Most Liked Content

Hello people!

I am testing CMS for vulnerabilities on the first place.
If you find any error, please send message to me or post it here. If you have any idea how I can improve CMS it would be nice to say me
Soon some components like forum and photo gallery will be added.

Website URL: http://goo.gl/rDcS0
Verification file: http://goo.gl/X6UAF


I created account for phpfreaks members, but I'll be happy if you register

username: phpfreaks
password: phpfreaks


Thanks in advance!

All -

We have recently upgraded our forums to new software - IPB. PHP Freaks has been needing to grow and expand, which our previous software did not really allow us to do. We're excited to make the first steps of bringing in new features to our members and this conversion was definitely a giant leap in the right direction. Of course with change comes pains, but we've done our best to mitigate these. However, if you see anything wrong or have suggestions / complaints, we definitely would love your opinion to be heard.

You'll also notice with the upgraded forums a new look. We're updating our branding and will be tweaking this over the next few weeks to make the new skin a bit more bearable.

What else is in store for PHP Freaks? We're in the process of developing a brand-new main site with more features, upgraded branding (to match here) and most importantly - more content! Yup, more tutorials, articles, etc. will be coming in the next few months.

Again, thank you for your patience as we fix any bugs!

The PHP Freaks Team

--

Other notes:
If you have an iPhone, you can get a mobile app ($1.99) that allows you to get push notifications (for replies, PMs, etc.) We do not own the app, it is our software providers, however our forums will support this.

Well, this is my second time posting my project here. There have been way to many upgrades / re-factors to list. Basically it is a full functioning cms, with many features (that don't hinder the site's usability).

I would like to ask for the community to take a look, and try to break the site. If you find anything that looks odd / weird; please post as well.


Site: http://auth.gludoe.com/
Verification: http://auth.gludoe.com/phpfreaks.txt

Test Account:
Email: test1@gludoe.com
Password: test


PS: this is a link to my previous topic, in which i can not edit, so i decided to create a new one.

PPS: If the site is offline; it is running off my laptop at home, and sometimes it gets unplugged accidentally. I will do my best to keep it online until my testing purposes are completed.

Hi,

I have just finished creating a profanity filter in PHP and would like to see if anyone can bypass it.

I have spent a few days working on the algorithm which accounts for spaces and symbols as well as words that sound like profanity eg/ replacing "er" with "a".

I should mention that this project displays a list of all the words that bypass the filter. So if you do not wish to see these words then please do not visit the page.

http://cjmarkham.co....ects/profanity/

http://cjmarkham.co....y/phpfreaks.txt

Thanks

Esteemed Barand left for a season;
as to why, he gave us no reason.
But now he is back,
to pick up the slack,
and make up for his unexplained treason

He starts off with act of good will,
with offers of premium swill.
We toast and we cheer,
as we kick back some beer,
and engage in much epic trill

It is now the wee hours of morn
much drinking and possible porn
there's midgets passed out
no stout found throughout
and hangovers sure to be born

Celebration has passed with success
For details recalled, I digress
But it's now back to work
albeit with a smirk
lookin' forward to the next recess

ok so i tried that query inplace of mine and am getting a blank page do i need to stop using the function with it?

 

 . . .

what i did was simply changed my query to yours, was there something else i missed or did not do?

Um yeah, I think the reason Jessica got frustrated is that you are not really reading the information provided and are instead filtering it through some preconceived ideas. I specifically stated "You don't need any of that logic" and said you could do the whole thing with your query. So, what do you do? You implement that query using the logic you already have and get unexpected results. I even provided an example of what the database result set would be - I thought that would be enough for you to understand how you could implement it. The least you could have done was to run the query through PHPMyAdmin, or whatever you are using to manage your database, and see that it works before even trying to implement it in your code.

 

Those of us who routinely respond to posts enjoy helping people. We don't get paid to do this. So, when someone receiving our help does not time the time and consideration to really read what is provided or complains about a simple typo in code that we provide it seems the person is not appreciative of our time and effort.

 

So, let me spell it out for you. This should be all you need:

include("./sql-conn.php");
$db = mysql_connect($hostname, $username, $password)
        or die('Failed to connect to database: ' . mysql_error());
mysql_select_db($database);
$query = "SELECT IF(`hide`=1, 'none', `class_1`) AS `option`,
                 GROUP_CONCAT(`name` SEPARATOR ',') AS `names`
          FROM class
          GROUP BY `option`
          ORDER BY `option`='none', `option`, `name` AS";
$result = mysql_query($query) or die('Failed Getting Results: ' . mysql_error());
while ($row = mysql_fetch_assoc($result))
{
    echo "<b>{$row['option']}</b><br>{$row['names']}<br><br>\n";
}

 

However, that will output the names as a comma separated list (due to the GROUP_CONCAT in the query). In the output you want you apparently want a line break after each name. That is a trivial problem to solve which I expect YOU to solve. You can either implement that in the query by changing the string that is used to concatenate the names or you can take the comma separated string of names and implement the logic in the PHP code. I would do the latter.

