ssjskipp

If it were locked down to my server, there's tons of things I could do to secure it, mostly by preventing download and whatnot, but sadly that's not the case. Well, thank you for your help...

Well, the reason I'm having problems is that people can simply decompile the .swf file. They can just decompile my .swf, find the php and what data the Flash is sending, and modify it... Currently, I have it set like this: PHP file containing a hard-coded sha1 checksum of the real Container.swf (my public swf file). Container.swf file that has the URL to the PHP file. The Container.swf sends it's stage.loaderInfo.url property, which is the exact (and un-modifiable) url form where the swf file was loaded. The PHP file calculates the sha1 checksum of the posted URL, if it is equal to the hardcoded value, it sends the key, if not, it exits. The only flaw in this system is if they can decompile the Container they get the what and where. The only way this system would be perfect is for the PHP file to be able to say: "The file calling me is: " That way, the user has no say in what's happening...

I've been having a problem with people intercepting the POST data to a php file, and I've been wondering how I can check just where data is coming from. My situation is: I'm loading a .php file from an .swf file (crossdomain stuff works fine, so the .swf can be anywhere), and I want to make it so only that swf file can run/get anything from the .php file on my server. Right now, I'm sending the location of the swf file to the php file, and checking a sha1 file checksum on the PHP file against a hard-coded value. The problem is people can just send the link to a proper swf file regardless of whether or not that's where they're loading the php file from. I'm not even sure if that's possible to do, but any enlightenment would be nice.

Is it possible for me to run an .exe on a server I own? I don't know much about how they work etc [I'm a software person, not hardware =o!], so I don't know if a 'server' is just a computer that has a lot of memory that can be accessed, or if it has an operating system that I can access.

*bows* thanks, my stupidity is overwhelming....heh...

