Posts by cwarn23

what does the line ErrorDocument 404 /path/to/file.html will do?????

It sets the error 404 (file not found) page to your custom page.

I can tell you that when almostbob said contact paypal, he would have meant to perhaps send an email to the group named paypal or to contact the paypal group via online form.

It is because you cannot directly use quotes and some other symbols in a mysql query. To solve this you need to escape them like previously mentioned. I am guessing you would like an example so below is one:

mysql_query("INSERT INTO `table` SET `column`='".mysql_real_escape_string($_POST["headline"])."'");

Hope the visual helps.

Ya I can make a function that implements the query as well but I require a function that only calls the mysql_num_rows and or die (catch errors?).

Wait you given me an idea, you know what would be cool?

I know I need a function that just uses mysql_num_rows.

But what would be call is a function that can be adapted so you send in your string query into the function and then you have options of returning query, count, array, assoc, etc?

I just might try that. But for the moment I have created a function that counts the number of rows and has a validator for anything before the WHERE clause. But you can still use the where clause. Below is an example:

function getrows($query)
    {
    $query=str_replace("
",' ',$query); //must start at beginning of line
    if (preg_match('/FROM[\h`\'\"]+([^`\'\"]+)/i',$query)) {
        preg_match_all('/FROM[\h`\'\"]+([^`\'\"]+)/i',$query,$tables);
        $table=preg_replace('/FROM[\h`\'\"]+/i','',$tables[0][0],1);
        unset($tables);
        } else {
        die ("You have not specified your select table correctly.<br>It should be something like: <b>FROM `table`</b>");
        }
    $querytype=strtoupper(preg_replace('/[^A-Za-z]/i','',preg_replace('/(([^a-zA-Z]+)?[A-Za-z]+).*/i','$1',$query)));
    $where='';
    if (preg_match('/WHERE/i',$query)) {
    $wheres=preg_split('/WHERE/i',$query);
    $where=' WHERE '.$wheres[1];
    unset($wheres);
    }
    $getrecourse=mysql_query("SELECT * FROM `".$table."`".$where) or die ("<b>Query Performed:</b> SELECT * FROM `".$table."`".$where."<br><br>".mysql_error());
    if ($querytype=='SELECT' || $querytype=='SHOW') {
    $result=mysql_num_rows($getrecourse);
    } else {
    $result=mysql_affected_rows($getrecourse);
    }
    return $result;
    }


//database connections here

//now to use it
echo getrows("Select * 
FROM     `'table'`
WHERE 'column'= value And column2 =valueb
 ");

How would you construct the function?
That preforms the same processes?

I would design the function so that instead of insterting the result into the function, you would insert the query string which can then be validated for errors. So I shall make that function that even the slopiest programmer can use.

...
Shouldnt make a difference to the variable?

No that shouldn't make a difference

Try the proper error reporting and is as follows:

function getRows($result_resource) {
 $row = mysql_num_rows($result_resource) or die(mysql_error());
 return $row;
}
$query = "select * from table where column='somevalue'";
$result = mysql_query($query);
$totalRows = getRows($result);
echo $totalRows;

Post what error that throws and will give you better info on how to solve it.

So would I do something like

SELECT FROM table1 WHERE column1='$foo' IN table1 WHERE column1='$foo2'

Is that right? Just guess work :p

For starters that mysql query is wrong and I shall share a way help answer this question. First to retrieve all site: within a string use the following:

$string='test site:example.com site:test.com test2';
if (preg_match('/site:/i',$string))
    {
    preg_match_all('/site:[^ ]+/i',$string,$site);
    for ($ii=0;isset($site[0][$ii]);$ii++)
        {
        $site[0][$ii]=strtolower(substr($site[0][$ii],5,strlen($site[0][$ii])));
        }
    $sites=$site[0];  unset($site);
    
    //now to display it
    foreach ($sites AS $siteval)
        {
        echo $siteval."<br>";
        }
    }

That will turn it into the $sites array. The reason why an array is just in case there is more than one site specified. Then to do the mysql query it would be something like the following:

mysql_query("SELECT * FROM `table` WHERE `domain`='".mysql_real_escape_string($sites[0])."'");

Your skipping a step :P
Because you cant preform num_rows if $b returns no rows and throws an error.
Been trying to come up with a solution but it is annoying me - hopefully I figure it out soon :)

Hi, I have just done a few tests to see what the mysql_query() function really returns on the technical side and it seems all it returns is instructions on how to access the data within the mysql database. Just thought I would let you's all know. And that I believe is what classifies it as a recourse rather than a result.

