logixxxx

Spam Controll - our .htaccess has a huge list of "un-trusted" websites/bots that will block access if they try to visit. There are also "hidden" textarea protections that protect agains bots. Skins - There are currently two skins. Default and Firebrick. However, there is an easy skinning engine that allows you to skin (or add skins) easily. Install - Takes around 2 minutes. You'll obviously have to know your MySQL settings, etc. It's pretty straight-forward.

Try deleting the .htaccess file. It's given some users problems like that.

Excellent question. I've been asked this before... One thing is our customized .htaccess file which blocks many spiders/offline browsers from accessing your blog which will minimize spam. Second, our WYSIWYG editor is much more "advanced(? is that the right word)" than WordPress' which allows for more "customized" postings. I'm trying to think of things I haven't posted before on this subject. You'll have to excuse me, I'm really tired from Soccer this week. Tommorow I'll post some more. ;-) How about this? I challenge you to download & install Horizon Blogging Software and use it (it doesn't have to be your primary blog), but just test it out. Then, you can have you're opinion on how you like it. It hopefully will be good.

I have to be the stupidest person ever. I forgot to include the installer for the v1 release. Opps! If you go to www.edgedrive.com and click download, you'll get an new download that will include the installer. Sorry about that!

Can anybody find any other XSS hacks?

All the links in the "demo" blog are working for me. If you're talking about "link 2, link 3", they are just there to show that you can edit it and have your own links.

teng84, what's that suppose to mean?

Really? Wow. We spent quite a time designing that. It's 99.9% CSS and uses around 1 image for an effect. What do you think should be tweaked? If you're interested, we do have a skinning engine that makes it easy to make a skin, if you are interested.

That's because it isn't a "real" website address. I'll get it so it requires it to have a TLD (ex. .com/.net) at the end of it so that won't happen. Otherwise, if you typed a real website address (such as google.com) you would be able to click it. Thanks though, I'll start working on it!

Awesome. I'll get the XSS fixed as soon as possible.

So, nobody has anything to say about it?

Edge Drive (ie. Me and some other people) have released Horizon Blogging Software version 1.0! Woot. In this release it contains some new features, a brand new skinning engine, & a totally new (and sexy?) administrative control panel. Well, I know a lot of you are DIE-HARD WordPress fans, but that's okay All I ask is for you to try Horizon Blogging Software for a few days, if you don't like it, make a suggestion! Download: SourceForge Demo Blog: Hosted at Daybreak Our Site: Edge Drive - logix

Howdy, We've set up a forum where you can report bugs, request features, etc. It's at http://www.edgedrive.com/forum.

Hmm, I'm using FireFox and they are working fine for me. Do you have javascript turned on?

Okay, I'll get one set up ASAP. A freshly installed one can be seen at http://www.whwh.biz.

Okay cool. Yea, thats something we're looking to have implemented soon. You guys can post bugs here or at Source Forge if you'd like. ;-)

Hmm. Well, the Edge Drive team has just released Horizon Blogging Software 1.0 beta build #1. It's a great piece of software because: > It's lightweight > Parts written in AJAX > Has a schexy default design > Awesome theming system > Etc. I know some of you may have tested this before, but, test it again. ;-) More information: http://edgedrive.com/ Download: http://downloads.sourceforge.net/hblogsoftware/hbs_1_b1.zip?use_mirror=superb-east&filesize=834866

Hello, how can I use a checkbox to delete multiple items with how I did this php? <form action=""><?php db(); $result = mysql_query("SELECT timestamp, id, title FROM " . $mysql["db_prefix"] . "main ORDER BY id DESC"); while($row = mysql_fetch_array($result)) { $date = date("l F d Y",$row['timestamp']); $id = $row['id']; $title = strip_tags(stripslashes($row['title'])); if (strlen($title) >= 50) { $title = substr($title, 0, 50); $title = $title . "..."; } echo " <input type=\"checkbox\" name=\"check\" value=\"\"> <b>$date</b> - <a href=\"editform.php?id=" . $id . "\">" . $title . "</a><br />"; } mysql_close(); ?> </form>

Thanks, clown. Worked. :-)

That's what I'm trying to do to write to my MySQL database. I'm working on an updater script, and that's all that isn't working. You shouldn't need anything else :-/ . $prefix . is hblog_

This isn't working $sql = "CREATE TABLE " . $prefix . "category (TINYINT DEFAULT 0 NOT NULL)";

