RE: [PHP] RE: Bounty
I was honestly surprised by the number of knuckle heads who would try there luck! -Original Message- From: Chris [mailto:[EMAIL PROTECTED] Sent: Tuesday, May 15, 2007 2:08 AM To: Brad Sumrall Cc: php-general@lists.php.net Subject: Re: [PHP] RE: Bounty Brad Sumrall wrote: The bounty still applies Need a sharp php programmer on the fly. No joke! I think you've pretty much pissed off the whole list so good luck. -- Postgresql php tutorials http://www.designmagick.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Bounty, NOW!
Yes, I do still need legit help. But obviously I needed to make a point to all the script kiddies out there that you are playing with fire if you even attempt to miss use an admin password or access a server that does not belong to you. As a prior USMC Network Admin and DoD network security specialist. Back off Big brother is watching! I come to the list as a legit person seeking intelligent minds. Not games. So yes, respond to me as a professional or an up and coming and let's talk business! Brad -Original Message- From: Tom Ray [Lists] [mailto:[EMAIL PROTECTED] Sent: Tuesday, May 15, 2007 3:32 AM To: Brad Sumrall Subject: Re: [PHP] Bounty, NOW! If you still need serious help with this, get in touch with me. I can help you with this I believe. Brad Sumrall wrote: My good friend dropped the ball! Here is the gig, and less than 48 to get it done. For those whom know phpbb and php, this should be a cake walk! Easy cash. http://www.123yachtdayworkers.com http://www.123yachtdayworkers.com ftp user = onetwou9 ftp pass = garvitos accessing the mysql is through cpanel at http://www.bluehosting.com http://www.bluehosting.com ? maybe? Using ftp password and domain name? Use my servers mysql if needed http://www.boatcrafts.net http://www.boatcrafts.net brads andreasd This guy is going to have a lot of stuff for us. We are slightly over budget, but he is very happy thus far. When I walk into this one, he had a basic page and going crazy trying to write a basic DB query. I hooked him up with phpbb and some how to get it don instruction and now he needs this piece of customer code. Concept: Joe worker logs in and says I am available on yaddy yah days (calendar mod is kind of works?) along with his description etc. Joe Captain pays 10 buck to select 5 workers over the course of a month or has to pay more. He views (without last name, email, or phone number) Joe worker, selects days he is need based on available days on calendar. Email is sent to Joe Captain with all of worker contact info and Joe receives email notice as well. Record of transaction is keep in a DB table, a count =5 should be stored in a table in case Joe Captain does not use his 5 picks up to 30 days. Hence Flowchart: Collect Calendar dates and user id variable for FORM data On SUBMIT, POST Db 1 for count Captain Email Worker email DB record Goal: If I provide a basic submit button which emails Joe Worker and Joe Captain with user profile info and a record in the database. i.e grab the variable from a selected profile and submit = 2 emails and count = 5 or error. We are golden! If you have any tricks with the calendar. People will be very happy. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] RE: Bounty
Yeah, knuckle heads spoiled the fun! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Tuesday, May 15, 2007 2:38 AM To: Brad Sumrall Cc: php-general@lists.php.net Subject: Re: [PHP] RE: Bounty One problem: the PASSWORD DOES NOT WORK! On 5/14/07, Brad Sumrall [EMAIL PROTECTED] wrote: As a person who has come here in the recent past asking free lancer help and received nothing but near-useless references even though I was asking specific php coding related questions. Now I com to the list offering legit funding to my supposed php friends for their expertise and received nothing but low end hacker repossesses. What would you think? I am simply trying to support the list, and all I get is hate. I cannot help it if I am properly guarded. Attack me, and I have proper defensives. Respond professionally and I bare rewards.. Sincerely, -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] RE: Bounty FYI
Food for thought! Respect the freedom. Respect the Internet! We all benefit! Never abuse!
RE: [PHP] RE: Bounty FYI
No, I just think you are an ass! -Original Message- From: Chris [mailto:[EMAIL PROTECTED] Sent: Tuesday, May 15, 2007 3:02 AM To: Brad Sumrall Cc: php-general@lists.php.net Subject: Re: [PHP] RE: Bounty FYI Brad Sumrall wrote: Food for thought! Respect the freedom. Respect the Internet! We all benefit! Never abuse! Err - can you stop flooding the list with this crap? While you might think it's funny, you're just going to piss everyone off even more. -- Postgresql php tutorials http://www.designmagick.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] RE: Bounty FYI
What ever script kiddy! -Original Message- From: Chris [mailto:[EMAIL PROTECTED] Sent: Tuesday, May 15, 2007 3:09 AM To: Brad Sumrall; 'php-general@lists.php.net' Subject: Re: [PHP] RE: Bounty FYI Brad Sumrall wrote: You're an idiot! Yeh - thanks for making my point. Now everyone knows the sort of person they are dealing with. -Original Message- From: Chris [mailto:[EMAIL PROTECTED] Sent: Tuesday, May 15, 2007 3:02 AM To: Brad Sumrall Cc: php-general@lists.php.net Subject: Re: [PHP] RE: Bounty FYI Brad Sumrall wrote: Food for thought! Respect the freedom. Respect the Internet! We all benefit! Never abuse! Err - can you stop flooding the list with this crap? While you might think it's funny, you're just going to piss everyone off even more. -- Postgresql php tutorials http://www.designmagick.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] RE: Bounty FYI
