deadlyp99

There are thousands of things the person can try. Generally the filters built in php work just fine. I havn't read up on the view command, but I feel the name explains itself. Here is the thing about sql injections. It's called an injection because they find a way to insert there own code and run it on a server. In the case, sql. If there is a vulnerability, no matter what command you used, they will find a way to craft it for their needs. For instance, if they did find a way to escape the code, they could just end your old sql statement with a semi-colon and create a new one. Its all very complex, and it takes actually practicing the "cracking" tactic yourself to begin to understand it. Go to some hacking simulation game sites like hellboundhackers.org and hackthissite.org and you will learn a lot of useful things rapidly and a crash course. Much info is to be found both in the forums, and member articles. I don't condone breaking security for bad purposes, but its a good place to put some tools to better your own sites security. Good luck and have fun.

Through my years of coding, the best way to learn is to make 100 mistakes and fix them one by one. Glad to help, don't forget the solved button at the bottom of the screen

Not sure if this is the problem, but you formatted prevthreets as m-d-y, and prevThree as y-m-d, That could be the problem, but it also matters how the date is formatted in the database. I personally prefer to use the time() function instead others because you work with hard numbers and can do simple math. $prevthreets = time() - (60 * 60 * 24 * 3); // 60 seconds * 60 minutes * 24 hours * 3 days Then all that is left is to make sure the formatting of prevThree matches the datbases. If the database shows m-d-Y, giving it Y-m-d could raise errors/

This is my personal favorite for php tutorials: http://www.tizag.com/phpT/ Try it out at least

How about telling us where you heard or read about the function because google actually turns up blank on that 0.0

Use the site search button, this is a very common thing. In addition, google would have given you a very wide variety of tutorials had you looked. http://www.google.com/search?q=php+mysql+login+tutorial&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a

That is because your syntax is wrong. In php, the else statment takes no arguements, that is what the else if statment is for, but for this purpose just change that part to: <?php function unset_register_globals() { if (ini_get('register_globals')) { foreach ($GLOBALS as $key => $value) { if (!in_array($key, array('_ENV' => 1, '_GET' => 1, '_POST' => 1, '_COOKIE' => 1, '_FILES' => 1, '_SERVER' => 1, '_REQUEST' => 1, 'GLOBALS' => 1))) { unset($GLOBALS[$key]); } else { print "Unset"; } } } } unset_register_globals(); ?>

Simple. The recieving user visits a message page and page checks the user, and displays messages and the info about them You can just do some basic things: connect to database select messages table where the receiving user matches the user visiting the page (you can use sessions here) load them into an array (while ($var = mysql_fetch_array($sqlstatment) ) and display them within the while ( {echo $var[to] . " " . $var[ect]; } Does that make enough sense?

Woops, ignore that. Just add an else statement to the if. }else { echo "IF was false!\n" }

ok ad d this to the if statement: if (all the junnk){

Not that know of, I have never encountered that error. instead of having that trailing " } " inside its own php tags, try echoing all that html and keep it all in the same php tag so there isn't any disruption in the if statement. I can remember if this works off hand, but try in the while loops to add die statements as well. while ($new = mysql_fetch_array($var) or die(mysql_error)){//stuff} I think that the second fetching of an array from the same table is more likely what is causing the problem, because two while's in an If should be just fine.

Pm me your email address and I will give you code for a PTC website. Though it probably won't do any good when you think about it, the code does utilize many API's from various payment processors including paypal. IF you test out the website code and see how it goes through the payment process both in code and in the website you may find some help there. I will warn you though, the api is pretty complex to fool around with, but the callbacks are very useful because it allows paypal to verify with your website that the user has indeed purchased the item. I can also help you get in touch with the developer of the script. He is probably the best coder I have every known, though I have patched countless bugs in the scripts, but they are very good nonetheless. He does go AWAL from time to time though, weeks at a time :-\

Test it. If you see nothing, create some checks that will verify the data the code is looking for has been found, or has not. You can use a counter on the foreach to print which "revolution" of the loop it is on when and if it unsets $Globals. Adding $x = 1; after the first if statement, and: x++;echo $x; after unset $globals should do the trick. Good luck. And you could always simply add: echo $Globals[$key]; inside the second if statement.

