php-general Digest 3 Oct 2012 15:54:46 -0000 Issue 7991
Topics (messages 319324 through 319341):
Re: problem with my login script
319324 by: Rodrigo Silva dos Santos
319325 by: Bálint Horváth
319326 by: Rodrigo Silva dos Santos
319327 by: Bálint Horváth
319328 by: Rodrigo Silva dos Santos
319329 by: Maciek Sokolewicz
319330 by: Tim Streater
319331 by: Samuel Lopes Grigolato
319332 by: marco.behnke.biz
319333 by: Thomas Conrad
319334 by: Rodrigo Silva dos Santos
base64_decode
319335 by: John Taylor-Johnston
319336 by: Rodrigo Silva dos Santos
319337 by: Sebastian Krebs
Re: {ATTENTION} Re: [PHP] base64_decode
319338 by: John Taylor-Johnston
319339 by: Samuel Lopes Grigolato
319340 by: Ashley Sheridan
generate a thumbnail with imagick and place a logo on top
319341 by: A Freund
Administrivia:
To subscribe to the digest, e-mail:
php-general-digest-subscr...@lists.php.net
To unsubscribe from the digest, e-mail:
php-general-digest-unsubscr...@lists.php.net
To post to the list, e-mail:
php-gene...@lists.php.net
----------------------------------------------------------------------
--- Begin Message ---
Hello Thomas.
The if are being evaluated in all iterations of the while, the problem is you
didn't stop the loop when it finds what it's searching for. Try putting a break
in the end of the if, them, when the condition match, the while will stop.
And hey! You're using a lot of legacy code for one that is learning php. If you
want, I can give you some tips to modernize your script ;)
Regards, Rodrigo Silva dos Santos.
Enviado por Samsung Mobile
Thomas Conrad <koopasfore...@gmail.com> escreveu:
I'm currently learning php and as a challenge, I'm creating a login
script using text files to store the information (until I learn how to
handle databases with php).
The problem I'm having is the if statement in my while loop is only
evaluated on the last iteration of the while loop, so its only
comparing the last username in the file and no others.
Heres the code:
<?php
session_start();
$users = file("../inc/users.inc.php");
if($_POST['username'] && $_POST['password']){
if(ereg("^[^@ ]+@[^@ ]+\.[^@ \.]+$", $_POST['username'])){
while(list($id ,$username) = each($users)){
if($_POST['username'] == $username){
$_SESSION['logged_in'] = 1;
$_SESSION['username'] = $username;
}
}
if($_SESSION['logged_in'] != 1){
$error = "2";
}
}else{
$error = "4";
}
}else{
$error = "3";
}
if($error){
header("Location: http://koopasforever.com/scripts/login.php?error=$error";);
}else{
header("Location: http://koopasforever.com/";);
}
?>
I have checked all my variables and they all contain the proper information
Some help would be greatly appriciated, Thanks
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--- End Message ---
--- Begin Message ---
The problem was already solved. I forgot to send a copy to the list...
Rodrigo, break!? Ohh man, it's a crazy idea... A developer DOES NOT use
break at all (in a loop)... (switch is an exception)
In the other hand Thomas, you should use while and count the lines and u
need to test if username found...
Yeah, this script is near to the good solution:
<?php
session_start();
$users = file("users.inc.php");
if (!empty($_POST['username']) && !empty($_POST['password'])) {
if (filter_var($_POST['username'], FILTER_VALIDATE_EMAIL)) {
$ui = 0;
while ($ui < count($users) && $error != "0") {
$user = explode(' ', trim($users[$ui]));
if ($_POST['username'] == $user[1]) {
$_SESSION['logged_in'] = 1;
$_SESSION['username'] = $user[1];
$error = "0";
} else{
$error = "2";
}
$ui++;
}
} else {
$error = "4";
}
} else {
$error = "3";
}
if ($error == "0") {
print("redirecting");
} else {
print("error: " . $error);
}
?>
On Tue, Oct 2, 2012 at 8:52 AM, Thomas Conrad <koopasfore...@gmail.com>wrote:
> I'm currently learning php and as a challenge, I'm creating a login
> script using text files to store the information (until I learn how to
> handle databases with php).
> The problem I'm having is the if statement in my while loop is only
> evaluated on the last iteration of the while loop, so its only
> comparing the last username in the file and no others.
