Twister1004

My assumption, is on your while loop, you have no curly braces. When a if / else statement runs, it will only read the next line, and disband the others as if it doesnt exist. //this will work! while($i < 10){ return $i; i++ } //This one will be an infinate Loop!! D= while($i < 10) return $i; i++ as you notice, the first one has curly braces. But the second one does not. It will be an infinate loop. BECAUSE without curly braces it will only return the next statement. However, everything inside the curly braces will be executed as part of that statement. So techinally your code is only checked to see if those variables actually match. That's just about it.

This fixed my problem. Now I need to read about BOM >_<. Thank you very much!

I have looked at the source code with and without, and there is no difference. There is not an error, or any difference in code within the output.

Hey guys! Well this is actually kind of a weird problem I have been having, and not too sure why I'm getting this problem. I've tried a lot of stuff, and it doesnt seem like I've been able to find a solution. I've been trying for about a month. Anyways, I have a website created with some OOP. Well, once I write an include statement to include a file, which then includes all my classes, it messes up my font, moves my website content down, and well.. it just does weird stuff. However, once I comment the include out, the website looks normal again. so basically, I can comment out the file itself and everything is just fine. But it only happens when I include my class files. Any ideas or suggestions would be amazing! Thank you!

So basically if Magic quotes is on, I do NOT need to run mysql_real_escape_string? Would it be better to keep using Magic_quotes or just turn it off?

I am using stripslashes() upon output. However there seems to be an extra slash that it is not removing. htmlspecialchars() will not fix this issue. It is more than likely due to what Pikachu2000 has said. As far as I am aware, I am not using magic_quotes_gpc(). I am using mysql_real_escape_string(). I also just found out, I am using it more than once as well. So I will be spending my time formatting the site again with my functions.

Why? If they have to wait for an email confirmation, say that, don't just say wait one minute. If there is some other reason for the wait, it sounds like something you need to fix, not just ask people to wait. When posting comments, you seem to have some issues with slashes. I posted the comment: And what got posted was: (or as the html) You are still vulnerable to XSS attacks in your comment area, see the comment here, from batest. Click the link asdf If I try and use the password recovery page, it tells me the birthday is invalid, even though I am entering the one i used on the registration page. I also noticed some more security vulnerabilities, and fixed them in the process as well. The registration suggestions and issues, I have fixed. Although I'm not sure why it accepted someone at 2000, I tried and it only allowed 1999 or older. The comments, I will fix in time. I'm not sure exactly why its doing that. It shouldn't be adding that many slashes. However, I'll fix it once I can figure out the cause. I will have to read more on XSS attacks then... I really appreciate your help, I really do!

The Webserver is set up finally! The address is: http://artistbeginnings.com There is also NO ADS... yet anyways. I just went through all of the items you mentioned, and I have fixed them from as far as I can tell. If you find anymore errors at all, please let me know. Thank you again for testing the website!

Full Path Disclosure: http://projecta.ulmb.com/news.php?NUID[] I have fixed those problems, so those problems should be fixed =)! Thank you for testing the website for me! Also, for the pop-ups, I have no control about that. The web server I am using automatically pops those up. I'm buying a web server in a day or so.

I am needing testing of the website's vulnerabilities. PLEASE NOTE: I have VERY VERY little experience to secure websites. Which is why I would like to do this. If you find a security vulnerability, could you let me know and also mention how to fix it as well. I will be doing research for it, but I would still like user input. Also, this website is completely clean and only has certain data on it. Also, please feel free to use anything at your fingertips. You will not be able to crash anything of my personal property. Thank you very much. Best Regards and have fun trashing my site URL: http://projecta.ulmb.com URL to required text file: http://projecta.ulmb.com/test.txt Again I would like to thank anyone who helps me secure the site by your input!

HI everyone! So basically I have this class called Login and another class classed Reports. They both extend a main class called OOP. I'm trying to get classes now and in the future, when I add on, to access that class so that way I dont have to create a new object everytime I need to do that. Plus I know I dont want to rely on calling another class inside of one class. Here is an example The Super Class class OOP{ public function Login($pointer){ $Login->{$pointer}(); } public function Reports($pointer){ $Reports->{$pointer}() } } Login Class class Login extends OOP{ public function userLogin($user, $pass){ //Login code here //if error occurs, send it to Reports super::Reports(Error()); } } Reports Class class Reports extends OOP{ public function Error(){ //Send an error here } } Here is how I think I would call the class if a user was to login. $OOP = new OOP(); $OOP->Login(userLogin($user, $pass)); So now when I need to call any class I should be able to, correct? If you are confused about the top, then think of it this way: I am trying to create a class to where I can call or reference to ANY object now or in the future so I can add on and call that class from another class. Thank you for any help.

