php_tom

your second solution is possible -- with ajax. try this: HTML: <input type='text' id='field1' /> <input type='button' value='go' onclick='ajaxpage("/path/to/php/script.php?field1="+document.getElementById('field1').value ,"results")' /> <div id='results'></div> JavaScript: var root = 'http://www.yoursite.com'; function ajaxpage(url, containerid){ var page_request = false; document.getElementById(containerid).innerHTML = "Loading..."; if (window.XMLHttpRequest) // if Mozilla, Safari etc page_request = new XMLHttpRequest(); else if (window.ActiveXObject){ // if IE try { page_request = new ActiveXObject("Msxml2.XMLHTTP"); } catch (e){ try{ page_request = new ActiveXObject("Microsoft.XMLHTTP"); } catch (e){} } } else return false; page_request.onreadystatechange=function(){ loadpage(page_request, containerid); } page_request.open('GET', root+url, true); page_request.send(null); } function loadpage(page_request, containerid){ if (page_request.readyState == 4 && (page_request.status==200 || window.location.href.indexOf("http")==-1)) document.getElementById(containerid).innerHTML=page_request.responseText; } PHP: <?php // Do something with the data, then print some output. echo $_GET['field1']; ?>

does document.getElementById(id).style.color='#000;'; work?

full path disclosure in http://www.rent-that-home.com/test.php your "forgot password" script lets me figure out usernames. for example entering username "root" says "There is no username root in our database!", but username "rex9990" says "Your login details have been forwarded to your email account". in info.php, you should check that the property exists before you display its info: http://www.rent-that-home.com/info.php?id=1203948520948523413

You really need to block the /sql directory, its a big security hazard to let everybody know the whole structure of your SQL.

Full Path Disclosure: http://ns2271.serverpowered.net/wv/wattcommunities/builder/options/upload/0173/*/15 Do you really want this to be accessible to all users? http://ns2271.serverpowered.net/wv/wattcommunities/builder/options/delete/0173/*/15 More full path disclosure: http://ns2271.serverpowered.net/wv/wattcommunities/admin/

and consequently XSS in http://www.themespot.info/blog/article.php?id_art=%3Cscript%3Ealert(1337357)%3C/script%3E

For hiding the contents of a directory, either disable directory listing on the server, or have an index.php in each directory with <?php header("Location: http://www.themafiaman.com"); exit(0); ?> Cross site scripting (XSS) can be fixed by validating ALL user input. See this article: http://www.htmlcenter.com/tutorials/tutorials.cfm/149/PHP/ Basically you just want to restrict as much as possible what input a user can give. For Array errors, just add a line <?phpif(is_array(<the variable>)) <the variable> = <the variable>[0]; ?> That should fix most of your troubles.

Full Path Disclosure if you enter something thats not a domain, or if you include the HTTP://WWW: Nice script though.

Full Path Disclosure when you try to log in:

You should handle downloading themes with invalid ids, like this link: http://themespot.info/?page=theme&themeid=-1&download=yes Just spins trying to start download every 3 secs. This could use some work: http://themespot.info/?page=screenshot

If I log in with username: Administrator and password:Administrator it says "logged in successfully...

Also this probably should only be accessiible if you've logged in: http://themafiaman.com/cgi-sys/mchat.cgi?channel=themafiaman.com I got that from this page which should be blocked: http://themafiaman.com/chat Not such a problem, but you might hide this directory: http://themafiaman.com/include/ That's all for now.

Maybe I don't need to tell you that this should be removed... http://www.themafiaman.com/phpinfo.php

I've done it lie this: suppose your page is called 'thisPage.php': <?php $info = $GET['info']; if($info=='option1') ;//do something if($info=='option2') ;//do something if($info=='option3') ;//do something ?> <select id='form_select' onchange="document.location.href='thisPage.php?info='+document.getElementById('form_select').value"> <option value='option1'>Option #1</option> <option value='option2'>Option #2</option> <option value='option3'>Option #3</option> </select> Is this what you had in mind?

