MadTechie

PHP have all the command you have asked about, you could also use system() or exec() as for the reason, i suggest you look at the design of the system, as you could fix access problems via .htaccess and http.conf and filtering user input, i have a system that allowed public users to upload anything, without any problems, this includes users attempting to upload php scripts and trying to use them..

they will probably get a html file attached, personally i send a html with a plain text segment. so if they don't have html they get the plain text, and if they do have html they don't see the plain text!

sounds like its working correctly to me! whats the problem ?

So you think its a php.ini file problem because ? if you have a reason to think its a php.ini file problem you should know what you need to change!

okay so whats the problem ? what do you need help with ?

i would probably trim it down to something like this SELECT thread.threadid, post.title, thread.replycount, threadprefix, thread.dateline AS postdateline, thread.forumid, post.postid, pagetext, allowsmilie, thread.iconid AS threadiconid, FROM thread AS thread LEFT JOIN post AS post ON (post.postid = thread.firstpostid) LEFT JOIN postparsed AS postparsed ON(postparsed.postid = post.postid AND postparsed.styleid = -1 AND postparsed.languageid = -1) WHERE thread.forumid IN(4) GROUP BY post.postid ORDER BY thread.dateline DESC LIMIT 10; of course with out knowing the database setup this is more guess work! you can probably trim this down to 1 table (maybe with 1 join)

read the code for the forum and use the same sql query , or just look at the database table and create a query to do it!

try this http://www.devshed.com/c/a/PHP/Creating-a-Secure-PHP-Login-Script/ i googled EDIT: LOL discomatt beat me,

why whats wrong with it ? if you mean crack then your need to create a page on that site asking people to crack it, if you can't create a page becuase it not yours then your just one of those people who don't want to learn how to do things and just want the shortcuts in life.. and this site is for people who want to learn php, not cracking!

Ahh your time limit is also 30 seconds try this <?php set_time_limit(30); //reset timeout. //and reduce the timout on the socket $fp = @fsockopen($mHost, $mPort, $errno, $errstr, 20); //Connects to the mail server (wait a max of 20 seconds) set_time_limit(30); //reset timeout. again! ?>

Adding the @ caused a error 500 ? remove the @ and post all the errors.. as a surpressed warning shouldn't cause an error 500!

if your creating a log in mysql you could just add a timestamp, if your just creating files then your need to get the file from the folder and sort by creation date, then use the last 3, or create a textfile with the 3 filenames, adding the new one and removing the last one as for the last part of you question i am not sure what your asking.. try this example - untested (may work!) <?php $dir = "/uploaded/images/"; $theFile = array(); if (is_dir($dir)) { if ($dh = opendir($dir)) { while (($file = readdir($dh)) !== false) { $theFile[filectime($file)] = $file; } closedir($dh); } } ksort($theFile); //or krsort($theFile); echo $theFile[0]."<br>"; echo $theFile[1]."<br>"; echo $theFile[2]."<br>"; echo "<br><br>All files<pre>"; print_r($theFile); ?>

Okay by it doesn't work.." what do you mean ? the image doesn't upload the theirs no insert into the database a blank record is inserted the inserted data is wrong (if so how) it doesn't upload or insert! also change mysql_query($query); to mysql_query($query) or die("$query<br>".mysql_error()); for better debugging

untested but may help ( i don't use access much) also check the comments about level field (change to the correct field name) <?php session_start(); $_SESSION['username'] = @$_POST['username']; $_SESSION['pass'] = @$_POST['pass']; $username = $_POST['username']; $pass= $_POST['pass']; $conn = new COM('ADODB.Connection') or die('Could not make conn'); $rs = new COM('ADODB.Recordset') or die('Coult not make rs'); $connstring = "Provider=Microsoft.Jet.OLEDB.4.0; Data Source=c:\wamp\www\pro\employees.mdb"; $conn->Open($connstring); if (!$conn){ exit("Connection Failed: " . $conn); } //Add field Level $sql="SELECT Username, Password, Level FROM Details WHERE Username = '$username' AND Password= '$pass'"; $rs->Open($sql, $conn); $page = "index.php?error=Sign in error"; if($rs->EOF) { $_SESSION["error"] = "login Error as $username. " ; }else{ $_SESSION["auth"] = $username; $level = $rs->Fields['Level']->Value; //Field Level switch($level) { case "1": $page = "profile.php"; break; case "2": $page = "profile2.php"; // whatever break; } } // Relocate to the logged-in page header("Location: $page"); ?>

as i said it was breaking it up.. Little more detail needed, whats the error ?

shouldn't if (!$rs->EOF) be if ($rs->EOF) (no !) ?

break it up like this $tValue = ($value === null)?0:strlen(serialize($value)); $cache_hits[$cache_count] = array('k' => $key, 'd' => 'put', 's' => $tValue); but this would be better is_null $tValue = (is_null($value))?0:strlen(serialize($value)); $cache_hits[$cache_count] = array('k' => $key, 'd' => 'put', 's' => $tValue); finally try this $cache_hits[$cache_count] = array('k' => $key, 'd' => 'put', 's' => (is_null($value))?0:strlen(serialize($value)));

Other than the warning did it handle the failed connection okay ? also to hide the "warning" append a @ to it $fp = @fsockopen($mHost, $mPort, $errno, $errstr, 30); //Connects to the mail server (wait a max of 30 seconds)

i guess as its a redirect you would only really need to stop it pointing to other site in this case you could just use $redirect = str_replace("http://","",$_POST['redirect']); thus all injections will stay on your site.. off hand i can't see any harm.. i have no idea why you are using htmlspecialchars ???

Also can you not re-post problems from your other threads.. its classes as double posting

Forum has been updated (i think) that mod didn't get re-added, i guess its hard to find a PHP developer nowdays .. i am not sure why it hasn't been added back

$keyword = addslashes($_GET['keyword']); or better still $keyword = mysql_escape_string($_GET['keyword']);

add the \ to the quotes $display_block .= "<h1 class=\"title\">$title</h1><br /> $article <br /><br />Author:<br /><strong>$alias</strong><br /><br />"; //line 13 }

And what exactly is the problem?

as a side note have the - at the start or end otherwise it will try to create a range