Silly rabbit, Tricks are for kids! -Original Message- From: Chris [mailto:[EMAIL PROTECTED] Sent: Tuesday, May 15, 2007 3:19 AM To: Brad Sumrall Cc: php-general@lists.php.net Subject: Re: [PHP] RE: Bounty FYI Kinda says it all really. Oh - one other point. I don't think a supposed DoD network security specialist would ever *really* post server login details to a mailing list - do you? Hmm. Anyway. Brad Sumrall wrote: What ever script kiddy! -Original Message- From: Chris [mailto:[EMAIL PROTECTED] Sent: Tuesday, May 15, 2007 3:09 AM To: Brad Sumrall; 'php-general@lists.php.net' Subject: Re: [PHP] RE: Bounty FYI Brad Sumrall wrote: You're an idiot! Yeh - thanks for making my point. Now everyone knows the sort of person they are dealing with. -Original Message- From: Chris [mailto:[EMAIL PROTECTED] Sent: Tuesday, May 15, 2007 3:02 AM To: Brad Sumrall Cc: php-general@lists.php.net Subject: Re: [PHP] RE: Bounty FYI Brad Sumrall wrote: Food for thought! Respect the freedom. Respect the Internet! We all benefit! Never abuse! Err - can you stop flooding the list with this crap? While you might think it's funny, you're just going to piss everyone off even more. -- Postgresql php tutorials http://www.designmagick.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] RE: Bounty FYI
Just having fun with the kids! -Original Message- From: Christian Haensel [mailto:[EMAIL PROTECTED] Sent: Tuesday, May 15, 2007 3:18 AM To: php-general@lists.php.net Subject: Re: [PHP] RE: Bounty FYI ROFL... you really made my day... it's about 9am, been working for 2 hours now, and the day is great already! Worked for the DoD and stuff like that, and still doesn't know how to behave. You remind me of a 14 years old guy I knew from Bahrain... always trying to mess with the big boys. Go play outside :o) Mr DoD *ROFL* - Original Message - From: Brad Sumrall [EMAIL PROTECTED] To: 'Christian Haensel' [EMAIL PROTECTED] Sent: Tuesday, May 15, 2007 9:06 AM Subject: RE: [PHP] RE: Bounty FYI When did I request money? Go hit your Webster's schmuck! -Original Message- From: Christian Haensel [mailto:[EMAIL PROTECTED] Sent: Tuesday, May 15, 2007 3:01 AM To: Brad Sumrall; php-general@lists.php.net Subject: Re: [PHP] RE: Bounty FYI You forgot one: Don't spam! Regards, Chris - Original Message - From: Brad Sumrall [EMAIL PROTECTED] To: php-general@lists.php.net Sent: Tuesday, May 15, 2007 8:55 AM Subject: [PHP] RE: Bounty FYI Food for thought! Respect the freedom. Respect the Internet! We all benefit! Never abuse! -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] RE: Bounty FYI
Oh, come on, come to daddy! What cha got! Late night in Fort Lauderdale! Hehehehehehehe -Original Message- From: Chris [mailto:[EMAIL PROTECTED] Sent: Tuesday, May 15, 2007 3:19 AM To: Brad Sumrall Cc: php-general@lists.php.net Subject: Re: [PHP] RE: Bounty FYI Kinda says it all really. Oh - one other point. I don't think a supposed DoD network security specialist would ever *really* post server login details to a mailing list - do you? Hmm. Anyway. Brad Sumrall wrote: What ever script kiddy! -Original Message- From: Chris [mailto:[EMAIL PROTECTED] Sent: Tuesday, May 15, 2007 3:09 AM To: Brad Sumrall; 'php-general@lists.php.net' Subject: Re: [PHP] RE: Bounty FYI Brad Sumrall wrote: You're an idiot! Yeh - thanks for making my point. Now everyone knows the sort of person they are dealing with. -Original Message- From: Chris [mailto:[EMAIL PROTECTED] Sent: Tuesday, May 15, 2007 3:02 AM To: Brad Sumrall Cc: php-general@lists.php.net Subject: Re: [PHP] RE: Bounty FYI Brad Sumrall wrote: Food for thought! Respect the freedom. Respect the Internet! We all benefit! Never abuse! Err - can you stop flooding the list with this crap? While you might think it's funny, you're just going to piss everyone off even more. -- Postgresql php tutorials http://www.designmagick.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] RE: Bounty FYI
Your are layer 7 I am layer 2-3 You are WAY outside of your expertise with me my friend. -Original Message- From: Chris [mailto:[EMAIL PROTECTED] Sent: Tuesday, May 15, 2007 3:19 AM To: Brad Sumrall Cc: php-general@lists.php.net Subject: Re: [PHP] RE: Bounty FYI Kinda says it all really. Oh - one other point. I don't think a supposed DoD network security specialist would ever *really* post server login details to a mailing list - do you? Hmm. Anyway. Brad Sumrall wrote: What ever script kiddy! -Original Message- From: Chris [mailto:[EMAIL PROTECTED] Sent: Tuesday, May 15, 2007 3:09 AM To: Brad Sumrall; 'php-general@lists.php.net' Subject: Re: [PHP] RE: Bounty FYI Brad Sumrall wrote: You're an idiot! Yeh - thanks for making my point. Now everyone knows the sort of person they are dealing with. -Original Message- From: Chris [mailto:[EMAIL PROTECTED] Sent: Tuesday, May 15, 2007 3:02 AM To: Brad Sumrall Cc: php-general@lists.php.net Subject: Re: [PHP] RE: Bounty FYI Brad Sumrall wrote: Food for thought! Respect the freedom. Respect the Internet! We all benefit! Never abuse! Err - can you stop flooding the list with this crap? While you might think it's funny, you're just going to piss everyone off even more. -- Postgresql php tutorials http://www.designmagick.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] RE: Bounty FYI
Cheers! -Original Message- From: David Robley [mailto:[EMAIL PROTECTED] Sent: Tuesday, May 15, 2007 4:02 AM To: php-general@lists.php.net Subject: Re: [PHP] RE: Bounty FYI Christian Haensel wrote: Stuff +---+ .:\:\:/:/:. | PLEASE DO NOT |:.:\:\:/:/:.: | FEED THE TROLLS | :=.' - - '.=: | | '=(\ 9 9 /)=' | Thank you, | ( (_) ) | Management | /`-vvv-'\ +---+ / \ | |@@@ / /|,|\ \ | |@@@ /_// /^\ \\_\ @x@@x@| | |/ WW( ( ) )WW \/| |\| __\,,\ /,,/__ \||/ | | | (__Y__) /\/\/\/\/\/\/\/\//\/\\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\ == Cheers -- David Robley An elephant: A mouse built to government specifications. Today is Setting Orange, the 62nd day of Discord in the YOLD 3173. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Bounty, NOW!
