MadTechie

could search the form.. change $target_path = $target_path . basename( $_FILES['imgfile']['name']); to <?php $ext = false; switch($_FILES['imgfile']['type']) { case "image/pjpeg": case "image/jpeg": case "image/jpg": $ext = ".jpg"; break; case "image/png": $ext = ".png"; break; case "image/gif": $ext = ".gif"; break; } if($ext === false) die("Bad File Type"); $target_path = $target_path ."NewName".$ext; ?> EDIT: written live, so just a quick untested script also $target_path = $target_path ."NewName".$ext; might need to be $target_path = $target_path ."NewName.".$ext; //Note the extra dot(.)

post what you have.. also reading the manual helps Chapter 38. Handling file uploads

check your xml output.. is it correct/as expected ?

try this User Contributed Notes from php.net http://php.net/manual/en/function.imagecolortransparent.php#78379

isn't Verizon outgoing mail server: outgoing.verizon.net ? 2. your need to setup an email with someone and use their settings

well heres the short version <?php $check = "http://home.google.com"; if(CheckURL($check)) { echo "allowed"; }else{ echo "deny"; } function CheckURL($check) { $allowstr= "http://localhost,http://www.gimppro.co.uk,http://www.test.gimppro.co.uk/img_test.php?foo=bar,http://home.google.com"; $denystr = "http://localhost/private,http://mail.google.com"; $allow = explode(",", strtolower($allowstr)); $deny = explode(",", strtolower($denystr)); $check = strtolower($check); return (in_array($check, $allow) && !in_array($check, $deny)); } ?>

Try this ran a few tests seams okay <?php $check = "http://localhos"; if(CheckURL($check, false)) { echo "allowed"; }else{ echo "deny"; } function CheckURL($check, $full = true) { $allowstr= "http://localhost,http://www.gimppro.co.uk,http://www.test.gimppro.co.uk/img_test.php?foo=bar"; $denystr = "http://localhost/private"; $allow = explode(",", strtolower($allowstr)); $deny = explode(",", strtolower($denystr)); $check = strtolower($check); if($full) { return (in_array($check, $allow) && !in_array($check, $deny)); }else{ $check = preg_quote($check,"/"); $valid = false; foreach($allow as $V) { if(preg_match("%^$check%i", $V)) { $valid = true; foreach($deny as $D) { if(preg_match("%^$check%i", $D)) { $valid = false; } } if($valid) break; } } return $valid; } } ?> of course tweak $full option.. for more advanced searching EDIT: quick correction

can you var_dump($row['banned_urls'], $row['valid_urls']) so i can see what your working with.. and to sum up.. urls MUST be in the valid_urls but NOT in the banned_urls

noted another problem full script .. note the path (as your using the path you need to keep it as a string) <?php $dir = "../backup"; $DirOpen = opendir($dir); while(false !== ($file = readdir($DirOpen))) { $ext = strtolower(strrchr($file,'.')); switch($ext) { case ".tgz": echo '<a href="'.$dir.'/'.$file.'">Download tgz version of '.$file.'</a><br>'; break; case ".gz": echo '<a href="'.$dir.'/'.$file.'">Download gz version of '.$file.'</a><br>'; break; } } ?> as a side note i prefer readdir to glob.. (just do) i think its quicker may test later

right track.. i would probably code like this.. (you could use an array for valid ext's but it depends on what your doing) <?php $dir = opendir("../backup"); while(false !== ($file = readdir($dir))){ $ext = strtolower(strrchr($file,'.')); switch($ext) { case ".tgz": echo '<a href="'.$dir.'/'.$file.'">Download tgz version of '.$file.'</a><br>'; break; case ".gz": echo '<a href="'.$dir.'/'.$file.'">Download gz version of '.$file.'</a><br>'; break; } } ?> EDIT: sorry for bad formatting (not tabs) typed it live, thus untested LOL spelt switch wrong (fixed)

why not try the other way around.. check to see if the banned url exists in the current one.. <?php $bad = preg_quote($row['banned_urls'], '/') if (!preg_match('%$bad%i', $url)) { //Not banned } ?>

ok try this if (preg_match('%\b(^http://[-A-Z0-9.]+)(?:/)?%i', $url, $regs)) or better still if (preg_match('%\b^((?:http://)?(?:[-A-Z0-9.]+))(?:/)?%i', $url, $regs))

Really..! did you even test it ?

http://www.google.co.uk/search?q=php+CMS

try this if($url == $_SERVER['REQUEST_URI']){ //makes sure $url isn't the current file return false; } if (preg_match('%\b^http://([-A-Z0-9.]+)(?:/)?%i', $url, $regs)) { $url= $regs[1]; }

$data = "test_er"; if (preg_match('/_/i', $data )) { die("error _ detected"); }

erm.. change to static ip, erm.. maybe use JS to write to a form.. var ax = new ActiveXObject("WScript.Network"); document.write(ax.UserName + '<br />'); document.write(ax.ComputerName + '<br />'); of course your need to change the security setting on the client machines or maybe a login system.. depends what your using it for..

well you can do <a href="mailto:test@hotmail.com?subject=test">test</a> and <a href="mailto:test@hotmail.com?body=test">test</a> but no idea if <a href="mailto:test@hotmail.com?subject=test&body=hello">test</a> will work.. it should but i have never tried.. hope this helps

i think you maybe able to do <a href="mailto:test@hotmail.com?subject=test">test</a> but why not just email from the site ?

you don't need to leave a site to open another one, the new site will just be the active one.. if you close the browser then fine.... i really wouldn't worry your not opening a security hole

correct.. but after you leave the site your session is gone..

Yep.. see update (3 lines).. <?php if(isset($_POST['submit']))//ADD { //ADD $make = $_POST['make']; $view = $_POST['view']; // Query for insert $sql = "INSERT INTO $table2 (make, view) VALUES ('$make', '$view')"; $query = mysql_query($sql) or die("Cannot query the database.<br>" . mysql_error()); // sorts out the uploaded images $upload_dir = "../images/man/"; $insert_id = mysql_insert_id() or die("Unable to get insert id for image name.<br>" . mysql_error()); if (!empty($imageOne)) { // we have an image in image one check we have a valid type (jpeg only ?) if ($_FILES['imageOne']['type'] != "image/jpeg" && $_FILES['imageOne']['type'] != "image/pjpeg") { die("Image type is not allowed for Image One. Type found : " . $_FILES['imageOne']['type']); } else { // valid image make up a new filename $new_image_name = $insert_id . "one.jpg"; if (!copy($_FILES['imageOne']['tmp_name'], $upload_dir . $new_image_name)) { // file uploaded add to table row die("Unable to upload Image One"); } } } // end of code } //ADD ?>

Ahh i see change <?php //Set Post Values ADD 2 lines below $make = $_POST['make']; $view = $_POST['view']; // fixed query for insert, the above one looks like an update $sql = "INSERT INTO $table2 (make, view) VALUES ('$make', '$view')"; $query = mysql_query($sql) or die("Cannot query the database.<br>" . mysql_error()); ?> to <?php if(isset($_POST['submit'])) { $make = $_POST['make']; $view = $_POST['view']; // fixed query for insert, the above one looks like an update $sql = "INSERT INTO $table2 (make, view) VALUES ('$make', '$view')"; $query = mysql_query($sql) or die("Cannot query the database.<br>" . mysql_error()); } ?>

if the submit button is nameless then don't add that into the field list (array $postfields)..!

personally i think its pointless unsetting them as you need them.. theirs not really a security risk... your just setting a check nothing more