dreamwest

Check htaccess that it doesnt have this RewriteRule ^$ error.php it should be RewriteRule ^$ index.php Also error.php is refreshing constantly, start by deleting it and index.php and reupload them, change index.php to 444, if someone is hacking they will alter index.php again. If they do change it again ban everyone temporarily : # limit access to local area network <Limit GET POST PUT> order deny,allow deny from all allow from 192.168.0.0/33 #your ip </Limit> Remove all frontpage "vti_cnf" directories if you have them Block all index browsing: # stop ppl from browsing indexes Options -Indexes and make sure index.php actually exists if it doesnt you htaccess might look like this ErrorDocument 404 /error.php

Going to stack.php will always show user id 1 RewriteRule ^stack.php stack.php?id=1

Your include (html) wont work in php page. Fixed your original code too <?php if ($advanced=='on'){ include ("advanced.html"); }else{ include ("vpt.html"); } ?>

Heres the error: $row1 = mysql_fetch_assoc($res); Should be $row1 = mysql_fetch_assoc($res1);

$string = "hello bob johnhis@domain.com how are you"; $find = explode('@', $string); if($find['1'] != ""){ echo "I have a @ in my string!"; }else{ echo "Doesnt have @ in string!"; }

Nevermind, figured it out $id = 456; $arr = array("{$id}.jpg", "1_{$id}.jpg", "2_{$id}.jpg", "3_{$id}.jpg"); foreach ($arr as &$value) { echo "Let do stuff to ".$value."<br>"; }

Im trying to loop an array - but have no idea where to begin.. $files = array('546.jpg', '1_546.jpg', '2_546.jpg', '3_546.jpg'); while( $files etc){ if (file_exists($files)) { do something here } }

# activate SSI for HTML and or SHTML file types AddType text/html .html AddType text/html .shtml AddHandler server-parsed .html AddHandler server-parsed .shtml AddHandler server-parsed .htm

Awesome! Thanks for the info.

Im really crap at securing my forms, but ive been experimenting with making login more secure. As well as using htmlspecialchars and strip tags etc to try and clean the input before a database query is performed. This works quite well even with a 50,000 row table. Can anyone see any potential issues with this? I mean they're not actually querying the database directly $user = $_POST['username']; if($user == ""){ header("Location: /index.php"); }else{ $result = mysql_query( "SELECT username FROM signup " ) ; while ( $record = mysql_fetch_assoc( $result) ){ $go = $record['username']; if($user == $go){ $ok = 1; break; } } if($ok != 1){ header("Location: /index.php"); }else{ continue here.... } }

One word - UPGRADES ... ppl are upgrading from the previous buggy versions, there cant be 1 billion firefox users - I-M-P-O-S-S-I-B-L-E

Its free always has been. Oh and by the way .... http://download.cnet.com/windows/web-browsers/?tag=bc More downloads that firefox OH YEAH!!

Im 100% serious! I love avant as much as i love BING......i think thats called being open minded to try new things

I dont wanna seem cocky but im just cant help it when im right: http://www.avantbrowser.com/awards.html

Says who? You? It really is a gods browser....sorry to insult the common folks browser aka firefox

Avant browser is the best browser out there today and its based on IE

<?php session_start(); $uid = $_SESSION['userid']; // check the login details of the user and stop execution if not logged in if($uid ==""){ echo "<center><font face='Verdana' size='2' color=red>Sorry, Please login and use this page </font></center>"; exit; } $row=mysql_fetch_object(mysql_query("select * from signup where userid='{$uid}'")); echo $row['firstname']; echo $row['lastname']; ?>

playlist_generator.php needs to echo the playlist <location></location> so make $path an id and get the info from the database $path = $_GET['path']; if ($path !=""){ $query = "SELECT * FROM video WHERE file_id='{$path}' "; $result = mysql_query($query)or die(mysql_error()); echo '<?xml version="1.0" encoding="UTF-8"?><playlist xmlns="http://xspf.org/ns/0/" version="1"><title>mixmedia</title> <tracklist>'; $row = mysql_fetch_array($result); $file = "/files/".$row['swfname']; //location of file here echo"<track> <location>".$file."</location> </track>"; echo '</tracklist></playlist>'; }

SELECT * FROM orders as o, users as u WHERE o.userid=u.id ORDER BY o.datetime DESC;

You have a ? in your fake url , your real url has no extension ($1?request) Personally i would reduce it to: RewriteRule ^mediakey=([^/]+) control/browse.php?request=browse&key=$1 [L] or RewriteRule ^media/key=([^/]+) control/browse.php?request=browse&key=$1 [L]

# activate SSI for HTML and or SHTML file types AddType text/html .html AddType text/html .shtml AddHandler server-parsed .html AddHandler server-parsed .shtml AddHandler server-parsed .htm

You can use distinct within a join but requires a group by the distinct value to work select distinct * from prod as p, gal as g where p.id_prod = g.idprod_gal group by idprod_gal order by p.update_prod

<div style=" position:relative; width:440px; height:515px;"> <div style="position:absolute; top:15px; left:20px; " >Position me anywhere within the relative div, using top:45; right left and/or bottom</div> </div>

Also make sure the referer isnt coming from within your site else youll get loops $referer = $_SERVER['HTTP_REFERER']; if($referer != "yoursite.com" || $referer == "" ) { header("Location: place_to_redirect.php"); }

RewriteRule ^([^/\.]+)/(.*)/(.*).html cats.php?type=$1&subcat=$2&maker=$3 http://site.com/shoes/nike/air or http://site.com/shirts/shirt/maker here etc...