Posts by cwarn23

Oops I meant the following.

<?php
$a=1;
$b=47;
$c=88;
$tmp=23;
for($i=0;$i<80;$i++) {
$random_number=floor(mt_rand(0,1000));
echo $random_number.'<br>';
$tmp=($tmp+$c+$random_number)*0.5;
$c=$b;
$b=$a;
$a=$tmp;
}
 
 
//Now to reverse
echo '<hr>';
 
 
$tmp=$a;
for ($i=0;$i<80;$i++) {
$a=$b;
$b=$c;
//$c=(unknown);
//$random_number=(($tmp-$c)-$a)*2;
//$tmp=($tmp-(($random_number*0.5)+$c+$a))*2;
//echo $random_number.'<br>';
}
?>

Do you mean that if age=0 should pass true well the reason why it currently doesn't is because of a bug or feature in the empty function. The work around is as follows.

if (empty($_POST['age']) || $_POST['age']===0) {

Then it would be as follows.

preg_replace("@'THIS_KEY'.*=>.*'My string',@Us","'THIS_KEY' => 'My new value'",$file_input);

I would suggest using the following:

str_replace("'THIS_KEY' => 'My string',","'THIS_KEY' => 'My new value'",$file_input);

Yes it's about loops. I have the below script and the first loop there is no problem as it mixes the variables but on the second loop I can't seem to figure out how to find the value of $c. Does anybody know because this is an annoying puzzle I have been trying to figure out. I got everything else correct except for finding the value of $c in the second loop. Please help.

<?php
$a=1;
$b=47;
$c=88;
$tmp=23;
for($i=0;$i<80;$i++) {
$random_number=floor(mt_rand(0,1000));
echo $random_number.'<br>';
$tmp=($tmp+$c+$random_number)*0.5;
$c=$b;
$b=$a;
$a=$tmp;
}


//Now to reverse
echo '<hr>';


$tmp=$a;
for ($i=0;$i<80;$i--) {
$a=$b;
$b=$c;
//$c=(unknown);
//$random_number=(($tmp-$c)-$a)*2;
//$tmp=($tmp-(($random_number*0.5)+$c+$a))*2;
//echo $random_number.'<br>';
}
?>

Could you explain more clearly because it is hard to understand what you are asking for. From what I can tell you want to check if all values in $_POST are not empty. If that is correct then you would use the following.

if ((!empty($_POST['hour']) || $_POST['hour']===0) && (!empty($_POST['minute'])  || $_POST['minute']===0)) {

And remember to add the rest of the post variables.

Now you mention it that is a great reason for the title to be escaped. All is now good so I shall mark this topic solved.

I'd rather it be double escaped than unescaped and vulnerable.

All answers on a post card...... :-)

Sending a post card your way lol. Below are the details.
There are several libraries that may be used to create pdf files and yes not all examples work due to incompatibility on updated versions since the tutorial/example was written for an older version. To find reliable examples I would suggest going to php.net and check the function references for their pdf library. Then make sure you have that same library installed. Alternatively you may find a pdf extension in pear. Generally the official documentation is the best reference as it is usually the most accurate. Enjoy.

So what's the question/objective or is this just a general chat topic? L@@ks like a bunch of random strings being displayed from what I can see.

The only way I know of doing it is by downloading a database of every ip address and their associated country. But I would be interested to see if there is an automated way of doing it instead of constantly updating an ip database.

Come to think of it, the OP could verify his method by attacking MD5 first, as a proof-of-concept.

Why is attempting to dehash md5 any different then attempting to dehash sha1? Sure they have different algorithms but they are both based on the same principles. Anyways it was all going good until I came across this one mathematical problem. It involves predicting future loop rounds based on data in the current loop round. Currently my mind is going loopy but I will get there eventually and if/when I do it will be a major breakthrough in computer science as no-one has ever been able to solve this loop puzzle before. That is why this loop puzzle is included in many hashing algorithms. Example of the theory

a=1
b=47
c=88
tmp=23
for(i=0;i<80;i++) {
tmp=tmp+a+b+c+random_number
b=a
c=b
a=tmp
tmp=c
}

And in that code you need to find the value of random_number in each loop round then place it into an array[80]; So far I managed to replicate all of the variables except "a". The variable a is the previous tmp. So I will setup a challenge and that is can anybody reverse the process in the above code (c++ or php) and to reverse it you need to find all 80 values of random_number.

I would suggest using mysql with php. To do so simply create an admin panel which will insert news into the mysql database then in the column select from the database and order by timestamp desc. So perhaps a mysql tutorial might be useful. Google is your friend.

