ShiloVir

<?php echo "<img src='phpthumb/phpThumb.php?src=screens/upload.php?show=".rand(11,14)."' alt=''>"; ?> Perhaps...? EDIT: I tested it on my server to find this does work. Enjoy...

http://www.phpfreaks.com/forums/index.php/topic,37442.0.html Theres a big stickie on this subject. Basicall header(); Must come before anything else.

okay. The beta for my login is over. All teh bugs are fixed... I think.. and so im marking this as solved. Ill get u guys back for the next beta I need tested. Thanks alot.... Darkfreaks.

I discovered a new bug. You can press the "Login" button without entering any information and it will automatically log you in.

Okay. I tried breaking it again with no sucess. Very good work fixing the bug. I couldnt access the admin panel myself. Altho when u post a message you shouldnt have the option to choose a name because anyone can wrote "Admin" under the name field and make it look like you are the one posting the message.

Im really sorry about that dude. Just clear the MySQL table and you should be fine. Thats what u get when u ask people to test out your site. lol. But seriously. u gotta disable HTML from that site dude.

Sorry, did I break your site? http://www.mzbservices.com/show_post.php?id=46

print and echo are same things. But Print is a function. So it can be used in things like" <?php if(file_exists("require/blablabla.php")){ include("require/blablabla.php") or print ("Zomg00sh. I Screwed up. The file isnt here!"); } ?> while on the other hand. Echo wouldnt work because it isnt a function. The following code will not work: <?php if(file_exists("require/blablabla.php")){ include("require/blablabla.php") or echo "Zomg00sh. I Screwed up. The file isnt here!"; } ?>

or to make things really complicated. wouldnt this not work? <?php // Function: function nls2p($str) { return str_replace('<p></p>', '', '<p>' . preg_replace('#([\r\n]\s*?[\r\n]){2,}#', '</p>$0<p>', $str) . '</p>'); } // In Context: <?php echo nl2br(nls2p("Paragraph1\n\nParagraph2\n line1\n line2\n")); ?> ?>

The website is down. Error 404 >.<

Files for internet are "/" while files on a server are "\" If your trying to get all on the server try "\"

im sorry. But looking at this script it is very unsecure. It looks like a 5 year old wrote it. I would strongly advise you NOT to upload this to your webserver because if you do people will start uploading random garbage and even upload stuff that has the exec(); function in it and they will start to mess up your server. Just a warning...

PAGE1.PHP: <?php session_start(); $_SESSION["var"] = 'hello world'; ?> PAGE2.PHP <?php session_start(); echo $_SESSION["var"]; ?> I dont understand why its not being passed??? Double check u got session_start(); at top of each page with the session data.

lol, yah

Exactly how many times did you get timebanned?

haha, It lasts 30 minutes. wow. Thats actually kinda funny you got yourself timebanned. lol

Just out of curiosity, What program are you using to check the website?

as for the Session_id: I can fix it. no problem there. In fact I will restrict access from the ini file. Im at school right now so ill do it at a later time. as far as the restricted access to the inependant directories, I do have access set. I simply deleted the index.php files and the htaccess file for purpose of this demo.

W00t! Huess what I jus' got in the mail! Nvidia 780i and an 8800gtx! Ill be offline for like 2 hours whilist' I set it up!

Out of curiousity. What program do you use for making the mockups. I use Illustrator CS4 personally. but some people are more into fireworks and Photoshop. so whats your poison, ooh. I mean program hah? and Btw: I like mockup 7 personally

haha. Found my first problem, Its Case-Sensitive on the password. Ill fix that now. But for this part try using password betauser (No caps) EDIT: Okay, I fixed it. Its no longer case Sensitive, Sorry about that. My Fault

http://24.76.126.7/ I know the design isnt great. I made the table layout in like 5 minutes. Im not looking for design critism tho. Im looking for people to attempt to XSS my Login script. Even try going to page source and editing the login, trying to shove SQL injection in there somewhere. Just pls. Dont drop my databases. All IP addr's are logged so if you do notice a bug dont take advantage of it. Some directories you may find of interest are: http://24.76.126.7/images http://24.76.126.7/require http://24.76.126.7/pages as of now for this, I have removed the index.php file from these directories and I even removed the .htaccess file. So have fun guys. ID: SVA Call: 001 Password: Betauser

sorry, I dont understand. Why dont you use the same logic that you used in your C++ game. If I can see the logic you wrote in the C++ I would happily translate it into PHP.

on one page make a MD5 checksum, and when u load a form u gotta check that MD5 and make sure it is equal to the previous one set. u gotta make the MD5 change each time the page is changed. when the browser is closed the MD5 expires. if u leave the page the MD5 changes. make sure the form is checking for the MD5 somewhere and you should be fine

<?php $delete="DELETE FROM `users` WHERE 'username' = ".mysql_real_escape_string($username)." OR 'email' = ".mysql_real_escape_string($email).""; ?> That should work.