condoravenue

I have one slideshow that goes through images only: <!doctype HTML> <html> <head> <style> .fadein { position:relative; height:332px; width:500px; top: 140px; margin: auto;} .fadein img { position:absolute; left:0; top:0; height:332px; width:500px; } </style> <script src="http://ajax.googleapis.com/ajax/libs/jquery/1/jquery.min.js"></script> <script> delay = 1500; $(function(){$('.fadein img').hide(); $('.fadein :first-child').fadeIn(function(){slide_show();});}); function slide_show(){ $('.fadein :first-child').delay(delay).fadeOut().appendTo('.fadein'); $('.fadein :nth-child(1)').delay(delay).fadeIn(function () {slide_show();}); } </script> </head> <body> <div class="fadein"> <img src="http://farm3.static.flickr.com/2610/4148988872_990b6da667.jpg"> <img src="http://farm3.static.flickr.com/2597/4121218611_040cd7b3f2.jpg"> <img src="http://farm3.static.flickr.com/2531/4121218751_ac8bf49d5d.jpg"> </div> </body> </html> But I tried to make it work with div's instead of images: <!doctype HTML> <html> <head> <style> .fadein { position:relative; height:332px; width:800px; top: 140px; margin: auto;} .fadein div { position:absolute; left:0; top:0; height:332px; width:800px; text-align: right; background-repeat: no-repeat;} </style> <script src="http://ajax.googleapis.com/ajax/libs/jquery/1/jquery.min.js"></script> <script> delay = 2500; $(function(){$('.fadein div').hide(); $('.fadein :first-child').fadeIn(function(){slide_show();});}); function slide_show(){ $('.fadein :first-child').delay(delay).fadeOut().appendTo('.fadein'); $('.fadein :nth-child(1)').delay(delay).fadeIn(function () {slide_show();}); } </script> </head> <body> <div class="fadein"> <div class = "slide" style = "background-image: url('http://farm3.static.flickr.com/2610/4148988872_990b6da667.jpg');"><h1>One Heading</h1><p>some extra text.</p></div> <div class = "slide" style = "background-image: url('http://farm3.static.flickr.com/2597/4121218611_040cd7b3f2.jpg');"><h1>Two Heading</h1></div> <div class = "slide" style = "background-image: url('http://farm3.static.flickr.com/2531/4121218751_ac8bf49d5d.jpg');"><h1>Three Heading</h1></div> </div> </body> </html> This second code doesn't work. It works without the <h1> tags in each div. How can I make this work? Thanks

Hello, I would like prevent people from viewing my source code. I want to show my clients their website before they purchase it, but I don't want them to be able to steal when I show it to them. I searched on the internet and found several sites that use javascript to "encrypt" the code like this: <script language='javascript'> document.write(unescape('%3C%69%6D%67%20%73%72%63%20%3D%20%22%69%6D%61%67%65%73%2F%69%6C%6C%75%73%74%72%61%74%69%6F%6E%2E%6A%70%67%22%20%61%6C%74%20%3D%20%22%22%20%73%74%79%6C%65%20%3D%20%22%20%68%65%69%67%68%74%3A%20%32%37%32%70%78%3B%20%66%6C%6F%61%74%3A%20%72%69%67%68%74%3B%20%77%69%64%74%68%3A%20%33%30%35%')); </Script> But can't someone just reverse the unescape function and get the code? If they can't do that, they could still use the code above and it would work. Is there a better way to hide source files?

Site to critique: http://bible-help.com Verification: http://bible-help.com/phpfreaks.txt This site is like a small forum. People post questions, and other users answer them. I want feedback in the following areas: 1. Does everything work? 2. What is the biggest security problem? 3. What can I do to make it more user friendly or easier to use? 4. What can I do to improve the design of the site and make it look better? 5. Anything else you can think of. Thanks

Please test the text formatting buttons in Internet Explorer (any version?). For example. when you click on the 'B' button, and should appear around your selected text. It works great in Chrome, Firefox, Safari, and Opera. http://bible-help.com/test.php I have no access to a Windows computer these days and can't tell if this works in IE. I tried a version of IE for mac, but it was worthless and outdated. Not even Google worked on it. Thanks for your help.

