Lamez

do I need to use a query statement? mysql_query("TRUNCATE TABLE tablename");

when in doubt echo out! echo out the $_SESSION['username'] variable, and see if it is what you expected.

Is there a way to delete all the information in one mysql table?

Thanks!

what I would do is find how many entrys are in the table and use that as your rang then use the random funtion 50 times as a different string then make a query then echo it out

sweet.

, man you had me worried. Thank you so much!

http://www.google.com/search?hl=en&safe=off&q=google+%3Ad&btnG=Search That one, it works. By my log you used google.net

oh poop, what link?

Ok I fixed the blacklist part. yahoo.com, and google.com are blacklisted! http://links.krazypicks.com/ YouTube videos are supported, and so are mp3 files. You can type in a google search, and it will still be blacklisted like: http://www.google.com/search?hl=en&safe=off&q=google+%3Ad&btnG=Search Give it a try, do everything you can to it!

I FIXED IT! After days and days of problems, I do believe I have made it 100% secure, and 100% fixed. http://links.krazypicks.com/ <?php ob_start(); session_start(); //DB Connection $results = mysql_query("SELECT * FROM `site`")or die(mysql_error()); $row = mysql_fetch_array($results)or die(mysql_error()); $title = $row['name']; $back_address = 'http://www.krazypicks.com'; function addPro($str){ if(!strstr(strtolower($str), "http://")){ $str = "http://".$str; } return $str; } function addwww($str){ $h = parse_url(strtolower($str)); $pro = strtolower($h['scheme']); if(!strstr(strtolower($str), "www.")){ $str = $pro."www.".$str; } $str = strtolower($str); return $str; } function CkUrl($str, $url){ $sql = mysql_query("SELECT * FROM `blacklist` WHERE `url`='".$str."'"); if (mysql_num_rows($sql) >= 1){ header("Location: ?url=".$url); exit; } } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <link rel="shortcut icon" href="http://www.krazypicks.com/main/style/img/favicon.ico" /> <title>External Link Checker</title> </head> <body bgcolor="#336699"> <table width="100%" border="0"> <tr> <td width="28%"> </td> <td width="46%" align="center" valign="middle"><font face="Tahoma" color="#FFFFFF" size="30pt"><?php echo $title; ?></font></td> <td width="26%"> </td> </tr> <tr> <td> </td> <td rowspan="9" align="center" valign="middle" bgcolor="#FFFFFF"> <font face="Arial, Helvetica, sans-serif"> <?php $url = $_GET['url']; $url = stripslashes($url); $url = htmlspecialchars($url); $_SESSION['n_url'] = $url; $links = "<a href=\"http://www.krazypicks.com\">".$title."</a> or <a href=\"?\">Enter URL</a>"; $switch = "00"; $black = md5("this has been black listed :D :D ////*****/////*****////****"); if($url == ($switch)){ echo $links; }else if($url == ($black)){ echo "<font color=\"red\"><b> This website has been blacklisted by ".$title."!</b></font><br>"; echo "<br><br>"; echo $links; }else if(empty($url)){ print'Enter URL<br> <form id="form1" name="form1" method="get" action="?"> <label> <input name="url" type="text" id="url" size="50" maxlength="100" /> </label> <input type="submit" name="'.md5("go_s").'" id="'.md5("go_s").'" value="Go!" /> </form><br> <a href="http://www.krazypicks.com">'.$title.'</a> :: <a href="http://www.servage.net/?coupon=cust33591">Hosted by Servage</a>'; }else{ $url = addPro($url); //adds http:// $churl = @fopen($url,'r'); if (!$churl && !empty($url)){ echo "<br><center>The URL does not exist, or the server is down.<br>".$links."</center>"; }else{ //begin checking for blacklisted... $n_url = $_SESSION['n_url']; $par = parse_url($n_url); $b_url = $par['host'];//grab base url if($b_url == ""){ $b_url = $par['path']; $b_url = preg_replace('~/(.+)$~', '', $b_url); } CkUrl($n_url, $black);//Check CkUrl($b_url, $black);//Check $www = addwww($b_url); CkUrl($www, $black);//Check $pro = addPro($b_url); CkUrl($pro, $black);//Check $both = addwww($b_url); $both = addPro($both); CkUrl($both, $black);//Check //end check, everything cleared... //check for a youtube video... $link = parse_url($url); $youtube = $link['host'].$link['path']; $watch = "www.youtube.com/watch"; $watch_2 = "youtube.com/watch"; $watch_3 = "http://www.youtube.com/watch"; $watch_4 = "http://youtube.com/watch"; $qu = $link['query']; $qu = str_replace("v=", "", $qu); if ($youtube == $watch || $youtube == $watch_2 || $youtube == $watch_3 || $youtube == $watch_4) { print'<object width="425" height="349"><param name="movie" value="http://www.youtube.com/v/'.$qu.'&hl=en&fs=1&color1=0x006699&color2=0x54abd6&border=1"></param><param name="allowFullScreen" value="true"></param><embed src="http://www.youtube.com/v/'.$qu.'&hl=en&fs=1&color1=0x006699&color2=0x54abd6&border=1" type="application/x-shockwave-flash" allowfullscreen="true" width="425" height="349"></embed></object><br><br>'; } //end check for youtube video... //check for mp3 file... $string = $link['path']; $keyword = ".mp3"; $keyword_1 = ".MP3"; if (strpos($string, $keyword) > 0 || strpos($string, $keyword_1) > 0 ) { print'<object data="'.$url.'" type="application/x-mplayer2" width="200" height="50"> <param name="src" value="'.$url.'"> <param name="autoplay" value="false"> <param name="autoStart" value="0"> </object><br><br>'; } //end check for mp3 file... print 'You are about to leave '.$title.', do you want to continue?<br><b>Website</b>: '.$url; print '<br> <center> <form id="con_form_url" name="con_form_url" method="post" action=""> Yes <label> <input type="radio" name="con_tin" id="radio" value="yes" /> </label> No <label> <input type="radio" name="con_tin" id="radio2" value="no" /> </label> <label> <input type="submit" name="button" id="button" value="Continue" /> </label> </form> </center>'; if (isset($_POST['con_tin'])){ if ($_POST['con_tin'] == ("yes")){ header("Location: ".$url); exit; }else{ //header("Location: ".$back_address); header("Location: ?url=".$switch); exit; } } }//pinged webpage, closing bracket. }//url is not empty, closing bracket. ?> </font> </td> <td> </td> </tr> <tr> <td> </td> <td> </td> </tr> <tr> <td> </td> <td> </td> </tr> <tr> <td> </td> <td> </td> </tr> <tr> <td> </td> <td> </td> </tr> <tr> <td> </td> <td> </td> </tr> <tr> <td> </td> <td> </td> </tr> <tr> <td> </td> <td> </td> </tr> <tr> <td> </td> <td> </td> </tr> <tr> <td> </td> <td> </td> <td> </td> </tr> </table> </body> </html> <?php //session_destroy(); ?> blocked urls: yahoo.com, and google.com, you can also put in the query's that contain a search like: http://www.google.com/search?hl=en&q=link&btnG=Google+Search&aq=f&oq= and it still blocks it. -Thank you for your time, you have been very helpful.

