ILYAS415

and how do i fix this

hi id just lyk to talk about the security vunerablities of this site (that is if u still work on it ) basically i registered as... and my username wasn't displayed on the page. also people can enter html into the register forms. another vunerability i discovered was while my username was (nothing) i got this error when viewing te edit profile page... also id recommend putting a limit on how much a person can enter into the register forms e.g. max 25 characters in a username

soo small i dont think their is any bugs/ places where u can put in some xss

http://speaker219.ath.cx:8080/RSS-Reader.php?q=noone Warning: DOMDocument::load() [function.DOMDocument-load]: Empty string supplied as input in D:\xampplite\htdocs\RSS-Reader.php on line 19 Fatal error: Call to a member function getElementsByTagName() on a non-object in D:\xampplite\htdocs\RSS-Reader.php on line 23

Help will really be appreciated. Ive tried using this code but still some1 i i.p banned on my game site can still access my game :S This was the code i used but i think it only blocks registered proxies: if(isset($_SERVER['HTTP_X_FORWARDED_FOR']) || ($_SERVER['HTTP_USER_AGENT']=='') || ($_SERVER['HTTP_VIA']!='')){ die("Don't use proxies, please."); } Thanks, help would be very appreciated

o yh he hasnt lol. he needs to make it so it doesnt allow code

yep uve fixed the register area

kk.

the code } else has to be }else{ and... exit; has to be exit();

no problem

no actually.. u made mistakes on... } else header("location: login.php"); and (im not sure of this one but)... exit;

ok then put in ur friends database name on their, your database username and pass into those variables

page ur trying to integrate it in

nope u need the change the variables like $database_name to ur database name etc. wat host r u using?

use this code in a php code on ur page include "link to forms main page here"; //MUST MAKE SURE LINK IS SOMETHING LIKE forms/hello.php AND NOT //SOMETHING LIKE http://www.blabalbla.com/forms/hello.php

put this inside it... <?php $mysql_server = "localhost"; $mysql_user = "database user here"; $mysql_password = "database user's password here"; $mysql_database = "databases name here"; mysql_connect ("localhost", "$mysql_user", "$mysql_password") or die ('I cannot connect to the database because: ' . mysql_error()); mysql_select_db ("$mysql_database"); ?>

barand u made a few mistakes in ur code

dont u hav a db connection script on ur site? like db_connect.php or config.php?

u mean its being outputted like... Messagefrom: blablaReported User:blablaMessage:blablablaLogs:logshere ? if so then use... $body=" Message From: $fromUser<br> Reported User: $reportedUser<br> Message: <br> <b>$message</b><br> Logs: $logs<br> ";

r u properly connected to ur host? the sql query i gav u was absolutly right. (dont worry, sometimes more errors are meant to pop up)

replace the $to variable with... $to = "$_POST['email']"; or $to = "".$_POST['email']."";

lol kk here y. replace my code with this one... if (!$sql){ mysql_query("INSERT INTO users (username, password, email, date_registered) VALUES ('$username', '$password', '$email, 'NOW')"); }

can i see the whole script plz?

look at the reply i posted on the php help forum

hehe try: if (!$sql){ mysql_query("INSERT INTO users (username, password, email, date_registered) VALUES ('$username', '$password', '$email, 'NOW'")); } not sure if it works but try it anyway