Posts by cwarn23

Well I just don't see how it is possible to use a htaccess file to hide the url info unless you have a dedicated virtual file for each possible input variable.

Then if you do mysql_num_rows($b) it will return 0 and if you attempt to fetch an array from the query then mysql will throw an error. So the value of b is still the query execute command but it just won't execute and instead will throw an error.

But if they are getting quicker, the more hashing/variables you introduced - it dosent make quite sense?

Well what I have pointed out is that with the php interperator, if you just input a variable then it will be slower than inputing a variable and string on each side. Below is an example

hash('whirlpool', 'asdf'.$hashzzz.'jklh');
//above will be faster than below
hash('whirlpool', $hashzzz);

I do not know why that is but it makes a big difference for some odd reason.

Try the following to destroy the session:

<?php
session_start()
include('includes/config.php');
$_SESSION = array();
if (isset($_COOKIE[session_name()])) {
    setcookie(session_name(), '', time()-42000, '/');
}
session_destroy();
?>

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"
   "http://www.w3.org/TR/html4/strict.dtd">
<html>
   <head>
      
   </HEAD>
   <BODY>
<?php
echo '<div class="nav">'.$navigation.'</div>';
?>
You have been logged out. 
</body>
</html>

I have just done a quick test on some of the different types of hash methods used in the article and the script is as follows:

<?
function truehash_a($hashzzz) {
return hash('crc32b',hash('whirlpool',$hashzzz));
}

function salthash_a($hashzzz) {
return hash('crc32b',hash('whirlpool','asdf'.$hashzzz.'jklh'));
}

function salthash_b($hashzzz) {
return hash('crc32b',hash('whirlpool',hash('crc32b',$hashzzz).$hashzzz.'jklh'));
}

function salthash_c($hashzzz) {
return hash('crc32b',hash('whirlpool',strlen($hashzzz).'18'.$hashzzz.'jklh'));
}

function salthash_d($hashzzz) {
$varzzz=4*strlen($hashzzz);
return hash('crc32b',hash('whirlpool','6'.$varzzz.'18'.$hashzzz.'jklh'));
}

function salthash_e($hashzzz) {
$sPossible = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ!@#$%^&*()-+=[]{}|';
$iPossibleCount = strlen( $sPossible );

$sSalt = '';
for( $i=0; $i<$iLength; $i++ )
    {
    $sSalt .= $sPossible[mt_rand(0, $iPossibleCount)];
    }

$sHash = hash('whirlpool', $hashzzz . $sSalt);
}


//=======================
$time_start = microtime(true);
truehash_a('absdefghijklmnopqrstuvwxyz');
$time_end = microtime(true);
$time = $time_end - $time_start;
$time=$time*1000;
$time=preg_replace('/([0-9]+)\./','0.00$1',$time);

echo "truehash_a() takes $time seconds to execute.<br>\n";
unset($time_start);
unset($time_end);
unset($time);


//- - - - - - - - - - - -
$time_start = microtime(true);
salthash_a('absdefghijklmnopqrstuvwxyz');
$time_end = microtime(true);
$time = $time_end - $time_start;
$time=$time*1000;
$time=preg_replace('/([0-9]+)\./','0.00$1',$time);

echo "salthash_a() takes $time seconds to execute.<br>\n";
unset($time_start);
unset($time_end);
unset($time);


//- - - - - - - - - - - -
$time_start = microtime(true);
salthash_b('absdefghijklmnopqrstuvwxyz');
$time_end = microtime(true);
$time = $time_end - $time_start;
$time=$time*1000;
$time=preg_replace('/([0-9]+)\./','0.00$1',$time);

echo "salthash_b() takes $time seconds to execute.<br>\n";
unset($time_start);
unset($time_end);
unset($time);


//- - - - - - - - - - - -
$time_start = microtime(true);
salthash_c('absdefghijklmnopqrstuvwxyz');
$time_end = microtime(true);
$time = $time_end - $time_start;
$time=$time*1000;
$time=preg_replace('/([0-9]+)\./','0.00$1',$time);

echo "salthash_c() takes $time seconds to execute.<br>\n";
unset($time_start);
unset($time_end);
unset($time);


