php-general Digest 2 Oct 2012 06:52:47 -0000 Issue 7990
php-general Digest 2 Oct 2012 06:52:47 - Issue 7990 Topics (messages 319319 through 319323): Re: php can't insert data mysql table 319319 by: Tim Dunphy Re: Basic Statistics 319320 by: Sebastian Krebs Good tutorial for compiling last PHP with Apache support from source 319321 by: Alan Hoffmeister 319322 by: Rodrigo Silva dos Santos problem with my login script 319323 by: Thomas Conrad Administrivia: To subscribe to the digest, e-mail: php-general-digest-subscr...@lists.php.net To unsubscribe from the digest, e-mail: php-general-digest-unsubscr...@lists.php.net To post to the list, e-mail: php-gene...@lists.php.net -- ---BeginMessage--- I think the comment about your cannot insert query was because it really did not make sense. Once truly cannot insert a query. Since you ask tho, a more approp message might be Insert query failed to execute.brError returned was . mysqli_error() . brQuery was $q As for your index issue - you are using an autoincrement(?) field as the primary key. Is this related to another record in your db? If not, why even have the primary key? Hey! I really like your error message. Borrowing it! :) Yes I am now using auto_increment, and that's what seemed to solve my issue. Looks like a simple omission in forgetting to use auto_increment and using primary key. I usually know better. I'll blame this one on the clonopin. lol thank you tim On Mon, Oct 1, 2012 at 12:30 PM, Jim Giner jim.gi...@albanyhandball.comwrote: On 10/1/2012 12:20 PM, Tim Dunphy wrote: hey thanks guys adding debugging info worked. Actually it was mysqli_error() providing me with a specific error of where the problem was. Cannot insert query:Duplicate entry '0' for key 'PRIMARY' This is the data in the table mysql select * from guitarwars; ++-+--**-+---+** ---+ | id | date| name | score | screenshot | ++-+--**-+---+** ---+ | 0 | 2012-10-01 11:55:45 | Tommy Tutone | 2442 | bg_titlestrip.jpg | | 1 | 2012-10-01 08:34:18 | Dunphy| 2 | proof.jpg | | 2 | 2012-10-01 00:25:53 | ray davies| NULL | 2241 | | 3 | 2008-04-22 14:37:34 | Paco Jastorius| NULL | NULL | | 4 | 2008-04-22 21:27:54 | Nevil Johansson | NULL | NULL | | 5 | 2008-04-23 09:12:53 | Belita Chevy | NULL | NULL | | 6 | 2008-04-23 14:09:50 | Kenny Lavitz | NULL | NULL | | 7 | 2008-04-24 08:13:52 | Phiz Lairston | NULL | NULL | | 8 | 2008-04-25 07:22:19 | Jean Paul Jones | NULL | NULL | | 9 | 2008-04-25 11:49:23 | Jacob Scorcherson | NULL | NULL | ++-+--**-+---+** ---+ This was the query I was using: $query = INSERT INTO guitarwars (date, name, score, screenshot) VALUES (NOW(), '$name', '$score', '$screenshot'); It seems to be inserting a default value of 0 since the id is not being specified and that's when I realized that I had failed to auto_increment the id column. D'oh! So once I did that everything worked like a charm. @Ken First -- NEVER post code with your database username/password. Since you did, change your db password immediately. Well actually I did not. Did you really think 'secretsauce' was my password? :) But I guess you're right in that this may be a little ambiguous when seeking advice in lists so from now on I will take your advice on making login information unambiguously fake in the form of user='' and password='xxx'. @Stuart But take note of what everyone else is saying. You should be getting the error message when this happens which will tell you exactly what the problem is, above and beyond Cannot insert query (which, btw, makes no sense at all :)). Ok well I'm using an 'insert' query so I'm not sure why you say that this makes no sense at all. :)) If you don't mind giving this n00b advice what would be a better/more accurate error message? They take away from this for me was.. don't skimp on the error messages! The one I got was so clear that fixing the problem was easy at that point. But thanks again guys.. this list has been an indispensable source source of wisdom on my journey in learning PHP. Tim Thanks again guys, Tim I think the comment about your cannot insert query was because it really did not make sense. Once truly cannot insert a query. Since you ask tho, a more approp message might be Insert query failed to execute.brError returned was . mysqli_error() . brQuery was $q As for your index issue - you are using an autoincrement(?) field as the primary key. Is this related to another record in your db? If not, why even have the primary key? -- PHP General Mailing List
