Floydian

Re: mysql injection Someone said not to use get at all. That's a bogus recommendation. It's actually easy to post to a server manually. And if you're relying on filtering the folks that don't know how to post vs those that do, then you're filtering out the less capable people, which means you're leaving open holes to the folks that are more capable. I use request for almost everything. Naturally request is the most open of all because it accepts get, post AND cookie. It gives me far more flexibility in programming. The catch though is that ALL USER INPUT should be SECURED. So it doesn't matter where I get data from, it only matters what I do with it. Hence I recommend everyone use request as it's far more convenient.

Re: Gang error You were missing this >>> echo " <<< on line 70   <?php /*----------------------------------------------------- -- Mono Country v1.0 BETA -- A product of DBS-entertainment -- Copyright held 2005 by Dabomstew -- INDEX.php -----------------------------------------------------*/ session_start(); require "global_func.php"; if($_SESSION['loggedin']==0) { header("Location: login.php");exit; } $userid=$_SESSION['userid']; require "header.php"; $h = new headers; $h->startheaders(); include "mysql.php"; global $c; $is=mysql_query("SELECT u.*,us.* FROM users u LEFT JOIN userstats us ON u.userid=us.userid WHERE u.userid=$userid",$c) or die(mysql_error()); $ir=mysql_fetch_array($is); check_level(); $fm=money_formatter($ir['money']); $cm=money_formatter($ir['crystals'],''); $lv=date('F j, Y, g:i a',$ir['laston']); $h->userdata($ir,$lv,$fm,$cm); $h->menuarea(); $_GET['ID'] = abs((int) $_GET['ID']); if(!$_GET['ID']) { print "Invalid use of file"; } else { $gq=mysql_query("SELECT * FROM gangs WHERE gangID={$_GET['ID']}",$c); $gangdata=mysql_fetch_array($gq); switch($_GET['action']) { case 'view': gang_view(); break; case 'userlist': gang_userlist(); break; case 'apply': gang_applyform(); break; case 'applys': gang_applysubmit(); break; } } function gang_view() { global $ir,$c,$h,$gangdata; $pq=mysql_query("SELECT * FROM users WHERE userid={$gangdata['gangPRESIDENT']}",$c); $ldr=mysql_fetch_array($pq); $vpq=mysql_query("SELECT * FROM users WHERE userid={$gangdata['gangVICEPRES']}",$c); $coldr=mysql_fetch_array($vpq); print "<h3><u>{$gangdata['gangNAME']} Gang</u></h3><hr />"; if($gangdata['gangPIC']) { print "[img={$gangdata[]<hr />"; } else { print "[b]No Gang Picture[/b]<hr />"; } echo " President: [url='viewuser.php?u={$ldr[']{$ldr['username']}[/url] Vice-President: [url='viewuser.php?u={$coldr[']{$coldr['username']}[/url]<hr />"; $cnt=mysql_query("SELECT username FROM users WHERE gang={$gangdata['gangID']}",$c); print "[b]Members:[/b] ".mysql_num_rows($cnt)." [b]Description: [/b] {$gangdata['gangDESC']} [b]Respect Level: [/b] {$gangdata['gangRESPECT']} > [url='gangs.php?action=userlist&ID={$gangdata[']User List[/url] > [url='gangs.php?action=apply&ID={$gangdata[']Apply[/url]"; } function gang_userlist() { global $ir,$c,$h,$gangdata; print "<h3>Userlist for {$gangdata['gangNAME']}</h3> <table><tr style='background: gray;'><th>User</th><th>Level</th><th>Days In Gang</th></tr>"; $q=mysql_query("SELECT * FROM users WHERE gang={$gangdata['gangID']} ORDER BY daysingang DESC, level DESC",$c); while($r=mysql_fetch_array($q)) { print "<tr><td>[url='viewuser.php?u={$r[']{$r['username']}[/url]</td><td>{$r['level']}</td><td>{$r['daysingang']}</td></tr>"; } print "</table> [url='gangs.php?action=view&ID={$gangdata[']> Back[/url]"; } function gang_applyform() { global $ir,$c,$h,$gangdata; if(!$ir['gang']) { print "<form action='gangs.php?action=applys&ID={$_GET['ID']}' method='post'> Type the reason you should be in this gang. <textarea name='application' rows='7' cols='40'></textarea> <input type='submit' value='Apply' /></form>"; } else { print "You cannot apply for a gang when you are already in one."; } } function gang_applysubmit() { global $ir,$c,$h,$gangdata,$userid; if(!$ir['gang']) { mysql_query("INSERT INTO applications VALUES('',$userid,{$_GET['ID']},'{$_POST['application']}');",$c) or die(mysql_error()); mysql_query("INSERT INTO gangevents VALUES('',{$_GET['ID']},unix_timestamp(),'[url='']{$ir['username']}[/url] sent an application to join this gang.')",$c); print "You sent your application to the {$gangdata['gangNAME']} gang."; } else { print "You cannot apply for a gang when you are already in one."; } } $h->endpage(); ?>