I want to allow a user to upload a profile picture on my site. The code below works. $username = mysql_real_escape_string($_SESSION['username']); $path = "../profile_pictures/".$username.".jpg"; $file_name = $HTTP_POST_FILES['uploadedfile']['tmp_name']; copy($file_name, $path); I would like to add some code in to allow the user to choose gif's and png's from their computer, and convert it to jpg. I read on somewhere something about needing GD installed. I don't know what that is or if it is installed or not. If you need to know, the site is at bible-help.com. Thanks for your help.

http://tinyurl.com/2fqbcgp proof of ownership: http://www.snow-report.us/somename/phpfreaks.txt

Hello, I have recently discovered that you can make sitewide content using the php function get_file_contents(), if you put html code in a separate file. My site's header, navigation, and footer all use this function. This makes changing the layout of your site about 50 times faster, since you only have to edit a couple of files, rather than every single page. Look at my example. The code for each page will look like this, so that I only have to edit the content. <?php $file = file_get_contents ("header_and_navigation.php"); echo $file;?> <p>Content goes here.</p> <?php $file = file_get_contents ("footer.php"); echo $file;?> header_and_navigation.php may look like this: <html> <head> <title>title</title> </head> <body> <div class = "header"><h1>Title</h1></div> <div class = "navigation"><a href = "home.php>home</a><a href = "about.php>about</a></div> while footer.php may look like this: <div class = "footer"><a href = "contact.php>contact</a><a href = "terms.php>terms</a></div> </body> </html> I thought of this on my own. No one ever suggested I do it this way. This leads me to believe that there must be a downside to it. What do you guys think of it?

I moved the site to http://breckenridge-snow-report.com/somename. I looked through Daniel's PHP Security tutorial, but it was a little bit too advanced for me. Is my site protected from SQL injections? When errors are encountered, a new error_log file (permissions: 0400) pops up in my directory. Does my site report errors in a safe way? I switched over to using sessions rather than cookies. Here is how I did it. If login was successfull: session_start(); $_SESSION['username']= $username; Then, at the top of each page, I put something like this to check if user is logged in: session_start(); if(isset($_SESSION['username'])){header("location: index.php");} Is there any problems with this way of doing it? So 3 questions: 1. Safe from sql injections? 2. Safe error reporting? 3. Safe use of sessions? Thanks for your help.

I made some changes. I tried to implement the mysql_real_escape_string() function for every everiable that ever goes into a query. I do not know if I did it right. Here is the code for the file that validates the info after someone creates an account. <?php $con = mysql_connect("localhost","name","**********"); mysql_select_db("brecke5_people", $con); $passkey=mysql_real_escape_string($_GET['passkey']); $result = mysql_query("SELECT * FROM temp WHERE code='$passkey'"); $keyfound = "false"; while($row = mysql_fetch_array($result)) { $username = mysql_real_escape_string($row['username']); $email = mysql_real_escape_string($row['email']); $password = mysql_real_escape_string($row['password']); $keyfound = "true"; } if ($keyfound == "true") { mysql_query("INSERT INTO perm (username, email, password) VALUES ('$username', '$email', '$password')");} mysql_query("DELETE FROM temp WHERE code='$passkey'"); mysql_close($con); ?> I noticed that both $_POST[somevariable] and $_POST['somevariable'] work in most (all?) cases. Is there any reason I should be consistent? Let me know if you find other security problems.