Re: [PHP] problem with my login script
Hello Thomas. The if are being evaluated in all iterations of the while, the problem is you didn't stop the loop when it finds what it's searching for. Try putting a break in the end of the if, them, when the condition match, the while will stop. And hey! You're using a lot of legacy code for one that is learning php. If you want, I can give you some tips to modernize your script ;) Regards, Rodrigo Silva dos Santos. Enviado por Samsung Mobile Thomas Conrad koopasfore...@gmail.com escreveu: I'm currently learning php and as a challenge, I'm creating a login script using text files to store the information (until I learn how to handle databases with php). The problem I'm having is the if statement in my while loop is only evaluated on the last iteration of the while loop, so its only comparing the last username in the file and no others. Heres the code: ?php session_start(); $users = file(../inc/users.inc.php); if($_POST['username'] $_POST['password']){ if(ereg(^[^@ ]+@[^@ ]+\.[^@ \.]+$, $_POST['username'])){ while(list($id ,$username) = each($users)){ if($_POST['username'] == $username){ $_SESSION['logged_in'] = 1; $_SESSION['username'] = $username; } } if($_SESSION['logged_in'] != 1){ $error = 2; } }else{ $error = 4; } }else{ $error = 3; } if($error){ header(Location: http://koopasforever.com/scripts/login.php?error=$error;); }else{ header(Location: http://koopasforever.com/;); } ? I have checked all my variables and they all contain the proper information Some help would be greatly appriciated, Thanks -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] problem with my login script
The problem was already solved. I forgot to send a copy to the list... Rodrigo, break!? Ohh man, it's a crazy idea... A developer DOES NOT use break at all (in a loop)... (switch is an exception) In the other hand Thomas, you should use while and count the lines and u need to test if username found... Yeah, this script is near to the good solution: ?php session_start(); $users = file(users.inc.php); if (!empty($_POST['username']) !empty($_POST['password'])) { if (filter_var($_POST['username'], FILTER_VALIDATE_EMAIL)) { $ui = 0; while ($ui count($users) $error != 0) { $user = explode(' ', trim($users[$ui])); if ($_POST['username'] == $user[1]) { $_SESSION['logged_in'] = 1; $_SESSION['username'] = $user[1]; $error = 0; } else{ $error = 2; } $ui++; } } else { $error = 4; } } else { $error = 3; } if ($error == 0) { print(redirecting); } else { print(error: . $error); } ? On Tue, Oct 2, 2012 at 8:52 AM, Thomas Conrad koopasfore...@gmail.comwrote: I'm currently learning php and as a challenge, I'm creating a login script using text files to store the information (until I learn how to handle databases with php). The problem I'm having is the if statement in my while loop is only evaluated on the last iteration of the while loop, so its only comparing the last username in the file and no others. Heres the code: ?php session_start(); $users = file(../inc/users.inc.php); if($_POST['username'] $_POST['password']){ if(ereg(^[^@ ]+@[^@ ]+\.[^@ \.]+$, $_POST['username'])){ while(list($id ,$username) = each($users)){ if($_POST['username'] == $username){ $_SESSION['logged_in'] = 1; $_SESSION['username'] = $username; } } if($_SESSION['logged_in'] != 1){ $error = 2; } }else{ $error = 4; } }else{ $error = 3; } if($error){ header(Location: http://koopasforever.com/scripts/login.php?error=$error;); }else{ header(Location: http://koopasforever.com/;); } ? I have checked all my variables and they all contain the proper information Some help would be greatly appriciated, Thanks -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] problem with my login script
