runnerjp

I have had alook at the page and it does not make sence to me Also do you know how to log errors?? so far i have- /* we will do our own error handling. */ error_reporting(0); // Turns off all error reporting. /* user defined error handling function. */ function userErrorHandler($errno, $errmsg, $filename, $linenum, $vars) { // timestamp for the error entry. $dt = date('Y-m-d H:i:s (T)'); // define an assoc array of error string // in reality the only entries we should // consider are E_WARNING, E_NOTICE, E_USER_ERROR, // E_USER_WARNING and E_USER_NOTICE. $errortype = array ( E_ERROR => 'Error', E_WARNING => 'Warning', E_PARSE => 'Parsing Error', E_NOTICE => 'Notice', E_CORE_ERROR => 'Core Error', E_CORE_WARNING => 'Core Warning', E_COMPILE_ERROR => 'Compile Error', E_COMPILE_WARNING => 'Compile Warning', E_USER_ERROR => 'User Error', E_USER_WARNING => 'User Warning', E_USER_NOTICE => 'User Notice', E_STRICT => 'Runtime Notice' ); // set of errors for which a var trace will be saved. $user_errors = array(E_USER_ERROR, E_USER_WARNING, E_USER_NOTICE); $err = "<errorentry>\n"; $err .= "\t<datetime>" .$dt. "</datetime>\n"; $err .= "\t<errornum>" .$errno. "</errornum>\n"; $err .= "\t<errortype>" .$errortype[$errno]. "</errortype>\n"; $err .= "\t<errormsg>" .$errmsg. "</errormsg>\n"; $err .= "\t<scriptname>" .$filename. "</scriptname>\n"; $err .= "\t<scriptlinenum>" .$linenum. "</scriptlinenum>\n"; if (in_array($errno, $user_errors)) { $err .= "\t<vartrace>" .wddx_serialize_value($vars, 'Variables'). "</vartrace>\n"; } $err .= "</errorentry>\n\n"; // save to the error log file, and e-mail me if there is a critical user error. error_log($err, 3, '../error_log.log'); if ($errno == E_USER_ERROR) { mail('bgates@gmail.com', 'Critical User Error', $err); } } $old_error_handler = set_error_handler('userErrorHandler'); if i was to chnage it so i added it to db with username and page ect would this help?

Ok well usernames are stored as $username; the page they are on is stored as $url; time is $time; any other part of code u want? and no i dont sadly, but i think i best lol

they could have but i dont see how they edited it... iv just chnage permissions on the edit button to delete posts ect so i can try clean it up alittle quikly- usually it has if{$userid = '1'} so only Admin can edit it. for time being i think i might log all logins with date time ip ect.... all errors (how would i create error log so i can record username ip and error made @ time??) and all deletiong ect made by users. Try track down how and who is doing it

What do you mean by logs??

The login screen is www.runningprofiles.com Username:Demo Password:Demo they could be acesssing my Admin account through the login but im not sure. I have added "PhP freaks please help me" just to show its my login screen!

Hey guys, I logged on to edit my website today to find that most of my forum posts have been deleted! I have no idea how they have done this.... I have made sure all $_gets and $_posts have mysql real escaped and i just cant find out how they are doing it. Can any one offer me guidence to find the errors .... i can provide access to the site to find the error itself. Anything to prevent my hard work being destroyed.

ok hummm... so are you wanting to display the post results?

Also just doing $_POST['username']; is a huge securtity risk and asks for sql injection. http://www.addedbytes.com/writing-secure-php/ take alook at the above website...helped me out loads

ok lots here... echo "User $user already exists, please choose another username<br /><br />"; to echo 'User'. $user.' already exists, please choose another username<br /><br />'; any verible in text needs to be sep from the echoed text... echo 'the textt'.$array.'more text'

Found it.... $find_user_query = mysql_query("SELECT * FROM accounts WHERE username = $user") or Die("Couldn't connect: " . mysql_error(); should be $find_user_query = mysql_query("SELECT * FROM accounts WHERE username = '$user') or Die("Couldn't connect: " . mysql_error();

what error is it ouputting? u susing an index.php file with this displayed in it?

You will use an if statement if ($req_user_info['facebook'] !="") { echo "<a href=\"".$req_user_info['facebook']."\"><img src=\"facebook.png\"></a>"; } so if the $req_user_info['facebook'] is not blank show it

yer i was thinking of nl2br() nl2br($message) but if he is sticking the whole message in the url thats not great... was looking to see if anything was added to db ect

any chnace you could paste in ur code?

are you trying to get rid of spaces in a url... if so just strip it...is this correct??

/* This will work. */ $letter = '<br />'; $string = $message $string = ereg_replace('=0D=0A=', $letter, $string); echo $string; /* Output: */

i gave it ago and no rows get displayed sadly...time is a timestamp tho!

can you display the code your using for the search?

/* This will work. */ $letter = '<br />'; $string = $message $string = ereg_replace("=0D=0A="', $letter, $string); echo $string; /* Output: */

Ok are you getting the data from an xml sheet OR mysql db??

typo i belive... should be if (ctype_xdigit($md5) && strlen($md5) == 32) { // Yay} just shing is the code equal to 32 char (strlen) long

hummm... I take it you are using $_POST to search for users.... I would compare the post with the results from database... Take away those that match leaving you to echo those that are not... if($_POST != $array) { //show name } and stick that in a loop

The data below does not stop flooding if post is within the last 2min... as you can see i have all error reporters in place... the query works fine... Numbers of rows returned are 1... but no error message ??? //stop flooding $query = "SELECT max(unix_timestamp(`time`)) as t FROM messages WHERE reciever='$un' AND sender='$username'"; $res = mysql_query($query); if (!$res) { $errmsg = mysql_errno() . ' ' . mysql_error(); echo "<br/>QUERY FAIL: "; echo "<br/>$sql <br/>"; die($errmsg); } $num = mysql_num_rows($res); if (!$num) { echo "<br/>QUERY FOUND NO DATA: "; echo "<br/>$sql <br/>"; } if(!$res) die("Query: $query\nError: ".mysql_error()); $lastMessageTime = mysql_num_rows($res) == 1 ? array_shift(mysql_fetch_array($res)) : 0; if ($lastMessageTime > 0 && $lastMessageTime < strtotime('+2 Minutes', $timestamp)) { $errors[] = 'Please wait 2 minutes between each message'; }

Fixed with $message = nl2br($message->parsed);

Just to add... in the db its stored with the space... so how do i make sure the spaces out output from it with this- <?php $message = new BBCode(); $message->selection = $_POST['yourpost']; $message->parseCode(); $message->parseEmoticons(); $message = $message->parsed;echo $message;?>