//- - - - - - - - - - - -
$time_start = microtime(true);
salthash_d('absdefghijklmnopqrstuvwxyz');
$time_end = microtime(true);
$time = $time_end - $time_start;
$time=$time*1000;
$time=preg_replace('/([0-9]+)\./','0.00$1',$time);

echo …

The hash function is a function that allows you to utilize numerous kinds of algorithms. if you run print_r(hash_algos()); it will give you an array of the hash algorithms available on your system. Whirlpool is just one type of hash, like MD5, SHA1 and CRN32

A salt is basically adding a random string(s) to whatever you are encrypting or hashing:

<?php

$sSalt = '8*S&AsEc4qUs';
$sHash = hash( 'whirlpool', $sString . $sSalt );

echo $sHash;

so if the user decided to make their password "password" the hashed password would actually be for the value of "password8*S&AsEc4qUs" which would prevent someone from using a hash lookup database as it ensures that the users password has some form of complexity to it. This is assuming that someone was looking at the actual hash stored in the database and not trying to forge logins from a from.

I *believe* phpBB3 uses the random salt for every password option i mentioned in my previous post. It would be something like this:

<?php

function getSalt( $iLength = 10 )
{
	$sPossible = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ!@#$%^&*()-+=[]{}|';
	$iPossibleCount = strlen( $sPossible );
	
	$sSalt = '';
	for( $i=0; $i<$iLength; $i++ )
	{
		$sSalt .= $sPossible[mt_rand(0, $iPossibleCount)];
	}
	
	return $sSalt;
}

$sPassword  = 'password';
$sSalt = getSalt();

$sHash = hash('whirlpool', $sPassword . $sSalt );

//Store  $sHash and $sSalt in the database.

Although I imagine when you get into generating random salts, you are going to be just as comparable to double hashing the same string, in terms of cpu usage and at some point you start …

Woah ! Something like a keylogger ? Is it in php or java/vb.net ?

It is php and to dehash sha1 you can simply use the following scripts (page titles are on second line of each code box):

<?
//db.php
//configure below mysql variables
$dbhost='localhost';
$accountname='root';
$password='';
$database='my database';
?>

Above box will configure the database. The database needs a table with the name 'dehasher' and two columns each named 'word' and 'hash'. Also the above must be named db.php
Below is the search page (index.php)

<?
//index.php
if (isset($_GET['hash']))
	{
	set_time_limit(0);
	ini_set('memory_limit','512M');
	ini_set('mysql.cache_size','1073741824');
	include('db.php');
	mysql_connect($dbhost,$accountname,$password)
	or die("Could not connect to MySQL server");
	mysql_select_db($database) or die(mysql_error()."Could not select database");
	$rowid=0;
	$sqlresult=mysql_query("SELECT * FROM `dehasher`");
	while ($row = mysql_fetch_array($sqlresult))
		{
		if ($_GET['hash']==$row['hash'])
			{
			$word=$row['word'];
			$dehashed=1;
			break;
			}
		}
	mysql_free_result($sqlresult);
	unset($row);
	}
echo "Enter in the details below and click the dehash button to dehash the code.<br>
<b>Please note it may take a few minutes to dehash due to the size of the database</b><br>
<table border=1 cellpadding=5 cellspacing=0 bgcolor=#FFCCCC><tr><td>
<form style='padding:0; margin:0;'>
<table border=0 cellpadding=0 cellspacing=0 bgcolor=#FFCCCC><tr><td>
Insert hash below</td><td>Hash type</td></tr><tr><td valign=top>
<input type='text' name='hash' size=50> </td><td align=left><input type='submit' value='dehash'>
</td></tr></table>
</form></td></tr></table>";
if (!isset($dehashed)) { $dehashed=0; }
if ($dehashed==1)
    {
    echo "<p>.<p><font size=3>The hash was decrypted successfully.<br>Below are the details:<br>
    <table border=1 cellpadding=0 cellspacing=0><tr><td>
    <table border=0 cellpadding=4 cellspacing=0><tr>
    <td bgcolor=#EEBBBB><font face='arial'><b>Word</b></font></td><td bgcolor=#FFCCCC>".$word."</td></tr><tr>
    <td bgcolor=#D8CCCC><font face='arial'><b>Hash</b></font></td><td bgcolor=#E9DDDD>".$_GET['hash']."</td></tr></table>
    </td></tr></table>";
    } else if (isset($_GET['hash'])) {
    echo "<b>Your hash could not be decrypted.</b>";
    }
?>

And below is the database generator:

