regdude

Most reasonable explaination That's why those guys are running and thaking him with them. But, what is that other photographer doing then? I guess the bomb started to beep

Hi! Here is a pic - The picture What's so funny about it? The topic of this picture is "Maybe not the smartest idea". Thought that guy is beeing robbed, but not logical :/ Thought something fell down from the sky (satallite?) and isn't suppose to be photographed, but what is it then?

No. Thats why I said I haven't did anything to php.ini As I read an article then PHP uses a builtin server. I also have a linux server that has sendmail. Also there I didn't do anything to php.ini, but the mail seems to be sent from phpbb forum (sometimes), but not from the example script.

I don't think here is a php error. Anyway, with error repoting there are no errors still. I haven't did anything to php.ini!

Hi! I'm using PHP6 and I'm having problems with sending a mail. <?php $Name = "Da Duder"; //senders name $email = "email@adress.com"; //senders e-mail adress $recipient = "PersonWhoGetsIt@emailadress.com"; //recipient $mail_body = "The text for the mail..."; //mail body $subject = "Subject for reviever"; //subject $header = "From: ". $Name . " <" . $email . ">\r\n"; //optional headerfields mail($recipient, $subject, $mail_body, $header); //mail command ?> This is a simple example and it doesn't work on my windows xp :/ (mail just doesn't come) Why is that?

This is lighttpd Ok, but I ran in to a problem anyway, the virtual host syntax differs. This is how it looks it lighttpd: $HTTP["host"] == "x" { server.document-root = "/var/www/x/htdocs" server.errorlog = "/var/log/lighttpd/x/error.log" accesslog.filename = "/var/log/lighttpd/x/access.log" server.error-handler-404 = "/error.php" } Also, .htaccess with: php_value open_basedir "/var/www/music.ngames.lv/htdocs" doesn't work, the shell still has access out of the virtual host.

Well, the problem is that a PHP shell can get to the actual root of the system which also includes access to all other virtual hosts on this web server. I need to disallow access from one virtual host to another. Safe-mode does this, but that makes problems to available intergrated PHP functions. Can I use open_basedir with virtual hosts? I got this setting wrong and as a result I had a 404 error everywhere. Maybe .htaccess in the root of virtual host could do the trick?

I found that safe-mode makes things like I like with the directory lock. But safe-mode makes some of the functions not to work. Is there a specific option for this way of security?

Hi! I recently got a shell code on my Lighttpd web server that uses many virtaul hosts. The php shell code was on one of these virtual hosts, but it had access on all other virtaul hosts and linux files. How could I disallow access out of the folder (like in FTP, you can't see previous directories)?

What kind of a connection problem? I think this is a charset encoding problem, because the MySQL text shows from "ā" to a "russian-d". But there is also a file charset, but don't know if that can effect.

Hi! I just got a website that I need to set up. The problem is that it is a flash page that also includes PHP with MySQL. The website has 2 parts, one part is the viewable part by anyone, the second is admin page (not flash, only PHP and HTML) where you can edit info in MySQL. Everything is readable and can be sent to MySQL fine, without any "unknown chars", but the same text has problems in the first part of website, where all info is in a flash. But there is a weird thing (mostly logical) - text, that is in flash it self and isn't taken from MySQL is readable normally, but at the same time MySQL text isn't readable. So what I must do is find a charset that understands the flash page, because I can change the charset in the admin page, but I don't think there is a way to get this charset. Any tips how could I found this charset?

Thanks! I simply changed the collation in tables. Because...

I add all the values in the DB manually. Like I said there is 'Username123' etc. I need to tell the login script to check if the username is the same even with case-sensitive, because now it doesn't check that.

