Kindly dont spoil my site but try to find flaws and report to me

[om]

1.  The layout still looks incredibly bad.  Do you really think that it looks good?

 

2.  Stop posting with random caps lock.

 

3.  I'm surprised that nobody has actually said anything to you about the err...religious propaganda.  Everyone doesn't believe in god, you know.  Just saying.

 

4.  It seems, like darkfreaks said, that you aren't sanitizing your input still.  In the clean() function, why are you starting a new connection every single time?

 

Thanks for ur feed back

 

I check speaks site

 

many links still to linked properly

 

like the ones on my sites.

 

Well I will try to make it looooooooook still better

[darkfreaks]

this will automatically clean every post variable you dont even have to call the function it does everything just put it where you define the variables.

 

<?php
if(get_magic_quotes_gpc())
{
//clean XSS/SQL injection
function clean($var) {

$var=strip_tags(trim(mysqli_real_escape_string($var)));//changed $text to $var my bad
$var=htmlspecialchars($var,ENT_QUOTES);
return $var;
}

array_walk_recursive($_POST,'clean');
} 
?>

[om]

this will automatically clean every post variable you dont even have to call the function it does everything just put it where you define the variables.

 

<?php
if(get_magic_quotes_gpc())
{
//clean XSS/SQL injection
function clean($var) {

$var=strip_tags(trim(mysqli_real_escape_string($var)));//changed $text to $var my bad
$var=htmlspecialchars($var,ENT_QUOTES);
return $var;
}

array_walk_recursive($_POST,'clean');
} 
?>

 

 

What is the meaning of this

 

//changed $text to $var my bad

 

cant $text to $var be done and if done, will it not work?

 

The version of version is working well,

 

and more over please include  you feed back on

 

wAS SOME ONE ABLE ENTER INTO MY SITE WITHOUT VALUES,

 

WAS IT VULNERABLE TO ANY KIND OF ATTACKS, PLEASE LET ME KNOW,

 

BUT PLEASE DONT DESTROY.

 

www.ucy.in/tcmb/

 

[darkfreaks]

for some reason those exploits are still there hmmm

[darkfreaks]

can you post the code for register page ???

 

 

thanks

[darkfreaks]

figured it out i put on error_reporting() and found out it has to connect to the database. so im modifying it.

<?php
if(get_magic_quotes_gpc())
{
//clean XSS/SQL injection
function clean_post($var) {
$link-mysqli_connect('localhost','username','password');
$var=strip_tags(trim($var)
$var=htmlspecialchars($var,ENT_QUOTES);
$var=mysqli_real_escape_string($var,$link);
return $var;
}

array_walk_recursive($_POST,'clean_post');
} 
?>

[darkfreaks]

sorry more correcting:

 

<?php

//clean XSS/SQL injection
function clean_post($var) {
$link=mysqli_connect('localhost','username','password');
$var=strip_tags(trim($var)
$var=htmlspecialchars($var,ENT_QUOTES);
$var=mysqli_real_escape_string($var,$link);
return $var;
}

array_walk_recursive($_POST,'clean_post');

?>

[om]

for some reason  are still there hmmm

 

can detail them [those exploits] please ...please ...please ...please ...

 

and how do u attempt??

 

 

[darkfreaks]

have you even tried my new modified version of the function without magic_quotes and that connects to mysqli database ???

[darkfreaks]

sorry spotted a minor error.....

 

 

<?php

//clean XSS/SQL injection
function clean_post($var) {
$link=mysqli_connect('localhost','username','password');
$var=strip_tags(trim($var)
$var=htmlspecialchars($var,ENT_QUOTES);
$var=mysqli_real_escape_string($link,$var);//had it backwards
return $var;
}

array_walk_recursive($_POST,'clean_post');

?>

[om]

lol the thing thats interesting is a site that was designed to show what a bad website looks like (http://www.angelfire.com/super/badwebs/) is easier to look at than this...

 

 

btw can you explain to me what your site actually is (i couldnt look at it long enough to tell)

 

Its a common message board for groups just like this one

 

[om]

<?php

 

//clean XSS/SQL injection

function clean_post($var) {

$link=mysqli_connect('localhost','username','password');

$var=strip_tags(trim($var)

$var=htmlspecialchars($var,ENT_QUOTES);

$var=mysqli_real_escape_string($link,$var);//had it backwards

return $var;

}

 

array_walk_recursive($_POST,'clean_post');

 

?>

 

$var=strip_tags(trim($var)

 

is in complete put  );

 

AND  PLEASE ANSWER MY EARLIER POSTS.

[Mchl]

Its a common message board for groups just like this one

 

And why would anyone pay to use it?

[om]

Its a common message board for groups just like this one

 

And why would anyone pay to use it?

 

 

Click and Read the presentation link on the left side

 

www.ucy.in/tcmb

[blueman378]

Click and Read the presentation link on the left side

www.ucy.in/tcmb

 

oh sorry i didnt see the link there with it being so cramped and all...

[Mchl]

Sorry, but I can't see it working... You're requiring a photo and a postal address of each member prior to registering? 5USD a year for 10MB?

 

Either internet in India is really weird, or you're seriously wrong with your expectations.

