hitman6003

You probably need to supply the mysql connection resource variable to the mysql_affected_rows function: [code]mysql_affected_rows($connectionresource)[/code] The manual says it's not required, but if you are having problems, it's worth trying.

.gif files can contain executable code. EDIT:  Not php, but other languages...not sure which...never looked into it.

once the script is on your server it can do a chmod on them just like you can.  I set up a VM and ran the script that was left on my friends server...I was able to see the entire directory structure...the hd, the cd drive, the floppy drive...I could execute command line scripts and such...I could manipulate any of the files on the server I wanted. In his particular case there is a security hole in one of the earlier versions of the smf bridge for joomla that the hacker exploited. 

looks like the two servers are: http://user9.mshtml.ru http://user7.htmltags.ru

Same type thing, but this time it sends all of your server information: [code] $a=(isset($_SERVER["HTTP_HOST"]) ? $_SERVER["HTTP_HOST"] : $HTTP_HOST); $b=(isset($_SERVER["SERVER_NAME"]) ? $_SERVER["SERVER_NAME"] : $SERVER_NAME); $c=(isset($_SERVER["REQUEST_URI"]) ? $_SERVER["REQUEST_URI"] : $REQUEST_URI); $d=(isset($_SERVER["PHP_SELF"]) ? $_SERVER["PHP_SELF"] : $PHP_SELF); $e=(isset($_SERVER["QUERY_STRING"]) ? $_SERVER["QUERY_STRING"] : $QUERY_STRING); $f=(isset($_SERVER["HTTP_REFERER"]) ? $_SERVER["HTTP_REFERER"] : $HTTP_REFERER); $g=(isset($_SERVER["HTTP_USER_AGENT"]) ? $_SERVER["HTTP_USER_AGENT"] : $HTTP_USER_AGENT); $h=(isset($_SERVER["REMOTE_ADDR"]) ? $_SERVER["REMOTE_ADDR"] : $REMOTE_ADDR); [/code] to a server somewhere...if the first one fails, it goes to a second.

I have a friend get hacked as well over the past week.  He ended up with a hacker script that opens up a huge backdoor...luckily the hacker wasn't smart and named it something very obvious, so he was able to quickly pick it out from all his other scripts.

did you get hacked joe? cause this looks like part of the authentication for a hacking script...it sends info to a russian site to verify the username and password, and if it returns a certain value, executes some system commands.

You probably did not create a true excel file...probably a csv that excel opened and was able to manipulate.  I don't think it's possible to create a true MS word file without using COM.  You can write .txt and I think .rtf files in straight text which word will manipulate.  The rtf (rich text format, which is what wordpad produces) MS Word will work with, and you can apply formatting to the text...bold, italic, and such.

http://www.google.com/search?hl=en&q=.htaccess+redirect&btnG=Google+Search You could probably click on any one of those links and get an easier answer.  I'm not sure if mod_rewrite will do a redirect anyway...I think it will just rename the url, making someone think they are at a secure site...which is not a good practice.

If you insist on using the array, use the in_array (http://www.php.net/in_array) function: [code] if (in_array($ip, $data) {   //code here } else {   //other code here } [/code]

Your code appears fine there. However, you are not seperating the news stories from eachother...you may want to change your $line to be: [code]$line = date("m.d.y") . "|" . $poster . "|" . $_POST['news'] . "|" . $newstitle . "\n";[/code] So that each story will be on a new line.

Use SQL to do this for you: [code] $result = mysql_query("SELECT * FROM blockedips WHERE ip = '$visitorip'") or die(mysql_error()); if (mysql_num_rows($result) > 0) {   //give blocked message } else {   //show page } [/code]

You need to post more of your code, cause apparently you are writing to the file twice at some point and not realizing it.

I think this may be what you are trying to do: [code] <?php //code to process your form .... //at the end of your form processing //you should end up with your vars from //the previous posting... $prevtheme = $_POST['theme']; $prevauthor = $_POST['author']; //generate the select box $themes = array( 'drama' => 'Drama', 'fiction' => 'Fiction', 'Inspirational' => 'Inspirational' //etc... ); $themeselect = ' <select name="theme" id="theme"> <option value="">Choose Theme</option>'; foreach ($themes as $key => $value) { $themeselect .= '<option value="' .$key . '"'; if ($prevtheme == $key) { $themeselect .= " selected"; } $themeselect .= '>' . $value . '</option>' . "\n"; } $themeselect .= "</select>"; ?> <!-- html for your form goes here --> <input type="text" name="author" value="<?php echo $prevautor; ?>" size="25" /><br /> <?php echo $themeselect; ?> <!-- rest of form... --> [/code]

[quote]any solutions?[/quote] Make your own browser that doesn't do it.  It's a security feature to let you know that you are reposting information to a webpage. Use the GET method as was posted above.