Better solution than mine (that don't even make a code) As a Oo developer, a run away from using switch, so I should never use break too... Good to know. By the way, what's the problem with it? Enviado por Samsung Mobile Bálint Horváth hbal...@gmail.com escreveu: The problem was already solved. I forgot to send a copy to the list... Rodrigo, break!? Ohh man, it's a crazy idea... A developer DOES NOT use break at all (in a loop)... (switch is an exception) In the other hand Thomas, you should use while and count the lines and u need to test if username found... Yeah, this script is near to the good solution: ?php session_start(); $users = file(users.inc.php); if (!empty($_POST['username']) !empty($_POST['password'])) { if (filter_var($_POST['username'], FILTER_VALIDATE_EMAIL)) { $ui = 0; while ($ui count($users) $error != 0) { $user = explode(' ', trim($users[$ui])); if ($_POST['username'] == $user[1]) { $_SESSION['logged_in'] = 1; $_SESSION['username'] = $user[1]; $error = 0; } else{ $error = 2; } $ui++; } } else { $error = 4; } } else { $error = 3; } if ($error == 0) { print(redirecting); } else { print(error: . $error); } ? On Tue, Oct 2, 2012 at 8:52 AM, Thomas Conrad koopasfore...@gmail.comwrote: I'm currently learning php and as a challenge, I'm creating a login script using text files to store the information (until I learn how to handle databases with php). The problem I'm having is the if statement in my while loop is only evaluated on the last iteration of the while loop, so its only comparing the last username in the file and no others. Heres the code: ?php session_start(); $users = file(../inc/users.inc.php); if($_POST['username'] $_POST['password']){ if(ereg(^[^@ ]+@[^@ ]+\.[^@ \.]+$, $_POST['username'])){ while(list($id ,$username) = each($users)){ if($_POST['username'] == $username){ $_SESSION['logged_in'] = 1; $_SESSION['username'] = $username; } } if($_SESSION['logged_in'] != 1){ $error = 2; } }else{ $error = 4; } }else{ $error = 3; } if($error){ header(Location: http://koopasforever.com/scripts/login.php?error=$error;); }else{ header(Location: http://koopasforever.com/;); } ? I have checked all my variables and they all contain the proper information Some help would be greatly appriciated, Thanks -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] problem with my login script
As a Oo developer, a run away from using switch - I don't understand this: OOP and switch could be good together and I also prefer switch eg. at action or page selection... break is an old stuff and not a nice solution (like goto)... killing a procedure!? -means wrong planning of an app! (and jumping in the code with goto also like this) On Tue, Oct 2, 2012 at 12:11 PM, Rodrigo Silva dos Santos rodrigos.santo...@gmail.com wrote: Better solution than mine (that don't even make a code) As a Oo developer, a run away from using switch, so I should never use break too... Good to know. By the way, what's the problem with it? Enviado por Samsung Mobile Bálint Horváth hbal...@gmail.com escreveu: The problem was already solved. I forgot to send a copy to the list... Rodrigo, break!? Ohh man, it's a crazy idea... A developer DOES NOT use break at all (in a loop)... (switch is an exception) In the other hand Thomas, you should use while and count the lines and u need to test if username found... Yeah, this script is near to the good solution: ?php session_start(); $users = file(users.inc.php); if (!empty($_POST['username']) !empty($_POST['password'])) { if (filter_var($_POST['username'], FILTER_VALIDATE_EMAIL)) { $ui = 0; while ($ui count($users) $error != 0) { $user = explode(' ', trim($users[$ui])); if ($_POST['username'] == $user[1]) { $_SESSION['logged_in'] = 1; $_SESSION['username'] = $user[1]; $error = 0; } else{ $error = 2; } $ui++; } } else { $error = 4; } } else { $error = 3; } if ($error == 0) { print(redirecting); } else { print(error: . $error); } ? On Tue, Oct 2, 2012 at 8:52 AM, Thomas Conrad koopasfore...@gmail.com wrote: I'm currently learning php and as a challenge, I'm creating a login script using text files to store the information (until I learn how to handle databases with php). The problem I'm having is the if statement in my while loop is only evaluated on the last iteration of the while loop, so its only comparing the last username in the file and no others. Heres the code: ?php session_start(); $users = file(../inc/users.inc.php); if($_POST['username'] $_POST['password']){ if(ereg(^[^@ ]+@[^@ ]+\.[^@ \.]+$, $_POST['username'])){ while(list($id ,$username) = each($users)){ if($_POST['username'] == $username){ $_SESSION['logged_in'] = 1; $_SESSION['username'] = $username; } } if($_SESSION['logged_in'] != 1){ $error = 2; } }else{ $error = 4; } }else{ $error = 3; } if($error){ header(Location: http://koopasforever.com/scripts/login.php?error=$error;); }else{ header(Location: http://koopasforever.com/;); } ? I have checked all my variables and they all contain the proper information Some help would be greatly appriciated, Thanks -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] problem with my login script