>
> Heres the code:
>
> <?php
> session_start();
>
> $users = file("../inc/users.inc.php");
>
> if($_POST['username'] && $_POST['password']){
>
> if(ereg("^[^@ ]+@[^@ ]+\.[^@ \.]+$",
> $_POST['username'])){
>
>
> while(list($id ,$username) = each($users)){
> if($_POST['username'] ==
> $username){
> $_SESSION['logged_in'] = 1;
> $_SESSION['username'] =
> $username;
>
> }
> }
> if($_SESSION['logged_in'] != 1){
> $error = "2";
> }
> }else{
> $error = "4";
> }
> }else{
> $error = "3";
> }
>
> if($error){
> header("Location:
> http://koopasforever.com/scripts/login.php?error=$error";);
> }else{
> header("Location: http://koopasforever.com/";);
> }
>
>
> ?>
>
> I have checked all my variables and they all contain the proper information
>
> Some help would be greatly appriciated, Thanks
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
--- End Message ---
--- Begin Message ---
Better solution than mine (that don't even make a code)
As a Oo developer, a run away from using switch, so I should never use break
too... Good to know. By the way, what's the problem with it?
Enviado por Samsung Mobile
Bálint Horváth <hbal...@gmail.com> escreveu:
The problem was already solved. I forgot to send a copy to the list...
Rodrigo, break!? Ohh man, it's a crazy idea... A developer DOES NOT use
break at all (in a loop)... (switch is an exception)
In the other hand Thomas, you should use while and count the lines and u
need to test if username found...
Yeah, this script is near to the good solution:
<?php
session_start();
$users = file("users.inc.php");
if (!empty($_POST['username']) && !empty($_POST['password'])) {
if (filter_var($_POST['username'], FILTER_VALIDATE_EMAIL)) {
$ui = 0;
while ($ui < count($users) && $error != "0") {
$user = explode(' ', trim($users[$ui]));
if ($_POST['username'] == $user[1]) {
$_SESSION['logged_in'] = 1;
$_SESSION['username'] = $user[1];
$error = "0";
} else{
$error = "2";
}
$ui++;
}
} else {
$error = "4";
}
} else {
$error = "3";
}
if ($error == "0") {
print("redirecting");
} else {
print("error: " . $error);
}
?>
On Tue, Oct 2, 2012 at 8:52 AM, Thomas Conrad <koopasfore...@gmail.com>wrote:
> I'm currently learning php and as a challenge, I'm creating a login
> script using text files to store the information (until I learn how to
> handle databases with php).
> The problem I'm having is the if statement in my while loop is only
> evaluated on the last iteration of the while loop, so its only
> comparing the last username in the file and no others.
>
> Heres the code:
>
> <?php
> session_start();
>
> $users = file("../inc/users.inc.php");
>
> if($_POST['username'] && $_POST['password']){
>
> if(ereg("^[^@ ]+@[^@ ]+\.[^@ \.]+$",
> $_POST['username'])){
>
>
> while(list($id ,$username) = each($users)){
> if($_POST['username'] ==
> $username){
> $_SESSION['logged_in'] = 1;
> $_SESSION['username'] =
> $username;
>
> }
> }
> if($_SESSION['logged_in'] != 1){
> $error = "2";
> }
> }else{
> $error = "4";
> }
> }else{
> $error = "3";
> }
>
> if($error){
> header("Location:
> http://koopasforever.com/scripts/login.php?error=$error";);
> }else{
> header("Location: http://koopasforever.com/";);
> }
>
>
> ?>
>
> I have checked all my variables and they all contain the proper information
>
> Some help would be greatly appriciated, Thanks
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
--- End Message ---
--- Begin Message ---
"As a Oo developer, a run away from using switch" - I don't understand
this: OOP and switch could be good together and I also prefer switch eg. at
action or page selection...
break is an old stuff and not a nice solution (like "goto")... killing a
procedure!? -means wrong planning of an app! (and jumping in the code with
goto also like this)
On Tue, Oct 2, 2012 at 12:11 PM, Rodrigo Silva dos Santos <
rodrigos.santo...@gmail.com> wrote:
> Better solution than mine (that don't even make a code)
>
> As a Oo developer, a run away from using switch, so I should never use
> break too... Good to know. By the way, what's the problem with it?
>
>
> Enviado por Samsung Mobile
>
>
>
> Bálint Horváth <hbal...@gmail.com> escreveu:
>
>
>
> The problem was already solved. I forgot to send a copy to the list...
>
> Rodrigo, break!? Ohh man, it's a crazy idea... A developer DOES NOT use
> break at all (in a loop)... (switch is an exception)
>
> In the other hand Thomas, you should use while and count the lines and u
> need to test if username found...
