hehe, thanks but I just misstyped it here.
I checked it like a hundret times in the block.

For now I am leaving it there.
But I still do not understand why include wouldn't work?

Yes through admin->System->Blocks->New Block.
Looks like includes do not work?! Although if I click on preview the block displays correctly. But if I set it to visible my main page goes blank.

I also tried to paste the whole script into the block and it works correctly.

Thanks for the quick reply!

It helps if I enter the code without <?php ?>. But now I have a blankpage with only the echo statement showing.
I think it is a problem with my include statement. While
include("../countdown/coundown.php"); will work in modules (the countdown dir is in /modules/ dir) I am not sure if it will work on my main page as it is not in the modules directory bacause I have no module for a start page(only blocks).

Do you know how I should form the include?
If I include the fullpath I get an error with the seek stream reported.

Thank you!

I am trying to display a coundown to a specific date in a blok. Therefor I created a new block and for the content type I selected "PHP Script".
I entered my script but the bloc does not display anything.
Is there anything special I need to know?

The script is very simple. One include statement, one function call and one echo function.

Thank you for your help.

If you do a search you will find there is one available from www.djnews24.net.

I agree it is a security risk. But it is the best calendar module for XOOPS as far as I know and our site is heavily based on it. I think with the htaccess file in place it should be no problem?!

I did one more thing: I uploaded the exploit scripts they used to my server and I tryed to run them with the same comands they used and I only got info about the server and this:

User Info: uid(99) euid(99) gid(99)

I don't think this helps them much?

Thank you!

I have analized my logs and there were only 6 attempts alltogether from 2 different ip-s. They were all made on different dates and there were never two sequential.
So I'm guessing they didn't come in? Or did they allways get what they wanted on their first try with this command: cmd=cd%20/var/tmp;uname%20-a ???

I also contacted my provider and they will look over the server logs and will hopefully be able to tell me if they came in.

So your advice is to put a .htaccess file in my root with php_value register_globals 0 in it. And then only put htaccess files(with php_value register_globals 0) to the few module directorys that require globals to be on?

I am changing my passes right now while everything is still working.

I already replaced all the agenda files.I will be raplacing more files if I find out they did anything.

I still have the problem with the redirect after login. the variable $xoops_requesturi is defined in the header.php file like this:
$xoopsTpl->assign('xoops_requesturi', htmlspecialchars($GLOBALS['xoopsRequestUri'], ENT_QUOTES));

xoopsRequestUri is defined in includes/common.php like this:
$xoopsRequestUri = @xoops_getenv('REQUEST_URI');

I don't understand where the value modules/agendax/index.php?op=view&id=79 comes in?

Thanks for your help you are really helping me here. In oter words: I would be totaly lost without your tips.

http://teranova.fr/2003/lila.jpg

it is some kind of script for php-shell acces script.
Will my provider know it security has held?

I have found some of your other posts so I have placed the .htaccess file you suggested.
Do you think they got in?

Should I change passwords for everything while everything is stil ok?...The only thing wrong is the login redirect.