requinix

Have you checked whether the server itself was compromised? Somebody is running their own code on it which is blasting emails?

Apparently it's ongoing, which helps. Add some code that will log every time an email is sent. Include at least the date sent, subject line, recipient, and visitor's IP address. Wait a couple days and check the logs to see if it's sending emails that it shouldn't be. Because odds are that (if it's truly sending emails then) there's some sort of exploit, or another tactic, where someone can cause an email to be sent. For sure someone could abuse the registration system to send an email to anyone, but they couldn't hijack it for spam emails so it's not really worth the effort.

That would mean the value of "n" from the Javascript would be 0 or something that cannot be converted to a number. Right? So what is the actual value of n during those requests? Or alternatively, what does the AJAX request look like in terms of the form data submitted (which you should be able to get directly from the browser).

Seems weird that you have this mixture of numbers and strings, but whatever. So you only want to add to $SLevels if the data is a number? I figure if($tmp[0] != '-')would be a good place to do that. To test for a number, try is_numeric.

Looks like you did a print_r(get_object_vars($this))Right? 1. The thing you printed is an array, because that's what get_object_vars does. But $this is an object. 2. "config" is the thing inside it. 3. It is an object (a Config object). 4. "config" is (again) the next thing inside it. 5. It is an array. 6. "sess_expiration" is one of the values you want. Objects use -> and arrays use []. $this->config->config["sess_expiration"]

It'd totally expect you could copy/paste those pages (probably many at a time, or even all at once) into Excel or Google Sheets, then get a CSV version of it. That'd make importing very easy.

If you don't mind too much, I'm going to remove that link you posted. Drive-by malware is not cool. halp.pdf

Kinda depends on what the PDF looks like...

One of two things is true: 1. Your "constants" file is not defining constants. It is defining variables. Variables do not work like constants: variables defined outside a function are not available inside the method. 2. Your constants file is actually defining constants, meaning with define() or const, but you're trying to use variables instead. Because as you can see, Access denied for user ''@'localhost' (using password: NO)you are definitely not passing "root" as the user nor providing the password. As for why the error message is not in your logs, that's because it's output. Actual output. From the code. It outputted the message. print "Error!: " . $e->getMessage() . " ";Right there.

If you have stuff written from back when register_globals was acceptable then it's been a very long time and your code probably needs a once-over. Not just for this problem but potentially others. Otherwise the best thing you can do is fix the code. Really. It might take a while but all you need is stuff like $variable = (isset($_GET["variable"]) ? $_GET["variable"] : "reasonable default value");or if (isset($_GET["variable"])) { $variable = $_GET["variable"]; } else { // show an error }

I don't have MAMP so try... this?

Make sure you have error reporting settings appropriate for development: make sure your php.ini has error_reporting = -1 display_errors = onand restart Apache if it does not already. Then try your code and look for error messages. If that doesn't help you find and fix the problem, post your code.

New thread: http://forums.phpfreaks.com/topic/299787-to-create-an-hyperlink-in-php-which-is-used-to-open-an-file-with-any-format-which-is-saved-on-the-server-folder/

Ah, hosting support... Form inputs only work if you give them names. The IDs are just for the client side - mostly Javascript. <form method="post" action="#"> <input type="text" id="date1" name="post1" size="8"> <br /> <input type="text" id="date2" name="post2" size="8"> <br /> <input type="submit" name="submit"> </form>

But not the equals sign?

Two options: a) Compare using timestamps. If you're only doing this in PHP then sometimes that's easier, and the fact that it's just straight numbers makes it easier to understand. $renewaldate = time(); if ($organisationsize == "Up to $3M" && $membershipyear = '2016' && $renewaldate >= mktime(0, 0, 0, 2, 15, 2016)) {b) Compare using date strings. There are three conditions you must satisfy for this to work: 1. Reading left to right, each number in the string (eg, hour, month) must be a larger unit than the next. So you can do year/month/day (year>month>day) but not year/day/month (year>day 2. Every component must be a number, and each number must be padded (with zeroes) to the largest length. For example, days can max out at two digits long, therefore every day must be padded to two digits. So no 'D' (day name) or 'j' (unpadded day number). 3. Both strings must use the same format string. You can't compare YYYY/MM/DD with YYYY-MM-DD. In practice that means you'll probably use one of two formats: YYYY-MM-DD ("Y-m-d") or YYYY-MM-DD HH:MM:SS ("Y-m-d H:i:s"), and the exact separator character doesn't matter.

What if you turn off your firewall (temporarily)?

I thought you were using ngrok?

Either an exploit, or legitimate code that a seller wants to "protect" from prying eyes. blmg2009, there's good news and bad news. The bad news is that we can't help you decode something that's under license, which the stuff you posted is. (Normally I would remove licensed code, but what you posted isn't... well, it's harmless to have exposed.) The good news is that you want to understand how it works, not to break it apart. A fine line indeed. It's a horrible practice and wastes system resources doing a lot of stupid work, but some people think it's what they have to do to protect their code. Maybe they don't know much about licensing, or maybe they think it's truly effective, or what else I don't know. But the basic idea is to be able to give someone some code that works without being readable by a human. With PHP that's typically some combination of base64_decode() and gzinflate() that ultimately produces some code which can be eval()ed. Do that over and over again and eventually you get actual code that does actual stuff. It's like layers of an onion, except peeling onions isn't as painful.

The nginx server needs to be listening on your LAN address too. As in 192.168.1.x. And the port for the firewall rule is the one that nginx uses. 8080. Your computer doesn't know anything about what the router is doing. What do you mean? What things? Make what unique? If there isn't already a rule set up for nginx then you'd need to make one: make a new firewall exception for a particular program (and find nginx.exe or whatever) so the rule doesn't grant access to everything, then allow access to port 8080 and any remote host.

I'm not sure I understand what you're saying. Are you telling us to give you the code to do this?

1. The server has to be listening on your LAN IP address. 127.0.0.1 will only work for connections from the same computer. 2. Make sure your firewall allows inbound connections to that port. 3. Set up a port forwarding on your router from whatever port to your LAN IP address (and port).

There was a problem where all new users were required to have admin approval to validate an account. This has been changed back to something reasonable. New users from here on: upon registration you should receive an email. Please follow the instructions to approve your account. Existing users who are unapproved: click the Resend link in the top-right to get the email. Follow those instructions too. Should work.

I just email them to myself. For real. An actual email account. Is there a particular reason you aren't doing that?

Is #RETURN A LIST OF WHICH USERS ARE INDICATED IN THE PAGE_HIT TABLE $stmtvisit = $db->prepare('SELECT * FROM sys_page_hit WHERE memberID = $_SESSION[memberID]'); $stmtvisit->execute; $results = $stmtvisit->fetchAll(PDO::FETCH_ASSOC); echo $results;that code still around? Because there are a couple big problems with it.