And in my site, i had written .htaccess file for every folder individually. Is it correct or not??

That is sort of correct but you can also make virtual folders with .htaccess. An example is the following:

RewriteEngine on 
RewriteRule *\/([^/\.]+)/?.html$ viewPage.php?ID=$1 [L]

Note that RewriteEngone on generally goes at the top of the .htaccess file and only appears once (generally). And the above example will rewrite all html files inside all subdirectories of the htaccess file to the php file.

And quote me with 404 error solution with URL ReWriting..

The following code will do the trick:

ErrorDocument 404 /path/to/file.html

Don't forget the first forward slash in the above code path.
Enjoy

means for each possible hidden value, there would need to be a different file path.

Well I just don't see how it is possible to use a htaccess file to hide the url info unless you have a dedicated virtual file for each possible input variable.

I already did that, but unsuccessfully, the code didn't work anymore.. could you help me step by step?

Steve

I think it is because the scripts you tried to merge allready had errors and merging them exploited the errors. Because notice the 2 script links you provided has errors reported at the top. They could be the source of the problem.

to refer a file

That's the bit I don't exactly understand because I speak australian and to me would seem like to program one file to give another file directions to a location.
So say your file structure was the following:

public_html
    - folder1
    - common
    - folder3

Then to get from common the index.php in public_html you would use the following:

include("../index.php");

Is that what you are talking about or have I misunderstood again.

If you meen the window refreshes and is blank for like a second then you will need to change the way it submits. To do that, make the processor a seperate php file which has no html output except one javascript code. Then make that processor appear in a new window and when it is processed it will then close the new window automatically.

So in your form opening tag, change the <form tage to the following:

<form name="addstudents" method="post" onSubmit="return validate(this); " enctype="multipart/form-data" target='_new' action='processor.php'>

Then in processor.php, that is where the $_POST array will appear and where the form will be submitted. So at the bottom of processor.php place the following javascript:

<script>
window.opener='x';
window.close();
</script>

What do you meen by saing "Outside of the folder". Because the example you gave shows everything you need to know to include/require a file. The ../ goes up one directory then the common/ goes down to the common directory then opens the dblayer.php.
That simple. So is there anything I am missing?

Then if you do mysql_num_rows($b) it will return 0 and if you attempt to fetch an array from the query then mysql will throw an error. So the value of b is still the query execute command but it just won't execute and instead will throw an error.

Some code would be useful as I cannot see what needs to be changed. But if you are talking about iframes then you could use target='framename'

But if they are getting quicker, the more hashing/variables you introduced - it dosent make quite sense?

Well what I have pointed out is that with the php interperator, if you just input a variable then it will be slower than inputing a variable and string on each side. Below is an example

hash('whirlpool', 'asdf'.$hashzzz.'jklh');
//above will be faster than below
hash('whirlpool', $hashzzz);

I do not know why that is but it makes a big difference for some odd reason.

