Cornelius

Yep that's exactly what happened - lines of code injected into numerous *.php files. Hmm, I'm thinking now to investigate setting 555 permissions on all files

Oh, sorry. Yes I will do that. Just was interested in code. If it's out of forum rules, please delete the thread. Thanks.

My Wordpress website got infected. The code was heavily obfuscated, so this may not be the exact representation. The first code was inserted at the beginning of many important PHP files (index, config, settings) and it actually includes a ~10KB *.ICO files that got deleted, and is probably some malicious executable file. There are also two other codes (in numerous versions in many folders), which I'm pasting down. If someone recognizes these, or can see what should these do, it would be interesting to know what these actually do. [removed] And the second code is: [removed]

You did everything right. Are the files in the same folder? - navbar.php - main.php Do you have some JS or jQuery (or CSS) code included that wold alter the behavior of the navbar? Instead of navbar code can you put just: <? function navBar() { ?> <p>Test code</p> <? } ?>

I still have no idea what you're trying to do. Where from do you gather that first and last name? From database? By which criteria? It seems like you're checking if it's already inside?

HTML5: <meta charset="UTF-8"> Try only that.

Does it work correctly when program it to send letters instead of number? I.E: example.com/?value=hundred

Is 39 the final number of items? I suppose you're making a table in HTML and formatting it with CSS?

Yes I understand now. You should try file upload to get document on server1, and then FTP to get them from on server1 to server2.

I'm still not sure what are you trying to do? Do you want users to transfer files from one server to another or what? If not, why are you doing it in PHP? You can do it in CPanel, just make sure (as they said above) with server admins what's the limit.

For SELECT, SHOW, DESCRIBE, EXPLAIN and other statements returning resultset, mysql_query() returns a resource on success, or FALSE on error. You write: $a = mysql_query("select * from twitter_access_tokens ORDER BY RAND() DESC LIMIT ".$limit.""); while($b = mysql_fetch_array($a)) and you get an error Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given in /home/wgshopus/public_html/submit.php on line 42Your $a may be boolean only if the result of mysql_query() is FALSE. That means you hadn't queried the database properly. I'd try simple: $a = mysql_query("select * from twitter_access_tokens ORDER BY RAND() DESC LIMIT $limit");Also make sure your $limit is defined. You could also make a report on query: if(!$a){echo "Wrong query at line 42";}

Doing it your way, anyone could make a script that would transfer his files into your folder on your server. That's why it shouldn't work. You should probably look into FTP section. As an example: $ftp_server=""; $ftp_user_name=""; $ftp_user_pass=""; $file = "";//tobe uploaded $remote_file = ""; // set up basic connection $conn_id = ftp_connect($ftp_server)or die("Unable to connect to server."); // login with username and password $login_result = ftp_login($conn_id, $ftp_user_name, $ftp_user_pass); // upload a file if (ftp_put($conn_id, $remote_file, $file, FTP_ASCII)) { echo "successfully uploaded $file\n"; exit; } else { echo "There was a problem while uploading $file\n"; exit; } // close the connection ftp_close($conn_id);

You also could have used $_POST array directly in the second file: $val=10; numcheck($val); function numcheck($sent_val){ echo $sent_val . "<br/>"; foreach ($_POST as $mark){ echo $mark . "<br/>"; } }

You first need to add missing tags in page1.php <html> <body> <form action="page2.php" method="post"> Marks1 = <input type="text" name="marks1" /> Marks2 = <input type="text" name="marks2" /> <input type="submit"> </form> </body> </html> You're passing array to page2.php and extracting it to separate variables, and then again making a new array from those variables. Nevertheless you can use it no problem: extract($_POST); $val=10; $answer=array( $marks1, $marks2); numcheck($val, $answer); function numcheck($sent_val,$sent_answer){ echo $sent_val . "<br/>"; foreach ($sent_answer as $mark){ echo $mark . "<br/>"; } }

Oh, I agree. Generally you can make a string variable containing some HTML (or whichever) code. $name = "John"; $op_tags = "<b>"; $end_tags="</b>"; echo "You must enter your password, $op_tags $name $end_tags."; which would output: You must enter your password, John . My impression was that OP was hoping to put the whole HTML form inside a variable for execution purpose (if it can be said like that). In my example in previous post, he should also delete all $form because they have no purpose anymore.

- your file should also be named login.php - line 16 - you can't make php variable equal to HTML tags - you have multiple syntax error 'imput' instead of 'input' <?php error_reporting (E_ALL ^ E_NOTICE); session_start(); ?> <!DOCTYPE html PUBLIC> <html> <head> <title>Login</title> </head> <body> <form action='./login.php' method='post'> <table> <tr> <td>Username:</td> <td><input type='text' name='user' /></td> </tr> <tr> <td>Password:</td> <td><input type='password' name='password' /></td> </tr> <tr> <td></td> <td><input type='submit' name='loginbtn' value='Login' /></td> </tr> </tr> </table> </form> <!-- PHP form handling code starts here --> <?php if ($_POST['loginbtn']){ $user = $_POST['user']; $password = $_POST['password']; if ($user){ if ($password){ echo "$user - $password <hr /> $form"; } else echo "You must enter your password. $form"; } else echo "You must enter your username. $form"; } else echo $form; ?> </body> </html>