>
> Yeah, this script is near to the good solution:
> <?php
>
> session_start();
>
> $users = file("users.inc.php");
>
> if (!empty($_POST['username']) && !empty($_POST['password'])) {
> if (filter_var($_POST['username'], FILTER_VALIDATE_EMAIL)) {
> $ui = 0;
> while ($ui < count($users) && $error != "0") {
> $user = explode(' ', trim($users[$ui]));
> if ($_POST['username'] == $user[1]) {
> $_SESSION['logged_in'] = 1;
> $_SESSION['username'] = $user[1];
> $error = "0";
> } else{
> $error = "2";
> }
> $ui++;
> }
> } else {
> $error = "4";
> }
> } else {
> $error = "3";
> }
>
> if ($error == "0") {
> print("redirecting");
> } else {
> print("error: " . $error);
> }
>
> ?>
>
> On Tue, Oct 2, 2012 at 8:52 AM, Thomas Conrad <koopasfore...@gmail.com
> >wrote:
>
> > I'm currently learning php and as a challenge, I'm creating a login
> > script using text files to store the information (until I learn how to
> > handle databases with php).
> > The problem I'm having is the if statement in my while loop is only
> > evaluated on the last iteration of the while loop, so its only
> > comparing the last username in the file and no others.
> >
> > Heres the code:
> >
> > <?php
> > session_start();
> >
> > $users = file("../inc/users.inc.php");
> >
> > if($_POST['username'] && $_POST['password']){
> >
> > if(ereg("^[^@ ]+@[^@ ]+\.[^@ \.]+$",
> > $_POST['username'])){
> >
> >
> > while(list($id ,$username) =
> each($users)){
> > if($_POST['username'] ==
> > $username){
> > $_SESSION['logged_in'] =
> 1;
> > $_SESSION['username'] =
> > $username;
> >
> > }
> > }
> > if($_SESSION['logged_in'] != 1){
> > $error = "2";
> > }
> > }else{
> > $error = "4";
> > }
> > }else{
> > $error = "3";
> > }
> >
> > if($error){
> > header("Location:
> > http://koopasforever.com/scripts/login.php?error=$error";);
> > }else{
> > header("Location: http://koopasforever.com/";);
> > }
> >
> >
> > ?>
> >
> > I have checked all my variables and they all contain the proper
> information
> >
> > Some help would be greatly appriciated, Thanks
> >
> > --
> > PHP General Mailing List (http://www.php.net/)
> > To unsubscribe, visit: http://www.php.net/unsub.php
> >
> >
>
--- End Message ---
--- Begin Message ---
Make sense, I haven't ever realizad how old the code appears like when it haves
a break. Fell like C. Livin' n' learnin'. Thanks!
Enviado por Samsung Mobile
Bálint Horváth <hbal...@gmail.com> escreveu:
"As a Oo developer, a run away from using switch" - I don't understand this:
OOP and switch could be good together and I also prefer switch eg. at action or
page selection...
break is an old stuff and not a nice solution (like "goto")... killing a
procedure!? -means wrong planning of an app! (and jumping in the code with goto
also like this)
On Tue, Oct 2, 2012 at 12:11 PM, Rodrigo Silva dos Santos
<rodrigos.santo...@gmail.com> wrote:
Better solution than mine (that don't even make a code)
As a Oo developer, a run away from using switch, so I should never use break
too... Good to know. By the way, what's the problem with it?
Enviado por Samsung Mobile
Bálint Horváth <hbal...@gmail.com> escreveu:
The problem was already solved. I forgot to send a copy to the list...
Rodrigo, break!? Ohh man, it's a crazy idea... A developer DOES NOT use
break at all (in a loop)... (switch is an exception)
In the other hand Thomas, you should use while and count the lines and u
need to test if username found...
Yeah, this script is near to the good solution:
<?php
session_start();
$users = file("users.inc.php");
if (!empty($_POST['username']) && !empty($_POST['password'])) {
if (filter_var($_POST['username'], FILTER_VALIDATE_EMAIL)) {
$ui = 0;
while ($ui < count($users) && $error != "0") {
$user = explode(' ', trim($users[$ui]));
if ($_POST['username'] == $user[1]) {
$_SESSION['logged_in'] = 1;
$_SESSION['username'] = $user[1];
$error = "0";
} else{
$error = "2";
}
$ui++;
}
} else {
$error = "4";
}
} else {
$error = "3";
}
if ($error == "0") {
print("redirecting");
} else {
print("error: " . $error);
}
?>
On Tue, Oct 2, 2012 at 8:52 AM, Thomas Conrad <koopasfore...@gmail.com>wrote:
> I'm currently learning php and as a challenge, I'm creating a login
> script using text files to store the information (until I learn how to
> handle databases with php).