<?
//generator.php
set_time_limit(0); …

I couldn't exactly understand that description but the title is straight forward. So if you are meaning to have to pages but with the same contents just make the second page contain only the following:

<?
include('firstpage.php');
?>

or even

<?
echo file_get_contents("http://www.mysite.com/firstpage.php");
?>

I don't think there is any decrypting script/function which you can download. They have mentioned how there can be a collision between 2 different strings giving out the same hash ! I tried to read some more about the same, but, everything is going right over my head :(

Although there may be no dehasher on the market that doesn't stop you from making one. But it does require about 2 petabytes of hardrive space (2048TB or 2097152GB). I have created a dehasher that simply records every key combination and its hash into a mysql database then when dehashing, just simply do a reverse lookup by searching for the recorded hash and original word when the entry was generated. Just let me know if you would like the script.

I think I didnt ask my second question correctly.

The terms 'crc32b' and 'whirlpool' are just random variables selected or actual hash functions? could I have used 'apple123' and 'banana123' instead?

Well the terms 'crc32b' and 'whirlpool' are what tells the computer which type of hash to use, so no you can't change those unless you want to use a different type of hash. It is the second field contains the string to hash.

The returned hash of my truehash function is 8 characters long and yes any string or number can be hashed through this function.

Due to the mix of the long and short encryption you believe this is the best method of encryptions?

The above correct? Thanks

Yes that is correct.

I just love this question. In my opinion, it is best to use more than one hash so that it is harder to crack. And so that those online database chrackers can't store your hash, include the whirlpool hash. So below is a function I have made for a much better hash:

function truehash($hashzzz) {
return hash('crc32b',hash('whirlpool',$hashzzz));
}

The function above will be really hard to crack as it uses oppisite types of output. One of the advantages with the function above is that crc32b is short (less data recorded) and whirlpool is long (containing more data). And since a whirlpool hash is 128 characters long, I doubt anybody will have a giant database of the whirlpool conversions. Of course you could use all of the hashes in the function but may make take a bit of cpu.
Any other comments?

http://localhost/careers.php?error=Name%20is%20a%20required%20field%20please%20complete%20and%20submit%20it%20again.|Email%20is%20a%20required%20field%20please%20complete%20and%20submit%20it%20again.

I understand that the url would look ugly and that is why sessions or even cookies would be a far better alternative but what I posted is just what shadiadiph asked for.

Do you meen something like sessions. Sessions will allow you to pass variables between pages and are very simple to use. Simple place at the very top of your pages that use sessions the following code:

<?
session_start();

Then below is an example of how to use the session array:

<?
session_start();

$_SESSION['variable_name']='apple';
$_SESSION['testing']='orange'.
?>
<a href='page2.php'>Page 2</a>

Then page2.php

<?
session_start();

echo $_SESSION['variable_name'];
echo " is different to a ";
echo $_SESSION['testing'];
?>

No it wont! cwarn23 is appending a "|" after every error message. So, if there are 2 errors, the query string would look like,

Name is a required field please complete and submit it again.| Please fill in a correct email address|

I personally don't prefer doing it this way since the query string look quite long and bad. Maybe using a session array variable is a better choice.
Whenever there is an error, add it to a variable, then make that a session variable. After displaying respective error message, unset the session variable.

Take a closer look at my script. Line 25. In my post I solved a way around the last appended | symbol by using the following line:

$error=preg_replace('/(.*)\|/i','$1',$error);

That preg_replace function makes the string look like

Name is a required field please complete and submit it again.| Please fill in a correct email address

So I see no reason why I will not convert to a proper array with the way I wrote the script.
Also if you think the url just looks ugly then simply use sessions.

Why not make the following your code:

$name  = strtolower($_POST["name"]);
$name = stripslashes(ucwords($name));
$email = strtolower($_POST["email"]);

$emailx ="/^[a-z0-9]+([_.-][a-z0-9]+)*@([a-z0-9]+([.-][a-z0-9]+)*)+\\.[a-z]{2,4}$/";
$alphaspace ="/^[a-zA-Z]+(([\'\,\.\- ][a-zA-Z ])?[a-zA-Z]*)*$/";

if ($name=="") 
{
$error. ="Name is a required field please complete and submit it again.|";
}
elseif (preg_match($alphaspace, $name) ==false)
{                    
$error. ="Please fill in a correct value for name numbers are not allowed.|";
}
if ($email=="") 
{
$error. ="Email is a required field please complete and submit it again.|";
}
elseif (preg_match($emailx, $email) ==false) 
{
$error. ="Please fill in a correct email address|";
}
if (strlen($error)>0) {
$error=preg_replace('/(.*)\|/i','$1',$error);
}
header ("location: ../careers.php?error=".$error);
exit;

And to retrieve the array

<?
$error=explode('|',$_GET['error']);
var_dump($error);
?>

What does foreach($array as $value) test for? Or is it actually performing something similar to $value = $array? Thanks for helping me clear this up!

