rcorlew

It is a psambot and won't show an ip address persay. Try setting a total number of submits in 24 hrs to 1 by $_SESSION like if(empty($_SESSION['submit'])) { $_SESSION['submit'] = 1;} if(isset($submit)) { $_SESSION['submit']++;} if($_SESSION['submit'] > 2) {die;} Something like that should work

I only index my id field which is set to int anyway. Makes for quicker queries I think since it is always unique.

Need more of the script, are you posting to it to create the message? Your message seems not to be defined. That is why I ask. Try this and let me know. <?php //define the receiver of the email $to = 'youraddress@example.com'; //define the subject of the email $subject = 'Test HTML email'; //create a boundary string. It must be unique //so we use the MD5 algorithm to generate a random hash $random_hash = md5(date('r', time())); //define the headers we want passed. Note that they are separated with \r\n $headers = "From: webmaster@example.com\r\nReply-To: webmaster@example.com"; //add boundary string and mime type specification $headers .= "\r\nContent-Type: multipart/alternative; boundary=\"PHP-alt-".$random_hash."\""; //define the body of the message. //ob_start(); //Turn on output buffering $message = "<h1>My message</h1><p align='center'>This is an html message</p>"; //copy current buffer contents into $message variable and delete current output buffer //$message = ob_get_clean(); //send the email $mail_sent = @mail( $to, $subject, $message, $headers ); //if the message is sent successfully print "Mail sent". Otherwise print "Mail failed" echo $mail_sent ? "Mail sent" : "Mail failed"; ?>

I think you need this if (strlen($_POST['first']) =< 1) { } Which would not make it greater than 2

Things I have learnt from 14 years of marriage with my wife: 1. Run all comments through a foreach loop and use stripinsult() 2. When they say we should be caught up at the end of this month they really mean year 3. Women are capable of doing 17 things at once! 4. Women do not appreciate piddling around, men do 5. Without women we would probably not shower, shave, or stay on any kind of regular schedule, we might even wear our favorite sweater 5 days in a row if we want to

Sorry I got sidetracked in my post. The reason most websites don't validate is because designers tend to use wysiwyg editors that skew the code and do not indent and tab all the code to make it flow and therefore easier to validate. My point with Frontpage was just that, it renders pages for IE, and since most large sites are driven by datasystems that are MicroSoft-centrc, it only makes cense that is why people use Frontpage. My company is on an Intranet, no other choice but Microsft-Centric applications, so I know the code is no where near valid. Personally I use notepad for html and css, and it validates everytime(except for those long url's and links) while I am working outside of my job.

One of the reasons that IE doesn't work like other browsers is because Microsoft saw the internet as more or less an extension to thier Office adn Explorer. IE was just an interface to send and receive data to servers. Microsoft was working under the impression that most internet users used it more for informational purposes than display/interactivity purposes. I did hear however that MS is dropping Frontpage altogether and is instead going to use Dreamweaver in it's future versions of Office. I do beleive that MS has seen the light in regards to the whole e-world and is adapting, although be it slowly. MS intended IE to be used by people who want to send receive data, which it does. It will remain in use for many years to come since most companies are Microsoft-Centric in their data systems that they cannot afford to do anything else. I know that my company uses all MS products, Frontpage, Exchange Server Access along with WOrd and Excel. The all communicate to the servers to get theif information through IE and that is more or less what IE was intended to do. It would not be wise at all to write code that only works in 60-70% of the browsers. So you have to ensure that at least it works well in Firefox and Opera. Since the later two are based on gecko and mozilla they would ensure a fairly reasable likeness to all the other browsers.

Just a few small suggestions. 1. Move the search box off the header image and over the news/blog style column. It sort of looks out of place up there. 2. Move the "about us" link bar just above the header maybe a white color right aligned would look nice. I do like your framework and would be interested in taking a look in the future when you are finished with the blog and other features.

I would suggest getting rid of the blue on blue on blue theme. Add some contrasting colors, three is always a good number. I would also recomend using a different type of navigation hint other than a baloon tip, use a plus sign that when clicked expands the links.

