redbullmarky

[quote author=JayBachatero link=topic=118552.msg484560#msg484560 date=1166072318] So free forum software are not good? ;) [/quote] yeah with so many free forums out there these days, a handful are ALWAYS going to rise to the top and stand out, meaning that effectively, paid forums are a waste of money now. I did like IPB before PHPFreaks moved, but that was more from a user perspective. However, if the admins say there was a tonne of security problems and holes all over, and moved from the commercial IPB to free SMF as a result, that's good enough for me.

first impressions are pretty good. i had a glance at the old site, and this ones definitely a marked improvement. looks alot more professional. only things i'd look at is an alternative font other than the default one, and trying to make some of your links look like links. as it's a black and white page, it makes it even harder - so i just tend to find that i hover my mouse around hoping that i'll find a link somewhere. clicking through to the 'Latest News' page, my eyes are immediately drawn to that clump of coloured buttons (XHTML, get firefox, etc) and it kinda spoils the mood a little bit. Things like that are better in your footer, or in this case (considering it's a music site) better being done away with completely. I actually like the ones at the bottom of this forum, as they stay "quiet" until you hover over them. other than that, it's not too bad at all, and like i say - much of an improvement over the old one. Cheers Mark

haha i love cartoons like that. good job. there's some great ones here too: http://www.apathyunlimited.co.uk/toons/apathy2.htm [b]edit[/b] warning: may contain some strong language. do some more C_V!

the htaccess file goes inside of the directory containing the file where the initial request is being made. so to use the htaccess you showed above, you'd need to put this either in the directory served by www, or even lower - and i'd bet my left nad on the fact that you dont have this type of access. busi is right though. if your website is worth enough to you, there a plenty of hosts out there that for only a couple of £ a month will host it, coupled with a domain name of your own. you cant really expect much out of a free host apart from restrictions and/or adverts. cheers Mark

it goes a little like this. so does the Mac vs PC, PHP vs ASP arguments: Would anyone admit that their kids are really ugly compared to someone elses? Nah didnt think so. If IPB is your "kid", its beautiful. Don't mean that other peoples kids arent better looking - just you either wont admit it or cant see it. Nothing wrong with that. But on the subject - as I am neither the owner or an administrator (hence not the daddy), I can prob give a less biased opinion -  the fact that SMF is open source and beyond a stable version gives it one hell of an advantage over IPB/vBulletin. Problems are fixed ever day and (if necessary) released every day. Commercial software on the other hand - you have to kinda scratch your arse a bit waiting ages for something to be done. Oh, and you paid for it too. SMF has its faults, just like any other piece of software. But it's alot more open and friendly to the 'general' public (ie, not just forum experts or geeks) and as this community is generally about learning new things, I think it's ideal. And also a kinda off tangent reason. Linux + Apache + Mysql + PHP = most people's setup for their webserver around these parts. All open source. All at the top of their respective categories. All heavily community driven. What better than an open source, PHP-based, community supported forum for a PHP-based community? There's my 0.00000000000020000000167p anyway.

well, the only feedback i can give: your plain white page with just the text "You are banned for disobeying the rules." up in the top left hand corner - does not validate ;)

right on both counts - but like i say, you should wonder how someone even knows your MD5'd password, never mind how/why/when they'll turn it into something useful. absolutely guaranteed that if i was to play around with a website, and get as far as getting an MD5'd password, i'm in far enough to do pretty much anything I feel like. Adding new admin users with a password i know? not a worry. Changing pages? easy. MD5, etc, should really be one of your LAST lines of defence. Too many people (and not implying you guys in any way) really do forget that, and think that having their password encrypted to the teeth with super-duper 22nd century encryption will save them from a bit of poor form coding and lack of proper validation. Cheers

