Jump to content

bashy

Members
  • Posts

    20
  • Joined

  • Last visited

Posts posted by bashy

  1. Not sure if you coded this yourself but have you checked PHP errors and checked them?

     

    I can see one just skimming it, the code below (copied from yours) has errors.

     

    • Firstly, where you getting $possible_city from?
    • You also don't close the </option> tag?
    • $possible_city doesn't have a closing ;
    foreach ($rows as $row) {
        $city = $row->city;
                                     
                                                                    ?>  
                                                                                                                                                                   
    <option> <?php echo $possible_city ?>
                                                                                                                                   
    <?php
    //end loop through cities for pulldown results
                   }
    ?>
    
  2. Looking on PHP manual, try adding

    header('Content-Length: ' . filesize($name));
    

    Or looking at PHP readfile, there's some added functions by users, found something you might want to change and take a look at

    $filename = 'dummy.zip';
                $filename = realpath($filename);
    
                $file_extension = strtolower(substr(strrchr($filename,"."),1));
    
                switch ($file_extension) {
                    case "pdf": $ctype="application/pdf"; break;
                    case "exe": $ctype="application/octet-stream"; break;
                    case "zip": $ctype="application/zip"; break;
                    case "doc": $ctype="application/msword"; break;
                    case "xls": $ctype="application/vnd.ms-excel"; break;
                    case "ppt": $ctype="application/vnd.ms-powerpoint"; break;
                    case "gif": $ctype="image/gif"; break;
                    case "png": $ctype="image/png"; break;
                    case "jpe": case "jpeg":
                    case "jpg": $ctype="image/jpg"; break;
                    default: $ctype="application/force-download";
                }
    
                if (!file_exists($filename)) {
                    die("NO FILE HERE");
                }
    
                header("Pragma: public");
                header("Expires: 0");
                header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
                header("Cache-Control: private",false);
                header("Content-Type: $ctype");
                header("Content-Disposition: attachment; filename=\"".basename($filename)."\";");
                header("Content-Transfer-Encoding: binary");
                header("Content-Length: ".@filesize($filename));
                set_time_limit(0);
                @readfile("$filename") or die("File not found.");
    
  3. You're $_GET'ing the "about" text? :confused: You want $_POST['about'], not sure why you'd want to send that data via the URL.

     

    For the SQL injection nightmare with that code, secure it with the below suggestion.

    You should be looking at using different SQL functions, mysql_* PHP functions have been deprecated: https://wiki.php.net...sql_deprecation

    Use prepared statements explained in this thread: http://forums.phpfre...ion-protection/

    1. Make the list of "New Threads" longer and maybe add "Latest Replies" section
    2. Do you have the update from IPB with the best answer in it? I see solved prefixes but in the thread it doesn't give the best answer link at the top. Maybe add that?
    3. Something along the lines of "Unanswered questions" tag in the menu that gives you a list?
    4. Maybe add this hook so people can see if the person is still online or not (quickly of course, as it's in the profile card hover) http://community.invisionpower.com/files/file/4268-user-online-status-in-topics/
    5. Do something with the top advert, the square random one which creates a lot of white space :)

    1JIMT.jpg

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.