Make sense, I haven't ever realizad how old the code appears like when it haves a break. Fell like C. Livin' n' learnin'. Thanks! Enviado por Samsung Mobile Bálint Horváth hbal...@gmail.com escreveu: As a Oo developer, a run away from using switch - I don't understand this: OOP and switch could be good together and I also prefer switch eg. at action or page selection... break is an old stuff and not a nice solution (like goto)... killing a procedure!? -means wrong planning of an app! (and jumping in the code with goto also like this) On Tue, Oct 2, 2012 at 12:11 PM, Rodrigo Silva dos Santos rodrigos.santo...@gmail.com wrote: Better solution than mine (that don't even make a code) As a Oo developer, a run away from using switch, so I should never use break too... Good to know. By the way, what's the problem with it? Enviado por Samsung Mobile Bálint Horváth hbal...@gmail.com escreveu: The problem was already solved. I forgot to send a copy to the list... Rodrigo, break!? Ohh man, it's a crazy idea... A developer DOES NOT use break at all (in a loop)... (switch is an exception) In the other hand Thomas, you should use while and count the lines and u need to test if username found... Yeah, this script is near to the good solution: ?php session_start(); $users = file(users.inc.php); if (!empty($_POST['username']) !empty($_POST['password'])) { if (filter_var($_POST['username'], FILTER_VALIDATE_EMAIL)) { $ui = 0; while ($ui count($users) $error != 0) { $user = explode(' ', trim($users[$ui])); if ($_POST['username'] == $user[1]) { $_SESSION['logged_in'] = 1; $_SESSION['username'] = $user[1]; $error = 0; } else{ $error = 2; } $ui++; } } else { $error = 4; } } else { $error = 3; } if ($error == 0) { print(redirecting); } else { print(error: . $error); } ? On Tue, Oct 2, 2012 at 8:52 AM, Thomas Conrad koopasfore...@gmail.comwrote: I'm currently learning php and as a challenge, I'm creating a login script using text files to store the information (until I learn how to handle databases with php). The problem I'm having is the if statement in my while loop is only evaluated on the last iteration of the while loop, so its only comparing the last username in the file and no others. Heres the code: ?php session_start(); $users = file(../inc/users.inc.php); if($_POST['username'] $_POST['password']){ if(ereg(^[^@ ]+@[^@ ]+\.[^@ \.]+$, $_POST['username'])){ while(list($id ,$username) = each($users)){ if($_POST['username'] == $username){ $_SESSION['logged_in'] = 1; $_SESSION['username'] = $username; } } if($_SESSION['logged_in'] != 1){ $error = 2; } }else{ $error = 4; } }else{ $error = 3; } if($error){ header(Location: http://koopasforever.com/scripts/login.php?error=$error;); }else{ header(Location: http://koopasforever.com/;); } ? I have checked all my variables and they all contain the proper information Some help would be greatly appriciated, Thanks -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] problem with my login script
On 02-10-2012 11:59, Bálint Horváth wrote: The problem was already solved. I forgot to send a copy to the list... Rodrigo, break!? Ohh man, it's a crazy idea... A developer DOES NOT use break at all (in a loop)... (switch is an exception) I personally find this statement to be utter bullshit. There is nothing wrong with using break. There is a very good reason why it's available in the language. In very many cases, it costs a lot less code to add a break than to add additional clauses to your while-conditional. You don't honestly believe that: while(list($key,$user) = each(file('someUserList')) and $foundUser=false) { if($user == $usernameWeAreLookingFor) { $foundUser = true; } } looks oh so much better than a simple: