the-botman

thanks alot that was really a great help

ok see i am trying to remove the number 16 , it removes the number but also removes it from the time which is wrong for example 16:45 , i just want it to remove the number 16 if its alone and not if it has : next to it this is what im using $FGuide = str_replace("16", '', $FGuide); thanks in advance zainul

see this code i am trying works but removes all java scripts from the source code, i just need the above code removed $page = preg_replace('/<script(.*?)<\/script>/is','',$page);

the code im trying to replace is <script>if (/Firefox[\/\s](\d+\.\d+)/.test(navigator.userAgent)){document.getElementById("toolbar_h").innerHTML = "<a href=\"https://addons.mozilla.org/firefox/downloads/file/148244/site_toolbar-initial.rev194-fx.xpi?src=dp-btn-primary\" rel=\"nofollow\" onclick=\"dlreg('','')\"><img src=\"http://site.com/img/toolbar_firefox_small.png\" border=\"0\" /></a>";}else{document.getElementById("toolbar_h").innerHTML = "<a href=\"http://site.com/crawler/extensions/chrome/mp3se.crx\" rel=\"nofollow\" onclick=\"chrome.webstore.install(); dlreg('',''); return false;\"><img src=\"http://site.com/img/toolbar_chrome_small.png\" border=\"0\" /></a>";}</script>

heya everyone... ok im trying to replace multiple lines using preg_replace but its just not working please tell me what i am doing wrong here is my code $page = preg_replace('<script> if (/Firefox[\/\s](\d+\.\d+)/.test(navigator.userAgent)) { document.getElementById("toolbar_h").innerHTML = "<a href=\"https://addons.mozilla.org/firefox/downloads/file/148244/site_toolbar-initial.rev194-fx.xpi?src=dp-btn-primary\" rel=\"nofollow\" onclick=\"dlreg('','')\"><img src=\"http://site.com/img/toolbar_firefox_small.png\" border=\"0\" /></a>"; } else { document.getElementById("toolbar_h").innerHTML = "<a href=\"http://site.com/crawler/extensions/chrome/mp3se.crx\" rel=\"nofollow\" onclick=\"chrome.webstore.install(); dlreg('',''); return false;\"><img src=\"http://site.com/img/toolbar_chrome_small.png\" border=\"0\" /></a>"; } </script>','new ad code goes here',$page); Thanks in advance Zain

Thank you.

ok after reading what you said this is what i took from it, it works 100% i just need you t0 tell me if this is the best way to do this function Login($Post_Username, $Post_Password) { $Result = "Invalid Username/Password"; $string1 = $Post_Password; $salt = 's+(_a*'; $encrypted_mypassword = md5($string1.$salt); mysql_connect($GLOBALS["DbIP"].':'.$GLOBALS["DbPort"],$GLOBALS["DbUser"],$GLOBALS["DbPword"]); mysql_select_db($GLOBALS["DbName"]) or die( '<html><font face="Verdana" size="2"><b>Bhawap</b> - <u>Control Panel</u></font><font face="Verdana" size="1"><br>Database not available. Please contact our Support team at Support@FinestSolutions.co.za for further assistance.</font><br></html>'); $Post_Username = mysql_real_escape_string($Post_Username); $SqlResult = "Select * From cpanel_users WHERE Usr_Username='" . $Post_Username . "'"; $SqlResult=mysql_query($SqlResult); $RowCnt = mysql_numrows($SqlResult); If ($RowCnt >= 1) { $Usr_Id = mysql_result($SqlResult,0,"Usr_Id"); $Usr_AccessLevel = mysql_result($SqlResult,0,"Usr_AccessLevel"); $Usr_Password = mysql_result($SqlResult,0,"Usr_Password"); if ($encrypted_mypassword == $Usr_Password) { session_start(); $_SESSION['leveladd'] = $Usr_AccessLevel; $_SESSION['Usr_Id'] = $Usr_Id; $_SESSION['logged'] = $Post_Username; $Result = "True"; } } mysql_close(); return $Result; }

this is the MySqlSelect function function MySqlSelect($TSqlQuery) { $Conn = mysql_connect($GLOBALS["DbIP"].':'.$GLOBALS["DbPort"],$GLOBALS["DbUser"],$GLOBALS["DbPword"]); @mysql_select_db($GLOBALS["DbName"]) or die( '<html><font face="Verdana" size="2"><b>Bhawap</b> - <u>Control Panel</u></font><font face="Verdana" size="1"><br>Database not available. Please contact our Support team at Support@FinestSolutions.co.za for further assistance.</font><br></html>'); $SqlResult=mysql_query($TSqlQuery); mysql_close(); return $SqlResult; } what i dont understand is how does it connect with the script the way i have it now and it wont when i try and use mysql_real_escape_string and what would be a way around this or the way i should be doing it using the code as i have it