My good friend dropped the ball! Here is the gig, and less than 48 to get it done. For those whom know phpbb and php, this should be a cake walk! Easy cash. http://www.123yachtdayworkers.com http://www.123yachtdayworkers.com ftp user = onetwou9 ftp pass = garvitos accessing the mysql is through cpanel at http://www.bluehosting.com http://www.bluehosting.com ? maybe? Using ftp password and domain name? Use my servers mysql if needed http://www.boatcrafts.net http://www.boatcrafts.net brads andreasd This guy is going to have a lot of stuff for us. We are slightly over budget, but he is very happy thus far. When I walk into this one, he had a basic page and going crazy trying to write a basic DB query. I hooked him up with phpbb and some how to get it don instruction and now he needs this piece of customer code. Concept: Joe worker logs in and says I am available on yaddy yah days (calendar mod is kind of works?) along with his description etc. Joe Captain pays 10 buck to select 5 workers over the course of a month or has to pay more. He views (without last name, email, or phone number) Joe worker, selects days he is need based on available days on calendar. Email is sent to Joe Captain with all of worker contact info and Joe receives email notice as well. Record of transaction is keep in a DB table, a count =5 should be stored in a table in case Joe Captain does not use his 5 picks up to 30 days. Hence Flowchart: Collect Calendar dates and user id variable for FORM data On SUBMIT, POST Db 1 for count Captain Email Worker email DB record Goal: If I provide a basic submit button which emails Joe Worker and Joe Captain with user profile info and a record in the database. i.e grab the variable from a selected profile and submit = 2 emails and count = 5 or error. We are golden! If you have any tricks with the calendar. People will be very happy.
[PHP] RE: Bounty
Knuckle heads don't even know they are going though a proxy!!! Hehehehe
[PHP] RE: Bounty
Does anyone want to answer the ad, or am I just going to be chasing knuckle heads? Brad
RE: [PHP] Bounty, NOW!
I got 5 IP breaking Federal Regulations. Hehehehe Do you think you are not being logged? Hehehehehe This is funny! -Original Message- From: Andrew Wilson [mailto:[EMAIL PROTECTED] Sent: Tuesday, May 15, 2007 1:38 AM To: 'Robert Cummings'; 'Brad Sumrall' Cc: php-general@lists.php.net Subject: RE: [PHP] Bounty, NOW! Lol, Either he has 1) Changed the pass 2) Got hacked 3) Supplied with wrong pass. Very funny thread either way. Regards, Andrew -Original Message- From: Robert Cummings [mailto:[EMAIL PROTECTED] Sent: Tuesday, May 15, 2007 3:27 PM To: Brad Sumrall Cc: php-general@lists.php.net Subject: Re: [PHP] Bounty, NOW! Maybe you know what you're doing, more than likely you don't. Posting logins and passwords to your server on a public mailing list is usually tantamount to idiocy. Cheers, Rob. On Tue, 2007-05-15 at 01:20 -0400, Brad Sumrall wrote: My good friend dropped the ball! Here is the gig, and less than 48 to get it done. For those whom know phpbb and php, this should be a cake walk! Easy cash. -- .. | InterJinn Application Framework - http://www.interjinn.com | :: | An application and templating framework for PHP. Boasting | a | powerful, scalable system for accessing system services | such as | forms, properties, sessions, and caches. InterJinn | | also provides an extremely flexible architecture for | | creating re-usable components quickly and easily. | `' -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] RE: Bounty
Oh, come on. You guys quit trying Wuzzies!
[PHP] RE: Bounty
The bounty still applies Need a sharp php programmer on the fly. No joke!
RE: [PHP] PhP and Java login trouble (can someone help a brother out whom is truely trying to understand?)
I have these to independently working scripts. 1 is php, the other is javascript. For obvious reason, to separate logins are not appropriate. It has been recommended to make a separate function, not sure how to do this Common sense says, carry the variable from php to javascripting. I am clueless on where to look on this common sense solution. I am 2.5 weeks into this madness. I know when I find the solution, it will be the one that was biting me on the nose. I want to learn and understand this, but desperately need help from friends! I will post the 2 complete code pages below.. Input, suggestion or solutions would truly be appreciated. The first will be the original code that is javascripting friendly. The second will be my own php working code. Number one works fine for loging into a FCKEditor application, but is failing with phpbb. Number two works perfectly with phpbb applications and outside php pages requiring phpbb related session controls, but fails sessions with the javascripting based FCKEditor. Sincerely, Brad #1 Working php/phpbb code: ?php if(!isset($_SESSION[userid])) { ? form action=/phpbb/login.php method=post target=_top table width=200 cellpadding=4 cellspacing=1 border=0 class=forumline align=center tr th background=images/login_top2.jpg height=30 class=thHead nowrap=nowrap/th /tr tr td class=row1table border=0 cellpadding=3 cellspacing=1 width=100% tr td width=11% align=rightdiv align=leftspan class=genUsername:/span/div/td /tr tr td align=rightinput type=text class=post name=username size=25 maxlength=40 value= //td /tr tr td align=rightdiv align=leftspan class=genPassword/span/div/td /tr tr td align=rightspan class=gen input type=password class=post name=password size=25 maxlength=32 / :/span/td /tr tr align=center td colspan=2span class=genLog me on automatically: input type=checkbox name=autologin //span/td /tr tr align=center td colspan=2input type=hidden name=redirect value= /input type=submit name=login class=mainoption value=Log in //td /tr tr align=center td colspan=2span class=gensmalla href=forgot_password.php class=gensmallI forgot my password/a/span/td /tr /table /td /tr ?php }else{ ? tr td width=207 height=32 background=images/login_top2.jpg class=headerlogout align=center table width=100% tr td width=30 height=27/td td align=lefta href=javascript:logout() class=link1Log out/a/td /tr /table /td /tr tr td align=center class=logincenterbg table width=88% border=0 cellspacing=0 cellpadding=0 tr td height=10 align=left class=bluetext/td /tr tr td align=left class=link2Welcome : ?php echo $_SESSION[userid] ?/td /tr tr td height=22 align=left class=bluetext/td /tr tr td height=20 align=lefta class=link1 href=editaccount.phpManage Account/a/td /tr tr td height=20 align=lefta class=link1 href=editprofile.phpManage Profile/a/td /tr /table /td /tr tr td align=left valign=topimg src=images/login_bottom.jpg width=200 height=8 alt= //td /tr /table /form ?php } ? /table/td /tr tr td height=5/td /tr tr td align=center valign=toptable width=211 border=0 cellspacing=0 cellpadding=0 tr tdimg src=images/contest_top.jpg width=211 height=36 alt= //td /tr tr tda href=contest.phpimg src=images/contest_middle.jpg width=211 height=169 border=0 alt= //a/td /tr /table/td /tr tr td height=5/td /tr tr td align=center valign=toptable width=211 border=0 cellspacing=0 cellpadding=0 tr tdimg src=images/review_head.jpg width=211 height=36 alt= //td /tr tr td height=89 align=center class=reviewbgtable width=85% border=0
