Jump to content

Psycho

Moderators
  • Posts

    12,157
  • Joined

  • Last visited

  • Days Won

    129

Everything posted by Psycho

  1. There are a LOT of problems with that script. 1. The problem with the confirmation has nothing to do with SCRIPT tags. You don't need script tags when defining the action for a trigger. The reason you are not getting a confirmation is that the confirmation text is not withing quotes. 2. The processing part of the script is looking for the variables $_GET['action'] & $_GET['filedelete'] - neither of which exist. 'action' doesn't appear anywhere and 'filedelete' is the name of the button. But since you are not POSTing the data it won't exist in the receiving page. Only the values passed in the query sting (e.g. 'delete') will be accessible via GET on the receiving page. 3. You have HTML content before the header() function (as noted by ignace) All in all, this is a terrible script. I don't intend to be mean, but you are allowing someone to delete files without any security whatsoever. Even the manner you are allowing the user to select a folder is problematic as the user could specify any directory not just one within the 'temp' folder. They could, for example, use '../' as part of the ID value to potentially point to just about ANYWHERE on the web server not just the web root. When writing any code that accepts user input always assume that the user is providing information with malicious intent.
  2. If this is some sort of Steganography then forget about it. You are not going to be able to compare the new image with the original using MD5 or any other method without doing some sort of statistical sampling. In any case if it is exactly as you described where the forst 20 bytes really is all that is different then we have already provided a solution.
  3. I woud agree with nbarone. Besides, the first 20 bytes would contain the file header info (which would also be included in the files you have in your database) - so I don't see how the new files are the same as the originals except for the first 20 bytes - unless the original files don't have proper headers. Makes no sense.
  4. Welcome to the Internet. Use a php file for CSS definition and encrypt it using ioncube. Personally though I wouldn't be bothered. ioncube is for obfuscating PHP, not CSS. Using obfuscated PHP to create the CSS is pointless for what the OP wants as the souce code would be obfuscated but the rendered CSS that is sent to the browser wouldn't be. A littel googling turned up a few products that may be able to obfuscate CSS, but they don't exactly look to be top-of-the-line outfits, or at least none that I would trust the integrity of my code to. I agree, it would just be a PITA to try and obfuscate CSS.
  5. Correction to p2grace's code. The function will return an array and you cannot echo an array: <?php include 'dbconnect.php'; function pb_stng_selectall() { $query = "SELECT * FROM users"; $result = mysql_query($query) or die(mysql_error()); $stng = mysql_fetch_array($result) or die(mysql_error()); return $stng; } ?> <?php $user = pb_stng_selectall(); echo $user['name']; ?> However, the functionality makes no sense. Why are you querying the entire table but only using the first record? You're not even using a sort to ensure you get a specific record. What are you wanting the function to return? It would make more sense to me if you were passing an ID to the function to get a specific record or at least returning a multidimensional array of all the records returned. A lot of inefficiency in the the above format.
  6. It's going to depend on what type of file it is. If the file is a simple txt file then md5($string) will work assuming the text is the same as in the file (i.e. linebreaks and spacing). However, other file formats don't necessarily store the data in the same way it is displayed. For example if you are trying to find what the MD5 value would be for text if it was in a word document you can't do it directly because of all the underlying code in the word file that is used to decribe how the text is displayed in addition to what text is displayed. You need to provide more details on what you are wanting to do.
  7. It kind of depends on how you let the user input the date and time. You may have to convert their input accordingly. But, you may want to take a look at the following functions: For date only: http://us3.php.net/manual/en/function.checkdate.php For a date & time (but a failure will not tell you which one failed) http://us3.php.net/manual/en/function.strtotime.php I'd suggest using the first function to validate the date and then use a custom function for validating the time. Again, this depends on what the input parameters are.
  8. I think you are going to have a tough time to find anything to fit your needs. Because of how a PDF is created trying to reverse engineer it is not a simple task. It would be even more complex in trying to decipher the code into a table structure. There are solutions, but most, if not all, will cost money. And, I don't know of any that are strait PHP. The solutions I know of would require the installation of software on a server which the web application (in PHP or another language) would interact with. There are some free services, but none that I know of which you could utilize via a web application. Here is one which requires you to upload a file via a form and then receive a confirmation via email once the file is ready. Not exactly a real-time solution. http://www.freepdfconvert.com/convert_pdf_to_source.asp
