Jump to content

Fair Slice Beta Project

holiks

By holiks
in Beta Test Your Stuff!

 Share

Recommended Posts

holiks Newbie

holiks

Posted
Posted

Fair Slice....

A small project I found laying around that I started some time ago and never finished.

So some nights ago decided to picked up on it again and these are the results thus far.

I guess in short one can say it's a sorta media publishing, socializing,

Would appreciate any comments, suggestions, questions, criticisms, sarcasm etc  :)

www.fairslice.com

http://www.fairslice.com

...tia...

 

Link to comment
https://forums.phpfreaks.com/topic/80583-fair-slice-beta-project/
Share on other sites
agentsteal Newbie

agentsteal

Posted
Posted

Full Path Disclosure:

There is Full Path Disclosure if you set the PHPSESSID cookie to an invalid value.

Warning: session_start(): The session id contains invalid characters, valid characters are only a-z, A-Z and 0-9 in /home/content/t/h/e/thekenchow/html/index.php on line 11

 

Warning: session_start(): Cannot send session cache limiter - headers already sent (output started at /home/content/t/h/e/thekenchow/html/index.php:11) in /home/content/t/h/e/thekenchow/html/index.php on line 11

 

Warning: Unknown(): The session id contains invalid characters, valid characters are only a-z, A-Z and 0-9 in Unknown on line 0

 

Warning: Unknown(): Failed to write session data (files). Please verify that the current setting of session.save_path is correct (/tmp) in Unknown on line 0

 

Full Path Disclosure:

There is Full Path Disclosure on http://www.fairslice.com/index.php?dest=search if a search contains an invalid character.

Fatal error: Call to undefined function: str_ireplace() in /home/content/t/h/e/thekenchow/html/search.php on line 375
holiks Newbie

holiks

Posted
  • Author
Posted

I tried to register a 26 character username and a 4 character pass and it came up with an error saying "username OR password cannot exceed 32 characters".. ?

The code has been changed to reflect the fact that usernames and passwords can only contain letters and numbers.

Thank you.

Coreye Member

Coreye

Posted
Posted

MySQL Error:

http://www.fairslice.com/index.php?dest=members&page='

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '-15, 15' at line 1

 

Full Path Disclosure:

]http://www.fairslice.com/index.php?dest=members&page[]

Fatal error: Unsupported operand types in /home/content/t/h/e/thekenchow/html/memberlist.php on line 53

 

You can add comments to a users profiles that doesn't exist.

http://www.fairslice.com/index.php?dest=members&act=memberview&objectid=0

Coreye Member

Coreye

Posted
Posted

Full Path Disclosure:

http://www.fairslice.com/index.php?dest=requests&act=addmem&mem=1

Warning: mysql_result(): Unable to jump to row 0 on MySQL result index 5 in /home/content/t/h/e/thekenchow/html/requests.php on line 10

 

When adding a calender event you can submit non integers into the year field.

 

You can view others private messages.

holiks Newbie

holiks

Posted
  • Author
Posted

Oh and BTW I really appreciate the input on security....always useful...and I see many posts in this section even requesting it. But feel free to speak on other aspects...your overall view of the site, functionality, design etc. :)

 

This just couldn't be all...or could it? ....baaah humbug :)  ..i think the video/audio - upload/playing works pretty well, though not sure of the efficiency of the code (/me thinks code could smaller and faster :) ) .it pretty much stores a temporary file for download by user, which was originally pulled from a...well mysqldb. Yes I went the way of storing pretty much all media (music/video/pics) into the db with a "garbage cleanup" performed ever so often (in case, for some reason the client needs to retry their request within a short period of time).

 

[-edit-]

Oh btw please excuse my above post about aesthetic comments...for my eyes have jst discovered the Critique forum :P

 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.