Jump to content

TinyI

Members
  • Posts

    19
  • Joined

  • Last visited

TinyI's Achievements

Newbie

Newbie (1/5)

0

Reputation

  1. Hi, generally, as a rule, always make sure you filter any input, and escape any output. That rules out many problems you'll have security wise. Have regexes to look at things which are trying to break your SQLs such as sleeps or 'ORS' or 'UNIONS' etc. There is a distro of linux called Kali which is a pen-testing distro. It has tools ready installed. Obviously, your testing will only be as good as your knowledge of the tools to test it with. Please note, I personally haven't tried this myself, but had it recommended. Good luck.
  2. Look at the developers' guide on paypal's site. This gives you all the help you'd need to do this.
  3. Hi, There may be something deeper within your code that is causing the double/triple frames that needs to be refactored as that code which you have there its pretty standard and should work fine. Have a look for other causes in php. Possibly even looking at how each page's HTML is generated as that seems to be the true root cause.
  4. Hey, this means you have something like parenthesis or curly braces not closed in your file. It's just a case of going through whenever something is opened and making sure it's closed. It shouldn't take you too long to find, go through it a few lines at a time, where you made your changes.
  5. Hey, that generally means you could have a syntax or a fatal error. Have you turned error_reporting on? If you can post your code here, I can have a quick look and see if I can spot the problem for you.
  6. Two things you can try; Replace that echo with exit(header("location:http://www.urlofsitegoeshere.com")); or if that gives you an "headers already sent" error, then use $string = '<script type="text/javascript">'; $string .= 'window.location = "'http://www.urlgoeshere.../whereWeGo/'"'; $string .= '</script>'; echo $string;
  7. I think the email your sending out is what is possibly causing the "headers already sent" error. The other thing you could try is redirecting via javascript. Not as nice/easy, but it works. $string = '<script type="text/javascript">'; $string .= 'window.location = "'http://www.urlgoeshere.../whereWeGo/'"'; $string .= '</script>'; I've never really worked with captchas, so bringing the code local and doing some tests might be a lil annoying - but if you want me to try it out, I can if you help me set up the basic page of this.
  8. The $_REQUEST is actually a combination of $_GET and $_POST. I was always taught to use $_REQUEST instead. You saw how the url was passed into the page? Well it works just from that. It takes the id from the url. By the way, please, please, please make sure to run filters on that string. As of PHP5, we have filter functions. So use the filter functions for integers and when you've cleaned & validated it, then let it touch the database. If you need any more help, let me know. I can go through it with you.
  9. Hey, a few things I want to point out to you. Your password check is happening a bit too late. By that point, you've locked the table and that exit you have in your code will stop your code dead in its tracks, meaning the release will never happen and so you're a bit stuck! Rare that it will happen, but when it does, you'll be scratching your head for hours. Other thing I suggest is at the very least, change your functions to the MySQLi ones. MySQL functions are deprecated now so save yourself from headache. I'd personally say use something like PDO, as for a text-based game, it could be quite prone to attacks from wannabe hackers trying to learn something (talking from experience). As far as your scripts are concerned though, it seems fine. I would personally use a MySQL transaction as a bit of protection just in case something does mess up somewhere along the way for reason X,Y,Z, you can just do a rollback and throw an exception which notifies you. Better to be paranoid than having bad data.
  10. Hey, I'm assuming you mean when your user has logged in or click on a link, you want it to take them to their own specific member page? For the url, you'd need something like $url = 'member_page.php?member_id=${member_id}' Then, on the page, you'd need a $_REQUEST['member_id'] to grab that id and load their specific page. Hope this helps. If you need any clarification or if I assumed incorrectly, let me know.
  11. my bad! forgot the quotes! exit(header('location:http://www.google.com')); that should work. I've tested that just now on some code. Regards, TinyI
  12. I would use exit(header(location:http://pageurlgoeshere));
  13. Hey, inside your while loop, you need two switch statements to determine the colour. They will be pretty identical so I'll give you an example for you to change. // get colour from value switch($value) { case 0: // value goes after the case. so where I've put 0. You could even put words (make sure they're quoted). $colour = red; break; // after doing what you need to do in a case, always add a break. There are a few times where you won't, but you generally will. case 1: $colour = blue; break; default: // anything not covered above can be caught in the default $colour = black; break; } Hopefully this helps? If you need me to explain, just ask
  14. Hey, a few problems. Mostly, you're not closing tags. If you look around the <table> tag you have, you'll see that you opened up <tr>, but haven't closed it. Another problem - the php code you have running is outside of all the HTML - which is fine for processing any data from a form, but when you want to get data to display, you should always run the PHP first and write the php after, adding in PHP excerpts here and there. If you need me to go any further into this, message me and I'll go through it with you
  15. Hey, if you create the db object in your "main class", you could then just inject these into classes which need them when you initialize the object. I don't see why timestamps wouldn't be as accurate; don't these work depending on when the actual statement was ran?
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.