#1
  1. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Sep 2013
    Posts
    10
    Rep Power
    0

    Simple PHP BASIC error [NEED HELP URGENTLY]


    Hey,

    Thank you for attending the post, and helping me out, it is much appreciated.

    When I visit the following link:
    http://lps.eardor.com/ppv/rot1/index.php?keyword=testing123


    I get this Error:
    Parse error: syntax error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING in /home/partners/public_html/lps/ppv/rot1/index.php on line 1

    Below is the code for the PHP link, is there anything wrong with it?
    Code:
    <?php $link[1] ="http://t.eardor.com/tracking202/redirect/tracker.php?t202id=3112&c1=leadimp&c2=lp1&c3=camp1&t202kw=<?php $id_5 = $_GET['keyword']; print("$id_5"); ?>";
    $link[2] = "http://t.eardor.com/tracking202/redirect/tracker.php?t202id=8121&c1=leadimp&c2=lp2&c3=camp1&t202kw=<?php $id_5 = $_GET['keyword']; print("$id_5"); ?>";
    $link[3] = "http://t.eardor.com/tracking202/redirect/tracker.php?t202id=1136&c1=leadimp&c2=lp3&c3=camp1&t202kw=<?php $id_5 = $_GET['keyword']; print("$id_5"); ?>";
    if(!isset($HTTP_cookie_VARS['link'])){ $n=count($link);
    $rand=rand(1,$n); setcookie("link",$rand,time()+3600);
    header('location:'.$link[$rand]); }else{ $go=$link[$_COOKIE['link']]; header('location:'.$go); } ?>
  2. #2
  3. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Oct 2007
    Location
    US
    Posts
    105
    Rep Power
    55
    Do you mind me asking why you are trying to inject php code into a url?
  4. #3
  5. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Sep 2013
    Posts
    10
    Rep Power
    0
    Hey,

    It's not particularly my code, my brother runs the site and doesn't program, so he just tried messing around, he manipulated another code which did not have the $_GET function in order for him to follow the clients orders for advertising purposes.

    Here is the working code he manipulated:

    Code:
    <?php $link[1] ="http://www.empowernetwork.com/almostasecret.php?id=peterd";
    $link[2] = "http://www.empowernetwork.com/weirdmarketingtricks.php?id=peterd";
    $link[3] = "http://www.empowernetwork.com/theylovetobuy.php?id=peterd";
    $link[4] = "http://www.empowernetwork.com/recruitingtrick.php?id=peterd";
    $link[5] = "http://www.empowernetwork.com/sellingtrick.php?id=peterd";
    if(!isset($HTTP_cookie_VARS['link'])){ $n=count($link);
    $rand=rand(1,$n); setcookie("link",$rand,time()+3600);
    header('location:'.$link[$rand]); }else{ $go=$link[$_COOKIE['link']]; header('location:'.$go); } ?>
  6. #4
  7. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Oct 2007
    Location
    US
    Posts
    105
    Rep Power
    55
    That code makes more sense to me.
    I still don't follow what you're trying to do with the first example.
    If I fix your code you will just have more questions.

    For starters you need to have actually look at the php manual and read about strings, escaping, and character encoding.
  8. #5
  9. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Sep 2013
    Posts
    10
    Rep Power
    0
    Originally Posted by nightFix
    That code makes more sense to me.
    I still don't follow what you're trying to do with the first example.
    If I fix your code you will just have more questions.

    For starters you need to have actually look at the php manual and read about strings, escaping, and character encoding.

    Well, the purpose is to have the link rotating to a different landing pages.

    Here is a link to broaden my explanation: http://prosper.tracking202.com/scripts/rotate-offers/

    I never took PHP yet, however fixing the code for now is important at this time, and I would very much appreciate your assistance, as long as the code works, I promise you will receive nothing but gratitude and my debt.
  10. #6
  11. --
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Jul 2012
    Posts
    3,959
    Rep Power
    1014
    Ouch.

    The code you've copypasted is obsolete since 12 years -- that's when this $HTTP_COOKIE_VARS stuff got replaced with the $_COOKIE superglobal. Stealing code from random websites is not a good idea, because most of it was written by clueless schoolkids in the 90s. That's not really what you want to have on your server, accessible by the whole world.

    Secondly, this has no security or correctness whatsoever. Do you really wanna redirect the user to any URL that happens to be in the "link" cookie? You also can't just dump arbitrary data into a URL. It must be encoded first.

    Last but not least, PHP doesn't work like that. You can't nest PHP tags. I don't even understand what that is supposed to do. If you already are in "PHP mode", just write down the code. No <?php ?> stuff.



    Originally Posted by silvansly
    I never took PHP yet, however fixing the code for now is important at this time, and I would very much appreciate your assistance, as long as the code works, I promise you will receive nothing but gratitude and my debt.
    If somebody f*cks up your server, having "fixed" the code as quickly as possible doesn't help you, does it?
    The 6 worst sins of security ē How to (properly) access a MySQL database with PHP

    Why canít I use certain words like "drop" as part of my Security Question answers?
    There are certain words used by hackers to try to gain access to systems and manipulate data; therefore, the following words are restricted: "select," "delete," "update," "insert," "drop" and "null".
  12. #7
  13. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Sep 2013
    Posts
    10
    Rep Power
    0
    Hey,

    I appreciate the information. Thank you, and No it wouldn't be good if the server was broken into.

    You seem knowledgeable and I appreciate your time spent here.

    Cheers
    Regards.
  14. #8
  15. --
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Jul 2012
    Posts
    3,959
    Rep Power
    1014
    Originally Posted by silvansly
    Thank you, and No it wouldn't be good if the server was broken into.
    Right. This means: Don't rush it. Either take the time to actually learn the basics of PHP and security so that you can write the code yourself. Or take the time to find a good programmer and hire him or her.

    Quickly throwing together some code without understanding what it does can easily end up in a disaster. We don't need yet another zombie server flooding the Internet with spam and malware.
    The 6 worst sins of security ē How to (properly) access a MySQL database with PHP

    Why canít I use certain words like "drop" as part of my Security Question answers?
    There are certain words used by hackers to try to gain access to systems and manipulate data; therefore, the following words are restricted: "select," "delete," "update," "insert," "drop" and "null".
  16. #9
  17. --
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Jul 2012
    Posts
    3,959
    Rep Power
    1014
    I didn't realize you actually have that stuff online already. Oh boy.

    Comments on this post

    • silvansly agrees : Very resourceful, very informative.
    The 6 worst sins of security ē How to (properly) access a MySQL database with PHP

    Why canít I use certain words like "drop" as part of my Security Question answers?
    There are certain words used by hackers to try to gain access to systems and manipulate data; therefore, the following words are restricted: "select," "delete," "update," "insert," "drop" and "null".
  18. #10
  19. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Sep 2013
    Posts
    10
    Rep Power
    0
    Alright,

    That code isn't used at the moment. Thank you for the heads up and for the small tut on what to do to improve this situation.


    I'm currently reading through the manual, and looking through your old posts, which are actually very useful and resourceful. Seems like you have been around the block quite a bit.

    Thanks for taking the time to respond to my thread, and actually help with advice.

    I appreciate it, and working towards fixing it and of course providing security to the plain script.


    You sir, deserve rep.

IMN logo majestic logo threadwatch logo seochat tools logo