  9. Java != JavaScript, they are two completely different technologies. Yes, you can use Javascript to make it more difficult for someone to get the code, but... As Adika stated there is no way to "hide" CSS code. The CSS has to be read by the browser which means it is first downloaded to the client PC. You could use obfuscation to make it hard to read, use javascript to prevent user from "easily" seeing the CSS references in the HTML, and other hacks. But, all you will accomplish is pissing off many of your users without providing any real security. Because those hacks will also prevent users from using simple functions such as printing via right-click. And, anyone with the abilty to know how to repurpose someone else's CSS would be able to find the CSS file in their cache and find a way to un-obfuscate the code.
  10. No to both questions. But, if you are needing to maintain multiple connections, then it is imperative that you create a link identifier when making the connections so you can use that identifier when making a query. $link1 = mysql_connect('server1', 'mysql_user', 'mysql_password'); $link2 = mysql_connect('server2, 'mysql_user', 'mysql_password'); $result1 = mysql_query("SELECT * FROM tableInDBOne", $link1); $result2 = mysql_query("SELECT * FROM tableInDBTwo", $link2);
  11. Works just fine with a hex color, just preface it with the pound character - "#cecece"
  12. Well, it works, but I think storing data as keys is kind of counterproductive. I would just do this: <?php // Get a file into an array. $lines = file('filmer.txt'); // Loop through our array. foreach ($lines as => $data) { //Explode the data line into an array based on commas $item = explode(',', $line); //Add values to movie array $movie[$name]['Genre'] = trim($item[0]); $movie[$name]['ThirdItem'] = trim($item[2]); $movie[$name]['FourthItem'] = trim($item[3]); $movie[$name]['File'] = trim($item[4]); $movie[$name]['Year'] = trim($item[5]); //Add genre to grenre list $genres[] = trim($item[0]);; } //remove duplicates from genre list $genres = array_unique($genres); ?>
  13. Okay, here are a few hints at how I would handle this. 1. I would use file() to read the contents of the text file into an array - each line in the file is an element in the array. So, you would want to ensure each line in the file is indeed a separate record. If each record has multiple fields (i.e. title, genre, etc). I would list each record as a tab or comma separated line. You just need to ensure that the delimiter is either not allowed in the data or that it is properly escaped. 2. Next I would process each line and explode it into a sub array. So, the array would look something like this: array( 0 => array ( title => "Armageddon", year => "1992", genre => "Action", ), 0 => array ( title => "UP", year => "2009", genre => "Family", ), ) Now let's assume the drop-down you need to create is for "genre". Since each record will have a genre and each genre may appear multiple times I would also include a process in step 2 to add the genre to a separate array that just includes 1 entry for each unique genre. When processing each line, you could either test to see if the current genre already exists in the array before adding it [in_array()] or you could just add each genre as each record is processed and then run array_unique() which will remove duplicates. You will now have a multidimensional array with all the movie records from the text file and a second array that has each unique genre. You should be able to extrapolate on the information provided to fit any other needs you have.
  14. Like I said, you want to accomplish this with your query. Here is what your query should look like (I am making an assumption that your agent and price fields are named accordingly - change them as needed. $query = "SELECT *, SUM(price) as price_total FROM sales WHERE `Date` BETWEEN '$newStart' AND '$newEnd' GROUP BY agent"; Now in your code which prits the results, use price_total instead of price
  15. If these values are coming from a database you shoudl really consider saving the values as nubers and not strings to begin with. You can always format the number when printing to a page.
  16. You need to do this in the database query using SUM() and GROUP BY Example SELECT field1, field2, agent_name, SUM(price) as price_total FROM table GROUP BY agent_name
  17. If you are not using JOINS then you are not using your database to it's full potential. It's like buying a $3,000 gaming computer just to use the calculator! Take alook at this small tutorial on the subject. http://www.tizag.com/mysqlTutorial/mysqljoins.php
