is not instatiated and therefore
is in theory not an object. However I check before I go into the
xfunction to see if the object is set and it is, then once in the
function (where the error occurs) I test to see if the object is set
again and it tells me that the object is not set.
What could be the reason for the object not being set once being called
in the function (xfunction)?? I have googled and many people get this
error but not many have a clear solution.
Any help or suggestions will be appreciated.
Thanks
Angelo
Disclaimer
This e-mail transmission contains confidential information,
which is the property of the sender.
The information in this e-mail or attachments thereto is
intended for the attention and use only of the addressee.
Should you have received this e-mail in error, please delete
and destroy it and any attachments thereto immediately.
Under no circumstances will the Cape Technikon or the sender
of this e-mail be liable to any party for any direct, indirect,
special or other consequential damages for any use of this e-mail.
For the detailed e-mail disclaimer please refer to
http://www.ctech.ac.za/polic or call +27 (0)21 460 3911
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Problem with session on first page loaded
shouldn't session_start() come first?
also remember that your devel computer might have different settings in
the PHP.ini file to that of your ISP, probably register_globals is set
to off. I would check it.
HTH
Angelo
>>> Jordi Canals <[EMAIL PROTECTED]> 7/2/2004 11:14:28 AM >>>
Hi all,
I have an extrange problem with the session cookie:
In all my pages there I have this two lines to start the session:
session_name('jcwse');
session_start();
When I access my website, at any page, everytyhink works OK, and the
session cookie is set with no problem except for links.
In the fist page I aceess, all links are appended with the session ID.
I mean that in every link, the ?jcwse=da22311212 ... is appended. This
occurs just on the load of first page (not any else). If I reload the
page, then links are formed correctly with no session ID (And sessions
works perfect).
This problem only arises on my ISP hosting (Linux+Apache 1.3) and does
not show on my devel computer (Windows+Apache 2.0). I've been searching
the manual, but found no explanation about that.
Any help will be really welcome.
Regards,
Jordi.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Disclaimer
This e-mail transmission contains confidential information,
which is the property of the sender.
The information in this e-mail or attachments thereto is
intended for the attention and use only of the addressee.
Should you have received this e-mail in error, please delete
and destroy it and any attachments thereto immediately.
Under no circumstances will the Cape Technikon or the sender
of this e-mail be liable to any party for any direct, indirect,
special or other consequential damages for any use of this e-mail.
For the detailed e-mail disclaimer please refer to
http://www.ctech.ac.za/polic or call +27 (0)21 460 3911
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Object is not instatiated on POST, Fatal error SOLVED
Ok guys, I have fixed the problem and its a really easy fix. basically
the object was out of scope and therefore PHP treated my object name as
a new variable and therefore it obvioulsy was not set because it is a
new variable. SO the way I got it working was to just call the code
directly and not put it in a function, or you could pass the object to
the function as an argument.
Hope this can help others in the future!
Angelo
>>> "Jason Paschal" <[EMAIL PROTECTED]> 7/2/2004 11:22:04 AM >>>
would it be necessary/possible to make it global inside the function?
-
http://www.dailymedication.com - Everything you didn't know you
needed
until you went there and said to yourself, "What did I do before I
visited
DailyMedication.com?" and another part of you said, "It does not
matter."
>From: "Angelo binc2" <[EMAIL PROTECTED]>
>To: <[EMAIL PROTECTED]>
>Subject: [PHP] Object is not instatiated on POST, Fatal error
>Date: Fri, 02 Jul 2004 11:14:53 +0200
>
>Hi all,
>
>I have a PHP file. and when it loads it creates an object for my
>database :
>
>include("db_class.inc");
>
>fine.
>
>I make a couple of calls to the database class this is also working
>fine. Then I post the page but to itself and then I go into a
function
>(lets call it xfunction) which is ONLY accessed once the form has
been
>posted and I get a fatal error:
>
>Fatal error: Call to a member function on a non-object in c:\program
>files\apache group\apache\htdocs\zero\opdocument.php on line 98
>
>From what I've read my database object is not instatiated and
therefore
>is in theory not an object. However I check before I go into the
>xfunction to see if the object is set and it is, then once in the
>function (where the error occurs) I test to see if the object is set
>again and it tells me that the object is not set.
>
>What could be the reason for the object not being set once being
called
>in the function (xfunction)?? I have googled and many people get this
>error but not many have a clear solution.
>
>Any help or suggestions will be appreciated.
>Thanks
>
>Angelo
>
>Disclaimer
>This e-mail transmission contains confidential information,
>which is the property of the sender.
>The information in this e-mail or attachments thereto is
>intended for the attention and use only of the addressee.
>Should you have received this e-mail in error, please delete
>and destroy it and any attachments thereto immediately.
>Under no circumstances will the Cape Technikon or the sender
>of this e-mail be liable to any party for any direct, indirect,
>special or other consequential damages for any use of this e-mail.
>For the detailed e-mail disclaimer please refer to
>http://www.ctech.ac.za/polic or call +27 (0)21 460 3911
>
>--
>PHP General Mailing List (http://www.php.net/)
>To unsubscribe, visit: http://www.php.net/unsub.php
>
_
MSN Life Events gives you the tips and tools to handle the turning
points in
your life. http://lifeevents.msn.com
Disclaimer
This e-mail transmission contains confidential information,
which is the property of the sender.
The information in this e-mail or attachments thereto is
intended for the attention and use only of the addressee.
Should you have received this e-mail in error, please delete
and destroy it and any attachments thereto immediately.
Under no circumstances will the Cape Technikon or the sender
of this e-mail be liable to any party for any direct, indirect,
special or other consequential damages for any use of this e-mail.
