JaGeK

[quote author=barkster link=topic=110496.msg447290#msg447290 date=1160065449] I assumed since they sniffed packets didn't contain a page name it was just using a default page in that dir. [/quote] Don't care how they handle your request. acct/get_acct needn't to be a file or even a directory in the server's document root. But this is not of any interest. [quote]Don't know whow to send sniffed request back to it and be able to read results.[/quote] Start a console, type telnet 192.168.100.35:80 and after that paste the sniffed request.

[quote author=syd75 link=topic=110585.msg447208#msg447208 date=1160061452] mysql_connect() suddenly stopped working, after I've used php/mysql on the web server for a long time. It works when I run php scripts from the command line, but not on the web server. I have no idea what have happened.[/quote] What says PHP's error log  in this regard?

[quote author=lional link=topic=110572.msg447147#msg447147 date=1160034446] The say I must add smtp authentication to my script, is this possible[/quote] If you want to use the mail() function, you have to set sendmail_path pointing to a sendmail program that supports SMTP authentication (probably the one you are currently using does and you have only to configure it). An other option is using the PHPMailer class which is able to send mails with SMTP authentication independent of PHP's mail function. -> http://phpmailer.sourceforge.net/

[quote author=JamieLee2k link=topic=110583.msg447194#msg447194 date=1160060567]can anyone tell me if there is a way to somehow download the webpage as a .php in which it is on the server?[/quote] So you want to get the source code of the PHP script!? If so, ask the webmaster to hand it to you - fortunately there is no other way.

[quote]HTTP request failed! HTTP/1.1 404 Not Found[/quote] Strange. I expected it to  work, because the request PHP sends should be nearly the same as the one you've posted above. Perhaps, there's another webserver running on a different port (your sniffer should tell you)!? Otherwise, a 404 status code seems to be inexplicable since the file/script actually exists. Does it succeed in case of sending the sniffed request data with telnet or the like?

[quote author=barkster link=topic=110496.msg446878#msg446878 date=1159994772]is the /acct/get_acct a directory on the webserver?[/quote] Probably. Just give it a try and check whether the following retrieves the expected data. [code=php:0]<?php   $contents = file_get_contents('http://account:jbaserve@192.168.100.35/acct/get_acct');   echo $contents; ?>[/code]

[quote author=barkster link=topic=110496.msg446875#msg446875 date=1159993790]That is my problem I don't know what they are so can I decode it or pass it straight to it already encoded.[/quote] Yes, you can decode it. The username is "account" and the password "jbaserve" - doesn't sound very secret... ::)

[quote author=mbvo link=topic=110520.msg446868#msg446868 date=1159992721] I want a list of all the jpg and gif images in a particular directory, how do i do it? [/quote] [code=php:0]<?php   $pictures = glob($myDir.'*.{jpg,gif}', GLOB_BRACE);   print_r($pictures); ?>[/code]

[quote author=flatlander link=topic=110518.msg446861#msg446861 date=1159991752]how do I comment out something in php?[/quote] -> http://www.php.net/manual/en/language.basic-syntax.comments.php

[quote author=minuteman link=topic=110500.msg446855#msg446855 date=1159991434]I couldn't see how either of those would do it[/quote] [code=php:0]<?php   $meta_title = 'Pay Per Click (PPC) For $continent';   $continent = 'Australia';   echo str_replace('$continent', $continent, $meta_title); ?>[/code]

[quote author=barkster link=topic=110496.msg446824#msg446824 date=1159989066]is the "..." a password being sent?  I don't see it sending a username[/quote] It is both: password and username encoded with base64. So, if you're going to use fsockopen(), see http://php.net/base64_encode. Otherwise, PHP will do it for you. Easily write [i]fopen('http://user:pass@host/path')[/i] and everything should work. Btw: If you don't want everybody to know the password used above, better remove it... ;-)

[quote author=thorpe link=topic=110490.msg446801#msg446801 date=1159985951] I believe mysql5 may handle multiple queries seperated by colons.[/quote] As far as I know, there is no difference how mysql_query() behaves depending on the MySQL version. One query is allowed, not more.

Take a look at the string functions - maybe str_replace(). -> http://php.net/strings -> http://php.net/str_replace

[quote author=barkster link=topic=110496.msg446738#msg446738 date=1159982463]I ran a packet sniffer on it and returned this and trying to find how I can retreive this in php or html?[/quote] [quote]I ran a packet sniffer on it and returned this and trying to find how I can retreive this in php or html?[/quote] If allow_url_fopen got the value "on", it is possible to use fopen()  and the other file functions to connect to the server, send a HTTP request and retrieve the response. -> http://de3.php.net/manual/en/wrappers.http.php Alternatively, you can use fsockopen()  to get more control of what is done. In this case, the cURL extension or a package which allows you to perform HTTP requests (such as PEAR::HTML_Request) might be a good choice, too. -> http://php.net/fsockopen -> http://php.net/curl -> http://pear.php.net/package/HTTP_Request

[quote author=AncientSage link=topic=101508.msg401844#msg401844 date=1153610343] Note: In the form, a variable containing an array is submitted as the value, would this effect anything?[/quote] Obviously the variable ($postrows) contains a string and not an array. What exactly is the goal and why?

[quote author=Branden Wagner link=topic=101506.msg401834#msg401834 date=1153609107] whats the proper way of making a form action call the the page its on? i usually use $_SERVER['PHP_SELF'][/quote] I think that's the proper way... ;-)

[quote author=Branden Wagner link=topic=101505.msg401828#msg401828 date=1153608019]they way i do it is by folder include("includes/". $_REQUEST['file']);[/quote] This doesn't make any sense, if you don't use a function like basename(). Otherwise the "hacker" can still put something like file=../../top.secret in the request data and access more or less everything the webserver user is allowed to. Better take an array with elements containing the allowed files, something like: [code=php:0]<?php $includes = array(               'news' => 'news.html',               'home' => 'home.html',               //      ...             );                       if (!empty($_GET['id']) && isset($includes[$_GET['id']])) {     $include = $_GET['id']; } else {     $include = 'news'; } include $includes[$include]; ?>[/code]

[quote author=Branden Wagner link=topic=101487.msg401809#msg401809 date=1153604913]How would i accomplish using mysql_fetch_array,assoc,row?[/quote] [code=php:0]while ($row = mysql_fetch_assoc($result)) {     $customer[] = array(                     $row['CustomerID'],                     $row['FirstName'],                     $row['LastName']                   ); }[/code]

[quote author=Tandem link=topic=101500.msg401791#msg401791 date=1153601763]I want the search to return every 'USER' that begins with a T. I'm pretty sure i have to add a character after the T but can't remember which, and the syntax for doing it.[/quote] You're probably searching for LIKE: -> http://www.w3schools.com/sql/sql_where.asp

[quote author=Branden Wagner link=topic=101487.msg401780#msg401780 date=1153599322]there are 2 entries for smith but yet it only shows one[/quote] The parameter $num - you pass to count() - is not of type array or object. So the return  value would always be 1 - independent of how many rows are affected. It would be much easier to use the mysql_fetch_*()-functions instead of mysql_result(). -> http://php.net/mysql_fetch_assoc