requinix

So you're saying you tried making a bunch of requests, watching in the browser as each request gets sent, until you got one of them to insert 0 for a question? And the value of "n" in the browser (or the value of "answ" in the request data) is always 1 or -0.25? Do you have email set up? Try something as simple as if ($mark != 1 && $mark != -0.25) { mail("yourself@example.com", "mark={$mark}", var_dump($_REQUEST, true), "From: yoursendingaccount@example.com"); }Then you'll get an email every time $mark doesn't have the right value, and it will include all the form data that was sent. And you say it's a recent development? That must mean something has changed recently. Were there any changes to the site? Did your host upgrade PHP versions or change other configuration?

For completeness, there's an alternative solution: changing the while loop into a do/while loop. elseif(is_numeric($duty['Duty'])){ // friend WORKING $starttimes = array(); $finishtimes = array(); do { $starttimes[] = $duty['BeginTime']; $finishtimes[] = $duty['EndTime']; } while($duty=mysqli_fetch_assoc($result2));Using this structure requires knowing that $duty starts off with a valid value (ie, the query returned at least one row). The code satisfies that requirement already because of the is_numeric() check; it's not as good as an explicit check that $duty isn't empty, and will potentially raise warnings/notices, but it works.

<?php $sqlfriend = "SELECT * FROM Users INNER JOIN friends ON friends.FriendCode = Users.Code WHERE friends.Code = '{$_SESSION['Code']}' ORDER BY Users.Code DESC"; $resultfriend = mysqli_query($cxn,$sqlfriend) or die ("Cant get friends."); while($rowfriend=mysqli_fetch_assoc($resultfriend)) { // CHECKS IF WORKING, STBY or OFF $sql = "SELECT Duty,BeginTime,EndTime FROM rosters WHERE Code = '{$rowfriend['FriendCode']}' AND SectorDate = '$today' ORDER BY BeginTime ASC"; $result2 = mysqli_query($cxn,$sql) or die ("Cant find out friends duties for today."); $duty = mysqli_fetch_assoc($result2); if(strpos($duty['Duty'],'SBY') !== false) { // friend STBY $border = 'warning'; $friendsdutytoday = 'Today: <br /> <b>Standby until '.$duty['EndTime'].'</b>'; } elseif (strpos($duty['Duty'],'OFF') !== false || strpos($duty['Duty'],'A/L') !== false || strpos($duty['Duty'],'ADHOC') !== false) { // friend $border = 'success'; $friendsdutytoday = 'Today: <br /> <b>'.$duty['Duty'].'</b>'; } elseif(is_numeric($duty['Duty'])){ // friend WORKING $starttimes = array(); $finishtimes = array(); while($duty=mysqli_fetch_assoc($result2)) { $starttimes[] = $duty['BeginTime']; $finishtimes[] = $duty['EndTime']; } $border = 'info'; $friendsdutytoday = 'Working today <br />'; foreach($starttimes as $value) { echo $value; } echo '<b>'.reset($starttimes).'Z - '.end($finishtimes).'Z</b>'; /////// ERROR ECHOED HERE ///////// } else { $border = 'info'; $friendsdutytoday = 'Today <br /> <b>No Roster</b>'; }Right. Because the first row is the $duty you fetched on line 15. When you start the while loop (31) you throw away $duty and start fetching more rows. Instead of using an empty array for $starttimes and $finishtimes, use an array with the values you already have in $duty.

Pretty straightforward: look at all the files on the server and see if there are any that don't belong. Files you didn't put there yourself. It's also possible that existing files were modified, not just new ones created. As you're looking through everything, keep an eye on the modification times and consider they match up with when you last modified them yourself.

Have you checked whether the server itself was compromised? Somebody is running their own code on it which is blasting emails?

Apparently it's ongoing, which helps. Add some code that will log every time an email is sent. Include at least the date sent, subject line, recipient, and visitor's IP address. Wait a couple days and check the logs to see if it's sending emails that it shouldn't be. Because odds are that (if it's truly sending emails then) there's some sort of exploit, or another tactic, where someone can cause an email to be sent. For sure someone could abuse the registration system to send an email to anyone, but they couldn't hijack it for spam emails so it's not really worth the effort.

That would mean the value of "n" from the Javascript would be 0 or something that cannot be converted to a number. Right? So what is the actual value of n during those requests? Or alternatively, what does the AJAX request look like in terms of the form data submitted (which you should be able to get directly from the browser).

Seems weird that you have this mixture of numbers and strings, but whatever. So you only want to add to $SLevels if the data is a number? I figure if($tmp[0] != '-')would be a good place to do that. To test for a number, try is_numeric.

