Jump to content

deathadder

Members
  • Posts

    83
  • Joined

  • Last visited

  • Days Won

    2

Everything posted by deathadder

  1. hi, i am working on a website builder project and i was wondering if you guys could test it for vulnrabilities i am fairly new to php, but as far as i can see the code is valid, and secure, i have only added basic sql injection protection so hope you can help proof i own the website: http://generalprogramming.org/freak.txt http://generalprogramming.org is website
  2. hold on ill upload it to a site and give u link so u can see webdesign.nazuka.net username: text password: test
  3. to do this with a fieldset you can just add <fieldset><legend>text/image</legend> content inside border </fieldset> to do this with a div you could put the image inside a a couple containers eg <div id="content"><div id="image"></div> </div> and set the id of image to float right and maybe set some margins to go negative, this probably isn't the best method but it should work
  4. or you could of fixed a simple typo
  5. you should supply a image, also instead of closing the table tag everytime you end the <tr> tag do this for example <table> <tr> <td></td> </tr> <tr> <td></td> </tr> </table> instead of closing the tags, i doubt it will do anything but its worth a try, try using multiple <br />'s might work
  6. thanks the reset workes but the bbcode doesn't here is my has_access function function has_access($user_id, $type) { $user_id = (int)$user_id; $type = (int)$type; return (mysql_result(mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `user_id` = $user_id AND `type` = $type"), 0) == 1) ? true : false; } the reset works fine but the actual BBCode function i have isn't working here is my post.php file include 'core/init.php'; if(isset($user_data['first_name'])){ $text = $_POST['text']; $fp = fopen("log.php", 'a'); $input = '('.date('g:i A').') <b><a href="'. $user_data['username'] .'" target="_blank">'.$username.'</a></b>: '.$text.'<br>'; fwrite($fp, ' ' . BBCode($input) . ' '); fclose($fp); } i dont understand it, [reset] is in the BBCode bit and yet it works when the bbcode doesn't also it would be helpful if you could find a useful method for making [reset] only work for user access level 1
  7. instead of using <? echo 'banner content'; ?> in the banner.php just use banner content in it with no php tags
  8. hi, i followed phpacademys login and register system from part one to part twenty two, after this i created a nice web design and added a php chatbox now what i want to know is i have a function called protect_page() that redirects guests to a error message and i have a has_access() function which checks the users rank, this is all good but if i want multiple ranks eg 1, 2, 3, but 4 not to access it how would i do this i am currently doing this if (has_access($session_user_id, 4) === true) { echo 'you do not have the rights to view this page'; } else { echo 'You have the rights'; } i would like something like this if (has_access($session_user_id < 3) === true) { } but this just wont work. another issue i have i have a function called BBCode used in an echo as $text = ' [center]center text[/center] '; echo BBCode($text); it converts the BBCode to html i would like to use it in this file, which will work with my chatbox <? include 'core/init.php'; if(isset($user_data['first_name'])){ $text = $_POST['text']; $fp = fopen("log.php", 'a'); fwrite($fp, '('.date('g:i A').') <b><a href="'. $user_data['username'] .'" target="_blank">'.$username.'</a></b>: '.stripslashes(htmlspecialchars($text)).'<br> '); fclose($fp); } ?> the BBCode function is function BBCode ($string) { $search = array( '#\[center\](.*?)\[/center\]#si', '#\[list\](.*?)\[/list\]#si', '#\[li\](.*?)\[/li\]#si', '#\[b\](.*?)\[/b\]#si', '#\[br\](.*?)\[/br\]#si', '#\[i\](.*?)\[/i\]#si', '#\[u\](.*?)\[/u\]#si', '#\[img\](.*?)\[/img\]#si', '#\[url=http://(.*?)\](.*?)\[/url\]#si', '#\[size=(.*?)\](.*?)\[/size\]#si', '#\[font=(.*?)\](.*?)\[/font\]#si', '#\[color=(.*?)\](.*?)\[/color\]#si', '#\[code\](.*?)