runnerjp
Members-
Posts
2,214 -
Joined
-
Last visited
Everything posted by runnerjp
-
Website being hacked! Some one is deleting all posts!
runnerjp replied to runnerjp's topic in PHP Coding Help
I have had alook at the page and it does not make sence to me Also do you know how to log errors?? so far i have- /* we will do our own error handling. */ error_reporting(0); // Turns off all error reporting. /* user defined error handling function. */ function userErrorHandler($errno, $errmsg, $filename, $linenum, $vars) { // timestamp for the error entry. $dt = date('Y-m-d H:i:s (T)'); // define an assoc array of error string // in reality the only entries we should // consider are E_WARNING, E_NOTICE, E_USER_ERROR, // E_USER_WARNING and E_USER_NOTICE. $errortype = array ( E_ERROR => 'Error', E_WARNING => 'Warning', E_PARSE => 'Parsing Error', E_NOTICE => 'Notice', E_CORE_ERROR => 'Core Error', E_CORE_WARNING => 'Core Warning', E_COMPILE_ERROR => 'Compile Error', E_COMPILE_WARNING => 'Compile Warning', E_USER_ERROR => 'User Error', E_USER_WARNING => 'User Warning', E_USER_NOTICE => 'User Notice', E_STRICT => 'Runtime Notice' ); // set of errors for which a var trace will be saved. $user_errors = array(E_USER_ERROR, E_USER_WARNING, E_USER_NOTICE); $err = "<errorentry>\n"; $err .= "\t<datetime>" .$dt. "</datetime>\n"; $err .= "\t<errornum>" .$errno. "</errornum>\n"; $err .= "\t<errortype>" .$errortype[$errno]. "</errortype>\n"; $err .= "\t<errormsg>" .$errmsg. "</errormsg>\n"; $err .= "\t<scriptname>" .$filename. "</scriptname>\n"; $err .= "\t<scriptlinenum>" .$linenum. "</scriptlinenum>\n"; if (in_array($errno, $user_errors)) { $err .= "\t<vartrace>" .wddx_serialize_value($vars, 'Variables'). "</vartrace>\n"; } $err .= "</errorentry>\n\n"; // save to the error log file, and e-mail me if there is a critical user error. error_log($err, 3, '../error_log.log'); if ($errno == E_USER_ERROR) { mail('bgates@gmail.com', 'Critical User Error', $err); } } $old_error_handler = set_error_handler('userErrorHandler'); if i was to chnage it so i added it to db with username and page ect would this help? -
Website being hacked! Some one is deleting all posts!
runnerjp replied to runnerjp's topic in PHP Coding Help
Ok well usernames are stored as $username; the page they are on is stored as $url; time is $time; any other part of code u want? and no i dont sadly, but i think i best lol -
Website being hacked! Some one is deleting all posts!
runnerjp replied to runnerjp's topic in PHP Coding Help
they could have but i dont see how they edited it... iv just chnage permissions on the edit button to delete posts ect so i can try clean it up alittle quikly- usually it has if{$userid = '1'} so only Admin can edit it. for time being i think i might log all logins with date time ip ect.... all errors (how would i create error log so i can record username ip and error made @ time??) and all deletiong ect made by users. Try track down how and who is doing it -
Website being hacked! Some one is deleting all posts!
runnerjp replied to runnerjp's topic in PHP Coding Help
What do you mean by logs?? -
Website being hacked! Some one is deleting all posts!
runnerjp replied to runnerjp's topic in PHP Coding Help
The login screen is www.runningprofiles.com Username:Demo Password:Demo they could be acesssing my Admin account through the login but im not sure. I have added "PhP freaks please help me" just to show its my login screen! -
Hey guys, I logged on to edit my website today to find that most of my forum posts have been deleted! I have no idea how they have done this.... I have made sure all $_gets and $_posts have mysql real escaped and i just cant find out how they are doing it. Can any one offer me guidence to find the errors .... i can provide access to the site to find the error itself. Anything to prevent my hard work being destroyed.