I think you're naming the images by the timestamp of when they were uploaded... what happens if two people upload a file during the same second? I tried to do it, it seems that on image overwrote the other.

If you upload a file that ends in an image extension (.jpg, .gif, etc.) but isn't actually a valid image file, it spits errors:

Why don't you make a text file containing the amount donated, then have a PHP script read in the amount and print it on the page. (I think you can edit text files in cPanel.)

Easiest thing might be to check the URL when the user submits it. Something like: <?php if(@file_get_contents("http://theURLtheyEntered.com")!="") echo "OK!"; else echo "BAD!"; ?> Great, except that now if the link doesn't exist, it adds a blank link to the list. You should probably fix that. oh so what that does is checks to see if the page they submitted exists...? wow thats a good idea. thanks

Easiest thing might be to check the URL when the user submits it. Something like: <?php if(@file_get_contents("http://theURLtheyEntered.com")!="") echo "OK!"; else echo "BAD!"; ?>

Hehehehe... You might disable javascript in the links....

I'm pretty sure that's not possible in JS. But you can do it with PHP: <input type='button' value='Save!' onclick='document.location.href=download.php' /> Then in download.php: <?php $file = "path/to/the/file.jpg"; header("Pragma: public"); header("Expires: 0"); header("Cache-Control: must-revalidate, post-check=0, pre-check=0"); header("Content-Type: application/force-download"); header("Content-Disposition: attachment; filename=".basename(str_replace(" ", "", $file))); header("Content-Description: File Transfer"); header('Accept-Ranges: bytes'); header('Content-Length: ' . filesize($file)); @readfile($file); ?> That should automatically open a 'save as' box in the client browser. You could also pass which file to download in $_GET variables, but be careful about security...

Unless you have a pretty good reason for wanting to do that, I doubt that most people in this forum will want to help propagate pop-ups on the web.

Try this code, based on a function from http://www.faqts.com/knowledge_base/view.phtml/aid/15728: <html> <head> <script> function setCursorPosition(oInput,oStart,oEnd) { if( oInput.setSelectionRange ) { oInput.setSelectionRange(oStart,oEnd); } else if( oInput.createTextRange ) { var range = oInput.createTextRange(); range.collapse(true); range.moveEnd('character',oEnd); range.moveStart('character',oStart); range.select(); } } </script> </head> <body onload='txt.focus();setCursorPosition(txt,10,10);//move to 10th character'> <textarea id='txt'>A bunch of text that hopefully will make this textarea end up having multiple lines in it. Have I blabbae enough yet? Yeah, I thought so...</textarea> </body> </html> Works in FF and IE. Hope it helps.