RE: [PHP] PhP and Java login trouble
I have been hunting all around that website you referred me too looking for javascripting information and can find nothing. I know a little bit of php but little to nothing about javascripting. I have been beating my head against the wall on this one for weeks now, I am so close! Brad -Original Message- From: Chris [mailto:[EMAIL PROTECTED] Sent: Tuesday, May 08, 2007 10:58 PM To: Brad Sumrall Cc: 'php-general@lists.php.net' Subject: Re: [PHP] PhP and Java login trouble Firstly always CC the list - others can provide help and suggestions too. Brad Sumrall wrote: Any chance you can tell me what I am doing wrong? Brad ?php if(!isset($_SESSION[userid])) { ? form action=/phpbb/login.php method=post target=_top onsubmit=return BBValidateLogin(); You don't have a javascript function called 'BBValidateLogin'. You have one called validateLogin which references completely different form fields. -- Postgresql php tutorials http://www.designmagick.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] PhP and Java login trouble
I have a question about your suggestion. Would it not be easier to simply carry the sessionid from the php session validation to the javascript? Instead of: if(document.frmlogin.txtusername.value==) { alert(Please Enter Username.); document.frmlogin.txtusername.focus(); return false; Why would I want to re-enter the user name? My common sense which maybe completely wrong say, YOU ARE VALIDATED IN PHPBB via issetid, now post to (document.frmlogin.userid.value==) This is why I am not catching your angle. PhP makes so much more sense. This javascript integration is really giving me a headache! Suggestions? Brad -Original Message- From: Chris [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 09, 2007 2:16 AM To: Brad Sumrall Cc: php-general@lists.php.net Subject: Re: [PHP] PhP and Java login trouble Brad Sumrall wrote: I have been hunting all around that website you referred me too looking for javascripting information and can find nothing. I know a little bit of php but little to nothing about javascripting. Eh? I never sent you to a website. See this code: function validatelogin() { if(document.frmlogin.txtusername.value==) { alert(Please Enter Username.); document.frmlogin.txtusername.focus(); return false; } if(document.frmlogin.txtpwd.value==) { alert(Please Enter Password.); document.frmlogin.txtpwd.focus(); return false; } document.frmlogin.login.value=Success; document.frmlogin.action=operation.php?mode=login; return true; } You need to create a *similar* function (eg 'BBValidateLogin()') to check different html field names. For example: function BBValidateLogin() { var f = document.forms[0]; alert('username is ' + f.username.value); } The username.value comes from this: input type=text class=post name=username size=25 maxlength=40 value= / where you have name=username So take the name=... and put a .value on the end. Rinse, repeat until you have checked all of the fields you need to. Return true for the form to submit. Return false for it to NOT submit. -- Postgresql php tutorials http://www.designmagick.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] parse error
Parse error: parse error, unexpected '}' in /home/content/c/u/t/cuteirka/html/commonlogin_new.php on line 37 Because I am not starting the brackets anywhere else. My only php function is between line 37 and 39 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Friday, May 04, 2007 9:43 PM To: Brad Sumrall Subject: Re: [PHP] parse error }else{ Brad Sumrall wrote: Hi folk, I am writing a login in script and get the following: Parse error: parse error, unexpected T_ELSE in /home/content/c/u/t/cuteirka/html/commonlogin_new.php on line 37 I am basically pulling this straight out the php for dummies manual. Can someone kindly point me in the right direction on this one! Brad 1 form action=/phpBB/login.php method=post target=_top 2 table width=200 cellpadding=4 cellspacing=1 border=0 class=forumline align=center 3 tr 4 th background=images/login_top2.jpg height=30 class=thHead nowrap=nowrap/th 5 /tr 6 tr 7 td class=row1table border=0 cellpadding=3 cellspacing=1 width=100% 8 tr 9 td width=11% align=rightdiv align=leftspan class=genUsername:/span/div/td 10 /tr 11 tr 12 td align=rightinput type=text class=post name=username size=25 maxlength=40 value= //td 13 /tr 14 tr 15 td align=rightdiv align=leftspan class=genPassword/span/div/td 16 /tr 17 tr 18 td align=rightspan class=gen 19 input type=password class=post name=password size=25 maxlength=32 / 20 :/span/td 21 /tr 22 tr align=center 23 td colspan=2span class=genLog me on automatically: 24 input type=checkbox name=autologin //span/td 25 /tr 26 tr align=center 27 td colspan=2input type=hidden name=redirect value= /input type=submit name=login class=mainoption value=Log in //td 28 /tr 29 tr align=center 30 td colspan=2span class=gensmalla href=forgot_password.php class=gensmallI forgot my password/a/span/td 31 /tr 32 /table 33 /td 34 25 /tr 36 ?php 37 {else} 38 ? tr td width=207 height=32 background=images/login_top2.jpg class=headerlogout align=center table width=100% tr td width=30 height=27/td td align=lefta href=javascript:logout() class=link1Log out/a/td /tr /table /td /tr tr td align=center class=logincenterbg table width=88% border=0 cellspacing=0 cellpadding=0 tr td height=10 align=left class=bluetext/td /tr tr td align=left class=link2Welcome : ?php echo $_SESSION[userid] ?/td /tr tr td height=22 align=left class=bluetext/td /tr tr td height=20 align=lefta class=link1 href=editaccount.phpManage Account/a/td /tr tr td height=20 align=lefta class=link1 href=editprofile.phpManage Profile/a/td /tr /table /td /tr tr td align=left valign=topimg src=images/login_bottom.jpg width=200 height=8 alt= //td /tr /table /form -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] parse error
