ssjskipp

If it were locked down to my server, there's tons of things I could do to secure it, mostly by preventing download and whatnot, but sadly that's not the case. Well, thank you for your help...

Well, the reason I'm having problems is that people can simply decompile the .swf file. They can just decompile my .swf, find the php and what data the Flash is sending, and modify it... Currently, I have it set like this: PHP file containing a hard-coded sha1 checksum of the real Container.swf (my public swf file). Container.swf file that has the URL to the PHP file. The Container.swf sends it's stage.loaderInfo.url property, which is the exact (and un-modifiable) url form where the swf file was loaded. The PHP file calculates the sha1 checksum of the posted URL, if it is equal to the hardcoded value, it sends the key, if not, it exits. The only flaw in this system is if they can decompile the Container they get the what and where. The only way this system would be perfect is for the PHP file to be able to say: "The file calling me is: " That way, the user has no say in what's happening...

I've been having a problem with people intercepting the POST data to a php file, and I've been wondering how I can check just where data is coming from. My situation is: I'm loading a .php file from an .swf file (crossdomain stuff works fine, so the .swf can be anywhere), and I want to make it so only that swf file can run/get anything from the .php file on my server. Right now, I'm sending the location of the swf file to the php file, and checking a sha1 file checksum on the PHP file against a hard-coded value. The problem is people can just send the link to a proper swf file regardless of whether or not that's where they're loading the php file from. I'm not even sure if that's possible to do, but any enlightenment would be nice.

Is it possible for me to run an .exe on a server I own? I don't know much about how they work etc [I'm a software person, not hardware =o!], so I don't know if a 'server' is just a computer that has a lot of memory that can be accessed, or if it has an operating system that I can access.

*bows* thanks, my stupidity is overwhelming....heh...

