Posts by cwarn23

no im not sure i follow this very well. i dont think that its too hard to hack right now. but its illegal and people shouldnt do it just because. theyh could go to jeal etc..

It isn't illegal to dehash a hash unless you intend to use the crack for stealing passwords etc. So if for example you wanted to encode data and decode it using hashes that is not illegal. It is only illegal once you start stealing peoples passwords and one day a hash function on it's own will be very useless unless additional heavy security measures are taken.

im pretty sure that is ok o use just sha1 being its a forty char long encryption.

I wonder what the world will be like in a few years time when that 4TB cd comes out where TB's of diskspace can be stored on just a few disks. So it would be possible to make to have a cd collection containing compressed dehashing data to the 7 digits. That's only the near future as in a few years. In maybe 15 years we may be able to store 15 digits on server farms during the time when a cd holds 23PB (petabytes) and each harddrive in the server farm contains 256EB (ExaBytes = 1024^6 bytes). What is your advice on preventing serverfarms dehashing where a single computer can hold 256EB and there could be hundreds of computers on a hackers personal server farm. Well Google will need somewhere to store all of those youtube videos in the future. That is when the world goes into crises which I am already thinking about preventing today. So my advice, don't wait till the year 10,000 for the millennium bug. Fix it right away.

one time i made a password encryption with pure php it went like this:
$password = sha1($password);
$password = md5($password);
$password = ENCRYPTED!

That's the kind of stuff I was talking about except I would recommend using the md5 or md4 algorithms as I have read reports that they don't always produce the same md4/md5 hash every time. It is a bug in the algorithm and therefore the md4 and md5 algorithms should be ignored.;) But other than that, great way of explaining what I was talking about earlier on.

This thread just has no direct answer so I shall help explain to Bob

Just a technical question on what is legal and what is not. I buy a printer, lets say a cannon, and after a while the black ink runs out, can I legally refill the cartridge as I bought it and it is mine?

From my understanding it is ok to fill the ink cartage yourself if you have a legal supply of ink however then the manufacture will nolonger having anything to do with you. In other words no support, no warranty, no guaranteed replacement printer etc. So unlike the cyberworld for most things in the real world are actually your responsibility if they are your property. So you can do just about anything that is your property as long as it's not part of the cyberworld or under terms of an agreement. And as for the printer, if you discard the warranty and the support then there is no agreement meaning you can do what you want with it although you couldn't resell it due to the issue of the manufacture did the majority of the designing of the printer which comes under another contract/agreement.

As far as I am aware that is how it works or at least in Australia and perhaps searching on the internet through law support websites for your country may help.

It is more like the best 3 search engines which include Google, Bing and Yahoo. The reason, they hold the greatest market share with Google being the strongest and I think Bing might be the weakest in the market share.

but I can't seem to figure out why it is periodically doing this on-and-off

Perhaps it's part of the update process where when the data is being updated in the database, first the new names are being added to the database then a person downloads a copy of the list of names and after that deleted from the database is the old names. Just a theory of the duplicate names but that would be my guess.

Sure it may not be possible to store every combination as there are infinit possible hashes due to an infinit length that can be hashed (eg. pi). However, it is still possible to hash at least the first 5 digits and every word from the dictionary. I have a vps for all of this and I have encrypted the hashing data so that it only takes up half the space. I know you may say this is not possible but I am all about doing the impossible and usually I succeed. Also could you give me a reference about rainbow tables as they sound colorful and needed. Currently the technique I'm using is by having 3330 tables each storing a proportion of the data but discovered more would be needed.

There is nothing wrong with SHA256, Whirlpool etc. are designed to be secure thus they should be used to hash passwords.

Are you kidding, no hash is secure unless you hash the hash. If you type in "dehasher" in google my website comes up on the first page "global programming syntax" and with my website, sha1, crc23 and crc23b will have a reverse lookup to at least 4 digits. My database is being populated each day with millions of results and will upload the database late November. So currently the database is not publicly viewable but will be soon and I have plans to expand it to a monster database as I have made the database structure efficient for mysql query lookup. So with plans like mine, no hash is secure as long as it follows a standard format. That's why you hash the hash or use a custom hashing function.

Google Analytics is also a great tool.

At all costs do not use Google Analytics. The google analytics system has frozen a few times causing a few banks websites to not load. So if Google Analytics will cause banks websites to not load then why should you trust it with yours? However this only happens about once every 6 to 12 months. Google seems to be starting to freeze more frequently though as all of their system are controlled by the one mainframe (eg. Youtube, google search, google analytics, google webmasters, google maps, google earth, google street view) So those listed products with many more are controlled by the one mainframe setup instead of individual setups for each product and when that one mainframe crashes, boom - 5% of the internet is offline. Happened for about 52 hours in the past year over two separate occasions.

code will produce a collision for any crc32b hash within an hour on an average PC.

