Dragon_12dk

Eh not really, I am very very new to PHP which is why I was attempting to take what I thought would be the "easy way out" (eliminating the 403 error by removing the password.) But here is line 85And then line 86 says mysql_query($query);

The only time the word insert is used is on line 85

Oh, my bad. I guess I was not paying attention to my posts. Sorry about that.

no... this has nothing to do with that other topic, and I have tried to make it do that but I couldn't get it to work which is why I am trying to open up this page be removing the password set on it... (The other topic you mentioned was about censoring words in HTML forms, I have already solved that, now I am working on this...)

The idea of opening this page up is that it is currently an admin panel, and through it admins can add websites to a search engine, however I want anyone to be able to add their own site. So I built a html form that goes through the action of posting the info to this page, this results in a 403 no access, and prevents it from working. I plan on having this old admin panel just a relatively blank page where the action of posting information can go through without the 403 error...

just tried this, however it didn't work, users are still asked to login, I am trying to free up the page so anyone can access it.

Oh, so would having that automatically submit the password, eleminating the need for the login page? I will try that as soon as I can

Hello, I have been working on relocating an HTML form from an admin panel over to a new page where anyone can access. However the Action will produce a 403 because they cant access the admin panel. so essentially I am trying to scrap the old admin panel to make it into an upload area... Anyways, What I am trying to do is simply remove the login requirement from a page so anyone may access it. However I keep breaking the page when I try to remove the login... Here is the PHP where I am trying to remove the password / login requirements so that anyone can access. Any help would be awesome <?phpfunction PageMain() { global $TMPL; $time = time()+86400; $exp_time = time()-86400; $TMPL['loginForm'] = ' <form action="/index.php?a=admin" method="post"> Username: <input type="text" name="username" value="admin" /><br /> Password: <input type="password" name="password" value="password" /><br /><br /> <input type="submit" value="Log In" name="login"/> </form> <div class="addurlSmall">Note: The password is case-sensitive.</div>'; if(isset($_POST['login'])) { header("Location: /index.php?a=admin"); $username = $_POST['username']; $password = $_POST['password']; setcookie("username", $username, $time); setcookie("password", $password, $time); $query = sprintf('SELECT * from users where username = "%s" and password ="%s"', mysql_real_escape_string($_COOKIE['username']), md5(mysql_real_escape_string($_COOKIE['password']))); } elseif(isset($_COOKIE['username']) && isset($_COOKIE['password'])) { $query = sprintf('SELECT * from users where username = "%s" and password ="%s"', mysql_real_escape_string($_COOKIE['username']), md5(mysql_real_escape_string($_COOKIE['password']))); if(mysql_fetch_row(mysql_query($query))) { $TMPL['success'] = '<div class="success">Welcome <strong>'.$_COOKIE['username'].'</strong>, <a href="/index.php?a=admin&logout=1">Log Out</a></div>'; $TMPL['rowsTitle'] = '<h3>Top 15 Keywords</h3><div class="addurlSmall">Delete one or more keywords by clicking the <strong>X</strong> sign.<br /><br /></div>'; $TMPL['loginForm'] = ''; $TMPL_old = $TMPL; $TMPL = array(); $skin = new skin('admin/ads'); $ads = ''; $query = 'SELECT ad1,ad2,ad3 from users'; $result = mysql_query($query); if(isset($_POST['ads1']) || isset($_POST['ads2']) || isset($_POST['ads3'])) { $query = 'UPDATE `users` SET ad1 = ''.$_POST['ads1'].'', ad2 = ''.$_POST['ads2'].'', ad3 = ''.$_POST['ads3'].'' WHERE username = ''.$_COOKIE['username'].'''; mysql_query($query); header("Location: /index.php?a=admin"); } while($TMPL = mysql_fetch_assoc($result)) { $ads .= $skin->make(); } $skin = new skin('admin/rows'); $all = ''; $query = 'SELECT id,keyword, count from keywords WHERE keyword !="Search..." ORDER BY count DESC LIMIT 0,15'; $result = mysql_query($query); while($TMPL = mysql_fetch_assoc($result)) { $all .= $skin->make(); } if(isset($_GET['delete'])) { $delQuery = 'DELETE from `keywords` where id = '.$_GET['delete'].''; mysql_query($delQuery); header("Location: /index.php?a=admin"); } $skin = new skin('admin/remove'); $remove = ''; if(isset($_POST['remove'])) { $query = 'DELETE from web WHERE id = "'.$_POST['remove'].'"'; mysql_query($query); header("Location: /index.php?a=admin"); } $remove .= $skin->make(); $skin = new skin('admin/title'); $title = ''; $queryTitle = "SELECT title from users where id = '1'"; $resultTitle = mysql_fetch_row(mysql_query($queryTitle)); $TMPL['currentTitle'] = $resultTitle[0]; if(isset($_POST['title'])) { $query = 'UPDATE `users` SET title = ''.$_POST['title'].'' WHERE username = ''.$_COOKIE['username'].'''; mysql_query($query); header("Location: /index.php?a=admin"); } $siteTitle .= $skin->make(); $skin = new skin('admin/add'); $title = ''; if(isset($_POST['addtitle']) && isset($_POST['addurl']) && isset($_POST['adddesc'])) { $url = parse_url($_POST['addurl']); $date = date("d M Y"); $query = "INSERT INTO `web` (`url` , `title` , `description`, `date`) VALUES ('http://".$url['host']."', '".$_POST['addtitle']."', '".$_POST['adddesc']."', '".$date."')"; mysql_query($query); header("Location: /index.php?a=admin"); } $add .= $skin->make(); $skin = new skin('admin/password'); $password = ''; if(isset($_POST['pwd'])) { $pwd = md5($_POST['pwd']); $query = 'UPDATE `users` SET password = ''.$pwd.'' WHERE username = ''.$_COOKIE['username'].'''; mysql_query($query); header("Location: /index.php?a=admin"); } $password .= $skin->make(); $TMPL = $TMPL_old; unset($TMPL_old); $TMPL['add'] = $add; $TMPL['rows'] = $all; $TMPL['ads'] = $ads; $TMPL['remove'] = $remove; $TMPL['password'] = $password; $TMPL['siteTitle'] = $siteTitle; if(isset($_GET['logout']) == 1) { setcookie('username', '', $exp_time); setcookie('password', '', $exp_time); header("Location: /index.php?a=admin"); } } else { $TMPL['error'] = '<div class="error">Invalid username or password. Remember that the password is case-sensitive.</div>'; unset($_COOKIE['username']); unset($_COOKIE['password']); } } $queryTitle = "SELECT title from users where id = '1'"; $resultTitle = mysql_fetch_row(mysql_query($queryTitle)); $TMPL['title'] = 'Admin - '.$resultTitle[0].''; $skin = new skin('admin/content'); return $skin->make();}?>

