Kindly dont spoil my site but try to find flaws and report to me

[Maq]

This is growing wild, to the point where it's useless.  If you summarize what everyone has said, as far as design and looks, your site needs to be redone.  There's nothing you can do to it to make it look good in any way.  Not to be rude 

 

dID YOU USE LEFT SIDE MENU VERSION/ LAYOUT

 

I've gone through most of your site.  I still feel the same way...

[darkfreaks]

the function absolutely SUCKS!!!!!!!!! it does NOT WORK AT ALL!!!!

 

PLEASE DO NOT CHANGE MY FUNCTION!.

 

 

THANKS

 

 

<?php
// clean function
function clean(&$var,$link)
{
$var=trim(strip_tags($var,$link));
$var=mysqli_real_escape_string($link,$var);
$var=htmlspecialchars($var,ENT_QUOTES);}
//outputting function without calling it on every variable//
array_walk_recursive($_POST,'clean');
// PHP4 version array_walk($_POST,'clean'); //

?>

[Mchl]

darkfreaks: this function will need $link to be passed to it.

 

And it's

$var=mysqli_real_escape_string($link,$var);

 

not

$var=mysqli_real_escape_string($var,$link);

[darkfreaks]

fixed thanks

 

<?php
// clean function
function clean(&$var,$link)
{
$var=trim(strip_tags($var));
$var=mysqli_real_escape_string($link,$var);
$var=htmlspecialchars($var,ENT_QUOTES);}
//outputting function without calling it on every variable//
array_walk_recursive($_POST,'clean');
// PHP4 version array_walk($_POST,'clean'); //

?>

 

oops honest mistake 

[Mchl]

Why do you pass $link to strip_tags ?

[darkfreaks]

*passes hand over head* yeah im zoned out tonight

 

 

<?php
// clean function
function clean(&$var,$link)
{
$var=trim(strip_tags($var));
$var=mysqli_real_escape_string($link,$var);
$var=htmlspecialchars($var,ENT_QUOTES);}
//outputting function without calling it on every variable//
array_walk_recursive($_POST,'clean');
// PHP4 version array_walk($_POST,'clean'); //

?>

[torb]

I think one of the reasons that people get different results when looking at your site is that it isn't valid html. See http://validator.w3.org/check?uri=http%3A%2F%2Fwww.ucy.in%2Ftcmb%2F&charset=(detect+automatically)&doctype=Inline&group=0 for errors

 

I feel sort of bad for you, and feel you should try to get some help with the design of your site. I know my thoughts may be irrelevant, but here are some of my hints at what would make it more appealing :

 

1) Less information

People who are on the net have so much to chose from that they rarely read an entire page. So keep only the vital bits. Learn how to write copy - skip stating obvious things like "click on CONTACT to open the address." People know it is a link and will click it if they need it

 

2) Less clutter

When you have less information displayed this may longer be a big issue. The main thing is to not fall into the trap of EXPLOITING all the Different typographical features. They will fight for attention, and the end-user will lose out (eg. your left-side menu alone uses at least 3 different styles for links).

 

3) Cave in, go for a template

Don't be afraid to use a free template - the end result will be a lot better, even if you can't say 'I made it all myself'. Think of the people who will be visiting your site rather than thinking of your craftmanship - you can do more work later. Most (if not all) webmasters have started with virtually no design skills. How about starting off with a template and then modifying it bit-by-bit over the months into it becomes something you can call your own, and is still something that end users will want to visit?

 

With a decent CSS template, you will also get much better results in search engines.

With a decent CSS template, you will also get friendly design and content that is properly and logically structured and styled.

 

Search results=new members=more money?

Friendly design=new members=more money?

 

 

...More to the point, I tried testing the log-in-area, started with the CAPTCHA 'crossed-box' and all the javascript notifications, although polite, just annoyed me to the point I gave up right away.'

 

I sincerely wish you the best of luck.

