![](https://forums.phpfreaks.com/uploads/set_resources_1/84c1e40ea0e759e3f1505eb1788ddf3c_pattern.png)
ILYAS415
Members-
Posts
292 -
Joined
-
Last visited
Everything posted by ILYAS415
-
and how do i fix this
-
hi id just lyk to talk about the security vunerablities of this site (that is if u still work on it ) basically i registered as... and my username wasn't displayed on the page. also people can enter html into the register forms. another vunerability i discovered was while my username was (nothing) i got this error when viewing te edit profile page... also id recommend putting a limit on how much a person can enter into the register forms e.g. max 25 characters in a username
-
soo small i dont think their is any bugs/ places where u can put in some xss
-
http://speaker219.ath.cx:8080/RSS-Reader.php?q=noone Warning: DOMDocument::load() [function.DOMDocument-load]: Empty string supplied as input in D:\xampplite\htdocs\RSS-Reader.php on line 19 Fatal error: Call to a member function getElementsByTagName() on a non-object in D:\xampplite\htdocs\RSS-Reader.php on line 23
-
Help will really be appreciated. Ive tried using this code but still some1 i i.p banned on my game site can still access my game :S This was the code i used but i think it only blocks registered proxies: if(isset($_SERVER['HTTP_X_FORWARDED_FOR']) || ($_SERVER['HTTP_USER_AGENT']=='') || ($_SERVER['HTTP_VIA']!='')){ die("Don't use proxies, please."); } Thanks, help would be very appreciated
-
o yh he hasnt lol. he needs to make it so it doesnt allow code
-
yep uve fixed the register area
-
kk.
-
no problem
-
ok then put in ur friends database name on their, your database username and pass into those variables
-
page ur trying to integrate it in
-
nope u need the change the variables like $database_name to ur database name etc. wat host r u using?
-
use this code in a php code on ur page include "link to forms main page here"; //MUST MAKE SURE LINK IS SOMETHING LIKE forms/hello.php AND NOT //SOMETHING LIKE http://www.blabalbla.com/forms/hello.php
-
put this inside it... <?php $mysql_server = "localhost"; $mysql_user = "database user here"; $mysql_password = "database user's password here"; $mysql_database = "databases name here"; mysql_connect ("localhost", "$mysql_user", "$mysql_password") or die ('I cannot connect to the database because: ' . mysql_error()); mysql_select_db ("$mysql_database"); ?>
-
dont u hav a db connection script on ur site? like db_connect.php or config.php?
-
u mean its being outputted like... Messagefrom: blablaReported User:blablaMessage:blablablaLogs:logshere ? if so then use... $body=" Message From: $fromUser<br> Reported User: $reportedUser<br> Message: <br> <b>$message</b><br> Logs: $logs<br> ";
-
r u properly connected to ur host? the sql query i gav u was absolutly right. (dont worry, sometimes more errors are meant to pop up)
-
replace the $to variable with... $to = "$_POST['email']"; or $to = "".$_POST['email']."";
-
lol kk here y. replace my code with this one... if (!$sql){ mysql_query("INSERT INTO users (username, password, email, date_registered) VALUES ('$username', '$password', '$email, 'NOW')"); }
-
can i see the whole script plz?
-
look at the reply i posted on the php help forum
-
hehe try: if (!$sql){ mysql_query("INSERT INTO users (username, password, email, date_registered) VALUES ('$username', '$password', '$email, 'NOW'")); } not sure if it works but try it anyway