Try the following to destroy the session:

<?php
session_start()
include('includes/config.php');
$_SESSION = array();
if (isset($_COOKIE[session_name()])) {
    setcookie(session_name(), '', time()-42000, '/');
}
session_destroy();
?>

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"
   "http://www.w3.org/TR/html4/strict.dtd">
<html>
   <head>
      
   </HEAD>
   <BODY>
<?php
echo '<div class="nav">'.$navigation.'</div>';
?>
You have been logged out. 
</body>
</html>

I have just done a quick test on some of the different types of hash methods used in the article and the script is as follows:

<?
function truehash_a($hashzzz) {
return hash('crc32b',hash('whirlpool',$hashzzz));
}

function salthash_a($hashzzz) {
return hash('crc32b',hash('whirlpool','asdf'.$hashzzz.'jklh'));
}

function salthash_b($hashzzz) {
return hash('crc32b',hash('whirlpool',hash('crc32b',$hashzzz).$hashzzz.'jklh'));
}

function salthash_c($hashzzz) {
return hash('crc32b',hash('whirlpool',strlen($hashzzz).'18'.$hashzzz.'jklh'));
}

function salthash_d($hashzzz) {
$varzzz=4*strlen($hashzzz);
return hash('crc32b',hash('whirlpool','6'.$varzzz.'18'.$hashzzz.'jklh'));
}

function salthash_e($hashzzz) {
$sPossible = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ!@#$%^&*()-+=[]{}|';
$iPossibleCount = strlen( $sPossible );

$sSalt = '';
for( $i=0; $i<$iLength; $i++ )
    {
    $sSalt .= $sPossible[mt_rand(0, $iPossibleCount)];
    }

$sHash = hash('whirlpool', $hashzzz . $sSalt);
}


//=======================
$time_start = microtime(true);
truehash_a('absdefghijklmnopqrstuvwxyz');
$time_end = microtime(true);
$time = $time_end - $time_start;
$time=$time*1000;
$time=preg_replace('/([0-9]+)\./','0.00$1',$time);

echo "truehash_a() takes $time seconds to execute.<br>\n";
unset($time_start);
unset($time_end);
unset($time);


//- - - - - - - - - - - -
$time_start = microtime(true);
salthash_a('absdefghijklmnopqrstuvwxyz');
$time_end = microtime(true);
$time = $time_end - $time_start;
$time=$time*1000;
$time=preg_replace('/([0-9]+)\./','0.00$1',$time);

echo "salthash_a() takes $time seconds to execute.<br>\n";
unset($time_start);
unset($time_end);
unset($time);


//- - - - - - - - - - - -
$time_start = microtime(true);
salthash_b('absdefghijklmnopqrstuvwxyz');
$time_end = microtime(true);
$time = $time_end - $time_start;
$time=$time*1000;
$time=preg_replace('/([0-9]+)\./','0.00$1',$time);

echo "salthash_b() takes $time seconds to execute.<br>\n";
unset($time_start);
unset($time_end);
unset($time);


//- - - - - - - - - - - -
$time_start = microtime(true);
salthash_c('absdefghijklmnopqrstuvwxyz');
$time_end = microtime(true);
$time = $time_end - $time_start;
$time=$time*1000;
$time=preg_replace('/([0-9]+)\./','0.00$1',$time);

echo "salthash_c() takes $time seconds to execute.<br>\n";
unset($time_start);
unset($time_end);
unset($time);


//- - - - - - - - - - - -
$time_start = microtime(true);
salthash_d('absdefghijklmnopqrstuvwxyz');
$time_end = microtime(true);
$time = $time_end - $time_start;
$time=$time*1000;
$time=preg_replace('/([0-9]+)\./','0.00$1',$time);

echo …

The hash function is a function that allows you to utilize numerous kinds of algorithms. if you run print_r(hash_algos()); it will give you an array of the hash algorithms available on your system. Whirlpool is just one type of hash, like MD5, SHA1 and CRN32

A salt is basically adding a random string(s) to whatever you are encrypting or hashing:

<?php

$sSalt = '8*S&AsEc4qUs';
$sHash = hash( 'whirlpool', $sString . $sSalt );

echo $sHash;

so if the user decided to make their password "password" the hashed password would actually be for the value of "password8*S&AsEc4qUs" which would prevent someone from using a hash lookup database as it ensures that the users password has some form of complexity to it. This is assuming that someone was looking at the actual hash stored in the database and not trying to forge logins from a from.

