d_barszczak
Members-
Posts
188 -
Joined
-
Last visited
About d_barszczak
- Birthday 12/15/1984
Contact Methods
-
MSN
sales@scripts2go.co.uk
-
Website URL
http://www.integrateditsystems.co.uk
Profile Information
-
Gender
Male
-
Location
Bradford - UK
d_barszczak's Achievements
Member (2/5)
0
Reputation
-
No problem, I never even thought of the bandwidth thing good job somebody did
-
User has been able to access my admin account through login
d_barszczak replied to runnerjp's topic in Beta Test Your Stuff!
Hi Runnerjp, Just had a quick look at the code and it does not look like you are checking any data that is submitted before you use it to query the database. This may have left the site open to SQL injection attacks. There are a few posts on this forum that explain how to prevent injection attacks. -
Hi WOPR, I use this to get files off my local server to prevent full path disclosure but I have no idea if you can retrive files over http. <?php $filename = "CTF-SpoonDog_PC.rar"; $realfile = "http://www.themeinerz.com/dl_files/ut3/maps/pc/CTF-SpoonDog_PC.rar"; header('Content-Description: File Transfer'); header('Content-Type: application/octet-stream'); header('Content-Disposition: attachment; filename='.basename("filename")); header('Content-Transfer-Encoding: binary'); header('Expires: 0'); header('Cache-Control: must-revalidate, post-check=0, pre-check=0'); header('Pragma: public'); readfile($realfile); ?> May be worth a try.
-
Hi Mchl, Maybe it is, maybe its not and we don't really need to re-create that thread here I personally would always reommend it because the first time you create a column named date it will all go pear shaped. Although that said, renaming the column to date_created would also fix the same problem but when you want your code to be consistant you would use ``. Anyway thanks for the input.
-
If you are trying to update an existing query you would need something like the fillowing but obviously with all the data you need. $query = "UPDATE `links` SET `name`= '$name', `description`='$description' WHERE `url`='$url'; If you are inserting an new row then your query would work without the WHERE '$url' = URL. Just a pointer but it looks as though the WHERE '$url' = URL bit is wrong too. It would be WHERE URL = '$url' but I would also put `URL` as it is best practise.
-
Hi, Im not sure exactly what you are trying to do but I think I have an idea. Are the months in the year the length of subscription? If they are I would create the bill with a start_date and an expiery_date. I would certainly keep a table of all bills so you have a record. You could then query the database for the expiery date as well as the username and password. If the date is => todays date then deny access. You may need to mark the current subscription to make the query a little easier.
-
transferring variables to a page that's not loaded into the browser
d_barszczak replied to ijp's topic in PHP Coding Help
Hi, Im not 100% on this but if you run exec ("/usr/local/bin/php emailsend.php >/dev/null &"); the script will still wait for the command to finish. If speed is a factor I would store the data in a database and have a cron job that runs the emailsend.php script every 5 mins or so that goes through the database and removes the entries as it sends the emails. This would ensure that your users dont have to wait for the email to be sent and getting the data is a simple mysql query. Plus if the script crashes the data still waiting to be send will be stored in the database. -
Thanks for the info. I fully understand that hosting a web server is a full time job and that I should not be offering a managed hosting service if I am unsure of the security complications. This is the reason why I currently only host websites designed by myself on a very secure and reliable setup. I though asking the question in a PHP support forum may be a good start. I will under no circumstances start running a managed hosting service until I can guarantee my users security. This question was just to point me in the correct direction of further research. Thanks
-
Hi all, Hoping someone can help me here. I currently have a web server that hosts my customers websites. At the moment the only sites hosted are ones that have been developed by my company. I would like to offer a hosting package but am worried about security with php. I don't want my users to access files outside their hosting directory via php as it usually allows full access to the system. Do you know any ways of restricting php like this? Its a Ubuntu Server running php and mysql. The server hosts apache virtual hosts. Thanks in advance!!
-
OK thanks, was hoping there would be a simple query
-
Hi all, I am developing a chat application which stores messages in a database. I don't need to keep any more than 100 lines so i will need to run a query that deletes all rows apart from the last 100 submitted. id = message id room = room id submit_time = Submitted time msg = message SELECT * FROM post_table WHERE `room` = '1' limit last 100
-
Hi, I would usually do both. Have the smaller methods such as usr_check() that actually do the tasks and the a lager method such as usr_create() which uses the smaller methods to complete the whole task. That way your script can create a user in this example but should you need to create another script that needs to check a user you don't need to rewrite the usr_check() code. Plus if you ever wanted to create users in a different way you can always copy the usr_create() rename the function and make the changes. The core of the code would more than likely be the same and therefore would still be able to function using the smaller methods.
-
Hi, i have been asked to implement a Chess Club into an existing website but i wanted to know if there are any existing scripts that can do this or even just a Chess game that allows multiplayer and i can design the structure myself. Any ideas anyone free or fee i don't mind.
-
I use ubuntu myself but i assume yum is the package manager for fedora. If imap shows up in phpinfo() then it is installed. You should then be able to connect to an imap/pop3 server.
-
OK so your installation did not come with the php_imap installed. You need to download the file into your extensions directory and insert the line above.