MadTechie

Yeah.. their isn't a function called escape_data it must your own function that you haven't included.

LOL.. your get used to it.. just takes a little time $sql = "SELECT * FROM customertable WHERE state='$state' "; will find all that have the same state that you posted without the WHERE state='$state' it will show all PS i am happy to help if you want to learn..

So $map is infect "surf_" and NOT 'surf_#crypepsi' your need to use urlencode before passing it via the URL

okay I'll give you a kick in the right direction Your need to open a connection to the database, then query the table, then display the results here is a basic example (untested) <?php $state = $_POST['state']; //OPEN CONNECTION //UPDATE to correct username and password for your database $conn = mysql_connect("localhost", "mysql_user", "mysql_password"); if (!$conn) { echo "Unable to connect to DB: " . mysql_error(); exit; } if (!mysql_select_db("database1")) { echo "Unable to select database1: " . mysql_error(); exit; } //QUERY database //select every field, in customertable that has the state selected $sql = "SELECT * FROM customertable WHERE state='$state' "; $result = mysql_query($sql); if (!$result) { echo "Could not successfully run query ($sql) from DB: " . mysql_error(); exit; } if (mysql_num_rows($result) == 0) { echo "No rows found, nothing to print so am exiting"; exit; } //DISPLAY results while ($row = mysql_fetch_assoc($result)) { echo $row["firstname"]; echo " "; //space echo $row["lastname"]; //add others echo "<BR />"; } I hope that gets you started

1. Define, "doesn't work" 2. are you sure $map is set ? how are you setting ?

Your very welcome , I'm glade I could help

as its reading from the server path a rewrite won't apply, maybe use a symbolic link instead //1. remove the articleimages folder symlink('/admin/modules/module/images', 'path-containing-articleimages/articleimages');

Welcome you just needed the capture () really

try thus RewriteRule articleimages/(.*$) /admin/modules/module/images/$1 is /admin/modules/module/images in the public domain ?

I would have a static salt for the site (stored in a PHP file) and in the database have a random salt, as mattal999 said This make the cracking harder as they need to get both salts and the hash, (so they will need more than just DB access) how you concatenate them is up to you, you could prefix the site salt and append the users salt, you could append or prefix them both, you could prefix the first half of both of them and append the second half of both of them.. you could MD5 the one of both of the salts and append/prefix it list goes on! of course whatever method used need to be repeated to match the hash, So you could do all this in SQL ie[untested] $password = mysql_real_escape_string($_POST['pass']); mysql_quey("SELECT UserID FROM Users where MD5(CONCAT(`dbSalt`,'$password', '$siteSalt')) = `dbPassword`");

In part your right but overall you are wrong, When it comes to brute force if the cracker has all parts to rebuilt the password then having random salts won't help (too much) however, brute force is the longest attack method, rainbow attacks are quicker as they are pre-calculated hashes, so if you don't have a different salt for each user then a rainbow table can be built using the static salt and then that could be used on ALL users passwords.. but having a random salt it renders rainbow tables ineffective, as your need to create a new rainbow table for each user this proves ineffective thus your only real option is to use a brute force which is slower! So to sum up Clear text = 0 crack time MD5 (no salt) = rainbow table attack MD5 (with static salt) = Build custom rainbow table using static salt + rainbow table attack MD5 (with dynamic salt) = Brute force and considering brute force takes the longest of all of them it would suggest that

Really.. you could use the same logic for storing as plain text passwords! So when your website exposes all the passwords on a single sweep mine will require a lot more effort, I wonder who's users will feel more secure ? Don't get me me wrong I do get your logic but I disagree that its pointless...

check for SQL errors, change $result = mysql_query("SELECT passwd FROM members WHERE login='$username'"); to $result = mysql_query("SELECT passwd FROM members WHERE login='$username'") or die(mysql_error()); other than that check the use does exist! also MD5 isn't going to help much when anyone can change anyone elses password read up on mysql_real_escape_string

To follow on from teamatomic post, as your counting from readdir your need to expect the . and .. file nodes so update if(count($file) > 0) { to if(count($file) > 2) {

If its limited to ;echo then the above two post are correct however here's some other options to cover a wider range quick and dirty fix //replace all ; at the start of a line with nothing $text= preg_replace('/^;/m', '', $text); or //replace all ; that follow a ; or { $text= preg_replace('/([{;]\s*);/m', '\1', $text); both should work!

as the error says you can't copy a directory.. so you need to copy the files inside try something like this $dir = "/from/folder/"; $dirto = "/to/folder/"; if (is_dir($dir)) { if ($dh = opendir($dir)) { while (($file = readdir($dh)) !== false) { if($file == "."||$file == "..") continue; copy($dir.$file, $dirto.$file); } closedir($dh); } }

It would seam that $this->swfdir has a value of . and that would suggest the current folder your script its running from, so as sasa said, your trying to open a file that doesn't exist, (that the location you provided) making the assumption the game is in the /home/games4w/public_html/games/swf folder try something like this this 430: $this->swfdir = dirname(__FILE__)."/swf"; //set path to this fiels path + swf $gameFile = $this->swfdir."/".$game['game_swf']; //build game file path if(file_exists($gameFile )){ //check exists list($imagewidth, $imageheight, $itype, $iattr, $imime) = getimagesize($gameFile); //get height/width }else{ die("$gameFile: not found"); //error report }

I assume you mean something like this echo "<b> THE MOTOR DRIVING LICENSE <b>"; echo "<img src = 'image.php' />"; //pic.jpg is an image at server <?php $connection = mysql_connect("localhost","xxxx","xxxx"); mysql_connect_db("xxxxx",$connection); header("Content-type: image/jpg"); $result = mysql_query("select image from license"); $rowdata = mysql_fetch_array($result); echo $rowdata['image']; //browser displays random charactes instead of image ?> Of course your probably want to pass a value via get (the url) to the image script to allow the database to pick up the correct image

What your doing makes no sence! is this an image or HTML ?

Agreed, the Security Question was added to stop bots, so if you want to use a bot then your need to add a script to the sites you wish to use the bot on, other than that.. i won't help either Oooow you got a link for on of these ?? (just kidding)

Welcome, can you click the "Mark SOLVED" button bottom left (saved others coming to help out on a solved topic, you can also unsolve it if needed)

Was close, but try this <?php header("Location: $cuidnumber.html"); ?>

instead of using fopen and filesize, use file_get_content, as for using a variable inside.. may i suggest a little different approach, Just say welcome.php or welcome.html was a template and you had you could then use str_replace, for example $template = file_get_contents('welcome.html'); $data = str_replace("%User%", $User, $template); $data = str_replace("%FullName%", "$FirstName $LastName", $data); mail($to,$data , etc...) Hope that helps EDIT: lol I'm a little slow today!

looks fine, test it by echo'ing the variables, (is the include pointing to the correct path ?)

Well written gamblor01, ~Cougths~@Typo should be if ($id !=2 && $id !=5)