Below is an example that will display all of the arrays and their values in the php format:

<?
$var['one']='aaa';
$var['two']='bbb';
$var['three']='ccc';
$var['four']='ddd';
$var['five']='eee';
foreach ($var AS $key => $value)
    {
    echo '$var[\''.$key."']=".$value.";<br>";
    }
?>

So what foreach basically does is loop through the array one array value at a time and assign the array value the the variable $value (in the example above) and the key (between the [] brackets) to the $key variable as shown in my example. Then those variables can be used in the loop while looping each value+key one at a time.

When you do a phpinfo, should there be a major section for MySQL?

Answer: Yes there should be and if that section does not appear then you probably have edit the wrong php.ini file or the changes were not done properly as the phpinfo() function gets most of its info from the php.ini file.

Note: Sorry for the double post but I couldn't find the edit button.

Thanks cwarn23, I have already checked that.
WBR

Just a note that before I forgot to type, a localhost server can have around 3 php.ini files while only one of them are active. So that is why I recommend using the phpinfo() function to find out which php.ini file is the real one. And could you also check the phpinfo() function to see if the mysql module (not mysqld) has been loaded and is on the phpinfo() list.

With this kind of error it is common that a module in your php.ini file is commented. So in your php.ini file, uncomment the line that says:
;extension=php_mysql.dll
To uncomment the line simply remove the ; symbol at the beginning of the line. Also the php.ini file can be found with the phpinfo() function. Also be sure to make a copy of your php.ini file before making any changes.

Try making the following your script:

<?php
session_start();

if((isset($_POST['username']) && $_POST['username']!="") && (isset($_POST['password']) && $_POST['password']!="")){
$error=''; 
$conn = mysql_connect('localhost','compkcom_care','ptk')or die('Could not connect to MySQL database. ' . mysql_error());
mysql_select_db(SQL_DB,$conn);
$query = "SELECT COUNT(username) AS record FROM admin WHERE username ='" . $_POST['username']."' AND password = '".$_POST['password']."'";
$result = mysql_query($query);
if (mysql_num_rows($result)>0) {
    $row = mysql_fetch_array($result);
    }
if($row['record']==1){
$_SESSION['user_logged'] = $_POST['username'];
$_SESSION['user_password'] = $_POST['password'];
header("location:welcome.php");
}
else{
$error .="Please+Enter+Correct+Username+and+password%21%0D%0A";
header("location:index.php?&error=".$error);
}
}
else{
$error .="Please+Enter+the+Username+and+password+First%21%0D%0A";
header("location:index.php?&error=".$error);
}
?>

Try placing the following at the top of your php file(s) that process the uploads:

ini_set ('upload_max_filesize','10M');

That should allow the server to accept 10 Megabyte files and is the most common solution for this problem from previous posts of simular/same problems on these forums. Let me know if you need more info.

Glad to see you didn't back onto a 3 year old post :icon_biggrin:

I have looked up a few functions in the manual and although I can't find GetValueSQLString you could probably simplify the equation to the following:

$query_recpayment="SELECT * FROM `paymentsummary` WHERE `username`='".mysql_real_escape_string($_SESSION['MM_Username'])."' AND `foryear`='".mysql_real_escape_string($_SESSION['MM_yearlynow'])."' AND `forlevel`='".mysql_real_escape_string($_SESSION['MM_yearlevels'])."'";

Hopefully that mysql query will do the trick. Also note I used an apostrophie surrounding the column names and not comas. Very important to note the difference. The Apostrophie key is found to the left of the number 1 key on the keyboard.

The reason why I prefer to use apostrophies is when sharing open source code like on these forums, there are some servers that are really picky like one I use to be on which force you to use the apostrophie. So the reason why my preference is to use the apostrophie is to garantee compatability in those rare situations like I have been in before.

