Tom10

@set_time_limit(0);

you could add something like WHERE email=$email to your query

if($_SERVER['REQUEST_METHOD'] == "POST")) { //Execute query } else { } Also you should use PDO or MySQLi connect to db try { $con = new PDO("mysql:host=localhost;dbname=mycontacts", "root", "password"); $con->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); } catch (PDOException $e) { echo "The following error has occurred: ".$->getMessage()." "; }

if(preg_match("%[^\w\s\b\/\%\&\?\=\-\.\_]%", $_GET['delete'])) { } else { } Not sure if that would work, i was thinking make a regular expression if there are spaces in the url do nothing

you could use the rand() function to generate a new key each time the page loads $key = rand(); md5($key);

Post the code?

$mime = getimagesize($src); switch($mime['mime']) { Is unreliable Look into File Uploads <?php if(isset($_REQUEST['upload'])) { $dir = "./"; $file = $dir . basename($_FILES['userfile']['name']); $ext = pathinfo($file, PATHINFO_EXTENSION); $allowed = array('jpg', 'bmp', 'png', 'gif'); if($_FILES['userfile']['size'] > 500000) { die("File size is too large!"); } if(!in_array($ext != $allowed)) { die("The selected file is not allowed to be uploaded. You may upload files with the following extensions: jpg, png, bmp, gif"); } if(move_uploaded_file($_FILES['userfile']['tmp_name'], $file)) { echo "Your file: ".$file." has been uploaded!"; } else { echo "Upload failed"; echo "Here is some debugging information:"; print_r($_FILES); } if(is_uploaded_file($file)) { die("A file with the same name has already been uploaded. Please re-name your file and try again."); } } ?> hasn't been tested just coded it purely as an example. blacknight's code looks ok apart from mime to check the file type so you can do it which ever way just add a sql record like blacknight has when the file is uploading.

Thanks that has solved the problem

ok thanks i will try that, and i am just experimenting with switch

<?php if(isset($_GET['page']) && !empty($_GET['page'])) { switch($_GET['page']) { case 'home': ?> <html> <b>Home Page</b> </html> <? break; case 'challenge': ?> <html> <b>Challenege</b> </html> <? break; case 'languages': ?> <html> <b>Languages</b> </html> <? break; case 'passwords': ?> <html> <b>Passwords</b> </html> <? break; } } ?> Parse error: syntax error, unexpected end of file

Here is an example i found, but i don't understand why he has put ?> closing tags if(isset($_GET['page']) && !empty($_GET['page'])) { switch($_GET['page']) { case 'home': { ?> <CENTER> <H1> <U> Home </U> </H1> This is a sitemap of all the links and pages for this file, from here you can navigate to other pages. <H3> <U> Sitemap </U> </H3> <A HREF="<?php echo htmlspecialchars(htmlspecialchars($_SERVER['PHP_SELF'])) . '?page=home' ?>"> Home </A> <BR /> <A HREF="<?php echo htmlspecialchars(htmlspecialchars($_SERVER['PHP_SELF'])) . '?page=challenge' ?>"> Challenge </A> <BR /> <A HREF="<?php echo htmlspecialchars(htmlspecialchars($_SERVER['PHP_SELF'])) . '?page=languages' ?>"> Languages </A> <BR /> <A HREF="<?php echo htmlspecialchars(htmlspecialchars($_SERVER['PHP_SELF'])) . '?page=passwords' ?>"> Passwords </A> <BR /> <?php } break; case 'challenge': { ?> <CENTER> <H1> <U> The Challenge </U> </H1> Somewhere in this script is a vulnerability I have hidden! A key has been hidden somewhere which will lead on to the next part of the Challenge. <BR /> <BR /> <H3> <U> Files on this server </U> </H3> Below is a list of files in this directory so you can complete the challenge. This should be all you need to complete this challenge, the rest will test your hacking knowledge! <BR /> <BR /> <H3> <U> File List </U> </H3> <?php foreach(preg_grep('/^([^.])/', scandir(getcwd())) as $files) { if($files != '.' | $files != '..') { print($files . ' <BR />'); } } } break;

I have another problem , When i click a link how do i clear everything and have a fresh page? when i click challenge the page stays the same except it echo's challenge page but is there a way when i click challenge to remove all the links and add new content?

Thank you

<?php if(isset($_GET['page']) && !empty($_GET['page'])) { switch($_GET['page']) { case: 'home': { echo "<center><h1>Home Page</h1></center>"; } break; case: 'challenge': { echo "<center><h1>Challenege Page</h1></center>"; } break; case: 'languages': { echo "<center><h1>Languages Page</h1></center>" } break; case: 'passwords': { echo "Passwords Page"; } break; } } ?> <A HREF="<?php echo htmlspecialchars(htmlspecialchars($_SERVER['PHP_SELF'])) . '?page=home' ?>"> Home </A> <BR /> <A HREF="<?php echo htmlspecialchars(htmlspecialchars($_SERVER['PHP_SELF'])) . '?page=challenge' ?>"> Challenge </A> <BR /> <A HREF="<?php echo htmlspecialchars(htmlspecialchars($_SERVER['PHP_SELF'])) . '?page=languages' ?>"> Languages </A> <BR /> <A HREF="<?php echo htmlspecialchars(htmlspecialchars($_SERVER['PHP_SELF'])) . '?page=passwords' ?>"> Passwords </A> <BR /> Hi so i am currently learning about case and break and i am getting the following error Parse error: syntax error, unexpected ':' in case: 'home': Apparently is where the error is coming from