I *believe* phpBB3 uses the random salt for every password option i mentioned in my previous post. It would be something like this:

<?php

function getSalt( $iLength = 10 )
{
	$sPossible = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ!@#$%^&*()-+=[]{}|';
	$iPossibleCount = strlen( $sPossible );
	
	$sSalt = '';
	for( $i=0; $i<$iLength; $i++ )
	{
		$sSalt .= $sPossible[mt_rand(0, $iPossibleCount)];
	}
	
	return $sSalt;
}

$sPassword  = 'password';
$sSalt = getSalt();

$sHash = hash('whirlpool', $sPassword . $sSalt );

//Store  $sHash and $sSalt in the database.

Although I imagine when you get into generating random salts, you are going to be just as comparable to double hashing the same string, in terms of cpu usage and at some point you start …

Woah ! Something like a keylogger ? Is it in php or java/vb.net ?

It is php and to dehash sha1 you can simply use the following scripts (page titles are on second line of each code box):

<?
//db.php
//configure below mysql variables
$dbhost='localhost';
$accountname='root';
$password='';
$database='my database';
?>

Above box will configure the database. The database needs a table with the name 'dehasher' and two columns each named 'word' and 'hash'. Also the above must be named db.php
Below is the search page (index.php)

<?
//index.php
if (isset($_GET['hash']))
	{
	set_time_limit(0);
	ini_set('memory_limit','512M');
	ini_set('mysql.cache_size','1073741824');
	include('db.php');
	mysql_connect($dbhost,$accountname,$password)
	or die("Could not connect to MySQL server");
	mysql_select_db($database) or die(mysql_error()."Could not select database");
	$rowid=0;
	$sqlresult=mysql_query("SELECT * FROM `dehasher`");
	while ($row = mysql_fetch_array($sqlresult))
		{
		if ($_GET['hash']==$row['hash'])
			{
			$word=$row['word'];
			$dehashed=1;
			break;
			}
		}
	mysql_free_result($sqlresult);
	unset($row);
	}
echo "Enter in the details below and click the dehash button to dehash the code.<br>
<b>Please note it may take a few minutes to dehash due to the size of the database</b><br>
<table border=1 cellpadding=5 cellspacing=0 bgcolor=#FFCCCC><tr><td>
<form style='padding:0; margin:0;'>
<table border=0 cellpadding=0 cellspacing=0 bgcolor=#FFCCCC><tr><td>
Insert hash below</td><td>Hash type</td></tr><tr><td valign=top>
<input type='text' name='hash' size=50> </td><td align=left><input type='submit' value='dehash'>
</td></tr></table>
</form></td></tr></table>";
if (!isset($dehashed)) { $dehashed=0; }
if ($dehashed==1)
    {
    echo "<p>.<p><font size=3>The hash was decrypted successfully.<br>Below are the details:<br>
    <table border=1 cellpadding=0 cellspacing=0><tr><td>
    <table border=0 cellpadding=4 cellspacing=0><tr>
    <td bgcolor=#EEBBBB><font face='arial'><b>Word</b></font></td><td bgcolor=#FFCCCC>".$word."</td></tr><tr>
    <td bgcolor=#D8CCCC><font face='arial'><b>Hash</b></font></td><td bgcolor=#E9DDDD>".$_GET['hash']."</td></tr></table>
    </td></tr></table>";
    } else if (isset($_GET['hash'])) {
    echo "<b>Your hash could not be decrypted.</b>";
    }
?>

And below is the database generator:

<?
//generator.php
set_time_limit(0); …

I couldn't exactly understand that description but the title is straight forward. So if you are meaning to have to pages but with the same contents just make the second page contain only the following:

<?
include('firstpage.php');
?>

or even

<?
echo file_get_contents("http://www.mysite.com/firstpage.php");
?>

I don't think there is any decrypting script/function which you can download. They have mentioned how there can be a collision between 2 different strings giving out the same hash ! I tried to read some more about the same, but, everything is going right over my head :(

Although there may be no dehasher on the market that doesn't stop you from making one. But it does require about 2 petabytes of hardrive space (2048TB or 2097152GB). I have created a dehasher that simply records every key combination and its hash into a mysql database then when dehashing, just simply do a reverse lookup by searching for the recorded hash and original word when the entry was generated. Just let me know if you would like the script.