I dug deeper and realized I needed to open it correctly. You were right! Thank you! Here is the correct code that works like a charm! Brad ?php if(!isset($_SESSION[userid])) { ? form action=/phpBB/login.php method=post target=_top table width=200 cellpadding=4 cellspacing=1 border=0 class=forumline align=center tr th background=images/login_top2.jpg height=30 class=thHead nowrap=nowrap/th /tr tr td class=row1table border=0 cellpadding=3 cellspacing=1 width=100% tr td width=11% align=rightdiv align=leftspan class=genUsername:/span/div/td /tr tr td align=rightinput type=text class=post name=username size=25 maxlength=40 value= //td /tr tr td align=rightdiv align=leftspan class=genPassword/span/div/td /tr tr td align=rightspan class=gen input type=password class=post name=password size=25 maxlength=32 / :/span/td /tr tr align=center td colspan=2span class=genLog me on automatically: input type=checkbox name=autologin //span/td /tr tr align=center td colspan=2input type=hidden name=redirect value= /input type=submit name=login class=mainoption value=Log in //td /tr tr align=center td colspan=2span class=gensmalla href=forgot_password.php class=gensmallI forgot my password/a/span/td /tr /table /td /tr ?php }else{ ? tr td width=207 height=32 background=images/login_top2.jpg class=headerlogout align=center table width=100% tr td width=30 height=27/td td align=lefta href=javascript:logout() class=link1Log out/a/td /tr /table /td /tr tr td align=center class=logincenterbg table width=88% border=0 cellspacing=0 cellpadding=0 tr td height=10 align=left class=bluetext/td /tr tr td align=left class=link2Welcome : ?php echo $_SESSION[userid] ?/td /tr tr td height=22 align=left class=bluetext/td /tr tr td height=20 align=lefta class=link1 href=editaccount.phpManage Account/a/td /tr tr td height=20 align=lefta class=link1 href=editprofile.phpManage Profile/a/td /tr /table /td /tr tr td align=left valign=topimg src=images/login_bottom.jpg width=200 height=8 alt= //td /tr /table /form ?php } ? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Friday, May 04, 2007 9:43 PM To: Brad Sumrall Subject: Re: [PHP] parse error }else{ Brad Sumrall wrote: Hi folk, I am writing a login in script and get the following: Parse error: parse error, unexpected T_ELSE in /home/content/c/u/t/cuteirka/html/commonlogin_new.php on line 37 I am basically pulling this straight out the php for dummies manual. Can someone kindly point me in the right direction on this one! Brad 1 form action=/phpBB/login.php method=post target=_top 2 table width=200 cellpadding=4 cellspacing=1 border=0 class=forumline align=center 3 tr 4 th background=images/login_top2.jpg height=30 class=thHead nowrap=nowrap/th 5 /tr 6 tr 7 td class=row1table border=0 cellpadding=3 cellspacing=1 width=100% 8 tr 9 td width=11% align=rightdiv align=leftspan class=genUsername:/span/div/td 10 /tr 11 tr 12 td align=rightinput type=text class=post name=username size=25 maxlength=40 value= //td 13 /tr 14 tr 15 td align=rightdiv align=leftspan class=genPassword/span/div/td 16 /tr 17 tr 18 td align=rightspan class=gen 19 input type=password class=post name=password size=25 maxlength=32 / 20 :/span/td 21 /tr 22 tr align=center 23
RE: [PHP] parse error
Maybe not The following passes me on without error, but does not actually log me on? Put in a fake name, and it still passes me on to the index page. I took this straight off the phpbb help files? Brad ?php if(!isset($_SESSION[userid])) { ? form action=/phpbb/index.php method=post target=_top ?php }else{ ? ?php echo $_SESSION[userid] ? /form ?php } ? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] RE: parse error (close this one)
Du! It would have made sense to direct it to /phpbb/login.php Not /phpbb/index.php I know, the keyboard and the chair! Brad
RE: [PHP] Help me put this into phpinesse!
When the page opens, connect to server (this works fine). Look for session, if no session is found, look for phpbb session (two different session possibilities) Reading through the phpbb site, it say I must have the code that is in include './phpbb/login_global.php' Brad -Original Message- From: Tijnema ! [mailto:[EMAIL PROTECTED] Sent: Sunday, April 29, 2007 5:03 AM To: Brad Sumrall Cc: php-general@lists.php.net; [EMAIL PROTECTED] Subject: Re: [PHP] Help me put this into phpinesse! On 4/29/07, Brad Sumrall [EMAIL PROTECTED] wrote: ?php ob_start(); session_start(); header(Cache-control: private); require(includes/configure.php); $conn=mysql_connect(DB_SERVER,DB_SERVER_USERNAME,DB_SERVER_PASSWORD); mysql_select_db(DB_DATABASE) or die(mysql_error().: database not available); $show=no; isset($_SESSION['userid']); What's the sense of above line? isset is a function, that returns true or false. if $SESSION=NULL include './phpbb/login_global.php' $show=yes; ? What am I missing? Brad There's no concrete question what you want here. So i guess that is missing. Tijnema -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] phpbb / sessionid nightmare
You might be hitting the nail on the head. That is why I am trying to get crafty and look for two sessions. But, give me a sec and follow your lead! I am back on this project now and finishing laundry at the same time. Thank you sir! Brad -Original Message- From: Chris [mailto:[EMAIL PROTECTED] Sent: Sunday, April 29, 2007 6:45 PM To: Brad Sumrall Cc: [EMAIL PROTECTED]; php-general@lists.php.net Subject: Re: [PHP] phpbb / sessionid nightmare Brad Sumrall wrote: The cookie it's self says PHPSESSID=26b7974a5d71c7d0bfebbf71750dac7b Path=/ Host=www.domain.com When I go to the jacked up page, I pickup this one PHPSESSID=a787e077dd18ed18cb824f664d38315d Path=/ Host=domain.com That will be your problem. A cookie created on domain.com is ONLY readable by domain.com (unless you make it '.domain.com' which is technically different to 'domain.com'). Check out 'session.cookie_domain', you can set it with an ini_set call: ini_set('session.cookie_domain', '.domain.com'); See http://www.php.net/manual/en/ref.session.php and http://www.php.net/setcookie for more info about how cookie domains work. -- Postgresql php tutorials http://www.designmagick.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] phpbb / sessionid nightmare