 

Inspiration:

http://www.csselite.com/

http://cssvault.com/

http://www.smashingmagazine.com/2006/12/21/creme-de-la-creme-of-css-list-of-css-galleries/

 

[om]

I think one of the reasons that people get different results when looking at your site is that it isn't valid html. See http://validator.w3.org/check?uri=http%3A%2F%2Fwww.ucy.in%2Ftcmb%2F&charset=(detect+automatically)&doctype=Inline&group=0 for errors

 

I feel sort of bad for you, and feel you should try to get some help with the design of your site. I know my thoughts may be irrelevant, but here are some of my hints at what would make it more appealing :

 

1) Less information

People who are on the net have so much to chose from that they rarely read an entire page. So keep only the vital bits. Learn how to write copy - skip stating obvious things like "click on CONTACT to open the address." People know it is a link and will click it if they need it

 

2) Less clutter

When you have less information displayed this may longer be a big issue. The main thing is to not fall into the trap of EXPLOITING all the Different typographical features. They will fight for attention, and the end-user will lose out (eg. your left-side menu alone uses at least 3 different styles for links).

 

3) Cave in, go for a template

Don't be afraid to use a free template - the end result will be a lot better, even if you can't say 'I made it all myself'. Think of the people who will be visiting your site rather than thinking of your craftmanship - you can do more work later. Most (if not all) webmasters have started with virtually no design skills. How about starting off with a template and then modifying it bit-by-bit over the months into it becomes something you can call your own, and is still something that end users will want to visit?

 

With a decent CSS template, you will also get much better results in search engines.

With a decent CSS template, you will also get friendly design and content that is properly and logically structured and styled.

 

Search results=new members=more money?

Friendly design=new members=more money?

 

 

...More to the point, I tried testing the log-in-area, started with the CAPTCHA 'crossed-box' and all the javascript notifications, although polite, just annoyed me to the point I gave up right away.'

 

I sincerely wish you the best of luck.

 

Inspiration:

http://www.csselite.com/

http://cssvault.com/

http://www.smashingmagazine.com/2006/12/21/creme-de-la-creme-of-css-list-of-css-galleries/

 

Thank You Very Much.

 

I have downloaded lots of css from w3c, other css, but css tabs, pinned menus wont work with ie6 and other older browsers, i checked on my system.

 

At present my code works on all versions and brands of browsers.

 

My site is getting stuck in iNTERNET eXPLORER  after submit

 

Can you guess why??

 

 

 

[om]

the function absolutely SUCKS!!!!!!!!! it does NOT WORK AT ALL!!!!

 

PLEASE DO NOT CHANGE MY FUNCTION!.

 

 

THANKS

 

 

<?php
// clean function
function clean(&$var,$link)
{
$var=trim(strip_tags($var,$link));
$var=mysqli_real_escape_string($link,$var);
$var=htmlspecialchars($var,ENT_QUOTES);}
//outputting function without calling it on every variable//
array_walk_recursive($_POST,'clean');
// PHP4 version array_walk($_POST,'clean'); //

?>

 

Seriously Can any one claim of downing my site as for the past two sundays  It was down for some not yet discovered reasons?

 

Was Some one successfully able to hack the site?????????

 

 

[om]

*passes hand over head* yeah im zoned out tonight

 

 

<?php
// clean function
function clean(&$var,$link)
{
$var=trim(strip_tags($var));
$var=mysqli_real_escape_string($link,$var);
$var=htmlspecialchars($var,ENT_QUOTES);}
//outputting function without calling it on every variable//
array_walk_recursive($_POST,'clean');
// PHP4 version array_walk($_POST,'clean'); //

?>

 

the function absolutely SUCKS!!!!!!!!! it does NOT WORK AT ALL!!!!

 

PLEASE DO NOT CHANGE MY FUNCTION!.