> The problem I'm having is the if statement in my while loop is only
> evaluated on the last iteration of the while loop, so its only
> comparing the last username in the file and no others.
>
> Heres the code:
>
> <?php
> session_start();
>
> $users = file("../inc/users.inc.php");
>
> if($_POST['username'] && $_POST['password']){
>
> if(ereg("^[^@ ]+@[^@ ]+\.[^@ \.]+$",
> $_POST['username'])){
>
>
> while(list($id ,$username) = each($users)){
> if($_POST['username'] ==
> $username){
> $_SESSION['logged_in'] = 1;
> $_SESSION['username'] =
> $username;
>
> }
> }
> if($_SESSION['logged_in'] != 1){
> $error = "2";
> }
> }else{
> $error = "4";
> }
> }else{
> $error = "3";
> }
>
> if($error){
> header("Location:
> http://koopasforever.com/scripts/login.php?error=$error";);
> }else{
> header("Location: http://koopasforever.com/";);
> }
>
>
> ?>
>
> I have checked all my variables and they all contain the proper information
>
> Some help would be greatly appriciated, Thanks
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
--- End Message ---
--- Begin Message ---
On 02-10-2012 11:59, Bálint Horváth wrote:
The problem was already solved. I forgot to send a copy to the list...
Rodrigo, break!? Ohh man, it's a crazy idea... A developer DOES NOT use
break at all (in a loop)... (switch is an exception)
I personally find this statement to be utter bullshit. There is nothing
wrong with using break. There is a very good reason why it's available
in the language. In very many cases, it costs a lot less code to add a
break than to add additional clauses to your while-conditional.
You don't honestly believe that:
while(list($key,$user) = each(file('someUserList')) and $foundUser=false) {
if($user == $usernameWeAreLookingFor) {
$foundUser = true;
}
}
looks oh so much better than a simple:
foreach(file('someUserList') as $key=>$val) {
if($user == $usernameWeAreLookingFor) {
break;
}
}
Also do note that it is very hard to use your "do not use break, ever"
when you want to use foreach and want to stop at the first find.
Seriously, stop giving advice to never use perfectly good code.
In very complicated, long, loops, I agree that using break in various
places can make debugging difficult. The solution however is not to
refrain from ever using break, but rather to change your code into a
clearer format. This is like saying "you can make bombs from fertilizer,
ergo fertilizer should not ever be used!". Everything has its use, and
abuse. Same goes for goto, it can also be used for good.
In the other hand Thomas, you should use while and count the lines and u
need to test if username found...
Ehr, he could also use foreach, for or any other loop construct...
On a sidenote: please, please, please do not say "u need". There is no
"u" in english, it's written (and pronounced) "you". Stick to that, you
sound like a damned dumb teenager to me when using such needlessly
abbreviated words.
--- End Message ---
--- Begin Message ---
On 02 Oct 2012 at 12:07, Maciek Sokolewicz <maciek.sokolew...@gmail.com> wrote:
> On 02-10-2012 11:59, Bálint Horváth wrote:
>> The problem was already solved. I forgot to send a copy to the list...
>>
>> Rodrigo, break!? Ohh man, it's a crazy idea... A developer DOES NOT use
>> break at all (in a loop)... (switch is an exception)
>
> I personally find this statement to be utter bullshit. There is nothing
> wrong with using break. There is a very good reason why it's available
> in the language. In very many cases, it costs a lot less code to add a
> break than to add additional clauses to your while-conditional.
Agree 100%.
--
Cheers -- Tim
--- End Message ---
--- Begin Message ---
I follow this rule of thumb: small blocks of highly understandable code. If
this demands ternary conditionals or breaks, so be it!
-----Mensagem original-----
De: Tim Streater [mailto:t...@clothears.org.uk]
Enviada em: terça-feira, 2 de outubro de 2012 08:37
Para: PHP General List
Assunto: [PHP] Re: problem with my login script
On 02 Oct 2012 at 12:07, Maciek Sokolewicz <maciek.sokolew...@gmail.com> wrote:
> On 02-10-2012 11:59, Bálint Horváth wrote:
>> The problem was already solved. I forgot to send a copy to the list...
>>
>> Rodrigo, break!? Ohh man, it's a crazy idea... A developer DOES NOT
>> use break at all (in a loop)... (switch is an exception)
>
> I personally find this statement to be utter bullshit. There is
> nothing wrong with using break. There is a very good reason why it's
> available in the language. In very many cases, it costs a lot less
> code to add a break than to add additional clauses to your while-conditional.
