Jump to content

DeanWhitehouse

Members
 View Profile  See their activity

  • Posts

    2,527

  • Joined

  • Last visited

 Content Type 

Posts posted by DeanWhitehouse

    Security Test - American Gangsters

    in Beta Test Your Stuff!

    Posted

    Please can anyone run some security tests on my site, i believe i have covered everything to protect it.

     

    On the site the main things i want to be safe against are things like RFI, cross-server attack, sql attacks and in game exploits.

     

    Any loop holes can be posted here, on the site, or PM(ed) to me on either site.

     

    The site is

    http://www.americangangsters.org/

     

    Username: test

    password: tester

     

    Here is another thing to test

    http://www.americangangsters.org/airport.php

    Go there without logging in, and it redirects to the home page then back there when you log in, should i store the previous page in sessions?

     

    Thanks,

    Blade

     

    Site not logging out

    in PHP Coding Help

    Posted

    This is how long a session lives

     

    ini_set("session.gc_maxlifetime",1800);

     

    And yeah i was planning on implementing a auto logout script.

     

    I verified the ini_set by using ini_get and no i didn't restart as its done on the fly.

     

    Site not logging out

    in PHP Coding Help

    Posted

    Can anyone confirm and offer a reason as to why my websites sessions are not ending after 30 minutes, or when the browser is closed.

     

    The site is

    http://www.americangangsters.org/

    Username:test

    Pass:tester

     

    I have even set the ini file (using php ini_set) for session lifetime to 30 mins.

     

    Also i set lifetime to 1 second and relogged in and then waited ten minutes (or more) before refreshing and i was still logged in :s

     

    Here is some of my security code involving sessions

     

    ## Session stealing ##	
	ini_set("session.cookie_httponly",true);
	ini_set("session.use_only_cookies",1);
	ini_set("session.use_trans_sid",0);
	ini_set("session.gc_maxlifetime",1800);
	#ini_set("session.save_path") ## Adjust to change the session save path

     

    I have only tested this in firefox (3.0.10)

    Any ideas please?

    I f*****g E is stupid and doesn't like me XD

    in Javascript Help

    Posted

    At the top

    function GetXmlHttpObject()
{
   try
   {
      // Firefox, Opera 8.0+, Safari
      xmlHttp=new XMLHttpRequest();
   }
   catch (e)
   {
      // Internet Explorer
      try
      {
         xmlHttp=new ActiveXObject("Msxml2.XMLHTTP");
      }
      catch (e)
      {
         xmlHttp=new ActiveXObject("Microsoft.XMLHTTP");
      }
   }
   return xmlHttp;
}

     

    I f*****g E is stupid and doesn't like me XD

    in Javascript Help

    Posted

    This works fine in FF and there JS debugger finds no problems, whereas in IE if i enter 3+ chars it does nothing and just says error on page , then runtime error :s

     

    Any ideas please?

     

    Site is

    http://www.americangangsters.org/find.php

     

    User: Test

    Pass: tester

     

     

    <script type="text/javascript">
var xmlHttp=null;

function GetXmlHttpObject()
{
try
{
	// Firefox, Opera 8.0+, Safari
	xmlHttp=new XMLHttpRequest();
}
catch (e)
{
	// Internet Explorer
	try
	{
		xmlHttp=new ActiveXObject("Msxml2.XMLHTTP");
	}
	catch (e)
	{
		xmlHttp=new ActiveXObject("Microsoft.XMLHTTP");
	}
}
return xmlHttp;
}

function stateChanged() 
{ 
document.getElementById("Js").innerHTML = '<td colspan="2" id="SearchResults"></td>';

document.getElementById("SearchResults").innerHTML = "<img align='middle' src='./images/loading.gif'/>";

if (xmlHttp.readyState == 4)
{ 
	document.getElementById("SearchResults").innerHTML = xmlHttp.responseText;
}
}

function trim(str)
{
var s;
s = str.replace(/^(\s)*/, '');
s = s.replace(/(\s)*$/, '');
    return s;
}


function UserSearch(Find)
{

Find = trim(Find);

if(Find.length == 0)
{
	document.getElementById("Warning").innerHTML = "";
	if(document.getElementById("SearchResults") != null)
	{
		if(document.getElementById("SearchResults").innerHTML  == "<img align='middle' src='./images/loading.gif'/>")
		{
			document.getElementById("Js").innerHTML = '';

			document.getElementById("SearchResults").innerHTML = "";
		}
	}
	return;
}
else if(Find.length < 3)
{ 
	document.getElementById("Warning").innerHTML = "Enter 3 or more characters to begin searching";
	if(document.getElementById("SearchResults") != null)
	{
		if(document.getElementById("SearchResults").innerHTML  == "<img align='middle' src='./images/loading.gif'/>")
		{
			document.getElementById("Js").innerHTML = '';