Try resetting the variable $query_recpayment to the following:

$query_recpayment = "SELECT `amountpaid`, `username`, `amountpaid` FROM `paymentsummary` WHERE `username` = '%s' AND `foryear` = '%s' AND `forlevel` ='%s'";

As you can see the end part had a long php syntax error since a variable cannot assign those extra values in the format of which you did. Also I believe there was a mysql syntax error where it says `amountpaid`. Also in addition, I added the appropriate quotes to solve any escaping string errors (mysql errors). If you need the extra values that were added at the end then please explain what they were for so I can help place them appropriately.

Well for the phpbb cms I will have a look for any hacks to do this but codewise it is the following line which needs to be configured weather you can do it though the config file or if a hack is needed:

mysql_connect('localhost', 'mysql_user', 'mysql_password');
//above needs to be changed to
mysql_connect('website.com', 'mysql_user', 'mysql_password');

So I will check out phpbb for you as it may be possible to do it through the config file.
---------------
Edit:
I just tried installing phpbb3 from a remote database and it appears what you need to do is first install phpbb3 on the server which supports mysql and at the same time specify the domain instead of localhost as the connection address. Then after installation, confirm in the config.php file that mysql is set to load from the remote server (currently the current server) and is not set to localhost. After that, you may transfer all the files to the other server that hasn't got databases and should read the remote server as it was specified during installation. The reason why the files need to be installed on the server with mysql is because of a validator that checks what types of databases are available.

Thanks for that.
If I've dry run your code properly, a problem I can see is that by appending everything after element 3 onto element 3, if there was a location, it will also get appended onto element 3.
Then when you explode by ":" it would be element 2, which would not be picked up by the results.

I had hoped the code could be kept simple by using a regular expression as Details is an unknown input and could potentially contain anything.

Thanks for your replies.
Ralf

If you are saying that you want another array or field then the following should allow for the location array providing it remains called "location:" (without the quotes)

<?
$string =  'Name: Bob, Age: 20, Details: Likes chocolate, cake and fishfingers, Location: New York';
  $properties = explode(",", $string);
  $result = array();
  $joinid=3;
  $join='details';
  while(isset($properties[$joinid])) {
  if (!preg_match('/[ ]location\:/i',$properties[$joinid]) && $join=='details') {
      $properties[2].=','.$properties[$joinid];
      unset($properties[$joinid]);
      } else {
      if ($join=='details') {
          $join='location';
          $properties[3].=$properties[$joinid];
          } else {
          $properties[3].=','.$properties[$joinid];
          }
      unset($properties[$joinid]); 
      }
  $joinid+=1;
  }
  foreach($properties as $property) {
    $split = explode(":", $property);
    $result[$split[0]] = $split[1];
  }
  echo "<xmp>";
  print_r($result);
  echo "</xmp>";
?>

Hope that helps answer it.

That's a good solution, thanks!
The only problem is if there were commas in the details section, eg:
"Likes chocolate, cake and fishfingers". Any ideas?

Also, out of interest, is explode more efficient than regular expressions? The examples I gave were only a small section of a larger page.

Thanks again,
Ralf

Well the following code should solve that for you:

<?
$string =  'Name: Bob, Age: 20, Details: Likes chocolate, cake and fishfingers';
  $properties = explode(",", $string);
  $result = array();
  $joinid=3;
  while(isset($properties[$joinid])) {
  $properties[2].=','.$properties[$joinid];
  unset($properties[$joinid]);
  $joinid+=1;
  }
  foreach($properties as $property) {
    $split = explode(":", $property);
    $result[$split[0]] = $split[1];
  }
  print_r($result);
?>

Below are 2 options to help solve the problem. Both do the same thing but with different amounts of complexety. My preference is the second code box. And so they are:

$enamysqldb=mysql_connect('localhost','username','password');
mysql_select_db($database_enamysqldb, $enamysqldb);

$coursesubject=mysql_real_escape_string($row_reclog['tablename']);
$query_reclevelsub = "SELECT * FROM $coursesubject";
$reclevelsub = mysql_query($query_reclevelsub,$enamysqldb) or die(mysql_error());

== and ==

mysql_connect('localhost','username','password');
mysql_select_db($database_enamysqldb);

$coursesubject=mysql_real_escape_string($row_reclog['tablename']);
$query_reclevelsub = "SELECT * FROM `".$coursesubject."`";
$reclevelsub = mysql_query($query_reclevelsub) or die(mysql_error());

Remember to replace the words username and password with your real mysql username and your real mysql password.