foreach(file('someUserList') as $key=$val) { if($user == $usernameWeAreLookingFor) { break; } } Also do note that it is very hard to use your do not use break, ever when you want to use foreach and want to stop at the first find. Seriously, stop giving advice to never use perfectly good code. In very complicated, long, loops, I agree that using break in various places can make debugging difficult. The solution however is not to refrain from ever using break, but rather to change your code into a clearer format. This is like saying you can make bombs from fertilizer, ergo fertilizer should not ever be used!. Everything has its use, and abuse. Same goes for goto, it can also be used for good. In the other hand Thomas, you should use while and count the lines and u need to test if username found... Ehr, he could also use foreach, for or any other loop construct... On a sidenote: please, please, please do not say u need. There is no u in english, it's written (and pronounced) you. Stick to that, you sound like a damned dumb teenager to me when using such needlessly abbreviated words. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: problem with my login script
On 02 Oct 2012 at 12:07, Maciek Sokolewicz maciek.sokolew...@gmail.com wrote: On 02-10-2012 11:59, Bálint Horváth wrote: The problem was already solved. I forgot to send a copy to the list... Rodrigo, break!? Ohh man, it's a crazy idea... A developer DOES NOT use break at all (in a loop)... (switch is an exception) I personally find this statement to be utter bullshit. There is nothing wrong with using break. There is a very good reason why it's available in the language. In very many cases, it costs a lot less code to add a break than to add additional clauses to your while-conditional. Agree 100%. -- Cheers -- Tim
RES: [PHP] Re: problem with my login script
I follow this rule of thumb: small blocks of highly understandable code. If this demands ternary conditionals or breaks, so be it! -Mensagem original- De: Tim Streater [mailto:t...@clothears.org.uk] Enviada em: terça-feira, 2 de outubro de 2012 08:37 Para: PHP General List Assunto: [PHP] Re: problem with my login script On 02 Oct 2012 at 12:07, Maciek Sokolewicz maciek.sokolew...@gmail.com wrote: On 02-10-2012 11:59, Bálint Horváth wrote: The problem was already solved. I forgot to send a copy to the list... Rodrigo, break!? Ohh man, it's a crazy idea... A developer DOES NOT use break at all (in a loop)... (switch is an exception) I personally find this statement to be utter bullshit. There is nothing wrong with using break. There is a very good reason why it's available in the language. In very many cases, it costs a lot less code to add a break than to add additional clauses to your while-conditional. Agree 100%. -- Cheers -- Tim -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: RES: [PHP] Re: problem with my login script
Just for the record, I'll sign that one. There is a reason for continue, break and return to exist. Just make sure, that your code is understandable and there is no problem using these exits. If your code is that complicated, that you don't understand a break in it, the problem is another. Samuel Lopes Grigolato samuel.grigol...@gmail.com hat am 2. Oktober 2012 um 13:40 geschrieben: I follow this rule of thumb: small blocks of highly understandable code. If this demands ternary conditionals or breaks, so be it! -Mensagem original- De: Tim Streater [mailto:t...@clothears.org.uk] Enviada em: terça-feira, 2 de outubro de 2012 08:37 Para: PHP General List Assunto: [PHP] Re: problem with my login script On 02 Oct 2012 at 12:07, Maciek Sokolewicz maciek.sokolew...@gmail.com wrote: On 02-10-2012 11:59, Bálint Horváth wrote: The problem was already solved. I forgot to send a copy to the list... Rodrigo, break!? Ohh man, it's a crazy idea... A developer DOES NOT use break at all (in a loop)... (switch is an exception) I personally find this statement to be utter bullshit. There is nothing wrong with using break. There is a very good reason why it's available in the language. In very many cases, it costs a lot less code to add a break than to add additional clauses to your while-conditional. Agree 100%. -- Cheers -- Tim -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php Marco Behnke Dipl. Informatiker (FH), SAE Audio Engineer Diploma Zend Certified Engineer PHP 5.3 Tel.: 0174 / 9722336 e-Mail: ma...@behnke.biz Softwaretechnik Behnke Heinrich-Heine-Str. 7D 21218 Seevetal http://www.behnke.biz -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: RES: [PHP] Re: problem with my login script