Try this (btw, I wouldn't use WinWord to make my webpages. the code it generates is confusing and ugly and unpredicable.): <html> <head> <meta name="Microsoft Theme 2.00" content="Slate 011"> <meta http-equiv=Content-Type content="text/html; charset=windows-1252"> <meta name=ProgId content=Word.Document> <meta name=Generator content="Microsoft Word 11"> <meta name=Originator content="Microsoft Word 11"> <link rel=File-List href="index_files/filelist.xml"> <link rel=Edit-Time-Data href="index_files/editdata.mso"> <title>Xxxxx Clan</title> <style> <!-- /* Font Definitions */ @font-face {font-family:Verdana; panose-1:2 11 6 4 3 5 4 4 2 4; mso-font-charset:0; mso-generic-font-family:swiss; mso-font-pitch:variable; mso-font-signature:-1593833729 1073750107 16 0 415 0;} @font-face {font-family:Halo; panose-1:0 0 0 0 0 0 0 0 0 0; mso-font-charset:0; mso-generic-font-family:auto; mso-font-pitch:variable; mso-font-signature:-2147483645 0 0 0 1 0;} /* Style Definitions */ p.MsoNormal, li.MsoNormal, div.MsoNormal {mso-style-parent:""; margin:0cm; margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:12.0pt; font-family:Verdana; mso-fareast-font-family:"Times New Roman"; mso-bidi-font-family:"Times New Roman"; color:white;} h1 {mso-style-next:Normal; margin-top:12.0pt; margin-right:0cm; margin-bottom:3.0pt; margin-left:0cm; mso-pagination:widow-orphan; page-break-after:avoid; mso-outline-level:1; font-size:16.0pt; font-family:Verdana; mso-bidi-font-family:Arial; color:white; mso-font-kerning:16.0pt; font-weight:bold;} h2 {mso-style-next:Normal; margin-top:12.0pt; margin-right:0cm; margin-bottom:3.0pt; margin-left:0cm; mso-pagination:widow-orphan; page-break-after:avoid; mso-outline-level:2; font-size:14.0pt; font-family:Verdana; mso-bidi-font-family:Arial; color:white; font-weight:normal;} h3 {mso-style-next:Normal; margin-top:12.0pt; margin-right:0cm; margin-bottom:3.0pt; margin-left:0cm; mso-pagination:widow-orphan; page-break-after:avoid; mso-outline-level:3; font-size:13.0pt; font-family:Verdana; mso-bidi-font-family:Arial; color:white; font-weight:normal;} h4 {mso-style-next:Normal; margin-top:12.0pt; margin-right:0cm; margin-bottom:3.0pt; margin-left:0cm; mso-pagination:widow-orphan; page-break-after:avoid; mso-outline-level:4; font-size:14.0pt; font-family:Verdana; color:white; font-weight:normal;} h5 {mso-style-next:Normal; margin-top:12.0pt; margin-right:0cm; margin-bottom:3.0pt; margin-left:0cm; mso-pagination:widow-orphan; mso-outline-level:5; font-size:13.0pt; font-family:Verdana; color:white; font-weight:normal;} h6 {mso-style-next:Normal; margin-top:12.0pt; margin-right:0cm; margin-bottom:3.0pt; margin-left:0cm; mso-pagination:widow-orphan; mso-outline-level:6; font-size:11.0pt; font-family:Verdana; color:white; font-weight:normal;} a:link, span.MsoHyperlink {color:#B6B04D; text-decoration:underline; text-underline:single;} a:visited, span.MsoHyperlinkFollowed {color:#707849; text-decoration:underline; text-underline:single;} p {font-size:12.0pt; font-family:"Times New Roman"; mso-fareast-font-family:"Times New Roman";} p.style1, li.style1, div.style1 {mso-style-name:style1; mso-margin-top-alt:auto; margin-right:0cm; mso-margin-bottom-alt:auto; margin-left:0cm; mso-pagination:widow-orphan; font-size:12.0pt; font-family:"Times New Roman"; mso-fareast-font-family:"Times New Roman"; color:black;} p.style2, li.style2, div.style2 {mso-style-name:style2; mso-margin-top-alt:auto; margin-right:0cm; mso-margin-bottom-alt:auto; margin-left:0cm; mso-pagination:widow-orphan; font-size:12.0pt; font-family:"Times