I have made a script in the past that can store url variables as sessions but I don't know how to SEO (Search Engine Optimization) will go on the header redirect. But anyway, this is how my script works. First, place at the top of all files you want to recieve the hidden values the following code:

<? session_start(); 

if (isset($_SESSION['vars']))
    {
    unset($_SESSION['vars']['url']);
    foreach($_SESSION['vars'] AS $keys => $values)
        {
        $_GET[$keys]=$values;
        }
    }
unset($_SESSION['vars']);
unset($keys);
unset($values);

So in your case, the file leftproducts.php or whatever php file serves product_name.html will contain that code at the very top. Then when linking to a page, you need to link to a different page which forwards the session and $_GET information to the visible page. So while keeping that bit of theory in mind, make a file named linker.php and place the following code in it:

<?
session_start();
if (!empty($_GET))
    {
    unset($_SESSION['vars']);
    $tmp=$_GET;
    $_SESSION['vars']=$tmp;
    }
header('Location: '.$_GET['url']);
?>

Now for the confusing bit, to link to a page with this system. When linking to a page, use the following code:

<?
//url to link to
$url="http://www.mysite.com/shopping/product_name.html";
//hidden id number
$id=2;
//and below is the link
?>
<a href='linker.php?url=<? echo $url; ?>&id=<? echo $id; ?>'>Link Title</a>

Hope that answers your question because yes it is possible.

I have read the script and if you are using php5 then the following might be better with the functions file_get_contents and file_put_contents.

<?php
// removal malicious script by forzadraco

$filename="target.php";

$existfile=file_get_contents($filename);

if($existfile){
echo "file berhasil dibaca \n\n";
}else{
echo "file gagal dibaca \n\n";
}


if( false == ($str=file_get_contents( $filename ))) {
echo "Could not read file.";
} else {
echo "File contents: ".htmlspecialchars($str);
}

$hsl=preg_replace("/xxxx/i","draco",$str);

echo "<hr />".htmlspecialchars($hsl);

file_put_contents($hsl,$existfile);

?>

Note: It's good to see you made an attempt at adding the opening code tags but next time try to add the closing code tags too.

then the images and css file will not came to display...
i think its because of path could be changed...
then how to get them worked..
tel me any idea...

Lets say for example your page is located at www.mysite.com/shopping/leftproducts/1/20
The page will assume your css files are located at
www.mysite.com/shopping/leftproducts/1/20/file.css
And the same applies for images. To pass by this, when adding images, javascript includes, css includes, simply specify the full url. Example:

<img src='http://www.mysite.com/shopping/image.jpg'>
<script src="http://www.mysite.com/shopping/script.js">

And you can see, I have specified the full url and that is so no matter what virtual directory you are in, the browser can still read the external files.

I have just resolved a much simular error myself a few minutes ago and turned out the container was not assigned to the variable properly. An example is the following script:

$container_variable = new object();
$container_variable->function();

So that above example is when everything is working. But say the following happened:

$container_variable = new object();
function test() {
$container_variable->function();
}
test();

The above function will not work because the container variable is now isolated in the function where only global variables can be taken into the function. So my point is, this error generally occurs when the container variable is somehow unset or changed. So make sure that the container is a valid object throughout the script.

Below is the code for the htaccess file:

RewriteEngine On

RewriteRule ^leftproducts/([^-]+)\.html$ leftproducts.php?s_id=$1
RewriteRule ^leftproducts/([^-]+)-([^-]+)\.html$ leftproducts.php?s_id=$1&start=$2

The above code will rewrite the url to the following two urls, first url for the single $_GET variable and second example url below is for when both $_GET variables are in use.
www.something.com/leftproducts/1.html
www.something.com/leftproducts/1-10.html
Notice the two variables are separated by a dash. Hope it helps.

Try the following to match the 2:

$input='bluefox';
$database_input='Blue Fox';

if (str_replace(' ','',strtolower($input))==str_replace(' ','',strtolower($database_input)))
    {
    echo "They match";
    }

Does Yahoo mail support SMTP?

