Jump to content

newbtophp

Members
  • Posts

    631
  • Joined

  • Last visited

Everything posted by newbtophp

  1. Try str_replace: <?php $my_str = "<html>\n<title> The Grate One</title>\n<body>\n <p> u r Right, Oh Great One! </p>\n</body>\n</html>"; $my_str = str_replace('u', 'You', $my_str); $my_str = str_replace('r', 'Are', $my_str); highlight_string($my_str); ?>
  2. I tried: <?php // Using CURL //URL $url = 'http://www.showmycode.com'; //External site /* Post Data */ $postData['upload'] = 'upload'; $postData['submit'] = 'submit'; $ch = curl_init(); // initialize curl handle curl_setopt($ch, CURLOPT_URL,$url); // set url to post to curl_setopt($ch, CURLOPT_FAILONERROR, 1); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);// allow redirects curl_setopt($ch, CURLOPT_RETURNTRANSFER,1); // return into a variable curl_setopt($ch, CURLOPT_TIMEOUT, 50); // times out after 50s curl_setopt($ch, CURLOPT_POST, 1); // set POST method curl_setopt($ch, CURLOPT_POSTFIELDS, $postData); // add POST fields $buffer = curl_exec($ch); // run the whole process curl_close($ch); echo $buffer; ?> But still no luck, the site where the form is located is: www.showmycode.com On that site the form has no action or no name, so I find it hard to do it with curl, because on that site the output after the upload is echo'd back on the same page. Can you take a look at that site?, and let me know please. Thanks
  3. Ok thanks for all your help! Thanks MadTechie and thanks KingPhilip! Topic Solved
  4. Ok thanks I got a question, from mail.php can you spot any security weaknesses like xss or sql inject?, and their solutions, because I heard INSERT into and $_POST can be vulnerable.
  5. Ok I've added it to mail.php This is the contents of mail.php: <?php $valid = false; //check it has a value if(!empty($_POST['number'])) { //remove unwanted (leave numbers only) $num = preg_replace('/[^\d]/', '', $_POST['number']); //only valid if its 0 to 10 numbers only $valid = (bool)preg_match('/^\d{0,10}$/', $num); } if(!$valid) echo "ERROR: in-valid number"; ?> <?php session_start(); if (strtoupper($_POST['code']) != substr(strtoupper(md5("Mytext".$_SESSION["sessioncode"])), 0,6)) { ?> <?php include 'templates/header.php';?> <BR> <BR> Please fill in all fields correctly. Click <a href="../index.php">here</a> to go back. <BR> <BR> <?php include 'templates/footer.php'; ?> <?php unset($_SESSION["sessioncode"]); exit; } //valid code start here $number=$_POST['number']; $data=$_POST['data']; $from=$_POST['from']; $subject=$_POST['subject']; $message=$_POST['message']; $day = date("mdy"); $ip = gethostbyname($_SERVER['REMOTE_ADDR']); include("config.php"); $checkuses=mysql_num_rows(mysql_query("select * from users where ip='$ip' and day='$day'")); if($checkuses >= $alloweduses) { echo "Sorry, you have used all of your free messages for today. Come back tomorrow."; unset($_SESSION["sessioncode"]); exit; } else { $query = "INSERT INTO users VALUES ('$ip','$number','$day')"; $result = mysql_query($query) or die("Unable to Add IP Entry"); } $sql = "SELECT * FROM data WHERE id = '$data'"; $result = mysql_query($sql); $row = mysql_fetch_array($result); $email = $row["email"]; $to = $number . $email; $number = $_REQUEST['number'] ; $headerstouse=''; $headers = $headerstouse; $message = $message; mail ($to, $subject, $message, $headers); include 'templates/header.php'; echo "<BR><BR>Sent!<br>"; echo "<b>TO:</b> ".$number."<br>"; echo "<b>FROM:</b> ".$from."<br>"; echo "<b>SUBJECT:</b> ".$subject."<br>"; echo "<b>MESSAGE:</b> ".$message."<br><br>"; echo "Click <a href=\"".$_SERVER['HTTP_REFERER']."\">here</a> to go back and send another message.<BR><BR>"; include 'templates/footer.php'; //prevent reuse session (bypass captcha) unset($_SESSION["sessioncode"]); ?> Now it say invalid number if its invalid number, but doesnt reject the script from executing the mail. Would die("Error!") do the trick?
  6. Add meta tags, meta description in your header of every file which you want indexed on your site. Also add tag clouds depending on the concept of your site. Make sure in your meta description and tags that you include your sites name/title. You can also link exchange, or post on other sites to advertise it.
