ILYAS415

Okay I need a game reviewed. Still needs lots of improvements such as disclaimers, incomplete features need completing and lots and lots of other stuff. Also i need to change layout on registration page and also add some captcha security. Heres the link... http://www.ragingmortals.com/game/ Thanks, Ilyas415

Looks interesting. I might consider the offer... Im working on my own games as well though so it'll be pretty interesting. Should i send you a pm? p.s. Tried registring with a hotmail.co.uk email does not work

Its all right but theres unnessecary stuff in the code (the echoes but im not sure if you hose to include those yourself). Also your query is very vunerable to sql injection because you aren't parsing the $_GET stuff. No errors tho i think... If you don not know how to secure against sql injection or even what it is we will be glad to help

Have you got a public_html directory you can possibly save it to? if not try saving to the root directory and see what happens.

Yes I think its because mysql 5 and above only allow foreign keys. Anything below will fail. Only advice i can give is to upgrade the server your using or change your query. Imnot 100% tahts the problem though. More like 70%?

I personally believe it depends on where the function was run. If normal guests/members of the site were able to do it then thats something. But if only administrators were able to do it then it would kind of be the administrators problem because there the one inserting malicious coe (whether by accident or on purpose).

what actually happens?

Hmm i would say... Replace this bit of code... if (!function_exists("htmlspecialc hars_decode")) { function htmlspecialchars_decode($string, $quote_style = ENT_COMPAT) { return strtr($string, array_flip(get_html_translation_table(HTML_SPECIALCHARS, $quote_style))); } } with... function htmlspecialchars_decode($string, $quote_style = ENT_COMPAT) { return strtr($string, array_flip(get_html_translation_table(HTML_SPECIALCHARS, $quote_style))); }

try replacing your sendmail2.php with... <?php $to = "nickb53@tiscali.co.uk"; $subject = "Contact Request"; $message = $_POST['message']; $email= $_POST['email']; $headers = 'From: $email' . "\r\n"; //<-- not sure if this one is completely right mail($to, $subject, $message, $headers); ?> hopefully that'll fix ur problem

which one comes out incorrectly? the $email one or the nickb53 one?

I hate regex

put... session_start(); right at the very top of your php code in the board.php page

<?php $two_letter_country_code= iptocountry($_SERVER['REMOTE_ADDR']); function iptocountry($ip) { $numbers = preg_split( "/\./", $ip); include("ip_files/".$numbers[0].".php"); $code=($numbers[0] * 16777216) + ($numbers[1] * 65536) + ($numbers[2] * 256) + ($numbers[3]); foreach($ranges as $key => $value){ if($key<=$code){ if($ranges[$key][0]>=$code){$country=$ranges[$key][1];break;} } } if ($country==""){$country="unkown";} return $country; } ?> tweaked version of the one at http://www.phptutorial.info/iptocountry/the_script.html#basic however only gets two letters identifying the country.

To check if a text box is empty... if ($_POST['textboxname'] == NULL){ //if nothing is entered or only a zero is entered echo "error missing field you noob"; }else{ //rest of code } and to check if a text box has something inside it... if (strip_tags($_POST['textboxname'])){ //if textboxname has a value entered //code }

Hehe lol. Quite simple actually. Okay first create a page. something like popup.php Now go back to your original calendar page, and and this hyperlink to the date text things on the calendar... <a href="popUp('popup.php?date=datevariablehereinphp')">date var here</a> then somewhere near the top of the page add this code... <script language="JavaScript"> <!-- Idea by: Nic Wolfe --> <!-- This script and many more are available free online at --> <!-- The JavaScript Source!! http://javascript.internet.com --> <!-- Begin function popUp(URL) { day = new Date(); id = day.getTime(); eval("page" + id + " = window.open(URL, '" + id + "', 'toolbar=0,scrollbars=1,location=0,statusbar=0,menubar=0,resizable=0,width=500,height=500,left = 262,top = 134');"); } // End --> </script> Code is from http://javascript.internet.com/generators/popup-window.html On your popup.php page you need to try to get a $_GET['date'] thing, process it and then etc etc show some information and events. Hope it helped. P.s. codes may need a little tweaking and im not sure if the link example willl work hundred percent.

You could. I see no problem with that really. I actually prefer using 1 login and 1 logout page instead of a seperate login for admins. However it depends on what Im making. If i was making a game i would make the admin only able to login from the same login as members use. If however i was making a more professional website (e.g. hosting) i would make admin login seperate. I guess its to od with security and being professional ;p

hes remaking it.

Okay theres 2 things you can do.... 1). Convert the characters into friendly characters like in Pokemon ??? $string= htmlentities($_POST['nameofinputortextarea']); 2). Use this... $string= str_replace("\"", "", $_POST['something']); $string= stripslashes($string); //then repeat for ' character I would recommend the first one as its shorter and easier and hassle free.

First <form action="anotherpage.php" method="POST"> FORM STUFF HERE </form> Second No idea what you mean. Please rephrase. Third I don't know what it is your trying to exactly do. Needs more explaining.

Got a temporarily unavailable thingy

On demo version... Full path disclosure: http://demoadmin.phpadddict.com/index.php?prc=' happens when u type an invalid value for prc More Full Path Disclosure: Notice: Undefined index: \\\' in /home/phpadd/public_html/demoadmin/processors/lmvc_Processor_registerReference.php on line 120 http://demoadmin.phpadddict.com/index.php?prc=registerReference Happened when I typed the character ' into the value id box.

cant really find any flaws apart from login system which u said u havnt mentioned havnt protected

Hi everyone. I made a battle system and it needs testing (took me about 2 hours to do ). Its quite simple and uses functions. Heres the link... http://www.ragingmortals.com/engine/index.php Need to test sql injection and other stuff to see if everything works AOK Thanks

put echo "$start $finish"; in your function not outside it and tell me results plz.

A simple way to secure youself is when ur getting your $_POST data... 1). Assign them to variables E.G: $email= $_POST['email']; 2). Use html entities (one of the many ways to secure yourself) E.G: $email= htmlentities($email); // can be assigned again on another line after the first bit of code There are lots of ways. To use mysql_real_escape_string just do this... $email= mysql_real_escape_string($email); --------------------------------------- Also on your sent.php page you have to check whether the person has even entered information on the form or whether they have just gone to sent.php on the url bar. If you need any more info on how to do atht i will be glad to help.