drisate

If your talking abbout print("<tr>"); echo "<tr align=\"center\" bgcolor=\"#EFEFEF\">\n"; echo "<td class=\"td_id\">$variable20</td>\n"; echo "<td class=\"td_id\">$variable21</td>\n"; echo "<td class=\"td_id\">$variable22</td>\n"; echo "<td class=\"td_id\">$variable23</td>\n"; echo "<td class=\"td_id\">$variable24</td>\n"; print("</tr>"); It would help to have it in the while loop lol

Oh that makes sens lol thx for the help guys i think i can do something with everything submited here. And i still thinks your code should be stikyed somw how. I just relized your a moderator lol why not doing it hehe

Sorry CammyD i tryed to explain this as much as i can lol but if you wana do this you need some basics ... You should start by tutorials on MySQL SELECT

No problem ;-)

Always glad to help :-)

the problem most likly comes from header("Location: " . $config_basedir); the only thing i can see is $config_basedir is set to $config_basedir = "http://127.0.0.1/sites/forums/"; is that a good path?

$tpl -> AssignArray(array( "me.quote" => html_entity_decode(me("quote")), "me.header" => html_entity_decode(me("header")) ));

What is in include("dfconfig.php"); and what line is the error pointing at?

Making a search engine is very big to start with when your not an advanced php programmer. I sugest you to start from an already made open source programe and learn how it works and modify it to what you would like it to be. Hope fully you will learn alot on the process. http://www.hotscripts.com/PHP/Scripts_and_Programs/Search_Engines/index.html

I found a few as well Cross Site Scripting in forgot.php The POST variable u2 in forgot.php has been set to >'><ScRiPt%20%0a%0d>alert(is vulnerable)%3B</ScRiPt> and i got a positive alert box Blind SQL/XPath injection The POST variable p2 and yourcode in register.php is vulnerable SQL Injection http://www.rent-that-home.com/search.php?c='&s=1&page=1&AgentID=2&search_city=111-222-1933email@address.com&search_state=111-222-1933email@address.com&search_country=111-222-1933email@address.com&search_PropertyType=111-222-1933email@address.com&MinPrice=111-222-1933email@address.com&MaxPrice=111-222-1933email@address.com&rooms1=111-222-1933email@address.com&rooms2=111-222-1933email@address.com&bath1=111-222-1933email@address.com&bath2=111-222-1933email@address.com&before=111-222-1933email@address.com&school=111-222-1933email@address.com&transit=111-222-1933email@address.com&park=111-222-1933email@address.com&ocean_view=111-222-1933email@address.com&lake_view=111-222-1933email@address.com&mountain_view=111-222-1933email@address.com&ocean_waterfront=111-222-1933email@address.com&lake_waterfront=111-222-1933email@address.com&river_waterfront=111-222-1933email@address.com&city=111-222-1933email@address.com&p=111-222-1933email@address.com&r=111-222-1933email@address.com You should also be carfule to PHPSESSID session fixation attaks ... because i think your vulnerable to it. By injecting a custom PHPSESSID is possible to alter the PHP session cookie. I am currently having abbout the same problems on my beta board ... >.< it's a paine ...

The vars are cleaned to prevent attacks. If you would like to display the stuff back to html use this if (!function_exists("htmlspecialchars_decode")) { function htmlspecialchars_decode($string, $quote_style = ENT_COMPAT) { return strtr($string, array_flip(get_html_translation_table(HTML_SPECIALCHARS, $quote_style))); } } then decode your var ex: echo htmlspecialchars_decode($my_html);

if you wana show the stuff in your text area you have to tell him where to find it. most tables has a unique var we call id so you should start by finding out if you have one on your table. Let say you do have the id var to your table and you would like to see the row id number 5 in your textarea you would use id='5'

