jaymc

Right, im having trouble getting to while loops to work in the same script. here is the syntax of the while loop [code]while ($resultsa = mysql_fetch_array($runquerya)) { echo $resultsa[FROM]; }[/code] [code]while ($resultsb = mysql_fetch_array($runqueryb)) { echo $resultsb[TO]; }[/code] $runqueryb/$runquerya is the result of a MYSQL query which Im sure is obvious. The problem is, the second While loop does not work/execute/proceed... Im just wondering why. Is it a fault with my code? Or can you only call a while loop or array fetch once? Any help would be great

I want to be able to use headers to output a .wax file the below code will be placed in a file called [b]playlist.php[/b] [code]<? header("Expires: 0"); header("Cache-Control: must-revalidate, post-check=0, pre-check=0"); header("Content-Type: audio/ms-wax"); readfile("../music/playlist.wax"); ?>[/code] I then want to play that wax using embed like so <embed src=playwax.php> But, it doesnt work, no idea why, not even sure if you can set the headers for wax and have it process correctly Any ideas on this

worked a treat, thanks!

Right, I have a PM system which allows members to send messages to each other Now, when reading these messages I want to protect the script by disabling the processing of html So, if a member types out a message like so "<b>hi</b> how are you Then hi will not be in bold, it will simply be displayed with those bold tags around it, the same as it works on here However, and this is the tricky part, I want it to stop the processing of any HTML, apart from the <img> tags (for use with displaying emoticons in the message) Any feasable way to go about this? On the same note, I also want any PHP in messages to be displayed on page, not parsed or ignored

I actually have it working, it works a treat [code] <? $file = $_GET['song']; header("Expires: 0"); header("Cache-Control: must-revalidate, post-check=0, pre-check=0"); header("Content-Type: audio/x-mpeg"); readfile("../music/$file"); ?> [/code] I've then went on to use .htaccess to disable the serving of any WMA file on the server. ;)

Thats no use src=playme.m3u I go to www.site.com/playme.m3u, open it up and hey preston their is a list of all the audio locations

Right, to stop people downloading audio files from my site I have come up with this idea Normally, to play audio in a webpage you would have the following code [b]<embed src=music/audio.mp3></embed>[/b] Now, anyone who views your source code will see the file is called music/audio.mp3, paste it into their browser and wah hey they are downloading the file directly from your server So, I have come up with this idea Have a script that uses headers to read in a file and mae it availablle for download, then, play the audio like so [b]<embed src=play.php?file=audio.mp3></embed>[/b] Thats where Ive hit a problem, It wont play !! I'm not even sure if it will work that way, but in theory it should Here is the code that will setup the play.php to be the equivelent to audio.mp3 [code]<? $file = $_GET['file'];     header("Pragma: public");     header("Expires: 0"); // set expiration time     header("Cache-Control: must-revalidate, post-check=0, pre-check=0");     header("Content-Type: application/force-download");     header("Content-Type: application/octet-stream");     header("Content-Type: application/download");     header("Content-Disposition: attachment; filename=$filename[1]");     header("Content-Transfer-Encoding: binary"); readfile("./uploads/".$file); ?>[/code] I hope Ive explained this well enough to show what I mean Any ideas?

Right, I have made a script that will force the download of files rather than open them up/stream in their default application. Here is the code [code]<? $User_Session = $_SESSION['username']; if ($User_Session == "") {die("HAHA");} $file = $_GET['file']; if (strstr($file, "../")) {die("Unlucky Punk");} $filesize = filesize($file); $filename = explode("---", $file); // required for IE, otherwise Content-disposition is ignored if(ini_get('zlib.output_compression'))   ini_set('zlib.output_compression', 'Off');     header("Pragma: public");     header("Expires: 0"); // set expiration time     header("Cache-Control: must-revalidate, post-check=0, pre-check=0");     header("Content-Type: application/force-download");     header("Content-Type: application/octet-stream");     header("Content-Type: application/download");     header("Content-Disposition: attachment; filename=$filename[1]");     header("Content-Transfer-Encoding: binary"); readfile("./uploads/".$file); ?>[/code] Here are my questions 1: Is it secure? You will notice I checked the $_GEt for the occurance of [b]../[/b] to ensure people dont try and download files outside of the DIR (../../index.php) I think that secures that up, maybe someone knows another flaw in it which would allow people to download what ever file the want 2: This is a problem, for some reason, and this appears to be random, when download a file it can stop downloading after like the first 180kb and acts as if its completed the download. This is not just on certain files, it can happen to any file and seriously looks pretty random. I have no idea why. Their is no error messages, it just stops downloading. Any help on those 2 points will be appreciated

