magebash

maybe you saved the duplicates in different folders therefore messing up the links. Try looking at the image URLs in the html code of your pages.

i have decided to use the new one. on all of them

I am just testing out the code on this website before I post it out to a "paid" host, and was wondering what could be improved graphics wise on it. I am definitely no expert on web design, so be rough on me and tell me what I need to improve or change. I know there are CSS/Html errors, so no need to warn me about those. I was just wondering how I could improve the layout/graphics. Any comments would be appreciated. I need to know which one looks better. Thanks. Here are the URLs: #1 http://possal.freehostia.com (older version) #2 http://possal.freehostia.com/index2.php (newer version) Thanks.

I am not good at design either, but I don't think the "FreeUnlimitedTexts" page background fits in too well. The background is distracting, and it keeps drawing my attention. For this kind of site I would stay away from the darker colors, but this is just my opinion. The logo could be a bit more "upgraded". For the lack of content it does have some good stuff though. TorrentSafari.com ------------------------ Not much to say for this site because it is so simple.

too light at the top, although those are nice graphics.

I think that it has a pretty basic design, but the top navigation does not seem to fit in well.

Ok I get this error: Fatal error: Class 'ZipArchive' not found in /home/www/possal.freehostia.com/backup.php on line 3 When I use this code from php.net: <?php $zip = new ZipArchive(); $filename = "backup.zip"; if ($zip->open($filename, ZIPARCHIVE::CREATE)!==TRUE) { exit("cannot open <$filename>\n"); } $zip->addFromString("testfilephp.txt" . time(), "#1 This is a test string added as testfilephp.txt.\n"); $zip->addFromString("testfilephp2.txt" . time(), "#2 This is a test string added as testfilephp2.txt.\n"); $zip->addFile($thisdir . "/too.php","/testfromfile.php"); echo "numfiles: " . $zip->numFiles . "\n"; echo "status:" . $zip->status . "\n"; $zip->close(); ?> Just experimenting right now...

k thanks for your help. Should I change the php version? They have 4,5, and 6.

but is that code working?

well i g2g. I'll try to PM you later today. Thanks for all your help.

k all done.

im still working on it...

k ill try.

should i use the array they show for it?

k i changed it.

so get rid of the $title=$_POST[title] stuff?

i see one thing i left out at the end of code. It should be http://possal.freehostia.com/download.php?r=$rand instead of http://possal.100webspace.net/download.php?r=$rand

