R4nk3d

ok ill try it

ok cool. thanks man. anything else you see?

so tell me if my plan will work: ill put this code into 1 file in my sources directory, then include it on top of my edit, register, and login pages. Then for the variables ill just change them to what you just typed out for me.

ok and so do i just put this at the top of the login, register, and edit scripts?

Im not exactly sure what this is doing, can u explain this to me a bit more? I see that its stripping the tags and trimming the white space. But it's kinda confusing me,

ok, i think its doin the trick now.

lol, try and edit it once more. but this is my clean function so idk why it wont escape the string: function clean($text) { $ntext=trim(mysql_real_escape_string(strip_tags($text))); return $ntext; }

ok, well either way, i do not see it being able to change the things. i think its ok now and cant get any xss in there

That doesnt change a thing, im already trimming and formatting the $_POST["user"] so if u write clean($user) its just cleaning it again.

i can assure you that i own the site. the bottom of the webpage will now say: This site is owned by R4nk3d. but here is the code anyways for the register: <?php require_once("./sources/config.inc.php"); include("sources/template_start.php"); ?> <td width="625" class="contents"><?php $user = clean($_POST["user"]); $pass = md5(clean($_POST["pass"])); $email = clean($_POST["email"]); $result = mysql_query("SELECT * FROM `users` WHERE username='".$user."'",$connection); if(mysql_num_rows($result) != 0) { ob_start(); header("Location: register.php?error=1"); ob_end_flush(); } else { $sql = "INSERT INTO users (username,password,email) VALUES ('$user','$pass','$email')"; $result = mysql_query($sql,$connection); if($result) { echo("<h1>Successful Registration</h1> You have successfully registered ".clean($user).". Welcome to Las Venturas."); $_SESSION["Username"] = $user; $_SESSION["LoggedIn"] = 1; $_SESSION["AdminLevel"] = 0; } else echo("<h1>Oops... Error!</h1> There was a server error. Please try again."); } ?> </td> </tr> </table> </div> <?php echo footer; ?> </body> </html> This is the action page.

how does that code still exist? theres nothing wrong with it.

up again, sorry, =/ went to a party last night and slept in through an hour of work lol

Ok, now its fixed. I only did it for the username and password, forgot the email. Now i tested it again, its straight

^ Fixed. I had it on the username for the login, but nothing else.

Server is up right now and will be for the next 12 hours or so Id say. Sorry for this dilemma. I'm taking it into my work after I get it all configured.

Hey guys, I just reached the 70% mark for my website for a gameserver. I would like you guys to just test it out. I want to make sure everything sorts out alright, everything shows correctly, and all of the commands work, not just for me, but for everyone else. I'll possibly be releasing this script so I'd like it to work as well as it can. Now the site is www.lvroleplay.com. The front page is [supposed to be] showing the 5 latest announcement posts from my forums(At the time there is only 1). The links are on the side. Please, if you are not going to register, or you want to use the admin panel that I've built, please use the login credentials: user - test pass - test to login as an administrator. Attempt to hack the site, do whatever you'd like to it. I have it backed up on my computer, so whatever breaks, I can replace it. I hope you enjoy. Please report any bugs. The RCON page is for the GTA server that i run. The Rcon password is 123. You will be asked that when you open the rcon page. Happy testing. P.S. For the time being, I am running this on a business server that is hosted in my home, I turn this server off at night so here are the hours the site will be accessible: Weekends: Noon-12:30PM/2:30AM. Weekdays: 6:30AM-11:30PM. Thanks for understanding.

echo it into an array: $games = array(); $i = 1; //input connection info here while($row = mysql_fetch_array($query)) { $games[$i] = $row[0]; $i ++; } Now you can call it at a later point and echo it like so: echo "Game 1: ".$games[1]; Now it could echo something like: Game 1: Halo 2

if ($username && $password) { Change that to: if (isset($username) && isset($password)) { Try that, because when you say if ($username && $password) { youre really saying if($username == 1 && $password == 1) not if they have info in them.

ok, well since i cant edit my last post, ill just say, yay. i got it working thank you

ok, and if i do that itll still return the array?

Hes looking for the script to make an mpeg (or any other vid) convert to a flash with a video player on top of it i believe.

So im making this command right now and this is what it looks like: function GetPlayerStats($sqlid,$output) { if(!isset($output)) define("outputa","\$r"); else if(isset($output)) define("outputa","\\".$output); $result = mysql_query("SELECT * FROM ".sql_users." WHERE id='".$sqlid."'"); if(!$result) return 0; if(mysql_num_rows($result) == 1) { $output = mysql_fetch_array($result); return $output; } else return 0; } So what im [attempting] to do is grab the info from a playerid in my database, get the info from it, and then output it into an array and return it. This is the format im using it in: GetPlayerStats($_SESSION["ID"],"$r"); echo($r['username']); So it echoes it right out. I want to be able to change the output so other people can change it to what they like, $row, $sql, etc. But it won't work. If you know how i can fix it please enlighten me p.s. anyone remember how to make a variable not needed in a code so i dont get the "Missing argument 2 for GetPlayerStats()" error when i dont put "$r" in the command? Thanks in advance

thats odd, my whole website is built with <input value=\"" . $r['username'] . "\">, etc. always works for me.

Oops, again. I mistyped. Heres the layout: Server Running: IIS 6 MySQL 5.0.0 My Computer Running: Samp Server So the server is running on my computer for the game, but the computer server is running the websites. So im opening a socket from 192.168.0.115(server) to 192.168.0.101(computer). But i want to check if the process is running. Thats why i open the socket for the udp port on the computer. EDIT: im having a problem with the fsockopen timeout. it wont change no matter what number i put. =/ i put 2 and it it still takes for ever to load. Whats the problem here?

use if($_GET["page"] == "page2.php") include ('inc/page2_content.php'); do the same for the rest but on the last one use: if(!isset($_GET["page"])) include('inc/index_content.php'); hope i helped