gizmola

You are setting your variable after you've already made the mail() call. I don't see where $name is being set or coming from. Try $to = "webmaster@website.net"; $subject = "File Upload"; $message = "A File has been uploaded to the Server."; $from = "webmaster@website.com"; $headers = "From:" . $from; mail($to, $subject, $message, $headers); header("Location:http://www.websitecom/members/Members_Area/uploaded.html");

There are probably multiple issues with your code. Try reading mail and see if that helps. Plenty of examples there. For whitelisting in your email client: http://www.nerd4rent.com/reports/whitelists.htm Often ISP's also have a whitelist feature that works directly with their email server. When you get mail in your outlook it was first sent to your ISP's email server, and outlook is simply pulling the email from there. So if your ISP has already rejected the email as spam, a whitelist entry in outlook won't help you, but you need to cover all your bases. The things I brought up have to do with how servers work with the email system these days. The php mail() command by default can make a connection and send an email off. However, the server receiving the mail will be doing some verification, and if the server is not listed as the official "MX" or mail exchanger for the domain, or if it doesn't have an SPF listing or doesn't have a reverse dns entry, then most likely the email will be classified as spam. Often servers will look at a combination of these things and simply reject the email, so it never even gets into the server or is immediately deleted before you would ever have a chance to receive it. The first thing you need to do however, is address the issues with your code. A blank email is either going to be rejected or deleted, and there doesn't seem to be the proper variables set in your script for mail() to even create a valid email.

First of all remove the @ symbol from in front of the mail() command while you're debugging this. You may not be getting email from the server because it is being spam filtered, or there could be a configuration issue. The MX for your domain is: ;; ANSWER SECTION: exactusign.com. 3600 IN MX 0 smtp.secureserver.net. exactusign.com. 3600 IN MX 10 mailstore1.secureserver.net. So your authoritative mail servers appear to be controlled/hosted by your hosting company, and mail should be sent to them for forwarding and retrieval, otherwise it will be considered to be spam by almost all other email servers these days, and often blocked outright. Whatever email system you are using currently probably has a whitelist, so you should put in a whitelist entry for the email first and see if it appears. You should contact your hosting company and find out what the required configuration is for you to be able to send mail from your server.

It is impossible. With that said there is nothing in an htaccess that has anything to do with seo. Mod_rewrite rules only serve to support the url's that you have to explicitly advertise through your sitemap or link structure.

I'm guessing what you mean is, that you have something that drives how many tabs you need. If so, you should make a function that outputs the tab code, and generates the id based on a counter in the loop. Inside that function the div would be something like: function makeTab($id, $img, $h1, $para) { $out = ' return $out; } }

There are a few different ways to make strings in php. I'm not going to write a book on it right now, but the main ones are: $string = "Hello there"; $string2 = 'Hello there too'; So you can see that either single or double quotes delimits the start and end of the string. So the obvious question becomes... how would i have a string like: Hello there "friend" With single quotes it would not be a problem. $string = 'Hello there "friend"'; But if you tried to use double quotes, the parser would not know where you meant the string to end, and would generate a parsing error. $string = "Hello there "friend""; // doesn't work So when you want to embed characters in a string, you can use the escape character which in php is the backslash(\) to tell php that the character you're escaping (the following character) is a special character that should be treated as part of the string. $string = "Hello there \"friend\""; As you can see there are other escape characters like the "\n" which have special meaning in an interpolated php string (one created using enclosing "...")

Why have 2 tables, rather than adding a status to friend_request?

SELECT * FROM Users, Friends WHERE (Friends.user_id = $user AND Users.id = Friends.friend_id) OR (Friends.friend_id = $user AND Users.id = Friend.user_id) You should probably create a load of test data and benchmark both approaches. Also make sure you explain extended on the queries.

Yes if you're using innodb which has a clustered index. If not, it's more of a tossup -- double the data, vs half the data but 2 indexes. With that said, the cost on the size of the indexes is something you only have to pay on insert.

Yes, I'm with Ignace. It is meant to give someone access to a server. In fact, the way it was packaged makes it clear that it is intended as an exploit. Probably they are finding ways to get people to download that script to their servers and from their they can execute it, so yeah, you need to alert your ISP that they have some sort of XSS exploit on that page. You can point them to this thread if they want more information.

You have some strange code there. Not sure why in one case you select * from $table2, and then in the next query do a SELECT COUNT(*). You should pick one or the other method. Personally, I feel that if you only want a count of the number of rows then SELECT COUNT(*) is more correct. However, if you do a SELECT COUNT(*) you will always have one row in the result set, so you must fetch that row. $query = mysql_query("SELECT COUNT( * ) as countof FROM tbltracking WHERE TotalOut = 'Out'"); $row = mysql_fetch_assoc($query); $num = $row['countof'];

Thanks for the help. In your opinion, could this be a legit web interface for clients to control their hosting services, or does it really seem to be a malicious 3rd party backdoor? I will alert them right away if you think it's the latter. It's a shell so it could be of legitimate use, as it gives you quite a lot of control, so yeah it could be like a poor man's cpanel. Is this running on *your server*? Why would it be downloaded to your local machine?

