Wireless102

here is another add-on basically for me to test. It tracks users on this page, and on any page that image is displayed. I will post it here to test my monitor, make sure it is working good with a lot of hits on it.

I have fixed all these things except the ascii chars in the chat i will probably do that when i change the chat log to xml format I disabled the username "Array", but array would be fine. i dont see any problem with the string "array", but i guess "Array" could cause a problem somewhere

I have installed a demo version of the software, to test the software all Click Here and login. No email address is required. There have been a lot of updates to the software in the last few days. as soon as i get to a point where i can confirm that it is a stable version i will be letting users download a free version (not a trial version) to install on there own server. It is working pretty good from i can tell now, it still needs some polish on the user interfaces. and on the way it handles transcripts.

XSS on the step #2 select

if you catch me online (at http://www.nixme.com ) click the live chat button and i got a username and pass for you to use the main account so i dont have to keep uploading files to different dirs every time

I have fixed the options page(still not uploaded it to your dir) but in doing so i have changed a lot of the way it is protecting it. now i have got to go back and change a lot of the pages... atleast it works better now :-\

take a look at the options page again, i added a few more checks to it i will go look at these other issues

Ok, i just took care of those issues.

when you get back on the site, do another full install. I updated part of the database, fixed the chat char problem, added the "Offline Messages" section so you can see the messages that were left while you were offline, inside the message center you can send them a reply from the admin area or delete the message it will also alert you when there is new messages on the header added an option onto the admin chat window to let you know if the client closes his chat window

it was the |

and while i was doing that i have managed to overwrite a file that i added a couple of new classes to, so now i get to rewrite those...

ok, thats what i was saying before it crashed. about half way into it i was wishing i was using xml instead. i might go back and change it it use xml now

what char was you typing in, it killed both installs when you are in a session

well i managed to kill our chat session by uploading a file that killed it, i am changing it all back now

K got that one as well, I am going to change all these errors display after the page gets loaded so that it does not look like the page is messed up.

I have sent all the new files to your install, there are a lot of changes in the monitor and how the chat window is displayed. from what i can tell the referrers problem is now fixed

ok, i am working on the monitor-new.php page now, so i will fix that while i am here. changing how the chat window is displayed.

i had not updated the stock files, just the ones under b_testing3. i updated the ones on the new account you created and the stock files.

same goes for the departments section

When you get a sec go over the administrators and char reps sections, see if you can find anything on them 2 i changed the usernames also you will have to remove the "_" from your username to login

while this will not fix it all, it will get some of it <?php foreach ($_GET as $sVar => $xValue) { $_GET[$sVar] = addslashes(strip_tags(str_replace('\0', '', $xValue))); } foreach ($_POST as $sVar => $xValue) { $_POST[$sVar] = addslashes(strip_tags(str_replace('\0', '', $xValue))); } foreach ($_COOKIE as $sVar => $xValue) { $_COOKIE[$sVar] = addslashes(strip_tags(str_replace('\0', '', $xValue))); } ?> the best thing to do, that i have found, is only allow what you expect to hear from the $_GET's and such use regular expressions to filter out what you don't want there. I found that code somewhere, i didn't write it. It gave me the idea of how to clear all the XSS out of my project. I am currently rewriting alot of my pages to only allow what i expect to hear get to them. everything else will be ignored. for the file errors find out why it cant open the file, is the file there? is the permissions set right? you can use a @ to not display errors on some calls

well the chatreps.php page looks a little better but when you go to there details and they have non letters or numbers in there name you get an error, gonna have to start filtering better... ??? ???

k i just took the errors out to see what the real problem is

it was a few minutes ago probably the same thing

Yea im gonna have to change all the errors to represent what the problem is instead of 1 generic error. it just added that error in, it was giving the mysql_error and full path