I would suggest reading a few books and the tizag.com/phpT/ website has some basic tutorials. I would suggest getting use to the if statement, variables, the echo statement, and $_POST + $_GET arrays. Perhaps you could for your first project create a html web form that posts the data to php where php writes the data to a text file. Or maybe even have a basic webpage system by having multiple pages in the one php file. There are all sorts of things you can do so start with something basic and work your way up.

I think I didnt ask my second question correctly.

The terms 'crc32b' and 'whirlpool' are just random variables selected or actual hash functions? could I have used 'apple123' and 'banana123' instead?

Well the terms 'crc32b' and 'whirlpool' are what tells the computer which type of hash to use, so no you can't change those unless you want to use a different type of hash. It is the second field contains the string to hash.

The returned hash of my truehash function is 8 characters long and yes any string or number can be hashed through this function.

Due to the mix of the long and short encryption you believe this is the best method of encryptions?

The above correct? Thanks

Yes that is correct.

Also if you want to learn the regex syntax the good old way then you can find the official documentation of the syntax at http://au2.php.net/manual/en/regexp.reference.php
You will find that the easiest way to learn is by starting with simple regex commands such as modifying existing ones then working you way up the scale untill you can memorize what everything does.

Also as for the regex validation you have requestion, the following may do the job:

<?
//name
if (pregmatch('/((*[ ]*|*\-\-*)?[ ](*[ ]*|*\-\-*)|(*[ ]*|*\-\-*)[ ](*[ ]*|*\-\-*)?)/i',$data)) {
//error found as name contains double dash or more than one space
}

//phone
if (pregmatch('/[^0-9]/i',$data)) {
//error found as it contains non-number characters
}
?>

---------
I thought I would share a joke from phpfreaks forums:
If preg was a women I would the pattern and she would replace me with $1.
Thats preg_replace right.

I just love this question. In my opinion, it is best to use more than one hash so that it is harder to crack. And so that those online database chrackers can't store your hash, include the whirlpool hash. So below is a function I have made for a much better hash:

function truehash($hashzzz) {
return hash('crc32b',hash('whirlpool',$hashzzz));
}

The function above will be really hard to crack as it uses oppisite types of output. One of the advantages with the function above is that crc32b is short (less data recorded) and whirlpool is long (containing more data). And since a whirlpool hash is 128 characters long, I doubt anybody will have a giant database of the whirlpool conversions. Of course you could use all of the hashes in the function but may make take a bit of cpu.
Any other comments?

while($row=mysql_fetch_array($quer)) {
echo $row[uniqueid].") ".$row[stem]."<br>";
$qid= $row[uniqueid];
$sql1="select * from scale where uniqueid=$qid ;";
$quer1=mysql_query($sql1);
while($row1=mysql_fetch_array($quer1))
{

?>
<input type="<?php echo $row[type]; ?>" name="<?php echo $row[questionID]; ?>" value="<?php echo $row1[label]; ?>"> 
<?php echo $row1[label]; ?> <br> 
<?php

}
echo "<hr>"; 
}

I am unsure if this is solved but to add to the info, if no rows are found the same error will be reported. To solve this, replace the code in the quote with the following:

if (mysql_num_rows($quer)>0) {
while($row=mysql_fetch_array($quer)) {
echo $row[uniqueid].") ".$row[stem]."<br>";
$qid= $row[uniqueid];
$sql1="select * from scale where uniqueid=$qid ;";
$quer1=mysql_query($sql1);
while($row1=mysql_fetch_array($quer1))
{

?>
<input type="<?php echo $row[type]; ?>" name="<?php echo $row[questionID]; ?>" value="<?php echo $row1[label]; ?>"> 
<?php echo $row1[label]; ?> <br> 
<?php