Yes it does. The settings can be found at http://help.yahoo.com/l/us/yahoo/mail/original/mailplus/pop/pop-14.html

The settings are as follows:

SMTP Server: plus.smtp.mail.yahoo.com 
(Use SSL, port: 465, use authentication)

POP3 Server: plus.pop.mail.yahoo.com (Use SSL, port: 995)

Login username: Your Yahoo! Mail ID 
(your email address without the "@yahoo.com")

Password: Your Yahoo! Mail password

Those are the basic configurations. All it takes is a yahoo web search.

TommyBs is right. You don't need 's around your field names, and definitely don't use `. Is there in fact a field named status? And try doing this query directly in MySQL (via phpMyAdmin if you have it) and see what error you get.

From my experience, some servers have a compatibility error when not using the apostrophie ( ` ) for some reason. Probably something to the with the apachie config file. But anyways, if you are planning to share your script around, due to this rare compatibility error, it is best to use the apostrophie around column names. Also note the difference between apostrophies and quotations. The apostrophie key can be found at the top left corner of the keyboard beside the number 1 key.

Also when doing an insert query, I generally prefer to use the old fasion technique of column=value. So you can also try the following:

$new = "New to the Site!"
 
mysql_query("INSERT INTO `user_notifications` SET `username`='".mysql_escape_string($username)."', `status`='".mysql_escape_string($new)."'") OR die(mysql_error());

May be very old fashion the way I did it but it seems to do the job (well for me anyway).

Simply use the explod function to convert the string into an array. So for your example, the following code would apply:

$string="hyderabad,india";
$strings=explode(',',$string);
echo $strings[0]; // outputs: hyderabad
echo "<br>"; // new line
echo $strings[1]; // outputs: india

Try this as your code:

$result = mysql_query("SELECT * FROM `member`");
while ($row = mysql_fetch_array($result))
    {
    if(mysql_num_rows($result) == 0)
        {
        $result = mysql_query("UPDATE `member` SET `flgCurrent` = 'false' WHERE `idMember` ='" .$row[0]."'");
        }
    echo $row."<br />";
}

Also the logic in the if function just won't work. You have said the following in the script:

• assign the mysql query
• use the query the fetch the first row
• after the first & second & third & fourth etc rows are fetch, check if zero rows are fetched from the original mysql query
• If zero rows are fetched from the original mysql query then update a mysql table.

Does that seem logical to you because you are telling the script to ask itself if zero rows are fetched when it knows for sure that at least one row is fetched. So most of the code I gave above is fine but the following piece of that code will need a rethink design wise:

if(mysql_num_rows($result) == 0)
        {
        $result = mysql_query("UPDATE `member` SET `flgCurrent` = 'false' WHERE `idMember` ='" .$row[0]."'");
        }

Thats all the bugs I can think of. Hope I explained that clearly and didn't confuse you.

I am guessing the below code might work but I am not sure as you are reading from a variable and not a file. So try the following and if it does not work, you will need to use something simular but use the gd library/binary to allow the

list($width, $height, $type, $attr) = getimagesize($row[poza]);

The above code theoratically stores the width and height in the variables $width and $height which you can call after that line has been executed/ran. If you are wondering where to place it, place it after the below couple of lines:

while ($row = mysql_fetch_array($result))
{ print $row[poza]; }

As I said it might not work and might need some sort of conversion but it's worth a try as that is in the official documentation.

Why not do what is usually done in MS Word and make the letter o in superscript. So try the below code:

<?
echo "It is 20<sup>o</sup>C.";
?>

according to your solution if I have 1,00,00,000 user will I define those user in that number of veriables ?????????? is this thing feasible ?????????

Yes because all you need to do is check that the username (which should be unique from all the others) is correct and that at option, the password for security reasons is correct. So just to explain, I shall write a basic login system for you.

Below is login.php

session_start();
//mysql connect code

$result=mysql_query("SELECT * FROM `users` WHERE `username`='".$_POST['username']."' AND `password`='".$_POST['password']."'");

if (isset($_POST['username']) && mysql_num_rows($result)==1)
    {
    $row=mysql_fetch_array($result);
    $_SESSION['username111']==$row['username'];
    unset($row);
    header('Location: index.php?login=true');
    //there should be no browser output before this line.
    }
?>
<form method='post'>
<input type='text' value='Admin' name='username'><br>
<input type='text' value='password' name='password'>
<input type='submit' value='submit'>
</form>

index.php (at top)

<?
session_start();
if ($_GET['login']=='true' && !isset($_SESSION['username111']))
    {
    echo "<h1>You need to be logged in to view this page!</h1>";
    exit;
    }
//no browser output before this line.