Okay, I'm trying to make an upload script, and here's how it's set up: submit.php <-- contins the forms and HTML stuffs upload.php <-- contains the upload scripts themselfs on submit.php, this is the EXACT code: [code]<? include("check.php"); if ($_SESSION['on'] != 1 || $_SESSION['name'] != "ssjskipp"){ echo "Stop trying to add content, you NOT SSJSKIPP PERSON!<br/><br/><a href=\"javascript:void(0);\" onClick=\"history:back();\">Back</a>"; } else { ?> <script language="JavaScript"> <!-- var ids = new Array('flash','music','art'); function switchid(id){ hideallids(); if (id != "ID"){ showdiv(id); } } function hideallids(){ for (var i=0;i<ids.length;i++){ hidediv(ids[i]); }   } function hidediv(id) { if (document.getElementById) { document.getElementById(id).style.display = 'none'; } else { if (document.layers) { document.id.display = 'none'; } else { document.all.id.style.display = 'none'; } } } function showdiv(id) { if (document.getElementById) { document.getElementById(id).style.display = 'block'; } else { if (document.layers) { document.id.display = 'block'; } else { document.all.id.style.display = 'block'; } } } hideallids(); function validateForm(form){ var returnValue = true; var error = 'The following field(s) are required and do not contain any information:\n'; //Flash if (form.form.value == 'flash'){ if (!form.title.value){ form.title.className = 'reg_err'; error += '- Title\n'; returnValue = false; } if (!form.description.value){ form.description.className = 'reg_err'; error += "- Description\n"; returnValue = false; } if (!form.height.value){ form.height.className = 'reg_err'; error += "- height\n"; returnValue = false; } if (!form.width.value){ form.width.className = 'reg_err'; error += "- Width\n"; returnValue = false; } if (!form.userfile.value){ error += "- File\n"; returnValue = false; } } if(returnValue == false){ alert(error); } return returnValue; } //--> </script> <form> <table cellpadding="4" cellspacing="0" border="0" width="400" align="center"> <tr> <td colspan="2" align="center"><span class="head">Upload Content</span></td> </tr> <tr> <td colspan="2" align="center"><span class="small">Please fill in the following content with the correct information</span></td> </tr> <tr> <td width="100" align="left">Type of upload:</td> <td><select name="type" onChange="switchid(this.value);">   <option value="ID">Upload Type</option>   <option value="flash">Flash</option>   <option value="music">Music</option>   <option value="art">Art</option> </select></td> </tr> </table> </form> <div id='flash' style="display:none;"> <form name="upload_f" method="post" action="index.php?page=upload" onSubmit="return validateForm(this);"> <input name="form_type" type="hidden" value="flash" /> <table cellpadding="4" cellspacing="0" border="0" width="400" align="center"> <tr> <td colspan="2" align="center">Allowed File Types: .swf</td> </tr> <tr> <td width="100">Title:</td> <td><input type="text" name="title" maxlength="50" onblur="this.className='reg_def'" onfocus="this.className='reg'"></td> </tr> <tr> <td width="100">Description:</td> <td><textarea name="description" rows="5" cols="25" onblur="this.className='reg_def'" onfocus="this.className='reg'"></textarea></td> </tr> <tr> <td width="100">Height:</td> <td><input type="text" name="height" maxlength="5" onblur="this.className='reg_def'" onfocus="this.className='reg'"></td> </tr> <tr> <td width="100">Width:</td> <td><input type="text" name="width" maxlength="5" onblur="this.className='reg_def'" onfocus="this.className='reg'"></td> </tr> <tr> <td width="100">File:</td> <td><input type="file" name="userfile"></td> </tr> <tr> <td colspan="2" align="center"><input name="Submit" type="submit" value="Submit"></td> </tr> </table> </form> </div> <div id='music' style="display:none;"> <form name="upload_m" method="post" action="index.php?page=upload" onSubmit="return validateForm(this);"> <input name="form" type="hidden" value="music" /> <table cellpadding="4" cellspacing="0" border="0" width="400" align="center"> <tr> <td colspan="2" align="center">Allowed File Types: .mp3</td> </tr> <tr> <td width="100">Title:</td> <td><input type="text" name="title" maxlength="50" onblur="this.className='reg_def'" onfocus="this.className='reg'"></td> </tr> <tr> <td width="100">Description:</td> <td><textarea name="description" rows="5" cols="25" onblur="this.className='reg_def'" onfocus="this.className='reg'"></textarea></td> </tr> <tr> <td width="100">File:</td> <td><input type="file" name="file"></td> </tr> <tr> <td colspan="2" align="center"><input name="Submit" type="submit" value="Submit"></td> </tr> </table> </form> </div> <div id='art' style="display:none;"> <form name="upload_a" method="post" action="index.php?page=upload" onSubmit="return validateForm(this);"> <input name="form" type="hidden" value="art" /> <table cellpadding="4" cellspacing="0" border="0" width="400" align="center"> <tr> <td colspan="2" align="center">Allowed File Types: .png, .jpg, .gif, .bmp</td> </tr> <tr> <td width="100">Title:</td> <td><input type="text" name="title" maxlength="50" onblur="this.className='reg_def'" onfocus="this.className='reg'"></td> </tr> <tr> <td width="100">Description:</td> <td><textarea name="description" rows="5" cols="25" onblur="this.className='reg_def'" onfocus="this.className='reg'"></textarea></td> </tr> <tr> <td width="100">File:</td> <td><input name="userfile" type="file"></td> </tr> <tr> <td colspan="2" align="center"><input name="Submit" type="submit" value="Submit"></td> </tr> </table> </form> </div> <? } ?> <br/><br/>[/code] Right now, just ignor Music and Art, unless that'll cause a problem.  What it does, is when you select something from the drop down, it'll update the page instantly and without loading again. When you submit, it'll tell you if something is missing before it submits, etc. form_type is a hidden input field that contains which form is being used. On upload.php, here's the script that I have [up to the error]: [code] if (!$_POST['form_type']){ echo "Error, have to pick something to submit, silly!<br /><a href=\"javascript:history.back();\">Back</a>"; $error = 2; } } if ($error != 2){ if ($_POST['form_type'] == 'flash'){ $title = stripslashes($_POST['title']); $desc = htmlentities($_POST['description'], ENT_QUOTES); $height = stripslashes($_POST['height']); $width = stripslashes($_POST['width']); $userfile = $HTTP_POST_FILES['userfile']['tmp_name']; $userfile_name = $HTTP_POST_FILES['userfile']['name']; $userfile_size = $HTTP_POST_FILES['userfile']['size']; $userfile_type = $HTTP_POST_FILES['userfile']['type']; $userfile_error = $HTTP_POST_FILES['userfile']['error']; } if ($userfile_error > 0) { echo 'Error: <br/>'; switch ($userfile_error) { case 1: echo "File exceeded upload_max_filesize <a href=\"javascript:history.back();\">Back</a>"; break; case 2: echo "File exceeded max_file_size <a href=\"javascript:history.back();\">Back</a>"; break; case 3: echo "File only partially uploaded <a href=\"javascript:history.back();\">Back</a>"; break; case 4: echo "No file uploaded <a href=\"javascript:history.back();\">Back</a>"; break; } $error = 2; } if ($error != 2){ if ($userfile_type != 'application/x-shockwave-flash') { echo "File must be a flash file (.swf)<br /><a href=\"javascript:history.back();\">Back</a>"; $error = 2; } } }[/code] Where it messes up, is detecting the post varialbes for the files! I keep trying to echo the $userfile, $userfile_name, $userfile_size, $userfile_type, and $userfile_error variables, but they contain nothing..can anyone help!?

