helraizer

Hey folks, haven't been on here in a long while due to Uni work and the like. But I've been learning to use Cubase music software so have made a dance/techno remix of The Magic Roundabout theme. I'd love to know what you think. http://uk.youtube.com/watch?v=9LDPzXiOpEk

everytime you get a username or password wrong it opens a new tab, I didn't realise this until I had about 16 open tabs of your site. Also if I type a username such as "asfasfpj" and a wrong password it says "Username is invalid" but if I enter "Admin" then get the password wrong it says "Incorrect password" meaning I got the username right. Don't do this because attackers can use this because they then know they have the username. Try saying something like "Invalid Username/Password" because then they don't know which they got wrong.

http://www.insta-hosting.com/custom/whmcs/clientarea.php/%22%3E - ruins the layout.

Wherever in your code you have "$_GET['id'];" to show the forum page in message.php. Use what I said earlier. It'll stop the HTML executing.

$var = mysql_real_escape_string(htmlspecialchars($_GET['id'])); would suffice.

Based on what Stephen said, people can inject their own javascript, which can be potentially dangerous for your forum. If they were malicious. Minor example

http://scott.projecth4x0r.com/beta2/message.php?id=203 Might want to limit the size of signatures. As I said before, your edit signature is annoying. All HTML is stripped, yet it changes BBCode to HTML for the next time you go in to change something, so you have to change the entire thing.

1 point I've noticed is that your signature strips all HTML, which is fine. However when you use BBCode it converts it HTML, so when you go back to change your signture, what you already have is then stripped out. Also, my signature is 999x999px. So you may want to limit the size of signatures.

I don't even get that sentence. I think what he meant is that only the person who placed c992.php would access it, so if the OP edited it to captcher the user's IP address, he'd catch the person who placed it (IP wise). He kinda foiled his own plan there by telling everyone on here about it, thus getting more people to access it.