No no no. You can code to not be exploited, sure. But never know if some Stephen Hawking brainchild cracker has found an error in a command as simple as echo or something. And believe me its not outside the realm of possibility. So the lesson is you can code to not be exploited with things you already know can be exploited, as well as some things that have the possibility to be exploited. Being cracked or exploited mean basically the same thing, but if you mean cracking a password algorithm, then yes they are different. I was referring to cracking as the term "hacking" is commonly improperly used as, though I guess political correctness doesn't really matter at all Exploiting a whole is like a tool in a crackers arsenal in the way I see the term. However lets not get in a debate on the forum, I've done way to many of those and I'd rather spend my time playing a video game or something. If you want to take it further, shoot me a pm. I don't want to make any enemies, but I did call you out didn't I? >< Damn lol. Lets instead focus on educating this guy, or at least giving him the resources to do so.

Without diving too far into the proccess of debugging, i'm going to teach you something you NEED to make a habit. mysql_query($sql) or die("Error #" . mysql_error()); Make a habit of having a number and using the "or die" with at least "mysql_error()". The "Error #" part is optional, but can help pinpoint which query is goofing up. If a query isn't going, its with good reason. Also I noticed that you are echoing outside of the while loop. Its a good idea to echo inside of it, because each round on the loop, every variable is getting assigned a new value.

OK man, you have some serious googling to do. As a former aspiring "hacker" I am telling you the best way to learn to prevent them, is to learn how the hell they work and how to use them. Steer your browser towards hackthissite.org and hellboundhackers.org. Both have basically the same web challenges, but different takes. So you may have a harder time on the same type of challenge on the different site. In addition, read all the member articles, and the forums helping on the challenges (which will point you towards many other resources). Oh and this is a free community forum, don't demand things because your not paying anyone for the information, we are just kind enough to help. Also there are instances where escaping code won't do the trick, I can't really give specifics. Cracking/security is like art. Every new case is unique and special. Its why I love programming so much. There is a thousand different ways to code things, and every programmer has his own unique footprint. Strengths and weaknesses. You will undoubtedly have some, so read up on all areas of security and web cracking, because while the applications you code may have tighter security than a bank vault, if the floor underneath has a public access shaft, then you'll find your things gone. Security takes more than the code, though thats the first thing people will look for as its one of the most common human errors, the applications that actually run your code need to be secure as well. The OS, web server, mysql server, etc etc Have a good day PS: I love security theory EDIT: and cooldude832 remove "can't be exploited" from your vocabulary, that is a fiction thing and simply does not exist. All things can be exploited, it just takes different levels of ingenuity, skill, and intuition, and most importantly... time.

To make the code more readable use a function. case "lawls": runymyfunction();

Try this out: <script type="javascript" src="/menus/galmenu.html"></script> Put it in the <head> tag. That is the modern way of including javascript. No need to use php, and in fact it would be wise not to. Why? because then there is less your server has to execute when the page is loaded, all the work gets done on the clients computer, yippie

Use a get parameter instead of having upload.php re-direct to the image page. Try havingupload.php send to imagefile.php?p=refresh, which will then send the user to imagefile.php.