The cookie domain in phpbb is already set at ./domain.com ?? I think I need to go back to my little hack? Opinions? Brad -Original Message- From: Chris [mailto:[EMAIL PROTECTED] Sent: Sunday, April 29, 2007 6:45 PM To: Brad Sumrall Cc: [EMAIL PROTECTED]; php-general@lists.php.net Subject: Re: [PHP] phpbb / sessionid nightmare Brad Sumrall wrote: The cookie it's self says PHPSESSID=26b7974a5d71c7d0bfebbf71750dac7b Path=/ Host=www.domain.com When I go to the jacked up page, I pickup this one PHPSESSID=a787e077dd18ed18cb824f664d38315d Path=/ Host=domain.com That will be your problem. A cookie created on domain.com is ONLY readable by domain.com (unless you make it '.domain.com' which is technically different to 'domain.com'). Check out 'session.cookie_domain', you can set it with an ini_set call: ini_set('session.cookie_domain', '.domain.com'); See http://www.php.net/manual/en/ref.session.php and http://www.php.net/setcookie for more info about how cookie domains work. -- Postgresql php tutorials http://www.designmagick.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] phpbb / sessionid nightmare
Wait, you might be on to something! Phpbb is set to ./domain But, on the page I find nothing related to domain This is a new page. Think about it as a blank .php page first. Now, where would you point me now? Brad -Original Message- From: Chris [mailto:[EMAIL PROTECTED] Sent: Monday, April 30, 2007 12:18 AM To: Brad Sumrall Cc: php-general@lists.php.net Subject: Re: [PHP] phpbb / sessionid nightmare Brad Sumrall wrote: The cookie domain in phpbb is already set at ./domain.com I doubt it's set to ./domain.com What about your session (ie NOT phpbb) ? -- Postgresql php tutorials http://www.designmagick.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] phpbb / sessionid nightmare
Login page is located in /phpbb/login.php New page is /login.php A test echo page reviles NOTHING! Login ID does not echo. If I login @ /index.php, the echo test passes! Brad -Original Message- From: Chris [mailto:[EMAIL PROTECTED] Sent: Monday, April 30, 2007 12:18 AM To: Brad Sumrall Cc: php-general@lists.php.net Subject: Re: [PHP] phpbb / sessionid nightmare Brad Sumrall wrote: The cookie domain in phpbb is already set at ./domain.com I doubt it's set to ./domain.com What about your session (ie NOT phpbb) ? -- Postgresql php tutorials http://www.designmagick.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] phpbb / sessionid nightmare
I have reached the point that I have ripped the entire page out and trying to just get an echo test to work. The help files in phpbb are not helping/working. Brad -Original Message- From: Chris [mailto:[EMAIL PROTECTED] Sent: Monday, April 30, 2007 12:18 AM To: Brad Sumrall Cc: php-general@lists.php.net Subject: Re: [PHP] phpbb / sessionid nightmare Brad Sumrall wrote: The cookie domain in phpbb is already set at ./domain.com I doubt it's set to ./domain.com What about your session (ie NOT phpbb) ? -- Postgresql php tutorials http://www.designmagick.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] phpbb / sessionid nightmare
Hi there my friend, Thank you so much for answering me. The reason for me posting all of the code is because I am clueless as to which sessionid call on that crazy page is kicking out the original sessionid and asking for a new one. Sessionid is normally easy, that page is blowing my mind with all of the calls No sub domains, just a flat web site. Looks like this index.php/(has an include /commonlogin.php) (works fine for entire site) /phpbb/login.php(has an isset which is not normal with phpbb, but this login does not carry (kindof)) contest???.php (the problem page that I published) A packet scan reviles that session id carries too Contest.php/ and stays at contest-current.php/ but at /contest_stories.php?cid=8 it calls a new one. The posted one. So, that page is the culprit! It is calling on isset? I am lost in the sauce on this one. Something hidden is preventing it from looking for the cookie! Sincerely, Brad [EMAIL PROTECTED] -Original Message- From: Tijnema ! [mailto:[EMAIL PROTECTED] Sent: Saturday, April 28, 2007 12:11 PM To: Brad Sumrall Cc: php-general@lists.php.net Subject: Re: [PHP] phpbb / sessionid nightmare On 4/28/07, Brad Sumrall [EMAIL PROTECTED] wrote: Users log into web site in a sudo phpbb login which works fine. Users are able to browse around phpbb and a sudo phpbb program called photopost. But when the goto a differen't part of the site which is not phpbb related, the sessionid does not carry over. The other pages are calling on the same isset variable??? This is blowing my mind for weeks now!!! Would some kind code help a frazzed brother out? Sincerely, Brad [EMAIL PROTECTED] snip Really cool that code, but do you think really that someone takes the time to read it all? You should only post the most important parts. And how are you're files organized? is that other part on a (another) subdomain? Tijnema -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] phpbb / sessionid nightmare
The cookie it's self says PHPSESSID=26b7974a5d71c7d0bfebbf71750dac7b Path=/ Host=www.domain.com When I go to the jacked up page, I pickup this one PHPSESSID=a787e077dd18ed18cb824f664d38315d Path=/ Host=domain.com In the directory structure, I have gone from /phpbb/login.php to /contest_stories.php?cid=8 Is the Path or the fact that I am going to www.domain.com to domain.com have anything to do with it? If so, how do I address it? Brad -Original Message- From: Richard Lynch [mailto:[EMAIL PROTECTED] Sent: Saturday, April 28, 2007 3:43 PM To: Brad Sumrall Cc: php-general@lists.php.net Subject: Re: [PHP] phpbb / sessionid nightmare On Sat, April 28, 2007 11:03 am, Brad Sumrall wrote: Users log into web site in a sudo phpbb login which works fine. Users are able to browse around phpbb and a sudo phpbb program called photopost. But when the goto a differen't part of the site which is not phpbb related, the sessionid does not carry over. The other pages are calling on the same isset variable??? This is blowing my mind for weeks now!!! Would some kind code help a frazzed brother out? Check the parameters for the cookie. If they limit the cookie to, say: http://example.com/phpbb/ instead of the whole site: http://example.com/ then your cookie isn't there, and the session will get lost with it. Probably a set_cookie_params() call somewhere in your phpbb mess. if(isset($_GET[forum])) What is this? Is the whole rest of the site passing around a ?forum=1 parameter in all its URLs? Probably not. Only phpbb is doing that. So then you never even GET to the $_SESSION check. { if(!isset($_SESSION[userid])) { ?php if(!isset($_SESSION['userid']) $_SESSION['userid'] == ) This is daft. !isset($x) $x == If $x isn't even set, then why test it for being == to the empty string? ?php if($_POST['hiddensubmit']){ And here you're not using isset(), so are generating E_NOTICE messages, most likely. $get_count5 = mysql_query(SELECT * FROM `contest_stories` WHERE contest_id = '.