MadTechie

Nothing springs to mind, the logs will show that index.php is being used a lot, but thats about all!

see my last post it has basic example

This is the very reason people should look at security from the start instead of right at the end.. In any case, any file that you need to open from the browser side will need to be in the public folder.. HOWEVER.. you could use the same trick as above, for example admin/file1.php doesn't exist.. but it could if you create the admin folder and added a file called admin/file1.php containing <?php require '../../hidden/admin/file1.php'; ?> that would also work. BUT as your application hasn't be designed with this in mind, it may get very messy A better approach would be to have a main control file, that opens each page ie (basic example) <?php $valid = array("Home","Admin","Profile","etc"); if(isset($_GET['Page']) && in_array($_GET['Page'],$valid)) { include "../Hidden/".$_GET['Page']".php" } ?>

Some more http://bid4tackle.com/stats/ <-- nice states http://bid4tackle.com/admin/test.php <-- may want to remove this More error reporting still but if your like me, your want to fix and not just hide them http://bid4tackle.com/view_full_size.php http://bid4tackle.com/sellers_othersitem.php?seller_id=23

Ken2k7, do you read the posts in the thread or just the first one!

Just add a blank one at the top <option value=""></option>"; is neither are selected then its the default You could do this in a case statement but its only 2 options this or that! so if seams better of course you could do this <option value="" <?php echo ($row_rstocdetail['pol_mortgage']="")?"selected=\"selected\"":"";?>></option>" <option value="Y" <?php echo ($row_rstocdetail['pol_mortgage']="Y")?"selected=\"selected\"":"";?>>YES</option>"; <option value="N" <?php echo ($row_rstocdetail['pol_mortgage']="N")?"selected=\"selected\"":"";?>>NO</option>" <option value="M" <?php echo ($row_rstocdetail['pol_mortgage']="M")?"selected=\"selected\"":"";?>>MayBe</option>"

No your psychotic!!

you may want to turn off error reporting Advanced search price from and to Set txtpricedfrom or txtpricedto to \" or ' Also I'm not sure if this is a test server or what but if you using it for payments then your server needs upgrading for example Your server is using SSL 2.0.. upgrade to 3 as 2.0 is weak, here a PDF paper for more info Also it wouldn't hurt to update PHP to the latest as well signin.php the password field allows auto complete that's not generally recommended Add: AUTOCOMPLETE="off"

LOL, typical.. CV says what were all thinking.. either that or chmpdog is just a troll

is the field 'pol_mortgage' or 'mortgage' ? heres two options <select size="1" name="pol_mortgage" tabindex="32" class="form-inputitem"></option> <?php if(strtolower($row_rstocdetail['pol_mortgage'])=="y") { echo "<option value=\"Y\" selected=\"selected\">YES</option>"; echo "<option value=\"N\">NO</option>"; }else{ echo "<option value=\"Y\">YES</option>"; echo "<option value=\"N\" selected=\"selected\">NO</option>"; } ?> </select> OR <select size="1" name="pol_mortgage" tabindex="32" class="form-inputitem"></option> <select size="1" name="pol_mortgage" tabindex="32" class="form-inputitem"></option> <?php $sel = (strtolower($row_rstocdetail['pol_mortgage'])=="y") ?> <option value="Y" <?php echo ($sel)?"selected=\"selected\"":"";?>>YES</option>"; <option value="N" <?php echo (!$sel)?"selected=\"selected\"":"";?>>NO</option>"; </select> ?>

<?php $answ = ($row_rstocdetail['pol_mortgage']=="y")?"YES":"NO"; ?> EDIT: question.. What are you trying to do ?

The ClearMyTracksByProcess is IE7+ but the command line should work! of course if the files are stored elsewhere then it won't work but try this as a batch file echo off RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 8 del "%USERPROFILE%\Local Settings\Temporary Internet Files\" /S /F /Q RD "%USERPROFILE%\Local Settings\Temporary Internet Files\Content.IE5\" /S /Q MD "%USERPROFILE%\Local Settings\Temporary Internet Files\Content.IE5"

Mc D's maybe a little advanced, I got a burger and had to complain as the cheese was on the bottom with no bottom bun! The guy said "sorry, that guy is new" I mean WTF.. its a burger !

Personally i use document.getElementsByID('test').getAttribute('myattribute'); so try var pg = $(this).getAttribute('myattribute');

Your need to updated the control level from the system as user account as well so it only really working if you have full access, if you don't have a full access your need to use another services API

shouldn't url: "/tempsite/index.php/" + pg + "/", be url: "/tempsite/index.php?pg=/" + pg + "/", or if the PHP uses the POST then pg should be in data ie data: "ajax=1&nohref=1&pg="+pg,

change the file with the php code from .html to .php

you need to open it in a file with the correct header ie <?php $data = file_get_contents("myImage.jpg"); //get the images data (from database or whatever) header('Content-Type: image/jpeg'); //Set header echo $data; ?> Okay when you open that file it will display the image! EDIT: this should be it OWN file.. to display it in a html page just call the php script above as if it was the image heres another example myimage.php <?php $data = file_get_contents($_GET['file']); //get the images data (from database or whatever) header('Content-Type: image/jpeg'); //Set header echo $data; ?> in the HTML i would do this <img src="myimage.php?file=theImage.jpg"> *these are just for an example*

