corrupshun

So i was reading up on PHP the other day and read that the IP of the user can be spoofed. I only read that the z-forwarded-ip can be spoofed. My question is this: Can the IP of the user be spoofed: $_SERVER['REMOTE_ADDR']

I'm using PHP GD and everytime I upload a file I exported from photoshop/fireworks it crashes. (such as banners in .gif formats) The program basically uploads an image, resizes it based on it's height/width ratio, places it in a new location, and inserts the filename into the database to the corrosponding username. This is the info apace gave me. that may or may not be helpful.. Here's the code. Please note that apache doesn't comepltly crash, it opens a window that says it stopped running, but still runs. The php page then doesn't load. Here's the PHP: <?php function resize() { if(isset($_COOKIE['username'])) { //----------------------------------------------------------------------- //upload an image that is gif||jpg||jpeg||png && is less than 1mb //save to a temporary spot //set max height and width //get height and width of uploaded file //resize the image and save it to a new location //----------------------------------------------------------------------- //set local variables // $username = $_COOKIE['username']; $maxsize = 10*1048576; // // if(isset($_POST['submit']) && $_POST['submit'] == "Upload!") { if($maxsize > $_FILES['upload']['size']) { if(isset($_FILES['upload']['name']) && isset($_FILES['upload']['size'])) { if(isset($_FILES['upload']['type']) && ($_FILES['upload']['type'] == "image/gif") || ($_FILES['upload']['type'] == "image/jpeg") || ($_FILES['upload']['type'] == "image/pjpeg") || ($_FILES['upload']['type'] == "image/png") || ($_FILES['upload']['type'] == "image/x-png")) { if($_FILES['upload']['error'] > 0) { switch($_FILES['upload']['error']) { case 1: echo 'File is too big for the server to handle.'; break; case 2: echo 'File is bigger than the max file size.'; break; case 3: echo 'File was not uploaded fully.'; break; case 4: echo 'No file was even uploaded.'; break; }//switch }//if error else { ///////////////////SQL//////////////////// $con = mysql_connect('localhost','root'); mysql_select_db("Forum",$con); ///////////// $sql = "SELECT MAX(Avatar) FROM Users"; $query = mysql_query($sql); while($row = mysql_fetch_assoc($query)) { $max = $row['MAX(Avatar)']; } $max++; ///////////// $sql = "SELECT Avatar FROM Users WHERE Username='$username'"; $query = mysql_query($sql); while($row = mysql_fetch_assoc($query)) { $current = $row['Avatar']; } ////////////////////////////////////////// ////////////////Variables///////////////// $save = "img/avatars/{$max}.gif"; $max_h = '110'; $max_w = '110'; $name = $_FILES['upload']['name']; $type = $_FILES['upload']['type']; $temp = $_FILES['upload']['tmp_name']; $file = "uploads/$name"; $tempname = "uploads/temp.gif"; $currentav = "img/avatars/{$current}.gif"; ////////////////////////////////////////// move_uploaded_file($temp,"$file"); if($type == 'image/jpeg' || 'image/pjpeg') { $image = imagecreatefromjpeg($file); imagegif($image, $tempname); imagedestroy($image); } else if($type == 'image/png' || 'image/x-png') { $image = imagecreatefrompng($file); imagegif($image, $tempname); imagedestroy($image); } else if($type == 'image/gif') { $image = imagecreatefromgif($file); imagegif($image, $tempname); imagedestroy($image); } list($width, $height) = getimagesize($file); if($height > $width) { $ratio = $height/$width; $f_width = $max_w/$ratio; $f_height = $max_h; } else if($width > $height) { $ratio = $width/$height; $f_height = $max_h/$ratio; $f_width = $max_w; } else if($width == $height) { $f_height = $max_h; $f_width = $max_w; } $box = imagecreatetruecolor($f_width, $f_height); $image = imagecreatefromgif($tempname); imagecopyresampled($box, $image, 0, 0, 0, 0, $f_width, $f_height, $width, $height); unlink($tempname); imagegif($box, $save, 100); unlink($file); unlink($currentav); $insert = "UPDATE Users SET Avatar='$max' WHERE Username='$username'"; if(mysql_query($insert)) { echo '<div class="error">Success.</div>'; } }//else }//if upload else { echo '<div class="error">Form was submitted but nothing was uploaded..<br />'; echo "The MIME type of: {$_FILES['upload']['type']} is not currently allowed.</div>"; }//else }//if name and size isset else { echo '<div class="error">Submitted but not uploaded.</div>'; }//else }//if maxsize else { echo '<div class="error">It\'s too big.</div>'; }//else }//if submit is set else { ?> <form enctype="multipart/form-data" action="avatar.php" method="post"> <input type="hidden" name="MAX_FILE_SIZE" value="<?php echo $maxsize; ?>" /> Avatar File: <input type="file" name="upload" class="dupload" /><br /> <input type="submit" name="submit" value="Upload!" class="dsubmit" /> </form> <?php } } else { echo '<div class="error">You cannot upload an avatar while you are not logged in. <br /> Please <a href="login.php">Log-in</a> or <a href="register.php">Register</a>.</div>'; } }//end of function ?> Thank you to whomever reads this. I greatly appreciate it