Yes, lets just stop developing PHP and make PHP 5.5 its final version already. Why keep requesting new features?

Have you actually taken part in the development process?  Or made RFCs?  Because wishcasting here isn't 'developing PHP' nor is it officially requesting new features.  We're not tied to Zend.  That's why we're generally amused/bemused at your quest to make PHP better.  Writing posts here isn't actually accomplishing any of that.

I'm a fan of doing local business.  Online freelance gigs always struck me as a bit sketchy as there's little to no face-to-face contact.  Being able to actually sit down and talk to a client is invaluable.  For one, it makes the consultation process go a lot smoother.  But, it also reinforces that human connection.  It's easy for one side to screw the other over if they're just an email or IM entity, especially if they're in another country.  Interacting with a real person is grounding.

Local businesses tend to fall into three categories:

1. They don't want a site
2. They don't currently have a site, but want one
3. They have a site, but it's shit

There's not much you can do with category 1.  Category 2 is nice, but it tends to be filled with clueless clients that drag their feet and are indecisive.  Worthwhile, but also frustrating.  Category 3 is the honey pot - you can sweep in and save the day, thereby getting yourself both a nice payment and future business as they usually spread the word and offer glowing reviews.  They also tend to know what they want, and are willing to work with you to get it done.  However, since they feel letdown/burned/betrayed by their last developer, trust is an issue.  Earn that trust, and they'll be in your corner forever.

How do you find local businesses to work for?  Ask your friends and family if any of the places they frequent have a site.  Go to your local hangout places and offer your services.  Every town has at least a couple of small business owners that want more.  And if you can satisfy them, more will appear.

One word of advice: in the rush to get new clients, don't oversell your abilities too much.  The worst kind of developer you can be is one that over sells and under delivers.  Then again, people like me make money cleaning up those kinds of messes....

Greetings PHP Freaks,

You may have noticed me stopping by here from time to time over the past few weeks. I've been reading and learning, posting and (I hope) helping. I make websites for a living, and in my spare time I have been creating a content management system to address some of the shortcomings found in other available systems. Until now I've been charging for it to earn back some of the cost of development time, but I've come to believe that it would be more beneficial to me (and certainly to anyone who wishes to use it) if I were to release it under the GPL. I potentially gain assistance in development and others get to use the software for free.

With that in mind, I have done just that. It is now available on github at:
https://github.com/Tarential/Saint-CMS

I also have a website for the software set up (saintcms.com) and a demo site running the latest beta which I'm hoping someone might help test for me:
http://demo.saintcms.com/login
Username: demo
Password: demo

Here is my confirmation file for testing:
http://demo.saintcms.com/phpfreaks.txt

I am looking for both security and bug testing if anyone would be so kind as to provide either. In addition, I would welcome anyone who is interested in helping further the development of this CMS. It is based around a generic block system that allows customization of repeating content types and has a modified MVC architecture similar to Magento. The administrative interface is inline for user friendly editing. Feel free to have a look around and contact me with any questions (either reply here, pm me or e-mail me via the contact form on my site).

Thank you all for your time,
Preston St. Pierre

I am working on the v2.0 rewrite of my game and I even created a whole microframework for it so that I can quickly get it done. Right now however I am needing more testers because I am looking to get some good reliable feedback since the present players on the main server are too few to give me a wide range of feedback on it. The framework I created is at http://github.com/de...an-Moon-Engine/ if you want to check it out, released under BSD license.

The link to the application in question is: http://testing.ultim...tle-online.com/ and below is my phpfreaks.txt

http://testing.ultimate-battle-online.com/phpfreaks.txt

Hey guys -

awjudd and I finished up round one of our URL shortener and are looking for feedback / testers. Right now it is pretty basic, but that's pretty much the goal for the site: minimalistic.

The site: lnked.me

Current features:

• Shortens URLs!

Upcoming features:

• User accounts (view your previous shortened URLs)
• API for widgets / browser extensions
• Analytics on your URLs (how many people viewed, where are they from, etc.)

Please help, this site keeps getting hacked, I have escaped all my sql input, as well as applying intval() to almost all input variable, I have hit a brick wall, I can always use PDO, but that would be a monumental task, and it may be something simple that I am missing.

link to my verifying txt file : http://www.apdec.org.za/phpfreaks.txt

link to the site : http://www.apdec.org.za/

specifically I have been hacked on the branch names and page content.


I have a full backup of code as well as the database.

I would really appreciate any help.

thanks
Craig

What this board is for

If you have some code you are wanting people to debug, or a website you are working on that you want people to 'beta test,' post the code/link here.

The idea of this forum is that you have finished your code, and now you wish for people to test it for weak spots, logic problems, etc.. While you can of course expect feedback from your testers, if you need more help fixing your code, use the Help forums. This forum is for testing and testing feedback ONLY.

This is NOT a "rate my script/site" forum. Please go to the critique forum for that. Try to give a good description of what your code is supposed to be doing.  We can do little more than find syntax errors if we don't know what it's supposed to be doing.


Your topic doesn't show?