\[/code\]#si' ); $replace = array( '<center>\\1</center>', '<ol>\\1</ol>', '<li>\\1</li>', '<b>\\1</b>', '<br>\\1</br>', '<i>\\1</i>', '<u>\\1</u>', '<img src="\\1">', '<a href="\\1">\\2</a>', '<font size="\\1">\\2</font>', '<font family="\\1">\\2</font>', '<font color="\\1">\\2</font>', '<code>\\1</code>' ); return preg_replace($search, $replace, $string); } thanks one last thing i need, the chatbox i have sends the entered data with the php code i sent above, to log.php, i was wonderign if there was a faster way of clearing this chatbox then going into the file and removing all the content form it? would it be possible to add a word to reset it like [reset] with a similar method to the bbcode or something along those lines thanks
  9. as barand has said multiple times PUT IT INTO A HTML TABLE, MAKE IT DOWNLOAD AS .HTML AND OPEN THE .HTML WITH WORD and it will display a word table
  10. oh sorry, i thought it was ment to be posted here, can a mod move it if its to disrupting?
  11. hi, i am thinking of making a website design website, where i will be selling paid web designs, and also releasing free ones, that i will be designing, i only need a php script that supports the following - email verification - possibillity to integrate with MYBB forums - MD5 encryted passwords - registered(members) only pages - system that auto downloads a design after a payment is proccessed (paypal) - and it goes without saying injection protection thats about all i can think of that i will need can anyone tell me where i could find a free version of that? or maybe make one for me?
  12. coder of the script says my webhost doesen't support it
  13. i cant see where you told it to upload to?
  14. i get this error when i removed that line Warning: Wrong parameter count for imagettftext() in /home/u215204170/public_html/sss/sc.php on line 23
  15. ok i have a code that goes to a database and gets the info, and puts it on an image, the user can change the color of this image from the cpanel, only problem is it displays the image url not found icon here is my code sc.php <?php $color = "red"; include('statuscheckercheck.php'); if($color == "red"){ $image = imagecreatefrompng("img/Red.png"); } else if($color == "blue") { $image = imagecreatefrompng("img/Blue.png"); } else if($color == "golden") { $image = imagecreatefrompng("img/Golden.png"); } else if($color == "green") { $image = imagecreatefrompng("img/Green.png"); } else if($color == "orange") { $image = imagecreatefrompng("img/Orange.png"); } else if($color == "purple") { $image = imagecreatefrompng("img/Purple.png"); } else { $image = imagecreatefrompng(" img/Red.png"); } $foreground = imagecolorallocate($image, 255, 255, 255); $font = 'Kimbalt.ttf'; $message = $sn; imagettftext($image,15, 0, 10, 27, $foreground, $font ,$message); $message = $v; imagestring($image,20,90, 65,$message,$foreground); header("Content-type: image/png"); imagepng($image); ?> statuscheckercheck.php <?php include('config.php'); if ($db_found) { if(isset($_GET['server'])){ $ServerName = $_GET['server']; $SQL = "SELECT Name,Votes,colour FROM server WHERE Name='$ServerName'"; $result = mysql_query($SQL); while ($db_field = mysql_fetch_assoc($result)) { $sn = $db_field['Name']; $v = $db_field['Votes']; $color = $db_field['colour']; } } else { } } else { } ?> config.php <?php //######################################## //############Created By Dartz############ //######################################## //######I Do NOT Expect Credit this########## //##########Is free open source.############# //##Some Vulnerabilities exist for those####### //#############script kiddies.############### //######################################## //#######DO NOT DELETE THIS MESSAGE#### //######################################## //extrmind(); $exists = true; // Security //ADVERTS $currentadv = 1; $advertspaceI = array("http://rune-logic.weebly.com/uploads/8/8/7/2/8872672/header_images/1327709161.jpg, http://i41.tinypic.com/2liet7k.jpg");//Advert image links $advertspaceL = array("http://rune-logic.weebly.com, http://3mberscape.webs.com");//Advert hyperlinks //END OF ADVERTS $user_name = "u215204170_sss"; $password = "ssssss"; $database = "u215204170_sss"; $server = "mysql.nazuka.net"; $db_handle = mysql_connect($server, $user_name, $password); $db_found = mysql_select_db($database, $db_handle); ?>
