Jump to content

macwise

Members
  • Posts

    23
  • Joined

  • Last visited

    Never

Profile Information

  • Gender
    Not Telling

macwise's Achievements

Newbie

Newbie (1/5)

0

Reputation

  1. Hey, friends. I have some trouble on the server front. My sites have been hacked, and I need to make sure I've eradicated every trace of this exploit. I'm looking for a way to search for any and all php files contained in multiple directories with specific names. For instance, I have found a commonality in relation to where these malicious files are placed, such as: /some/dir/img/somename.php or: /some/dir/js/somename.php Is there a way I can easily (e.g. using ssh and the "find" command) locate all files ending in php but only found in directories named "img"? I can't seem to find anything that would allow me to do this with find, or with a combination of find and grep. I can't go directory by directory, as some of these img directories are created many levels deep, some even in .svn directories. Any and all help is appreciated. Hackers suck.
  2. Thanks for all your help, fortnox007. I have played with that section of code for three days now to no avail. But, after researching yet further, it was finally my 437th google query that brought a reprieve. Turns out it is either latency, slow response from outside mail servers (yahoo, google, etc.) or both. I added the following line to my file, and all seems well now. I suppose this will fix 99% of my problems. $mail->Timeout = 120; // set longer timeout for latency or servers that take a while to respond So the previously posted mail section now looks like this: $mail = new phpmailer(); $mail->IsSMTP(); // set mailer to use SMTP $mail->Timeout = 120; // set longer timeout for latency or servers that take a while to respond $mail->CharSet="UTF-8"; $mail->Host = "localhost"; // specify main and backup server $mail->SMTPAuth = false; // turn on or off SMTP authentication $mail->Username = $user; // SMTP username $mail->Password = $passwd; // SMTP password For anyone that cares, timeout is set to a default of 10 seconds in the class.phpmailer.php file.
  3. Ok, I really didn't want to have to resort to this, but you people have left me no choice. Get ready for.... THE FULL CODE FILE!!!! (truncated and concatenated for some semblance of brevity) Can you see anything that would point to this thing failing? class.phpmailer.php AND class.smtp.php are both stock 5.1 files. My site is hosted on MediaTemple GridServer. That may be playing some part in this problem And finally, I can get these to send intermittently, only VERY intermittently. No idea what the difference is. Time? New session? Both? Neither? I dunno. <?php if (!isset($_COOKIE["Customer_Info_"])) { } //header("Location: ../confirmation/index.php?message=sent"); require("class.phpmailer.php"); //Contents of form $Customer_Name=$_POST['Customer_Name']; $Title=$_POST['Title']; $Organization=$_POST['Organization']; $Street_Address=$_POST['Street_Address']; $Street_Address_2=$_POST['Street_Address_2']; $City=$_POST['City']; $State=$_POST['State']; $Zip_Code=$_POST['Zip_Code']; $Country=$_POST['Country']; $Work_Phone=$_POST['Work_Phone']; $Email=$_POST['Email']; $Purhcase_Order=$_POST['Purhcase_Order']; $Shipping_Street_Address=$_POST['Shipping_Street_Address']; $Shipping_Address_2=$_POST['Shipping_Address_2']; $Shipping_City=$_POST['Shipping_City']; $Shipping_State=$_POST['Shipping_State']; $Shipping_Zip=$_POST['Shipping_Zip']; $Shipping_Country=$_POST['Shipping_Country']; $Shipping_Method=$_POST['Shipping_Method']; $shipping_standard=$_POST['shipping_standard']; $Instructions=stripslashes(htmlspecialchars($_POST['Instructions'], ENT_QUOTES)); $ipaddress=$_POST['ipaddress']; $productOrdered=$_POST['productOrdered']; $productOrdered2=str_replace('™', chr(153), $productOrdered); if($Customer_Name != ""){ setcookie("Customer_Info[Name]", $Customer_Name, time()+108000, "/", ".mydomain.com"); } if($Title != ""){ setcookie("Customer_Info[Title]", $Title, time()+108000, "/", ". mydomain.com"); } if($Organization != ""){ setcookie("Customer_Info[Organization]", $Organization, time()+108000, "/", ". mydomain.com"); } if($Street_Address != ""){ setcookie("Customer_Info[street_Address]", $Street_Address, time()+108000, "/", ". mydomain.com"); } if($Street_Address_2 != ""){ setcookie("Customer_Info[street_Address_2]", $Street_Address_2, time()+108000, "/", ". mydomain.com"); } if($City != ""){ setcookie("Customer_Info[City]", $City, time()+108000, "/", ". mydomain.com"); } if($State != ""){ setcookie("Customer_Info[state]", $State, time()+108000, "/", ". mydomain.com"); } if($Zip_Code != ""){ setcookie("Customer_Info[Zip_Code]", $Zip_Code, time()+108000, "/", ". mydomain.com"); } if($Country != ""){ setcookie("Customer_Info[Country]", $Country, time()+108000, "/", ". mydomain.com"); } if($Work_Phone != ""){ setcookie("Customer_Info[Work_Phone]", $Work_Phone, time()+108000, "/", ". mydomain.com"); } if($Email != ""){ setcookie("Customer_Info[Email]", $Email, time()+108000, "/", ". mydomain.com"); } if($Shipping_Street_Address != ""){ setcookie("Customer_Info[shipping_Street_Address]", $Shipping_Street_Address, time()+108000, "/", ". mydomain.com"); } if($Shipping_Address_2 != ""){ setcookie("Customer_Info[shipping_Address_2]", $Shipping_Address_2, time()+108000, "/", ". mydomain.com"); } if($Shipping_City != ""){ setcookie("Customer_Info[shipping_City]", $Shipping_City, time()+108000, "/", ". mydomain.com"); } if($Shipping_State != ""){ setcookie("Customer_Info[shipping_State]", $Shipping_State, time()+108000, "/", ". mydomain.com"); } if($Shipping_Zip != ""){ setcookie("Customer_Info[shipping_Zip]", $Shipping_Zip, time()+108000, "/", ". mydomain.com"); } if($Shipping_Country != ""){ setcookie("Customer_Info[shipping_Country]", $Shipping_Country, time()+108000, "/", ". mydomain.com"); } if($Shipping_Method != ""){ setcookie("Customer_Info[shipping_Method]", $Shipping_Method, time()+108000, "/", ". mydomain.com"); } if($shipping_standard != ""){ setcookie("Customer_Info[shipping_standard]", $shipping_standard, time()+108000, "/", ". mydomain.com"); } if ((strlen(preg_replace("/&[a-z]{2,5};/i",'X',$Customer_Name)) > 1) && (strlen($Customer_Name) > 1)) { $whitespaceposition = strrpos($Customer_Name," ",1); $nameTrimmed = substr($Customer_Name, 0, $whitespaceposition); } $sender = "me@mydomain.com"; $recipient = "me@myOTHERdomain.com"; $subject = "CLIENT's Order Form"; $message = "Customer name: $Customer_Name \n\r Title: $Title \n\r Organization: $Organization \n\r Phone Number: $Work_Phone \n\r Email: $Email \n\r Street Address: $Street_Address \n\r Street Address 2: $Street_Address_2 \n\r City: $City \n\r State: $State \n\r Zip Code: $Zip_Code \n\r Country: $Country \n\r\n\r Purhcase Order #: $Purhcase_Order \n\r\n\r Shipping Address: $Shipping_Street_Address \n\r Shipping Address 2: $Shipping_Address_2 \n\r Shipping City: $Shipping_City \n\r Shipping State: $Shipping_State \n\r Shipping Zip: $Shipping_Zip \n\r Shipping Country: $Shipping_Country \n\r Expedited Shipping?: $shipping_expedited \n\r Standard Shipping?: $shipping_standard \n\r Shipping Country: $Shipping_Country \n\r Instructions: $Instructions \n\r IP Address: $ipaddress"; $mail = new phpmailer(); $mail->IsSMTP(); // set mailer to use SMTP $mail->CharSet = "UTF-8"; $mail->Host = "localhost"; // specify main and backup server $mail->SMTPAuth = false; // turn on or off SMTP authentication $mail->Username = $user; // SMTP username $mail->Password = $passwd; // SMTP password $mail->From = $sender;//$from; //name listed in from field $mail->FromName = 'FROM THE CLIENT; $mail->AddAddress($recipient); //the name (e.g. Jack) will be set in address book $mail->AddAddress($Email); // Add customer as a recipient of this email $mail->AddReplyTo('me@myOTHERdomain.com, 'NO REPLY'); $mail->SMTPDebug = 2; $mail->WordWrap = 50; // set word wrap to 50 characters $mail->IsHTML(true); // set email format to HTML $mail->Subject = $subject; $htmlBody = '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">'; $htmlBody .= '<html xmlns="http://www.w3.org/1999/xhtml">'; $htmlBody .= '<head>'; $htmlBody .= '<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />'; $htmlBody .= '<meta http-equiv="X-UA-Compatible" content="IE=7" />'; $htmlBody .= '<title>Online Order</title>'; $htmlBody .= '</head>'; $htmlBody .= '<body style="font-family: \'Helvetica Neue\', Helvetica, \'Lucida Grande\', Verdana, sans-serif; font-size: 14px;">'; ?> {chopped here so this stays short...er} <?php $htmlBody .= '</div>'; $htmlBody .= '</body>'; $htmlBody .= '</html>'; $mail->Body = $htmlBody; $mail->AltBody = $message; //this will be interesting to figure out /* foreach ($_COOKIE["Product_ID_"] as $name => $cartItem) { setcookie("Product_ID_[$name]", "", time() - 3600, "/", ".mydomain.com"); } setcookie("Product_ID_", "", time() - 3600, "/", ". mydomain.com"); */ if(!$mail->Send()) //add code to tell what the error was here { echo "Message could not be sent. <p>"; echo "Mailer Error: " . $mail->ErrorInfo; //exit; really exit here? I don't think so } ?>