Looks like you did a print_r(get_object_vars($this))Right? 1. The thing you printed is an array, because that's what get_object_vars does. But $this is an object. 2. "config" is the thing inside it. 3. It is an object (a Config object). 4. "config" is (again) the next thing inside it. 5. It is an array. 6. "sess_expiration" is one of the values you want. Objects use -> and arrays use []. $this->config->config["sess_expiration"]

It'd totally expect you could copy/paste those pages (probably many at a time, or even all at once) into Excel or Google Sheets, then get a CSV version of it. That'd make importing very easy.

If you don't mind too much, I'm going to remove that link you posted. Drive-by malware is not cool. halp.pdf

Kinda depends on what the PDF looks like...

One of two things is true: 1. Your "constants" file is not defining constants. It is defining variables. Variables do not work like constants: variables defined outside a function are not available inside the method. 2. Your constants file is actually defining constants, meaning with define() or const, but you're trying to use variables instead. Because as you can see, Access denied for user ''@'localhost' (using password: NO)you are definitely not passing "root" as the user nor providing the password. As for why the error message is not in your logs, that's because it's output. Actual output. From the code. It outputted the message. print "Error!: " . $e->getMessage() . " ";Right there.

If you have stuff written from back when register_globals was acceptable then it's been a very long time and your code probably needs a once-over. Not just for this problem but potentially others. Otherwise the best thing you can do is fix the code. Really. It might take a while but all you need is stuff like $variable = (isset($_GET["variable"]) ? $_GET["variable"] : "reasonable default value");or if (isset($_GET["variable"])) { $variable = $_GET["variable"]; } else { // show an error }

I don't have MAMP so try... this?

Make sure you have error reporting settings appropriate for development: make sure your php.ini has error_reporting = -1 display_errors = onand restart Apache if it does not already. Then try your code and look for error messages. If that doesn't help you find and fix the problem, post your code.

New thread: http://forums.phpfreaks.com/topic/299787-to-create-an-hyperlink-in-php-which-is-used-to-open-an-file-with-any-format-which-is-saved-on-the-server-folder/

Ah, hosting support... Form inputs only work if you give them names. The IDs are just for the client side - mostly Javascript. <form method="post" action="#"> <input type="text" id="date1" name="post1" size="8"> <br /> <input type="text" id="date2" name="post2" size="8"> <br /> <input type="submit" name="submit"> </form>

But not the equals sign?

Two options: a) Compare using timestamps. If you're only doing this in PHP then sometimes that's easier, and the fact that it's just straight numbers makes it easier to understand. $renewaldate = time(); if ($organisationsize == "Up to $3M" && $membershipyear = '2016' && $renewaldate >= mktime(0, 0, 0, 2, 15, 2016)) {b) Compare using date strings. There are three conditions you must satisfy for this to work: 1. Reading left to right, each number in the string (eg, hour, month) must be a larger unit than the next. So you can do year/month/day (year>month>day) but not year/day/month (year>day 2. Every component must be a number, and each number must be padded (with zeroes) to the largest length. For example, days can max out at two digits long, therefore every day must be padded to two digits. So no 'D' (day name) or 'j' (unpadded day number). 3. Both strings must use the same format string. You can't compare YYYY/MM/DD with YYYY-MM-DD. In practice that means you'll probably use one of two formats: YYYY-MM-DD ("Y-m-d") or YYYY-MM-DD HH:MM:SS ("Y-m-d H:i:s"), and the exact separator character doesn't matter.

What if you turn off your firewall (temporarily)?

I thought you were using ngrok?

Either an exploit, or legitimate code that a seller wants to "protect" from prying eyes. blmg2009, there's good news and bad news. The bad news is that we can't help you decode something that's under license, which the stuff you posted is. (Normally I would remove licensed code, but what you posted isn't... well, it's harmless to have exposed.) The good news is that you want to understand how it works, not to break it apart. A fine line indeed. It's a horrible practice and wastes system resources doing a lot of stupid work, but some people think it's what they have to do to protect their code. Maybe they don't know much about licensing, or maybe they think it's truly effective, or what else I don't know. But the basic idea is to be able to give someone some code that works without being readable by a human. With PHP that's typically some combination of base64_decode() and gzinflate() that ultimately produces some code which can be eval()ed. Do that over and over again and eventually you get actual code that does actual stuff. It's like layers of an onion, except peeling onions isn't as painful.

The nginx server needs to be listening on your LAN address too. As in 192.168.1.x. And the port for the firewall rule is the one that nginx uses. 8080. Your computer doesn't know anything about what the router is doing. What do you mean? What things? Make what unique? If there isn't already a rule set up for nginx then you'd need to make one: make a new firewall exception for a particular program (and find nginx.exe or whatever) so the rule doesn't grant access to everything, then allow access to port 8080 and any remote host.

I'm not sure I understand what you're saying. Are you telling us to give you the code to do this?