It is <? if(isset($_POST['postsubmit'])) { function RemoveXSS($val) { // remove all non-printable characters. CR(0a) and LF(0b) and TAB(9) are allowed // this prevents some character re-spacing such as <java\0script> // note that you have to handle splits with \n, \r, and \t later since they *are* allowed in some inputs $val = preg_replace('/([\x00-\x08,\x0b-\x0c,\x0e-\x19])/', '', $val); // straight replacements, the user should never need these since they're normal characters // this prevents like <IMG SRC=&#X40&#X61&#X76&#X61&#X73&#X63&#X72&#X69&#X70&#X74&#X3A&#X61&#X6C&#X65&#X72&#X74&#X28&#X27&#X58&#X53&#X53&#X27&#X29> $search = 'abcdefghijklmnopqrstuvwxyz'; $search .= 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'; $search .= '1234567890!@#$%^&*()'; $search .= '~`";:?+/={}[]-_|\'\\'; for ($i = 0; $i < strlen($search); $i++) { // ;? matches the ;, which is optional // 0{0,7} matches any padded zeros, which are optional and go up to 8 chars // &#x0040 @ search for the hex values $val = preg_replace('/(&#[xX]0{0,8}'.dechex(ord($search[$i])).';?)/i', $search[$i], $val); // with a ; // &#00064 @ 0{0,7} matches '0' zero to seven times $val = preg_replace('/(&#0{0,8}'.ord($search[$i]).';?)/', $search[$i], $val); // with a ; } // now the only remaining whitespace attacks are \t, \n, and \r $ra1 = Array('javascript', 'vbscript', 'expression', 'applet', 'meta', 'xml', 'blink', 'link', 'style', 'script', 'embed', 'object', 'iframe', 'frame', 'frameset', 'ilayer', 'layer', 'bgsound', 'title', 'base'); $ra2 = Array('onabort', 'onactivate', 'onafterprint', 'onafterupdate', 'onbeforeactivate', 'onbeforecopy', 'onbeforecut', 'onbeforedeactivate', 'onbeforeeditfocus', 'onbeforepaste', 'onbeforeprint', 'onbeforeunload', 'onbeforeupdate', 'onblur', 'onbounce', 'oncellchange', 'onchange', 'onclick', 'oncontextmenu', 'oncontrolselect', 'oncopy', 'oncut', 'ondataavailable', 'ondatasetchanged', 'ondatasetcomplete', 'ondblclick', 'ondeactivate', 'ondrag', 'ondragend', 'ondragenter', 'ondragleave', 'ondragover', 'ondragstart', 'ondrop', 'onerror', 'onerrorupdate', 'onfilterchange', 'onfinish', 'onfocus', 'onfocusin', 'onfocusout', 'onhelp', 'onkeydown', 'onkeypress', 'onkeyup', 'onlayoutcomplete', 'onload', 'onlosecapture', 'onmousedown', 'onmouseenter', 'onmouseleave', 'onmousemove', 'onmouseout', 'onmouseover', 'onmouseup', 'onmousewheel', 'onmove', 'onmoveend', 'onmovestart', 'onpaste', 'onpropertychange', 'onreadystatechange', 'onreset', 'onresize', 'onresizeend', 'onresizestart', 'onrowenter', 'onrowexit', 'onrowsdelete', 'onrowsinserted', 'onscroll', 'onselect', 'onselectionchange', 'onselectstart', 'onstart', 'onstop', 'onsubmit', 'onunload'); $ra = array_merge($ra1, $ra2); $found = true; // keep replacing as long as the previous round replaced something while ($found == true) { $val_before = $val; for ($i = 0; $i < sizeof($ra); $i++) { $pattern = '/'; for ($j = 0; $j < strlen($ra[$i]); $j++) { if ($j > 0) { $pattern .= '('; $pattern .= '(&#[xX]0{0,8}([9ab])'; $pattern .= '|'; $pattern .= '|(&#0{0,8}([9|10|13])'; $pattern .= ')*'; } $pattern .= $ra[$i][$j]; } $pattern .= '/i'; $replacement = substr($ra[$i], 0, 2).'<x>'.substr($ra[$i], 2); // add in <> to nerf the tag $val = preg_replace($pattern, $replacement, $val); // filter out the hex tags if ($val_before == $val) { // no replacements were made, so exit the loop $found = false; } } } return $val; } $title=$_POST["title"]; $price=$_POST["price"]; $message=$_POST["message"]; $user=$_SESSION["username"]; $num=$_POST["category"]; $state=$_POST["state"]; $ip=@$REMOTE_ADDR; $title=strip_tags(RemoveXSS(mysql_real_escape_string($_POST['title']))); $email=strip_tags(RemoveXSS(mysql_real_escape_string($_POST['email']))); $price=strip_tags(RemoveXSS(mysql_real_escape_string($_POST['price']))); if (!$_POST['title'] | !$_POST['message']) { die('You did not fill in a required field. <a href=javascript:history.back()>Re-try</a>'); } $rand2 = rand(1, 2000000000); $rand3 = rand(1, 2000000000); $state=strip_tags(RemoveXSS(mysql_real_escape_string($_POST['state']))); $_POST[message]=strip_tags(RemoveXSS(mysql_real_escape_string($_POST['message']))); $num=strip_tags(RemoveXSS(mysql_real_escape_string($_POST['category']))); if($_SESSION[username]=="" && $email=="")die("Enter an email address."); function edit_words($STRING,$bannedwords) { foreach($bannedwords as $key => $v) { $STRING = eregi_replace($v,"<p>",$STRING); } return $STRING; } $words = array(' '); // call it like this $uneditedString = "$_POST[message]"; $mfinal=edit_words($uneditedString,$words); if($userfile_name!=""){ if ($userfile_size >400000){die("File too large. Try to reduce the size.");} if ($userfile_type=="image/jpeg"||$userfile_type=="image/gif" ||$userfile_type=="image/png") { } else { die("Invalid File Type Used."); } $userfile_name="$rand2+$userfile_name"; $add="upload/$userfile_name"; if(move_uploaded_file ($userfile, $add)){ }else{ echo "Failed to upload file. Please try again. If problem persists, contact administrator by logging in and using the Personal Message System.";} } if($userfile2_name!=""){ if ($userfile2_size >400000){die("File too large. Try to reduce the size.");} if ($userfile2_type=="image/jpeg"||$userfile2_type=="image/gif" ||$userfile2_type=="image/png") { } else { die("Invalid File Type Used."); } if($userfile2_name!=""){ $userfile2_name="$rand3+$userfile2_name"; } $add2="upload/$userfile2_name"; if(move_uploaded_file ($userfile2, $add2)){ }else{echo "Failed to upload file. Please try again. If problem persists, contact administrator by logging in and using the Personal Message System.";} } $result = mysql_query("SELECT * FROM upload"); $start = mysql_num_rows($result); $start2 = rand(1,200); $start3 = mysql_num_rows($result)+7; $rand=$start+1+$start2+$start3; $query = "INSERT INTO upload (title, email, price, city, state, message, ip, usersubmit, rand, category, filename, filename2, rand2, rand3) "."VALUES ('$title', '$email', '$price', '$county', '$state','$mfinal', '$ip', '$user', '$rand', '$num', '$userfile_name', '$userfile2_name', '$rand2', '$rand3')"; mysql_query($query); echo "<br><b>Posted! Location: <a href='download.php?r=$rand'>http://possal.100webspace.net/download.php?r=$rand</a><p>Quick Find Code<p>$rand</b><br>"; } ?>

hmm... how would i fix that?

all done with the support folder

i was going to get rid of the /support folder anyways

ya i set it up

wow im stupid. LOL

How would I obtain $ext

hows this? if (!($userfile_type=="image/jpeg" OR $userfile_type=="image/png" OR $userfile_type=="image/gif")){ die("Please only upload JPEG, GIF, and PNG files.");}