Ninjakreborn

Text pad, what is the different in it and notepad 2 and edit pad. I will definitely have a look at that.  Is it what you use?

I had notepad, my dad installed something he found a long time ago (he came to visit and put it on the computer, which is fine), it's called "Edit Pad".  I don't mind, it does everything it should, but it won't let me send stuff through msn, even though it's a text file with a .txt extension.  The editpad is made to overwrite all notepad pages without touching them, it just opens them up on your computer in notepad, while still leaving it a txt file so other people can still open it.  Is there an alternative way to get this to send through msn, it sends through email just fine.  However I sometimes need to send people something quick, or should I uninstall it.  I am not looking for something that has advanced specialties, I already have a coding/programming text editor that I work with just fine.  I want one for general use, but more powerful that notepad.  For instance if I use notepad 2, or something else, will it still be a .txt extension.  Does anyone have any advice on something different, maybe something I haven't heard of before.

I advice you to find another host.  Something.  For instance you can find hosts for really cheap, you can't really get much of what you want on a free webhost.

He wasn't responding, so I removed all the ban's, try again.

url_decode

[code]The logo is a pixelated mess. I'd suggest you re-do it. For something so simple, the user experience is pretty ugly. When I post a comment I get to see my comment ... and no obvious method for getting back to the "secrets".  Yes, if you click the logo you get back - but why? I don't need to see the comment I just typed, send me back to the content. The page scroll is 100% unnecessary. Change the scrollable div containing the content so that at a sensible page resolution there's no vertical scrollbar for the page. As is, the content scrollbar forces me to scroll the whole page to see more comments. What the heck is going to happen when there are 1000 secrets? Will the scrollable div be a million pixels long? Pagination is the answer Smiley[/code] Thank you andy.  I will have that logo redone, I will work on the user friendlyness some this week as you suggested. Ok, the scrolling, you mean verticle (I think left right)< yes I tried to fix that, I thought it did. As far as the limitations, it limits the views to 100 I think I will talk to him about limited it to more like 10, and seeing how that goes, that might limit, or remove the scrollbar. I am going to double check, make sure the scroll bar (left/right), is totally gone. I was using wordwrap to limit that, wordwrap($var, 70) I will limit that to 50, that should totally limit content enough to prevent hat scrollbar.  Do you have any other advice on content itself, and any advice ( on an alternative to the banning system) Is one really that unreliable.

Believe me, clean those variables I learnt the hard way, if you saw my recent post here about being hacked.

I will check into that, and let you know.

Ok, I forwarded him what you said.  See what he thinks, I told him I had someone testing the site, a friend of mine, and it got banned.  I also showed him what you said, so maybe he will change his mind about IP banning, or atleast do the login/verification system with it. As for the IP, it's not automatic.  IF you got banned, it's because he saw something and banned you, like maybe cussing(not sure), or maybe he accidentally did it, when he was trying to block the other person or something. No telling, but I told him to find it out, and fix it, possibly consider removing teh banning system, and instead putting in place an authentication system.  Or something similar. Some way to prevent the bullshit? Maybe one signup per email, and if there is any bullshit from that email that email can be removed, and banned.  So they have to go through the trouble of getting an entirely new one, if they want to bullshit on it again.

What was your ip address again. So I can put it back on there.

Sorry about that, he must have went hay wire.  He seems to have banned a lot, I don't know why he would ban random people, he probably copied the wrong IP, I may have to redo the system a little, and allow him to ban off the posts. I think he's going a little bit haywire with it.  First time someone get's an ip banning system, you never know how crazy they will get, I emailed him, told him to double check, and watch it from now on.

Ok that makes sense. So I just access them ../ to go up and out, t hen go into the folder from the unaccessible folder, and it's ready to go. Thanks

I thought anything not in the line of the url is accesible. public_html/website I thought the domain is pointing to website, so public_html can't be reached:S right if not, then I can't do that, because on most web hosts, I can't go anywhere below the public_html (I don't think I never tried.