$_POST['cid'].' AND year='2007' AND username ='.$_SESSION[userid].'); Splicing POST data directly into a query is a giant security SQL Injection attack hole. Stop coding NOW and start reading and re-reading here until you understand why: http://phpsec.org Unless you WANT your entire database wiped out or even stolen by a meanie. echo font color=\red\You can only submit 3 stories per contest./abr; And you might as well not bother to have a contest, as the meanie can rig it to win using the SQL injection above... Sorry to be the bearer of Bad News... -- Some people have a gift link here. Know what I want? I want you to buy a CD from some indie artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Script feedback: insert string into another string
But! I am now noticing that the main page provides cookies called _utma _utmb _utmc _utmz Hmmm Brad -Original Message- From: Richard Lynch [mailto:[EMAIL PROTECTED] Sent: Saturday, April 28, 2007 3:48 PM To: [EMAIL PROTECTED] Cc: php php Subject: Re: [PHP] Script feedback: insert string into another string Without reading source, it sounds like you've just re-invented this: http://php.net/wordwrap :-) On Sat, April 28, 2007 12:32 am, Micky Hulse wrote: Hi, I pieced-together a script that will insert a string into another string at a set interval of words... See here: http://www.ambiguism.com/sandbox/truncate/truncate.php [Click the view source link to view source.] :D Basically, I need a setup a page where my client can paste an article, automate the insertion of a template tag (in this case: {page_break}) and then copy/paste into the blog/cms. My goal for this script was to make it easy for the CMS to create word-balanced pages. Long story short, I got what I think will be an acceptable script... but I would love to get feedback. What do you think? What can I improve? What am I doing wrong? The script does not need to be super-robust, but would love to hear what the PHP gurus have to say. ;) Many thanks in advance! Cheers, Micky -- Wishlists: http://snipurl.com/1gqpj Switch: http://browsehappy.com/ BCC?: http://snipurl.com/w6f8 My: http://del.icio.us/mhulse -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- Some people have a gift link here. Know what I want? I want you to buy a CD from some indie artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] phpbb / sessionid nightmare
Does anyone know what this _utma _utmb _utmc _utmz stuff is? Obviously it is not a php standard. Obviously it is what is actually controlling my sessions? Brad -Original Message- From: Richard Lynch [mailto:[EMAIL PROTECTED] Sent: Saturday, April 28, 2007 3:46 PM To: Brad Sumrall Cc: 'Tijnema !'; php-general@lists.php.net Subject: RE: [PHP] phpbb / sessionid nightmare On Sat, April 28, 2007 12:47 pm, Brad Sumrall wrote: which sessionid call on that crazy page is kicking out the original sessionid and asking for a new one. That's when an experienced programmer KNOWS that it's time to re-factor and re-write the page. :-) I am lost in the sauce on this one. Something hidden is preventing it from looking for the cookie! Examine the cookie in FireFox browser or HTTP headers or whatever. What path is it using? Is it secure transmission only? -- Some people have a gift link here. Know what I want? I want you to buy a CD from some indie artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] phpbb / sessionid nightmare
I understand where you are going with the mysql injection. It would appear as though the entire session is being dictated by this _utmX session which I have never seen before. It would appear as though the /index.php sets this java bases session variable and since phpbb does not use this, it never even tries to set or look at the java session. I guess the key question here is; 1 What is the _utmX session, I find little on google, other than it uses it? 2 How to teach phpbb to use it? Brad Check the parameters for the cookie. If they limit the cookie to, say: http://example.com/phpbb/ instead of the whole site: http://example.com/ then your cookie isn't there, and the session will get lost with it. if(isset($_GET[forum])) What is this? Is the whole rest of the site passing around a ?forum=1 parameter in all its URLs? Probably not. Only phpbb is doing that. So then you never even GET to the $_SESSION check. { if(!isset($_SESSION[userid])) { ?php if(!isset($_SESSION['userid']) $_SESSION['userid'] == ) This is daft. !isset($x) $x == If $x isn't even set, then why test it for being == to the empty string? ?php if($_POST['hiddensubmit']){ And here you're not using isset(), so are generating E_NOTICE messages, most likely. $get_count5 = mysql_query(SELECT * FROM `contest_stories` WHERE contest_id = '.$_POST['cid'].' AND year='2007' AND username ='.$_SESSION[userid].'); Splicing POST data directly into a query is a giant security SQL Injection attack hole. Stop coding NOW and start reading and re-reading here until you understand why: http://phpsec.org Unless you WANT your entire database wiped out or even stolen by a meanie. echo font color=\red\You can only submit 3 stories per contest./abr; And you might as well not bother to have a contest, as the meanie can rig it to win using the SQL injection above... Sorry to be the bearer of Bad News... -- Some people have a gift link here. Know what I want? I want you to buy a CD from some indie artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] phpbb / sessionid nightmare