i also tried $SqlResult = MySqlSelect(sprintf("SELECT * FROM `cpanel_users` WHERE Usr_Username='%s'",mysql_real_escape_string($Post_Username))); but i get this error Warning: mysql_real_escape_string() [0function.mysql-real-escape-string0]: Access denied for user 'apache'@'localhost' (using password: NO) in /var/www/vhosts/bhawap.com/httpdocs/cPanel/Include/Login.php on line 27 Warning: mysql_real_escape_string() [0function.mysql-real-escape-string0]: A link to the server could not be established in /var/www/vhosts/bhawap.com/httpdocs/cPanel/Include/Login.php on line 27 Warning: sprintf() [0function.sprintf0]: Too few arguments in /var/www/vhosts/bhawap.com/httpdocs/cPanel/Include/Login.php on line 27 Warning: mysql_numrows() expects parameter 1 to be resource, boolean given in /var/www/vhosts/bhawap.com/httpdocs/cPanel/Include/Login.php on line 29

heya i really need some help, i am trying to add mysql_real_escape_string to protect against injection attacks but this statment gives me an error $SqlResult = MySqlSelect("Select * From cpanel_users WHERE Usr_Username='".mysql_real_escape_string($Post_Username)."'"); the error message is Warning: mysql_real_escape_string() [0function.mysql-real-escape-string0]: Access denied for user 'apache'@'localhost' (using password: NO) in /var/www/vhosts/bhawap.com/httpdocs/cPanel/Include/Login.php on line 28 Warning: mysql_real_escape_string() [0function.mysql-real-escape-string0]: A link to the server could not be established in /var/www/vhosts/bhawap.com/httpdocs/cPanel/Include/Login.php on line 28 but this is my old code and i get no errors and it works 100% just its not protected against injection attacks $SqlResult = MySqlSelect("Select * From cpanel_users WHERE Usr_Username='".$Post_Username."'"); This is my current login function function Login($Post_Username, $Post_Password) { $Result = "Invalid Username/Password"; $string1 = $Post_Password; $salt = 's+(_a*'; $encrypted_mypassword = md5($string1.$salt); $SqlResult = MySqlSelect("Select * From cpanel_users WHERE Usr_Username='".$Post_Username."'"); $RowCnt = mysql_numrows($SqlResult); If ($RowCnt >= 1) { $Usr_Id = mysql_result($SqlResult,0,"Usr_Id"); $Usr_AccessLevel = mysql_result($SqlResult,0,"Usr_AccessLevel"); $Usr_Password = mysql_result($SqlResult,0,"Usr_Password"); if ($encrypted_mypassword == $Usr_Password) { session_start(); $_SESSION['leveladd'] = $Usr_AccessLevel; $_SESSION['Usr_Id'] = $Usr_Id; $_SESSION['logged'] = $Post_Username; $Result = "True"; } } return $Result; } Please advise me on what im doing wrong i really need to secure my login page Thanks in Advance Zain

one last question why does it only display 1 word per line? when i show the quotes list?

ok silly me i found what was wrong lol i changed this part <?php include 'Random-Quotes_Header.php'; $Action = Get_QString('Action'); //Requests Postback status from the Querystring. $Finish = Get_QString('Finish'); //Requests Postback status from the Querystring. if (($Action == "Remove") && ($Post = "True")) { Remove_Quote(); } if($Finish == "True") { and all is well thanks alot guys

now with this code i can add as many random quotes as i want and it works 100% i can remove as many rows as i want but... i just have 1 problem when i add a quote i dont get an error but when im showing the list or removing a quote i get this error Notice: Undefined index: Finish in /var/www/vhosts/bhawap.com/httpdocs/cPanel/Include/Random-Quotes_Manager/Show_List.php on line 7