  4. Interesting you should suggest this, though. I've wondered if it's something like this. I added a reply to address in case the server was rejecting it for that reason. I've also removed my HTML doctype declarations et. al. in hopes that maybe the formatting was incorrect for Gmail. No go. Maybe the originating server is announcing itself as localhost or some such? I would expect that the phpmailer would handle that behind the scenes, but I'm really unfamiliar with the whole server side mail stuff past the basic contact form. Anything else I can check/test/experiment with?
  5. I am working on a phpmailer script that sends an order confirmation email to the customer AND the client at the same time. If I have the customer email and client email set both to the originating domain's email addresses (myname@myserver.com), then it sends fine. However, if I try to send to an outside mail server (eg. someone@gmail.com), I get the following errors: SMTP -> FROM SERVER:220 myserver.com ESMTP Exim 4.63 Sat, 18 Sep 2010 15:08:21 -0700 SMTP -> FROM SERVER: 250 myserver.com Hello localhost [127.0.0.1] 250-SIZE 52428800 250-PIPELINING 250-AUTH LOGIN PLAIN 250-STARTTLS 250 HELP SMTP -> FROM SERVER:250 OK SMTP -> FROM SERVER:250 Accepted SMTP -> FROM SERVER: SMTP -> ERROR: RCPT not accepted from server: SMTP Error: The following recipients failed: someone@gmail.com Message could not be sent. Mailer Error: SMTP Error: The following recipients failed: someone@gmail.com SMTP server error: I'm not sure what's going on here. Any SMTP or phpmailer geniuses here that can shed some light on what needs to happen here for this to send to any address?
  6. I've spoken with them. They say nothing is apparently wrong on their end. If I connect to a VPN server, I can get the form to submit without issues, but disconnecting doesn't resolve the issue. If I wait for a while, then try again, the form seems to work fine. I'm wondering if this is has something to do with a connection being left open on the server? I know next to nothing about phpMailer, so guesses is all I have.
  7. I am working on a webform that sends an email when submitted. The following output appears intermittently on the form.php page (I have currently disabled the page forwarding so I can see the output more easily). I am not quite sure what is going on, but when this occurs, no email is sent. Here's what the output looks like: SMTP -> FROM SERVER: SMTP -> FROM SERVER: SMTP -> ERROR: HELO not accepted from server: SMTP -> FROM SERVER: SMTP -> ERROR: MAIL not accepted from server: Message could not be sent. Mailer Error: SMTP Error: From address [myemail@myserver.com] failed This same file and same configuration has worked on and off, even when no changes are made. It seems that maybe the server is simply denying connections for some reason, but I'm not entirely sure, hence the post here. Any suggestions or ideas for debugging are GREATLY appreciated. Thanks!
  8. Sorry, my mistake. I had it changed in my code, but not here. Here's the final (I think), and it works very well: In the header: =========================================== <script type="text/javascript"> function delete_submit(prdt_id) { document.getElementById('prdt_id').value = prdt_id; document.getElementById('order_quantity').value = 0; window.forms['orderSummary'].submit(); } </script> =========================================== In the body: =========================================== <form id="orderSummary" name="orderSummary" action="***(DestinationPage)***" method="post"> <input type='hidden' name='product_id' id ='prdt_id' value=''> <input type='hidden' name='order_quantity' id ='order_quantity' value='0'> <input type="textbox" value="5" name="24" /> <a href="product_URL1" target="_blank">PRODUCT1</a> <a href="#" onclick="delete_submit(24)">REMOVE</a> <input type="textbox" value="7" name="29" /> <a href="product_URL1" target="_blank">PRODUCT2</a> <a href="#" onclick="delete_submit(29)">REMOVE</a> </form> ===========================================