			document.getElementById("SearchResults").innerHTML = "";
		}
	}
	return;
}
else
{
	document.getElementById("Warning").innerHTML = "";

	xmlHttp = GetXmlHttpObject();

	if (xmlHttp==null)
	{
		alert ("Your browser does not support AJAX!, Please consider updating your browser");
		return;
	} 

	var url="./Ajax/FindUser.php?user="+Find;
	xmlHttp.onreadystatechange = stateChanged;
	xmlHttp.open("GET",url,true);
	xmlHttp.send(null);
}
}

function ChangeSearch(type)
{
if(type == true)
{
	document.getElementById("users_username").attributes["onkeyup"].value = "UserSearch(this.value)";	
	docuemnt.getElementById("form1").attributes["action"].value = "";
	document.getElementById("form1").attributes["onsubmit"].value = "";
}
else
{
	document.getElementById("users_username").attributes["onkeyup"].value = "";	
	document.getElementById("form1").attributes["action"].value = "javascript:void()";
	document.getElementById("form1").attributes["onsubmit"].value = "UserSearch(document.form1.users.value)";
}
}

function Init()
{
document.getElementById("js").innerHTML = 'Search While Typing <input type="checkbox" checked="checked" onchange="ChangeSearch(this.checked)">';
}
</script>
</head>
<body onload="Init()">

    [SOLVED] Counting Code, probs pretty simple

    in PHP Coding Help

    Posted

    Heya once more,

     

    I wrote a blackjack code a while back as some of you may remember but i am finding a bug in this function

     

    <?php
function getTotal($player)
{

	$current_total = 0;

	$new_total = 0;

	//$ace_total = 0;


	foreach($player as $counting)
	{

		$current_total += $counting['value'];

	}

	foreach($player as $counting)
	{

		if($counting['value'] == 1 && $new_total < 11 && ($new_total  + 11) <= 21)
			$counting['value'] = 11;
		elseif($counting['value'] == 11 && $new_total >= 11 && $new_total + 1 <= 21)
			$counting['value'] = 1;

		$new_total += $counting['value'];

	}

	return $new_total;

}
?>

     

    The function, will count the value of the cards in your hand. Now the problem, the function counts the cards in the order they are in and the problem with this is that it needs to determine whether an ace is worth 1 or 11 by counting the value of the other cards, see the problem, if it counts the ace first it will make it 11 then that can make a player bust as they then might have a 8 and a 3 with it in which it should count ace as 1.

     

    Ok, hope that made sense, if not please say.

     

    Any ideas how to fix this, cus i thought i had but odviously not

     

    Thanks,

    Blade

    [SOLVED] Catchable fatal error: Object of class Message could not be converted to string

    in PHP Coding Help

    Posted

    Hey guys,

    Once again i have got stuck on OOP , i don't know why this error is occuring but it is.

     

    Here is my code, it is long so below it i have posted the exact line.

     

    This is inside a class, called message.

     

    <?php
function Send($subject,$message,$to,$from = 0,$check = false,$Alert = false,$read = false)
{
	if(!is_numeric($from))
	{
		$from = GetUserId($from);					
	}

	if(!is_numeric($to))
	{
		$to = GetUserId($to);
	}

	$to = mysql_real_escape_string($to);
	$from = mysql_real_escape_string($from);
	$message = $message;
	$subject = mysql_real_escape_string($subject);		

	$alert = mysql_query("SELECT pm_alert FROM user_preferences WHERE user_id = '".$to."' AND pm_alert = '1' LIMIT 1");

	if(mysql_num_rows($alert) == 1 || $Alert != false)
	{	
		$email = mysql_query("SELECT email FROM user_details WHERE id = '".$to."'");
		$email = mysql_fetch_assoc($email);
		$email = $email['email'];

		$Mail_sub = "New Private Message";

		$Mail_bod = "You have recieved a new private message, you can view the entire message at <a href=\"http://www.americangangsters.org/inbox.php\">http://www.americangangsters.org/inbox.php</a>\r\n<br>The message is from ".CreateUserLink($from)." and reads \r\n<br> ".secure(substr($message,0,(strlen($message) / 2)));

		$Mail_headers  = 'MIME-Version: 1.0' . "\r\n";
		$Mail_headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";

		// Additional headers
		$Mail_headers .= 'To: '.GetUserName($to).' <'.$email.'> ' . "\r\n";
		$Mail_headers .= 'From: American Gangsters <blade280891@americangangsters.org>' . "\r\n";

		mail($email,$Mail_sub,$Mail_bod,$Mail_headers);

	}

	if($check == true)
	{

		$subject = trim($subject);
		$message = trim($message);