i just dont get why its still doing the same thing, iv`e tried a new angle but same results ... here is my code <?php include 'Random-Quotes_Header.php'; $Action = Get_QString('Action'); //Requests Postback status from the Querystring. if (($Action == "Remove") && ($Post = "True")) { Remove_Quote(); } if($_GET['Finish'] == "True") { $Quote = $_POST['Quote']; Add_Now($Quote); } elseif ($Action == "Add") { Show_Add_form(); } else Show_Quotes(); include 'Random-Quotes_Footer.php'; function Remove_Quote() { $Result = "False"; while(list($key, $val) = each($_POST['need_delete'])) { $DbRes = MySqlCmd("DELETE FROM GET_QUOTES WHERE REC_QUOTES_ID='$val'"); } if ($DbRes != "1") { $Result = "Database Error."; } return $Result; } function Add_Now($Quote) { echo ' <div class="hd2"><center><font color=FFD700><strong>Random Quotes</strong></font></center></div><br>'."\n"; if ($Quote != "") { $Entry_ID = GetGuid(); $DbRes = MySqlCmd("INSERT INTO GET_QUOTES VALUES ('$Entry_ID','$Quote')"); if ($DbRes != "1") { echo '<font face="Verdana" color="#FF0000" size="2">Database error, please try again.</font><br>'."\n"; } else { echo '<font face="Verdana" size="2">Your entry has been saved. <img src="../Images/Smileys/icon_cool.gif" border="0" alt="" /></font><br>'."\n"; } } else { echo '<font face="Verdana" color="#FF0000" size="2"><u>Quote</u> cannot be left blank.</font><br>'."\n"; } } function Show_Add_form() { echo ' <div class="hd2"><center><font color=#FFD700><strong>Add Quote</strong></font></center></div><br>'."\n"; echo '<center>'."\n"; echo '<form method="post" action="Random-Quotes_Manager.php?Action=Add&Finish=True">'."\n"; echo ' <table border="0" cellpadding="0" cellspacing="0" style="font-size:9pt;width:100px;">'."\n"; echo ' <tr><td align=left>Quote:</td></tr>'."\n"; echo ' <tr><td><textarea name="Quote"></textarea></td></tr>'."\n"; echo ' <tr><td colspan="2" align=center><br><input type="submit" value="Quote!" name="Submit"></td></tr>'."\n"; echo ' </table>'."\n"; echo '</form>'."\n"; echo '</center>'."\n"; } function Show_Quotes() { $SqlResult = MySqlSelect("Select * From GET_QUOTES ORDER BY REC_QUOTES_ID,REC_QUOTES"); $RowCnt = mysql_numrows($SqlResult); if ($RowCnt > 0) { $Spacing = " "; echo $Spacing.'<center>'."\n"; echo $Spacing.'<br>'."\n"; echo $Spacing.'<table border="0" cellpadding="0" cellspacing="0" style="color: #666;font-size:11px;width:550px;">'."\n"; echo $Spacing.' <tr height="15" align="left"><td><span class="Form_Title">Random Quotes</span><HR width="100%" SIZE="1"></td></tr>'."\n"; echo $Spacing.'</table>'."\n"; echo $Spacing.'<br>'."\n"; echo $Spacing.'<table border="0" cellpadding="0" cellspacing="1" style="font-size:9pt;width:550px;">'."\n"; echo $Spacing.' <tr style="background-color:#666;color:#FFF;"><td style="background-color:#FFF;color:#FFF;"></td><td><b> Random Quote Id</b></td><td><b> Random Quotes</b></td><td><b> Delete</b></td></tr>'."\n"; $i = 0; while ($i < $RowCnt) { $REC_QUOTES_ID = mysql_result($SqlResult,$i,"REC_QUOTES_ID"); $REC_QUOTES = mysql_result($SqlResult,$i,"REC_QUOTES"); $Spacing = " "; echo $Spacing.'<tr style="background-color:#F5F5F5;color:#666;">'; echo '<td style="background-color:#FFF;"></td>'; echo '<td style="width:20px;"> '.$REC_QUOTES_ID.'</td>'; echo '<td style="width:60px;"> '.$REC_QUOTES.'</td>'; echo '<td align="center" style="width:50px;">'; echo '<table border="0" cellpadding="0" cellspacing="0" style="margin-top:2px;width:38px;height:16px;">'; echo '<form name="form1" method="post" action="Random-Quotes_Manager.php?Action=Remove&Post=True">'; echo '<tr height="16" align="center"><td>'; echo '<td align="center"><input name="need_delete['.$REC_QUOTES_ID.']" type="checkbox" id="checkbox['.$REC_QUOTES_ID.']" value="'.$REC_QUOTES_ID.'"></td>'; echo '</td></tr>'; echo '<tr><td></td></tr>'; echo '</table>'; echo '</td>'; echo "</tr>\n"; $i++; } } else { $Spacing = " "; echo $Spacing.'<tr><td></td><td><font face="Verdana" size="2"><b>No Entries Found.</b></font><br></td></tr>'."\n"; } $Spacing = " "; echo $Spacing."</table><br><br></center>\n"; if ($RowCnt > 0) { echo '<tr>'; echo '<td align="center" style="width:50px;">'; echo '<td colspan="5" align="center" bgcolor="#FFFFFF"><input name="delete" color="#666666" type="submit" id="delete" value="" class="Form_Btn_delete" /></td></td>'; echo '</tr>'; echo '</form>'; } } ?> please help me its been almost a 2 weeks and i still can`t get this right

i know the reason it is showing both the add quote and the quotes together is because of this part of the code but i dont know any other way if ($Action == "Remove") { Remove_Quote(); } if ($Action == "Add") { Add_Now(); } else Show_Add_form(); if ($Action != "Remove") { Show_Quotes(); }