Philip
Staff Alumni-
Posts
4,665 -
Joined
-
Last visited
-
Days Won
20
Everything posted by Philip
-
Well, actually, I know a lot about your server. http://tzfiles.com/users/demo/phpinfo.php I was successfully able to view your directory and what files you had. I have a lot of suggestions for you. #1. Put your important files (like the db.php) BELOW the /public_html/ area. This will only allow the server to execute that file, and not somebody from an outside source. #2. Please do something about the PHP issue. Looking at your other thread, I thought you figured out the CHMOD issue. However, I was still able to upload a PHP file and execute it. See #3 and #4 for suggestions: #3 When uploading a PHP file, rename the file to like .phps (as long as you keep it that way in the PHP settings) #4 With [b]ANY[/b] executable file, have the server zip the file. Link: http://us2.php.net/manual/en/ref.zip.php Hopefully, one of these solutions will work out for you. Right now, you have a really big security hole you need to plug. I would recommend playing around with these options, or if you don't have the time right now, you should disable uploading executable files (.php .js .exe etc..)
-
Well, on line 70 you're telling it to redirect to the login page for facebook in the function do_connect. Then your calling it in "$t->doConnect();" [code]// ##### CHECK FOR USER LOGGED IN ##### if (empty($_COOKIE['facebook_session_key'])) { // ##### REQUIRE LOGIN ##### header('Location: http://api.facebook.com/login.php?api_key=' . $this->config['api_key'] . '&next=' . $this->config['next']); } // End IF[/code] I could be wrong, but I think that's where you're going wrong. I'm no expert in classes though.
-
Taken from the code above (with debugging.) The problem was a semicolon (;) inside the " [code]<?php $conn = mysql_connect("localhost", "brandi", "bc5106") or die($msg_no_connect); mysql_select_db("movies") or die(mysql_error()); $sql = "SELECT * FROM dvd WHERE title = '".$_POST['title']"'"; $res = mysql_query($sql) or die($sql."<br><br>".mysql_error()); if (mysql_num_rows($res)) { echo "This movie already exists."; } else { $sql = "INSERT INTO dvd (title, description, category) VALUES ($_POST['title'], $_POST['description'], $_POST['category']"; $res = mysql_query($sql) of die($sql."<br><br>".mysql_error()); if (mysql_affected_rows($res) > 0) { echo "Your movie was successfully added."; } else { echo "The insert failed."; } } ?>[/code]
-
Try this: [code]<?php include('styles/default/header.tpl'); include('styles/default/navigation.tpl'); require_once('config.php'); //initilize PHP if(isset($_POST['submit'])) { $username = $_POST['username']; $email = $_POST['email']; $content = addslashes($_POST['content']); $query = mysql_query("INSERT INTO `support` (`username`, `email`, `content`) VALUES ('".$username."', '".$email."', '".$content."')") or die(mysql_error()); if($query) { echo "Thank you for your submission. A support representative will help you shortly."; } else { echo "Problem adding submission."; } } else { ?> <td class="content"><form action="support.php" method="POST"> <table align="center" cellspacing="1" cellpadding="1" border="0"> <tr> <td align="center" colspan="2">Submit a Support Request</td> </tr><tr> <td align="right">Your Username:</td> <td align="left"><input type="text" name="username" size="30"> </tr><tr> <td align="right">Email Address:</td> <td align="left"><input type="text" name="email" size="30"> </tr><tr> <td align="right">What are you having trouble with?</td> <td align="left"><textarea name="content" cols="25" rows="5"></textarea></td> </tr><tr> <td align="center" colspan="2"><input type="submit" name="submit" value="submit"></td> </tr> </table> </form></td> <?php } include('styles/default/footer.tpl'); ?>[/code] I added a few things to it, but the reason it wasn't working was because you didn't have a name="submit" on the submit button. Then when you hit submit, your PHP was looking for an input with the name "submit"
-
I don't know if this will work or not: #flashpage{ position: relative; width:100%; text-align: center; z-index:7; } You weren't giving the absolute any values, so it may not have known where to go. I'm probably about as good as you are in CSS :P
-
Okay, and also, you might want to put something saying there is a 8MB file size limit (or change it in the php settings ;))
-
Look at http://www.tizag.com/mysqlTutorial/mysqlinsert.php for more info. You aren't telling it where to send the values to.
-
Problem with backslash before every " and '...Help
Philip replied to itsureboy's topic in PHP Coding Help
the php page: <?php echo stripslashes($_POST['mytextarea']); ?> -
You could do this with Javascript... http://www.echoecho.com/toolpopupgenerator.htm
-
if($trans == 'trans') Wouldn't the $trans be a number?