My problem was solved no need to argue. I don't see why use a while loop with a count variable when it produces the same result as a foreach loop. As for using a break in the loop, I could add it but the loop is gonna stop anyway as soon as it hits the end of the array. I also didn't see the point in using the explode() function as long as I remove the (in my opinion) useless index numbers from the text file containing the username. The following code works as I expect it to: ?php session_start(); $users = file(../inc/users.inc.php); if(!empty($_POST['username']) !empty($_POST['password'])){ if(filter_var($_POST['username'], FILTER_VALIDATE_EMAIL)){ foreach($users as $row){ $row = trim($row); if($_POST['username'] == $row){ $_SESSION['logged_in'] = 1; $_SESSION['username'] = $row; } } if($_SESSION['logged_in'] != 1){ $error = 2; } }else{ $error = 4; } }else{ $error = 3; } if($error){ header(Location:); }else{ header(Location:); } ? users.inc.php: m...@email1.com m...@email2.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: problem with my login script
To break or not to break? that's the question... All that fight makes me (and, I think that Thomas too) learn a bit more about all of this. And for finish with all of it. I think that if something is not deprecated, is because it's is a good idea to use it somewhere. If the Language developers think that way, i will not discord. Regards. Em 02-10-2012 10:35, Thomas Conrad escreveu: My problem was solved no need to argue. I don't see why use a while loop with a count variable when it produces the same result as a foreach loop. As for using a break in the loop, I could add it but the loop is gonna stop anyway as soon as it hits the end of the array. I also didn't see the point in using the explode() function as long as I remove the (in my opinion) useless index numbers from the text file containing the username. The following code works as I expect it to: ?php session_start(); $users = file(../inc/users.inc.php); if(!empty($_POST['username']) !empty($_POST['password'])){ if(filter_var($_POST['username'], FILTER_VALIDATE_EMAIL)){ foreach($users as $row){ $row = trim($row); if($_POST['username'] == $row){ $_SESSION['logged_in'] = 1; $_SESSION['username'] = $row; } } if($_SESSION['logged_in'] != 1){ $error = 2; } }else{ $error = 4; } }else{ $error = 3; } if($error){ header(Location:); }else{ header(Location:); } ? users.inc.php: m...@email1.com m...@email2.com
[PHP] base64_decode
Without anyone infecting their machines, can someone tell me what this is? I found a phishing site on my DreamHost server. DreamHost has been very helpful. We found a file containing this code. What is it? What does it contain? ?php eval(base64_decode('Pz4gPC9kaXY+DQo8ZGl2IGlkPSJmb290ZXIiPjxhIGhyZWY9Imh0dHA6Ly93ZWItaG9zdGluZy1jbGljay5jb20vIiB0aXRsZT0iV2ViIGhvc3RpbmciPldlYiBob3N0aW5nPC9hPg0KPCEtLSAyNyBxdWVyaWVzLiAwLjU2MSBzZWNvbmRzLiAtLT4NCjwvZGl2Pg0KPD9waHAgd3BfZm9vdGVyKCk7ID8+DQo8L2JvZHk+DQo8L2h0bWw+IDw/'));? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] base64_decode
Hello John. This code generates the following html: ? /div div id=footera href=http://web-hosting-click.com/; title=Web hostingWeb hosting/a !-- 27 queries. 0.561 seconds. -- /div ?php wp_footer(); ? /body /html ? Appears that is nothing dangerous, only unauthorized advertising. Em 02-10-2012 14:27, John Taylor-Johnston escreveu: Without anyone infecting their machines, can someone tell me what this is? I found a phishing site on my DreamHost server. DreamHost has been very helpful. We found a file containing this code. What is it? What does it contain? ?php eval(base64_decode('Pz4gPC9kaXY+DQo8ZGl2IGlkPSJmb290ZXIiPjxhIGhyZWY9Imh0dHA6Ly93ZWItaG9zdGluZy1jbGljay5jb20vIiB0aXRsZT0iV2ViIGhvc3RpbmciPldlYiBob3N0aW5nPC9hPg0KPCEtLSAyNyBxdWVyaWVzLiAwLjU2MSBzZWNvbmRzLiAtLT4NCjwvZGl2Pg0KPD9waHAgd3BfZm9vdGVyKCk7ID8+DQo8L2JvZHk+DQo8L2h0bWw+IDw/'));?