I have set up an account for testing. user/pass is test/test Just please no cussing or spamming, but please do post away and try out the message function. Any suggestions bring them my way please.

I really dislike sites aligned right. You should center it on the page.

When you read up on sql inection you will find that people will submit almost anything into any input type fields they can in order to produce errors. Since you are using or die(mysql_error()); at the end of your queries you show what types of errors are coming up. You should also use this at the top of every page that is publicly visible: <?php error_reporting(0); ini_set('register_globals', 0); ?> You should not be needing to register globals if you write your scripts right. You should also hide error information in your php. Once an error is printed to the user they have your directory tree and username on the server. That is the information that a hacker needs to get your sessions in order to retreive passwords and other various sensitive information. SQL injectection can allow hackers to insert code into your db that allows them to get cookie information from users and table/column information from the server itself. You may have no idea that you have been hacked until it is way too late. I was doing some homework on sql incetion and xss and found that they will insert java as part of a regular for input which is loaded next time the information is viewed and executed by the users computer who more than likely will be an authenticated user and have a real name and pass word which is then mailed to a dead drop email address and then that is all she worte for your data security. bottom line = sql inection very bad not filtering inputs really really really bad, the two together will definatley get you hacked sooner orlater.

Here is the punchlist I have made for this project and where I am thanks to suggestions from you all: Things are complete: 1: Create a normalized DB to make querying easier 2: Secure site by filtering out bad and malicious input a: changed the way pages error out when certain things are detected b: still need to create a function to allow most html input 3: Secure site by changing default settings of sessions and cookies 4: Allow more expression of thought by implementing limited bbcode 5: Create a secure method of allowing passwords to be reset after a certain number of bad login attempts Things to do: 1: Finish wysiwyg style editor much like we have here at phpfreaks for user input 2: Create function to allow most direct html input into forum 3: Install my custom cussing filter that is already in use on another site(get done by Easter) 4: About a million other things that are going to be asked for when this site goes live Thanks for the suggestions, unlike some of the people here, I am actually using them to make my sites they best they can be.

I fixed that, I hate debugging.

I suppose that the things that I am trying to filter is simply inserting javascript or embedding dhtml. I would really like users to be able to format what they say any way they would like, including posting links and the like. I am not trying to limit expression, merely make my site more secure. If I use strip tags, then the post would not be formatted. I am getting ready to to create a function that will automatically change html to bbcode while posting. Then I will compare a preg_match to the types of xss that I am trying to filter out. I really do appreciate the advice, it is pushing me to develope my skills which is a good thing.

I just turned the html ban back on, but installed bb code support. I also changed the way that the html ban works, it does not kill the script but does something totally different. I think that should handle that aspect of it.

I think that the header should be rearranged a little. Look at what I have done for a suggestion for you. Notice how I took what you had and just budged it around some.

Ok I changed the error for input strings and turned off the spam checking which kept someone from posting html, I suppose that since I log everything and can suspend users and delete posts, that should be ok to let users input html, I will work on a good filter to let them only insert images, links and text formatting, that will take me a little while, any suggestions on how to approach that would be greatly appreciated. I also changed it so now any line returns in the input field while posting will remain when the post has viewed. Thank you for all your help and keep the good advice coming.

That is designed to do that, if certain items are input into the url, the script dies at the top beofre anything else happens. I am trying to stop XSS, and that is the best way I have found to filter out embedding code.

oops... http://www.corlewland.com/church/forum.php sorry.

I have set up the final part of a site that I have been working on for a while now. I just finished "almost" the forum for it and was hoping you could test it and let me know of any kind of holes are flaws. I have not installed the cussing filter, but I do have one already opperational on another part of the site, so please if you would like, keep it free of searing and stuff like that. This is my first project of this nature so any constructive critism and teaching is very appreciated. Thanks

Ok I fixed the rollover effect in the link bar, check it now plz.

WOW, that would concernn me, but webhosts are like cough medicine, you know you need them but there are some definate downsides to them too.

Ok could someone else comment?? I changed quite a few things and added a forum. I was wondering if anyone else had an opinion?

You fixed it and it looks nice, one question though, why are you passing the session id as a querystring?