I got it, =D

Thanks, I'll give that a shot =] BTW, this is only for me to upload, so it's okay if it's not secure. [quote author=ChaosXero link=topic=101250.msg400459#msg400459 date=1153406292] Not entirely sure but you could: [code]<? $filename = $_POST['file']; $ftype = explode(".", $filename); switch ($ftype['1']){ case ".php": //etc case ".png": //etc } [/code] [/quote]

I know how to do images and flash (.swf) files (by "do" I mean check file type, etc.), but I'm curious to figure out how to make music, and script (.php; .html; etc.) uploads, and check what type of file they are...

Thankies ^_^

How can I run a query that orders the data randomly? IE: Normally, throught PHP and MySQL, I'd do this: [code=php:0]<? $order = "ORDER BY `id` ASC"; $query = mysql_query("SELECT * FROM `user` WHERE `active` = '1' $order"); $rows = mysql_num_rows($query); if ($rows > 0){ while($data = mysql_fetch_array($query)){ echo $data["name"]; } } else { echo "No users"; } ?>[/code] But how would I do that in a random order, rather than by id and ascending?

How can I run a query that orders the data randomly? IE: Normally, throught PHP and MySQL, I'd do this: [code=php:0] <? $order = "ORDER BY `id` ASC"; $query = mysql_query("SELECT * FROM `user` WHERE `active` = '1' $order"); $rows = mysql_num_rows($query); if ($rows > 0){ while($data = mysql_fetch_array($query)){ echo $data["name"]; } } else { echo "No users"; } [/code] But how would I do that in a random order, rather than by id and ascending?

[!--quoteo(post=387368:date=Jun 24 2006, 12:50 AM:name=DylanBlitz)--][div class=\'quotetop\']QUOTE(DylanBlitz @ Jun 24 2006, 12:50 AM) [snapback]387368[/snapback][/div][div class=\'quotemain\'][!--quotec--] You'd do a select DISTINCT(author), that'll give you one of each. [a href=\"http://dev.mysql.com/doc/refman/4.1/en/distinct-optimization.html\" target=\"_blank\"]http://dev.mysql.com/doc/refman/4.1/en/dis...timization.html[/a] [/quote] Thanks man ^_^

Well, I have a database with a ton of art entries, each with their own artist, but there's many by the same artist. How can I select everything, but just display the unique artists? Tabe: [!--fonto:Courier New--][span style=\"font-family:Courier New\"][!--/fonto--] ID |Author |Title ---------------------- 0 |zT |Pic 1 1 |ssj |Pic 2 2 |zT |Pic 3 3 |awesty |Pic 4 [!--fontc--][/span][!--/fontc--] and when it displys, I want zT ssj awesty but in no particular order

[!--quoteo(post=373653:date=May 14 2006, 12:43 AM:name=KrisNz)--][div class=\'quotetop\']QUOTE(KrisNz @ May 14 2006, 12:43 AM) [snapback]373653[/snapback][/div][div class=\'quotemain\'][!--quotec--] str_split would be a bit faster. [/quote] it's plenty fast for what I need.