Ok, so I was getting my daily dose of Stargate Atlantis then in the final episode atlantis lands in the atlantic ocean. Then I think to myself, haven't I seen an unrelated youtube video coming to the same conclusion. In this youtube video which I saw a long time ago it revels that Atlantis has been seen on Google Earth in the same place as the Atlantis from Stargate Atlantis claims to have ended up. Is this all just an amazing coincidence or do you believe like myself Atlantis wrests at the bottom of that ocean in the atlantic?

I don't quite understand your while loop. Each time you loop, aren't you just replacing all the variables? As far as I can tell, the only variables that you have after the loop is finished is the result of the final loop.

It does not replace the variables value but instead append to the value in the variable array. So any subvalue can then be retrieved with a foreach loop or using parameters like $_SESSION[0]

Probably find the next thing after php will be computers inventing themselves. All you would need to do is tell the computer to make a big website then the computer will code it all for you. But that I believe is the distant future when AI is invented. Until then we are stuck with code and debuggers.

Did the solution work for you?

Indeed it did. Don't know why a fresh install needed such a procedure.

<?php session_start();
//connect to mysql
//change user and password to your mySQL name and password
mysql_connect("194.81.104.27","www","www") or die(mysql_error());
	
//select which database you want to edit
mysql_select_db("dbaleister") or die(mysql_error()); 

$search=$_POST["search"];

$factid = $_REQUEST["factid"];

//get the mysql and store them in $result.
//change whatevertable to the mysql table you're using.
//change whatevercolumn to the column in the table you want to search.

$result = mysql_query("SELECT * FROM fact,url,keyword WHERE factid = urlid AND factid = keyid AND title LIKE '%$search%'");

//grab all the content.

while($r=mysql_fetch_array($result))
{	
   //the format is $variable = $r["nameofmysqlcolumn"];
   //modify these to match your mysql table columns
  
   $factid=$r["factid"];
   $title=$r["title"];
   $paragraph=$r["paragraph"];
   $image=$r["image"];
   $keyid=$r["keyid"];
   $kword=$r["kword"];
   $urlid=$r["urlid"];
   $link=$r["link"];
   
   //display the row
   //echo "$title <br /> $paragraph";
}
?>

<?
//connect to mysql
//change user and password to your mySQL name and password
mysql_connect("194.81.104.27","www","www") or die(mysql_error());

//select which database you want to edit
mysql_select_db("dbaleister2") or die(mysql_error());

$pathid = $_REQUEST["pathid"];

$result = mysql_query ("SELECT pathid FROM lp ORDER BY pathid DESC LIMIT 0,1");

  echo "<center><table border='1' width='50%' cellpadding='20px'>
    <tr>
      <td align='center' colspan='2'><b>YOUR CURRENT LEARNING PATH IS:</b></td>
    </tr>";
    $_SESSION['patharray']=array();
    while ($row = mysql_fetch_array($result)) { 
      $_SESSION['patharray'][]=$row['pathid'];
      echo "<tr>";
      echo "<td>" . $row['pathid'] . "</td>";
      echo "</tr>";
    }
  echo "</table></center>";
?>

<?php session_start();
//connect to mysql
//change user and password to your mySQL name and password
mysql_connect("194.81.104.27","www","www") or die(mysql_error()); 

//select which database you want to edit
mysql_select_db("dbaleister2") or die(mysql_error());


//GRAB THE VARIABLES

$pathid = $_REQUEST["pathid"];

$factid = $_REQUEST["factid"];


echo '$pathid';
echo '<br /><br />';
echo '$factid';
echo '<br /><br />';
foreach ($_SESSION['patharray'] AS $value) {
echo $value.'<br>'; …

But surley there is some algebra equation I can do to solve this isn't there?

Hi and I am making a script but am having a slight math logic problem. Below is an example of an encoder I am working on.

for(int m=0;m<80;m++)   
        {   
            if(m<=19)   
            {   
                f = (b & c) | ((~b) & d);   
                k = 0x5A827999;   
            }   
            else if(m<=39)   
            {   
                f = b ^ c ^ d;   
                k = 0x6ED9EBA1;   
            }   
            else if(m<=59)   
            {   
                f = (b & c) | (b & d) | (c & d);   
                k = 0x8F1BBCDC;   
            }   
            else   
            {   
                f = b ^ c ^ d;   
                k = 0xCA62C1D6;    
            }   
            temp = (rotateleft(a,5) + f + e + k + word[m]) & 0xFFFFFFFF;   
            e = d;   
            d = c;	 
            c = rotateleft(b,30);
            b = a;	 
            a = temp;
    
        }

Then below is the decoder. The decoder is meant to reverse the math but can't seem to get the value of variable e. However I do know the value of e on the first and last loop rounds but all other loop rounds e needs to be calculated. Does anybody know what I'm doing wrong because I can't seem to figure it out? Below is what I have tried and although all is fine e is unknown making the whole script go crazy.

for (int m=79; m>=0; m--) {
		temp = a;
		a = b;
		b = rotateright(c,30);
		c = d;
		d = e;
            if(m<=19)   
            {   
                f = (b & c) | ((~b) & d);   
                k = 0x5A827999;   
            }   
            else if(m<=39)   
            {   
                f = b ^ c ^ …

I just got a reply from thread260244 and the only problem which I don't think can be solved is that although it is fine in webmail, in email clients, the html entities show in the title of the email. So yea looks like it is solved. If you subscribe to my other thread I can reply to it and ya can see what has been going on.