Agree 100%.
--
Cheers -- Tim
--- End Message ---
--- Begin Message ---
Just for the record, I'll sign that one.
There is a reason for continue, break and return to exist.
Just make sure, that your code is understandable and there is no problem using
these exits.
If your code is that complicated, that you don't understand a break in it, the
problem is another.
Samuel Lopes Grigolato <samuel.grigol...@gmail.com> hat am 2. Oktober 2012 um
13:40 geschrieben:
> I follow this rule of thumb: small blocks of highly understandable code. If
> this demands ternary conditionals or breaks, so be it!
>
> -----Mensagem original-----
> De: Tim Streater [mailto:t...@clothears.org.uk]
> Enviada em: terça-feira, 2 de outubro de 2012 08:37
> Para: PHP General List
> Assunto: [PHP] Re: problem with my login script
>
> On 02 Oct 2012 at 12:07, Maciek Sokolewicz <maciek.sokolew...@gmail.com>
> wrote:
>
> > On 02-10-2012 11:59, Bálint Horváth wrote:
> >> The problem was already solved. I forgot to send a copy to the list...
> >>
> >> Rodrigo, break!? Ohh man, it's a crazy idea... A developer DOES NOT
> >> use break at all (in a loop)... (switch is an exception)
> >
> > I personally find this statement to be utter bullshit. There is
> > nothing wrong with using break. There is a very good reason why it's
> > available in the language. In very many cases, it costs a lot less
> > code to add a break than to add additional clauses to your
> > while-conditional.
>
> Agree 100%.
>
> --
> Cheers -- Tim
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
Marco Behnke
Dipl. Informatiker (FH), SAE Audio Engineer Diploma
Zend Certified Engineer PHP 5.3
Tel.: 0174 / 9722336
e-Mail: ma...@behnke.biz
Softwaretechnik Behnke
Heinrich-Heine-Str. 7D
21218 Seevetal
http://www.behnke.biz
--- End Message ---
--- Begin Message ---
My problem was solved no need to argue. I don't see why use a while
loop with a count variable when it produces the same result as a
foreach loop. As for using a break in the loop, I could add it but the
loop is gonna stop anyway as soon as it hits the end of the array. I
also didn't see the point in using the explode() function as long as I
remove the (in my opinion) useless index numbers from the text file
containing the username. The following code works as I expect it to:
<?php
session_start();
$users = file("../inc/users.inc.php");
if(!empty($_POST['username']) && !empty($_POST['password'])){
if(filter_var($_POST['username'],
FILTER_VALIDATE_EMAIL)){
foreach($users as $row){
$row = trim($row);
if($_POST['username'] == $row){
$_SESSION['logged_in'] = 1;
$_SESSION['username'] = $row;
}
}
if($_SESSION['logged_in'] != 1){
$error = "2";
}
}else{
$error = "4";
}
}else{
$error = "3";
}
if($error){
header("Location:");
}else{
header("Location:");
}
?>
users.inc.php:
m...@email1.com
m...@email2.com
--- End Message ---
--- Begin Message ---
To break or not to break? that's the question...
All that fight makes me (and, I think that Thomas too) learn a bit more
about all of this. And for finish with all of it. I think that if
something is not deprecated, is because it's is a good idea to use it
somewhere. If the Language developers think that way, i will not discord.
Regards.
Em 02-10-2012 10:35, Thomas Conrad escreveu:
My problem was solved no need to argue. I don't see why use a while
loop with a count variable when it produces the same result as a
foreach loop. As for using a break in the loop, I could add it but the
loop is gonna stop anyway as soon as it hits the end of the array. I
also didn't see the point in using the explode() function as long as I
remove the (in my opinion) useless index numbers from the text file
containing the username. The following code works as I expect it to:
<?php
session_start();
$users = file("../inc/users.inc.php");
if(!empty($_POST['username']) && !empty($_POST['password'])){
if(filter_var($_POST['username'],
FILTER_VALIDATE_EMAIL)){
foreach($users as $row){
$row = trim($row);
if($_POST['username'] == $row){
$_SESSION['logged_in'] = 1;
$_SESSION['username'] = $row;
}
}
if($_SESSION['logged_in'] != 1){
$error = "2";
}
}else{
$error = "4";
}
}else{
$error = "3";
}
if($error){
header("Location:");
}else{
header("Location:");
}
?>
users.inc.php:
m...@email1.com
m...@email2.com
--- End Message ---
--- Begin Message ---
Without anyone infecting their machines, can someone tell me what this
is? I found a phishing site on my DreamHost server. DreamHost has been
very helpful.