Oops! Maybe not. You were right! SFC = stupid flippn' coder = me! I see where you are going with this! if(isset($_SESSION['userid']) $_SESSION['userid']!=) Not set! Duhhh! The if(isset($_SESSION['userid']) $_SESSION['userid']!=) Was a silly attempt of mine earlier to force a session. Gone now, Let me follow your lead on your suggestions though for a few. I know just enough about php to be dangerous! I will definitely keep in mind the mysql inject problem. This could be an issue, but for now, just trying to get it to work! Thanks, Brad -Original Message- From: Richard Lynch [mailto:[EMAIL PROTECTED] Sent: Saturday, April 28, 2007 3:43 PM To: Brad Sumrall Cc: php-general@lists.php.net Subject: Re: [PHP] phpbb / sessionid nightmare On Sat, April 28, 2007 11:03 am, Brad Sumrall wrote: Users log into web site in a sudo phpbb login which works fine. Users are able to browse around phpbb and a sudo phpbb program called photopost. But when the goto a differen't part of the site which is not phpbb related, the sessionid does not carry over. The other pages are calling on the same isset variable??? This is blowing my mind for weeks now!!! Would some kind code help a frazzed brother out? Check the parameters for the cookie. If they limit the cookie to, say: http://example.com/phpbb/ instead of the whole site: http://example.com/ then your cookie isn't there, and the session will get lost with it. Probably a set_cookie_params() call somewhere in your phpbb mess. if(isset($_SESSION['userid']) $_SESSION['userid']!=) What is this? Is the whole rest of the site passing around a ?forum=1 parameter in all its URLs? Probably not. Only phpbb is doing that. So then you never even GET to the $_SESSION check. { if(!isset($_SESSION[userid])) { ?php if(!isset($_SESSION['userid']) $_SESSION['userid'] == ) This is daft. !isset($x) $x == If $x isn't even set, then why test it for being == to the empty string? ?php if($_POST['hiddensubmit']){ And here you're not using isset(), so are generating E_NOTICE messages, most likely. $get_count5 = mysql_query(SELECT * FROM `contest_stories` WHERE contest_id = '.$_POST['cid'].' AND year='2007' AND username ='.$_SESSION[userid].'); Splicing POST data directly into a query is a giant security SQL Injection attack hole. Stop coding NOW and start reading and re-reading here until you understand why: http://phpsec.org Unless you WANT your entire database wiped out or even stolen by a meanie. echo font color=\red\You can only submit 3 stories per contest./abr; And you might as well not bother to have a contest, as the meanie can rig it to win using the SQL injection above... Sorry to be the bearer of Bad News... -- Some people have a gift link here. Know what I want? I want you to buy a CD from some indie artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] phpbb / sessionid nightmare
I mean, the get forum Brad -Original Message- From: Brad Sumrall [mailto:[EMAIL PROTECTED] Sent: Saturday, April 28, 2007 7:02 PM To: [EMAIL PROTECTED] Cc: php-general@lists.php.net Subject: RE: [PHP] phpbb / sessionid nightmare Oops! Maybe not. You were right! SFC = stupid flippn' coder = me! I see where you are going with this! if(isset($_SESSION['userid']) $_SESSION['userid']!=) Not set! Duhhh! The if(isset($_SESSION['userid']) $_SESSION['userid']!=) Was a silly attempt of mine earlier to force a session. Gone now, Let me follow your lead on your suggestions though for a few. I know just enough about php to be dangerous! I will definitely keep in mind the mysql inject problem. This could be an issue, but for now, just trying to get it to work! Thanks, Brad -Original Message- From: Richard Lynch [mailto:[EMAIL PROTECTED] Sent: Saturday, April 28, 2007 3:43 PM To: Brad Sumrall Cc: php-general@lists.php.net Subject: Re: [PHP] phpbb / sessionid nightmare On Sat, April 28, 2007 11:03 am, Brad Sumrall wrote: Users log into web site in a sudo phpbb login which works fine. Users are able to browse around phpbb and a sudo phpbb program called photopost. But when the goto a differen't part of the site which is not phpbb related, the sessionid does not carry over. The other pages are calling on the same isset variable??? This is blowing my mind for weeks now!!! Would some kind code help a frazzed brother out? Check the parameters for the cookie. If they limit the cookie to, say: http://example.com/phpbb/ instead of the whole site: http://example.com/ then your cookie isn't there, and the session will get lost with it. Probably a set_cookie_params() call somewhere in your phpbb mess. if(isset($_SESSION['userid']) $_SESSION['userid']!=) What is this? Is the whole rest of the site passing around a ?forum=1 parameter in all its URLs? Probably not. Only phpbb is doing that. So then you never even GET to the $_SESSION check. { if(!isset($_SESSION[userid])) { ?php if(!isset($_SESSION['userid']) $_SESSION['userid'] == ) This is daft. !isset($x) $x == If $x isn't even set, then why test it for being == to the empty string? ?php if($_POST['hiddensubmit']){ And here you're not using isset(), so are generating E_NOTICE messages, most likely. $get_count5 = mysql_query(SELECT * FROM `contest_stories` WHERE contest_id = '.$_POST['cid'].' AND year='2007' AND username ='.$_SESSION[userid].'); Splicing POST data directly into a query is a giant security SQL Injection attack hole. Stop coding NOW and start reading and re-reading here until you understand why: http://phpsec.org Unless you WANT your entire database wiped out or even stolen by a meanie. echo font color=\red\You can only submit 3 stories per contest./abr; And you might as well not bother to have a contest, as the meanie can rig it to win using the SQL injection above... Sorry to be the bearer of Bad News... -- Some people have a gift link here. Know what I want? I want you to buy a CD from some indie artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Parse error on a basic call?
$SESSION = get_include_contents'/phpbb/login.php'; I pulled this tright out of the text book. I am trying to pull a phpbb session on an outside page. Any suggestions? Here is the error! Parse error: parse error, unexpected T_CONSTANT_ENCAPSED_STRING in /home/content/c/u/t/cuteirka/html/contest_stories.php on line 2 Brad
[PHP] Help me put this into phpinesse!
?php ob_start(); session_start(); header(Cache-control: private); require(includes/configure.php); $conn=mysql_connect(DB_SERVER,DB_SERVER_USERNAME,DB_SERVER_PASSWORD); mysql_select_db(DB_DATABASE) or die(mysql_error().: database not available); $show=no; isset($_SESSION['userid']); if $SESSION=NULL include './phpbb/login_global.php' $show=yes; ? What am I missing? Brad