I just spoke to someone on an irc chat room and found out the following command seems to solve it. Don't know why?

apt-get update

I have created a thread at the below link and if you reply to it I will see if it injects the code into the email.
http://www.daniweb.com/forums/post1136135.html#post1136135

This is a test thread for cscgal about the XSS injections problem.

So what exactly is the question. I know that if you use indexing properly then that can speed up sql time.

Is it just me or has Ubuntu 9.04 become broken by not allowing any software to be installed. I have done two clean installs and still the synaptic package manager does not show any items that are not installed. Also I am unable to install any software from the command line. Has the creators of Ubuntu put a lock on version 9.04 because this is really annoying. The software worked before I reinstalled Ubuntu but does anybody have any ideas? I'm just trying to install Apache, mysql, php, webmin and virtualmin.

The way I learned to type was by typing up encyclopedias from the library. The fun times. Easiest method is to at first look at the keyboard while typing while all fingers remain on the keys then as you progress you stop looking at the keyboard less and less often. Now I can type without a keyboard. 50 words per minute. And you/reader.

Better yet php has a zip library. Gotta love php.

Hi Guys, Cwarn23 told right thing, make a zip file in runtime and send it to users for download.

If your server is in Linux, then making a zip file will be very easy....

Write a cron to delete those zip files once in a day.

The syntax for zip command is

zip -r destination.zip source_files1/*

and you just execute this command by using the function system() or exec() or passthru()...

The only way you can possibly make a hash undecryptable is by appending a string with a character repeated by 2^40 times to the hash input. Then it would take 2TB of memory to decode.

Could you elaborate on that and be more specific. PHP has many security functions such as mysql_real_escape_string() and when used properly php is very secure. But I assume you want a secure login system or for us to secure your login system. Could you post some code so we can make it secure?

Mhh! If you regularily update, zip isn't decent solution.

I disagree. I would suggest getting php to automatically make the zip files just before downloading. I'm not sure how but there would be a way.

Or it could be Pink Hypertext Preprocessor

its an infinite loop dude....
P H P
PHP hypertext preprocessor
PHP hypertext preprocessor hypertext prerprocessor .......... an endless loop!

Attached to this post is a screenshot of the email and the <div> in the topic title doesn't appear in the email link title and instead appears as a actual <div> field.

The sum is a lossy algorithm. Bytes are rotated and shifted and split and combined. Bits are overwritten and dropped. But then, that's what sums and hashes are supposed to do.

The practical intent is that these sums are one-to-one mappings. In theory, more than one source can map to a single sum. If it's just the sum that must match, then it doesn't matter which source is used to generate the sum. As a real life example, it doesn't matter what you enter for a password; what matters is that what you enter passes through the one-way algorithm to be transformed into the stored value.

This is one reason static passwords aren't all that secure, and it's pretty much the same reason why 'captcha' images don't work too well to keep spambots out of discussion fora. "Hey, spammer! Here's the password. What is it?" Well, duh!

FWIW, challenge/response systems *do* work well to keep bots out, at least those that require a human to answer the challenge. Dynamic passwords (challenges), like the old SecurID cards, work well to keep miscreants at bay. But I digress.

If you can find two source strings that have the same SHA1 sum, you will have reduced the usefulness of SHA1, just as the usefulness of MD5 sums were reduced some years ago in the same way. But then, anyone wanting stronger security will use sha[224|256|384|512]sum

Sha512. That's a great algorithm to crack. But sha1 first.
As for about how bytes are lost …

But hashes are ONE WAY FUNCTIONS!

Trivial example - the hash function is strlen().
That means the hash of "SEND ONE DOLLAR" and "SEND 1M DOLLARS" are the same. But there is zero information in the hash result to tell you which one it was.

The hash of an entire book (say war and peace) would still only be 40 characters. Are you seriously thinking you could recover the entire book? Who needs ZIP, when we've got your reversible hash.

Now SHA1 is more secure, because there is a lot less chance of getting the same result from any given two messages.
It is also more secure, because it is hard to arrange for a particular message to have a particular SHA1 result.

You can't get back the original text just by "reversing" the process, even if you could.

Read Bruce Schneier's post from 5 YEARS AGO.
If you've only managed a couple of rounds, are you doing anything which isn't just brute force (or something slightly less expensive).

