runnerjp
-
Posts
2,214 -
Joined
-
Last visited
Posts posted by runnerjp
-
-
Ok well usernames are stored as $username;if u can provide us ur code then i can surely help u out on hw u can log the details of the guys who are doing in out..the page they are on is stored as $url;
time is $time;
any other part of code u want?
mean this one onlyy.. whether u are storing any thing when some one is doing something on ur site...this would slow down ur process but it will surely help u out when something like this happens...
and no i dont sadly, but i think i best lol
-
they could have but i dont see how they edited it... iv just chnage permissions on the edit button to delete posts ect so i can try clean it up alittle quikly- usually it has if{$userid = '1'} so only Admin can edit it.
for time being i think i might log all logins with date time ip ect....
all errors (how would i create error log so i can record username ip and error made @ time??)
and all deletiong ect made by users.
Try track down how and who is doing it
-
What do you mean by logs??
-
The login screen is
www.runningprofiles.com
Username:Demo
Password:Demo
they could be acesssing my Admin account through the login but im not sure.
I have added "PhP freaks please help me" just to show its my login screen!
-
Hey guys,
I logged on to edit my website today to find that most of my forum posts have been deleted!
I have no idea how they have done this....
I have made sure all $_gets and $_posts have mysql real escaped and i just cant find out how they are doing it.
Can any one offer me guidence to find the errors ....
i can provide access to the site to find the error itself.
Anything to prevent my hard work being destroyed.
-
ok hummm...
so are you wanting to display the post results?
-
Also just doing $_POST['username']; is a huge securtity risk and asks for sql injection.
http://www.addedbytes.com/writing-secure-php/
take alook at the above website...helped me out loads
-
ok lots here...
echo "User $user already exists, please choose another username<br /><br />";
to
echo 'User'. $user.' already exists, please choose another username<br /><br />';
any verible in text needs to be sep from the echoed text... echo 'the textt'.$array.'more text'
-
Found it....
$find_user_query = mysql_query("SELECT * FROM accounts WHERE username = $user") or Die("Couldn't connect: " . mysql_error();
should be
$find_user_query = mysql_query("SELECT * FROM accounts WHERE username = '$user') or Die("Couldn't connect: " . mysql_error();
-
what error is it ouputting?
u susing an index.php file with this displayed in it?
-
You will use an if statement
if ($req_user_info['facebook'] !="") { echo "<a href=\"".$req_user_info['facebook']."\"><img src=\"facebook.png\"></a>"; }so if the $req_user_info['facebook'] is not blank show it
-
yer i was thinking of nl2br()
nl2br($message)
but if he is sticking the whole message in the url thats not great... was looking to see if anything was added to db ect
-
any chnace you could paste in ur code?
-
are you trying to get rid of spaces in a url...
if so just strip it...is this correct??
-
/* This will work. */ $letter = '<br />'; $string = $message $string = ereg_replace('=0D=0A=', $letter, $string); echo $string; /* Output: */ -
i gave it ago and no rows get displayed sadly...time is a timestamp tho!
-
can you display the code your using for the search?
-
/* This will work. */ $letter = '<br />'; $string = $message $string = ereg_replace("=0D=0A="', $letter, $string); echo $string; /* Output: */ -
Ok are you getting the data from an xml sheet OR mysql db??
-
typo i belive... should be
if (ctype_xdigit($md5) && strlen($md5) == 32) { // Yay}just shing is the code equal to 32 char (strlen) long
-
hummm...
I take it you are using $_POST to search for users....
I would compare the post with the results from database...
Take away those that match leaving you to echo those that are not...
if($_POST != $array)
{
//show name
}
and stick that in a loop
-
The data below does not stop flooding if post is within the last 2min...
as you can see i have all error reporters in place... the query works fine...
Numbers of rows returned are 1...
but no error message ???
//stop flooding $query = "SELECT max(unix_timestamp(`time`)) as t FROM messages WHERE reciever='$un' AND sender='$username'"; $res = mysql_query($query); if (!$res) { $errmsg = mysql_errno() . ' ' . mysql_error(); echo "<br/>QUERY FAIL: "; echo "<br/>$sql <br/>"; die($errmsg); } $num = mysql_num_rows($res); if (!$num) { echo "<br/>QUERY FOUND NO DATA: "; echo "<br/>$sql <br/>"; } if(!$res) die("Query: $query\nError: ".mysql_error()); $lastMessageTime = mysql_num_rows($res) == 1 ? array_shift(mysql_fetch_array($res)) : 0; if ($lastMessageTime > 0 && $lastMessageTime < strtotime('+2 Minutes', $timestamp)) { $errors[] = 'Please wait 2 minutes between each message'; } -
Fixed with $message = nl2br($message->parsed);
-
Just to add... in the db its stored with the space... so how do i make sure the spaces out output from it with this-
<?php $message = new BBCode(); $message->selection = $_POST['yourpost']; $message->parseCode(); $message->parseEmoticons(); $message = $message->parsed;echo $message;?>
Website being hacked! Some one is deleting all posts!
in PHP Coding Help
Posted
I have had alook at the page and it does not make sence to me
Also do you know how to log errors??
so far i have-
/* we will do our own error handling. */ error_reporting(0); // Turns off all error reporting. /* user defined error handling function. */ function userErrorHandler($errno, $errmsg, $filename, $linenum, $vars) { // timestamp for the error entry. $dt = date('Y-m-d H:i:s (T)'); // define an assoc array of error string // in reality the only entries we should // consider are E_WARNING, E_NOTICE, E_USER_ERROR, // E_USER_WARNING and E_USER_NOTICE. $errortype = array ( E_ERROR => 'Error', E_WARNING => 'Warning', E_PARSE => 'Parsing Error', E_NOTICE => 'Notice', E_CORE_ERROR => 'Core Error', E_CORE_WARNING => 'Core Warning', E_COMPILE_ERROR => 'Compile Error', E_COMPILE_WARNING => 'Compile Warning', E_USER_ERROR => 'User Error', E_USER_WARNING => 'User Warning', E_USER_NOTICE => 'User Notice', E_STRICT => 'Runtime Notice' ); // set of errors for which a var trace will be saved. $user_errors = array(E_USER_ERROR, E_USER_WARNING, E_USER_NOTICE); $err = "<errorentry>\n"; $err .= "\t<datetime>" .$dt. "</datetime>\n"; $err .= "\t<errornum>" .$errno. "</errornum>\n"; $err .= "\t<errortype>" .$errortype[$errno]. "</errortype>\n"; $err .= "\t<errormsg>" .$errmsg. "</errormsg>\n"; $err .= "\t<scriptname>" .$filename. "</scriptname>\n"; $err .= "\t<scriptlinenum>" .$linenum. "</scriptlinenum>\n"; if (in_array($errno, $user_errors)) { $err .= "\t<vartrace>" .wddx_serialize_value($vars, 'Variables'). "</vartrace>\n"; } $err .= "</errorentry>\n\n"; // save to the error log file, and e-mail me if there is a critical user error. error_log($err, 3, '../error_log.log'); if ($errno == E_USER_ERROR) { mail('bgates@gmail.com', 'Critical User Error', $err); } } $old_error_handler = set_error_handler('userErrorHandler');if i was to chnage it so i added it to db with username and page ect would this help?