  9. Thanks, the182guy. That fixed my form submission problem. I understand that I can use $_GET to send this data in the querystring, but I want it to be a little more tamper (and fool) proof for the users, hence the $_POST requirement. Here's what I ended up with, and it now works (these are zeroing out values in a cookie, FYI): In the header: =========================================== <script type="text/javascript"> function delete_submit(prdt_id) { document.getElementByID('prdt_id').value = prdt_id; document.getElementById('order_quantity').value = 0; window.forms['orderSummary'].submit(); } </script> =========================================== In the body: =========================================== <form id="orderSummary" name="orderSummary" action="***(DestinationPage)***" method="post"> <input type='hidden' name='product_id' id ='prdt_id' value=''> <input type='hidden' name='order_quantity' id ='order_quantity' value='0'> <input type="textbox" value="5" name="24" /> <a href="product_URL1" target="_blank">PRODUCT1</a> <a href="#" onclick="delete_submit(24)">REMOVE</a> <input type="textbox" value="7" name="29" /> <a href="product_URL1" target="_blank">PRODUCT2</a> <a href="#" onclick="delete_submit(29)">REMOVE</a> </form> ===========================================
  10. I could be wrong (green still here), but having just dealt with cookies, I think your problem is that your code is echoing something between your first setcookie block (to delete the cookie) and the second setcookie block. Try commenting out all of your echos and see if that fixes your problem?
  11. I must be misunderstanding this code snippet. Nothing happens when I click the Delete button. Here's what I have in my output: In the header: =========================================== <script type="text/javascript"> function delete_submit(prdt_id) { document.getElementByID('prdt_id').value = prdt_id; window.forms['orderSummary'].submit(); } </script> =========================================== In the body: =========================================== <form id="orderSummary" name="orderSummary" action="***(DestinationPage)***" method="post"> <input type='hidden' name='product_id' id ='prdt_id' value=''> <a href="product_URL1" target="_blank">PRODUCT1</a> <a href="#" onclick="delete_submit(24)">REMOVE</a> <a href="product_URL1" target="_blank">PRODUCT2</a> <a href="#" onclick="delete_submit(29)">REMOVE</a> </form> ===========================================
  12. Any sample code? I'm not too savvy with JS. Thanks for responding! P.S. The array would look like this: [6] => 3 [24] => 4 [25] => 2 [23] => 8 Where the key is the product ID and the value is the quantity...
  13. I have a form that is dynamically generated on an order summary page. When the page loads, I want the form to look similar to this: QUANTITY PRODUCT NAME DELETE PRODUCT 5 SuperWidget DELETE » 2 MiniWidget DELETE » 4 PsuedoWidget DELETE » SUBMIT When they click ANY of the DELETE» buttons, the form will submit and that particular product will be removed from the array. Am I over thinking this? How can I do this using @_POST? Or is @_GET my only option?
  14. @Stuartriches Thanks for your response. To answer your questions: The business model for my client doesn't really require this much complexity. Orders will be placed immediately and from a single computer or just called in for almost all cases. Order history will not be tracked for customers, and no login is required to order. Basically, due to the nature of the business, orders are placed and either A) the customer (who is on a credit account) is billed, or B) the NEW customer is contacted and run through a credit check process, so they can be billed for the current order and all orders placed thereafter. FYI, the previous website simply had an order page with a table listing all of the products requiring the customer to sift through the 40 or so products and select the quantity they wanted for each product ordered (default 0 for any products not ordered). Instead of keeping this abysmal list, I thought I would improve on this system by making the order page "smart", remembering any product they've ordered from any given product page. This keeps the final order list short and relevant. While I can appreciate this logic, these are capabilities which the client neither requires nor desires. This really is a simple site that is updated VERY infrequently, used by a very focused group of customers, and billed offline. If it were a full fledged shopping site, I would have hired my backend guy. Since the budget is so low, I, the front end guy decided to tackle it myself. I really am only seeking to make iterative changes to the flow from their current system, and am mostly improving their front end experience.
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.