Hey Ken... That didn't work :-( Here's the entire page code: <?php include("../inc/include.php"); ?> <?php include("password_protect.php"); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <link rel="stylesheet" href="acpstyle.css" type="text/css"/> <title>Horizon Control Panel</title> <style type="text/css"> <!-- .style1 { font-size: 16px; font-weight: bold; } .style3 {font-size: 14px} --> </style> <script language="javascript" type="text/javascript" src="../inc/tiny_mce/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> tinyMCE.init({ mode : "textareas", plugins : "emotions, style", theme_advanced_buttons3_add : "emotions, styleprops", }); </script> </head> <body background="img/background.gif" bgcolor="#259ce3" style="background-repeat:repeat-x"> <div id="wrapper"> <div align="center"><img src="img/top.gif" width="100%"><br /><img src="img/logo.gif" /> </div><br /> <br /> <div id="navigation"> <?php require("acp_nav.php"); ?> </div><br /><br /><div id="main"> <center><?php $current_month = date("F"); $current_date = date("d"); $current_year = date("Y"); $current_time = date("H:i"); ?> <form name="createArticle" method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>"> <p><strong><label for="month">Date: </label></strong> <select name="month" id="month"> <option value="<?php echo $current_month; ?>"><?php echo $current_month; ?></option> <option value="01">January</option> <option value="02">February</option> <option value="03">March</option> <option value="04">April</option> <option value="05">May</option> <option value="06">June</option> <option value="07">July</option> <option value="08">August</option> <option value="09">September</option> <option value="10">October</option> <option value="11">November</option> <option value="12">December</option> </select> <input type="text" name="date" id="date" size="2" value="<?php echo $current_date; ?>" /> <select name="year" id="year"> <option value="<?php echo $current_year; ?>"><?php echo $current_year; ?></option> <option value="2007">2007</option> <option value="2008">2008</option> <option value="2009">2008</option> <option value="2010">2010</option> </select> <strong><label for="time">Time: </label></strong> <input type="text" name="time" id="time" size="5" value="<?php echo $current_time; ?>" /></p> <p><strong><label for="title">Event: </label></strong> <input type="text" name="title" name="title" size="40" /></p> <p><textarea cols="80" rows="20" name="desc" id="desc"></textarea></p> <p><input type="submit" name="submit" id="submit" value="Submit"></p> </form> <?php if (isset($_POST['submit'])) { $month = htmlspecialchars(strip_tags($_POST['month'])); $date = htmlspecialchars(strip_tags($_POST['date'])); $year = htmlspecialchars(strip_tags($_POST['year'])); $time = htmlspecialchars(strip_tags($_POST['time'])); $title = htmlspecialchars(strip_tags($_POST['title'])); $desc = $_POST['desc']; $timestamp = strtotime($date); $desc = nl2br($desc); if (!get_magic_quotes_gpc()) { $title = addslashes($title); $desc = addslashes($desc); } db(); $sql = "INSERT INTO " . $mysql["db_prefix"] . "calevents VALUES ('', '$timestamp', '$title', '$desc')"; $result = mysql_query($sql) or print("Can't insert into table " . $mysql["db_prefix"] . "main<br />" . $sql . "<br />" . mysql_error()); if ($result != false) { print " <div style='width: 98%; background-color: #FFCACA; font-weight: bold; font-family: Verdana; font-size: 14px; padding: 5px; border: 1px dashed #FF0000;' align='center'><div align='center'>Your event has successfully been added!<br /><a href='index.php'>Admin Home</a> or <a href='../index.php'>View Entry</a></div></div> "; } mysql_close(); } ?></center> </div> <br /> <br /> <center> Powered by <a href="http://www.itsdaybreak.com/horizon">Horizon Blogging Software</a> <?php echo getVersion();?><br /> Copyright © 2006 - <?php echo date("Y");?> <a href="http://www.itsdaybreak.com">Daybreak Studios</a> <img src="img/bottom.gif" width="100%"></center></div> </body> </html>

It doesn't seem to wrok

Hello fellow users. I'm using the basic PHP event calendar tutorial that is on this website, and I made a form to add the events. The problem is that the date isn't posting right into the MySQL. For the date it says: '0000-00-00' instead of what I inputed. <?php if (isset($_POST['submit'])) { $month = htmlspecialchars(strip_tags($_POST['month'])); $date = htmlspecialchars(strip_tags($_POST['date'])); $year = htmlspecialchars(strip_tags($_POST['year'])); $time = htmlspecialchars(strip_tags($_POST['time'])); $title = htmlspecialchars(strip_tags($_POST['title'])); $desc = $_POST['desc']; $timestamp = strtotime('$date'); $desc = nl2br($desc); if (!get_magic_quotes_gpc()) { $title = addslashes($title); $desc = addslashes($desc); } db(); $sql = "INSERT INTO " . $mysql["db_prefix"] . "calevents VALUES ('', '$timestamp', '$title', '$desc')";