MD5/SHA1. both do the trick. but if they can manage to get hold of even your MD5'd password, then unfortunately they've probably gotten far enough into your system to make your stolen encrypted password the last of your worries. sure - do it anyway. like Accurax said, it's a deterrant and covers certain line of attacks. but if someone (and i have tried this out during tests) can get through your frontline using an SQL injection or similar, then the fact that the password is encrypted makes little difference. If you can get as far as seeing it (normally by inserting a SELECT statement amongst a few other tricks), then there's no restrictions on CHANGING it (notably with an admin account) to a totally new MD5 that you DO know what its original form is, and voila - you're in. So - whilst its easy to think MD5 is a good defence - what Crayon Violent and utexas_pjm said is going to lock things down much better than simply encrypting your passwords alone. Pay close attention to a) magic_quotes (google will help you out here) b) making sure data send via a form or the URL is safe for the DB ([url=http://www.php.net/mysql_real_escape_string]mysql_real_escape_string[/url] as used in C_V's first example above) but also make sure that, if you are displaying pure user input to the screen or re-filling input boxes that the data has been properly santised ([url=http://www.php.net/htmlspecialchars]htmlspecialchars[/url], for example here). It might seem like alot, but security is nothing to be taken lightly. I had one of my sites breached, and cleaning up afterwards isn't fun. Too many people are happy enough to chuck a couple of input boxes on the screen, label them "username" and "password", and compare them to whats in the database on submission without considering what can/will be done if the wrong person comes along. the effort to not just learn about these coding measures, but to actually find out the ins and outs of why/what/when, etc, pays off, too. without sounding like the police or something, laws are ever changing to make sure that everyone that stores user data on a website takes every measure to lock it down.

i tried to see if you got the < script > issue sorted (which you did), so i was probably banned for valid reasons. but no arguments, no time limit, no means of appeal - just 'you are banned forever' type thing. not a clue with IP. it changes quite a bit. always starts with an 86 though. thing you need to watch with IP banning is things like corporate networks, etc. ban one, you ban the whole company - and considering much of word of mouth goes around during "office doss time", IP banning is not good.... i'm sure one day he'll realise that a login/verification system of some form is gonna be the best method. even if it was a 'provide a valid email address' to which a link is sent to to activate the comment, rather than just your normal run-of-the-mill login system. will prevent spam to a large extent, too.

might be worth me pointing out to others that want to test out the functionality - it really isnt hard to get banned. BM, if you want any more help from me on this one, can you lift my ban please ;D

dont let the name of 'public_html' decieve you. if you've set it up like: public_html/website1/index.php (www.website1.com/index.php) public_html/website2/index.php (www.website2.com/index.php) then it looks like website1 and website2 have been set up as their own individual document roots, so essentially the public_html is outside of prying eyes. if that is the case, make a directory inside your public_html folder (on the same level as your website1/website2 directories) and you're ready to go.

righty then, let us start with a simple question. lets take your secret site as an example. see where its main index.php file is? ie, the homepage? that is just inside your web root. imagine it's your C:\WINDOWS. in this case, anything ELSE on your C: drive (including, for example, C:\ , C:\games, C:\porno etc is NOT accessible to you. only the C:\windows is. BUT - a script inside the C:\windows can have access to these other directories and its contents, just not the actual user. get it now? so if you have a public_html, then ANYTHING in there is accessible from the web. anything elsewhere on the server is NOT. scripts WITHIN your public_html can access other places, but the user can't directly. get it?

its better what you've done with the 'E'. looked to much like 'secrete feedback' before. also, there is a site there now. assuming you got your security tightened up a bit? actually it doesnt look [i]too[/i] bad.but 1) i have to ask - what's the point of having that scrollbar inside the page? a) its not wide enough for the content, so i get a vertical scrollbar too, and b) in this case, the outer (main page) scrollbar is perfectly sufficient. as for inner scroll areas in general - i learned the error of my ways as soon as i bought a mouse with a mousewheel. inner scroll areas are a pain in the arse for us. 2) you have no page title. 3) there is no padding between the container and text on the pages. 4) displaying email addresses like that on sites - especially free ones like yahoo or hotmail - just looks bad and cheapens things alot. make a contact form. 5) what is the file upload for (apart from gaining unauthorised access to your pages... ;D) ? 6) using javascript to provide your cornering seems a bit of a cop-out. either use images, or CSS (www.cssplay.co.uk) 7) although you have a 'Home' link at the top, for me the best home link on sites i visit is the logo. 8) things just seem a little too text-based (ie, bland), especially with the coldish colour scheme to go with it. 10) your 'error' pages upon entering invalid info are pretty useless. 11) seems a little too easy to insert junk into. no registration required, etc. once the bots catch up with you, you'll have a headache and a half.

fair comment. the drop in width looks tonnes better though. not sure if i mentioned this last time, but do you reckon the very top story should be made to stick out a bit, maybe even with a related image? if not, either way, i think it looks very good.