We found a file containing this code.
What is it? What does it contain?
<?php
eval(base64_decode('Pz4gPC9kaXY+DQo8ZGl2IGlkPSJmb290ZXIiPjxhIGhyZWY9Imh0dHA6Ly93ZWItaG9zdGluZy1jbGljay5jb20vIiB0aXRsZT0iV2ViIGhvc3RpbmciPldlYiBob3N0aW5nPC9hPg0KPCEtLSAyNyBxdWVyaWVzLiAwLjU2MSBzZWNvbmRzLiAtLT4NCjwvZGl2Pg0KPD9waHAgd3BfZm9vdGVyKCk7ID8+DQo8L2JvZHk+DQo8L2h0bWw+IDw/'));?>
--- End Message ---
--- Begin Message ---
Hello John.
This code generates the following html:
?> </div>
<div id="footer"><a href="http://web-hosting-click.com/"; title="Web
hosting">Web hosting</a>
<!-- 27 queries. 0.561 seconds. -->
</div>
<?php wp_footer(); ?>
</body>
</html> <?
Appears that is nothing dangerous, only "unauthorized advertising".
Em 02-10-2012 14:27, John Taylor-Johnston escreveu:
Without anyone infecting their machines, can someone tell me what this
is? I found a phishing site on my DreamHost server. DreamHost has been
very helpful.
We found a file containing this code.
What is it? What does it contain?
<?php
eval(base64_decode('Pz4gPC9kaXY+DQo8ZGl2IGlkPSJmb290ZXIiPjxhIGhyZWY9Imh0dHA6Ly93ZWItaG9zdGluZy1jbGljay5jb20vIiB0aXRsZT0iV2ViIGhvc3RpbmciPldlYiBob3N0aW5nPC9hPg0KPCEtLSAyNyBxdWVyaWVzLiAwLjU2MSBzZWNvbmRzLiAtLT4NCjwvZGl2Pg0KPD9waHAgd3BfZm9vdGVyKCk7ID8+DQo8L2JvZHk+DQo8L2h0bWw+IDw/'));?>
--- End Message ---
--- Begin Message ---
Am 02.10.2012 19:27, schrieb John Taylor-Johnston:
Without anyone infecting their machines, can someone tell me what this
is? I found a phishing site on my DreamHost server. DreamHost has been
very helpful.
We found a file containing this code.
What is it? What does it contain?
<?php
eval(base64_decode('Pz4gPC9kaXY+DQo8ZGl2IGlkPSJmb290ZXIiPjxhIGhyZWY9Imh0dHA6Ly93ZWItaG9zdGluZy1jbGljay5jb20vIiB0aXRsZT0iV2ViIGhvc3RpbmciPldlYiBob3N0aW5nPC9hPg0KPCEtLSAyNyBxdWVyaWVzLiAwLjU2MSBzZWNvbmRzLiAtLT4NCjwvZGl2Pg0KPD9waHAgd3BfZm9vdGVyKCk7ID8+DQo8L2JvZHk+DQo8L2h0bWw+IDw/'));?>
http://codepad.org/Kyka99fE
--- End Message ---
--- Begin Message ---
Interesting.
Thanks.
It was a footer.php in a webpress theme.
I was wondering if it was a portal someone was using to get onto my server.
I changted ftp passwords and begun using sftp, but phishing code is
still leaking onto my sites. My wordpress copies are up to date and
DreamHost has no real answers as to how someone is uploading and
expanding *.tar.gz files.
Thanks,
john
Rodrigo Silva dos Santos wrote:
Hello John.
This code generates the following html:
?> </div>
<div id="footer"><a href=*MailScanner has detected a possible fraud
attempt from "web-hosting-click.com" claiming to be*
"http://web-hosting-click.com/"; title="Web hosting">Web hosting</a>
<!-- 27 queries. 0.561 seconds. -->
</div>
<?php wp_footer(); ?>
</body>
</html> <?
Appears that is nothing dangerous, only "unauthorized advertising".
Em 02-10-2012 14:27, John Taylor-Johnston escreveu:
Without anyone infecting their machines, can someone tell me what
this is? I found a phishing site on my DreamHost server. DreamHost
has been very helpful.
We found a file containing this code.
What is it? What does it contain?