Hey folks, I'm working on animating gifs in GD. I've adapted the use of the GIFEncoder class from phpclasses. original gif.php <?php Class GIFAnimator { var $GIF = "GIF89a"; var $VER = "GIFEncoder V2.05"; var $BUF = Array ( ); var $LOP = 0; var $DIS = 2; var $COL = -1; var $IMG = -1; var $ERR = Array ( ERR00=>"Does not supported function for only one image!", ERR01=>"Source is not a GIF image!", ERR02=>"Unintelligible flag ", ERR03=>"Does not make animation from animated GIF source", ); function GIFAnimator ( $GIF_src, $GIF_dly, $GIF_lop, $GIF_dis, $GIF_red, $GIF_grn, $GIF_blu, $GIF_mod ) { if ( ! is_array ( $GIF_src ) && ! is_array ( $GIF_tim ) ) { printf ( "%s: %s", $this->VER, $this->ERR [ 'ERR00' ] ); exit ( 0 ); } $this->LOP = ( $GIF_lop > -1 ) ? $GIF_lop : 0; $this->DIS = ( $GIF_dis > -1 ) ? ( ( $GIF_dis < 3 ) ? $GIF_dis : 3 ) : 2; $this->COL = ( $GIF_red > -1 && $GIF_grn > -1 && $GIF_blu > -1 ) ? ( $GIF_red | ( $GIF_grn << 8 ) | ( $GIF_blu << 16 ) ) : -1; for ( $i = 0; $i < count ( $GIF_src ); $i++ ) { if ( strToLower ( $GIF_mod ) == "url" ) { $this->BUF [ ] = fread ( fopen ( $GIF_src [ $i ], "rb" ), filesize ( $GIF_src [ $i ] ) ); } else if ( strToLower ( $GIF_mod ) == "bin" ) { $this->BUF [ ] = $GIF_src [ $i ]; } else { printf ( "%s: %s ( %s )!", $this->VER, $this->ERR [ 'ERR02' ], $GIF_mod ); exit ( 0 ); } if ( substr ( $this->BUF [ $i ], 0, 6 ) != "GIF87a" && substr ( $this->BUF [ $i ], 0, 6 ) != "GIF89a" ) { printf ( "%s: %d %s", $this->VER, $i, $this->ERR [ 'ERR01' ] ); exit ( 0 ); } for ( $j = ( 13 + 3 * ( 2 << ( ord ( $this->BUF [ $i ] { 10 } ) & 0x07 ) ) ), $k = TRUE; $k; $j++ ) { switch ( $this->BUF [ $i ] { $j } ) { case "!": if ( ( substr ( $this->BUF [ $i ], ( $j + 3 ), 8 ) ) == "NETSCAPE" ) { printf ( "%s: %s ( %s source )!", $this->VER, $this->ERR [ 'ERR03' ], ( $i + 1 ) ); exit ( 0 ); } break; case ";": $k = FALSE; break; } } } GIFAnimator::GIFHead ( ); for ( $i = 0; $i < count ( $this->BUF ); $i++ ) { GIFAnimator::GIFGetFrames ( $i, $GIF_dly [ $i ] ); } GIFAnimator::GIFFoot ( ); } function GIFHead ( ) { $cmap = 0; if ( ord ( $this->BUF [ 0 ] { 10 } ) & 0x80 ) { $cmap = 3 * ( 2 << ( ord ( $this->BUF [ 0 ] { 10 } ) & 0x07 ) ); $this->GIF .= substr ( $this->BUF [ 0 ], 6, 7 ); $this->GIF .= substr ( $this->BUF [ 0 ], 13, $cmap ); $this->GIF .= "!\377\13NETSCAPE2.0\3\1" . GIFAnimator::GIFWord ( $this->LOP ) . "\0"; } } function GIFGetFrames ( $i, $d ) { $Locals_str = 13 + 3 * ( 2 << ( ord ( $this->BUF [ $i ] { 10 } ) & 0x07 ) ); $Locals_end = strlen ( $this->BUF [ $i ] ) - $Locals_str - 1; $Locals_tmp = substr ( $this->BUF [ $i ], $Locals_str, $Locals_end ); $Global_len = 2 << ( ord ( $this->BUF [ 0 ] { 10 } ) & 0x07 ); $Locals_len = 2 << ( ord ( $this->BUF [ $i ] { 10 } ) & 0x07 ); $Global_rgb = substr ( $this->BUF [ 0 ], 13, 3 * ( 2 << ( ord ( $this->BUF [ 0 ] { 10 } ) & 0x07 ) ) ); $Locals_rgb = substr ( $this->BUF [ $i ], 13, 3 * ( 2 << ( ord ( $this->BUF [ $i ] { 10 } ) & 0x07 ) ) ); $Locals_ext = "!\xF9\x04" . chr ( ( $this->DIS << 2 ) + 0 ) . chr ( ( $d >> 0 ) & 0xFF ) . chr ( ( $d >> 8 ) & 0xFF ) . "\x0\x0"; if ( $this->COL > -1 && ord ( $this->BUF [ $i ] { 10 } ) & 0x80 ) { for ( $j = 0; $j < ( 2 << ( ord ( $this->BUF [ $i ] { 10 } ) & 0x07 ) ); $j++ ) { if ( ord ( $Locals_rgb { 3 * $j + 0 } ) == ( ( $this->COL >> 16 ) & 0xFF ) && ord ( $Locals_rgb { 3 * $j + 1 } ) == ( ( $this->COL >> 8 ) & 0xFF ) && ord ( $Locals_rgb { 3 * $j + 2 } ) == ( ( $this->COL >> 0 ) & 0xFF ) ) { $Locals_ext = "!\xF9\x04" . chr ( ( $this->DIS << 2 ) + 1 ) . chr ( ( $d >> 0 ) & 0xFF ) . chr ( ( $d >> 8 ) & 0xFF ) . chr ( $j ) . "\x0"; break; } } } switch ( $Locals_tmp { 0 } ) { case "!": $Locals_img = substr ( $Locals_tmp, 8, 10 ); $Locals_tmp = substr ( $Locals_tmp, 18, strlen ( $Locals_tmp ) - 18 ); break; case ",": $Locals_img = substr ( $Locals_tmp, 0, 10 ); $Locals_tmp = substr ( $Locals_tmp, 10, strlen ( $Locals_tmp ) - 10 ); break; } if ( ord ( $this->BUF [ $i ] { 10 } ) & 0x80 && $this->IMG > -1 ) { if ( $Global_len == $Locals_len ) { if ( GIFAnimator::GIFBlock ( $Global_rgb, $Locals_rgb, $Global_len ) ) { $this->GIF .= ( $Locals_ext . $Locals_img . $Locals_tmp ); } else { $byte = ord ( $Locals_img { 9 } ); $byte |= 0x80; $byte &= 0xF8; $byte |= ( ord ( $this->BUF [ 0 ] { 10 } ) & 0x07 ); $Locals_img { 9 } = chr ( $byte ); $this->GIF .= ( $Locals_ext . $Locals_img . $Locals_rgb . $Locals_tmp ); } } else { $byte = ord ( $Locals_img { 9 } ); $byte |= 0x80; $byte &= 0xF8; $byte |= ( ord ( $this->BUF [ $i ] { 10 } ) & 0x07 ); $Locals_img { 9 } = chr ( $byte ); $this->GIF .= ( $Locals_ext . $Locals_img . $Locals_rgb . $Locals_tmp ); } } else { $this->GIF .= ( $Locals_ext . $Locals_img . $Locals_tmp ); } $this->IMG = 1; } function GIFFoot ( ) { $this->GIF .= ";"; } function GIFBlock ( $GlobalBlock, $LocalBlock, $Len ) { for ( $i = 0; $i < $Len; $i++ ) { if ( $GlobalBlock { 3 * $i + 0 } != $LocalBlock { 3 * $i + 0 } || $GlobalBlock { 3 * $i + 1 } != $LocalBlock { 3 * $i + 1 } || $GlobalBlock { 3 * $i + 2 } != $LocalBlock { 3 * $i + 2 } ) { return ( 0 ); } } return ( 1 ); } function GIFWord ( $int ) { return ( chr ( $int & 0xFF ) . chr ( ( $int >> 8 ) & 0xFF ) ); } function GetAnimation ( ) { return ( $this->GIF ); } } ?> I have used <?php include('gif.php'); $image = imagecreatefrompng("../mychatbox/user/helraizer1.png"); if ( $dh = opendir ( "frames/" ) ) { while ( false !== ( $dat = readdir ( $dh ) ) ) { if ( $dat != "." && $dat != ".." ) { $frames [ ] .= "frames/$dat"; $framed [ ] = 20; } } closedir ( $dh ); } foreach( $frames as $thePfhrame ) { $imgPfhrame = imagecreatefromgif($thePfhrame); imagecopymerge($image, $imgPfhrame, imageSX($image)/2, imageSY($image)/1.5, 0, 0, 15, 15, 100); } $gif = new GIFAnimator ( $frames, //sources - URL or path $framed, //delay times - int 0, //Animation loops - int - 0 is infinite 2, //Disposal - int -1, -1, -1, //transparency red, green, blue - int "url" // source type ); header("Content-Type: image/gif"); echo $gif->GetAnimation(); FWrite ( FOpen ( "img.gif", "wb" ), $gif->GetAnimation ( ) ); ?> and it produces this: As you can see the one that is in middle is animated! So that works perfectly fine, on its own. However when I put the code in my showimage script (to produce the shoutbox), which is in a different folder, but still has a 'frames' folder with the same frames in it, it gives me the error. Even though there are 9 frames in the folder. if(stristr($line, ":roll:")) { session_register("roll"); $_SESSION['roll'] = 1; } if (isset($filter)) { header("Content-Type: image/png"); // tell the browser what we're gonna give it imagepng($image); } elseif ($page == 1) { if(!isset($_SESSION['roll'])) { header("Content-Type: image/png"); // tell the browser what we're gonna give it imagepng($image); imagepng($image, "./user/" . $user . $box. ".png"); } else { $pos = strpos($line, ":roll:"); if ($font == "palab") { $post = $pos * 5.7; } elseif ($font == "comicsans") { $post = $pos * 6.725; } elseif ($font == "calibri") { $post = $pos * 5; } elseif ($font == "courbd") { $post = ($pos * 5. + 1; } elseif ($font == "arial") { $post = ($pos * 7.3) + 1; } else { } if ( $dh = opendir ( "frames/" ) ) { while ( false !== ( $dat = readdir ( $dh ) ) ) { if ( $dat != "." && $dat != ".." ) { $frames [ ] .= "frames/$dat"; $framed [ ] = 17; } } closedir ( $dh ); } foreach( $frames as $thePfhrame ) { $imgPfhrame = imagecreatefromgif($thePfhrame); imagecopymerge($image, $imgPfhrame, ($cur_line_x + $post) + 6, (($cur_line_y + $lineheight) - 30.5), 0, 0, 15, 15, 100); } $gif = new GIFAnimator ( $frames, //sources - URL or path $framed, //delay times - int 0, //Animation loops - int - 0 is infinite 2, //Disposal - int -1, -1, -1, //transparency red, green, blue - int "url" // source type ); header("Content-Type: image/gif"); echo $gif->GetAnimation(); FWrite ( FOpen ( "helraizer2.gif", "wb" ), $gif->GetAnimation ( ) ); } else { header("Content-Type: image/png"); // tell the browser what we're gonna give it imagepng($image); } The error comes about if $frames isn't an array but, it is. Any idea why this happens? Sam