yeah i think that's what many of the plugins seem to be doing. steve - you're right, browsercamp will do for the time being, and do what i want, but you know how it is - something that plugs in to your browser that you can quickly call using the context menu to 'trick' the browser into believing that the outer body of the document is much bigger than it is - which would cause scrollbars, but would ultimately trick the inner contents to scaling as if it was on a bigger monitor (i think). i can simulate the effect by adding a 'width:1200px' or whatever to the body in the stylesheet, but obviously its not as convenient to keep tweaking the code like that or putting JS patches all over the place. maybe i'm just being a fussy (lazy) git :) cheers for the suggestions though guys. i've picked up some handy things along the way...

it's looking good. maybe its just me being picky, but I think you could do worse than trying these two together: 1, drop the width of your 'breaking news' column a touch. 200px tops would probably do the trick. 2, switch the columns, so that your top stories column sits on the left of the page and the breaking news on the right.

architects + absinthe. dont mess with the green stuff ;)

not the right sort of thing. that seems to be a function from a total package, not the one i mentioned. doing a simple google search for "display_errors htaccess" gave: http://www.evolt.org/article/Make_your_PHP_code_portable/17/28117/index.html http://support.easystreet.com/hosting/unix/dynamic-config.htm but once again - you came back 10 minutes after i suggested something and said you dont understand. do you really have a lack of time here to actually put some effort into researching your tools?

dev c++ loaded up with a copy of GCC (i think its included - i cant remember) as daniel said is all you need to make standalone executables. very good too as i use it myself from time to time for bits and pieces.

php.ini contains all your settings for PHP, just like a regular INI file. .htaccess is an apache file that also allows you to tweak php settings without changing the main config file, in the event you need to change things on a project by project basis. ted, you'd really learn alot from trying to help yourself a little more. sure, we're here to help, and you've presented us with code to look at - but do you understand what your code is actually doing and why? it'd be worth taking a time-out sometime around about now, and try and digest what you've already got. once you truly understand what you've done, errors like the one you're having will be easily rectified. and its the only way you'll learn... as i say - type "display_errors" or "display_errors htaccess" or "display_errors php" into google if you truly wish to know what they are. sure, i could explain it to you - but stuff like that is definitely one to research and learn from yourself.

[url=http://www.php.net/phpversion]phpversion[/url] ;)

spelling error. this will make the 'while' loop infinite: [code]     $file = $category."/".$filename."".$counter_var.".txt"; [/code] you put $file[b]a[/b] = $category, not $file = $category. you may want to turn display_errors on in your PHP.ini/htaccess file. Put display_errors into google and you should find a good enough explaination of how to turn it on whilst you're developing things.

[quote author=The Little Guy link=topic=117923.msg481472#msg481472 date=1165627245] But I shouldn't have to do that, and I don't want that. There is a way to do it in PHP, but I don't know how. [/quote] little tip - if someone replies with a perfectly good answer to a question you didnt know the answer to, then maybe it's worth a try ;) in actual fact, mgallforever has pretty much hit the nail on the head. PHP scripts ARE generally only given a set amount of time to run, for various reasons. needing more than that is quite unusual unless you're doing something specific or something along the lines of what you're trying to achieve. if your dispute to mgallforever's post was the fact that you dont want to change your PHP.ini file, then [code] <?php ini_set('max_execution_time', 1200); ?> [/code] right at the top of your script should do the trick. hope that helps Mark

[code] <?php $filename = "text.txt"; list($the_file_bit, $extension) = explode('.', $filename); echo "here's the file bit: $the_file_bit and here's the extension: $extension"; // or : echo $the_file_bit; echo $extension; ?> [/code] have a look at the [url=http://www.php.net/list]list[/url] function. just the ticket for this type of thing. cheers Mark

yeah i did give it a blast, along with ken's suggestion (which made it work - and left me with a nice little utility (the zip editing one) for the future, so not all bad - thanks ken!) but unfortunately, it still doesnt do the trick. it drops the height of my browser window right down, but the width of the window never goes beyong the width of my screen. to kinda clarify - in an ideal world, what i'd expect is this: i select a resolution from my browser. if the res is too big for my screen, then i get scrollbars. sure, i could do this by hacking around at the code/css - but i'd rather if there was a simple tool that just pretended i had a bigger one than i really have (ooohhherrr!)