magebash
-
Posts
72 -
Joined
-
Last visited
Never
Posts posted by magebash
-
-
i have decided to use the new one. on all of them
-
I am just testing out the code on this website before I post it out to a "paid" host, and was wondering what could be improved graphics wise on it. I am definitely no expert on web design, so be rough on me and tell me what I need to improve or change. I know there are CSS/Html errors, so no need to warn me about those. I was just wondering how I could improve the layout/graphics. Any comments would be appreciated. I need to know which one looks better. Thanks. Here are the URLs:
#1 http://possal.freehostia.com (older version)
#2 http://possal.freehostia.com/index2.php (newer version)
Thanks.
-
I am not good at design either, but I don't think the "FreeUnlimitedTexts" page background fits in too well. The background is distracting, and it keeps drawing my attention. For this kind of site I would stay away from the darker colors, but this is just my opinion. The logo could be a bit more "upgraded". For the lack of content it does have some good stuff though.
TorrentSafari.com
------------------------
Not much to say for this site because it is so simple.
-
too light at the top, although those are nice graphics.
-
I think that it has a pretty basic design, but the top navigation does not seem to fit in well.
-
Ok I get this error:
Fatal error: Class 'ZipArchive' not found in /home/www/possal.freehostia.com/backup.php on line 3
When I use this code from php.net:
<?php $zip = new ZipArchive(); $filename = "backup.zip"; if ($zip->open($filename, ZIPARCHIVE::CREATE)!==TRUE) { exit("cannot open <$filename>\n"); } $zip->addFromString("testfilephp.txt" . time(), "#1 This is a test string added as testfilephp.txt.\n"); $zip->addFromString("testfilephp2.txt" . time(), "#2 This is a test string added as testfilephp2.txt.\n"); $zip->addFile($thisdir . "/too.php","/testfromfile.php"); echo "numfiles: " . $zip->numFiles . "\n"; echo "status:" . $zip->status . "\n"; $zip->close(); ?>Just experimenting right now...
-
k thanks for your help. Should I change the php version? They have 4,5, and 6.
-
but is that code working?
-
well i g2g. I'll try to PM you later today. Thanks for all your help.
-
k all done.
-
im still working on it...
-
k ill try.
-
should i use the array they show for it?
-
k i changed it.
-
so get rid of the $title=$_POST[title] stuff?
-
i see one thing i left out at the end of code.
It should be http://possal.freehostia.com/download.php?r=$rand
instead of
http://possal.100webspace.net/download.php?r=$rand
-
It is
<? if(isset($_POST['postsubmit'])) { function RemoveXSS($val) { // remove all non-printable characters. CR(0a) and LF(0b) and TAB(9) are allowed // this prevents some character re-spacing such as <java\0script> // note that you have to handle splits with \n, \r, and \t later since they *are* allowed in some inputs $val = preg_replace('/([\x00-\x08,\x0b-\x0c,\x0e-\x19])/', '', $val); // straight replacements, the user should never need these since they're normal characters // this prevents like <IMG SRC=@avascript:alert('XSS')> $search = 'abcdefghijklmnopqrstuvwxyz'; $search .= 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'; $search .= '1234567890!@#$%^&*()'; $search .= '~`";:?+/={}[]-_|\'\\'; for ($i = 0; $i < strlen($search); $i++) { // ;? matches the ;, which is optional // 0{0,7} matches any padded zeros, which are optional and go up to 8 chars // @ @ search for the hex values $val = preg_replace('/(&#[xX]0{0,8}'.dechex(ord($search[$i])).';?)/i', $search[$i], $val); // with a ; // @ @ 0{0,7} matches '0' zero to seven times $val = preg_replace('/(�{0,8}'.ord($search[$i]).';?)/', $search[$i], $val); // with a ; } // now the only remaining whitespace attacks are \t, \n, and \r $ra1 = Array('javascript', 'vbscript', 'expression', 'applet', 'meta', 'xml', 'blink', 'link', 'style', 'script', 'embed', 'object', 'iframe', 'frame', 'frameset', 'ilayer', 'layer', 'bgsound', 'title', 'base'); $ra2 = Array('onabort', 'onactivate', 'onafterprint', 'onafterupdate', 'onbeforeactivate', 'onbeforecopy', 'onbeforecut', 'onbeforedeactivate', 'onbeforeeditfocus', 'onbeforepaste', 'onbeforeprint', 'onbeforeunload', 'onbeforeupdate', 'onblur', 'onbounce', 'oncellchange', 'onchange', 'onclick', 'oncontextmenu', 'oncontrolselect', 'oncopy', 'oncut', 'ondataavailable', 'ondatasetchanged', 'ondatasetcomplete', 'ondblclick', 'ondeactivate', 'ondrag', 'ondragend', 'ondragenter', 'ondragleave', 'ondragover', 'ondragstart', 'ondrop', 'onerror', 'onerrorupdate', 'onfilterchange', 'onfinish', 'onfocus', 'onfocusin', 'onfocusout', 'onhelp', 