  18. You can do that in PHP, but that would be stupid when you are using a database which does this naturally. You know it would have been helpful had you responded appropriately to my previous comment Since you did not provide the information up front I went the extra step to at least tell you what my assumptions were. But, then you failed to correct my false assumption. Had you done so we would have solved this earlier. Now that I know those values really are arrays, I'm pretty sure this will work to 1) use a single query and 2) add the ability to group the records. <div id="left_c"><div class="g_content"><h3> Your Points</h3><div class="g_text"> <table width="100%" align="center" cellspacing="10"> <?php $current_col = 1; $max_col = 4; $query = "SELECT b.item_id, b.name, b.img, COUNT(b.item_id) as item_count FROM items i LEFT JOIN `blueprint_items` b ON items.item_id = blueprint_items.item_id WHERE i.player_id IN ('" . implode("', '", array($player->id)) . "')"; $result = $db->execute($query); while($record = $result->fetchrow()) { //Open new row if first column if($current_col==1) { echo "<tr>\n"; } //Display current record echo "<td>"; echo "<a href=\"../item.php?id={$result['item_id']}\">{$result['name']} ({$result['item_count']})</a><br>"; echo "<img src=\"{$result['img']}\" width=\"100\" height=\"100\" style=\"border: 1px solid #cccccc\">"; echo "</td>\n"; //Close row if last column if($current_col==$max_col) { echo "<tr>\n"; $current_col = 1; } $current_col++; } //Close last row if needed if ($current_col!=1) { for(; $current_col<=$max_col; $current_col++) { echo "<td> </td>\n"; } } ?> </table> </div></div></div> I give no guarantees this will work. but if it doesn't at least provide soe information of what didn't work right and do some simple debugging in order to help you further. For example, echo out the query so we can ensure it is being created properly
  19. I would also like to add some suggestions. You are storing a boolean value - one which is either true or false. It is standard procedure to store the value as either 0 (false) or 1 (true). All programming languages (at least those that I am aware of) will inherently interprest a 1 and 0 as true and false. So, if you do a comparison, you can do this if($info_check) instead of this if($info_check=='yes') This makes your code much for efficient. Also, the value of a checkbox in a form field is hidden from the user. So there is no reason to make the values yes/no and then change it on the processing page. Simply make the values of the checkboxes the values you will use in the processing page. But, don't use that as an excuse not to ensure that malicious code is not being submitted. Assuming the value of the checkbox is '1', my processing code would do something like this $value = ($_POST['field_name']=='1');
  20. Yes, as xtopolis states you need to find the code that creates the breadcrumb - that is what is causing the problem. But, personally I wouldn't worry too much about it. It is just a validation warning. Is it perfect, no. But, it's not something that's going to make your site unusable.
  21. Don't know what to tell you. The first block of code has a loop which defines a value for the variable $lastID on each iterration of the loop. So, when the loop completes $lastID will equal the ID of the last item in the loop. That's pretty strait forward. What is not clear is how that variable is used later - but I suspect that is the variable used to find the last record. The second block of code is defining a variable called $jal_lastID like this: $jal_lastID = JRequest::getVar( 'jal_lastID', 0); You are using some type of PHP framework/class instead of just plain old PHP, so I have no idea what that is doing.
  22. Check the definition for the password field in the database. I'm guessing you set the length of that field to 32 characters - so the value is getting truncated (i.e. the last 8 characters are getting cut off)! You will need to: 1. Restore your backed up database 2. Increase the length of the field in the database to at least 40 characters 3. Rerun the script to hash the current passwords Is "should" all work then. Now aren't you glad you made a backup of the database?!
  23. What the hell! You're changing the code. In the code you first posted the array didn't have two indexes with the first index being [$c] Original: $videos['category'] Modified: $video[$c]['category'] Hmm... you aded a new index and you get an error about an undefined offset. I'll go out on a limb here and guess you haven't defined $c or it is a value that doesn't exist as an index in that array. Either way you should fix the original problem before trying to add new code/functionality.
  24. Maybe you were writing your post before I added my last comment. Look at the two characters I highlighted in red. They are being used to encapsulate a variable that the PHP code should evaluate in the string. but the first character is a paren and the second is a curly brace. The BOTH need to be curly braces () - parens {} - curly braces
  25. Here's your problem: echo "<a href='www.aa.co.uk/Newdirectory/video.php?category={$videos['category']}'>($videos['category']}</a>"; The first red character should be a left curly brace - not a paren
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.