lightningstrike

SELECT * FROM sb_members WHERE sb_gender IN ('1','2','3') ORDER BY sb_id DESC should do what you want.

Rather than making an IP based feature. Write a script to automatically flag suspicious users for a review. e.g. If multiple accounts have the same email address, password, similar user names. Also a possibly effective method would be to monitor transactions between accounts and flag anyone who makes many transactions to only one account. Meaning that they are transferring a lot of money to one account, then check if the IP range is very close and you can usually tell it's someone cheating. Of course there is no 100% way of doing this perfectly but what I suggested is a start.

Simply edit the displayimage.php script. Since you appear to be using the built-in php session support. simply include before the session_start(); session_cache_limiter("public"); or something more advanced http://www.php.net/session_cache_limiter which will allow the dynamic images to cache properly.

Yes the INDEX will speed up any statement that has a WHERE clause searching the name. It might be better practice to instead use WHERE ID = 'xxx', if your index is using to much space I believe MySQL can create partial indexes from a shell command as well. Avoid using SELECT * FROM table. * means your retrieving all the data from the table where the conditions are met. Instead SELECT field1,field2 FROM table would consume less memory and time then retrieving unecessary fields you don't need.

Yes the Index should generally be a integer as it is faster and less space consuming but in your case it will only benefit you.

Refrain from using session_register it is deprecated instead use $_SESSION["variablename"] = "value"; Should $arr[1] and $arr[2] be $arr[0] and $arr[1] as after exploding element keys start at 0. If that doesn't fix it, please show us what your userdb file looks like in structure.

Well to be honest I think that's a design that's asking to be tampered with. I mean someone might be able to put data into a table they shouldn't be able to access if they get it's name. What I would recommend I guess to read http://www.phpfreaks.com/quickcode/Check-if-a-table-exists/665.php You could possibly encrypt the table $name . "|" . $sessionid in the hidden field then decrypt it and see if it's a valid alphanumeric response then check if that table exists using the tutorial above and the sessionid after the | is actually the user logged in or something like that.

I would personally recommend a database IP specific timed ban for flood limits but that's up to you. I believe the random text I am seeing is actually a bunch of images ALT tags. images/spacer.gif is not loading for me so I see it's text tag instead.

It's quite well designed. However it has very limited functionality. Also when posting a message with the text ' OR it became \' OR (escaped) which should not be shown the user. Rather then escaping the message use htmlentities($text,ENT_QUOTES); which will encode quotes rather then escape them. I also don't believe that you have made a flood defense feature, although the web host is too slow to test that out. Also at the bottom of every post near the icons i see text "dd232323" perhaps remove that After posting a new topic it says refreshing and takes you to a page on local host which we clearly can't access. That's about as much I've checked out so far.

php.net/curl Read more about the cURL extension. After the user confirms the data. Simply POST the data to the e-commerce programs script. If that is not possible you could show the user a form and use javascript to auto-submit it.

Well actually if he/she has access to the php.ini file or even setting a htaccess php_flag. All they would have to do is make a file I described then simply edit the value of auto_append_file to the file handling the auto-opening.

Perhaps write a simple script to include at the top of the pages. e.g $openat = mktime(1,0,0,9,1,2007); // 1 AM, September 1st, 2007 read more at php.net/mktime $javascript = "<br> <script type=\"text/javascript\"> //put some code here for javascript countdown. </script> "; if(time()<$openat){ die("The website will open on: " . date("M d Y",$openat) . $javascript); }

Not likely they usually have a strong validation set if they are well-coded. Changing a drop-down to invalid value will probably have it reset to a default, perhaps using a switch statement and default.

Read more at the PHP docs - http://www.php.net/session Simply start a session on every page allowing you to access the $_SESSION vars on any page where the session is started. And when the user submits the form save the products to an array or something similar. You can also store their information in the $_SESSION variable (persistent through pages) until they verify the purchase and decided to receive the email. <?php //starts session, MUST be called before sending ANY text to the screen session_start(); //setting Super global session variable ball to true $_SESSION["products"]["ball"] = true; ?>

Are you sure you used mysql_select_db() to select the database you are using, prior to making your query. http://www.php.net/mysql_select_db If so it's possible you may have unescaped quotes in the variables (check by printing them) if so, escape them with mysql_real_escape_string(); http://www.php.net/mysql_real_escape_string

I use SmartFTP. You can use a Remote Edit feature which automatically uploads file on change.

If I'm not mistaken they meant that $site_url = "belladonnasdarkgraphics.com/layout.php"; should be instead equal to the base domain. $site_url = "belladonnasdarkgraphics.com";

Yes, that's the only solution I can think of other than to use another piece of software which consumes less memory.

Yup, I definitely agree with redbullmarky and Stopofeger on this one. What I suggested is just a way to do it, however the solution I presented is in many ways ridiculous for most servers as it would require long execution times, high memory, and long wait times. Install GD2, Exif extension or ImageMagick's command line mogrify tool to make it simple and fast.

Perhaps read about cURL if your school server supports that extension. http://www.php.net/curl Basically open a connection to a page on your server using cURL and POST the uploaded file. e.g. school.edu/reporterupload.php recieves POST data from client. school.edu/reporterupload.php POSTS data to fastserver.com/resize.php and reporterupload.php finishes execution. Then afterwards fastserver.com/resize.php stores a list of the resized images in database. fastserver.com/list.php retrieves this data school.edu runs a cron job (UNIX/Linux) or Scheduled Task (Windows) executing a PHP script on school.edu/getthumbs.php every 5 minutes. getthumbs.php makes a GET request to fastserver.com/list.php and downloads each thumbnail at fastserver.com/download.php?id=imageid and stores it on school.edu/thumbs/ folder. download.php deletes the thumbnail and database field for each image after being viewed.

Umm are the passwords hashed in the database with md5?

Seems like an interesting idea. I can't test it out but from the code it seems simple enough and functional. I think it would be quite useful in certain applications where a script loads data from multiple locations. I read some of your code and I can see it will not work with IE5 and IE6 due to it use the xmlhttprequest() method. I understand you are not too concerned about Internet Explorer 6 but it is widely used and should be taken into account for a public project like this. Simply do something similar to below to use ActiveX. try{ obj = new XMLHttpRequest(); }catch(e if (!obj)){ obj = new ActiveXObject("Msxml2.XMLHTTP"); }catch(e){ obj = new ActiveXObject("Microsoft.XMLHTTP"); }

First of all why on earth would you use is_dir() on a file. Please read the manual at php.net for functions you do not understand. instead use file_exists();

Create a .htaccess file or edit the one in the folder of your login/registration pages folder and put this in. RewriteEngine on RewriteCond %{SERVER_PORT} 80 RewriteCond %{REQUEST_URI} file.php RewriteRule ^(.*)$ https://domain.com/$1 [R,L] I believe that should force it.

Well firstly I noticed your freeCart already has a Signed SSL Certificate. Considering this is a shopping cart everything should be very secure. So I strongly suggest you make the login page SSL as well as the page it's POST's the data to just like you made the registration page secure. Use .htaccess file to force users to use https on those pages.