All new topics are moderated, meaning that they will not show up until a staff member approves it. Read the rules for posting in this forum and follow the directions.


Some advice to be cautious

Be very careful on what kind of info you post, especially when it comes to posting links to your site.  Posts of this nature are often times aliases of "please try to hack my site and tell me if you do, and how, so I can fix it."  We cannot and will not be held liable for any kind of damage or loss that results from you posting any of your stuff here (or anywhere else on the site, for that matter).  Not everybody out there is honest. Someone out there may read your post, go to your script, find a security hole and exploit it without telling you, all the while giving you the thumbs up.


Rules Regarding "Exploit Scanners"

Use of exploit scanners can be an effective way to discover exploits on a website, so we have no intention of banning posting scanner results. But these scanners can also return bogus results.

Secondly: Give a man a fish and you feed him for a day. Teach a man to fish and you feed him for a lifetime.

As of now, posting scanner results is only allowed under the following conditions:

1) You must share the name and how to get the scanner
2) You absolutely MUST explain every item in the result (why is this a risk, not just because the scanner says so)

As with all forum rules, ignoring these could lead to moderation action. Ignorance of these rules is not a defense.

Thank you for your cooperation.

I'd pay money to see HoF in a university level course.  His mind would be blown.

Kevin, only a university graduate would be so confident they knew everything.

A little off topic, but if you are using this code to learn OOP, don't. All those code will teach you is bad coding practices.

Even at a glance there is some glaringly obvious poor design / coding decisions being made. Public properties, global variables and static methods everywhere. Forget you ever found this code.

@Rahorku,

When she stated the WE don't approve of that sort of thing, she was replying as a badged member of this forum. And since we don't help people break the terms of service of other sites, this thread is locked....

Troll say you.  Bot say I.  Either neither both.  Artificial experiment lacking senses, coherence pointfulness.   Complete idiots, you must think that we are.  Our friendliness and tolerance should be confused with weakness not.

Crush you if you continue to play these silly games, we will.  With pranking some other community seek the path of enlightenment that comes, or better yet, of a life if you must get some semblance.

Seeing as you have this wonderful section here, I was hoping that I could get some knowledgeable people to help me look over a DBA layer class I've been working on?
I'm looking for feedback on all aspects of it, and all constructive criticism would be highly appreciated. Whether it be negative or positive. So please don't be shy about commenting, as long as you can explain your position.

In case it's not obvious it's meant as a fully interchangeable class for interfacing against a multitude of DBMS, without having to change anything other than the name of the file included. It doesn't, obviously, support all of the features. Nor will it ever do, but it should support the most used ones. If I've missed some, please let me know as well as why you think it's a necessary inclusion.

You can find the class here: http://pastebin.com/tJYNiBKE
And some examples on how it can be used: http://pastebin.com/aygrZJTa

It exists primarily because of 4 reasons, in order:

• I wanted to learn more about DBA, and what it takes to write a good class for it.
• Other classes I've looked at didn't give me what I really wanted, either due to lack of features, too high usage complexity, not being DBA but DAA classes and so forth.
• I had an old attempt, that didn't work as an abstraction layer for anything but the most simple of queries, and wanted to improve it.
• And a little bit of "because I could."

I also got asked "why not PDO, as it gives you the same".
First and foremost it's because PDO isn't a DBA (database abstraction) class, but a DAA (data-access abstraction) class. They even mention it in the intro for PDO. So, it does not give me the same.
There are a few other things that I don't like about PDO as well, such as the throwing of exceptions for everything (I blame MSStrings for my hate of this), the connection string and a few other caveats. Arguably most of these caveats I have are personal preference, I have to admit. Still, that doesn't change the fact that PDO isn't a DBA layer.

PS: If anyone wants to use it for their own projects, the license is stated in the PHPdoc header for the class. Should anyone, for any reason, want to use it in a commercial project please let me know. I'm sure we can come to an agreement.

PPS: I posted this on TheDailyWTF forum as well, though the response was rather lacklustre unfortunately.

Hi All,

I am coming to the end of the development on one of my sites and would like help testing for vulnerabilities. I have ran the site through Acunetix web scanner which has helped me rid the site of some issues. However this has only tackled XSS issues as it is the free version.

Would anyone be kind enough to help me test this?

I haven't posted the url as I don't really want it in the public domain just yet however if you can help me test then I will send you the URL in a PM.

[EDIT] I have proved I am the site owner to admin via reporting my message with the link in the body of the comment.

Many thanks.

Greens85

I am needing testing of the website's vulnerabilities.

PLEASE NOTE: I have VERY VERY little experience to secure websites. Which is why I would like to do this.

If you find a security vulnerability, could you let me know and  also mention how to fix it as well. I will be doing research for it, but I would still like user input.

Also, this website is completely clean and only has certain data on it. Also, please feel free to use anything at your fingertips. You will not be able to crash anything of my personal property. 

Thank you very much.
Best Regards and have fun trashing my site

URL: http://projecta.ulmb.com
URL to required text file: http://projecta.ulmb.com/test.txt

Again I would like to thank anyone who helps me secure the site by your input!