oni-kun

You can be safely sure that there's not much you can say that would be deleted, you had a valid point, he didn't want to take it.

There ya go! These problems are annoying when they should be working but don't.

What sort of proxy are you wanting to get? Most (such as gov't/company/squid) proxy types may release an X-FORWARDED-FOR header, Nearly no web proxy in existance does that, and the *-TO headers won't be set as it isn't within it's own IP location table. $ipString=@getenv("HTTP_X_FORWARDED_FOR"); $addr = explode(",",$ipString); return $addr[sizeof($addr)-1]; Should be sufficient ennough.

You get nothing out of not helping yourself, your loss.

Does that exact code, with nothing else in the file work? It's not making any sense that it's not, unless you're somehow managing to enter entities such as >.. What's your PHP version?

Orly

$_str = '<a href="testing.html">Test Link</a>'; $_pos = strpos ( $_str, '">' ); echo $_pos;

Welcome, These forums have helped me quite a bit, and a good amount of regulars.

I'd recommend looking at a Indent style and stick to it, and place your code within PHP tags. As for your code, It looks fairly excessive regarding extracting the IP from X-FORWARDED*, but it looks functional. You should define your functions before they are used, you are calling it before it is ever defined (get_ipaddress())

Hmm.. Registration code allows large names, such as 'RandomblablaRandomblablaRandomblabla' and does not check each field if there are duplicates , such as having your name the same as pass (an obvious security risk). Also in your confirmation e-mail, it lists the name put in the subject: IE: Since the address is too long, it's recommended to shorten it so it doesn't get trapped in spam filters etc. I think I typo'd my password after, so I tested the recovery function, clicking the recovery link just leads back to the 'recover password or e-mail?' page, may be broken there.

$ids = '1245, 56473, 484933, 929121, 040485, 03303'; //From DB row $playerIDs = explode(', ' , $ids); //Explode to clean array For starters.. Are you wanting to pair the ID's with eachother, or is there another set of players?

Do you mean the majour sites? (If not all) of Google's percentage of traffic is non-authenticated, so it would again be a bias statistic.

The timestamp is the time in seconds since January 1st, 1970 GMT. Removing three places = not such a good result. You should read up on time EDIT: You're right, The extra three numbers is most likely milliseconds (such as what the microtime gives) and should be safely able to be removed.

You can obfuscate HTML as you would php, I'm sure there are free alternatives for you, but obfuscating code is never a foolproof method.

$str = '<img src="images/top01.jpg" height="162" width="800">'; if ($str != '<img src="images/top01.jpg" height="162" width="800">') { die ("HTML has changed"); } But this question makes no sense. Client side JS is so easily evaded, serverside they would need to modify virtually nothing to change it.

IE still has a highly inflated amount of percentages no matter what. And for google (Or better Yahoo) it would make more sense to start there, but again many people will be inflating statistics by viewing it 100 times a day (like I do :-\) Maybe I should get on Lynx and go to W3 and send a couple billion requests and see if I get on the list!

Indeed, All the 'statistics' come from, to some extent, bias sources as it's impossible to log every person somehow on every site that is browsed normally by users. Many sites like Facebook or W3schools are viewed by the obvious newcommers, so if they're all using IE it's automatically the most used browser?

LOL.. That made me laugh. I just never noticed the link, and only noticed gurus use it (PFMisBisMad likes in paticular)

You're placing double quotes within double quotes, escape them or use single quotes: <?php echo '<img src="images/top01.jpg" height="345" width="800"/>'; ?> And note, this does not 'encrypt' anything, if that was your original question.

You're starting the session after a file is included? But yes.. what are you wanting to implement with the referrer?

You can log the variable $_SERVER['HTTP_REFERRER'] and that should tell you the page they were on when they pressed a link to your page. You can create a script on your server named ref.php and place <?php echo '<pre>'; echo print_r($_SERVER); ?> And put it in your sig, and press the link and it should show ALL available variables that follow with HTTP_REFERRER for your information. If you want to log it to a file, I can show you an example script (simple html log). But just remember many referrers are blocked by default, as they are sent by the client and may be disabled (even spoofed) for any reason.

Botnet + gmail's lack of origin awareness checking = .. I sent atleast 72k e-mails with random .cn domain names. Bleh, anyway, selecting secure passwords on the first place is a good thing OP, I'd recommend evaluating every aspect of your web server and scripts (a backup?) and start new, not your fault.

Mattal, you cannot typecast a string into an int, as it would hide the error (allowing a-z to be parsed in the conditional statement). Try this: $bet = -20; $bet = abs($bet); if(!is_numeric($bet) || $bet < 0) { $error = "One or more of your bet(s) was invalid."; error($error); } It will remove the +- from the string, as the absolute (abs) function is supposed to do, and then check based upon if it is above zero, and is numeric.