Henaro
-
Posts
29 -
Joined
-
Last visited
Never
Posts posted by Henaro
-
-
And the Array thing just has me confused.
Are you using $_GET variables?
Yeah. I'm wondering what the array thing is. Is it dangerous? If so how can I get rid of it?
-
SQL Injection:
http://www.commabunny.org/v8/vt.php?num=186 AND 1=1&b=1
http://www.commabunny.org/v8/vt.php?num=186 AND 1=2&b=1
SQL Injection:
http://www.commabunny.org/v8/vt.php?num=186&b=1 AND 1=1
http://www.commabunny.org/v8/vt.php?num=186&b=1 AND 1=2
Array:
http://www.commabunny.org/blog/pt.php?b[]
Array:
http://www.commabunny.org/v8/vt.php?b[]
http://www.commabunny.org/v8/st.php?b[]
How would I get rid of these? I have the function mysql_real_escape_string() on those variables. ???
And the Array thing just has me confused.
-
Thanks a lot guys keep'm coming. This is great.
-
There's a lot of bugs but I'm only going to post this one for now:
You can upload/delete any files on the server:
http://www.commabunny.org/public/pub/
This is very serious. You can make a php script that reads/edits all of the files on your server.
--edit I just make a php script that got the usernames/passwords for the db and admin panel...
Well that sucks. Anything else?
EDIT:Also how exactly would you get the usernames and password for the db and admin panel? I was aware that you can upload some love that'll read the directories, but how exactly can they read and print out the password for the db and admin panel?
EDIT:And other than the /public directory is there anything wrong with the bbs directory (/v8)? So far I'm only aware of one XSS exploit, but it only effects IE so I havn't bothered fixing it.
-
It's delicious and small, so be gentle
. -
A few friends and I were thinking of new colors and came up with pink. How does it look?
-
Oh wow... this is embarrassing.
-
Hello everyone~
I seem to have stumbled onto a terrible error today!
It reads "Unknown column 'rname' in 'field list'". I googled it and I found that I needed apostrophes on my statements. But that doesn't seem to be working. Here is my statement:
UPDATE boards SET rname='$r' WHERE number='$number'
And the table:
CREATE TABLE `boards` ( `number` int(3) NOT NULL auto_increment, `name` text NOT NULL, `rnames` int(1) NOT NULL default '2', `Description` text NOT NULL, `open` int(11) NOT NULL default '1', PRIMARY KEY (`number`) ) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=1 ;
MYSQL version is 5. I'm trying to change rname to what the user inputs. Any suggestions?
-
-
$n = 2; if($n%2 == 0){ echo "even"; }else{ echo "odd"; } -
Hello everyone~
I've been having trouble with this function for a bit:
function get_ses($pass, $key) { //Take the first 16 chars of session md5 and validate if (substr(md5($key)), 0, 16)==substr($_SESSION['a_stuff'], 0, 16)){ //Go 16 characters into the session, and take 16 characters out if (substr(md5($pass))==substr($_SESSION['a_stuff'], 16, 16)){ $ses_vald = "true"; }else{ $ses_vald = "false"; } }else{ //If key isn't valid return false $ses_valid = "false"; } return $ses_vald; }I get an error that says:
Parse error: syntax error, unexpected ',' in /home/x/x/x/x/x/x/stuff/funs/get_ses.php on line 4
The problem is, is that I'm unable to locate that unexpected ,.
Also, is this a good way to encrypt a login? Like if someone logs in and their pass is encrypted plus a set key on the config file?
I'd like some criticism on it...
Thanks,
Hen
-
It does now.
-
I completely forgot about the www. part.
Thatks a lot it works now.
-
Hello again~
Sorry for resurrecting this posts, but I thought it would be better than creating a new one.
I seem to have broken it. I moved the BBCode function onto a file called fun.php. Which is included correctly on the post_reply file. But now it seems like it broke the youtube tag (which was working fine with your help). All of the other BBcode works except for this. ???