		$from = trim($from);
		$to = trim($to);

		if(strlen($to) == 0)
			return "<center>Enter a recipient</center>";
		elseif(strlen($subject) == 0)
			return "<center>Enter a subject</center>";
		elseif(strlen($message) == 0)
			return "<center>Enter a message</center>";
		elseif($from == $to)
			return "<center>You can't send to yourself</center>";
		else
		{	
			if($read == true)
			{
				$sql = mysql_query("INSERT INTO user_messages (recipient_id,sender_id,title,body,read_recipt) VALUES ('".$to."','".$from."','".$subject."','".$message."','1')");
			}
			else
			{
				$sql = mysql_query("INSERT INTO user_messages (recipient_id,sender_id,title,body) VALUES ('".$to."','".$from."','".$subject."','".$message."')");
			}

			$sql = mysql_query("INSERT INTO user_messages (recipient_id,sender_id,title,body) VALUES ('".$to."','".$from."','".$subject."','".$message."')");

			mysql_query("UPDATE user_stats SET msgtotal = msgtotal + 1 WHERE user_id = ".$from." ");

			if($sql)
				return "<center>Message Sent</center>";
			else
				return "<center>Message could not be sent</center>";
		}
	}
	else
	{

		if($read == true)
		{
			$sql = mysql_query("INSERT INTO user_messages (recipient_id,sender_id,title,body,read_recipt) VALUES ('".$to."','".$from."','".$subject."','".$message."','1')");
		}
		else
		{
			$sql = mysql_query("INSERT INTO user_messages (recipient_id,sender_id,title,body) VALUES ('".$to."','".$from."','".$subject."','".$message."')");
		}

		mysql_query("UPDATE user_stats SET msgtotal = msgtotal + 1 WHERE user_id = ".$from." ");

		if($sql)
			return "<center>Message Sent</center>";
		else
			return "<center>Message could not be sent</center>";
	}		

}
?>

     

    		$Mail_bod = "You have recieved a new private message, you can view the entire message at <a href=\"http://www.americangangsters.org/inbox.php\">http://www.americangangsters.org/inbox.php</a>\r\n<br>The message is from ".CreateUserLink($from)." and reads \r\n<br> ".secure(substr($message,0,(strlen($message) / 2)));

     

    Here is where i call it 

    					echo "<tr><td>".$message->Send($subject,$message,GetUserID($recipient),$_SESSION['user_id'],true)."</td></tr>";

     

    There is more but i believe this is all the relevant code.

    Check whether a page is Google Cached

    in PHP Coding Help

    Posted

    This isn't the best thing to start learning PHP with but if you want to do this you will need to look into

    PHP $_GET/get

    PHP forms (if you want one)

    and then maybe file_get_contents and maybe a regex or just some string functions to search for the term in the results which say whether it is cached

    [SOLVED] Insert or UPDATE help

    in PHP Coding Help

    Posted

    change

       //Create INSERT query
   $qry = "INSERT INTO banddata(userid, bandname, genre, formed) VALUES('$userid','$bandname','$genre', '$formed' )";
   $result = @mysql_query($qry);

    to

    $sql = mysql_query("SELECT * FROM bandata WHERE user_id = '$userid'");
if(mysql_num_rows($sql) == 0)
{
   //Create INSERT query
   $qry = "INSERT INTO banddata(userid, bandname, genre, formed) VALUES('$userid','$bandname','$genre', '$formed' )";
}
else
{
   //Create update query
   $qry = "UPDATE bandata SET bandname = '$bandname', genre = '$genre', formed = '$formed' WHERE userid = '$userid'";
}
   $result = @mysql_query($qry);

    [SOLVED] Regex, or str_ireplace?

    in Regex Help

    Posted

    Same errors, this is my code

     

    $code  = preg_replace_callback('/(\[user=(.*?)\])/sim', "Get_my_ID", $code);

     

    function Get_my_ID($User)

    {

      $sql = mysql_query("SELECT id FROM user_details WHERE username = '".mysql_real_escape_string($User[2])."' LIMIT 1");

      $user = mysql_fetch_assoc($sql);

      if(mysql_num_rows($sql) != 0)

      {

          return "<a href=\"profile.php?user={$user['id']}\" target=\"_blank\">{$user['id']}</a>;";

      }else{

          return "Invalid User!";

      }

    }

     

     

    It inside a function, does that effect it?

    [SOLVED] Regex, or str_ireplace?

    in Regex Help

    Posted

    Errors

     

    07:56 am:

    Warning: preg_replace_callback() [function.preg-replace-callback]: Requires argument 2, 'GetID', to be a valid callback in /home/vheissu/public_html/includes/core.php on line 114

    07:56 am:

    Fatal error: Cannot redeclare getid() (previously declared in /home/vheissu/public_html/includes/core.php:116) in /home/vheissu/public_html/includes/core.php on line 116

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.