-
How to insert a <br> instead of 0d0a on my form submit?
runnerjp replied to Jaehoon's topic in PHP Coding Help
ok hummm... so are you wanting to display the post results? -
Also just doing $_POST['username']; is a huge securtity risk and asks for sql injection. http://www.addedbytes.com/writing-secure-php/ take alook at the above website...helped me out loads
-
ok lots here... echo "User $user already exists, please choose another username<br /><br />"; to echo 'User'. $user.' already exists, please choose another username<br /><br />'; any verible in text needs to be sep from the echoed text... echo 'the textt'.$array.'more text'
-
Found it.... $find_user_query = mysql_query("SELECT * FROM accounts WHERE username = $user") or Die("Couldn't connect: " . mysql_error(); should be $find_user_query = mysql_query("SELECT * FROM accounts WHERE username = '$user') or Die("Couldn't connect: " . mysql_error();
-
what error is it ouputting? u susing an index.php file with this displayed in it?
-
You will use an if statement if ($req_user_info['facebook'] !="") { echo "<a href=\"".$req_user_info['facebook']."\"><img src=\"facebook.png\"></a>"; } so if the $req_user_info['facebook'] is not blank show it
-
How to insert a <br> instead of 0d0a on my form submit?
runnerjp replied to Jaehoon's topic in PHP Coding Help
yer i was thinking of nl2br() nl2br($message) but if he is sticking the whole message in the url thats not great... was looking to see if anything was added to db ect -
How to insert a <br> instead of 0d0a on my form submit?
runnerjp replied to Jaehoon's topic in PHP Coding Help
any chnace you could paste in ur code? -
How to insert a <br> instead of 0d0a on my form submit?
runnerjp replied to Jaehoon's topic in PHP Coding Help
are you trying to get rid of spaces in a url... if so just strip it...is this correct?? -
How to insert a <br> instead of 0d0a on my form submit?
runnerjp replied to Jaehoon's topic in PHP Coding Help
/* This will work. */ $letter = '<br />'; $string = $message $string = ereg_replace('=0D=0A=', $letter, $string); echo $string; /* Output: */ -
i gave it ago and no rows get displayed sadly...time is a timestamp tho!
-
can you display the code your using for the search?
-
How to insert a <br> instead of 0d0a on my form submit?
runnerjp replied to Jaehoon's topic in PHP Coding Help
/* This will work. */ $letter = '<br />'; $string = $message $string = ereg_replace("=0D=0A="', $letter, $string); echo $string; /* Output: */ -
Need help to format xml from complex result returned.
runnerjp replied to blue-genie's topic in PHP Coding Help
Ok are you getting the data from an xml sheet OR mysql db?? -
typo i belive... should be if (ctype_xdigit($md5) && strlen($md5) == 32) { // Yay} just shing is the code equal to 32 char (strlen) long
-
hummm... I take it you are using $_POST to search for users.... I would compare the post with the results from database... Take away those that match leaving you to echo those that are not... if($_POST != $array) { //show name } and stick that in a loop
-
The data below does not stop flooding if post is within the last 2min... as you can see i have all error reporters in place... the query works fine... Numbers of rows returned are 1... but no error message ??? //stop flooding $query = "SELECT max(unix_timestamp(`time`)) as t FROM messages WHERE reciever='$un' AND sender='$username'"; $res = mysql_query($query); if (!$res) { $errmsg = mysql_errno() . ' ' . mysql_error(); echo "<br/>QUERY FAIL: "; echo "<br/>$sql <br/>"; die($errmsg); } $num = mysql_num_rows($res); if (!$num) { echo "<br/>QUERY FOUND NO DATA: "; echo "<br/>$sql <br/>"; } if(!$res) die("Query: $query\nError: ".mysql_error()); $lastMessageTime = mysql_num_rows($res) == 1 ? array_shift(mysql_fetch_array($res)) : 0; if ($lastMessageTime > 0 && $lastMessageTime < strtotime('+2 Minutes', $timestamp)) { $errors[] = 'Please wait 2 minutes between each message'; }
-
Fixed with $message = nl2br($message->parsed);
-
Just to add... in the db its stored with the space... so how do i make sure the spaces out output from it with this- <?php $message = new BBCode(); $message->selection = $_POST['yourpost']; $message->parseCode(); $message->parseEmoticons(); $message = $message->parsed;echo $message;?>