Proof of ownership: http://breckenridge-snow-report.com/test3/phpfreaks.txt. My site: http://breckenridge-snow-report.com/test3/ Right now, I just want to know if there are any security problems with this site. It's not user friendly at the moment, but I think everything works. I am aware that there are some valid emails (^{.%@gmail.com) that won't get validated the way I coded it, but I could care less about that cause no one has that sort of email. Can people hack in and get other people's usernames and passwords? Can robots create fake profiles? Do you see any other problems? I couldn't get sessions to work. That's supposed to be easy, but I couldn't figure it out and used cookies instead. Which should I use for this site, cookies or sessions? Here is the code for the file that validates the info after someone creates an account. <?php $con = mysql_connect("localhost","brecke5","********"); mysql_select_db("brecke5_people", $con); $pword = $_POST[password]; $cpword = $_POST[cpassword]; $phashed = sha1($pword); $code = sha1(uniqid(rand())); $username = $_POST[username]; $email = $_POST[email]; $dob = $_POST[dobMonth] . "/" . $_POST[dobDay] . "/" . $_POST[dobYear]; //Check username availability $result = mysql_query("SELECT * FROM perm WHERE username='$username'"); while($row = mysql_fetch_array($result)) { die("The username you have chosen is not available."); } //Check for duplicate email $result = mysql_query("SELECT * FROM perm WHERE email='$email'"); while($row = mysql_fetch_array($result)) { die("You already have an account with this email."); } //validate if (strlen($pword) < {die ("Password too short.");} if ($pword != $cpword) {die ("Passwords didn't match.". $pword . $cpword);} if (strlen($username) < 6) {die ("Username too short.");} if (strlen($username) > 20) {die ("Username too long.");} if ($_POST[dobMonth] == "" || $_POST[dobDay] == "" || $_POST[dobYear] == "") {die ("Date of birth invalid.");} if ($email == "") {die ("Email invalid.");} if (strlen($email) > 40) {die ("Email too long (> 40).");} if (!eregi("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$", $email)) {die ("Email invalid.");} mysql_query("INSERT INTO temp (code, username, email, password, dob) VALUES ('$code', '$username', '$email', '$phashed', '$dob')"); mysql_close($con); $to = $email; $subject = "Sing Up"; $message = "Please visit the following link to confirm your account: http://breckenridge-snow-report.com/test3/confirm.php?passkey=$code"; $from = "My Site"; $headers = "From: $from"; mail($to,$subject,$message,$headers); echo "Please check your email to confirm your account."; ?> Here is the code for the page that validates when the user tries to change password. <?php if(!isset($_COOKIE['username'])) {header("location: login.php");} $npword = $_POST["new"]; $npword2 = $_POST["new2"]; $nphashed = sha1($npword); $cpword = $_POST["current"]; $cphashed = sha1($cpword); $username = $_COOKIE['username']; $con = mysql_connect("localhost","brecke5","********"); mysql_select_db("brecke5_people", $con); $result = mysql_query("SELECT * FROM perm WHERE username='$username'"); while($row = mysql_fetch_array($result)) {$current = $row['password'];} //validate if ($current != $cphashed) {die("Invalid old password.");} if ($npword != $npword2) {die ("New passwords did not match.");} if (strlen($npword) < {die ("New password too short.");} mysql_query("UPDATE perm SET password = '$nphashed' WHERE username = '$username'"); mysql_close($con); ?> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html> <head> <title>Password Changed</title> <meta http-equiv="Content-Type" content="text/html; charset=utf-8;"> </head> <body> <p>Your password has successfully been changed.<br><a href = "myaccount.php">My Account</a></p> </body> </html> If you need to see other code, let me know. Thanks for all the help.

- accident. - will do. - sorry I didn't know this. I will fix a few things, and post with some of my code too when I'm finished. Thanks for your guys' help.

I did use sha1 for the passwords. Can you guys even see my php code? Do I neet to post it in here? another thing: On the myaccount.php page, there are two options that alter account info: change password and delete account. Is there any way an unauthorized person/robot could do this?

"I didn't check most of the stuff, except it accepted literally anything for an email address" I did not put an email validator in yet. I am currently primarily concerned with how secure is private data people give me. There are several other validations in there. the 2 passwords have to be the same. The username has to be a certain length, and password has to be >= 8 in length. It checks username availability too. I can add something simple to check the validity of email too. So my concerns are: 1. Could a spammer get into the all the emails? 2. Could someone figure out a user's username and password? 3. If the password field was instead credit card info, would it be safe too? The fourth is slightly less important. 4. Could robots or something find a way to create fake accounts on this?

http://breckenridge-snow-report.com/test2 I am new to php and mySQL. This site doesn't have a purpose yet; it only creates an account and lets you manage it. I have a few questions. 1. Could a spammer get into the all the emails? 2. Could someone figure out a user's username and password? 3. If the password field was instead credit card info, would it be safe too? 4. Could robots or something find a way to create fake accounts on this? If you think that it is 0% secure and there are hundreds of problems... see this simpler version, and critique it: http://breckenridge-snow-report.com/test Thanks for the help.