If I get this algorithm right, you can place in a hash then the computer will spit out every combination that matches that hash be using a reverse algorithm. Of course I would need to limit it to spit out 1000 dehashed results but as for now I have bumped into a slight problem. The below demonstrates it on the encryption side.

for (i=0;i<80;i++) {
a=b;
b=c;
c=c+1;
}

Now when you reverse that it looks like

for …

So I came back home and checked my emails then found my usual google alerts. One google says - "What does the P in PHP stand for". So I click the link and it says Pink - According to Barbie Nerd. Now who would ever think of such a crazy idea for PHP. lol Still laughing as I write this article lol. Did anyone here expect Nerd Barbie to say "the P in PHP is short for Pink"?

I just realized a technology that has changed our lives. Google and yet people don't use it for code. lol

Try this.

FindEdits($HtmlContent,"@<div(.*?)class=\"(.*?)cmsedit(.*?)\"(.*?)>(.*?)</div>@Us");

Well subscribe to the thread at the following link then make a reply to that thread then you will see the <div> in the title will not appear in the email. It will actually execute the div code making a div box.
http://www.daniweb.com/forums/thread260244.html

What's the science behind your approach?

Basically reversing the math and reversing the algorithm to get the reverse result. I know with any good algorithm that should be impossible but with SHA1 I have been having great success. IMO SHA1 is Insecure Hash Algorithm because it has so many security floors.

I dunno either.
It burned a few minutes of CPU time, and printed out 0 to 16000 (in steps of 32) a total of 80 times.

But even uncommenting some extra print statements around line 320 (which would appear to be the result) didn't leave me any the wiser.

What you saw was the raw diagnostics checking the comparisons for the dehash vs hash. At the moment I managed to get a match on the first loop for two variables added and and am working on separating those two variables to allow all loop rounds work and to get the core data. So at the moment I haven't completed it but am coming very close.

This is way beyond me, but looks really impressive. Does it work? If so, is SHA1 doomed?

Yes sha1 is doomed and it will be soon before it is cracked.

Haven't you used ajax on php before? It is very simple. Just follow the below tutorial link and it will guide you through to using ajax.
http://www.tizag.com/ajaxTutorial/

I've added ya and it appears your offline? Are you using Windows Live Messenger?

It seems to not be loading the new contact... Did you do the full email without the dot at the end.

msn@cwarn23.info

Although I don't know the oop equivalent the fgllowing is using the url for which column to sort by.

$this->sqlGetAllCmds = "select id,url,type,name,label from commands order by ".mysql_real_escape_string($_GET['orderby']);

Or if you want to order by multiple columns in case of duplicate rows then the following

$this->sqlGetAllCmds = "select id,url,type,name,label from commands order by `id`, `from`, `label`";

I can't use $POST coz the $row should be assigned a value to post it to the nextpage...

Since I am viewing the list of Username in a table, I won't have a value to submit it to the next page... Am I CORRECT?

Well that one is on opinion. You could a- use the $_POST as the username after checking it exists from the database or b- fetch from mysql which will have the same value as $_POST; That is if your using a login form. If you like below is a script to show how to assign to sessions. (Page 1)

<?php
if (isset($_POST['user']) && !empty($_POST['user'])) {
$r=mysql_query('SELECT * FROM `users` WHERE `user`="'.mysql_real_escape_string(stripslashes($_POST['user'])).'" AND `password`="'.mysql_real_escape_string(stripslashes($_POST['password'])).'"') or die(mysql_error());
if (mysql_num_rows($r)==1) {
$_SESSION['Username']=stripslashes($_POST['user']);
}
}

I have discovered that in emails any html code in the topic name appears as styled html in the email. I would suggest using htmlentities on the subject in the email updates. Just thought I would let you know of this security risk.

I'm not very familiar with mysqli that is with the i at the end but I will give you an example that doesn't use mysql.

<?php
$heading=array(0=>'Heading 1',1=>'heading 2');
for ($i=0;$i<count($heading);$i++) {
echo '<div style="background-color:orange;text-align:center">
<p>'.$heading[$i].'</p>
</div>
<div style="border:1px solid black">
<p>Content section</p>
</div>';
}

That should give you something to base your code on.

I receive for yor code

Warning: mysql_fetch_assoc() expects parameter 1 to be resource, object given

That was because you were meant to add the rest of the code which included a mysql query. $result is assigned to $result=mysql_query('SELECT blah...

<?php
$heading=array(0=>'Heading 1',1=>'heading 2');
for ($i=0;$row=mysql_fetch_assoc($result);$i++) {
echo '<div style="background-color:orange;text-align:center">
<p>'.$heading[$i].'</p>
</div>
<div style="border:1px solid black">
<p>Content section</p>
</div>';
}

Add me to msn at msn@cwarn23.info.