Welcome to WebmasterWorld frost4225,

I removed the db specifics from your post, that can come back to bite you ;)

are you sure that's where the error is?

I assume you are getting this error from another file. Are you using eval in that other file?

I don't see anything wrong in the code you posted

thank you for that help with the db name.

i dont know let me see

well the page that it is trying to open is the login.php which is this one.

<?PHP
/*
admin/login.php - 08/07/2006 - 9:00pm PST - 2.0.1

PHP Live Helper

Copyright (c) 2001-2006 Turnkey Web Tools, Inc.
*/

define('PLH_SESSION_START', '1');

$abs_path = dirname(dirname(__FILE__));
include $abs_path."/admin/adminglobal.php";

if ($aspversion == 1 && $sess->gvar('site') == "") {
echo "Error! Invalid or missing site name. Please use URL format ".$asp[siteurl]."admin/login.php?site=yoursite";
exit;
}

if (isset($_POST[loginid]) && $aspversion == 1) {
if ($sess->gvar('site')!= "") {
$sdata=$DB_site->query_first("SELECT * FROM clients where login='".$sess->gvar('site')."'");
}
}

if (isset($_POST[loginid])) {
if ($sdata[id] == "" && $aspversion == 1) {
echo "Error! Invalid or missing site name. Please use URL format ".$asp[siteurl]."admin/login.php?site=yoursite";
exit;
}

if (is_file("install.php") ¦¦ is_file("install2.php") ¦¦ is_file("../upgrade.php")) {
$error = "Please remove all install and the upgrade files before attempting to continue!";
} else {
$plh->login($_POST[loginid], $_POST[pwd], $aspdata);
$sess->svar('adminid', $_POST[loginid]);
$sess->svar('adminpass', md5($_POST[pwd]));

header("location: adminindex.php?".$sess->name()."=".$sess->id());
exit;
}
}

echo $plh->template($settings[theme_path]."/login.html", array('devby' => $devby, 'apptitle' => $apptitle, 'cptag' => $cptag, 'error' => $error));

?>

[edited by: dreamcatcher at 3:12 pm (utc) on Feb. 18, 2007]
[edit reason] no urls, thanks. [/edit]

so, wild guess

this may be the line the error refers to

include $abs_path."/admin/adminglobal.php";

which probably includes common.php somewhere

take a look at the adminglobal file next, try searching for eval in that file, also look for the include for common.php

i think i might have found the common file that it was refering to. it also has the eval in it.

eval("\$temp = \"".addslashes($contents)."\";");

[edited by: frost4225 at 3:47 am (utc) on Feb. 18, 2007]

sorry for adding the whole thing

here you go

eval("\$temp = \"".addslashes($contents)."\";");

I don't use eval so I'm not sure but that looks ok

maybe it doesn't like the concatenation in there but I don't think that's it

I wonder if it has something to do with the $contents var

I agree, it's something related to that $contents var.

It might be a long shot but why not try and output the $contents into the broser before it evaluates it to see exactly what PHP code is being passed, just as a temporary measure.

e.g.

eval("\$temp = \"".addslashes($contents)."\";");

becomes

echo $contents;
exit;
eval("\$temp = \"".addslashes($contents)."\";");

Good luck.

Del

maybe i should have attatched the who common.php so that you can see the whole thing i am sorry.

<?PHP
/*
PHP Live Helper
Copyright (c) 2001-2006 Turnkey Web Tools, Inc.
*/

if (!defined('PLH_SESSION_START') ) { header("location: login.php?access_denied"); die("Access denied"); }

class common {
var $settings;
var $dbprefix;
var $DB_site;
var $dir_from;
var $lang;

function common (&$DB_site, $settings, $dbprefix, $lang) {
$this->DB_site=& $DB_site;
$this->settings= $settings;
$this->dbprefix= $dbprefix;
$this->dir_from= dirname(dirname(__FILE__));
$this->lang= $lang;
}

function time () {
return strtotime('now');
}

function desql ($in) {
$in = str_replace("=", "", $in);
$in = str_replace(" OR ", "", $in);
$in = str_replace(" or ", "", $in);
$in = str_replace(" Or ", "", $in);
$in = str_replace(" oR ", "", $in);
$out = str_replace("'", "", $in);
$out = str_replace("`", "", $in);
$out = str_replace("\"", "", $in);
return $out;
}