<?php
eval(base64_decode('Pz4gPC9kaXY+DQo8ZGl2IGlkPSJmb290ZXIiPjxhIGhyZWY9Imh0dHA6Ly93ZWItaG9zdGluZy1jbGljay5jb20vIiB0aXRsZT0iV2ViIGhvc3RpbmciPldlYiBob3N0aW5nPC9hPg0KPCEtLSAyNyBxdWVyaWVzLiAwLjU2MSBzZWNvbmRzLiAtLT4NCjwvZGl2Pg0KPD9waHAgd3BfZm9vdGVyKCk7ID8+DQo8L2JvZHk+DQo8L2h0bWw+IDw/'));?>
--
John Taylor-Johnston
Département de Langues modernes
Cégep de Sherbrooke, Sherbrooke, Québec
http://cegepsherbrooke.qc.ca/~languesmodernes/
http://cegepsherbrooke.qc.ca/~languesmodernes/wiki/
--- End Message ---
--- Begin Message ---
Another way to decode and inspect such data is to use utilities like:
http://www.motobit.com/util/base64-decoder-encoder.asp
By the way, never saw before this kind of sloppy irritating malicious
"obfuscation" =).
Does your server allow execution of the "eval" function? I consider this a
security breach especially if your apache user is not correctly "sandboxed".
I wonder if there is a way to disable execution of this method on shared
servers. AFAIK there is a way, I just can't remember how to do it.
Cheers.
-----Mensagem original-----
De: John Taylor-Johnston [mailto:john.taylor-johns...@cegepsherbrooke.qc.ca]
Enviada em: terça-feira, 2 de outubro de 2012 14:46
Para: Rodrigo Silva dos Santos
Cc: PHP-General
Assunto: [PHP] Re: {ATTENTION} Re: [PHP] base64_decode
Interesting.
Thanks.
It was a footer.php in a webpress theme.
I was wondering if it was a portal someone was using to get onto my server.
I changted ftp passwords and begun using sftp, but phishing code is still
leaking onto my sites. My wordpress copies are up to date and DreamHost has
no real answers as to how someone is uploading and expanding *.tar.gz files.
Thanks,
john
Rodrigo Silva dos Santos wrote:
>
>
> Hello John.
>
> This code generates the following html:
>
>
> ?> </div>
> <div id="footer"><a href=*MailScanner has detected a possible fraud
> attempt from "web-hosting-click.com" claiming to be*
> "http://web-hosting-click.com/"; title="Web hosting">Web hosting</a>
> <!-- 27 queries. 0.561 seconds. -->
> </div>
> <?php wp_footer(); ?>
> </body>
> </html> <?
>
> Appears that is nothing dangerous, only "unauthorized advertising".
>
>
>
>
> Em 02-10-2012 14:27, John Taylor-Johnston escreveu:
>> Without anyone infecting their machines, can someone tell me what
>> this is? I found a phishing site on my DreamHost server. DreamHost
>> has been very helpful.
>> We found a file containing this code.
>> What is it? What does it contain?
>>
>> <?php
>> eval(base64_decode('Pz4gPC9kaXY+DQo8ZGl2IGlkPSJmb290ZXIiPjxhIGhyZWY9I
>> mh0dHA6Ly93ZWItaG9zdGluZy1jbGljay5jb20vIiB0aXRsZT0iV2ViIGhvc3RpbmciPl
>> dlYiBob3N0aW5nPC9hPg0KPCEtLSAyNyBxdWVyaWVzLiAwLjU2MSBzZWNvbmRzLiAtLT4
>> NCjwvZGl2Pg0KPD9waHAgd3BfZm9vdGVyKCk7ID8+DQo8L2JvZHk+DQo8L2h0bWw+IDw/
>> '));?>
>>
>
--
John Taylor-Johnston
Département de Langues modernes
Cégep de Sherbrooke, Sherbrooke, Québec
http://cegepsherbrooke.qc.ca/~languesmodernes/
http://cegepsherbrooke.qc.ca/~languesmodernes/wiki/
--- End Message ---
--- Begin Message ---
On Tue, 2012-10-02 at 15:04 -0300, Samuel Lopes Grigolato wrote:
> Another way to decode and inspect such data is to use utilities like:
> http://www.motobit.com/util/base64-decoder-encoder.asp
>
> By the way, never saw before this kind of sloppy irritating malicious
> "obfuscation" =).
>
> Does your server allow execution of the "eval" function? I consider this a
> security breach especially if your apache user is not correctly "sandboxed".
> I wonder if there is a way to disable execution of this method on shared
> servers. AFAIK there is a way, I just can't remember how to do it.
>
> Cheers.
