Daniel0

[quote author=Jenk link=topic=109169.msg440755#msg440755 date=1159176679] Using anything the client sends (HTTP_*), and the IP and/or Host are unreliable and not worthy of use in any form of security checks. [/quote] Nobody said it was 100% reliable, but it will make it more difficult. The more things you need to know about the session and the user, the more difficult it will be. [quote author=Jenk link=topic=109169.msg440755#msg440755 date=1159176679] Session fixation and hijacking occurs mostly when the attacker convinces the user to click a link. [/quote] I do not think the programmers/developers are responsible for preventing phising. The user needs to know about security too, that they shouldn't just click on every link, and not give out informations like passwords.

[code] $something = <<<EOF This contains line breaks EOF; echo nl2br($something);[/code]

The snippet neylitalo showed is correct if it is saved as a Linux/UNIX file. If it is saved on Windows or Macintosh it isn't.

Surprisingly enough it is [url=http://validator.w3.org/check?uri=http://www.rasputin.de/CF/Jugend/]valid XHTML 1.0 Strict[/url] and [url=http://jigsaw.w3.org/css-validator/validator?uri=http://www.rasputin.de/CF/Jugend/]valid CSS[/url].

[quote author=onlyican link=topic=109287.msg440416#msg440416 date=1159123806] [quote author=Barand link=topic=109287.msg440382#msg440382 date=1159121594] or try <input type="[color=red]image[/color]" name="submit1" src="images/submit1.gif"/> [/quote] That one works That is the only one [/quote] Don't the one I showed work for you??

[quote author=redarrow link=topic=109229.msg440388#msg440388 date=1159122293] had a sneak preview at your css as valadated they say this: Line : 7 (Level : 1) You have no color with your background-color : body Line : 21 (Level : 1) You have no color with your background-color : #outer_shell Line : 23 (Level : 2) Redefinition of margin-top : #outer_shell Line : 23 (Level : 2) Redefinition of margin-left : #outer_shell Line : 23 (Level : 2) Redefinition of margin-right : #outer_shell Line : 23 (Level : 2) Redefinition of margin-bottom : #outer_shell Line : 40 (Level : 1) You have no color with your background-color : #inner_right_shell Line : 52 (Level : 1) You have no background-color with your color : #second_links Line : 55 font-family: You are encouraged to offer a generic family as a last alternative Line : 55 (Level : 2) font-family: You are encouraged to offer a generic family as a last alternative : #second_links Line : 74 (Level : 1) You have no background-color with your color : p Line : 78 font-family: You are encouraged to offer a generic family as a last alternative Line : 78 (Level : 2) font-family: You are encouraged to offer a generic family as a last alternative : p [/quote] Those are just warnings. His CSS is valid. The warnings do not have to be fixed.

You would have to place it inside an iframe. Include just includes the code.

Try this: [code]<button type="submit" name="submit1" style="border: 0px"><img src="images/submit1.gif" alt="button" onmouseover="this.src='images/submit1.gif'" onmouseout="this.src='images/submit2.gif'" ></button>[/code]

[quote author=Jenk link=topic=108713.msg440400#msg440400 date=1159123058] A whitelist, is like a guest list. If your name's not down, you're not getting in. Only swap guests for pages.. [code]<?php $pages = array(     'home',     'register',     'etc..' ); if (in_array($_GET['page'], $pages)) {     include realpath('/path/to/pages/' . $_GET['page'] . 'php'); } else {     include realpath('/path/to/pages/default.php'); } ?>[/code] [/quote] Could be done simpler: [code]<?php // input => file $pages = array(     'home' => 'home',     'register' => 'register',     'page1' => 'page2', ); $page = empty($_GET['page']) ? "home" : strtolower($_GET['page']); include "/path/to/pages/{$pages[$page]}.php"; ?>[/code]

I believe it still provides additional security as you would have to guess the user agent string in order to use the session. Would you be able to eg guess my user agent string (if we pretended it weren't in my signature)?

It do not need to have www. prepended.

You do not have to check if it exists, just mute the error it would return: [code]@unlink("some_file");[/code]

It would have to be [code]<?php if (file_exists('images/' . $qry['editorrating'] . '.png')) echo '<td><img src="images/' . $qry['editorrating'] . '.png" /></td>'; ?> since the image is located in the images folder ;)[/code]

[quote author=AndyB link=topic=109287.msg440371#msg440371 date=1159120971] I think your question is asking how can you detect when an image is clicked as a form submit.  If that's the case, then what's actually passed by the form are the x and y co-ordinates of the point clicked relative to the top left corner of the image. For example, with this code in a form that uses the post method: [code]<input type="submit" name="submit1" src="images/submit1.gif"/>[/code] $_POST['submit1_x'] and $_POST['submit1_y'] will contain values when the submit1.gif image is clicked. [/quote] That do not work for me, but this does: [code]<button type="submit" name="submit1" style="border: 0px"><img src="images/submit1.gif" alt="button"></button>[/code]

Do something like this: [code]<?php $folder_name = "Yes and no"; echo "<a href='file.php?folder=".urlencode($folder_name)."'>{$folder_name}</a>"; ?>[/code] That will output: [code]<a href='file.php?folder=Yes+and+no'>Yes and no</a>[/code] Then you can just urldecode it on the other page.

$_SERVER['HTTP_REFERER']

[quote author=FrOzeN link=topic=109150.msg439951#msg439951 date=1159023214] Heh, if google treats that as a more important word and ignores the CSS downgrading it, then theres a small loophole to emphasise your important words. Nice. :) [/quote] Yeah, except that the <strong> tag is deprecated in XHTML 1.1 and therefor causing a validation error.

You could do this: [code]substr(md5("something"),0,8);[/code] but then you would risk hash collisions. MD5 hashes are [i]always[/i] 32 characters long, while SHA1 is [i]always[/i] 41 (or is it 42?) characters long?

Looks ok.

If the user always goes to a specific page after, you could just run it there.

I don't get your problem.

I would go with option number 1. Sure you could make an access log that awstats can parse, just make it in the same format as Apache's access.log.

In fact having [code]<head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <title>Untitled Document</title> </head> <body> <?php header("location: http://www.google.com/"); ?> </body> </html>[/code] is stupid since the HTML will never be seen. [code]<?php header("location: http://www.google.com/"); ?>[/code] would be enough.

[quote author=onlyican link=topic=109150.msg439884#msg439884 date=1159004948] With Regards to using CSS A little tip I have been told, When you use "strong" on your website, this helps with search engines For example My Site, ClubFeet.net, I make important words strong Not for them to stand out on the website, its for googlebot to see its important, and helps with ratings This wont work if you use css to make things bold [/quote] Do you then leave the bold on the page, or do you add something like this: [code]strong { font-weight: normal; }[/code]?

Yeah, and the guy on number 1 doesn't look too good either :D