I can't use sessions (as you stated), so can anbody tell me how to do this in cURL? I've always heard of it but never looked into it. Thanks!

process.php: <?php $email = $_POST['email']; header('Location: http://www.example.com'); ?> I would want process.php to take the $email variable and pass it to another page as a POST. Is this possible in conjunction with header()? Or is there another way I could do it?

thank you for the response but it didn't quite answer my question

While programming website i often wonder if I should use both sessions and cookies, just in case that the cookies are disabled. Also I was reading a php book (PHP in a Nutshell) and it said cookies are very insecure and can be edited to send false information to my server, because malicious users can edit them. I knew I could edit them but I didn't know I could hack them! Is this true? My third question is what I store in cookies when using a login script. (my current one sets the username as a cookie.) Thanks.

(this may not help..) But I think it's very well done. Didn't read previous comment, they may have said this.. but... the contact us link is broken. plus it aligns left..

make a form the has the action set to the website and the method as post..

you can use preg_replace() unfourtunately I do not know much preg_match, but now you know where to start

get rid of the submit variable, you won't be using it. replace: if ($submit) with if(isset($_POST['submit'])) this checks to see if submit is set. If it is set then it will produce 'true', if it's not true, it will be false. The 'if' statement checks to see if the condition is true or false. that's ALL it checks. If you still need more help look up booleans

I know your problem, where you have $submit = $_POST['submit']; and then if ($submit) if checks to see if it is true or false, what your putting inside it is if(submit), which won't do anything. I am assuming your making it check to see if the person submitted the page, use this: <?php if(isset($_POST['submit'])) { //do register stuff } else { //show register form } ?> And as a side note, what you have here is VERY insecure, so i'm hoping your not uploading that script somewhere. It's open to SQL Injection.

did you get an error?

Thanks!

I know that, I'm mostly asking how to check if the same IP has been to the page before, and if so, to not increment it.

I want to do it like a forum does, where everytime the page loads i could add 1 to the views in the database, while also making sure that the same IP doesn't add more than once? I know i could select the database then count it, then add it, but is there a simplier way (while implementing the same IP concept?) A link would be suffice -Aus THE BOSS

yeah, i'm using ie8. it looks FUCKED UP all the information for users to read is after the end of the page, which is probably not what it looks like on other browsers Float it. It should also be centered, that'd make me happy

If not, please tell me ways to improve Thanks! ---Forum--- >>Users ....UserID ....Username ....Date ....IP ....Email ....Password ....Level ....Posts ....Avatar >>Forums ....ForumID ....Forum ....ForumInfo ....ForumSubject ....ForumTopics ....ForumPosts >>Topics ....Username ....TopicID ....Topic ....TopicViews ....TopicReplies ....InForum >>Posts ....Username ....PostID ....Post ....PostDate ....InForum ....InTopic

I like the design but I don't think people will be willing to pay $4.50 for 15gb of space and 35gb bandwidth, because other sites allow unlimited space and unlimited bandwidth for nearly $6.00. that said, the free service looks really good! will this include php and smtp? (i'm assuming so )

How can i do this is mysql/php? I want to have pages with posts, like a forum, when ?page=1 it will show results 1-10 on ?page=2 it will show results 11-20 is it difficult? I know how to use the get method but i want to know the sql thanks!

I'm Austin, 16 years old.. I'm currently learning php in my free time so I can get a job. I sell mountain dew to currently make money. I know HTML,CSS, and want to learn all of php I suck at mysql, but I'm working on that I just created finished my first login/register script today, which is both secure and bug-free. It took me a week to finally sit down and say I'MMA DO THIS I love learning php, and i need to learn a thing or two about design! The people on this website are wicked awesome. THANK YOU to ANYONE who even read any of my posts (which there were a few) Like I said, I suck, but eventually you will all envy me

hi!

Looks really nice! (not really advice but..) where'd you learn to do the images? I can't make anything good

You could make it so it records the ip address while it is interacting with your file and when the connection is destroyed disable rights to the file for that ip address. Which I don't know how to actually put in php.. sorry i'm a failure!

thank you

hmm you could use this information to create a processor: American Express 3400 0000 0000 009 Carte Blanche 3000 0000 0000 04 Discover 6011 0000 0000 0004 Diners Club 3852 0000 0232 37 enRoute 2014 0000 0000 009 JCB 2131 0000 0000 0008 MasterCard 5500 0000 0000 0004 Solo 6334 0000 0000 0004 Switch 4903 0100 0000 0009 Visa 4111 1111 1111 1111 Laser 6304 1000 0000 0008 notice the length and pattern of each This still isn't secure, like what will you do one you get the card numbers? You pretty much have to play with the big boys if you want to get this accomplished, however