 

 

THANKS

 

 

<?php
// clean function
function clean(&$var,$link)
{
$var=trim(strip_tags($var,$link));
$var=mysqli_real_escape_string($link,$var);
$var=htmlspecialchars($var,ENT_QUOTES);}
//outputting function without calling it on every variable//
array_walk_recursive($_POST,'clean');
// PHP4 version array_walk($_POST,'clean'); //

?>

 

Seriously Can any one claim of downing my site as for the past two sundays  It was down for some not yet discovered reasons?

 

Was Some one successfully able to hack the site?????????

 

What do you mean by

 

the function absolutely SUCKS!!!!!!!!!????????? please describe either technically / emotionally or both seperately???????????

 

 

Well i tested  it does WORK ALL!!!!

 

then only i posted!!!!!!!!!!!!!!!!!!!!!!!!!

 

 

PLEASE DO NOT CHANGE MY FUNCTION!.

 

Why  - = >> please describe either technically / emotionally or both seperately???????????

 

[darkfreaks]

you sure it works ???

 

Failures:

 

Server Status Code: 302 Found

Tested value: 1' OR '1'='1

Server Status Code: 302 Found

Tested value: &#49&#39&#32&#79&#82&#32&#39&#49&#39&#61&#39&#49

Server Status Code: 302 Found

Tested value: %31%27%20%4F%52%20%27%31%27%3D%27%31

Server Status Code: 302 Found

Tested value: 1 UNI/**/ON SELECT ALL FROM WHERE

Server Status Code: 302 Found

Tested value: 1 UNION ALL SELECT 1,2,3,4,5,6,name FROM sysObjects WHERE xtype = 'U' --

Server Status Code: 302 Found

Tested value: 1 AND ASCII(LOWER(SUBSTRING((SELECT TOP 1 name FROM sysobjects WHERE xtype='U'), 1, 1))) > 116

Server Status Code: 302 Found

Tested value: ' OR username IS NOT NULL OR username = '

Server Status Code: 302 Found

Tested value: 1' AND non_existant_table = '1

Server Status Code: 302 Found

Tested value: 1'1

Server Status Code: 302 Found

Tested value: '; DESC users; --

Server Status Code: 302 Found

Tested value: 1 AND USER_NAME() = 'dbo'

Server Status Code: 302 Found

Tested value: 1' AND 1=(SELECT COUNT(*) FROM tablenames); --

Server Status Code: 302 Found

Tested value: 1 AND 1=1

Server Status Code: 302 Found

Tested value: 1 EXEC XP_

Server Status Code: 302 Found

Tested value: 1'1

Server Status Code: 302 Found

Tested value: 1' OR '1'='1

Server Status Code: 302 Found

Tested value: 1 OR 1=1

[om]

you sure it works ???

 

Failures:

 

Server Status Code: 302 Found

Tested value: 1' OR '1'='1

Server Status Code: 302 Found

Tested value: &#49&#39&#32&#79&#82&#32&#39&#49&#39&#61&#39&#49

Server Status Code: 302 Found

Tested value: %31%27%20%4F%5..............

 

hOW DID YOU GET / GENERATE THIS REPORT????????????

 

VERY DIFFICULT TO UNDERSTAND CAN u HELP??????????

 

[darkfreaks]

i used SQL inject me its a firefox addon

[om]

i used SQL inject me its a firefox addon

 

pLEASE REPLY TO MY EARLIER POSTS

 

SO YOU ARE STILL UNABLE TO GAIN ENTRY INTO MY SITE WITH VALUES???????

 

 

[darkfreaks]

gain entry? no that is not what it is designed to do. it is designed to scan your form for exploits. if it returns positive it lists each attempt.

 

like i said earlier somehow function clean_post() is not working can you turn on error_reporting and tell me if it throws an error?

 

[ardyandkari]

personally i think that this should be put somewhere else, because we have gone from "beta testing" to offering basic help which is not being listened to...  i dont know if anyone else agrees, but really, you have been given ideas as to the layout, color scheme, etc. to actual sql injections...

