my website, is it good?

Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/content/m/d/o/mdoneonOne/html/rrg/content/media.php on line 24

Full Path Disclosure:

http://www.mdoneonone.com/rrg/index.php?cat_id=3&page

Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/content/m/d/o/mdoneonOne/html/rrg/content/content.php on line 106

Full Path Disclosure:

http://www.mdoneonone.com/rrg/content/media.php

Warning: main(config.php): failed to open stream: No such file or directory in /home/content/m/d/o/mdoneonOne/html/rrg/content/media.php on line 11

Warning: main(config.php): failed to open stream: No such file or directory in /home/content/m/d/o/mdoneonOne/html/rrg/content/media.php on line 11

Warning: main(): Failed opening 'config.php' for inclusion (include_path='.:/usr/local/lib/php') in /home/content/m/d/o/mdoneonOne/html/rrg/content/media.php on line 11

Warning: mysql_connect(): Can't connect to local MySQL server through socket '/usr/local/mysql-5.0/data/mysql.sock' (2) in /home/content/m/d/o/mdoneonOne/html/rrg/content/media.php on line 12

Could not connect: Can't connect to local MySQL server through socket '/usr/local/mysql-5.0/data/mysql.sock' (2)

Insecure Cookie:

You shouldn't put the password in the cookie.

Insecure Cookie:

You shouldn't put the username in the cookie.

You can log in as any user by changing the ava_username cookie and the ava_code cookie to their username and password.

chmpdog · January 28, 2008

DANG!!

Its like you guys have a sixth sense! I am really impressed. Thanks a lot.

I have a few questions:

what does Cross Site Scripting mean?

How can I fix the Insecure Cookies, Is there a tutorial?

Thanks again, really hepful

legohead6 · January 28, 2008

cross site scripting is entering code into input boxes to access other areas of the site..

phpSensei · January 28, 2008

You can prevent XSS, and other security holes if use mysql_real_escape_string for sql injection, or strip_tags for XSS. Those are 2 in a thousand ways of doing it, how you want to do it is your choice. There are tutorials, just search up PHP sql injection for prevention tips.

Nice website, and good luck.

tibberous · January 30, 2008

Doesn't work in Opera, or firefox if your font is any bigger than the default.

I'd scrap the menu.

BradleyBrokers · February 1, 2008

Looks good, but may I suggest:

(1) There is not enough contrast between background colors and some of the text on the home page.

(2) The images in the gallery should be consistently the same hight x width & without distortion.

(3) There is too much text information at the opening of the home page. It should be clear to a guest what the website is about within 2 seconds of the load. You may wish to emphasize a single headline or a headline with a subheadline.

(4) The text is too small in portions of the website.

...That is my humble non-tech opinion. Otherwise it looks great! Tom

awpti · February 5, 2008

You can prevent XSS, and other security holes if use mysql_real_escape_string for sql injection, or strip_tags for XSS. Those are 2 in a thousand ways of doing it, how you want to do it is your choice. There are tutorials, just search up PHP sql injection for prevention tips.

Nice website, and good luck.

This is almost true.

mysql_real_escape_string can mitigate SQL Injection attempts. There are a lot of XSS Filters about that one can impliment in their own codebase - or make use of a framework with a built-in XSS filter (KohanaPHP)

Sign In

my website, is it good?

Recommended Posts

chmpdog

Link to comment

Share on other sites

AndyB

Link to comment

Share on other sites

agentsteal

Link to comment

Share on other sites

chmpdog

Link to comment

Share on other sites

legohead6

Link to comment

Share on other sites

phpSensei

Link to comment

Share on other sites

tibberous

Link to comment

Share on other sites

BradleyBrokers

Link to comment

Share on other sites

awpti

Link to comment

Share on other sites

Browse

Activity

Important Information