Yes it derives from "madnet". I'm just posting a cached version of their site, but it's referenced in the source http://webcache.googleusercontent.com/search?q=cache:3wb9DWSlhkkJ:madnet.name/eng/files/1/+madnet+php+script&cd=2&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com

You should alert them, as it looks like someone has compromised their server and implanted this. Bad news.

Yes that is a nasty script that is packed in there. I wrote a script to unpack the source, and its ultimate payload is a kind of php form based shell to allow someone to run various commands as the webserver user. Just to give you an idea, here's a menu variable it sets up: $quicklaunch = array( array("HOME",$surl), array("","#\" onclick=\"history.back(1)"), array("=>","#\" onclick=\"history.go(1)"), array("UPDIR","#\" onclick=\"document.todo.act.value='ls';document.todo.d.value='%upd';document.todo.sort.value='%sort';document.todo.submit();"), array("Search","#\" onclick=\"document.todo.act.value='search';document.todo.d.value='%d';document.todo.submit();"), array("Buffer","#\" onclick=\"document.todo.act.value='fsbuff';document.todo.d.value='%d';document.todo.submit();"), array("Tools","#\" onclick=\"document.todo.act.value='tools';document.todo.d.value='%d';document.todo.submit();"), array("Proc.","#\" onclick=\"document.todo.act.value='processes';document.todo.d.value='%d';document.todo.submit();"), array("FTP brute","#\" onclick=\"document.todo.act.value='ftpquickbrute';document.todo.d.value='%d';document.todo.submit();"), array("Sec.","#\" onclick=\"document.todo.act.value='security';document.todo.d.value='%d';document.todo.submit();"), array("SQL","#\" onclick=\"document.todo.act.value='sql';document.todo.d.value='%d';document.todo.submit();"), array("PHP-code","#\" onclick=\"document.todo.act.value='eval';document.todo.d.value='%d';document.todo.submit();"), array("Self remove","#\" onclick=\"document.todo.act.value='selfremove';document.todo.submit();"), array("Logout","#\" onclick=\"if (confirm('Are you sure?')) window.close()") ); So that should give you an idea Definitely a reminder of how evil the eval() command is.

There's a lot of different ways to handle this, but just from a static point of view, if you have a variable in each page like: $page = 'news' or if you prefer a constant: define('PAGE', 'news'); This assignment just needs to be made before your include of the top_menu. Then you need a simple ternary. I would probably put something like that in a function (application of DRY principle) but I'll just show you the code for one li. </pre> <li echo class="current" :>>News</li

Hello. There are some people in staff who are doing some things like 2.x mods here. As for chat, not sure we'd have good advice in that area, our chat is good old irc.

Yes it is possible. The simplest way is to have the status table have a structure like this: Status ------------- status_id (int, pk, auto_increment) employee_id status created_on timestamp

Let me start with magic quotes: this is something that operates on input - get params, post, cookies.... and it's in essence running addslashes(). So to undo the effects of magic quotes, you simply need to run stripslashes on all those things. Otherwise, mysql_real_escape_string is transparent. Hopefully it's clear that the problem is that on production, magic quotes is gumming things up. With that said, do you work for your ISP? That decision may be outside of your control, but I certainly wouldn't give my money to a company with such a clearly antiquated configuration. I just can not understand it when people are dictated how their environment should work by crappy isp's. I mean magic quotes has been turned off by default for many years, and is officially deprecated and will be removed once and for all in php 6. You might try this in the .htaccess php_flag magic_quotes_gpc Off or php_value magic_quotes_gpc Off

I was just extrapolating based on what I assumed you wanted to do at this point. I thought that what you wanted to do was have the one single script that does the system() call configured so that it would use your admin user, but you did not want the entire server configured that way, so you would accomplish that in some fashion. Then in terms of how you continue to have your script operate, it would need to make a call to the script that does the system call from the main script, so that is where I would suggest using curl, but if I misunderstood, just ignore my ramblings.

You could also use fopen or use curl to run the one page, but yeah it seems like a creative workaround.

The only thing I can think of that might be of any help is to tell you that ultimately, php is calling CreateProcessAsUser(). I saw some notes about differences in environment handling in 2003 vs later versions. Basically, you're talking about a really moldy os and an antiquated version of IIS. I found this, which didn't seem directly relevant, but might offer some additional information: http://support.microsoft.com/kb/904056 Best of luck with this, but you may end up just having to run as admin.

Is ipv6 enabled on the IIS server? If so, try disabling it.

Great. Yes safe mode is a giant pain in the butt, and definately not needed for your own server. Its features were designed to try and add controls for shared hosting, but the php project people have pretty much admitted that the features weren't well designed and plan to remove them entirely.

Just for the heck of it, try passthru() and see if there's any difference.