Anyone know what might be wrong? '_'
Thanks,
Henaro
EDIT:
And here's the full code:
<?php function BBCode ($str) { $simple_search = array( '/\[b\](.*?)\[\/b\]/is', '/\[i\](.*?)\[\/i\]/is', '/\[u\](.*?)\[\/u\]/is', '/\[url\=(.*?)\](.*?)\[\/url\]/is', '/\[url\](.*?)\[\/url\]/is', '/(>>)([0-9]+)/', '/\[img\](.*?)\[\/img\]/is', '/\[yt\]http:\/\/youtube.com\/watch\?v=(.*?)\[\/yt\]/', '/\[em\](.*?)\[\/em\]/is', '/\[txt\](.*?)\[\/txt\]/is' ); $simple_replace = array( '<strong>$1</strong>', '<em>$1</em>', '<u>$1</u>', '<a href="$1">$2</a>', '<a href="$1">[link]</a>', '<a href=\'index.php#$2\'>$1$2</a>', '<a href="$1"><img src="$1" boarder=0 /></a>', '<object width="425" height="350"><param name="movie" value="http://www.youtube.com/v/$1"></param><param name="wmode" value="transparent"></param><embed src="http://www.youtube.com/v/$1" type="application/x-shockwave-flash" wmode="transparent" width="425" height="350"></embed></object>', '<OBJECT classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=6,0,40,0" WIDTH="550" HEIGHT="400" id="Embeded File"><PARAM NAME=quality VALUE=high><PARAM NAME=bgcolor VALUE=#FFFFFF><EMBED src="$1" quality=high bgcolor=#FFFFFF WIDTH="550" HEIGHT="400" NAME="Embeded File" ALIGN="" TYPE="application/x-shockwave-flash" PLUGINSPAGE="http://www.macromedia.com/go/getflashplayer"></EMBED></OBJECT>', '<div class="code">$1</div>' ); // Do simple BBCode's $str = preg_replace ($simple_search, $simple_replace, $str); return $str; } ?> -
-
Here:
http://support.internetconnection.net/CODE_LIBRARY/Javascript_Show_Hide.shtml
http://forums.htmlcenter.com/showpost.php?s=b0adfe414a93a5c45699a0b1db5990e0&p=9015&postcount=2
http://www.movalog.com/archives/code-snippets/javascript-toggle-visibility
http://www.webmasterworld.com/forum91/441.htm
Did you even both with google?
-
This doesn't seem to work at all. My friend used str_replace(); on his code and it works. Infact his looks exactly like mine except for minor differences and it works. This is his:
<?php //Data Key $ddk = $_POST["decrypt"]; $n_ddk=chunk_split($ddk, 2); //Non encrypted characters array $nec = array("a", "b", "c", "d", "e", "f", "g", "h", "i", "j", "k", "l", "m", "n", "o", "p", "q", "r", "s", "t", "u", "v", "w", "x", "y", "z", "A", "B", "C", "D", "E", "F", "G", "H", "I", "J", "K", "L", "M", "N", "O", "P", "Q", "R", "S", "T", "U", "V", "W", "X", "Y", "Z", "1", "2", "3", "4", "5", "6", "7", "8", "9", "0", "]", "[", "|", "/", "-", ":", "=", ".", "~", "_", "!", "@", "#", "$", "%", "^", "&", "*", "(SPACE)"); //Encrypted characters array $ec = array("32", "31", "30", "37", "36", "35", "34", "3b", "3a", "39", "38", "3f", "3e", "3d", "3c", "23", "22", "21", "20", "27", "26", "25", "24", "2b", "2a", "29", "12", "11", "10", "17", "16", "15", "14", "1b", "1a", "19", "18", "1f", "1e", "1d", "1c", "03", "02", "01", "00", "07", "06", "05", "04", "0b", "0a", "09", "62", "61", "60", "67", "66", "65", "64", "6b", "6a", "63", "0e", "08", "2f", "7c", "7e", "69", "6e", "7d", "2d", "0c", "72", "13", "70", "77", "76", "0d", "75", "79", "73"); //Decryption $e2n = str_replace($ec, $nec, $n_ddk); ?> -
Hello everyone~
My friend made a php file that decrypts data strings. He sent it to me and I decided to make an encrypter. Ithought to myself, "Why not just do what he did but backwards?"