For the detailed e-mail disclaimer please refer to
http://www.ctech.ac.za/polic or call +27 (0)21 460 3911
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] file upload and permission problem.
Hi all I am trying to upload a file using PHP.
I can successfully create a folder, but when I try upload the file it
gives me the following error when using the move_uploaded_file function:
Warning: move_uploaded_file(c:/program files/apache
group/apache/htdocs/zerodocs/40/) [function.move-uploaded-file]: failed
to create stream: Permission denied in c:\program files\apache
group\apache\htdocs\zero\opdocument.php on line 80
Warning: move_uploaded_file() [function.move-uploaded-file]: Unable to
move 'c:\temp\php7C.tmp' to 'c:/program files/apache
group/apache/htdocs/zerodocs/40/' in c:\program files\apache
group\apache\htdocs\zero\opdocument.php on line 80
Error: Unable to move file to designated directory.
I have checked that filesize, directory, filename etc... to make sure
it should work. I have come to the conclusion that it is the permissions
of the directory created. I am using a windows box. I have read the also
when using mkdir() the mode is ignored for windows machines, so is it a
permission problem or am I missing something?
below is a copy of my upload function:
// root path
$path = $_SERVER['DOCUMENT_ROOT'];
// upload directory. path will originate from root.
$dirname = '/zerodocs/' . $_SESSION['o_id'] . "/";
// permission settings for newly created folders
$chmod = 0755;
// create file vars to make things easier to read.
$filename = $_FILES['myfile']['name'];
$filesize = $_FILES['myfile']['size'];
$filetype = $_FILES['myfile']['type'];
$file_tmp = $_FILES['myfile']['tmp_name'];
$file_err = $_FILES['myfile']['error'];
$file_ext = strrchr($filename, '.');
// check if user actually put something in the file input field.
if (($file_err == 0) && ($filesize != 0))
{
// Check extension.
if (!$file_ext)
{
unlink($file_tmp);
die('File must have an extension.');
}
// extra check to prevent file attacks.
if (is_uploaded_file($file_tmp))
{
/*
* check if the directory exists
* if it doesnt exist, make the directory
*/
$dir = $path . $dirname;
if (!is_dir($dir))
{
$dirtemp = explode('/', $dirname);
foreach ($dirtemp as $sub_dir)
{
$path .= '/' . $sub_dir;
if (!is_dir($path))
{
if (!mkdir($path, $chmod))
{
unlink($file_tmp);
die('Error: Directory does
not exist and was unable to be created.');
}
}
}
}
/*
* copy the file from the temporary upload directory
* to its final detination.
*/
echo("Dir: " . $dir);
echo(" filename: " . $filename);
if (move_uploaded_file($file_tmp, $dir))
{
// get date time stamp
$today=getdate();
$dt=$today['year']."-".
$today['mon']."-".$today['mday']."
".$today['hours'].":".$today['minutes'].":".$today['seconds'];
//add file and directory info to the
database for the operation
$connect->addFileTodb($_SESSION['o_id'],
$filename, $dir, $dt);
}
else
{
// error moving file. check file permissions.
unlink($file_tmp);
echo 'Error: Unable to move file to
designated directory.';
}
}
else
{
// file seems suspicious... delete file and error out.
unlink($file_tmp);
echo 'Error: File does not appear to be a
valid upload. Could be a file attack.';
}
}
else
{
// Kill temp file, if any, and display error.
if ($file_tmp != '')
{
unlink($file_tmp);
}
switch ($file_err)
{
case '0':
echo 'That is not a valid file. 0 byte length.';
break;
case '1':
echo 'This file, at ' . $filesize . ' bytes, exceeds
the maximum allowed file size as set in php.ini. '.
'Please contact your system admin.';
break;
case '2':
echo 'This file exceeds the maximum file size specified
in your HTML form.';
break;
case '3':
echo 'File was only partially uploaded. This could be
the result of your connection '.
'being dropped in the middle of the upload.';
case '4':
echo 'You did not upload anything... Please go back and
select a file to upload.';
Re: [PHP] file upload and permission problem.
So if it is a windows box, how would I set the permissions? or is the permissions of the person who is logged into the machine? Thanks In advance >>> raditha dissanayake <[EMAIL PROTECTED]> 7/5/2004 4:08:41 PM >>> Angelo binc2 wrote: >Hi all I am trying to upload a file using PHP. > >I can successfully create a folder, but when I try upload the file it >gives me the following error when using the move_uploaded_file function: > > >Warning: move_uploaded_file(c:/program files/apache >group/apache/htdocs/zerodocs/40/) [function.move-uploaded-file]: failed >to create stream: Permission denied in c:\program files\apache >group\apache\htdocs\zero\opdocument.php on line 80 > > Please post only the relevent sections of your code in future messages instead of the complete script. You are more likely to get an answer then. This problem reffered to seemed to be caused by the user that owns the webserver process not having the write permissions for the folder that you have created. I am sure this would have been discussed in the user contributed comments under the file uploaded sections of the manual. Usually giving write permissions is all that it would take. -- Raditha Dissanayake. - http://www.raditha.com/megaupload/upload.php Sneak past the PHP file upload limits. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php Disclaimer This e-mail transmission contains confidential information, which is the property of the sender. The information in this e-mail or attachments thereto is intended for the attention and use only of the addressee. Should you have received this e-mail in error, please delete and destroy it and any attachments thereto immediately. Under no circumstances will the Cape Technikon or the sender of this e-mail be liable to any party for any direct, indirect, special or other consequential damages for any use of this e-mail. For the detailed e-mail disclaimer please refer to http://www.ctech.ac.za/polic or call +27 (0)21 460 3911 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