}
echo "<hr>"; 
}
}

The following line doesn't appear to follow the correct syntax:

$result = mysql_query('SELECT * from list WHERE title LIKE '%$search%' LIMIT ' . $offset . ',' . $limit);

Try replacing it with the following:

$result = mysql_query("SELECT * from `list` WHERE `title` LIKE '%$search%' LIMIT '$offset','$limit'") or die(mysql_error());

I am unsure weather the above replacement will work but the proper error reporting at the end should give more info.

http://localhost/careers.php?error=Name%20is%20a%20required%20field%20please%20complete%20and%20submit%20it%20again.|Email%20is%20a%20required%20field%20please%20complete%20and%20submit%20it%20again.

I understand that the url would look ugly and that is why sessions or even cookies would be a far better alternative but what I posted is just what shadiadiph asked for.

Do you meen something like sessions. Sessions will allow you to pass variables between pages and are very simple to use. Simple place at the very top of your pages that use sessions the following code:

<?
session_start();

Then below is an example of how to use the session array:

<?
session_start();

$_SESSION['variable_name']='apple';
$_SESSION['testing']='orange'.
?>
<a href='page2.php'>Page 2</a>

Then page2.php

<?
session_start();

echo $_SESSION['variable_name'];
echo " is different to a ";
echo $_SESSION['testing'];
?>

No it wont! cwarn23 is appending a "|" after every error message. So, if there are 2 errors, the query string would look like,

Name is a required field please complete and submit it again.| Please fill in a correct email address|

I personally don't prefer doing it this way since the query string look quite long and bad. Maybe using a session array variable is a better choice.
Whenever there is an error, add it to a variable, then make that a session variable. After displaying respective error message, unset the session variable.

Take a closer look at my script. Line 25. In my post I solved a way around the last appended | symbol by using the following line:

$error=preg_replace('/(.*)\|/i','$1',$error);

That preg_replace function makes the string look like

Name is a required field please complete and submit it again.| Please fill in a correct email address

So I see no reason why I will not convert to a proper array with the way I wrote the script.
Also if you think the url just looks ugly then simply use sessions.

Why not make the following your code:

$name  = strtolower($_POST["name"]);
$name = stripslashes(ucwords($name));
$email = strtolower($_POST["email"]);

$emailx ="/^[a-z0-9]+([_.-][a-z0-9]+)*@([a-z0-9]+([.-][a-z0-9]+)*)+\\.[a-z]{2,4}$/";
$alphaspace ="/^[a-zA-Z]+(([\'\,\.\- ][a-zA-Z ])?[a-zA-Z]*)*$/";

if ($name=="") 
{
$error. ="Name is a required field please complete and submit it again.|";
}
elseif (preg_match($alphaspace, $name) ==false)
{                    
$error. ="Please fill in a correct value for name numbers are not allowed.|";
}
if ($email=="") 
{
$error. ="Email is a required field please complete and submit it again.|";
}
elseif (preg_match($emailx, $email) ==false) 
{
$error. ="Please fill in a correct email address|";
}
if (strlen($error)>0) {
$error=preg_replace('/(.*)\|/i','$1',$error);
}
header ("location: ../careers.php?error=".$error);
exit;

And to retrieve the array

<?
$error=explode('|',$_GET['error']);
var_dump($error);
?>

If you are talking about working out the downtime of your server then I would suggest setting up 2 crone jobs. One crone job occurs every minute and the other once a day all year round. The job that occures every minute will append to a mysql database that the server is still running. Then the job that occures once a day will use that data to spot any gaps of when the server did not append anything to the mysql database which will then submit the daily report to another database while clearing the entries in the database that is appended to every minute. But you will need to be carefull when setting up this sort of crone job so that you don't slow down the server. That bit of theory should explain.

With that extra info, now I see why that second error occurs. The first error may be caused by insufficient permissions like nav33n said then when the session header passes through the default settings, it then causes the second error because the browser output is the error message. And it is that brouser output that causes the header error for the second error message.