>
> -----Mensagem original-----
> De: John Taylor-Johnston [mailto:john.taylor-johns...@cegepsherbrooke.qc.ca]
>
> Enviada em: terça-feira, 2 de outubro de 2012 14:46
> Para: Rodrigo Silva dos Santos
> Cc: PHP-General
> Assunto: [PHP] Re: {ATTENTION} Re: [PHP] base64_decode
>
> Interesting.
> Thanks.
> It was a footer.php in a webpress theme.
> I was wondering if it was a portal someone was using to get onto my server.
> I changted ftp passwords and begun using sftp, but phishing code is still
> leaking onto my sites. My wordpress copies are up to date and DreamHost has
> no real answers as to how someone is uploading and expanding *.tar.gz files.
>
> Thanks,
> john
>
> Rodrigo Silva dos Santos wrote:
> >
> >
> > Hello John.
> >
> > This code generates the following html:
> >
> >
> > ?> </div>
> > <div id="footer"><a href=*MailScanner has detected a possible fraud
> > attempt from "web-hosting-click.com" claiming to be*
> > "http://web-hosting-click.com/"; title="Web hosting">Web hosting</a>
> > <!-- 27 queries. 0.561 seconds. -->
> > </div>
> > <?php wp_footer(); ?>
> > </body>
> > </html> <?
> >
> > Appears that is nothing dangerous, only "unauthorized advertising".
> >
> >
> >
> >
> > Em 02-10-2012 14:27, John Taylor-Johnston escreveu:
> >> Without anyone infecting their machines, can someone tell me what
> >> this is? I found a phishing site on my DreamHost server. DreamHost
> >> has been very helpful.
> >> We found a file containing this code.
> >> What is it? What does it contain?
> >>
> >> <?php
> >> eval(base64_decode('Pz4gPC9kaXY+DQo8ZGl2IGlkPSJmb290ZXIiPjxhIGhyZWY9I
> >> mh0dHA6Ly93ZWItaG9zdGluZy1jbGljay5jb20vIiB0aXRsZT0iV2ViIGhvc3RpbmciPl
> >> dlYiBob3N0aW5nPC9hPg0KPCEtLSAyNyBxdWVyaWVzLiAwLjU2MSBzZWNvbmRzLiAtLT4
> >> NCjwvZGl2Pg0KPD9waHAgd3BfZm9vdGVyKCk7ID8+DQo8L2JvZHk+DQo8L2h0bWw+IDw/
> >> '));?>
> >>
> >
>
> --
> John Taylor-Johnston
>
> Département de Langues modernes
> Cégep de Sherbrooke, Sherbrooke, Québec
> http://cegepsherbrooke.qc.ca/~languesmodernes/
> http://cegepsherbrooke.qc.ca/~languesmodernes/wiki/
>
>
>
I'd say the first step is to remove or disable any unnecessary plugins
and make sure all the necessary ones are as up-to-date as they can be. I
recall reading an article recently about the most popular thumbnail
generation plugin for Wordpress (I'm not a Wordpress user, don't recall
the plugin name) that had a security flaw that would allow unauthorised
access to your server.
Look at server logs. See if there is any useful information in them that
would tell you what pages were requested just prior to the .tar.gz
archives being uploaded.
Change login details for both FTP and Wordpress itself for all users if
you can, and maybe check for any added users who shouldn't be there.
If you have a backup of the code files try and restore it. If you don't,
compare a fresh Wordpress install with the plugins you're using to what
you have on the live site to see if there are any other dodgy files on
the server that ought not to be.
Hope that helps some!
--
Thanks,
Ash
http://www.ashleysheridan.co.uk
--- End Message ---
--- Begin Message ---
Hello,
I have a problem creating thumbnails with imagick. The code is working
ok and the thumbnail is generated in the right size etc but when I try
to place a PDF logo on the thumbnail it turns half transparent. I guess
it has something to do with that the PDF file is generated in InDesign
and probably hasn't any background defined. Has anyone come across this
problem or has an idea what to do about it? I tried to put a white
canvas in the background but that didn't help. I also specified a
channel for the compositeImage function but that didn't help either.
This is the PDF file I'm having issues with:
https://dl.dropbox.com/u/13712643/Case_Study.pdf
<http://95.119.206.251/Case_Study.pdf>
The generated Thumbnail looks like this:
https://dl.dropbox.com/u/13712643/Case_Study1.jpg
<http://95.119.206.251/Case_Study1.jpg>
The code I have produced so far: http://pastebin.com/74CYC972
<http://pastebin.com/74CYC972>
Thank you for your help.
All the best,
Andreas
--- End Message ---