Because I want to display an alert box (warning) when clicking browse I also need to check to see if a file dir has been inputted to the file field

So basically put that when ever echoing out any piece of data that is coming from the users fields?

Ive got this code and it is working, but their is one problem Sometimes, and i think this is random, when clicking save it only saves like 170k of the file Running it again to try and download the same file and it downloads it in full Just wondering why this is happening? [code]<? $file = $_GET['file']; if (strstr($file, "../")) {die("Unlucky Punk");} $filesize = filesize($file);     header("Content-length: ".$filesize);     header("Pragma: public");     header("Expires: 0"); // set expiration time     header("Cache-Control: must-revalidate, post-check=0, pre-check=0");     header("Content-Type: application/force-download");     header("Content-Type: application/octet-stream");     header("Content-Type: application/download");     header("Content-Disposition: attachment; filename=Jaydiocity_$file");     header("Content-Transfer-Encoding: binary"); readfile("./uploads/".$file); ?>[/code]

Im not using eval, but it is still causing problems So, the professional way to go about this is to basically to str_replace() any occurances of [b]<? <?php ?>[/b]

I have a profile system on my website which allows members to fill in fields with data For example [b]First name = Jamie[/b] But, what happens when you get a scripty who comes along and does this [b]First name = <? echo "HI"; ?>[/b] It screws up the page... I need a way to stop it from parsing I have found a tag called [b]<xmp> [/b] which does actually work for both HTML and PHP suprisingly Im just wondering if this is the proper way to go about protecting my site from code injection. If it is, do I have to wrap <xmp></xmp> around any dynamic data a member can submit Thanks

I think No Mime Type is the correct subject title for this Basically, I have made a PM system, which allows attatchments The way it works, if a message has an attatchment the link to the file will be included. However, on clicking the direct link to the file I dont want it to load up in its default application For example, if its an MP3 I dont want it to load in windows media player How can I get it so that no matter what file type it is, it will always ask you to SAVE AS Thanks

I have this code shown below [b]<input type='file' OnClick="alert('Hello');">[/b] Obviously when clicking they should be hit with an alert, apparently it doesnt work with FILE boxes Is their 1: Anyway to set an alert when clicking browse 2: Find out whether any file location has been added to the file box after browsing Thanks

This works in IE perfect, but in firefox, it inserts the value at the begining of the text area, god knows why. Anyway, here is the code, any ideas why? Or perhaps another script I can use? This works :) [code] <script LANGUAGE=\"Javascript\"> var globalCursorPos; // global variabe to keep track of where the cursor was function setCursorPos() {   globalCursorPos = getCursorPos(form.message); } function getCursorPos(textElement) {   var sOldText = textElement.value;   var objRange = document.selection.createRange();   var sOldRange = objRange.text; var sWeirdString = '#%~';   objRange.text = sOldRange + sWeirdString; objRange.moveStart('character', (0 - sOldRange.length - sWeirdString.length)); var sNewText = textElement.value;   objRange.text = sOldRange;   for (i=0; i <= sNewText.length; i++) {     var sTemp = sNewText.substring(i, i + sWeirdString.length);     if (sTemp == sWeirdString) {     var cursorPos = (i - sOldRange.length);       return cursorPos;   } } } function insertString(stringToInsert) {   var firstPart = form.message.value.substring(0, globalCursorPos);   var secondPart = form.message.value.substring(globalCursorPos, form.message.value.length); form.message.value = firstPart + stringToInsert + secondPart; } </SCRIPT>[/code]

