Renlok

oh yeah that works fine now thanks

im using tortoiseSVN and i cant find it ???

Im using sourceforge SVN to host my source code and i cant figure out how to edit a file say when ive made an edit to a file and i want to uplaod the file how can i do that which out deleting the file and re uploading it?

your missing loads of semicolons <?php include($_SERVER['DOCUMENT_ROOT'] . '/includes/connection.php'); $sql = mysql_query("SELECT * FROM tblLatest ORDER BY ArticleDateAdded DESC LIMIT 3") or die(mysql_error()); $i = 0; while($article = mysql_fetch_array($sql)) { ++$i; if ($i % 2 == 0) // Here are your even records { echo'<div class="front-box-middle">'."/n"; echo'<h2>'.$article["ArticleTitle"].'</h2>'."/n"; echo'<div><img src="/latest/uploads/thumbs/'.$article["ArticleImage"].'" alt="'.$article["ArticleImage"].'" /></div>'."/n"; echo'<p>'.$article["ArticleBrief"].'</p>'."/n"; echo'</div>'."/n"; } else // Here are your odd records { echo'<div class="front-box">'."/n"; echo'<h2>'.$article["ArticleTitle"].'</h2>'."/n"; echo'<div><img src="/latest/uploads/thumbs/'.$article["ArticleImage"].'" alt="'.$article["ArticleImage"].'" /></div>'."/n"; echo'<p>'.$article["ArticleBrief"].'</p>'."/n"; echo'</div>'."/n"; } } ?>

you need to add a HTML base tag to your page http://www.w3schools.com/TAGS/tag_base.asp

you could try using http://uk.php.net/override_function ive never tried it before but supposedly it works

thats a lot to look though but maybe change if ($logged_in == 0) { to if(isset($_SESSION['user'])) { as im not sure but it doesnt look like $logged_in is set anywhere

well you could do it like $reserved = array('string'); // Load the results into the class foreach ($array as $name => $value) { if(in_array($name, $reserved)) $name = $name . '0'; $this->$name = $value; }

with crtl + s ?

you should have if(mysql_num_rows($query2) !==1) {$auth = "5";} elseif(mysql_num_rows($query3) !==1) {$auth = "6";} otherwise $auth = 5 will always be overwritten

In the first bit the if statement needed to be inside the while loop <?php //include db connection include ("inc.php"); $e = $_GET['e']; print '<table>'; $result = mysql_query("SELECT tq_answer FROM tbl_questions WHERE tq_id={$e}"); while ($row = mysql_fetch_array($result)) { $answers = $row['tq_answer']; } $canswers = explode(",", $answers); $count = count($canswers); $j = 0; for ($i = 0; $i < $count; $i++) { $checked = ""; $snext = explode(",",$next); print '<tr><td><input type="text" name="answers" value="' . $canswers[$j] . '"></td><td><select name="next">'; $result = mysql_query("SELECT tq_id, tq_question FROM `tbl_questions`"); while ($row = mysql_fetch_array($result)) { if ($snext[$j] == $row['tq_id']) { $checked = " checked"; } print '<option value="' . $row['tq_id'] . '"' . $checked . '>' . $row['tq_question'] . '</option>'; } $j++; print '</select></td></tr>'; } print '<tr><td><input type="submit" name="" value="update">'; print '</table>'; ?> and im not entirly sure what your doing in the second.

yes that works fine thakyou

is there another way of doing case insenstitive string replaces other than with str_ireplace? Im making a open source script and for the word filter i need it to be case insensitive but i dont want to use str_ireplace as its a php5 function and i want it to work on php4 anyone have any ideas?

well ive change mysql_fetch array to mysql_fetch_assoc makes a bit of difference but not much and that is the script that builds the category cache. Just wondering but would it be faster you get all the categories and to find the children categories just search the array repeadedly

I have the function function search_cats($parent_id, $level) { global $DBPrefix; $query = "SELECT cat_id, cat_name FROM ".$DBPrefix."categories WHERE deleted = 0 AND parent_id = $parent_id ORDER BY cat_name"; $result = mysql_query($query); $cats = array(); $catstr = ''; $stringstart = ''; if($level > 0) { for($i = 0; $i < $level; $i++) { $stringstart .= '|___'; } } while($cats = mysql_fetch_array($result)) { $catstr .= ",\n{$cats['cat_id']} => '$stringstart{$cats['cat_name']}'"; $catstr .= search_cats($cats['cat_id'], $level+1); } unset($cats); return $catstr; } which sorts categories into a tree but theres a problem when there are say 1000+ categories it will time out as it runs the query for each category to check for child categories does anyone have an idea of how i could speed this up?

oh right ok then. and reuploaded it to http://webid.freehostia.com/ with all the fixes so far. and thanks for your help so far.

i dont really understand how there can be a risk of XSS with something like $ERR_001 as its just a language string which is displayed in the template

yeah well you can delete everything on the index page with that but you cant add anything to it other than css

OK one thing im curious of, after you guys found these vunerabilities http://webid.freehostia.com/ got hacked and turned into a phishing site by whoever hacked it. Could he of hacked it with the things you flagged up or would he of had of found some other vulnerability?

I dont own a windows so i have no way of testing this but im building an open source script but the guy who helps me test it says that it shows errors when it references some files. i have the following bit of code to build the paths to the directories includes and uploaded $main_path = "W:\www\WeBid\\"; $include_path = $main_path."includes/"; $uploaded_path = "uploaded/"; $upload_path = $main_path.$uploaded_path; it seems when $include_path is used theres no problem but when $upload_path is used it leaves the 2 backslashes at the end the path is W:\www\WeBid\\uploaded/ which throws back an error i dont know why it does this.

this is really annoying when i have an error with my PHP the server will sometimes log the error in an error log but doesn't display the error with the error handler i set but most of the time it just shows a blank page so i have to go though every line to fine where the problem is anyone know why this is happening?

ok and i uploaded it so its easier to test if anyone else is going to have a look http://webid.freehostia.com/ admin panel: http://webid.freehostia.com/admin/ username and password: admin

what do you mean by that?

Im working on an auction script im looking for some people to test it. download from http://sourceforge.net/project/showfiles.php?group_id=181393 and youll have to install on your localhost to test it, id be really grateful if anyone could have a look at it. Well thanks in advance for any feedback. http://www.webidsupport.com/

thanks but thats not what i asked for. Please read the thread first.