turkman

Hey i tried to post my site in the test your site place before but it took days to be approved and by then i had removed my site to work on it. ive uploaded it again and its not close to finished... you will notice the buttons in the posts for rage, quote and cite dont work but its a work in progress, was wondering if you could have a look and tell me if there are any security riskys or bugs with the site that are major http://abbs.imgboard.co.uk

i got it fixed... i was calling in the html include before i tried to set the cookie, thats what was causing the problem. i didnt realise cookies had to be set before any html was loaded.

oh thats displaying errors now the error i get is Warning: Cannot modify header information - headers already sent by (output started at /home/imgboard/public_html/mushphp/includes/top.php:9) in /home/imgboard/public_html/mushphp/includes/functions.php on line 706 which corresponds with the the code i posted above the setcookie() line... whats causing the error?

i dont think so, there is no real error reporting... i wrote this on my wamp server and transfered it to my webserver, works fine on wamp but on my webserver its not working at all. is there a way to change it?

in my index page the first thing i do is call set_id(); this is the code for set_id function set_id(){ add_notice("in set id"); if(isset($_COOKIE['supercookie'])){ $v =$_COOKIE['supercookie']; //update cookie setcookie("supercookie",$v,time() + 60 * 60 * 24 * 365); add_notice("cookie was set"); } else{ $charlist = "abcdefghijklmnopqrstuvwxyz0123456789"; $c = ""; for($i = 0; $i < 25; $i++ ){ $r = rand() % strlen($charlist); $c .= $charlist[$r]; } add_notice("Tried to create cookie: $c"); setcookie("supercookie",$c,time() + 60 * 60 * 24 * 365); addaction(9,"Set New id."); } } no matter how many times i refresh the page - it still doesnt register when i test for cookies if(isset($_COOKIE('supercookie'))) i set my site up, its anonymous but it keeps track of people for bans etc using cookies, but no matter what browser i try it in cookies dont work and i set my site up for safety reasons that you could only try to log in to the admin area if you had a cookie, so i cant even get into the admin area of my site. i dont know why this wont work.

like my current one right now. Its got to the point where i have so much functions and files that to change or add something takes alot of effort. a few questions. is it better to have many files... i.e a file for each set of functions - so they are all stored together or is it better to keep all your functions in one file which may become cluttered? Do you build all the php functionality first... then after that is complete do you add the html or do you do it together? I tend to do it together but now for example, i was thinking of adding a quote button to my forum - but because of the way i have written it - id have to edit code in the following functions get_stickies_notmal get_stickies_mod get_threads_normal get_threads_mod show_thread_normal show_thread_mod It gets to the point where its soul destroying if you want to make a change. I would also like to get some advice on a site settings page. i.e you have a page of settings like Site Title [input box] Site Max threads [input box] etc [submit button] where it updates all the info.... this is a long post but im just looking info on how to better plan and layout my projects to make them easier to add too.

im having some probelms and my technical support people on my hosting dont seem to be able to work it out either i wrote some php site code and made an installer with it... the installer runs and creates 11 tables... 10 of these tables can be read and written too... however one table named b wont let me do an insert on it i get the error in the title... now the same mysql user installed the tables and has full permissions for all tables in that database but when i try to instert something into this one table it doesnt work here is how i wrote the table in the installer $var1 = "CREATE TABLE IF NOT EXISTS b (ID int NOT NULL Auto_Increment,Replytoo int,image varchar(200), title varchar(100),message text,Lastpost DATETIME ,IPaddrr varchar(80),`by` varchar(100), status varchar(50), sticky varchar(50), scookie varchar(50), lv int, PRIMARY KEY (ID))"; again i repeat the mysql user has full permissions for the database and can insert into any other table apart from this one

would it be possible to use sessions store their last post time and have it time out .. i.e give it a time to live type of thing?

nothing its an anonymous posting site.... i was just trying to stop spam... its not online yet, having a problem with the hosting now

i dont understand whats going on. This always worked before... everytime someone makes a post i set a cookie setcookie("Postflood",$ip,time()+POST_FLOOD); post_flood is declared in globals as 30 - i.e 30 seconds between posts. then when you go to make another post it does an isset($_COOKIE['postflood']) even under 30 seconds it still doesnt see the cookie as having been set.... im not sure why this doesnt work?