You have to escape the double quotes when they are inside of double quotes(I missed that you had them in there when I posted above)...or wrap the statement in single quotes rather than double: Either [code]echo "<div class=\"whitetext\" align=\"center\">Welcome to New York!</div>\n";[/code] or [code]echo '<div class="whitetext" align="center">Welcome to New York!</div>\n'; However, with the latter it will not substitute a new line for \n, it will put \n in the output. So the latter should be: [code]echo '<div class="whitetext" align="center">Welcome to New York!</div>' . "\n";[/code][/code]

Using this: [code]print <<<HERE <div class="whitetext" align="center">Welcome to Chicago!</div>n HERE;[/code] is a lot more work that it needs to be, and is probably what is causing your error. Do this instead: [code]echo "<div class="whitetext" align="center">Welcome to Chicago!</div>\n";[/code] You can also format your code to make it more readable when you use the echo statements...or if you don't like echo, you can still use print with the same syntax: [code]print "<div class="whitetext" align="center">Welcome to Chicago!</div>\n";[/code]

Either change your fwrite lines to be a single line rather than multiple: [code] fwrite($file, " <p><h3>$title</h3></p> <h5>Posted By: $username</h5> <p>$post</p> <hr /> " );[/code] Should be: [code]fwrite($file, "<p><h3>$title</h3></p><h5>Posted By: $username</h5><p>$post</p><hr />" );[/code] or assign the multiple lines to a variable then write that to your file. You should be using fclose to close your files after you write to them. In the second fwrite, the one that's a part of your dofullnews function, if you are intending to write the php code there and not the variables...i.e. have the text of your file be: [quote]$num = $num+1 <p><h3>$title</h3></p> <h5>Posted By: $username</h5> <p>$post | Read More...</p> <?php if( $pid =='102564456985214563256325632$num' ) { ?> <p><h3>$title</h3></p> <h5>Posted By: $username</h5> <p>$post $mainpost</p> <hr />[/quote] Rather than substituting the values of variables for the variable names, then you need to use a single quote rather than double.

You may want to check with the creator of the code to make sure that they will allow you to use it a different way. In order to do what you want...take that block of code and have it execute inside of an excel spreadsheet, you will have to rewrite it from php to vbscript, as a macro in excel.

hehe...I actually just realized that SUM was incorrect there...it should be COUNT for that particular SQL statement. Try the MySQL manual...although sometimes they don't always write in a manner that's understandable: http://dev.mysql.com/doc/refman/5.0/en/counting-rows.html The gist is that it counts the number of nonnull instances of the field specified in the query.  It's very similar to the php function mysql_num_rows, however it will only count the row if the field specified has a value, where as php will count all of the rows returned.

Your code is checking to see if the variable $_POST['submit'] has been set...if it exists.  If it does exist, then it loops through the $_POST array and creates variables (the easy way of doing the same thing is to use extract (http://www.php.net/extract)). If you want to see what the $_POST array contains, do a print_r (http://www.php.net/print_r) on it.  If you want to see a formatted display, put a pre tag (html's &ltpre&gt) before it.  If you see a key with the name "submit", then the isset operation should return true and the loop will happen. Are you sure that is where your error is?  I'm not familiar with how the rest of your code is executing with a lot of $var = $var = func($var) and so on...there is a lot of custom functions being executed and a lot of logic that has the potential to go wrong.  If you are experiancing problems, you may want to simplify as much as possible.

[quote]you say incrementing a field to sum the hits is bad, but why?[/quote] You're not able to determine if a user has voted previously the way it's working now, right? [quote]i can still increment from the articles table correct?[/quote] Sure, but why?  The vote counting should be handled by counting them from the "votes" table since the data is already there...no reason to execute two queries that do the same thing (one to insert the vote, one to update the number) [quote]with the table being so many rows, will that slow down the site that much?[/quote] No.

Ummm, did you try the manual:  http://www.php.net/isset [quote] isset -- Determine whether a variable is set Description bool isset ( mixed var [, mixed var [, ...]] ) Returns TRUE if var exists; FALSE otherwise. [/quote]

See this page on file uploads: http://us3.php.net/manual/en/features.file-upload.php And this page on attachments in email: http://us3.php.net/manual/en/function.mail.php You may also want to check out phpmailer (http://phpmailer.sourceforge.net/) as a much easier way of sending email with attachments.

You may want to use file_get_contents (http://www.php.net/file_get_contents) to read the value in the file.  You may also want to typecast your variable as an int. http://us3.php.net/manual/en/language.types.type-juggling.php#language.types.typecasting