So basically if you can solve the first error message then the second will solve itself. Also, to add to the info nav33n has presented, depending on your host, you may be able to find the tmp directory through your ftp/upload client/program. Generally it is located at the base of what you can browse through your ftp client. So it is not inside the public_html folder but may be in the same parent directory. Then as I have read about some hosts, they do not allow full permissions. This is so that the directory does not run as anonyms and instead runs as the server. To explain in more detail, some host only allow a maximum chmod of 755. And from an article I have read, servers with phpsuexec installed will have that maximum chmod. In case you didn't know, the chmod is the overall number of the permissions you have assigned to a file or directory. So be aware of that possible limitation.

Hope it explains.

Try replacing it with the following:

if (mail ( "apcorpinc123@gmail.com", "From: ".$email, "Feedback Form Results", $message)) {

If that does not work then post lines 14 to 20 as one of the surrounding lines could be making a difference.

It is because you have output something to the browser before session_start(). Below is an example of what to do:

<? session_start(); ?>
<html>
More browser output.
<?
//now php code
?>

Below is an example of what not to do:

<html>
<? session_start();
//php code
?>

As you can see, in the correct example, the first 2 characters/letters in the text file is the php opening bracket <? and is immediately followed by session_start(); However session_start() may also be on line 2. That is the easiest way for a session newbie to avoid the error as headers need to be sent before browser output and session_start() is a header.

so I tried removing the .htacess file, actually renaming it not.htaccess,

this made no difference on the errors. I am at a loss. I may just have to revert back to an old version and give up on the sort functionality. I find support for OSCMAX to be not very good. I don't understand why the backend admin tool displays everything correctly, yet the actual site breaks.??

[Mon Feb 23 09:30:30 2009] [error] [client 66.177.129.191] File does not exist: /home/sportsti/public_html/404.shtml
[Mon Feb 23 09:30:30 2009] [error] [client 66.177.129.191] File does not exist: /home/sportsti/public_html/swfobject.js
[Mon Feb 23 09:30:28 2009] [error] [client 66.177.129.191] File does not exist: /home/sportsti/public_html/404.shtml
[Mon Feb 23 09:30:28 2009] [error] [client 66.177.129.191] File does not exist: /home/sportsti/public_html/swfobject.js
[Mon Feb 23 09:30:25 2009] [error] [client 66.177.129.191] File does not exist: /home/sportsti/public_html/404.shtml
[Mon Feb 23 09:30:25 2009] [error] [client 66.177.129.191] File does not exist: /home/sportsti/public_html/swfobject.js
[Mon Feb 23 09:30:18 2009] [error] [client 66.177.129.191] File does not exist: /home/sportsti/public_html/404.shtml
[Mon Feb 23 09:30:18 2009] [error] [client 66.177.129.191] File does not exist: /home/sportsti/public_html/swfobject.js
[Mon Feb 23 02:30:45 2009] [error] [client 65.55.209.111] File does not exist: /home/sportsti/public_html/404.shtml

From all the topics I have posted on this one seems the weirdest. Because from the previous posts all the other possibilities have been eliminated saying that it is your script. And yet there is a custom 404 error page without the help of a .htaccess file. However the custom 404 error page cannot be found so it too is then redirect to a different error page. …

Guys, where did you go? :)

Here I am!
So the .htaccess file you posted is located at /home/sportsti/public_html/.htaccess or in other words is in the base of your public_html web directory?
Seems kinda odd that it redirects to a 404.shtml error page without that entry in the .htaccess file. Unless of course that 404.shtml file is located within the security policies which are included into the .htaccess file.

So what I can tell from your .htaccess file is that each time a user tries to retrieve a picture, javascript file etc, the server denies the user from accessing them due to the .htaccess file security policies. And that is what appears to be appending to your error log file. It appears the .htaccess file only contains data in relation to the security policies so if you tried to remove the .htaccess file then those errors append to the log. However if the security policies are still needed though, you will probably need to modify your .htaccess file to allow the browser to download the pictures, javascript files, robots.txt file etc.