Re: [PHP] base64_decode
Am 02.10.2012 19:27, schrieb John Taylor-Johnston: Without anyone infecting their machines, can someone tell me what this is? I found a phishing site on my DreamHost server. DreamHost has been very helpful. We found a file containing this code. What is it? What does it contain? ?php eval(base64_decode('Pz4gPC9kaXY+DQo8ZGl2IGlkPSJmb290ZXIiPjxhIGhyZWY9Imh0dHA6Ly93ZWItaG9zdGluZy1jbGljay5jb20vIiB0aXRsZT0iV2ViIGhvc3RpbmciPldlYiBob3N0aW5nPC9hPg0KPCEtLSAyNyBxdWVyaWVzLiAwLjU2MSBzZWNvbmRzLiAtLT4NCjwvZGl2Pg0KPD9waHAgd3BfZm9vdGVyKCk7ID8+DQo8L2JvZHk+DQo8L2h0bWw+IDw/'));? http://codepad.org/Kyka99fE -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: {ATTENTION} Re: [PHP] base64_decode
Interesting. Thanks. It was a footer.php in a webpress theme. I was wondering if it was a portal someone was using to get onto my server. I changted ftp passwords and begun using sftp, but phishing code is still leaking onto my sites. My wordpress copies are up to date and DreamHost has no real answers as to how someone is uploading and expanding *.tar.gz files. Thanks, john Rodrigo Silva dos Santos wrote: Hello John. This code generates the following html: ? /div div id=footera href=*MailScanner has detected a possible fraud attempt from web-hosting-click.com claiming to be* http://web-hosting-click.com/; title=Web hostingWeb hosting/a !-- 27 queries. 0.561 seconds. -- /div ?php wp_footer(); ? /body /html ? Appears that is nothing dangerous, only unauthorized advertising. Em 02-10-2012 14:27, John Taylor-Johnston escreveu: Without anyone infecting their machines, can someone tell me what this is? I found a phishing site on my DreamHost server. DreamHost has been very helpful. We found a file containing this code. What is it? What does it contain? ?php eval(base64_decode('Pz4gPC9kaXY+DQo8ZGl2IGlkPSJmb290ZXIiPjxhIGhyZWY9Imh0dHA6Ly93ZWItaG9zdGluZy1jbGljay5jb20vIiB0aXRsZT0iV2ViIGhvc3RpbmciPldlYiBob3N0aW5nPC9hPg0KPCEtLSAyNyBxdWVyaWVzLiAwLjU2MSBzZWNvbmRzLiAtLT4NCjwvZGl2Pg0KPD9waHAgd3BfZm9vdGVyKCk7ID8+DQo8L2JvZHk+DQo8L2h0bWw+IDw/'));? -- John Taylor-Johnston Département de Langues modernes Cégep de Sherbrooke, Sherbrooke, Québec http://cegepsherbrooke.qc.ca/~languesmodernes/ http://cegepsherbrooke.qc.ca/~languesmodernes/wiki/
RES: [PHP] Re: {ATTENTION} Re: [PHP] base64_decode
Another way to decode and inspect such data is to use utilities like: http://www.motobit.com/util/base64-decoder-encoder.asp By the way, never saw before this kind of sloppy irritating malicious obfuscation =). Does your server allow execution of the eval function? I consider this a security breach especially if your apache user is not correctly sandboxed. I wonder if there is a way to disable execution of this method on shared servers. AFAIK there is a way, I just can't remember how to do it. Cheers. -Mensagem original- De: John Taylor-Johnston [mailto:john.taylor-johns...@cegepsherbrooke.qc.ca] Enviada em: terça-feira, 2 de outubro de 2012 14:46 Para: Rodrigo Silva dos Santos Cc: PHP-General Assunto: [PHP] Re: {ATTENTION} Re: [PHP] base64_decode Interesting. Thanks. It was a footer.php in a webpress theme. I was wondering if it was a portal someone was using to get onto my server. I changted ftp passwords and begun using sftp, but phishing code is still leaking onto my sites. My wordpress copies are up to date and DreamHost has no real answers as to how someone is uploading and expanding *.tar.gz files. Thanks, john Rodrigo Silva dos Santos wrote: Hello John. This code generates the following html: ? /div div id=footera href=*MailScanner has detected a possible fraud attempt from web-hosting-click.com claiming to be* http://web-hosting-click.com/; title=Web hostingWeb hosting/a !-- 27 queries. 