[Maq]

This is growing wild, to the point where it's useless.  If you summarize what everyone has said, as far as design and looks, your site needs to be redone.  There's nothing you can do to it to make it look good in any way.  Not to be rude 

[waynew]

Improved Version of clean() and how to call it:

 

<?php
function clean($var) {

$var=strip_tags(trim(mysql_real_escape_string($text)));
$var=htmlspecialchars($var,ENT_QUOTES);
return filter_var($var,FILTER_SANITIZE_STRING);
}
$hregcd=clean($_POST['hregcd']);
$hu_grp_id=clean($_POST['hu_grp_id']);
$hcuna=clean($_POST['hcuna']);
$huid=clean($_POST['huid']);
$htpwd=clean($_POST['htpwd']);
$htpwd1=clean($_POST['htpwd1']);
$ribtn=clean($_POST['ribtn']);
$cbe=clean($_POST['cbe']);
$jbs_reg=clean($_POST['jbs_reg']);
?>

 

A little bit too restrictive don't you think? I hate strip tags. Htmlentities will handle every problem that strip tags handles and more. Also, shouldn't you specify a charset for your output cleaning? Not just for security but for "unusual" characters purposes. Things such as € sometimes get screwed up.

[justinh]

I'm sorry to say, but as your site is now, if someone paid to be apart of this "message board", I would redirect them to a mental hospital.

 

I would suggest looking into CSS ( Cascading Style Sheet) tutorials.

 

Try a search on google for "css tutorials"

 

As far as the site you have now, i really suggest ctrl + a , backspace.

 

 

 

 

 

[om]

Sorry, but I can't see it working... You're requiring a photo and a postal address of each member prior to registering? 5USD a year for 10MB?

 

Either internet in India is really weird, or you're seriously wrong with your expectations.

 

No, Not At All !!!

 

SIFY MAIL HANDED OVER ITS FREE MAIL MEMBERS TO GOOGLE,

 

yAHOO IS LOOSING. aS TIKE PASSES BY FREE SUPPORTS ARE AND WILL BE DIFFICULT TO MAINTAIN EVEN WITH ADVERTISEMENTS.

 

hENCE, i THINK CHEAP NO ADVT. IS BEST.

 

2.5 paise / message with out advertisements.

 

jUST CHECK MESSAGES AND YOU ARE OUT WITHOUT MIND DEVIATIONS.

 

[om]

This is growing wild, to the point where it's useless.  If you summarize what everyone has said, as far as design and looks, your site needs to be redone.  There's nothing you can do to it to make it look good in any way.  Not to be rude 

 

AS said I am the days of TXT U I, SO IT TAKES LITTLE WHILE TO THE CSS VERSION.

 

i HAVE DOWNLOADED LATEST LEVEL 3 CSS, SELF  LEARN AND IMPLEMENTION  WILL TAKE A LITTLE TIME. ITS ONE MAN SHOW.

 

[Maq]

AS said I am the days of TXT U I, SO IT TAKES LITTLE WHILE TO THE CSS VERSION.

 

From the looks of your site currently, it looks like you have made no attempt to use CSS.  I would advise you to just keep the functionality and work strictly on style.

[om]

This is growing wild, to the point where it's useless.  If you summarize what everyone has said, as far as design and looks, your site needs to be redone.  There's nothing you can do to it to make it look good in any way.  Not to be rude 

 

dID YOU USE LEFT SIDE MENU VERSION/ LAYOUT

[om]

can you post the code for register page ???

thanks

 

 

HUGE HUGE HUGE HUGE HUGE tHANKS FOR YOU LATEST clean_post()

 

I debugged it 15 hrs,

and here is bug free one that is now really working.

 

LOVE U DARKFREAKS,

 

DONT MIND, SOME TIMES I DO MISS IMPORTANT WORDS, MAY BE YOU TOO HAVE. THATS ALL PART OF GOD. 

 

HERE AFTER PLEASE TEST CODE AND POST SO THAT IT CAN BE FURTHER TESTED

 

 

mY QUESTION IS IS LEFT UN ANSWERED

 

WERE YOU ABLE TO SNEAK INTO MY APPLICATION?????///

 

function cleanDolr_post(&$item, &$key) {

  /* check connection */

  {

  $sp_dbcn = new sp_dbcon();

    $link = $sp_dbcn->sp_getConc();

$item=mysqli_real_escape_string($link,htmlspecialchars(strip_tags(trim($item)),ENT_QUOTES));

/* determine our thread id */

$thread_id = mysqli_thread_id($link);

/* Kill connection */

mysqli_kill($link, $thread_id);

/* close connection  $_SESSION[cnt_con]++;*/

mysqli_close($link);

  }

// echo "$key holds $item\n";

return $item;

  }

 

[Mchl]

No, Not At All !!!

 

SIFY MAIL HANDED OVER ITS FREE MAIL MEMBERS TO GOOGLE,

 

yAHOO IS LOOSING. aS TIKE PASSES BY FREE SUPPORTS ARE AND WILL BE DIFFICULT TO MAINTAIN EVEN WITH ADVERTISEMENTS.

 

hENCE, i THINK CHEAP NO ADVT. IS BEST.

 

2.5 paise / message with out advertisements.

 

jUST CHECK MESSAGES AND YOU ARE OUT WITHOUT MIND DEVIATIONS.

 

Well then. I wish you all the best. I will certainly be interested in how it evolves...