Jump to content

sooty2006

Members
  • Content Count

    144
  • Joined

  • Last visited

Everything posted by sooty2006

  1. the only file on the 4 domains are index.php with 0KB no text or nothing so it can only be browser relatedi removed all files to make sure that there was nothing wrong with my code or pages added deep in my directories that would inject there. i have read up on google. there is not much infomation on how to solve the problem
  2. ok how would i use htmlspecialchars() on the basis that anything could be sent in the browser url?at the moment the only way a hacker could inject anything is via the browser bar.Cheers.
  3. boen_robot thanks for your quick reply.currently the four domains have been backed up and all files images etc. removed and all have only a index.php page with nothing on or in but still has been injected again. there is know where a user can add any xss scripts, not textboxes or forms.could this injection and file permissions changed from the browser url bar?many thanks.
  4. Good afternoon all, For the past few days i have been battling my skills to overcome someone injecting javascript into my index pages and the file permissions changed to 777.i dont know how to put this as i dont want to put any injected code or anything in this forum post.My sites are been hosted on a VPS server with unlimited hosting domians.I have over 20 domians on this host and 4 of those sites on the index page are having javascript links to a php page injected at the top of the page.these are the only 4 sites being injected never any others no metter what i pput on the directory.Firstly
  5. thanks,still does not work, in my php.ini it shows this for the opend_basedir line;open_basedir =whats the default is it off?if i was to change it to open_basedir = Off this would not create any issues ?Again many thanks.
  6. i have sorted now missing a / symbol but it now wont open because open_basedir is off i host a few sites from my server so dont want to switch it at all. is there a function you can use to set the open_basedir on at the start of opening this page? before i include the mail.php class? [b]Warning[/b]: include() [[url="http://www.milnas-mafia.co.uk/function.include"]function.include[/url]]: open_basedir restriction in effect. File(/Mail/Mail.php) is not within the allowed path(s): (/var/www/vhosts/mysite/httpdocs:/tmp) in [b]/var/www/vhosts/mysite/httpdocs/test.php[/b] on line [b]2[/b][b]Warning
  7. i took a look at the manual before i posted this topic i have followed what it has to say and also i looked up on google i carnt seem to find any examples etc... with more than one directory in the include_path but this is right but for someone uknown reason this does not work
  8. Good evening all,I am trying to modifiy my php.ini config file and am hitting problems.Here is the location of php5 : /usr/share/php5here is the location of PEAR : /usr/share/psa-horde/peari am trying to include them on my unix operating platform like this include_path = ".:/usr/share/php5:/usr/share/psa-horde/pear" but when i try to use the PEAR functions it says (No such file or directory)how should i express the include_path to the server in php.ini ??Many Thanks.
  9. what would be best using i.e more secure?$_POST$_GET$_REQUEST?
  10. thanks ill give it a try !
  11. I have a game website with alot of user textareas and textbox's.Quite recently i have had to ban a person from the site because he was getting data from the server via a textboxsupposably.What i want to do is make sure nothing other than plain text can get through.Here is a typical input form: if(isset($_POST['save'])){if(!$_POST['text']){$message .= "You must enter some text."; }else{mysql_query("UPDATE `users` SET `text` = '$_POST[text]' WHERE `usersid` = '$USER'");$message .= "Text saved!"; }} is there a php function i can use to check the text for stuff that should not be there?Thanks Ag
  12. sooty2006

    user search

    problem solved thanks for your help anyway mate!
  13. sooty2006

    user search

    if anyone needs more infomation let me know if it will help solve this thanks.
  14. sooty2006

    user search

    i have placed on my online website a search for playersthis only works for usernames onlymy form consists of textbox usernameselect genderselect statusselect levelselect groupif a user selects all 4 select boxes it does't display anythingmy mysql statementmysql_query("SELECT * FROM `users` WHERE `username` LIKE '%$_POST[username]%' AND `gender` = '$_POST[gender]' AND `status` = '$_POST[status]' AND `level` = '$_POST[status]' AND `group` = '$_POST[group]'");if a user does't select a select box it will not search for it in the query!what i need is how to do this so it works selecting all the box
  15. i have figuered it out 30 days in seconds is 2592000 - sum == seconds left i set the time paid form in seconds on my mysql database for some unknow reason when i was getting it from the database it was outputing a complete different number - wierd?? but thanks for your help i probably would of given up if it wasnt for the help you have given me! i am using your first code using the date(); function and it output exactly what i need cheers mate!
  16. i have used your opposed method it outputs a minus figure, I output $time_left and was never given a minus figure unless the time went past 0. Also i dont know if anyone knows but i carnt use the reply function in Firefox the textarea wont let me type i have to use IE to respond
  17. $query = mysql_query("SELECT * FROM accounts WHERE email='$user_email'");$array = mysql_fetch_array($query);$elf = $array['paid_for'];$result = @mysql_query("SELECT paid_time FROM accounts WHERE email='$user_email'");$time = mysql_fetch_array($result);$now = time(U);$time_diff = $now - $time[0];$time_left = $elf - $time_diff;$tottime = $time[0] - time(U);if ($time_diff < $elf) {echo "Not a member!";} else {datesectime($time_left);} this will output how many seconds are left then i would use the function to output the seconds into hours etc...and the function is as i have wrote at the top o
  18. i have tried this and it now does minus figures i think there may be an error in the scripting but im not to sure ive never used the floor function before!
  19. this does work but if i set the time for too 2592000 seconds which is equal to 30 daysthe time starts with 32 days when i get down to 2 days left it tells me theres 30 days left again?how do i fix this?
  20. Hi, im buiding a website and users can buy credits with these credits they can buy membership.I want to show on the users control panel how long they have left before there mebership ends.I have my own scripts which works up to 24 hours but no futher.They can only register for 30 days, can anyone provide me with the script or tell me what i neeed to do?Heres the script for the 24 hour timer. function timerfunc24h($secs) { if($secs > 86400) { $hours = $secs / 86400; $mins = $secs % 86400 / 60; $secs = $secs % 60; echo (int)$hours; echo " Hours and "; if((int)$mins < 10) { echo "0"; }
  21. sooty2006

    ORDER BY id

    ok ill give it ago then !
  22. sooty2006

    ORDER BY id

    ok i understand what your saying but if the user is on level 15 i only want it to show the last 10 crimes unlocked not the first 5
  23. sooty2006

    ORDER BY id

    Hi, In my database table i have 50 rows, every time the user levels up they unlock a new crime.i want to show the new crimes by the top ten crimes my code just brings the last 10 in the database even tho they have not unlocked it!can anyone show me how to get it to do this?here is my current code! $sql = "SELECT * FROM `crimes` WHERE `crime_count` <= '$array[crime_total]' ORDER BY id DESC LIMIT 10";$query = mysql_query($sql);while($row = mysql_fetch_array($query)){ Thanks
×
×
  • Create New...