Jessica
Staff Alumni-
Posts
8,968 -
Joined
-
Last visited
-
Days Won
41
Everything posted by Jessica
-
"preg_match() returns FALSE if an error occurred." So, if(preg_match(your input) === false){ print 'error'; } You only use || inside a conditional statement, you don't just say do this or this. You say if this, do this, which can mean if this fails, do this. Same thing.
-
Also, if someone has got ahold of your hashed password and is trying to figure out the real one, you've got bigger problems. How'd they get it in the first place?
-
Holy empty table cells. Use code tags next time.
-
I don't understand the problem...why not do if(!preg_match(..., ...)){ print 'error'; }
-
Try this: if(isset($_POST['submit'])){ if(md5($_POST['code']) != $_SESSION['key']) { die("Error: You must enter the code correctly"); }else{ $sql="INSERT INTO guestbook(name, email, comment, datetime)VALUES('$name', '$email', '$comment', '$datetime')"; $result=mysql_query($sql); } } Assuming your submit button is named "submit" - if not, change that to whatever it is.
-
Did you look at the link I provided? It has the docs for the XMLParser.
-
Well news is an int, and you're trying to set it to the string "query". $input = $_POST['submit']; will make $input the name of the submit button. I think you want the name of another field in your form.
-
Not really. It's not "luck", it's a reverse lookup, like I said. If it's a common word, it will be in there. That's another reason to use hard passwords. Instead of "mynameisbob" do "MyN@m3!$B0b" - even if mynameisbob is in the database, I doubt the second one is.
-
looks fine, we'd have to see more of the form code. Does your code have session_start() on every page?
-
Strings must be surrounded in quotes. If the variable will have a string, it needs quotes around it. MYSQL_QUERY("UPDATE `cp_levels` SET `level_id` = 1, `news` = '$input' WHERE 'level_id' = 1") or die (mysql_error());
-
I'm not going to keep saying it over and over again. <img src="captcha.php" border="0"> OBVIOUSLY is a broken image. This is the last time I will write it out: Your image is at: http://www.wiccan-gathering.com/lilysgraveyard/addons/Guestbook/captcha.php So the HTML must be something like this: <img src="http://www.wiccan-gathering.com/lilysgraveyard/addons/Guestbook/guestbook.php" border="0"> Since it's in the Guestbook folder. Also, you'll want to add a random number such as the time. <img src="http://www.wiccan-gathering.com/lilysgraveyard/addons/Guestbook/guestbook.php?t=<?php print time(); ?>" border="0">
-
I actually have that site bookmarked. Here are a few others: http://www.tmto.org/?category=main&page=search http://md5.rednoize.com/ http://md5.shalla.de/cgi-bin/index.cgi
-
Well they probably won't have that in their database...but it if works, let me know.
-
Well you have it backwards for one. It's: INSERT INTO table(columns here) VALUES(values here). Secondly, your values which are strings need to be quoted. USE: '$email' not $email.
-
And the problem is? It works there. Did you add the timestamp like I said? Browsers will cache the image and so you'll only see an old version of it. This has been addressed a lot, I even posted about it this week.
-
Not any...just 699,735 of them. It's not even really cracked...it's just like brute-forcing. No encryption can be 100% safe because of this method. Do you see how it works? It has a database of words and their hashes. So you enter a hashed string and it just looks up what the word is, if it has it.
-
Oh. Your HTML links to the image, not to the PHP file. Change <img src="http://www.wiccan-gathering.com/lilysgraveyard/addons/Guestbook/captcha.png" border="0"> to: <img src="http://www.wiccan-gathering.com/lilysgraveyard/addons/Guestbook/guestbook.php" border="0"> You'll probably want to add a random number on the end to avoid caching. Such as http://www.wiccan-gathering.com/lilysgraveyard/addons/Guestbook/guestbook.php?t=<?php print time(); ?>
-
What? That doesn't make any sense. What file? If you change a line of code in your captcha image why would it affect your form?
-
Sure thing. Also, you can use it to leave fields NULL or other default values by leaving them out. It's handy to do it this way, because if you need to add another column, you can ensure it has a default value and you won't have to edit ALL of your code, at least not immediately.
-
So no errors, try my next suggestion: Change this line: imagestring($captcha, 5, 20, 10, $string, $black); To: imagestring($captcha, 5, 20, 10, 'hi', $black); Does it print the "hi" in the image?
-
Do your queries like this: INSERT INTO tablename(column1, column2, etc) VALUES(value1, value2, etc) Then simply don't list the auto-increment field in either the columns list or values list.
-
What? That wasn't quite what I suggested...
-
Well, where did you get the code above? You obviously didn't write it as you don't know about the class you used.
-
Well the class which defines XMLParser is not able to be accessed. Where is the class file for it included? Are you using this class: http://www.phpinsider.com/php/code/XMLParser/ As it says you need this code: require('XMLParser.class.php');
-
It's hard to do error reporting with images. Try commenting out this line: header("Content-type: image/png"); This will let you see if any errors show up. If not, try simplifying it by seeing if you can get it to print "hi". Then see if you can get it to print a random number. It's possible the problem is with your md5() section, I don't know.