Gath

Hi. Is $reply_text = htmlentities ($reply_text, ENT_QUOTES); secure enough for a query? If not, why not? I'm not very good at security, and might be missing some obvious stuff... If it isnt, what i'm looking for is something that will secure the form (it's a message for a forum) but when showing it on a page, it comes out exactaly like it was typed. (pretty mutch like this forums ) Thank you.

I'm not very good at testing security and such, but i have to tell you, graphicaly, the site looks amazing.

Try to get the images as lowest as possible, since they take "forever" to load. The 'face' image has over 70kb... and some of the others have 30kb... that's just way to mutch. JPGs can have 51% quality without being too bad. (depends on some factors, just 'play' with the image software) And if even at 51% they are still too big, re-consider the all thing.

Yeah, well, i said i was tired -.- anyway, that wasnt exactaly the my problem... it was a Country list. I dont even know why i typed the Year thingie... But thanks for your help.

Hi. The problem is that i have a form that includes a birthdate in a <select> of Years, from 1900 up to 2000. What i need is when the form isnt properly filled, and returns to itself, for the select to be on the year that was chosen, if any, instead of returning to the default value. Checked the pear for it, but... too complicated for me Looked around for regex or something, but i'm not finding anything. (altought i'm so tired i might just missed it completly -.-). Any tips, ideas, or something? Thanks.

But then i inserted it like this: And the previous word got filtered, but not the "simple" one. Used F word in all, last one had an "i" in the end, just like the first had an "g".

But the idea is to test them, and I can't remotely unzip them... What...?

Yes, the actual admins will have a "visual" effect. What i want to prevent is if someone new to the community enters and some "scammer" tries to abuse that person, to make sure the person isnt fooled easily. And no, the "names" and "position" arent related I just want to clear all names to avoid problems. And yeah, in the end one cant ever prevent all abuse, but trying to narrow it sometimes works wonders Thanks for the input.

Hello. So, on my site i wanted to 'block' the possibility for an user to create a 'username/nick' pretending to be part of the community 'administration'. On that list i already have: 'site name' (e: phpfreaks) 'the name of the creator/admin' (e: John Doe) Administrator Admin GM GameMaster and... i dont know anymore Any idea would be welcome. The particular community i wanted this for is made of a forums and a web-game (therfore the 'GameMaster'), altought i wanted some geral ideas also.

Those arent users. Mostly, they are Bots, not people. Create register/login forms that need human intervention, like the "number images" thingies that i hate, but do the job. (most of the times...)

Just a quick question. Possible for an outside user to make the code assume "all" for a url var, like for example: "show_topic.php?id=12345", to make it "show" all ID's isntead of just a specific number? Actually asking for a delete function for a forum, where 'outside' moderators could have a 'delete' option, but could be exploited somehow... Just trying to figure out all the options.

Ok, thanks. Hmm, yeah, sessions. Dont remember mutch. Only that i hated them

Greetings. Havent touched PHP in about 3 years now, and the need came to code again, so i'm not very secure of all the stuff i'm doing, since i feel i forgot most of what i knew Anyway, this is the login code for my future site. Just want to see if anyone could find any failure, security breaches, better ways to do things... or whatever. Anything would be helpfull. (this is the correct forum for this, right?) The vars come from a normal html form from main index page. "login.html.php" is a stripped version of that page, with the form only, oposed to having a Logo, images, and whatnot. <?PHP if(!empty($_POST['username']) AND !empty($_POST['password'])) { if( !eregi( "^[a-zA-Z0-9]{4,14}$", $_POST['username']) OR !eregi( "^[a-zA-Z0-9]{4,14}$", $_POST['password']) ) { $error = 'Invalid Username and/or Password!'; require ("login.html.php"); exit; }; require ("includes/dbconnect.php"); $username = $_POST['username']; $password = $_POST['password']; $db = mysql_query("SELECT user_id FROM user WHERE username=\"$username\" AND password=\"$password\" LIMIT 1") OR die ("Error!"); $count = mysql_num_rows($db); if($count == 1) { list($db) = mysql_fetch_row($db); setcookie("OGNBuser_id", $db, time() +5400); setcookie("OGNBusername", $username, time() +5400); setcookie("OGNBpassword", $password, time() +5400); echo '<html><head><meta http-equiv="refresh" content="0; url=news.php"></head></html>'; exit; } else { $error = 'Login failed!'; require ("login.html.php"); }; } else { $error = ''; require ("login.html.php"); }; ?>