So here is how I have modified the file, but I still cannot get it to work. I'll post all of my code up so everything going on is viewed. I tested the function, and it works when a propper url is inserted, but I need a way to do several things. First, I've got little clue if my use of the function in my code is correct, so some help there would be just dandy. Second, I am going to need a method to make all base url.... univerally formatted. For example, they all need to be changed to: http://www.thesite.com With the end file removed, as well as the slash. I was thinking checking the url against an array of every domain extension possible, and trimming away all strings after, is that over doing it? index.php <html> <head> <title> Web Crawler - learn </title> <style> #main { text-align: center; //display: none; } #title { text-align: center; } #url { //display: none; } </style> </head> <body id="main"> <div id="title">Web Crawler - Test</div> <a id="url" href="http://www.google.com">Google</a> <?php require("library.tpl"); include("crawl.php"); Main("http://www.jinx.com"); ?> </body> </html> Crawl.php <?php function Main($StartUrl){ $x = 1; While ($x <= 5) { //support for links without full urls if (file_get_contents($StartUrl)==FALSE){ $StartUrl = relative2absolute($LastUrl, $StartUrl); $Page = file_get_contents($StartUrl); //search string for a pattern // and store content found inside the set of parents in the array $matches preg_match('|<a.*?href="(.*?)"|is', $Page,$matches); //see what's inside $matches[1] echo '<pre>'. print_r($matches[1], true) . '</pre>'; //Go to next $StartUrl = $matches[1]; $x++; } else { //Assign page a variable $Page = file_get_contents($StartUrl); //search string for a pattern // and store content found inside the set of parents in the array $matches preg_match('|<a.*?href="(.*?)"|is', $Page,$matches); //see what's inside $matches[1] echo '<pre>'. print_r($matches[1], true) . '</pre>'; //Go to next $LastUrl = $StartUrl; $StartUrl = $matches[1]; $x++; } } } ?> library.tpl <?php function relative2absolute($absolute, $relative) { $p = @parse_url($relative); if(!$p) { //$relative is a seriously malformed URL return false; } if(isset($p["scheme"])) return $relative; $parts=(parse_url($absolute)); if(substr($relative,0,1)=='/') { $cparts = (explode("/", $relative)); array_shift($cparts); } else { if(isset($parts['path'])){ $aparts=explode('/',$parts['path']); array_pop($aparts); $aparts=array_filter($aparts); } else { $aparts=array(); } $rparts = (explode("/", $relative)); $cparts = array_merge($aparts, $rparts); foreach($cparts as $i => $part) { if($part == '.') { unset($cparts[$i]); } else if($part == '..') { unset($cparts[$i]); unset($cparts[$i-1]); } } } $path = implode("/", $cparts); $url = ''; if($parts['scheme']) { $url = "$parts[scheme]://"; } if(isset($parts['user'])) { $url .= $parts['user']; if(isset($parts['pass'])) { $url .= ":".$parts['pass']; } $url .= "@"; } if(isset($parts['host'])) { $url .= $parts['host']."/"; } $url .= $path; return $url; } ?>

I think I will be able to adapt that for my use, thanks. I'll keep this thread open just in case someone finds any simpler ways.

Anyone?

Wait I am confused what you are trying to do. You want each line to be held in a variable? if so do this: $file = file_get_contents("log.txt"); foreach ($file as $array){ echo "num".$array. = $array; } Then you should be able to manage them like an array. echo $array[1],2,3 etc

Glad to hear that, make sure to press the solved button at bottom of page

Just add these: Note: Of course you can get tricky and use arrays to make the code more compact, but its not neccisarrily needed. I believe you can use sql joins, but I havn't quite figured those out, but might as well experiment. $query = "SELECT * FROM Wood_Destroying_Insects"; $query2 = "SELECT * FROM 2"; $query3 = "SELECT * FROM 3"; $query4 = "SELECT * FROM 4"; $query5 = "SELECT * FROM 5"; $result = mysql_query($query) or die(mysql_error()); $result2 = mysql_query($query2) or die(mysql_error()); $result3 = mysql_query($query3) or die(mysql_error()); $result4 = mysql_query($query4) or die(mysql_error()); $result5 = mysql_query($query5) or die(mysql_error()); while($row = mysql_fetch_array($result)){ echo "<img src='saveimg.php?id=".$row['id']."'/>"; } while($row = mysql_fetch_array($result2)){ echo "<img src='saveimg.php?id=".$row['id']."'/>"; } while($row = mysql_fetch_array($result3)){ echo "<img src='saveimg.php?id=".$row['id']."'/>"; } while($row = mysql_fetch_array($result4)){ echo "<img src='saveimg.php?id=".$row['id']."'/>"; } while($row = mysql_fetch_array($result5)){ echo "<img src='saveimg.php?id=".$row['id']."'/>"; }