Okay, I'm trying to make an upload script, and here's how it's set up: submit.php <-- contins the forms and HTML stuffs upload.php <-- contains the upload scripts themselfs on submit.php, this is the EXACT code: [code]<? include("check.php"); if ($_SESSION['on'] != 1 || $_SESSION['name'] != "ssjskipp"){ echo "Stop trying to add content, you NOT SSJSKIPP PERSON!<br/><br/><a href=\"javascript:void(0);\" onClick=\"history:back();\">Back</a>"; } else { ?> <script language="JavaScript"> <!-- var ids = new Array('flash','music','art'); function switchid(id){ hideallids(); if (id != "ID"){ showdiv(id); } } function hideallids(){ for (var i=0;i<ids.length;i++){ hidediv(ids[i]); }   } function hidediv(id) { if (document.getElementById) { document.getElementById(id).style.display = 'none'; } else { if (document.layers) { document.id.display = 'none'; } else { document.all.id.style.display = 'none'; } } } function showdiv(id) { if (document.getElementById) { document.getElementById(id).style.display = 'block'; } else { if (document.layers) { document.id.display = 'block'; } else { document.all.id.style.display = 'block'; } } } hideallids(); function validateForm(form){ var returnValue = true; var error = 'The following field(s) are required and do not contain any information:\n'; //Flash if (form.form.value == 'flash'){ if (!form.title.value){ form.title.className = 'reg_err'; error += '- Title\n'; returnValue = false; } if (!form.description.value){ form.description.className = 'reg_err'; error += "- Description\n"; returnValue = false; } if (!form.height.value){ form.height.className = 'reg_err'; error += "- height\n"; returnValue = false; } if (!form.width.value){ form.width.className = 'reg_err'; error += "- Width\n"; returnValue = false; } if (!form.userfile.value){ error += "- File\n"; returnValue = false; } } if(returnValue == false){ alert(error); } return returnValue; } //--> </script> <form> <table cellpadding="4" cellspacing="0" border="0" width="400" align="center"> <tr> <td colspan="2" align="center"><span class="head">Upload Content</span></td> </tr> <tr> <td colspan="2" align="center"><span class="small">Please fill in the following content with the correct information</span></td> </tr> <tr> <td width="100" align="left">Type of upload:</td> <td><select name="type" onChange="switchid(this.value);">   <option value="ID">Upload Type</option>   <option value="flash">Flash</option>   <option value="music">Music</option>   <option value="art">Art</option> </select></td> </tr> </table> </form> <div id='flash' style="display:none;"> <form name="upload_f" method="post" action="index.php?page=upload" onSubmit="return validateForm(this);"> <input name="form_type" type="hidden" value="flash" /> <table cellpadding="4" cellspacing="0" border="0" width="400" align="center"> <tr> <td colspan="2" align="center">Allowed File Types: .swf</td> </tr> <tr> <td width="100">Title:</td> <td><input type="text" name="title" maxlength="50" onblur="this.className='reg_def'" onfocus="this.className='reg'"></td> </tr> <tr> <td width="100">Description:</td> <td><textarea name="description" rows="5" cols="25" onblur="this.className='reg_def'" onfocus="this.className='reg'"></textarea></td> </tr> <tr> <td width="100">Height:</td> <td><input type="text" name="height" maxlength="5" onblur="this.className='reg_def'" onfocus="this.className='reg'"></td> </tr> <tr> <td width="100">Width:</td> <td><input type="text" name="width" maxlength="5" onblur="this.className='reg_def'" onfocus="this.className='reg'"></td> </tr> <tr> <td width="100">File:</td> <td><input type="file" name="userfile"></td> </tr> <tr> <td colspan="2" align="center"><input name="Submit" type="submit" value="Submit"></td> </tr> </table> </form> </div> <div id='music' style="display:none;"> <form name="upload_m" method="post" action="index.php?page=upload" onSubmit="return validateForm(this);"> <input name="form" type="hidden" value="music" /> <table cellpadding="4" cellspacing="0" border="0" width="400" align="center"> <tr> <td colspan="2" align="center">Allowed File Types: .mp3</td> </tr> <tr> <td width="100">Title:</td> <td><input type="text" name="title" maxlength="50" onblur="this.className='reg_def'" onfocus="this.className='reg'"></td> </tr> <tr> <td width="100">Description:</td> <td><textarea name="description" rows="5" cols="25" onblur="this.className='reg_def'" onfocus="this.className='reg'"></textarea></td> </tr> <tr> <td width="100">File:</td> <td><input type="file" name="file"></td> </tr> <tr> <td colspan="2" align="center"><input name="Submit" type="submit" value="Submit"></td> </tr> </table> </form> </div> <div id='art' style="display:none;"> <form name="upload_a" method="post" action="index.php?page=upload" onSubmit="return validateForm(this);"> <input name="form" type="hidden" value="art" /> <table cellpadding="4" cellspacing="0" border="0" width="400" align="center"> <tr> <td colspan="2" align="center">Allowed File Types: .png, .jpg, .gif, .bmp</td> </tr> <tr> <td width="100">Title:</td> <td><input type="text" name="title" maxlength="50" onblur="this.className='reg_def'" onfocus="this.className='reg'"></td> </tr> <tr> <td width="100">Description:</td> <td><textarea name="description" rows="5" cols="25" onblur="this.className='reg_def'" onfocus="this.className='reg'"></textarea></td> </tr> <tr> <td width="100">File:</td> <td><input name="userfile" type="file"></td> </tr> <tr> <td colspan="2" align="center"><input name="Submit" type="submit" value="Submit"></td> </tr> </table> </form> </div> <? } ?> <br/><br/>[/code] Right now, just ignor Music and Art, unless that'll cause a problem.  What it does, is when you select something from the drop down, it'll update the page instantly and without loading again. When you submit, it'll tell you if something is missing before it submits, etc. form_type is a hidden input field that contains which form is being used. On upload.php, here's the script that I have [up to the error]: [code] if (!$_POST['form_type']){ echo "Error, have to pick something to submit, silly!<br /><a href=\"javascript:history.back();\">Back</a>"; $error = 2; } } if ($error != 2){ if ($_POST['form_type'] == 'flash'){ $title = stripslashes($_POST['title']); $desc = htmlentities($_POST['description'], ENT_QUOTES); $height = stripslashes($_POST['height']); $width = stripslashes($_POST['width']); $userfile = $HTTP_POST_FILES['userfile']['tmp_name']; $userfile_name = $HTTP_POST_FILES['userfile']['name']; $userfile_size = $HTTP_POST_FILES['userfile']['size']; $userfile_type = $HTTP_POST_FILES['userfile']['type']; $userfile_error = $HTTP_POST_FILES['userfile']['error']; } if ($userfile_error > 0) { echo 'Error: <br/>'; switch ($userfile_error) { case 1: echo "File exceeded upload_max_filesize <a href=\"javascript:history.back();\">Back</a>"; break; case 2: echo "File exceeded max_file_size <a href=\"javascript:history.back();\">Back</a>"; break; case 3: echo "File only partially uploaded <a href=\"javascript:history.back();\">Back</a>"; break; case 4: echo "No file uploaded <a href=\"javascript:history.back();\">Back</a>"; break; } $error = 2; } if ($error != 2){ if ($userfile_type != 'application/x-shockwave-flash') { echo "File must be a flash file (.swf)<br /><a href=\"javascript:history.back();\">Back</a>"; $error = 2; } } }[/code] Where it messes up, is detecting the post varialbes for the files! I keep trying to echo the $userfile, $userfile_name, $userfile_size, $userfile_type, and $userfile_error variables, but they contain nothing..can anyone help!?