Hello, I have recently been working on a HTML form to submit new results into a search engine. However I have ran into a problem that I cant seem to get past. I have one page where the info from the form can be properly submitted, however it requires a password to get into. (its the admin panel) located at index.php?a=admin However when a user tries to insert a new site to the form the just are denied access because they cant log into the admin panel, even though the form itself is not actually in the admin panel... The HTML form looks like this and is located in a page called /AddSite.html however its trying to submit the info to /index.php?a=admin how can I use JavaScript to possibly bypass needing the password? and not redirecting to the admin panel when you click submit? (Also, not as important as the above issue... but as you can see I tried to add a capatcha, but I cant get it to be required, users can press submit without even using the capatcha... if anyone could tell me what I did wrong that would be helpful ) my current code: <form action="/index.php?a=admin" method="post"><div class=""> Site Title: <input type="text" name="addtitle" value="" required/><br /> Site URL: <input type="url" name="addurl" value="http://" required/><br /> Site Description: <br /><textarea lass="ads" name="adddesc" required></textarea><div align="center" class="g-recaptcha" data-sitekey="6LfDoAYTAAAAAOUmPcjfwv3I84xYqFBV5tyQMPJu"></div></div><br /><input type="submit" value="Add new result"/></form> Any help works!!!

Ya, I moved this over to the PHP area after I got a bit more info on this. Thanks.

Hello, I have recently been attempting to make HTML forms in my website filtered by PHP strings... I have a PHP Filter that should work, However I am not sure on how to Integrate it into my HTML forms. Here is what I have right now... HTML Form <h3>Add Site Manual</h3><div class="addurlSmall">Enter the Site Title, Url and Description you want to add, it will automatically add it in the database</div><br /><?php require 'BannedWords.php';?><form action="/index.php?a=admin" method="post"><div class=""> Site Title: <input type="text" name="addtitle" value="" required /><br /> Site URL: <input type="url" name="addurl" value="http://" required /><br /> Site Description: <br /><textarea lass="ads" name="adddesc" required></textarea></div><br /><input type="submit" value="Add new result"/></form> PHP Filter. <?php$ban_array = array( 'Bad', 'Words', 'Here');$input_array = array ( 'adddesc', 'addurl', 'addtitle');$isvalid = true;foreach ( $ban_array as $v ) { foreach ( $input_array as $vv ) { if ( strpos($form->data[$vv], $v) !== false ) { $form->validation_errors[$vv] = 'Banned words in use!!'; return false; } }}?> Any help would be appreciated Thanks.

Do you know if I could just add it to the <input> of the form? I would not mind typing every word to block manually

Hello,I have recently created a new "feature" to a web browser that I am working on where users can add their own website. To do this they just type the title, URL, and description into the form and press submit. However I am worried about people submitting bad websites that I don't want to see on this browser. With that being said, is there a simple way to BlackList certain words from being typed into the form? So that you can not press submit or something.Thanks.