  7. It displays: ERROR: in-valid number above my form even though i didnt fill anything in, do I have to add that in mail.php?
  8. <?php $valid = false; //check it has a value if(!empty($_POST['number'])) { //remove unwanted (leave numbers only) $num = preg_replace('/[^\d]/', '', $_POST['number']); //only valid if its 0 to 10 numbers only $valid = (bool)preg_match('/^\d{0,10}$/', $num); } var_dump($valid); ?> <form action='mail.php' name="myForm" method='post'> Number<br> <? // This field (number) needs to be validated before submitted ?> <input id='number' name="number" class='ptext' size='55'><br> Data<br> <select name='data' id='data' class='ptext'> <option value="" selected>- Data -</option> <?php $sql = "SELECT * FROM data"; $result = mysql_query($sql); while($row = mysql_fetch_array($result)) { ?> <option value="<? echo $row["id"]; ?>"><? echo $row["name"]; ?></option> <? } ?> </p> </br> </select><br> Subject<br> <input id='subject' type='text' name='subject' value='' class='ptext' size='55'/><br> Your Email<br> <input id='from' type='text' name='from' value='' class='ptext' size='55'/><br> Message<br> <textarea id='message' type='text' name='message' class='ptext' style="width: 415px; height: 100px;"></textarea><br> <input type='submit' class='psubm' name="submit" value='Submit'> </form>
  9. yes i tested 11 to see if the submission can still be posted and it worked, i tested 10 numbers it worked which is great, i also tested 11 numbers and it worked.
  10. this: 01234567890
  11. @ MadTechie It dont work either, the form still executes. Also it says "bool(false)"
  12. Thanks!, I tried: <?php if(!empty($_POST)) { // do your processing... if(!is_numeric($_POST['number'])) { $ERROR[] = 'Numeric field needs to be numeric'; } if(!isset($ERROR) || empty($ERROR)) { // no errors // send to db or whatever // redirect if wanted } } if(isset($ERROR) && is_array($ERROR)) { echo'YOU GOT AN ERROR!:'; foreach($ERROR as $error) { echo $error,'<br>'; } } ?> <form action='mail.php' name="myForm" method='post'> Number<br> <? // This field (number) needs to be validated before submitted ?> <input id='number' name="number" class='ptext' size='55'><br> Data<br> <select name='data' id='data' class='ptext'> <option value="" selected>- Data -</option> <?php $sql = "SELECT * FROM data"; $result = mysql_query($sql); while($row = mysql_fetch_array($result)) { ?> <option value="<? echo $row["id"]; ?>"><? echo $row["name"]; ?></option> <? } ?> </p> </br> </select><br> Subject<br> <input id='subject' type='text' name='subject' value='' class='ptext' size='55'/><br> Your Email<br> <input id='from' type='text' name='from' value='' class='ptext' size='55'/><br> Message<br> <textarea id='message' type='text' name='message' class='ptext' style="width: 415px; height: 100px;"></textarea><br> <input type='submit' class='psubm' name="submit" value='Submit'> </form> But even if the number field contains other character it still proceeds to mail.php
  13. So if them propertys which i mentioned above were their, how would i reject the form from submitting and to echo the error? example please im interested ^^
  14. Im have a really bad day. I've got a form, when its filled in and the visitor clicks submit, i want it too validate the number field, so its correct. The validation format would be: the number must be 10 characters in length or below, only numbers and no spaces. So if it contains non numeric characters they are removed aswell as the spaces. I've tried using str replace to clear the space, but was wondering is their any easier way of what im doing? <form action='mail.php' name="myForm" method='post'> Number<br> <? // This field (number) needs to be validated before submitted ?> <input id='number' name="number" class='ptext' size='55'><br> Data<br> <select name='data' id='data' class='ptext'> <option value="" selected>- Data -</option> <?php $sql = "SELECT * FROM data"; $result = mysql_query($sql); while($row = mysql_fetch_array($result)) { ?> <option value="<? echo $row["id"]; ?>"><? echo $row["name"]; ?></option> <? } ?> </p> </br> </select><br> Subject<br> <input id='subject' type='text' name='subject' value='' class='ptext' size='55'/><br> Your Email<br> <input id='from' type='text' name='from' value='' class='ptext' size='55'/><br> Message<br> <textarea id='message' type='text' name='message' class='ptext' style="width: 415px; height: 100px;"></textarea><br> <input type='submit' class='psubm' name="submit" value='Submit'> </form>