Here is an example which may help you but as gingerjm said there is not much we can do please post your code in this thread and list the errors you are getting <?php require 'connect.php'; session_start(); @error_reporting(E_ALL | E_NOTICE); //set to 0 when on a live server @ini_set('display_errors', 1); //set to 0 when on a live server if($_SERVER['REQUEST_METHOD'] == "POST") { $username = $_POST['user']; $password = $_POST['pass']; $username = strip_tags($username); $username = htmlentities($username, ENT_QUOTES); $username = htmlspecialchars($username, ENT_QUOTES); if(preg_match("#[^\w\b\s]#", $username)) { echo "<h1><span style='color: #222; font-weight: bold; font-size: 38px; font-family: sans-serif;'>Username has been rejected.</h1>"; echo "<h3><u>Your requested username:</u> ".$username." </h3>"; echo "<h3><u>Why has my username been disallowed?</u></h3><br>"; echo "<li>Your username contains illeagal characters such as: !&*(#~{;$%^+=</li>"; die(); } $password = hash('gost-crypto', $password); $stmt = $handler->prepare("SELECT * FROM users WHERE BINARY username = BINARY '{$username}' AND BINARY password = BINARY '{$password}'"); $stmt->execute(); $row = $stmt->fetch(PDO::FETCH_ASSOC); if($stmt->rowCount() > 0) { if($row['rank'] > 0) { $_SESSION['username'] = $username; $_SESSION['loggedIn'] = 1; $_SESSION['rank'] = 1; $_SESSION['status'] = 1; echo '<meta http-equiv="refresh" content="0;admin.php" />'; } else if($row['rank'] < 1) { $_SESSION['username'] = $username; $_SESSION['loggedIn'] = 1; $_SESSION['rank'] = 0; $_SESSION['status'] = 1; echo '<br><br><br><br><br><br><br>'; echo '<center><img src="https://ers.snapuptickets.com/ers/images/loading-spiral.gif" width="100" /></center>'; echo '<center><br><h3><b>Loading. Please wait..</b></h3></center>'; echo '<meta http-equiv="refresh" content="3;user.php" />'; exit(); } else if($row['rank'] < 0) { die("Error: Your account has been banned!"); } } else { die(" <h1>Username or Password incorrect.</h1> <br> <u><b>Please note:</b></u> <li>Usernames and passwords are case-sensitive!</li> "); } } ?> Here is an example i coded a while back, not the best but should be ok for your question.

Thank you

You could include BINARY in the statement example: $qeury = SELECT * FROM table WHERE BINARY LOWER(field_1) OR BINARY LOWER(field_2) OR BINARY LOWER(field_3) LIKE '%$search%' ORDER BY date

Now it say's Error: 2 else { die("Error: ".$_FILES['userfile']['error']." "); } i'm guessing it's that?

It said first time the admin blocked it?

if($_SERVER['REQUEST_METHOD'] == "POST") { $dir = "./"; $file = $dir . basename($_FILES['userfile']['name']); $ext = pathinfo($file, PATHINFO_EXTENSION); $filename = $_FILES['userfile']['name']; $allowed = array('jpg', 'png', 'gif', 'bmp'); if($_FILES['userfile']['size'] > 10000) { die("File is too large!"); } if($ext != $allowed) { die("Invalid Image File. Possible hack attempt!"); } if(move_uploaded_file($_FILES['userfile']['tmp_name'], $dir)) { echo "File: ".$_FILES['userfile']['name']." has been uploaded to ".$dir."! "; } else { die("Error: ".$_FILES['userfile']['error']." "); } } This part is the problem if($ext != $allowed) { die("Invalid Image File. Possible hack attempt!"); }

if($_SERVER['REQUEST_METHOD'] == "POST") { $dir = "./"; $file = $dir . basename($_FILES['userfile']['name']); $ext = pathinfo($file, PATHINFO_EXTENSION); $filename = $_FILES['userfile']['name']; $allowed = array('jpg', 'png', 'gif', 'bmp'); if($_FILES['userfile']['size'] > 10000) { die("File is too large!"); } if($ext != $allowed) { die("Invalid Image File. Possible hack attempt!"); } if(move_uploaded_file($_FILES['userfile']['tmp_name'], $dir)) { echo "File: ".$_FILES['userfile']['name']." has been uploaded to ".$dir."! "; } else { die("Error: ".$_FILES['userfile']['error']." "); } } i get no errors but if($ext != $allowed) { die("Invalid Image File. Possible hack attempt!"); } is the problem, it just says Invalid Image File. Possible hack attempt!

It's ok i figured it out foreach(preg_grep("#[^\.]#", scandir(getcwd())) as $contents) { if($contents != '.' | $contents != '..') { print($contents . ' <BR />'); } }

I tried this <?php $scan = scandir("/"); echo $scan; ?> And got an output Array

Hi i am currently going through functions trying to learn more about php and i used the scandir() function, is there a way to get the output on the page without using print_r() ? Thanks

What does is $num equal to?