0.561 seconds. -- /div ?php wp_footer(); ? /body /html ? Appears that is nothing dangerous, only unauthorized advertising. Em 02-10-2012 14:27, John Taylor-Johnston escreveu: Without anyone infecting their machines, can someone tell me what this is? I found a phishing site on my DreamHost server. DreamHost has been very helpful. We found a file containing this code. What is it? What does it contain? ?php eval(base64_decode('Pz4gPC9kaXY+DQo8ZGl2IGlkPSJmb290ZXIiPjxhIGhyZWY9I mh0dHA6Ly93ZWItaG9zdGluZy1jbGljay5jb20vIiB0aXRsZT0iV2ViIGhvc3RpbmciPl dlYiBob3N0aW5nPC9hPg0KPCEtLSAyNyBxdWVyaWVzLiAwLjU2MSBzZWNvbmRzLiAtLT4 NCjwvZGl2Pg0KPD9waHAgd3BfZm9vdGVyKCk7ID8+DQo8L2JvZHk+DQo8L2h0bWw+IDw/ '));? -- John Taylor-Johnston Département de Langues modernes Cégep de Sherbrooke, Sherbrooke, Québec http://cegepsherbrooke.qc.ca/~languesmodernes/ http://cegepsherbrooke.qc.ca/~languesmodernes/wiki/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: RES: [PHP] Re: {ATTENTION} Re: [PHP] base64_decode
On Tue, 2012-10-02 at 15:04 -0300, Samuel Lopes Grigolato wrote: Another way to decode and inspect such data is to use utilities like: http://www.motobit.com/util/base64-decoder-encoder.asp By the way, never saw before this kind of sloppy irritating malicious obfuscation =). Does your server allow execution of the eval function? I consider this a security breach especially if your apache user is not correctly sandboxed. I wonder if there is a way to disable execution of this method on shared servers. AFAIK there is a way, I just can't remember how to do it. Cheers. -Mensagem original- De: John Taylor-Johnston [mailto:john.taylor-johns...@cegepsherbrooke.qc.ca] Enviada em: terça-feira, 2 de outubro de 2012 14:46 Para: Rodrigo Silva dos Santos Cc: PHP-General Assunto: [PHP] Re: {ATTENTION} Re: [PHP] base64_decode Interesting. Thanks. It was a footer.php in a webpress theme. I was wondering if it was a portal someone was using to get onto my server. I changted ftp passwords and begun using sftp, but phishing code is still leaking onto my sites. My wordpress copies are up to date and DreamHost has no real answers as to how someone is uploading and expanding *.tar.gz files. Thanks, john Rodrigo Silva dos Santos wrote: Hello John. This code generates the following html: ? /div div id=footera href=*MailScanner has detected a possible fraud attempt from web-hosting-click.com claiming to be* http://web-hosting-click.com/; title=Web hostingWeb hosting/a !-- 27 queries. 0.561 seconds. -- /div ?php wp_footer(); ? /body /html ? Appears that is nothing dangerous, only unauthorized advertising. Em 02-10-2012 14:27, John Taylor-Johnston escreveu: Without anyone infecting their machines, can someone tell me what this is? I found a phishing site on my DreamHost server. DreamHost has been very helpful. We found a file containing this code. What is it? What does it contain? ?php eval(base64_decode('Pz4gPC9kaXY+DQo8ZGl2IGlkPSJmb290ZXIiPjxhIGhyZWY9I mh0dHA6Ly93ZWItaG9zdGluZy1jbGljay5jb20vIiB0aXRsZT0iV2ViIGhvc3RpbmciPl dlYiBob3N0aW5nPC9hPg0KPCEtLSAyNyBxdWVyaWVzLiAwLjU2MSBzZWNvbmRzLiAtLT4 NCjwvZGl2Pg0KPD9waHAgd3BfZm9vdGVyKCk7ID8+DQo8L2JvZHk+DQo8L2h0bWw+IDw/ '));? -- John Taylor-Johnston Département de Langues modernes Cégep de Sherbrooke, Sherbrooke, Québec http://cegepsherbrooke.qc.ca/~languesmodernes/ http://cegepsherbrooke.qc.ca/~languesmodernes/wiki/ I'd say the first step is to remove or disable any unnecessary plugins and make sure all the necessary ones are as up-to-date as they can be. I recall reading an article recently about the most popular thumbnail generation plugin for Wordpress (I'm not a Wordpress user, don't recall the plugin name) that had a security flaw that would allow unauthorised access to your server. Look at server logs. See if there is any useful information in them that would tell you what pages were requested just prior to the .tar.gz archives being uploaded. Change login details for both FTP and Wordpress itself for all users if you can, and maybe check for any added users who shouldn't be there. If you have a backup of the code files try and restore it. If you don't, compare a fresh Wordpress install with the plugins you're using to what you have on the live site to see if there are any other dodgy files on the server that ought not to be. Hope that helps some! -- Thanks, Ash http://www.ashleysheridan.co.uk