function checkadmin ($username, $password) {
if (!isset($username) ¦¦!isset($password)) {
header("location: login.php");
exit;
}
$result=$this->DB_site->query_first("SELECT * from ".$this->dbprefix."admin_accounts where userid='".$this->desql($username)."' AND password='".$this->desql($password)."'");
if (isset($result[name])) {
foreach ($result as $key => $val) {
$return[$key] = stripslashes($val);
}
} else {
header("location: login.php?error=".$this->lang[ilogin]);
exit;
}
return $return;
}

function admincleanup () {
$reps_in_chat = 0;
$result=$this->DB_site->query("SELECT * from ".$this->dbprefix."admin_sessions");
while ($row=$this->DB_site->fetch_array($result)) {
$lasttime=$this->time()-$row[usertime];
if ($row[inchat] == 1) { $reps_in_chat++; }
if ($lasttime > 30){
$this->DB_site->query("DELETE from ".$this->dbprefix."admin_sessions where adminid='".$row[adminid]."'");
$this->DB_site->query("DELETE from ".$this->dbprefix."chat_sessions where adminid='".$row[adminid]."'");
$this->DB_site->query("DELETE from ".$this->dbprefix."requests where adminid='".$row[adminid]."'");
}
}
}

function usercleanup ($adminid) {
global $showqueries;
$this->cleanup();
$this->DB_site->query("DELETE from ".$this->dbprefix."chat_sessions where adminid='".$adminid."'");

$result=$this->DB_site->query("SELECT * from ".$this->dbprefix."user_sessions");
while ($row=$this->DB_site->fetch_array($result)) {
$end1 .= " AND `sid`<>'".$row['sid']."'";
}

$this->DB_site->query("DELETE from ".$this->dbprefix."user_sessions where `sid`<>'123'".$end1);
$this->DB_site->query("DELETE from ".$this->dbprefix."requests where `sid`<>'123'".$end1);
$this->DB_site->query("DELETE from ".$this->dbprefix."chat_sessions where `sid`<>'123'".$end1);
$this->DB_site->query("DELETE from ".$this->dbprefix."footprints where `sid`<>'123'".$end1);
}

function cleanup () {
global $lang_status;
$result=$this->DB_site->query("SELECT * from ".$this->dbprefix."user_sessions");
while ($row=$this->DB_site->fetch_array($result)) {
$lasttime=$this->time()-$row[usertime];
if ($lasttime > 60) {
$end1 .= " OR sid='".$row['sid']."'";
} elseif ($lasttime > 15) {
$end2 .= " OR sid='".$row['sid']."'";
}
}
$this->DB_site->query("DELETE from ".$this->dbprefix."user_sessions where sid=''".$end1);
$this->DB_site->query("DELETE from ".$this->dbprefix."requests where sid=''".$end1);
//$this->DB_site->query("DELETE from ".$this->dbprefix."chat_sessions where sid=''".$end1);
$this->DB_site->query("DELETE from ".$this->dbprefix."footprints where sid=''".$end1);

$this->DB_site->query("UPDATE ".$this->dbprefix."user_sessions set status='".$lang_status[out]."' where sid='123'".$end2);
}

function get ($table, $id, $from="id") {
$result=$this->DB_site->query_first("SELECT * FROM ".$this->dbprefix.$table." where ".$from."='$id'");
if (is_array($result)) {
foreach ($result as $key => $val) {
$info[$key] = stripslashes($val);
}
}
return $info;
}

function login ($username, $password, $aspdata) {
$this->admincleanup();
$result=$this->DB_site->query_first("SELECT * from ".$this->dbprefix."admin_accounts where userid='".$this->desql($username)."'");
$sessns=$this->DB_site->query_first("SELECT * from ".$this->dbprefix."admin_sessions where adminid='".$this->desql($username)."'");

if ($aspdata[nologin] == 1) {
header("location: login.php?error=Error!%20Your%20account%20is%20currently%20".$aspdata[currentstatus].".%20Please%20contact%20us%20ASAP.");
exit;
}

if (!isset($result[id])){
header("location: login.php?error=".$this->lang[ilogin]);
exit;
} elseif ($result[password]!= md5($password)){
header("location: login.php?error=".$this->lang[ipass]);
exit;
} elseif (isset($sessns[adminid])){
header("location: login.php?error=".$this->lang[sinall]);
exit;
}