Re: Who think's this is a good deal? I'd consider a computer to be a bad investment. These things depreciate way to quick for them to return any money on that investment :P

Re: Hey with creating this script ? I'm not sure spamming your topic is going to encourage folks to step up and write a script for you pro bono. And secondly, you would probably get a bit more help in the mccodes support forum (on this forum [just in case]). And lastly, you'll get a ton more help if you actually attempt to code this yourself, and if/when you find that something is wrong in your code, you bring that code here with specific questions about how to make that code work as opposed to asking folks to code the thing for you entirely. It's up to you though, as to how much helpful help you actually want. ;) (the suggestions I'm making though are guaranteed to work)

Re: Mods for Mccodes V2 He's talking about this forum. There's quite a few free mods available. (not recommended most of the times because of poor quality/lack of support) And there are a number of paid mods on the forum as well. You can request a mod in the mod request forum.

Re: I Have a Problem :( You dirty dawg Poldar... lol

Re: I Have a Problem :( This is one of the most common problems with novice php programmers. Whilst I don't normally recommend google searches, this is one case where a search will turn up a plethora of forum posts where people asked the same exact question http://forum.mamboserver.com/showthread.php?t=49427 http://www.alt-php-faq.org/local/15/ http://lists.evolt.org/archive/Week-of- ... 62639.html The first three results turned up answers. I suspect the next 20 or so results will all be relevant. This is so common a problem that there are tons of forum posts about this. Post back if that does not help..   The google search I did: Google search...

Re: IE issue cool cool

Re: IE issue I seriously doubt that you've got a php bug happening there (although it's not out of the realm of possibility) Is there a page I can view? I'll test it out on a few browsers and see what happens for me.

Re: shell_exec and windows Problem solved. I had a configuration setting set wrong. So, the code was working. It was just user error. ;)

Alrighty, I've got an sql file that is 100% tested and works. On a linux os, I can run shell_exec('mysql blahblah') and the sql file loads up into the database no problems. On windows, this fails for some reason. The mysql/bin folder is in my system path, so the path isn't the problem here. I've tested the database connection (yes, the command does use -u, -p) and the everything about the database connection is good. The problem seems to be centered on the shell_exec not executing the command. PHP is not running in safe mode as demonstrated by this script: <?php $output = shell_exec('dir'); echo $output; ?> This script does indeed produce the desired output. I'm not running php from the command line, but running as an apache module.   Apache 1.3 PHP 5.2.5 Windows XP Thanks for any help.