Ive found this code but im unsure how to use it, im not too good with javascript, this is above my level [code]function insertAtCursor(myField, myValue) { //IE support if (document.selection) { myField.focus(); sel = document.selection.createRange(); sel.text = myValue; } //MOZILLA/NETSCAPE support else if (myField.selectionStart || myField.selectionStart == ‘0′) { var startPos = myField.selectionStart; var endPos = myField.selectionEnd; myField.value = myField.value.substring(0, startPos) + myValue + myField.value.substring(endPos, myField.value.length); } else { myField.value += myValue; } } // calling the function insertAtCursor(document.formName.fieldName, ‘this value’);[/code] I assume I would call it like this [b]OnClick="insertAtCursor(myField, myValue)"[/b] What should MyField and myValue be? Also, do i need to change the properties of this line [b]// calling the function insertAtCursor(document.formName.fieldName, ‘this value’);[/b] fornName = manually enter the name of my form etc?

Ive got it working [b]<a href='searchresults.php?viewresults=yes&criteria=f&searchby=ARTISTNAME' OnClick="opener.frames['artistnalbums'].location.href = 'searchresults.php?viewresults=yes&criteria=f&searchby=ARTISTNAME'; javascript: self.close();" target='artistnalbums'><b><u>Load results in main site</u></b></a> [/b] I just had to put the location in an OnClick handler aswell and make sure it was before the self.close Thanks for the help :D

Yes your right, removing the OnClick handler does allow the content to load in the frame But, I really do need the OnClick handler to work So what is the solution or are you all stuck for answers? Cheers

Any ideas

Any ideas?

I dont know what to search for though Caret postion? I searched for that and it gave no matches

Right, I am making a PM system, when sending a message users can click on an emoticon and have the emoticon code inserted in the message box That works fine, see below for the code im currently using [code]<a OnClick="document.form.message.value = document.form.message.value + ' :boxing: '";><img src=default/boxing.gif border=0></a>[/code] However, On clicking the emotion image the code is being inserted at the end of the text in the message box This still works, but, if someone has typed 3 lines out and decides the want an emoticon on line 2, on clicking the emoticon it is inserted at the end (line 3) How can I get it to insert the emoticon code where the focus of the cursor is currently at? Thanks

Right, Im just wondering how much I can rely on the security of SESSIONS On my site, I use a lot of $_GET which is obviously an ideal opportunity for hackers to code inject However, When querying or updating mysql, I also use the following method [code]$user = $_SESSION['user']; $query = "SELECT * FROM `members` WHERE `username` = $user LIMIT 0,1"[/code] As you can see, it will only query the row that has a username equal to $user [b] Now, what are the chances of a hacker spoofing the session to make it equal what ever they want[/b]

Right, I have made a nice file protection system for my website Because of all the problems with WMA (headers not being sent when using EMBED tag) Ive used the following htaccess code to prevent hotlinking [code]RewriteEngine on RewriteCond %{HTTP_COOKIE} !^.*access=granted.*$ RewriteRule .*[Ww][Mm][Aa]$|.*[Tt][Ii][Tt]$ http://192.168.1.10/hotlink.php[/code] Basically this is saying, if they dont have a cookie set called [b]access[/b] which is equal to [b]granted[/b] then lets take them to a hotlink page This is working great !! in IE [b]But not firefox !!! [/b] Its really wierd, because to test ive echoed the cookie out and it displays fine in with IE and Firefox. But, the system doesnt work in firfox For some reason .htaccess doesnt appear to be able to read the cookie Im just wondering if anyone has any ideas why? [code] $reqqq = $_SERVER['HTTP_HOST'];; setcookie("access", "granted", "0", "/", $reqqq); [/code]