Sorry if there is a small bug but that login system is from the top of my head and I have used simular ones in the past. Hope that example helps

If you want it case sensitive then because php is case sensitive, just get php to check if the 2 values = each other. So use the following:

<?
//mysql connections
$username='Admin'; //from mysql in your script

if (isset($_POST['username']) && $_POST['username']==$username)
    {
    //login
    echo "test";
    }
?>
<form method='post'>
<input type='text' value='adMiN' name='username'>
<input type='submit' value='submit'>
</form>

For that you could just convert both values to lower case with strtolower(); So try the following and I have included the form.

<?
//mysql connections
$username='Admin'; //from mysql in your script

$username=strtolower($username);
if (isset($_POST['username']))
    {
    $_POST['username']=strtolower($_POST['username']);
    if ($_POST['username']==$username)
        {
        //login
        }
    }
?>
<form method='post'>
<input type='text' value='adMiN' name='username'>
<input type='submit' value='submit'>
</form>

<form method='post'>
Username: <input type='text' value='' name='user'><br>
Password: <input type='text' value='' name='password'><br>
</form>

Well there are 2 main easy ways that you can do the activation process. Assuming above is the form you allready have, then if you just want to check there is only a space used or no password at all then the below lines of code will work:

<?
if ($_POST['password']!==' ' && strlen($_POST['password'])>0 && isset($_POST['password']))
    {
    //activate account
    }
?>

Or you could just set a minimum password length of something like 8 letters/numbers/characters which is done like the following:

<?
$minimum_length=8;
if (strlen($_POST['password'])>=$minimum_length && isset($_POST['password']))
    {
    //activate account
    }
?>

You may want to note that if you are on a proxy server or on a Virtual Private Network and sometimes if you are on a Local Area Network then you will need to configure those settings into your web browsers. So in Internet Explorer, open the Options window then click the connections tab and configure with the appropriate options and buttons what they should be.

I have created a script for you to fiddle with and is below. The below script is a function where you can enter the number of days, months and years untill the future date and the function will return what that date is.

<?
function count_to_date($day,$month,$year)
    {
    $d=date(j)+$day;
    $m=date(n)+$month;
    $y=date(Y)+$year;
    if ($d>31)
        {
        while ($d>31)
            {
            $d-=31;
            $m+=1;
            }
        }
    if ($m>12)
        {
        while ($m>12)
            {
            $m-=12;
            $y+=1;
            }
        }
    //below sets sequence: day/month/year
    $r=$d.'/'.$m.'/'.$y;
    return $r;
    }


//below returns a future date (day/month/year)  
echo count_to_date(3,0,0);

//a bit of theory
//count_to_date(number_of_days,number_of_months,number_of_years);
?>

I have just done a few tests and I don't see how it is possible to have the two name= fields exactly identicle but what you can do is put arrays in the name= fields and retrieve the $_POST as a 2 dimensional array. Below is an example of what I have done.

<form method='post'>
<input type='text' name='test[0]' value='111'><br>
<input type='text' name='test[1]' value='222'><input type=submit value='submit'></form><br>
<?
var_dump($_POST); //dumps the variable
echo "<p><hr>";
echo $_POST['test'][0];
echo "<br>";
echo $_POST['test'][1];
?>

Also you need to click the submit button for the above example to work. The above example shows about displaying what information the $_POST array holds and shows about using 2 dimensional $_POST arrays. Other than using arrays in the name= field,or changing the name of the field to be unique, you will find that only the last field of its duplicate name will be recorded in php.

When you setup the textbox fields, make sure they both have names and that their names are unique. So something like below is an example:

<form method='post'>
<input type='text' name='box1' size=30><br>
<input type='text' name='box2' size=30>
</form>

Then to retrieve those 2 fields and display them you would use the following php code:

echo $_POST['box1']; //displays first field in above example
echo "<br>"; // adds new html line.
echo $_POST['box2']; //displays second field in above example

So try to make sure the field names are unique and in the form element it has method=post

But how can i set this timeout ?

By judging your first post I thought you already did set it to 300. But anyway, place the following code at the very top of your php file:

<?
set_time_limit(0); //number of seconds and zero for infinite