New Roman"; mso-fareast-font-family:"Times New Roman"; color:white;} span.style11 {mso-style-name:style11; color:black;} span.style21 {mso-style-name:style21; color:white;} @page Section1 {size:612.0pt 792.0pt; margin:0cm 90.0pt 72.0pt 90.0pt; mso-header-margin:35.4pt; mso-footer-margin:35.4pt; mso-paper-source:0;} div.Section1 {page:Section1;} .style1 {color: #FFFFFF} --> </style> </head> <body bgcolor=white background="index_files/image001.gif" lang=EN-US link="#B6B04D" vlink="#707849" style='tab-interval:36.0pt'> <div class=Section1> <p class=MsoNormal style='margin-right:-54.0pt'><span lang=EN-GB style='mso-ansi-language:EN-GB'><o:p> </o:p></span></p> <p class=MsoNormal><span lang=EN-GB style='mso-ansi-language:EN-GB'><o:p> </o:p></span></p> <div align=center> <table class=MsoTableTheme border=1 cellspacing=0 cellpadding=0 style='margin-left:.65pt;border-collapse:collapse;border:none;mso-border-alt: solid #989898 .25pt;mso-yfti-tbllook:480;mso-padding-alt:0cm 5.4pt 0cm 5.4pt; mso-border-insideh:.75pt solid #989898;mso-border-insidev:.75pt solid #989898'> <tr style='mso-yfti-irow:0;mso-yfti-firstrow:yes;height:141.0pt;background-image:url("index_files/header_short.jpg");'> <td colspan=2 valign=top style='width:680.0pt;border:solid #989898 1.0pt; mso-border-alt:solid #989898 .25pt;mso-border-bottom-alt:solid #989898 .75pt; padding:0cm 5.4pt 0cm 5.4pt;height:141.0pt'> <p class=MsoNormal align=center style='margin-top:0cm;margin-right:-9.75pt; margin-bottom:0cm;margin-left:-4.45pt;margin-bottom:.0001pt;text-align:center; text-indent:-9.0pt'><![if !vml]><![endif]><span lang=EN-GB style='mso-ansi-language: EN-GB'><![if !vml]><![endif]><o:p></o:p></span></p> <p class=MsoNormal align=center style='margin-top:0cm;margin-right:-9.75pt; margin-bottom:0cm;margin-left:-4.45pt;margin-bottom:.0001pt;text-align:center; text-indent:-9.0pt'><span lang=EN-GB style='mso-ansi-language:EN-GB'><o:p> </o:p></span></p> <p class=MsoNormal><span lang=EN-GB style='font-size:10.0pt;font-family:"Times New Roman"; color:windowtext;mso-ansi-language:EN-GB'><o:p> </o:p></span></p> <p class=MsoNormal align=center style='text-align:center'><strong><span lang=EN-GB style='font-size:10.0pt;color:windowtext;mso-ansi-language:EN-GB'>XXXXXX</span></strong><span lang=EN-GB style='font-size:10.0pt;font-family:"Times New Roman";color:windowtext'> </span><strong><span style='font-family:Verdana'><o:p></o:p></span></strong></p> <p align=center style='text-align:center'><o:p> </o:p></p> <p align=center style='text-align:center'><span lang=EN-GB style='font-size: 10.0pt;mso-ansi-language:EN-GB'><o:p> </o:p></span></p> <p align=center style='text-align:center'><strong><span lang=EN-GB style='font-size:10.0pt;mso-ansi-language:EN-GB'>Here to Finish the fight </span></strong><span lang=EN-GB style='font-size:10.0pt;mso-ansi-language:EN-GB'><o:p></o:p></span></p> </td> </tr> <tr bgcolor="#FFFFFF" style='mso-yfti-irow:1;height:14.5pt'> <td colspan=2 valign=top style='width:680.0pt;border:solid #989898 1.0pt; border-top:none;mso-border-top-alt:solid #989898 .75pt;mso-border-top-alt: .75pt;mso-border-left-alt:.25pt;mso-border-bottom-alt:.75pt;mso-border-right-alt: .25pt;mso-border-color-alt:#989898;mso-border-style-alt:solid;background: #000000;padding:0cm 5.4pt 0cm 5.4pt;height:14.5pt'> <p class=MsoNormal align=right style='text-align:right'><b style='mso-bidi-font-weight: normal'><span lang=EN-GB style='mso-ansi-language:EN-GB'><a href="index.html"><span style='color:white'>Menu</span></a> <a href="members.php"><span style='color:white'>Members</span></a> <a