Inserting? <form action='logingo' method='post' /> <center> <table> <tr> <td>Username: </td> <td><input type='text' name='username' size='15' maxlength='20' /></td> </tr> <tr> <td>Password:</td> <td><input type='password' name='password' size='17' maxlength='30' /></td> </tr> <tr> <td></td> <td><input type='submit' value='Login' /></td> </tr> </table>

Hi! I have made a login script. It uses DB to get username and password. But there is a problem with capital letters. If I use, lets say, 'Username123' then I can get in the site behind login because this is in the DB, but if I use 'username123' I can also get in to the site. (The script works for checking if password or username is correct). $password = $_POST['password']; $username = addslashes($_POST['username']); $password = md5($password); $result = mysql_db_query($db, "SELECT * FROM users WHERE username='$username' AND password='$password'"); if (mysql_num_rows($result) == 1) { //... redirect. }

Try this: UPDATE table name1='Bob', name2='Sarah', name3='John' WHERE id=1

Hi! I'm trying to make a script that will read numbers (like 1012) from the DB where their format are something like this: 1012, 1014, 1105, 1022, 1091, 1001... And with these numbers add it in an array. Now I'm not doing this in PHP, but it's still similar, in an array(something like this: array[2][6]) I need to store all those numbers. Also I want to make a script that will store these values from the array in to the DB, with an exception (0). Any ideas?

Ok, I did a simple thing, products.php: <?php echo $_GET['id']; ?> .htaccess: RewriteRule ^/products/([0-9]+) /products.php?id=$1 When I enter http://localhost/products/1 - it should return value 1, but it doesn't. Btw, is it safe using this way?

Isn't this possible with other HTTP servers? like lighttpd? it also has mod_rewrite. And isn't this dangerous to use mod_rewrite? As I remeber there was a remote exploit using this module.

Hi! I have been noticing that many websites have this kind of a URL: http://web.com/user/someone123 Wanted to know what is this thing called?

Hi! I'm using PHPBB2 and decided to make some modifications. There is this script that I would like to put in the PHPBB, but it seems to be too hard for me. I guess there is only a function missing or a wrong syntax. if (mysql_num_rows($result)) { while ($qry = mysql_fetch_array($result)) { echo "<a href=..profile.php?id=$qry[id]>$plrname</a> / $score <br />"; } } else { echo "$plrname / $score <br />"; } In upper part there's only a script that checks if the user is in DB, so the idea is that this script gets the ID of user if its in the DB. What I want to do is put all this in something like this: 'PLAYERINFO' => $players so I can use this info in PHPBB. The script output should loke like this: (link)regdude / 10 (link)somedude / 25 nonedude / 0

Hi! Recently I found a site - hackthissite.org It's a site where you can test your hacking skills. But I'm not here to spam about that site, but I'm more worried about my own security. I have been working on a simple admin page where I can edit info that comes from MySQL and is shown to people world wide in a diferent web(like an admin cp). My past could go bit in time when everything had holes and it was actually easy to hack a beginner in PHP, times changed and most of PHP bugs ar fixed and thank god, because that guy could be me now. There are some similar things in that site that I used(I found some tutorials and used them, kinda funny ^^) and now makes me worry, because everything seems to be buggy after that test. For starters, I have a simple page that uses $_GET and it looks something like this: stuff.php?page=1. Hack showed that it is possible to make a SQL injection at the end, after '1'. That didn't work, because there were no connections with page numbers or the content. Then comes login script... this makes me worry :/ My login script is the simplest you can imagine - checks if the password matches with the hashed(md5) password in the DB, no sesids or cookies. Now this could be a big hole, but sessions should do it, right? I'm not sure how sessions work, once I made a site that had sessions, but after reading tutorials in this forum about security(about session id's) I found that there are session id's and they can be regenerated. Now this I don't understand and it would be nice if someone would explain me or give me a diferent tutorial about that. Next thing was SQL injections in a registration form - mysql_real_escape_string was the answer, but what can I to not mess up the DB, because after mysql_real_escape_string there will be '?' in the username place, how could reject this? Is there anything else I should need to know making my websites? (I don't use XSS, javascript. I use HTML, MySQL, PHP, CSS)

Hi! I have been working on a paging system for a while. I came up how to tell which page I am on and how to tell how many pages will be needed for X articles using "CEIL" etc. Now I am stuck! Can't figure out how could I tell the script to pick the right articles from DB. This could be a lot easier if there were not a "visible" option that makes a choice to show the article or not. I used OFFSET, LIMIT but couldn't simply figure out how can I make this work. Maybe someone has a simple and a good example for this?

Ok, thanks!

Yeah, i know that, but i want the biggest ID - one number. I further need it for use. $biggestID = ...;