Well I did and here's what I got:
<?php //Data Key $ddk = $_POST["decrypt"]; //add a space between each character $n_ddk=chunk_split($ddk, 1); //Encrypted characters array $nec = array("32", "31", "30", "37", "36", "35", "34", "3b", "3a", "39", "38", "3f", "3e", "3d", "3c", "23", "22", "21", "20", "27", "26", "25", "24", "2b", "2a", "29", "12", "11", "10", "17", "16", "15", "14", "1b", "1a", "19", "18", "1f", "1e", "1d", "1c", "03", "02", "01", "00", "07", "06", "05", "04", "0b", "0a", "09", "62", "61", "60", "67", "66", "65", "64", "6b", "6a", "63", "0e", "08", "2f", "7c", "7e", "69", "6e", "7d", "2d", "0c", "72", "13", "70", "77", "76", "0d", "75", "79", "73"); //Non encrypted characters array $ec = array("a", "b", "c", "d", "e", "f", "g", "h", "i", "j", "k", "l", "m", "n", "o", "p", "q", "r", "s", "t", "u", "v", "w", "x", "y", "z", "A", "B", "C", "D", "E", "F", "G", "H", "I", "J", "K", "L", "M", "N", "O", "P", "Q", "R", "S", "T", "U", "V", "W", "X", "Y", "Z", "1", "2", "3", "4", "5", "6", "7", "8", "9", "0", "]", "[", "|", "/", "-", ":", "=", ".", "~", "_", "!", "@", "#", "$", "%", "^", "&", "*", "(SPACE)"); //Encrypt $e2n = str_replace($ec, $nec, $n_ddk); ?>It works fine it's just that it adds 656 in front of every letter of the encryption. Example:
Original:
hi
Encrypted:
6563b 6563a
Thanks,
Henaro
-
Sadly I don't.
If you find out please tell me though.
EDIT:
Actually I just go curious and decided to look at this site's javascript.
I found this:
function surroundText(text1, text2, textarea) { // Can a text range be created? if (typeof(textarea.caretPos) != "undefined" && textarea.createTextRange) { var caretPos = textarea.caretPos, temp_length = caretPos.text.length; caretPos.text = caretPos.text.charAt(caretPos.text.length - 1) == ' ' ? text1 + caretPos.text + text2 + ' ' : text1 + caretPos.text + text2; if (temp_length == 0) { caretPos.moveStart("character", -text2.length); caretPos.moveEnd("character", -text2.length); caretPos.select(); } else textarea.focus(caretPos); } // Mozilla text range wrap. else if (typeof(textarea.selectionStart) != "undefined") { var begin = textarea.value.substr(0, textarea.selectionStart); var selection = textarea.value.substr(textarea.selectionStart, textarea.selectionEnd - textarea.selectionStart); var end = textarea.value.substr(textarea.selectionEnd); var newCursorPos = textarea.selectionStart; var scrollPos = textarea.scrollTop; textarea.value = begin + text1 + selection + text2 + end; if (textarea.setSelectionRange) { if (selection.length == 0) textarea.setSelectionRange(newCursorPos + text1.length, newCursorPos + text1.length); else textarea.setSelectionRange(newCursorPos, newCursorPos + text1.length + selection.length + text2.length); textarea.focus(); } textarea.scrollTop = scrollPos; } // Just put them on the end, then. else { textarea.value += text1 + text2; textarea.focus(textarea.value.length - 1); } }That's what the use for their bold and image tags. Used the same way as the other function.