I got it, =D

Thanks, I'll give that a shot =] BTW, this is only for me to upload, so it's okay if it's not secure. [quote author=ChaosXero link=topic=101250.msg400459#msg400459 date=1153406292] Not entirely sure but you could: [code]<? $filename = $_POST['file']; $ftype = explode(".", $filename); switch ($ftype['1']){ case ".php": //etc case ".png": //etc } [/code] [/quote]

I know how to do images and flash (.swf) files (by "do" I mean check file type, etc.), but I'm curious to figure out how to make music, and script (.php; .html; etc.) uploads, and check what type of file they are...

Thankies ^_^

How can I run a query that orders the data randomly? IE: Normally, throught PHP and MySQL, I'd do this: [code=php:0]<? $order = "ORDER BY `id` ASC"; $query = mysql_query("SELECT * FROM `user` WHERE `active` = '1' $order"); $rows = mysql_num_rows($query); if ($rows > 0){ while($data = mysql_fetch_array($query)){ echo $data["name"]; } } else { echo "No users"; } ?>[/code] But how would I do that in a random order, rather than by id and ascending?

How can I run a query that orders the data randomly? IE: Normally, throught PHP and MySQL, I'd do this: [code=php:0] <? $order = "ORDER BY `id` ASC"; $query = mysql_query("SELECT * FROM `user` WHERE `active` = '1' $order"); $rows = mysql_num_rows($query); if ($rows > 0){ while($data = mysql_fetch_array($query)){ echo $data["name"]; } } else { echo "No users"; } [/code] But how would I do that in a random order, rather than by id and ascending?

[!--quoteo(post=387368:date=Jun 24 2006, 12:50 AM:name=DylanBlitz)--][div class=\'quotetop\']QUOTE(DylanBlitz @ Jun 24 2006, 12:50 AM) [snapback]387368[/snapback][/div][div class=\'quotemain\'][!--quotec--] You'd do a select DISTINCT(author), that'll give you one of each. [a href=\"http://dev.mysql.com/doc/refman/4.1/en/distinct-optimization.html\" target=\"_blank\"]http://dev.mysql.com/doc/refman/4.1/en/dis...timization.html[/a] [/quote] Thanks man ^_^

Well, I have a database with a ton of art entries, each with their own artist, but there's many by the same artist. How can I select everything, but just display the unique artists? Tabe: [!--fonto:Courier New--][span style=\"font-family:Courier New\"][!--/fonto--] ID |Author |Title ---------------------- 0 |zT |Pic 1 1 |ssj |Pic 2 2 |zT |Pic 3 3 |awesty |Pic 4 [!--fontc--][/span][!--/fontc--] and when it displys, I want zT ssj awesty but in no particular order

[!--quoteo(post=373653:date=May 14 2006, 12:43 AM:name=KrisNz)--][div class=\'quotetop\']QUOTE(KrisNz @ May 14 2006, 12:43 AM) [snapback]373653[/snapback][/div][div class=\'quotemain\'][!--quotec--] str_split would be a bit faster. [/quote] it's plenty fast for what I need.