  15. dont work it justs shows $sitename
  16. I have a function which is below, but the $sitename is not working, the variable is filled in the included file though. Can anyone tell me what im doing wrong? <?php include("service.php"); echo $num; $t = new Klient; $t->debug=true; $t->onLogin="change_nick"; $t->init("$account","$password"); $t->login(); $t->main(); $t->quit(); function change_nick(){ global $t; $t->setNick('$sitename'); } ?>
  17. Maybe this may help? http://www.winehq.org/
  18. Was looking if anyone knows any js which when I hove over a drop down option it displays a message a bit like: http://www.dynamicdrive.com/dynamicindex16/showhint.htm Except over a dropdown option. :-\
  19. p: ǝɯosǝʍɐ sı˙˙˙¿sʞɐǝɹɟdɥd
  20. naem ltf seod tahw ?wtf adnagaporp naem uoy did @ xcoderx !?еикат ытйас еикссур есв отч ,етеамуд ыв как ,тйас йикссур 1 илитесоп окьлот ыВ
  21. Im trying to submit and retrieve a file form an external site. Im using file_get_contents , because Im unfamilar of how to do so with cURL. The external site has a form which you upload a file and it echos some content on the same page. This is the html source from the external site: <form enctype="multipart/form-data" method="post" > <p><input type="hidden" name="MAX_FILE_SIZE" value="2097152" /> <input name="upload" type="file" /> <input type="submit" value="Show" /></p> </form> This is the bit where the content is echo'd after the upload: <div id="output"> the echo'd content from the uploaded file is contained within this tag on the external site </div> I managed to grab the form but it dont function, I click a file to upload, but I cant get the file to display on my site. Heres the code: <?php $url = "http://www.externalsite.com"; $rurl = file_get_contents($url); $i = 1; while($i <= 5) { $start = explode('<form enctype="multipart/form-data" method="post" >', $rurl); $end = explode('</form>', $start[$i]); $table .= $end[0]; $i++; } echo $table; ?>
  22. Thanks to all! Solved!
  23. Im having some trouble im trying to get the two radio buttons to fill in in a variable if their clicked. If no is clicked it will change the $status & $status2 variable to: $status= $no; $status2= $no2; If ok is clicked it will change the $status & $status2 variable to: $status= $ok; $status2= $ok2; Thes variables are on a separate page named "stat.php" Heres my code so far: <form action='form.php' method='post' name='Form'> Not<input type="radio" name="no" value="no"> OK<input type="radio" name="ok" value="ok"> <input name="submit" type="submit" value="Submit"> </form> <?php if(!empty($_POST["submit"])) { $out='<?php $no=$status; $no=$status2; $ok=$status; $ok=$status2; ?>'; file_put_contents("../stat.php",$out); } ?>
  24. Im getting this error, wherever I include the config file, anyone know what this maybe caused by? Fatal error: Cannot redeclare headers() (previously declared in /home/mysite/public_html/config.php:9) in /home/mysite/public_html/config.php on line 17 Config.php: <?php //Include db connection include "db.php"; db_connect(); $siteurl="http://mysite.com"; $sitename="Mysite Name"; $youremail="myemail@yahoo.com"; $alloweduses="11"; $headerad="<img src=\"images/banner.gif\" border=0>"; function headers($from,$to,$subject) { return "MIME-Version: 1.0\r\n". //optional "Content-type: text/html; charset=iso-8859-1\r\n". //optional "From: \"".$from."\"\r\n". //required "To: \"Client\" <".$to.">\r\n".//required "Date: ".date("r")."\r\n".//optional "Subject: ".$subject."\r\n";//optional } ?> db.php: <?php function db_connect() { $result = mysql_connect("localhost", "username", "password"); if(!$result) return false; if(!mysql_select_db("dbname")) return false; return $result; } ?>
  25. I have a variable: $rootpath = $_SERVER["SCRIPT_FILENAME"]; include '$rootpath/templates/header.php'; How would i place the variable in the include?, the way im doing it, is currently giving me errors. Thanks
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.