theres probably somthing wroung in your query use this $query = mysql_query("SELECT tblLodges.strLodgeName, tblLodges.intLodgeNumber, tblLodges.strDistrictName, tblLodges.strLodgeMailingCity, tblLodges.strLodgeMailingPostCode, tblLodges.strLodgeCounty, tblOfficers.strOfficerTitle, tblOfficers.strFirstName, tblOfficers.strLastName, tblOfficers.BusinessPhone, tblOfficers.PersEmail FROM tblLodges LEFT JOIN tblOfficers ON tblLodges.lngLodgeID = tblOfficers.lngLodgeID WHERE $metode LIKE '%$search%' LIMIT 0, 50") or die (mysql_error()); it should point you the error and for the while ($row = mysql_fetch_array($query)) { you should use if (mysql_num_rows($query)) { while ($row = mysql_fetch_array($query)){ $variable1=$row["strOfficerTitle"]; $variable2=$row["strFirstName"]; $variable3=$row["strLastName"]; $variable4=$row["PersEmail"]; $variable5=$row["BusinessPhone"]; //table layout for results print ("<tr>"); echo "<tr align=\"center\" bgcolor=\"#EFEFEF\">\n"; echo "<td class=\"td_id\">$variable1</td>\n"; echo "<td class=\"td_id\">$variable2</td>\n"; echo "<td class=\"td_id\">$variable3</td>\n"; echo "<td class=\"td_id\">$variable4</td>\n"; echo "<td class=\"td_id\">$variable5</td>\n"; print ("</tr>"); } }

weird and this http://versatilebb.com/demo/dereferrer.php?url=http://versatilebb.com/demo/dereferrer.php returns No URL provided! lol

Can you be more specific ... what's the error you get where is the error located what is the where definition you used ...

<?php include="info.php"; $name_of_table=""; $the_where_definition="this='that'"; ?> <form action="process.php" method="post"> <textarea name="text"> <?php echo @current(@mysql_fetch_assoc(@mysql_query("SELECT * FROM $name_of_table WHERE $the_where_definition"))); ?> </textarea> </br><input type="submit" /> </form> Just change the 2 vars on top for the name of the table and the where definition Ex id='1'

It works but if you type http://versatilebb.com/demo/dereferrer.php?url=>"><ScRiPt%20%0a%0d>alert(380609953)%3B</ScRiPt> you get Warning: Header may not contain more than a single header, new line detected. in /home/versatil/public_html/demo/dereferrer.php on line 20 -> 19 if(strlen($url)){ -> 20 header('Location: ' . $url); -> 21 exit();

You can do that by doing something like this $texte = @current(@mysql_fetch_assoc(@mysql_query("SELECT * FROM tableWHERE this='that"))); echo '<textarea rows="2" name="name" cols="20">'.$texte.'</textarea>';

Yeah much better lol I would greatly appreciate one or 2 like you on my dev team for versatilbb lol I get this message Parse error: syntax error, unexpected T_IF in /home/versatil/public_html/demo/dereferrer.php on line 18 17 -> $url = isset($_GET) && isset($_GET['url']) ? $_GET['url'] : $HTTP_GET_VARS['url'] 18 -> if(strlen($url)){ 19 -> header('Location: ' . $url); never mind just saw you where missing a ; Now i get this Warning: Header may not contain more than a single header, new line detected. in /home/versatil/public_html/demo/dereferrer.php on line 19

Yeah if (isset($_GET)) { $url=$_GET['url']; } else { $url=$HTP_GET_VARS['url']; } $url=urldecode($url); $url=urldecode($url); $url=stripslashes($url); //$url=eregi_replace("\/\/\/","",$url); $url=eregi_replace("\&quot\;","\"",$url); $url=eregi_replace("^([\"\']*)(.*)([\"\']*)$","\\2",$url); $url=eregi_replace("(.*)\\\'$","\\1",$url); if (ereg("://", $url)) { echo "<meta http-equiv=\"refresh\" content=\"0; URL=" . $url ."\">"; } else { echo "<meta http-equiv=\"refresh\" content=\"0; URL=http://". $url . "\">"; }

I applyed the change but for somereason it's not fully working http://versatilebb.com/demo/dereferrer.php?url=>"><ScRiPt%20%0a%0d>alert(380609953)%3B</ScRiPt> i used this at the bigining of my central page /** * Multi-use function for cleaning user data. Can be used to clean * entire arrays or a single value. * @param array|scalar Data to clean * @param [bool] true to trim * @param [bool] true to mysql_real_escape_string */ function my_super_clean($data, $trim = true, $mysql_escape = true){ // We don't want to call get_magic_quotes_gpc() more than once // so we use a static variable static $gpc_on = null; $gpc_on = $gpc_on === null ? get_magic_quotes_gpc() : $gpc_on; // $data can be an array or a single value if(is_array($data)){ foreach($data as $k => $v){ $data[$k] = my_super_clean($v); } }else{ // Do we stripslashes? $data = $gpc_on ? stripslashes($data) : $data; // Do we trim? $data = $trim ? trim($data) : $data; // Do we prepare for database if($mysql_escape){ // If the value is numeric we do not have to escape it // or enclose it in single quotes. // If the value is not numeric we must enclose in single // quotes and escape $data = is_numeric($data) ? $data : "'" . mysql_real_escape_string($data) . "'"; } } return $data; } function super_clean_auto_globals(){ $g = Array( '_POST', '_GET', '_COOKIE', '_REQUEST' ); foreach($g as $v){ // trim() but not mysql_real_escape_string() ${$v} = my_super_clean(${$v}, true, false); } } super_clean_auto_globals();