Thank you! That worked great!

ugh. I do not have the protocol added. If I add the protocol, then it works like a charm. Otherwise I need to get rid of everything after the slash "/"

youtube.com/watch?v=h0JX5jWv-tk example: http://links.krazypicks.com/?url=youtube.com/watch?v=h0JX5jWv-tk

well that was a mistake, but I still get site.com/path

I have tried that, I get nothing. <?php //begin checking for blacklisted... $n_url = $_SESSION['n_url']; $par = parse_url($n_url); //print_r($par); echo $par['path']; $b_url = $par['host'];//grab base url if($b_url = ""){ $b_url = $par['path']; } echo "Input URL: ".$n_url; echo "<br>"; echo "Base: ".$b_url; echo "<br>"; $www = addwww($b_url); echo "Add WWW: ".$www; echo "<br>"; $pro = addPro($b_url); echo "Pro: ".$pro; echo "<br>"; $both = addwww($b_url); $both = addPro($both); echo "Both: ".$both; echo "<br>"; //end check, everything cleared... ?>

lol I am using that, but sometimes the url comes out like site.com/path, and when I pull the path out of the array, I get site.com/path. that is why I wanna make a custom function to take off the /path.

I am have strings in URL formats, like www.site.com/path how can I take off the /path part, and just have www.site.com? -Thanks!

Sql Inject me, says index.php is good!

I am not sure what you mean by that, selecting blacklist.

what about something like this: <?php function chBan($str){ $sql = mysql_query("SELECT * FROM `blacklist` WHERE `url`='".$str."'"); $r = mysql_fetch_array($sql); if (mysql_num_rows($sql) >= 1){ $out = true; }else{ $out = false; } return $out; } ?> and then have a if statement.

I am not too sure I understand how your function works, could your break it down? Thanks for all the help and suggestions!

usually witting your own script is best, and it gives you a fully understanding how it works. I suggest you make your own. here is a good start: http://www.google.com/search?hl=en&safe=off&q=file+open+php&btnG=Search

Right, lets say I do not want my users to use google, so I will black list, and it will add it to the DB. Then when a user posts a link on the main website, it will check the url using this script, but you can get by the filter using www.google.com or google.com, but if you use http://www.google.com, it gives you the error, like it should. http://links.krazypicks.com/file.php?url=http://www.google.com That is the error I want no matter if the string is google.com or www.google.com or any of the other possibilitys.

no sir, the second site is google, when you put in www.google.com or google.com it does not work, however http://www.google.com works. The first site is yahoo