  16. similar thing happened to me once, try cleaning your internet history and cookies (ccleaner) normally works
  17. i cant figure out how and were, if i should add any /,. or anything, could you possibley do this for me?
  18. i did try this, but it displayed an error to reprove it ill redo it and screen error update http://prntscr.com/9kzgr the description would be inbetwean those 2 lines normally go to rspsdb.org/serverpage.php?server=PKXILE to see what i mean well it displays it, but it deosent show in bbcode
  19. i am looking to add bbcode to my toplist service for description, i have a working code but it wont allow for example echo $descr; instead os displaying the description it just displays the text descr here is my code <?php function BBCode ($string) { $search = array( '#\[b\](.*?)\[/b\]#', '#\[i\](.*?)\[/i\]#', '#\[u\](.*?)\[/u\]#', '#\[img\](.*?)\[/img\]#', '#\[url=(.*?)\](.*?)\[/url\]#', '#\[code\](.*?)\[/code\]#' ); $replace = array( '<b>\\1</b>', '<i>\\1</i>', '<u>\\1</u>', '<img src="\\1">', '<a href="\\1">\\2</a>', '<code>\\1</code>' ); return preg_replace($search.'si', $replace, $string); } ?> <?php echo BBCode('Here is some [b]Bold![/b] and so on!'); ?> this works perfectly but as soon as i put something along the lines of this echo BBCode('$descr'); it wont display anything but the text $descr
  20. assuming you mean index page, and your making a php site name the main file index.php and it should display it when you go to your domain, if this isn't what you where refereing to explain with more detail.
  21. ok i have a image uploading script here, it works fine but theres one thing im unhappy with when i first downloaded it it had 1 working one, and the rest examples which you basically have to put together yourself with the sample code (doesen't work without adding missing coding), i have done all that then i took the time to add a random string prefix, im new at php so it took me awhile to work out which strings would work in the right area. now this is what i need help with, when it uploads it has two options, download and remove, these both work fine, but on the file uploader that does work it has "file uploaded to "http://site.com/image.png" the example of course did not work (had loading bar working, and etc but didn't upload or have the feature i just mentioned) and the coder of the script used javascript and inner html for the file uploaded.... etc, because it uploads without refreshing, only thing is i cant seem to get it to work with the new random string i put in, i tried to recreate one with the same type of thing they used for the filename but it didn't work well here is the code, hope you can help. image upload handler <?php require_once "phpuploader/include_phpuploader.php" ?> <?php $uploader=new PhpUploader(); if(@$_GET["download"]) { $fileguid=$_GET["download"]; $mvcfile=$uploader->GetUploadedFile($fileguid); header("Content-Type: application/oct-stream"); header("Content-Disposition: attachment; filename=\"" . $mvcfile->FileName . "\""); readfile($mvcfile->FilePath); } if(@$_POST["delete"]) { $fileguid=$_POST["delete"]; $mvcfile=$uploader->GetUploadedFile($fileguid); unlink($mvcfile->FilePath); echo("OK"); } if(@$_POST["guidlist"]) { $guidarray=explode("/",$_POST["guidlist"]); //OUTPUT JSON echo("["); $count=0; foreach($guidarray as $fileguid) { $mvcfile=$uploader->GetUploadedFile($fileguid); if(!$mvcfile) continue; //process the file here , move to some where //rename(...) if($count>0) echo(","); echo("{"); echo("FileGuid:'");echo($mvcfile->FileGuid);echo("'"); echo(","); echo("FileSize:'");echo($mvcfile->FileSize);echo("'"); echo(","); echo("FileName:'");echo($mvcfile->FileName);echo("'"); echo("}"); $count++; } echo("]"); } //USER CODE: $rand = substr(md5(microtime()),rand(0,26),10); $targetfilepath= 'savefiles/' . $rand->rand . $mvcfile->FileName; if( is_file ($targetfilepath) ) unlink($targetfilepath); $mvcfile->MoveTo( $targetfilepath ); exit(200); ?> image upload(with form to choose file) <?php require_once "phpuploader/include_phpuploader.php" ?