First of all, the html:
<input id="imagefile" type="file" style="display:none;" name="uploadedfile"/> <a class="btn-img" href="#"><img alt="Browse" src="/public/images/add.gif"></a>
Second, the jquery:
<script type="text/javascript">
$(document).ready(function() {
$("A.btn-img").click(function () {
$("#imagefile").trigger('click');
});
});
</script>
You created a form, but your client doesnt want a ugly submit button but plain text. Now your enter (or break) key will not submit the form anymore… There is a fix for that 
<input name="password" type="password" onclick="if(this.value == '********') this.value = ''" onblur="if(this.value == '') this.value = '********'" value="********" onKeyPress="submitMe()" />
function submitMe() {
if (window.event.keyCode == 13)
{
document.loginForm.submit();
}
}
<input id="submit" type="submit" value="Send" name="submit">
#submit {
background: url("/images/login.gif") no-repeat scroll 0 0 #FFFFFF;
border: medium none;
font-size: 0;
height: 35px;
width: 75px;
}
Create wm.php and insert:
<?php
//we tell the server to treat this file as if it wore an image
header('Content-type: image/jpeg');
//image file path
$img = $_GET['src'];
//watermark position
$p = $_GET['p']; if(!$p) $p = 'br';
/*
p can be anything from the following list:
tl = top left
tc = top center
tr = top right
cl = center left
c = center of the image
cr = center right
bl = bottom left
bc = bottom center
br = bottom right
*/
//watermarked image quality
$q = $_GET['q'];
//if the quality field is missing or is not on the 0 to 100 scale then we set the quality to 93
if(!$q || $q<0 || $q>100) $q = '93';
$filetype = substr($img,strlen($img)-4,4);
$filetype = strtolower($filetype);
if($filetype == ".gif") $image = @imagecreatefromgif($img);
if($filetype == ".jpg") $image = @imagecreatefromjpeg($img);
if($filetype == ".png") $image = @imagecreatefrompng($img);
if (!$image) die();
//getting the image size for the original image
$img_w = imagesx($image);
$img_h = imagesy($image);
//if the filename has 150x150 in it's name then we don't apply the watermark
if (eregi("150x150", $img)) {
imagejpeg($image, null, $q); die();
} else {
$watermark = @imagecreatefrompng('bwmark.png');
}
/*
//if you want to use the watermark only on bigger images then use this instead of the condition above
if ($img_w < "150") {//if image width is less then 150 pixels imagejpeg($image, null, $q); die(); } else { $watermark = @imagecreatefrompng('bwmark.png'); } */ //getting the image size for the watermark $w_w = imagesx($watermark); $w_h = imagesy($watermark); if($p == "tl") { $dest_x = 0; $dest_y = 0; } elseif ($p == "tc") { $dest_x = ($img_w - $w_w)/2; $dest_y = 0; } elseif ($p == "tr") { $dest_x = $img_w - $w_w; $dest_y = 0; } elseif ($p == "cl") { $dest_x = 0; $dest_y = ($img_h - $w_h)/2; } elseif ($p == "c") { $dest_x = ($img_w - $w_w)/2; $dest_y = ($img_h - $w_h)/2; } elseif ($p == "cr") { $dest_x = $img_w - $w_w; $dest_y = ($img_h - $w_h)/2; } elseif ($p == "bl") { $dest_x = 0; $dest_y = $img_h - $w_h; } elseif ($p == "bc") { $dest_x = ($img_w - $w_w)/2; $dest_y = $img_h - $w_h; } elseif ($p == "br") { $dest_x = $img_w - $w_w; $dest_y = $img_h - $w_h; } imagecopy($image, $watermark, $dest_x, $dest_y, 0, 0, $w_w, $w_h); imagejpeg($image, null, $q); imagedestroy($image); imagedestroy($watermark); ?>
Create index.php and insert:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Untitled Document</title> </head> <body> <img src="wm.php?p=bl&q=100&src=INSERT-YOUR-IMAGE.jpg"> </body> </html>
source: http://dolcepixel.com/how-to-watermark-all-your-uploaded-images/
The following script can be used to check multiple domains for infection of the lilupophilupop.com SQL injection attacks. If you are a resposible webdeveloper then you might want to use this to check if one of your sites are infected.
First of all create a domains.txt file where you have a list of all the domains that you want to check, seperated by an enter.
Then find a webserver running php with the curl extension installed.
Paste the following code in a check.php file and upload this and the domains.txt to you webserver.
[edit]
Due to some problems with the encoding that wordpress does the following code might not work corretly. So i would recomend that you copy paste from the following link: checker.txt
<?php
// define variables
$file = "domains.txt";
$lines = file($file);
foreach($lines as $line) {
// this string replace is done to remove the breaks from the textfile please replace the BACKSLASH with a real backslash
$line = str_replace("BACKSLASH n", "", $line);
$url = 'https://ajax.googleapis.com/ajax/services/search/web?v=1.0&q=site%3A'.$line.'+"<script+src%3D"http%3A%2F%2Flilupophilupop.com%2F"'; // sendRequest
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_REFERER, 'schouman.info');
$body = curl_exec($ch);
curl_close($ch);
// now, process the JSON string
$json = json_decode($body);
if (empty($json->responseData->results)){
echo "<b>".$line."</b>";
echo "";
echo "clean";
} else {
echo "<b>".$line."</b>";
echo "";
echo "Number of results: ";
print_r($json->responseData->cursor->estimatedResultCount);
echo "";
echo "Check all the results: <a href='";
print_r($json->responseData->cursor->moreResultsUrl);
echo "'>";
print_r($json->responseData->cursor->moreResultsUrl);
echo "</a>";
}
echo "";
}
?>
Run the script in your browser and see if your website was infected by the lilupophilupop.com SQL injection attacks.
For more info check:
http://isc.sans.edu/diary/Lilupophilupop+tops+1million+infected+pages/12304
http://tweakers.net/nieuws/79079/sql-besmetting-infecteert-meer-dan-een-miljoen-paginas.html
Leave a comment if there are faults or errors.