You'll need <form enctype="multipart/form-data"> in your form or else it won't upload the form.

Someone changed the title of the page to "<script>alert('owned');location.href='http://www.youtube.com/watch?v=...';</script> ". Need to change that.

Hey, I have a PHP script that I made for an image based shoutbox with emoticons. The problem is that php GD doesn't support animated gifs, yet perl GD does. How would I make it so that I could copy the animated gifs via Perl onto the static image that I made with php? I've tried with php imagecreatefromgif(), which produces a static image. I also tried using the GIFAnimation class from phpclasses to make an animated gif but it returns it as an object or a string, not an image resource. So if I use imagecreatefromstring it will again be static.. As you can see it has static emoticons. Like a normal shoutbox, but in an image form. I was wondering whether there is any possible way to use Perl GD to animate the gifs within GD (since the files themselves are animated). Then with these animated gifs imagecopymerge them onto the shoutbox image, as I am doing now. Therefore having the emoticons animated on the shoutbox image. Hope that makes more sense.. Is that possible? I must admit I've not used much Perl before, at all. Sam

I think you mean 'was'.

Why don't you log IPS? If you meant IP address; he does log it. Only from what I can imagine, he's using a hidden field with value="<?php echo $_SERVER['REMOTE_ADDR']; ?>" and thus someone made an identical form pointing to the same place and and sent it with the hidden input value of 'i lurves no ipz'.