href="video's.php"><span style='color:white'>Video’s</span></a> <a href="pictures.php"><span style='color:white'>Pictures</span></a><span class=style21> </span></span></b> <a href="login.html" class="style1">Login</a> <a href="video's.php"><span class=style21><o:p> </o:p></span></p> </td> </tr> <tr style='mso-yfti-irow:2;height:467.7pt'> <td width=747 valign=top style='width:549.75pt;border:solid #989898 1.0pt; border-top:none;mso-border-top-alt:solid #989898 .75pt;mso-border-alt:solid #989898 .75pt; mso-border-left-alt:solid #989898 .25pt;padding:0cm 5.4pt 0cm 5.4pt; height:467.7pt' background="index_files/image003.jpg"> <p class=MsoNormal style='margin-right:-9.1pt;text-indent:-4.75pt'><![if !vml]><![endif]><span lang=EN-GB style='mso-ansi-language: EN-GB'><!--[if gte vml 1]><v:shape id="_x0000_i1026" type="#_x0000_t75" style='width:562.5pt;height:466.5pt'> <v:imagedata src="index_files/image003.jpg" o:title="halo-3"/> </v:shape><![endif]--><![if !vml]><![endif]><o:p></o:p></span></p> <p><strong><span style='font-size:10.0pt'>Welcome to xx clan page. </span></strong><span style='font-size:10.0pt'><o:p></o:p></span></p> <p><strong><span style='font-size:10.0pt'> </span></strong><span style='font-size:10.0pt'><o:p></o:p></span></p> <p><strong><span style='font-size:10.0pt'>This site belongs to the xxx clan members and is here to promote and organise the clan. The site has a logon feature so that members can check when clans matches will take place, who are their superiors and leave messages in the clan forum </span></strong><span style='font-size:10.0pt'><o:p></o:p></span></p> </td> <td width=202 valign=top style='width:120.9pt;border-top:none;border-left: none;border-bottom:solid #989898 1.0pt;border-right:solid #989898 1.0pt; mso-border-top-alt:solid #989898 .75pt;mso-border-left-alt:solid #989898 .75pt; mso-border-alt:solid #989898 .75pt;mso-border-right-alt:solid #989898 .25pt; padding:0cm 5.4pt 0cm 5.4pt;height:467.7pt'> <p class=MsoNormal align=center style='margin-left:-14.4pt;text-align:center; text-indent:9.15pt'><u><span lang=EN-GB style='mso-ansi-language:EN-GB'>Clan Pictures<o:p></o:p></span></u></p> <p class=MsoNormal style='margin-top:0cm;margin-right:-5.4pt;margin-bottom: 0cm;margin-left:-6.75pt;margin-bottom:.0001pt'><span lang=EN-GB style='mso-ansi-language:EN-GB'><o:p> </o:p></span></p> <p class=MsoNormal><span lang=EN-GB style='mso-ansi-language:EN-GB'><o:p> </o:p></span></p> <p class=MsoNormal style='margin-left:-14.4pt;text-indent:9.15pt'><u><span lang=EN-GB style='mso-ansi-language:EN-GB'><o:p><span style='text-decoration: none'> </span></o:p></span></u></p> </td> </tr> <tr style='mso-yfti-irow:3;mso-yfti-lastrow:yes'> <td colspan=2 valign=top style='width:680.0pt;border:solid #989898 1.0pt; border-top:none;mso-border-top-alt:solid #989898 .75pt;mso-border-alt:solid #989898 .25pt; mso-border-top-alt:solid #989898 .75pt;padding:0cm 5.4pt 0cm 5.4pt'> <p class=MsoNormal><span lang=EN-GB style='font-size:9.0pt;mso-ansi-language: EN-GB'>About us - Contact us - Copyright 2007<o:p></o:p></span></p> </td> </tr> </table> </div> <p class=MsoNormal><span lang=EN-GB style='mso-ansi-language:EN-GB'><o:p> </o:p></span></p> </div> </body> </html>

You should be specifying the background image in the CSS (like so): <style type='text/css'> body { background: #ffffff url('index_files/image001.gif') no-repeat fixed center; } </style> (Of course you can change the alignment of the background image...) I think it may be getting confused that you define both a background image and a background color.