No I am very confused now:S

Ok, I have been told this a few time's, by multiple people. So it's time to explain why I have delayed in using it. When people tell me to put "anything" outside the web accessibly folder.  I don't fully understand. For instance, I go to a shared host. I have say public_html that is my "Root" folder to what "I" have access to. I have my domains normally split up in folders (there's really no other way) So Say I have my site freelancebusinessman - (folder name) then 2 clients sites say secretfeedback - (folder name) moondancedesign - (folder name) these are just some examples Now the domain names, are what is accessible, I ahve the domains pointed as shown freelancebusinessman - www.freelancebusinessman.com moondancedesign - www.moondancedesign.com secretfeedback - www.secretEfeedback.com there, that is all set. Now I want to put something outside the root directory, anything it would be under public_html/somefolder(with no domain pointed to it)/file.ext there, that is a web inaccessible folder, because no domain is pointing to somefolder so if I have public_html/freelancebusinessman/portfolio/hello.php Say I decided I had 3 files test1.php test2.php and test3.php I put them here public_html/test1.php public_html/test2.php public_html/test3.php or public_html/somefolder/test1.php public_html/somefolder/test2.php public_html/somefolder/test3.php ok, I want to access one or the other from public_html/freelancebusinessman/portfolio/hello.php now the public html isn't web accessible freelancebusinessman is, and everything in it I don't understand how to access those other files?  And have it work.

Ok, I will go back and address these issues. Yes security was tightened up considerably, and tested.  I tried out the file thing, they seem to be pretty secure, if someone finds another hole, I will tighten things up even more. As for the variables, I went all out on those, hopefully no-one could do anything with those now, but if they do, I am willing to edit my functions to accomodate as needed. As for the comments, ehre are my responses. [quote] Two complaints: 1) Needs more lively colors.. right now it feels kinda drowsy. 2) The middle area probably shouldn't be a frame and it needs some padding, text sits right at the edge of the frame making it annoying to read.[/quote] 1. Unfortunately the color's themselves (knowingly dull), have been chosen by the client.  I will offer him some suggestions, maybe he will give the OK to change them.  Good advice. 2. It's not on a frame, it's in a div, I will explain why in a minute, when I respond to reds. [quote author=redbullmarky link=topic=118193.msg482751#msg482751 date=1165855567] its better what you've done with the 'E'. looked to much like 'secrete feedback' before. also, there is a site there now. assuming you got your security tightened up a bit? actually it doesnt look [i]too[/i] bad.but 1) i have to ask - what's the point of having that scrollbar inside the page? a) its not wide enough for the content, so i get a vertical scrollbar too, and b) in this case, the outer (main page) scrollbar is perfectly sufficient. as for inner scroll areas in general - i learned the error of my ways as soon as i bought a mouse with a mousewheel. inner scroll areas are a pain in the arse for us. 2) you have no page title. 3) there is no padding between the container and text on the pages. 4) displaying email addresses like that on sites - especially free ones like yahoo or hotmail - just looks bad and cheapens things alot. make a contact form. 5) what is the file upload for (apart from gaining unauthorised access to your pages... ;D) ? 6) using javascript to provide your cornering seems a bit of a cop-out. either use images, or CSS (www.cssplay.co.uk) 7) although you have a 'Home' link at the top, for me the best home link on sites i visit is the logo. 8) things just seem a little too text-based (ie, bland), especially with the coldish colour scheme to go with it. 10) your 'error' pages upon entering invalid info are pretty useless. 11) seems a little too easy to insert junk into. no registration required, etc. once the bots catch up with you, you'll have a headache and a half. [/quote] 1. I wasn't going to ask this, but when I asked for CSS advice, about how to adapt the layout to the content.  I was using the scrollbar, I asked how to remove it, I didn't get a response on how to adapt the layout, but I did get a response, from someone on the css post, about the scrollbar, they said leave it there, that's what it's for.  If you are mentioninging the bottom scrollbar in the same div, I noticed that problem and fixed it,  now it is just an up/down scroll bar.  If you have other suggestions on how to do it, I would be happy to give it a try. 2-4. Great advice, I will address/fix all of those 5.  The fileupload was something he requested, he wants people to be able to post images on the site, it was something he decided he wanted to pay an extra 50 bucks for. 6. I did this out of advice from wildteen, he offered a link to "Curvy Corners" so I used that ever since.  I can take a look at using images instead though, they are just a little annoying working with. 7. Good idea, I will work that out. I will see about the color scheme, he was set with it, but if you have some "advice" on a color scheme, or I can come up with a better one ahead of time, I can work him up an image of how it will look, and see if he will accept it. 10. Can you explain, you think I should take out the errors, that the fields must be filled in, what should I do instead. 11. I warned him of this ahead of time, tried to talk him out of it.  BUt he was deadset on this, the only thing he wanted to do was track ip, for banning.  Other than that, he wanted no registration, no email verification, no nothing.  I couldn't shake him on this one, even though I tried talking him out of it at first.  He wanted nothing hindering free posting.

