Stephen

Ah okay. Try creating a new user with all permissions for that database and connect to that user instead.

You connect with host, username, password. Not host, password, username.

There is no variable $userName.

Orio accidentily mis-spelled "comments" xD $email_comments = "Dear Customer, Thank you for placing an order for RPL file. Your order was processed successfully. Please find the zip file attached to this mail which contains both original Nokia and NSS files."; if(strpos($email_comments, "processed successfully") !== FALSE) echo "It was processed successfully"; else echo "It wasn't processed successfully"; Try that.

He's asking people to find vulnerability's so he can fix it.

You need to read the image file, and before that set the header to the correct content-type (i.e. image/png)

Mine looks for a file from 0.ask on until it finds one.

null is nothing, but you were just doing "!= " to check for that I believe.

If you mean searching for a file name from 0 going up, then try this: <?php $i=0; do { if (file_exists($i.".ask")) { echo("Found file: ".$i.".ask"); } $i+=1; } while (!file_exists($i.".ask")); ?>

<?php require("config.php"); require("functions.php"); if(pf_check_number($_GET['id']) == TRUE) { $validid = $_GET['id']; } else { header("Location: " . config_basedir . "/index.php"); } require("header.php"); $sql = "SELECT * FROM stories WHERE id = " . $validid . ";"; $result = mysql_query($sql); $row = mysql_fetch_assoc($result); echo "<h1>" . $row['subject'] . "</h1>"; echo date("D jS F Y g:i A", strtotime($row['dateposted'])) . "<br />"; echo nl2br($row['body']); $avgsql = "SELECT COUNT(id) AS number, AVG(rating) AS avg FROM ratings WHERE story_id = " . $validid . ";"; $avgresult = mysql_query($avgsql); $avgrow = mysql_fetch_assoc($avgresult); echo "<p>"; echo "<strong>Rating</strong> "; if($avgrow['number'] == 0) { echo "No Ratings!"; } else { $a = (round($avgrow['avg'] * 2) / 2) . "<br>"; $a *= 10; } if($a%5 == 0 && $a%10 != null) { /// line 38 $range = ($a / 10) - 0.5; } else { $range = $a / 10; } for($i=1;$i<=$range;$i++) { echo "<img src='" . $config_basedir . "img/full.gif'>"; } if($a%5 == 0 && $a%10 != null ) { echo "<img src='" . $config_basedir . "img/half.gif'>"; } $a = $a / 10; $remain = 10 - $a; for($r=1;$r<=$remain;$r++) { echo "<img src='" . $config_basedir . "img/none.gif'>"; } { echo "<br />"; echo "<strong>Rate this story</strong>: "; if($_SESSION['SESS_USERNAME']) { for($i=1;$i<=10;$i++) { echo "<a href='ratestroy.php?id=" . $validid . "&rating=" . $i . "'>" . $i . "</a> "; } } else { echo "To vote, please <a href='userlogin.php'>log in</a>."; } echo "</p>"; require("footer.php"); ?> Try that now. I added null to the last bit.

<? $db_name = "auth_users"; $table_name = "site_members"; $connection =@mysql_connect("server","user","pass") or die(mysql_error()); $db = @mysql_select_db($db_name,$connection) or die(mysql_error()); $sql = "SELECT * FROM $table_name WHERE username = '$_POST[username]' AND password = '".md5($_POST[password])."'"; $result =@mysql_query($sql,$connection) or die(mysql_error()); $user_info = mysql_fetch_array($result); $num = mysql_num_rows($result); if (isset($_POST['submit_login'])) { $username = $_POST['username']; $password = md5($_POST['password']); $result = mysql_query("SELECT * FROM $table_name WHERE username='$username'",$connection); if(mysql_num_rows($result)>0) { $row = mysql_fetch_array($result); if($password == $row["password"]) { echo "Logged in"; } else { print '<p>The password you entered is incorrect.</p>'; print '<span id="regLinks"><a href=../login.htm>Click here to try again.</a>'; exit(); } } else { print '<p>The username you entered does not exist. Note:(Username is your email address)</p>'; print '<span id="regLinks"><a href=../login.htm>Click here to try again.</a>'; exit(); } } ?> I fixed one part of it (where it says $sql="SELECT * etc.") Make sure when someone registers it makes there password md5 in the database (check the database and make sure its encrypted).

Well even if cron didn't work it should still insert. Find: $sql="insert into cron(time,value) values('$time','$value')"; Replace: $sql="INSERT INTO cron VALUES('$time','$value')"; Make sure cron is the correct table.

Can you post the ZipArchive class? (more importantly I guess the extractTo function). EDIT: And also try chmodding the directory to 777... when you right click the folder in FTP it should give the option to CHMOD. Just type in 777.

Try removing "?gid=280330120" and see what it does.

Taken from http://www.unix.com/unix-dummies-questions-answers/37379-using-php-script-crontab-noob.html

Now I'm trying to do it more like this: //Checks if hours is less than 24, minutes less than 60, and seconds less than 60. if (hours<24 && minutes<60 && seconds<60) { return true; //Returns true if the above statement is true. } else { return false; //Returns false if the above statement is false. } Using tab makes it easier to intend for me. Comments I'm not really into the habit still.

Try doing <?php $user = new user; $usersonline = $user->users_online(); echo $usersonline; ?>

You could try doing: mysql_query("UPDATE table SET column=''");

Do like $con=mysql_connect("host","user","pass"); mysql_select_db("db",$con); $one=mysql_query("SELECT * FROM users WHERE username='".$_POST["username"]."'"); $two=mysql_num_rows($one); if ($two!==0) { echo("Name taken."); } else { echo("Name avaliable."); } Assuming your form with the username is named "username" and its POST.

By the way Warp, I remember your name from GMC.

Someone else did this too, but I just put in <script>alert("Test")</script> and it works. All I did was download the source (view source then c+p), edited out the stripTags js and made the max length bigger. Make sure stripping tags isn't done client-side.

filetype doesn't return the content-type you're looking for I believe. "Returns the type of the file. Possible values are fifo, char, dir, block, link, file, socket and unknown. " You could try using mime_content_type or finfo_file

That wouldn't check if it's an array or not though.

For the home page you could try putting: ini_set('session.gc_maxlifetime', 10); session_start(); if (!isset($_SESSION['session_name'])) { header ("Location: index.php"); } else { header ("Location: home.php"); } exit;

Remember what you said in your sig? <.< Make sure you have a table profile and columns status & username