'onkeydown', 'onkeypress', 'onkeyup', 'onlayoutcomplete', 'onload', 'onlosecapture', 'onmousedown', 'onmouseenter', 'onmouseleave', 'onmousemove', 'onmouseout', 'onmouseover', 'onmouseup', 'onmousewheel', 'onmove', 'onmoveend', 'onmovestart', 'onpaste', 'onpropertychange', 'onreadystatechange', 'onreset', 'onresize', 'onresizeend', 'onresizestart', 'onrowenter', 'onrowexit', 'onrowsdelete', 'onrowsinserted', 'onscroll', 'onselect', 'onselectionchange', 'onselectstart', 'onstart', 'onstop', 'onsubmit', 'onunload'); $ra = array_merge($ra1, $ra2); $found = true; // keep replacing as long as the previous round replaced something while ($found == true) { $val_before = $val; for ($i = 0; $i < sizeof($ra); $i++) { $pattern = '/'; for ($j = 0; $j < strlen($ra[$i]); $j++) { if ($j > 0) { $pattern .= '('; $pattern .= '(&#[xX]0{0,8}([9ab])'; $pattern .= '|'; $pattern .= '|(�{0,8}([9|10|13])'; $pattern .= ')*'; } $pattern .= $ra[$i][$j]; } $pattern .= '/i'; $replacement = substr($ra[$i], 0, 2).'<x>'.substr($ra[$i], 2); // add in <> to nerf the tag $val = preg_replace($pattern, $replacement, $val); // filter out the hex tags if ($val_before == $val) { // no replacements were made, so exit the loop $found = false; } } } return $val; } $title=$_POST["title"]; $price=$_POST["price"]; $message=$_POST["message"]; $user=$_SESSION["username"]; $num=$_POST["category"]; $state=$_POST["state"]; $ip=@$REMOTE_ADDR; $title=strip_tags(RemoveXSS(mysql_real_escape_string($_POST['title']))); $email=strip_tags(RemoveXSS(mysql_real_escape_string($_POST['email']))); $price=strip_tags(RemoveXSS(mysql_real_escape_string($_POST['price']))); if (!$_POST['title'] | !$_POST['message']) { die('You did not fill in a required field. <a href=javascript:history.back()>Re-try</a>'); } $rand2 = rand(1, 2000000000); $rand3 = rand(1, 2000000000); $state=strip_tags(RemoveXSS(mysql_real_escape_string($_POST['state']))); $_POST[message]=strip_tags(RemoveXSS(mysql_real_escape_string($_POST['message']))); $num=strip_tags(RemoveXSS(mysql_real_escape_string($_POST['category']))); if($_SESSION[username]=="" && $email=="")die("Enter an email address."); function edit_words($STRING,$bannedwords) { foreach($bannedwords as $key => $v) { $STRING = eregi_replace($v,"<p>",$STRING); } return $STRING; } $words = array(' '); // call it like this $uneditedString = "$_POST[message]"; $mfinal=edit_words($uneditedString,$words); if($userfile_name!=""){ if ($userfile_size >400000){die("File too large. Try to reduce the size.");} if ($userfile_type=="image/jpeg"||$userfile_type=="image/gif" ||$userfile_type=="image/png") { } else { die("Invalid File Type Used."); } $userfile_name="$rand2+$userfile_name"; $add="upload/$userfile_name"; if(move_uploaded_file ($userfile, $add)){ }else{ echo "Failed to upload file. Please try again. If problem persists, contact administrator by logging in and using the Personal Message System.";} } if($userfile2_name!=""){ if ($userfile2_size >400000){die("File too large. Try to reduce the size.");} if ($userfile2_type=="image/jpeg"||$userfile2_type=="image/gif" ||$userfile2_type=="image/png") { } else { die("Invalid File Type Used."); } if($userfile2_name!=""){ $userfile2_name="$rand3+$userfile2_name"; } $add2="upload/$userfile2_name"; if(move_uploaded_file ($userfile2, $add2)){ }else{echo "Failed to upload file. Please try again. If problem persists, contact administrator by logging in and using the Personal Message System.";} } $result = mysql_query("SELECT * FROM upload"); $start = mysql_num_rows($result); $start2 = rand(1,200); $start3 = mysql_num_rows($result)+7; $rand=$start+1+$start2+$start3; $query = "INSERT INTO upload (title, email, price, city, state, message, ip, usersubmit, rand, category, filename, filename2, rand2, rand3) "."VALUES ('$title', '$email', '$price', '$county', '$state','$mfinal', '$ip', '$user', '$rand', '$num', '$userfile_name', '$userfile2_name', '$rand2', '$rand3')"; mysql_query($query); echo "<br><b>Posted! Location: <a href='download.php?r=$rand'>http://possal.100webspace.net/download.php?r=$rand</a><p>Quick Find Code<p>$rand</b><br>"; } ?> -
hmm... how would i fix that?
-
all done with the support folder
-
i was going to get rid of the /support folder anyways
-
ya i set it up
-
wow im stupid. LOL
-
How would I obtain $ext
-
hows this?
if (!($userfile_type=="image/jpeg" OR $userfile_type=="image/png" OR $userfile_type=="image/gif")){ die("Please only upload JPEG, GIF, and PNG files.");}
Site Errors
in Website Critique
Posted
maybe you saved the duplicates in different folders therefore messing up the links. Try looking at the image URLs in the html code of your pages.