Try this RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 8 del "%USERPROFILE%\Local Settings\Temporary Internet Files\" /S /F please note these are for Internet Explorer EDIT: codes for the first line (IE8 ) 255 (Deletes ALL History) 1 (Deletes History Only) 2 (Deletes Cookies Only) 8 (Deletes Temporary Internet Files Only) 16 (Deletes Form Data Only) 32 (Deletes Password History Only)

If you ONLY have two types then just don't include the type in the WHERE clause, if you have more than 2 type and want to limit the results just to those 2 then try this $name = "xyz"; $SQL = sprintf("SELECT * FROM db WHERE name LIKE '%s' AND (`type`= 'Game' OR `type`='Movie') ORDER BY name","%".mysql_real_escape_string($name)."%") Also this is the wrong place to post this, (i'll move it)

Okay i wrote a basic one and then added a few useful things instructions below Save this to a file called "Advert.class.php" <?php /** * SAC (Simple Adverts Class) * Usage: */ if (! defined("PHP_EOL")) { define("PHP_EOL", strtoupper(substr(PHP_OS, 0, 3) == "WIN") ? "\r\n" : "\n"); } class Adverts { protected $Ads = array(); protected $adFile = ""; public function __construct($adfile) { if(!file_exists($adfile)) trigger_error("Ad file not found!",E_USER_WARNING); $this->adFile = $adfile; $this->Ads = file($this->adFile); } /** * RemoveDups * This removes any duplicate Adverts */ public function RemoveDups() { array_unique($this->Ads);//Remove identcial Ads } public function removeAd($c) { unset($this->Ads[$c]); } /** * getAd Returns a Random Advert, is clear is set to true * the returned advert will be removed from the list */ public function getAd($clear=true) { $c = array_rand($this->Ads); $Ad = $this->Ads[$c]; if($clear) $this->removeAd($c); return $Ad; } } class AdvertControl extends Adverts { function __construct($adfile) { parent::__construct($adfile); } function addAd($NewAd="") { if(empty($NewAd)) trigger_error("Faild to Add Ad, (nothing to add)",E_USER_ERROR); $handle = fopen($this->adFile,"a"); fwrite($handle,$this->filter($NewAd).PHP_EOL); fclose($handle); } function updateAd($ID, $value) { $this->Ads[$ID] = $this->filter($value); } function filter($NewAd) { return str_replace(PHP_EOL,"",$NewAd); } function rebuildFile() { $handle = fopen($this->adFile,'w+'); foreach($this->Ads as $Ad) { fwrite($handle,$this->filter($Ad).PHP_EOL); } fclose($handle); } function adControl() { echo "<h1>Basic Controls</h1><br />"; if(isset($_GET['DeDup'])) { $this->RemoveDups(); $this->rebuildFile(); } if(isset($_GET['update'])) { $this->updateAd($_GET['update'], nl2br($_POST['Advert'])); $this->rebuildFile(); } if(isset($_GET['remove'])) { $this->removeAd($_GET['remove']); $this->rebuildFile(); } foreach($this->Ads as $K => $V) { echo "<a href=\"?remove=$K\">Remove<a>\t"; echo "<a href=\"?edit=$K\">Edit<a>\t"; if(isset($_GET['edit']) && $_GET['edit']==$K) { $this->EditAd($K,$V); }else{ echo "$V<br />\n<br />\n"; } } echo "Add Advert<br />\n"; $newAdID = count($this->Ads); $this->EditAd($newAdID,"New Advert"); echo "<br />"; echo "<a href=\"?DeDup=true\">Remove Duplicates from master file</a>"; } function EditAd($ID,$Ad) { echo "<form action=\"?update=$ID\" method=\"post\">"; echo "<textarea style=\"width: 600px; height: 150px;\" name=\"Advert\">"; echo htmlspecialchars($Ad,ENT_QUOTES); echo "</textarea>"; echo "<br />\n"; echo "<input type=\"submit\" name=\"Save\" value=\"Save\">"; echo "</form>"; } } ?> And this is a demo page <?php $adfile = "ads.txt"; //Add file require_once("Advert.class.php"); $Ad = New Adverts($adfile); /*when i save removes the ad i mean it won't appear on the page again!*/ echo $Ad->getAd(false); //Shows an Add BUT doesn't remove it (you probably won't use this) echo $Ad->getAd();//Shows an Add and removes echo $Ad->getAd();//Shows an Add and removes echo $Ad->getAd();//Shows an Add and removes echo $Ad->getAd();//Shows an Add and removes echo $Ad->getAd();//Shows an Add and removes echo $Ad->getAd();//Shows an Add and removes ?> Another page (basic admin) <?php /* some very basic controls (like add/edit/remove ad's) */ require_once("Advert.class.php"); $adfile = "ads.txt"; //Add file $Ad = New AdvertControl($adfile); //Add an advert //$Ad->addAd("Testing"); add a advert //Basic Admin control $Ad->adControl(); ?>

OOOOW keep your error logs out of the public folder...! i guess like this php_value error_log /home/hidden/logs/php_errors.log

When hidden/index.php is included PHP will include the file and parsa it as normal, but their is no URL path to the hidden/index.php

No Worries, I'm currently at work, but i'll write a quick version when i get home, along with some basic instructions,

thats correct but you must think on 2 levels, file level access and domain level access on file level this "/../hidden/index.php" will work but on a domain level www.mysite.com/ this is root So www.mysite.com/../hidden/index.php wouldn't work as you can't go back any lowe then root so www.mysite.com/../hidden/index.php is the same as www.mysite.com/hidden/index.php which will fail