$this->DB_site->query("UPDATE ".$this->dbprefix."admin_accounts set lastlogin='".$this->time()."' where userid='".$this->desql($username)."'");
$this->usercleanup($this->desql($username));
return;
}

function check_access ($action, $sub, $admin) {
$check_array = array (
'operators' => array (
'view' => 'view_ops',
'add' => 'manage_ops',
'edit'=> 'manage_ops',
'store'=> 'manage_ops',
'delete'=> 'manage_ops',
'update'=> 'manage_ops',
'logout'=> 'manage_ops',
),
'departments' => array (
'view' => 'view_deps',
'add' => 'manage_deps',
'store'=> 'manage_deps',
'update'=> 'manage_deps',
'delete'=> 'manage_deps',
'edit'=> 'manage_deps',
'images'=> 'manage_deps',
'generate'=> 'manage_deps',
'mimages'=> 'manage_deps',
'updateimages'=> 'manage_deps',
'updatemimages'=> 'manage_deps',
),
'transcripts' => array (
'view' => 'view_trans',
'manage' => 'manage_trans',
'show' => 'view_trans',
'delete' => 'manage_trans',
'update' => 'manage_trans',
),
'settings'=> array (
'general' => 'gen_settings',
'images'=> 'image_settings',
'colors' => 'color_settings',
'ips' => 'ip_settings',
'templates' => 'manage_templates',
'pushes'=> 'manage_pushes',
'survey'=> 'manage_survey',
'optimize' => 'opt_database',
'monitor' => 'traffic_monitor',
),
'reports' => array (
'view' => 'view_reps',
'manage' => 'manage_reps',
'surveyr' => 'view_survey',
'msurvey' => 'manage_survey',
'vstats' => 'view_stats',
'mstats' => 'manage_stats',
),
);

$key = $check_array[$action][$sub];

if ($admin[$key] == 1 ¦¦ $key == "") return 1;
else return 0;
}

function template ($file, $vars=array(), $i=0) {
ob_start();
include $this->dir_from."/admin/".$file;
$contents = ob_get_contents();
ob_end_clean();

$settings = $this->settings;
$lang_settings = $this->lang;

$contents = ($vars[hide]!='')?str_replace("Start Hide $vars[hide] //-->", "", $contents):$contents;
$contents = ($vars[hide]!='')?str_replace("<!--// End Hide $vars[hide]", "", $contents):$contents;
eval("\$temp = \"".addslashes($contents)."\";");

return $temp;
}

function getside ($startlink, $i) {
$heading = array($this->lang[reps], $this->lang[departments], $this->lang[tran], $this->lang[set], $this->lang[reports], $this->lang[action2]);
if (is_array($startlink[$i])) {
while (list($key, $val) = @each($startlink[$i])) {
$subs = $startlink[$i][$key][sub]; $name = $startlink[$i][$key][name]; $link = $startlink[$i][$key][link];
$sidecont .= "<a href=\"$link\" class=\"side_link\">$name</a>";
}
}
return sidetable ($heading[$i], $sidecont);
}

function addside ($action, $links, $names) {
while (list($key) = @each($links)) {
$sidecont .= "<a href=\"adminindex.php?action=$action&sub=".$links[$key]."\" class=\"side_link\">".$names[$key]."</a>";
}
return sidetable ($this->lang[action2], $sidecont);
}

function head_links ($startlink) {
$heading = array($this->lang[reps], $this->lang[departments], $this->lang[tran], $this->lang[set], $this->lang[reports], $this->lang[tmonitor]);
for ($i=0; $i<6; $i++) {
if (is_array($startlink[$i])) {
$links['link_'.$i] = $startlink[$i][0][link];
$links['name_'.$i] = $heading[$i];
}
}
return $links;
}

function flu#*$!() {
echo str_repeat("<!--// Hidden //-->", 512);
flush;
ob_flush;
}
}
?>

[edited by: eelixduppy at 2:29 pm (utc) on May 15, 2007]

can someone please help with this the above did not work

Hello,

Welcome to WebmasterWorld!

Try changing the following:

eval("\$temp = \"".addslashes($contents)."\";");
#
return $temp; 

To something like this"

return $contents;

The original code doesn't make much sense. Post back the results you get, including any errors that still may come. Please be brief, however, as reviewing a lot of code will make it harder to find the problem.

Good luck! :)

everything comes up wierd dont know how to explain it but i will show you.

<snip>

[edited by: dreamcatcher at 11:47 pm (utc) on Feb. 22, 2007]
[edit reason] no urls, thanks. [/edit]

Your PHP script isn't surrounded properly by php tags because the php is being taken as a string literal and not interpreted. You must include the opening (<?php) and closing (?>) tags where appropriate.

Also, posting personal links at WebmasterWorld is forbidden as stated in our Terms of Service [webmasterworld.com]. Thanks for your understanding :-)