I'm not that sure on how to make the correct modifications to your .htaccess file you might want to experiment with the sections that say deny from all and allow from all and order deny,allow Those sections are what control the security policies and are currently too strict for the browser to even just download a picture.

At least that is just from my …

Just simply add the html headers to the headers field. Below is a basic example:

// HTML headers
$headers  = 'MIME-Version: 1.0' . "\r\n";
$headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";
//now to send it
mail($to, $subject, $message, $headers);

Hope it answers your question.

Hmm...Just googled it to double check and it said that split uses regex where as explode uses a string.

If explode uses a string and split uses regex then what does preg_split use? What is the difference between split and preg_split? Just curious.

onclick=\"checkform($iMode, $iLevel, 1)\"

That section of code will not work if you do not have javascript enabled. So make sure javascript is also enabled in Firefox and Crome

What does foreach($array as $value) test for? Or is it actually performing something similar to $value = $array? Thanks for helping me clear this up!

Below is an example that will display all of the arrays and their values in the php format:

<?
$var['one']='aaa';
$var['two']='bbb';
$var['three']='ccc';
$var['four']='ddd';
$var['five']='eee';
foreach ($var AS $key => $value)
    {
    echo '$var[\''.$key."']=".$value.";<br>";
    }
?>

So what foreach basically does is loop through the array one array value at a time and assign the array value the the variable $value (in the example above) and the key (between the [] brackets) to the $key variable as shown in my example. Then those variables can be used in the loop while looping each value+key one at a time.

Judging by the errors it seems it is a .htaccess problem. Because it looks like the htaccess file creates a virtual url of which the real path does not exist then it is directed to the 404 error page which does not exist. So I am 89% sure it is your .htacccess file if there is one. So try posting your .htaccess file and your real file structure and I shall help.

This doesn't seem very safe...

//adjust mysql query accordingly 
$result=mysql_query("SELECT * FROM `users` WHERE `username`='".mysql_real_escape_string($_POST['username'])."' AND `password`='".mysql_real_escape_string($_POST['password'])."'");

You need to use mysql_real_escape_string() to stop injection attacks.
http://www.tizag.com/mysqlTutorial/mysql-php-sql-injection.php

I guess I should have made a few security modifications to the code by now because it was a long time ago when I wrote that script and was new to mysql at the time. But yes, some security modifications may need to be made as it is a very basic script.

Below is a standard template I have made.

login.php

<? session_start();
$dbhost='localhost'; //database host (usually localhost)
$accountname='root'; //database username.
$password=''; //database password
$database='my_database'; //database name - not table
//configure the above variables.
 
 
$linkID = @mysql_connect($dbhost,$accountname,$password)
or die("Could not connect to MySQL server");
@mysql_select_db($database) or die("Could not select database");
 
//adjust mysql query accordingly 
$result=mysql_query("SELECT * FROM `users` WHERE `username`='".$_POST['username']."' AND `password`='".$_POST['password']."'");
 
if (isset($_POST['username']) && mysql_num_rows($result)==1)
    {
    $row=mysql_fetch_array($result);
    $_SESSION['username111']==$row['username'];
    unset($row);
    header('Location: index.php');
    //there should be no browser output before this line.
    }
?>
<form method='post'>
<input type='text' value='Admin' name='username'><br>
<input type='text' value='password' name='password'>
<input type='submit' value='submit'>
</form>

The above will redirect the user to index.php on login.

index.php

<?
session_start();
//below is how to check if a user is logged in.
if (!isset($_SESSION['username111']))
    {
    echo "You are not logged in.";
    //if not logged in this will occure.
    } else {
    //if logged in this will occure.
    echo "This is password protected content ".$_SESSION['username111'];
    }
?>

Hope that answers it.

When you do a phpinfo, should there be a major section for MySQL?

Answer: Yes there should be and if that section does not appear then you probably have edit the wrong php.ini file or the changes were not done properly as the phpinfo() function gets most of its info from the php.ini file.

Note: Sorry for the double post but I couldn't find the edit button.