Okay, is there a way to explode, say: $a = "test"; into an array of: $array = ["t", "e", "s", "t"] EDIT: Nevermind, I got it: "$chars = preg_split('//', $str, -1, PREG_SPLIT_NO_EMPTY);"

[!--quoteo(post=367829:date=Apr 23 2006, 09:42 PM:name=KrisNz)--][div class=\'quotetop\']QUOTE(KrisNz @ Apr 23 2006, 09:42 PM) [snapback]367829[/snapback][/div][div class=\'quotemain\'][!--quotec--] This is pretty rough but should get you started. [code]   $tempname ="/tmp/".uniqid("img");   imagepng($im,$tempname);   $rawImageData = file_get_contents($tempname);   $rawImageData = chunk_split(base64_encode($rawImageData));   $sql = "insert into TABLE('imagedata') VALUES('$rawImageData')";   mysql_query($sql);   unlink($tempname); [/code] with your code try removing the header and passing imagepng an absolute path. [/quote] Thanks mate! I've got one more quick question -- how would I go about recalling the images? Like, after I query the database, get the data back, how do I convert it to an 'image'?

[!--quoteo(post=367822:date=Apr 23 2006, 09:01 PM:name=KrisNz)--][div class=\'quotetop\']QUOTE(KrisNz @ Apr 23 2006, 09:01 PM) [snapback]367822[/snapback][/div][div class=\'quotemain\'][!--quotec--] imagepng will save the file for you if you pass it a path to save to. if you want to put the raw image data into a mysql field you'll need to save the image at least temporarily, read the image data into a variable with file_get_contents, base64_encode & chunk_split the data and write it to a medium blob field. [/quote] May I see an example of this? Also: [code]<?php header ("Content-type: image/png"); $im = imagecreate(51, 51)      or die("Error"); //Set the BG $bg = imagecolorallocate($im, 255, 255, 255); //Set the Pixel Color $textcolor = imagecolorallocate($im, 0, 0, 0); //Draw the Pixels for ($i=0;$i<55;$i++){     for ($a=0;$a<55;$a+=5){         imagesetpixel($im, $i, $a, $textcolor);         imagesetpixel($im, $a, $i, $textcolor);     } } //Set a file location $filename = "test.png"; //Output the image imagepng($im, $filename); imagedestroy($im); ?> [/code] That doesn't work...any ideas?

Okay, here's one for ya' I've made this little test: [code]<?php header ("Content-type: image/png"); $im = imagecreate(51, 51)      or die("Error"); //Set the BG $bg = imagecolorallocate($im, 255, 255, 255); //Set the Pixel Color $textcolor = imagecolorallocate($im, 0, 0, 0); //Draw the Pixels for ($i=0;$i<55;$i++){     for ($a=0;$a<55;$a+=5){         imagesetpixel($im, $i, $a, $textcolor);         imagesetpixel($im, $a, $i, $textcolor);     } } //Output the image imagepng($im); ?> [/code] And it worked with creating the image, but all I need to know is: How do I save it to the directory the PHP file was? OR! How do I save the image to a MySQL database, to be retrieved any time? PS: I know how to do everything with the database, but I just need ot know what to insert.

[!--quoteo(post=351891:date=Mar 5 2006, 04:40 PM:name=Barand)--][div class=\'quotetop\']QUOTE(Barand @ Mar 5 2006, 04:40 PM) [snapback]351891[/snapback][/div][div class=\'quotemain\'][!--quotec--] Are your 350+ numbers in a database table? [/quote] Sadly, no =[! But I got them sorted and counted, thanks =] If they were in the database, I'd do something like SELECT * FROM `table` ORDER BY `num` ASC or something....

[!--quoteo(post=351783:date=Mar 5 2006, 04:35 AM:name=Barand)--][div class=\'quotetop\']QUOTE(Barand @ Mar 5 2006, 04:35 AM) [snapback]351783[/snapback][/div][div class=\'quotemain\'][!--quotec--] Put them into an array. To put them in order, [a href=\"http://www.php.net/sort\" target=\"_blank\"]http://www.php.net/sort[/a] To count, [a href=\"http://www.php.net/array_count_values\" target=\"_blank\"]http://www.php.net/array_count_values[/a] [/quote] thank you =]

I've got a list of about 350+ numbers, and there' in the 700-800's, but I'd like to know how to do a ffew things: Order them form least to greatest AND // OR Count how many times each number appears, and display the results. How would I go about doing this?