i changed it to this, now it works $validExtensions = array("png", "gif", "jpeg", "jpg", "bmp"); $ext = end(explode(".",$_FILES["image"]["name"])); $ext2= strtolower($ext); add_notice("Extension was $ext"); if ((($_FILES["image"]["type"] == "image/gif") || ($_FILES["image"]["type"] == "image/jpeg") || ($_FILES["image"]["type"] == "image/pjpeg") || ($_FILES["image"]["type"] == "image/bmp") || ($_FILES["image"]["type"] == "image/png")) && ($_FILES["image"]["size"] < 3000000) && in_array($ext2,$validExtensions)) {

mattall your code runs ok... however when i upload a genunie image it believes its not an image... i assume its to do with this line in_array(strtolower(end(explode(".", $FILES['image']['name']))), $validExtensions)) but im not really sure about whats happening here... is there a way of doing this so it can print out what its comparing so i can see where its going wrong?

i built a website on wamp and was using header(Location:index.php); for example to redirect but when i uploaded it to a website this didnt work as info had already been written... so i changed and used echo "<script>location.href='../index.php'</script>."; this worked on the website... but doesnt work on wamp and creates a parse error... as ill be building the site and fixing it locally... ideally id want something that works on both, but this clearly doesnt and i dont understand why ??

thanks for the help guys... i was really surprised how easy it was to mess up a website

would that be 644 ?

ok... thanks for that, i was led to believe there was a getimagesize function that could somehow stop it. i've been looking at the info for it and i cant work out how though. so i need to set the image folder permissions to read only?

i wrote a site and was trying to make a site where images could be uploaded like an imageboard... i knew it was scrappy and probably had bugs so asked some people to try and exploit it which they did within minutes... they had uploaded exe's and executed php scrips etc... they said they faked mime types - im not really sure what that means... i just need a fullproof way of checking that the content really is an image this is what i was using f ((($_FILES["image"]["type"] == "image/gif") || ($_FILES["image"]["type"] == "image/jpeg") || ($_FILES["image"]["type"] == "image/pjpeg") || ($_FILES["image"]["type"] == "image/bmp") || ($_FILES["image"]["type"] == "image/png")) && ($_FILES["image"]["size"] < 3000000)) { $dt = date('Hismdy'); $ns = $dt.$_FILES["image"]["name"]; $_FILES["image"]["name"] = $ns; if (file_exists("images/" . $_FILES["image"]["name"])) { echo $_FILES["file"]["name"] . " already exists. "; } else { move_uploaded_file($_FILES["image"]["tmp_name"], "images/" . $_FILES["image"]["name"]); }

i was giving the admin an option to show all options withing the last hour/day/week etc which he selects from a dropdown list.

i have a datetime colum in my mysql table and every time i enter a record i populate it with NOW(); if i do $v strtotime("-1 Hour"); then compare the two it doesn't work... i assume strtotime isnt comparable with a datetime filed? Is it comparable with a timestamp field?

sorry my mistake.

my admin functions are in /admin/adminstuff.php my images are in /images/imagename.jpg in adminstuff im making a string "../images/imagename.jpg" then putting it into unset, however it doesnt delete the image. Any ideas?

How would i code this? Say i have alot of different threads and pages and i want to say for eg 2 entries since last visit... I'm not sure how i would do this, i know strtotime() and then compare the times but how do i store the last time i visited every page/thread etc i want to apply this on.

Hey im making a forum and when people enter posts it strips the html... i do however want to give people the option of linking to an earlier post. i.e say the post reference was 10001 in their post they could type #10001 and the php would recognise the # as wanting to make a link and would change it to <a href = '#10001'>#10001</a> Is this easily done?

each row has a laspost datetime - was wondering if there is an easy way in php mysql of checking all the records and only selecting ones that had been added that day?

I'm wondering if its possible to get a record of all but the 100 most recent entries using the a lastpost datetime() i.e SELECT * FROM table WHERE replytoo = '0' ORDER BY Lastpost desc LIMIT(100,1000) so this query would put the most recently posted records on top then ignore the first 100 and extract 100 to 1000 for example ?? Can you use limit like this?