www.freelancebusinessman.com I have one there, I Wouldn't say it's really good at this point, because it's due for a massive rewrite, and a bunch of added content.  But I will be doing that later, for now, it'll give you a basic introduction, as it stood when I wrote it back then.

www.secretEfeedback.com What do you think? Any advice, comments, things that could make it better.?

[code]<?php function deepclean($varinfo) { $varinfo = strip_tags($varinfo); $varinfo = htmlspecialchars($varinfo, ENT_NOQUOTES); $varinfo = htmlentities($varinfo); $varinfo = mysql_real_escape_string($varinfo); return $varinfo; // Added this line } ?>[/code] Credit = "Thanks huggie for fixing my problem, with the return so * It strips out whatever tags it can * if it misses any there is sstill the 2 below it to encode them * It runs it through escape string it's ready to go been tested it removes script tags, meta tags, php tags normal html tags, and leaves quotes uncoded, for mysql_real_escape_string hopefully this can help someone in my same problem if someone has advice on how to build onto this, to makeit even better, then great

I have a function [code]<?php function deepclean($varinfo) { $varinfo = htmlspecialchars($varinfo); $varinfo = htmlentities($varinfo); $varinfo = strip_tags($varinfo); $varinfo = mysql_real_escape_string($varinfo); } ?> [/code] I am working with it like this [code]<?php $secret = $_POST['secret']; global $secret; $secret = deepclean($secret); ?>[/code] Then I am passing it into the database, however it's not working. When I do the process, it's coming up completely empty. I tried it a few ways, I tried as above, I tried making deepclean have global $varinfo; inside of it like I did on an older function, but no matter what it's still coming up blank, the entire variable is empty by the time it goes through that.

Nevermind, it works, I was doing it wrong.  I am going to test it awhile, look for problems in using all of these together, look for possible problems in posting, try to find more security loopholes, or maybe the crackheads can find some more, so I can learn from them.  I am going to do some more, see what I can do, follow some of your advice roopert on the downloads, adn see what else security wise (functions for later use), I can come up with, see if I can make this deep cleaning even deeper.

What the heck. [code]<?php function deepclean($varinfo) { global $varinfo; $varinfo = htmlspecialchars($varinfo); $varinfo = htmlentities($varinfo); $varinfo = strip_tags($varinfo); $varinfo = mysql_real_escape_string($varinfo); } ?>[/code] That code above, didn't even use mysql_real_escape_string. it doesn't do anything, I can still pass script tag's, and it doesn't even use escape strings.

Ok, I can rework the file downloads.  It is the scripts, I have been checking on what they are doing, for the file downloads, they were sending php files then visiting those files in the browser to delete the homepage, and things like that. For the other problem, they were just putting stuff in the database to make it redirect.  Both simply things, that I should have paid attention to in the beginning, I just needed a good run-in with it, to be able to know what was going on and how to fix it.  I found a problem, and learnt from it, if I get another opprotunity with this to learn even more then so be it.

[code]<?php function deepclean($varinfo) { global $varinfo; $varinfo = htmlspecialchars($varinfo); $varinfo = htmlentities($varinfo);         $varinfo = strip_tags($varinfo); $varinfo = mysql_real_escape_string($varinfo); } ?>[/code] How is this, I spent most of the morning doing research.  THose 3 won't take care of all problem's, but they will take care of the majority of them, from there if I encounter problem's, I can slowly modify the function, to take care of each problems.  I am going to try it, and see if it works well.  I mostly want to stop a few specific tag's, to stop the redirects, or other problems.  Later I can build onto it, to make it more secure.  I think I learnt some valuable stuff from this project. I just added strip_tags as well.

That's true, it was my fault, I learnt from it.  I am fixing this up today. I will learn as I go.