-
You have a space between <? and php
-
If you're not logged in and you try to visit the page to resize an image... (if you know the image #) [quote]Warning: getimagesize(users//killspiders.gif) [function.getimagesize]: failed to open stream: No such file or directory in /home/.marble/ryannaddy/tzfiles.com/resize.php on line 29 Warning: getimagesize(users//killspiders.gif) [function.getimagesize]: failed to open stream: No such file or directory in /home/.marble/ryannaddy/tzfiles.com/resize.php on line 49 Warning: imagecreatetruecolor() [function.imagecreatetruecolor]: Invalid image dimensions in /home/.marble/ryannaddy/tzfiles.com/resize.php on line 54 Warning: imagecreatefromgif(users//killspiders.gif) [function.imagecreatefromgif]: failed to open stream: No such file or directory in /home/.marble/ryannaddy/tzfiles.com/resize.php on line 59 Warning: imagecopyresized(): supplied argument is not a valid Image resource in /home/.marble/ryannaddy/tzfiles.com/resize.php on line 66 Warning: imagegif(): supplied argument is not a valid Image resource in /home/.marble/ryannaddy/tzfiles.com/resize.php on line 72[/quote] If you leave out the image # (logged in or out): [quote]Warning: getimagesize() [function.getimagesize]: Read error! in /home/.marble/ryannaddy/tzfiles.com/resize.php on line 29 Warning: getimagesize() [function.getimagesize]: Read error! in /home/.marble/ryannaddy/tzfiles.com/resize.php on line 49 Warning: imagecreatetruecolor() [function.imagecreatetruecolor]: Invalid image dimensions in /home/.marble/ryannaddy/tzfiles.com/resize.php on line 54 Warning: imagecopyresized(): supplied argument is not a valid Image resource in /home/.marble/ryannaddy/tzfiles.com/resize.php on line 66[/quote] You shouldn't allow .exe or .php files. Example of why not: http://tzfiles.com/users/demo/phpinfo.php (need me to explain more, please feel free to ask why this is a big security issue) .EXE files can contain viruses. It is okay to not let users upload these things. Let them know they can .zip them or whatever.
-
Error: missing ) after argument list Source File: http://www.runnerselite.com/ Line: 127, Column: 15 Source Code: foreach(images as image) image.style.width=image.width; The login position is messed up in FF2.0
-
Well, I means as webmasters ;) You know there will be many many people that use Outlook still. I mean, look how many still cling to IE (not that it is a bad thing.) People just don't like change.
-
I do agree that some websites go a little too far with their newsletters... but MS is going a little too far with this. Getting rid of background images is perfectly okay with me. Color support.... I would prefer to keep that, I mean, it's not going to make the email load THAT much slower. I also think you should be able to do CSS, to keep things organized. Oh well. Nothing we can do about. =(
-
Trying to login, don't know password: [quote]Warning: mysql_connect(): Access denied for user 'jvrothjr_revcon'@'64.69.39.75' (using password: YES) in /home/www/rcchjr.awardspace.com/revisioncontrol.php on line 109[/quote] Admin page after trying to login: [quote]Warning: mysql_connect(): Access denied for user 'jvrothjr_revcon'@'64.69.39.75' (using password: NO) in /home/www/rcchjr.awardspace.com/revisioncontrol.php on line 85 Invalid Password Please try again[/quote] (Thats on the demo)
-
Sorry, was looking password, not username. *smacks head* I agree with AXiSS on the types of photo (if you use any)
-
Yeah, the pictures are nice for a family website... but not file hosting. Agreed with the red underline. Also, on your registration, you still need to check to see if it fits the criteria before searching to see if the username exists. Ex: I put in "king" and it said "that name is available.. blah blah...." It would be nice to have something to see if it fits the criteria, so when they click on "check name" that it would tell them.
-
you can't after 2 minutes of posting ;) Sony VAIO VGN-UX280P 4.5" Notebook PC <- I would prefer that over the iPhone.. but I do admit the iPhone is sexy.
-
But you can't do it with just [b]one[/b] search, you have to do at least 2.
-
Thanks =) That list will be updated when needed, correct?
-
Yeah, it's pretty much what i've done before.
-
@steel: that list shows, admins - then forum helpers... its just alpha by position, which shows everyone @neylitalo: i dunno, its just nice to be able to see who is on the staff... I know IPB has this option, which is nice
-
Hi, I would like to see a "Staff List", where you can easily view all admins and moderators. The search function for normal members really sucks compared to the adminCP one, and it makes it difficult to get all of the admins/mods at the same time. Thanks, KingPhilip
-
I noticed the modify button is missing... you can delete line 8, array_keys