omg thanks! This is perfect from a to z and yes this would be great for a sticky version. I am gona PM a few moderators untile one does lol thanks a lot. VersatileBB should be fine using that. But i do have one question abbout function insert_db($val1, $val2, $val3){ $Clean = Array(); $Clean['col1'] = my_super_clean($val1); $Clean['col2'] = my_super_clean($val2); $Clean['col3'] = my_super_clean($val3); $sql = " INSERT INTO `table` (`col1`, `col2`, `col3`) VALUES ( {$Clean['col1']}, {$Clean['col2']}, {$Clean['col3']} ) "; $q = mysql_query($sql); // finish up the function } Why would you use that if everything is already filtred by using super_clean_auto_globals();?

This is frustrating hehe i can't release the code before i get it secured ... If i can get this 100% working i am gona contact a moderator to stiky a topic with it because theres alot of questions abbout XSS protection. And this code is fast and global. You just have to run it at the bigining of every pages

haha

This is what i use when i wana send an email function send_mail($to, $body, $subject, $fromaddress, $fromname){ $eol="\r\n"; $mime_boundary=md5(time()); # Common Headers $headers .= "From: ".$fromname."<".$fromaddress.">".$eol; $headers .= "Reply-To: ".$fromname."<".$fromaddress.">".$eol; $headers .= "Return-Path: ".$fromname."<".$fromaddress.">".$eol; // these two to set reply address $headers .= "Message-ID: <".time()."-".$fromaddress.">".$eol; $headers .= "X-Mailer: PHP v".phpversion().$eol; // These two to help avoid spam-filters # Boundry for marking the split & Multitype Headers $headers .= 'MIME-Version: 1.0'.$eol.$eol; $headers .= "Content-Type: multipart/mixed; boundary=\"".$mime_boundary."\"".$eol.$eol; # Open the first part of the mail $msg = "--".$mime_boundary.$eol; $htmlalt_mime_boundary = $mime_boundary."_htmlalt"; //we must define a different MIME boundary for this section # Setup for text OR html - $msg .= "Content-Type: multipart/alternative; boundary=\"".$htmlalt_mime_boundary."\"".$eol.$eol; # Text Version $msg .= "--".$htmlalt_mime_boundary.$eol; $msg .= "Content-Type: text/plain; charset=iso-8859-1".$eol; $msg .= "Content-Transfer-Encoding: 8bit".$eol.$eol; $msg .= strip_tags(str_replace("<br>", "\n", substr($body, (strpos($body, "<body>")+6)))).$eol.$eol; # HTML Version $msg .= "--".$htmlalt_mime_boundary.$eol; $msg .= "Content-Type: text/html; charset=iso-8859-1".$eol; $msg .= "Content-Transfer-Encoding: 8bit".$eol.$eol; $msg .= $body.$eol.$eol; //close the html/plain text alternate portion $msg .= "--".$htmlalt_mime_boundary."--".$eol.$eol; # Finished $msg .= "--".$mime_boundary."--".$eol.$eol; // finish with two eol's for better security. see Injection. # SEND THE EMAIL ini_set(sendmail_from,$fromaddress); // the INI lines are to force the From Address to be used ! $mail_sent = mail($to, $subject, $msg, $headers); ini_restore(sendmail_from); return $mail_sent ? "Mail sent" : "Mail failed"; } //And i use this to use it $subject = ""; $message = ""; $from = ""; $to = ""; $fromname = "Me"; $me=send_mail($to, $message, $subject, $from, $fromname); if ($me=="Mail sent"){echo"Mail Sent"; }else{ echo"<font color='#FF0000'><b>Allert! Email has not been sent!</b></font>"; }