> <?php session_start(); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title> Ajax - Build attachments table </title> <link href="demo.css" rel="stylesheet" type="text/css" /> <script type="text/javascript"> var handlerurl='ajax-attachments-handler.php' function CreateAjaxRequest() { var xh; if (window.XMLHttpRequest) xh = new window.XMLHttpRequest(); else xh = new ActiveXObject("Microsoft.XMLHTTP"); xh.open("POST", handlerurl, false, null, null); xh.setRequestHeader("Content-Type", "application/x-www-form-urlencoded; charset=utf-8"); return xh; } </script> <script type="text/javascript"> var fileArray=[]; function ShowAttachmentsTable() { var table = document.getElementById("filelist"); while(table.firstChild)table.removeChild(table.firstChild); AppendToFileList(fileArray); } function AppendToFileList(list) { var table = document.getElementById("filelist"); for (var i = 0; i < list.length; i++) { var item = list[i]; var row=table.insertRow(-1); row.setAttribute("fileguid",item.FileGuid); row.setAttribute("filename",item.FileName); var td1=row.insertCell(-1); td1.innerHTML="<img src='phpuploader/resources/circle.png' border='0'/>"; var td2=row.insertCell(-1); td2.innerHTML=item.FileName; var td4=row.insertCell(-1); td4.innerHTML="[<a href='"+handlerurl+"?download="+item.FileGuid+"'>download</a>]"; var td4=row.insertCell(-1); td4.innerHTML="[<a href='javascript:void(0)' onclick='Attachment_Remove(this)'>remove</a>]"; } } function Attachment_FindRow(element) { while(true) { if(element.nodeName=="TR") return element; element=element.parentNode; } } function Attachment_Remove(link) { var row=Attachment_FindRow(link); if(!confirm("Are you sure you want to delete '"+row.getAttribute("filename")+"'?")) return; var guid=row.getAttribute("fileguid"); var xh=CreateAjaxRequest(); xh.send("delete=" + guid); var table = document.getElementById("filelist"); table.deleteRow(row.rowIndex); for(var i=0;i<fileArray.length;i++) { if(fileArray[i].FileGuid==guid) { fileArray.splice(i,1); break; } } } function CuteWebUI_AjaxUploader_OnPostback() { var uploader = document.getElementById("myuploader"); var guidlist = uploader.value; var xh=CreateAjaxRequest(); xh.send("guidlist=" + guidlist); //call uploader to clear the client state uploader.reset(); if (xh.status != 200) { alert("http error " + xh.status); setTimeout(function() { document.write(xh.responseText); }, 10); return; } var list = eval(xh.responseText); //get JSON objects fileArray=fileArray.concat(list); AppendToFileList(list); } function ShowFiles() { var msgs=[]; for(var i=0;i<fileArray.length;i++) { msgs.push(fileArray[i].FileName); } alert(msgs.join("\r\n")); } </script> </head> <body> <div class="demo"> <h2>Building attachment table (AJAX)</h2> <p>This sample demonstrates how to build your own attachment table.</p> <?php $uploader=new PhpUploader(); $uploader->MaxSizeKB=10240; $uploader->Name="myuploader"; $uploader->MultipleFilesUpload=true; $uploader->InsertText="Select multiple files (Max 10M)"; $uploader->AllowedFileExtensions="*.jpg,*.png,*.gif,*.bmp,*.txt,*.zip,*.rar"; $uploader->Render(); ?> <br/><br/> <table id="filelist" style='border-collapse: collapse' class='Grid' border='0' cellspacing='0' cellpadding='2'> </table> <br/><br/> <button onclick="ShowFiles()">Show files</button> </div> <script type='text/javascript'> //this is to show the header.. ShowAttachmentsTable(); </script> <script type='text/javascript'> function CuteWebUI_AjaxUploader_OnTaskComplete(task) { var div=document.createElement("DIV"); var link=document.createElement("A"); link.setAttribute("href","savefiles/"+task.rand); link.innerHTML="You have uploaded file : savefiles/"+task.rand; link.target="_blank"; div.appendChild(link); document.body.appendChild(div); } </script> </body> </html> and here is the phpuploader.php file just in case 18324_.php
  22. hi, i am using a toplist scriptadvtime.nazuka.net/toplistand i want it so when a user adds a banner over a certain width, instead of it making the toplist stretch out of order, it resizes/overflowsthe image thanks.
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.