Re: 10 Quick steps to make your site load faster - GFX related That's good stuff ;) The only thing I would add to any of that, and perhaps it's a bit too detailed for that list, is on 9. Optimize Your Images. I've found that whether I'm exporting my image as gif, jpg, or png, posterizing the image usually results in a smaller image. Gif always indexes an image which is like posterizing because it sets a color pallet for the image, but using the posterizing option first almost always results in a smaller file size for me in almost all images of all formats. I typically reduce the image to 20 to 50 colors. Posterizing simply limits the total number of colors. In GIMP, you can see the changes to the image as you edit this setting. Higher settings typically don't result in any change to the image. At lower settings, there's a sort of cycle of lighter and darker colors that the image goes through as the setting is changed. I normally get the image to an approximate color of what it was. All the images I've done have this edit applied to them. ;)

Re: Need help!! You have far bigger problems than that. You have completely opened the door to sql injection there TheMafia... There's tons of posts about securing that sort of thing, so I'll leave it to you to search for mysql_real_escape_string in the forum and the php site. $q=mysql_query("SELECT * FROM validating WHERE vdID='{$_GET['token']}'", $c); Is one of the lines susceptible to the inject. Wide open....

Re: Allow's you to download a file from your server. My main point was to poke fun at the folks criticizing (correctly I think) the security of your script. Any window opened up also opens up new security risks. So, I'm telling them to add die; if they're concerned but still want to use the script. ;)

Re: Allow's you to download a file from your server. You'll be getting an F on whatever you were supposed to be doing but weren't?

Re: Allow's you to download a file from your server. Even better: add "die;" just after the line with "<?php" until you want to use the script, at which point you could remove the die long enough to do what you want lol. hehe

Re: IE issue Requirements No external libraries are needed to build this extension. http://us2.php.net/manual/en/outcontrol.setup.php

Re: script to prevent users to register or login using proxies lol You're saying you will only use IP's because there's flaws in other methods. And yet, there's flaws in IP tracking. See the flaw in your logic? Look at it this way, it's like having multiple filters. Some filters will only filter out one kind of thing, and another filter will filter out another thing. It's when you combine multiple filters, that you get the maximum chances of blocking the bad guys. But by all means, go without it. It's not like it's hard to code up though...

Re: IE issue <?php ob_start("ob_gzhandler"); ?> <html> <body>   This should be a compressed page.</p> </html> <body>   ----------- That's the example from the php page for ob_gzhandler() Simply put, you put that function call at the beginning of your script, and that's it. (there's a bunch more you can do with "output buffereing" but that's beyond the scope of the problem you're having. Thanks for replying with the PHP Version ;) (helps me know for sure what I'm saying applies to ya ;)

Re: script to prevent users to register or login using proxies Yup, that's about the best you can do. The big thing is, everyone that cheats screws up sooner or later. With IP's and cookies in place, they'll be hard pressed to keep up the charade for long...

Re: script to prevent users to register or login using proxies It works, ;) Like I said, it's not 100%. It should be used in combination with IP recording and diligent staff work. You'd be surprised how many folks I've caught with the cookie signatures... (so you can't tell me it hasn't worked, you can only say it's not 100%)

Re: IE issue most recent version being? I should hope you're not using 5.3.0 RC2 :O :O It's not intended for production. Please specify the actual x.x.x Did you try the ob_start() deal? You'd have to disable lib giz in the ini first. It does pretty much the same exact thing. It's worth a shot.

Re: script to prevent users to register or login using proxies That's where my cookie sigs mod comes in. It only matches users, and never provides false results. Yeah, it can miss some folks, but when it finds a match, there's no denying it's a match since a cookie is set to the computer itself and not dependant on AOL or any proxy ;)

Re: script to prevent users to register or login using proxies Were you looking for a free script or a really good premium paid script? Okay, now that my sales deal is out of the way. Your only good option for blocking proxies is to maintain a database of proxies and simply match up the REMOTE_ADDR to the proxies in your database. I should say that that is the only direct option. Of course proxies are changing all the time and you'd have to maintain that list of proxies which itself will likely have to be paid for. Personally, I recommend two things: Recording IP's when a user registers, logs in, and on every page load. At least you can see changes over time with that, and in combination with this is having a vigilant staff. The second thing I recommend is using cookies to track users with in combination to IPs. It works as good as leading cattle to the slaughter.

Re: IE issue Try disabling it and using ob_start() instead. By the way, what version of php are you using?