Ahh ok! That makes sense! Thank you very much!

I understand that OOP isnt the problem, I'm still learning how to use it correctly. However, it is still declaired inside the main file that is included. So isn't still declaired?

Hey everyone! I'm starting to rewrite my code for my website and I'm understanding OOP more and more (since I had a class on it), however, I just can't seem to figure out what is going wrong with the code and my login script as to why it is not running my object, when its been declaired. Here are the required parts of the files that is required for this OOP code im working on. Login Function (Not writen in OOP yet) File: functions.php function userLogin($username, $pass){ $checkUser = mysql_query("SELECT * FROM `accounts` WHERE `username` = '".$username."' LIMIT 1"); if(mysql_num_rows($checkUser) == 1){ while($User = mysql_fetch_array($checkUser)){ if(hash('sha512', $pass) == $User['password']){ if(!@$_SESSION['id']){ //More Dynamic way other than SESSIONS are needed for updated accounts //Add security to banned accounts $_SESSION['id'] = $User['user_id']; $_SESSION['user'] = $User['username']; $_SESSION['permission'] = $User['clearence']; $_SESSION['isArtist'] = $User['isArtist']; $_SESSION['artistType'] = $User['artistType']; $_SESSION['lastlogin'] = $User['lastlogin']; $_SESSION['loginTime'] = time(); $_SESSION['artistTypeName'] = artistType($_SESSION['artistType']); $updateIP = mysql_query("UPDATE `accouns` SET `lastip` = '".$_SERVER['REMOTE_ADDR']."' WHERE `user_id` = '".$_SESSION['id']."'"); //This is a SQL error by the wrong table and it is purposefully done for testing my OOP Code. $updateLogin = mysql_query("UPDATE `accounts` SET `lastlogin` = '".time()."' WHERE `user_id` = '".$_SESSION['id']."' LIMIT 1"); if(!$updateIP){ $reports->Error("Failure to update IP in login: ".mysql_error(), $_SERVER['REQUEST_URI']); // ~~~~~~~~~~~~~~~~~ THIS IS LINE 24 ~~~~~~~~~~~~~~~~~ logout(0); die(); } if(!$updateLogin){ sendError(mysql_error(), $_SERVER['REQUEST_URI']); logout(0); } echo "<meta http-equiv=\"refresh\" content=0; url=\"\"/>"; } else break; } else{ echo "<font color='red'>Username or Password is incorrect.</font>"; } } } else{ echo "<font color='red'>Username or Password is incorrect.</font>"; } } File: includes.php include("./inc/classes/reports.php"); include("./inc/database.php"); include("./inc/functions.php"); include("./inc/artclass.php"); //include("./inc/classes/loginsystem.php"); //$login = new Login(time()); $reports = new Reports(); File:Reports.php <?php class Reports{ public function Error($error, $page){ $error = mysql_real_escape_string($error); $page = mysql_real_escape_string($page); $sendError = mysql_query("INSERT INTO `errors` (errorCode, page, date) VALUES ('".$error."', '".$page."', '".time()."')"); //date("F m, Y -- h:i:s") if(!$sendError){ $this->Message(0); } else{ $this->Message(2); } } public function Report(){ } public function Query($Table, $Comment, $Page, $Date){ // NOT inplemented } private function Message($number){ switch($number){ case 0: echo "There was an error reporting an issue. Please alert us by <a href='contact.php'>contacting us</a>."; break; case 1: echo "There was an error sending a report. Please use the <a href='contact.php'>contact us</a> and let us know!"; break; case 2: echo "There was an error. Please wait about 30 minutes to retry your request.<br/><br/> We apologize for the inconvience."; break; } } } ?> The Error: Notice: Undefined variable: reports in functions.php on line 23 Fatal error: Call to a member function Error() on a non-object in functions.php on line 23 Any help would be very much appreciated!

Your statement is not going to work. It will put inside the database '$thisvariable'. But even then, it wont do that and return an error. Your Statement: $query_rsGetOrderDetails = "SELECT * FROM hd_order WHERE order_by = '$usernameLoggedin' ORDER BY order_id DESC LIMIT 3" Fixed Statement $query_rsGetOrderDetails = "SELECT * FROM hd_order WHERE order_by = '{$usernameLoggedin}' ORDER BY order_id DESC LIMIT 3" However as SergeiSS said, you have to use the mysql_query function for it to run.