 

i dont know what more you want for us to do om...fix the problems and then re-post.

[DarkWater]

I don't think he really got the point of any of these posts.  Let me summarize:

 

[*]The layout is disgusting.  It's cluttered, horribly designed and it doesn't even validate.

[*]I can't think of a good reason as to why anyone would use whatever service your site provides (which I actually have trouble figuring out...).

[*]You are completely open to SQL injections and your site could probably be killed in a matter of seconds.

[*]????

[*]PROFIT!

 

Sorry 'bout the last two items, I had to.

[darkfreaks]

bing bing bing bing bing bing bing we have a winner Johny!

[darkfreaks]

bloop no wonder it is not working keep it to one variable. 

 

<?php
include_once("sp_dbcon.php");
function clean($var) {
  
   $sp_dbcn = new sp_dbcon();
    $link = $sp_dbcn->sp_getConc();
$var=(strip_tags(trim($var)))
$var=mysql_real_escape_string($link,$var);
$var=htmlspecialchars($var,ENT_QUOTES);

mysqli_close($link);
}

array_walk_recursive($_POST,'clean');


?>

 

 

[om]

I don't think he really got the point of any of these posts.  Let me summarize:

 

[*]The layout is disgusting.  It's cluttered, horribly designed and it doesn't even validate.

[*]I can't think of a good reason as to why anyone would use whatever service your site provides (which I actually have trouble figuring out...).

[*]You are completely open to SQL injections and your site could probably be killed in a matter of seconds.

[*]????

[*]PROFIT!

 

Sorry 'bout the last two items, I had to.

 

 

Leave layout

 

How to SQL injections

 

through firefox 3.0.4

 

can please give / site an example strings

of how to inject

 

 

 

 

and your site could probably be killed in a matter of seconds.

 

[darkfreaks]

my function is guaranteed to work

 

 

you can do your thread id's and whatnot in another function right now we are cleaning up injection

[blueman378]

om have you even googled sql injection?

[aximbigfan]

Here is the url to the site (on Google cache). Apparently, someone "spoiled" his site already...

http://tinyurl.com/6erjhc

 

 

I don't see any way this site could somehow be made to look ok. It is one horrible mass of moving text.

 

You shouldn't make the layout all green because "it takes less energy". It may take slightly less energy, but that is no excuse, IE, it isn't going to save the world, or lower anyone's electric bill. If you want, you might make a white background, with a green container in the middle, or something, but dark green doesn't strike me as being a good background color on a website.

 

If you are intending to make money off the site in it's current state, you must be nuts. I couldn't even find a link to pay you.

 

Bottom line:

* Drop the green

* Drop the marquees

* Why the Christ is one of your key words "terrorists"

* FOR THE LOVE OF GOD, ENOUGH WITH THE  S!!!!!!!!!!

* Use your keywords right. Hadley any of them relate to your sites content, or lack thereof.

* Did you get permission from http://hyderabad.sancharnet.in/ to leech their images?

* Infinite other things

* ????

* Profit

 

Chris

[ardyandkari]

you know......i didnt see much difference.......

 

top 3 sites that came up on google with the phrase "sql injection"

http://en.wikipedia.org/wiki/SQL_injection

http://www.unixwiz.net/techtips/sql-injection.html

http://www.securiteam.com/securityreviews/5DP0N1P76E.html

 

read up on injection techniques...from what darkfreaks already said, you are still vulnerable. 

[om]

you know......i didnt see much difference.......

 

top 3 sites that came up on google with the phrase "sql injection"

http://en.wikipedia.org/wiki/SQL_injection

http://www.unixwiz.net/techtips/sql-injection.html

http://www.securiteam.com/securityreviews/5DP0N1P76E.html

 

read up on injection techniques...from what darkfreaks already said, you are still vulnerable.

 

My site is up please dont let it go down,

 

I have uploaded a new clean()

 

So, please check the vulnerability NOW 1810HRS iNDIAN STD. TIME.