Example:
<a href="#" onclick="surroundText('[img=', ']', document.forms.FORMNAMEHERE.TEXTAREANAMEHERE); return false;"> -
I had this same problem awhile back and I eventually found this function somewhere:
<script language="JavaScript" type="text/JavaScript"> function sendText(e, text) { e.value+=text } </script>I can't exactly remember where I found it but oh well.
A way it can be used is:
<a href='#' onClick="sendText(document.FORMNAMEHERE.TEXTAREANAMEHERE, '[b][/b]')" >[b][/b]</a>
-
You mean BBcode?
Can I refer you to this post?
http://www.phpfreaks.com/forums/index.php/topic,145449.0.html
-
Wow I missed that one!
But now the [yt] tags won't work at all. Am I doing it wrong? ???
-
Hey everyone. I'm having a bit of trouble with one of my scripts.
The error I'm getting is this:
Warning: preg_replace(): Unknown modifier 'w' in html/board/boards/post_topic.php on line 66
Here's line 66:
$str = preg_replace ($simple_search, $simple_replace, $str);
And here's the code I just added that I am suspicious about:
'/\[yt\]http:\/\/youtube.com/watch?v=(.*?)\[\/yt\]/',
Which goes to:
'<object width="425" height="350"><param name="movie" value="http://www.youtube.com/v/$1"></param><param name="wmode" value="transparent"></param><embed src="http://www.youtube.com/v/$1" type="application/x-shockwave-flash" wmode="transparent" width="425" height="350"></embed></object>',
The whole idea is to let users embed youtube videos. But it seems like it's not working correctly.
Here's the whole function:
function BBCode ($str) { $simple_search = array( '/\[b\](.*?)\[\/b\]/is', '/\[i\](.*?)\[\/i\]/is', '/\[u\](.*?)\[\/u\]/is', '/\[url\=(.*?)\](.*?)\[\/url\]/is', '/\[url\](.*?)\[\/url\]/is', '/(>>)([0-9]+)/', '/\[img\](.*?)\[\/img\]/is', '/\[yt\]http:\/\/youtube.com/watch?v=(.*?)\[\/yt\]/', '/\[em\](.*?)\[\/em\]/is', '/\[txt\](.*?)\[\/txt\]/is' ); $simple_replace = array( '<strong>$1</strong>', '<em>$1</em>', '<u>$1</u>', '<a href="$1">$2</a>', '<a href="$1">[link]</a>', '<a href=\'index.php#$2\'>$1$2</a>', '<a href="$1"><img src="$1" boarder=0 /></a>', '<object width="425" height="350"><param name="movie" value="http://www.youtube.com/v/$1"></param><param name="wmode" value="transparent"></param><embed src="http://www.youtube.com/v/$1" type="application/x-shockwave-flash" wmode="transparent" width="425" height="350"></embed></object>', '<OBJECT classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=6,0,40,0" WIDTH="550" HEIGHT="400" id="Embeded File"><PARAM NAME=quality VALUE=high><PARAM NAME=bgcolor VALUE=#FFFFFF><EMBED src="$1" quality=high bgcolor=#FFFFFF WIDTH="550" HEIGHT="400" NAME="Embeded File" ALIGN="" TYPE="application/x-shockwave-flash" PLUGINSPAGE="http://www.macromedia.com/go/getflashplayer"></EMBED></OBJECT>', '<div class="code">$1</div>' ); // Do simple BBCode's $str = preg_replace ($simple_search, $simple_replace, $str); return $str; }I can't really think of a solution for this. It's 1:30AM right now though, so it could be that I'm just tired and not seeing straight. But I hope someone can help me out.
Thanks,
Henaro
-
Oops I feel stupid. I just got it to work.
You can delete this :|.
Test my little bbs :D
in Beta Test Your Stuff!
Posted
Ah I see thanks a lot.