That is true with any hashing function and that is what makes crc32 so good. It stores a large amount of data in minimum space with minimum recourses still with the concept. If however you are after uniqueness then all of the hash functions are no good and the following code will need to be used.

<?php
function hash_string($string,$extrachars='',$mixsault=true) {
    $str=array();
    if (strlen($string)>3) {
        $len=floor(strlen($string)/2);
        if ($mixsault==false) {
            $long=str_split(substr($string,0,$len).$extrachars.substr($string,$len),1);
            } else {
            $string=substr($string,0,$len).$extrachars.substr($string,$len);
            $long=str_split($string,1);
            }
        } else {
        $long=str_split($string.$extrachars,1);
        }
    for ($i=0;isset($long[$i]);$i++) {
        if (!isset($charconvert[$long[$i]])) {
            $charconvert[$long[$i]]=true;
            }
        }
    if ($mixsault==false) {
        ksort($charconvert);
        }
    $i=2;
    foreach ($charconvert AS $key=>$val) {
        $charconvert[$key]=$i++;
        }
    $amount=count($charconvert);
    unset($long);
    $arr=str_split($string,2);
    while (!empty($arr[0]) || $arr[0]===0) {
        for ($i=0;isset($arr[$i]);$i++) {
            $char=str_split($arr[$i],1);
            $arr[$i]='';
            if (empty($charconvert[$char[1]])) {
            $tmp=1; } else {
            $tmp=$charconvert[$char[1]];
            }
 
            $v=(($charconvert[$char[0]]*$tmp)+32+($amount-$tmp));
            if ($v<256) {
                $str[]=chr($v);
                } else {
                $str[]=$char[0];
                $arr[$i]=$char[1];
                $arr=implode('',$arr);
                unset($arr);
                $arr=str_split($arr,2);
                unset($arrs);
                }
            unset($v,$tmp);
            }
        }
    unset($arr,$char,$charconvert);
    return implode('',$str);
    }
 
echo hash_string('This is to be hashed','this is like a sault',false); //outputs:  >–7FÊ3:JŽR
echo hash_string('This is to be hashed','this is like a sault',false); //outputs:  >–7FÊ3:JŽR
echo hash_string('This is to be hashed','this is like a sault',true);  //outputs:  1=BF^@=BFN‘jG½ftjF:Ä
echo hash_string('This is to be hashed','this is like a sault',true);  //outputs:  1=BF^@=BFN‘jG½ftjF:Ä
echo hash_string('This is to be hashed');                              //outputs:  .:?C[XaA7—
echo hash_string('This is to be hashed');                              //outputs:  .:?C[XaA7—
echo hash_string('This is to be hashed','',false);                     //outputs:  ;ƒ4?™07G{O
echo hash_string('This is to be hashed','',false);                     //outputs:  ;ƒ4?™07G{O
?>

So truly a custom hash function is …

Gigablast? What the hell is that?

link:url will do for the major SEs. Gigablast? I can't belive you mentionned that dinosaur. What do they get, less than .05% of web search traffic. Wake up! It's Google, then MSN (Bing,Live) and Yahoo in about that order. Get with the program.

What - Live, that's an extinct dinosaur. I believe MSN is Bing and Bing replaced Live. Live search nolonger exists and laughed when seeing Live in a year 2050 based film. lol

I just checked and gigablast has an advanced search option where you can search for backlinks although I can't seem to get it to work. As for ask, I can't see any function in the ask search engine for backlinks yet.

I tested the following keyword on google, yahoo and altavista and it seems to work perfectly.

link:google.com

The above search term will search for all pages that link to google.com Also it tells you how many backlinks exist simply by checking how many results occurred. Also another example is as follows:

link:daniweb.com

Also as for bing it is not so easy. I remember reading some time ago that to get the backlinks for bing you need to register an account then log in to view the stats for the backlinks. So that makes it impossible for automated scripts to get the bing backlinks. I see a mod has answered how to get backlinks with google, yahoo and possibly a few others.

You may want to note that for assigning a possibly undefined variable or array index/key the following is the correct method.

$PK = (isset($_POST['PK']))?$_POST['PK']:'';

The above is what line 24 should be.

Your links are all pointing to the wrong location and should be something like as follows:

<?php 
//REMEMBER TO CONNECT TO DATABASE!

$show_all=$_POST['rg01'];    // Show All
//echo $show_all;

$host="localhost";      // Host name 
$username="root";       // Mysql username 
$password="";           // Mysql password 
$db_name="accounts";    // Database name
$tbl_name="login";      // Table name
$tbl1_name="details";   // Table1 name

// Connect to server & select databse.
$con=mysql_connect("$host","$username","$password");
mysql_select_db("$db_name",$con);

if($show_all!="")
{
$sql="SELECT username FROM $tbl1_name WHERE sex='$show_all'";
$result=mysql_query($sql);	
}

else
{
	echo "SELECT EITHER BRIDE or GROOM";
//	header("location:profile search.php");
}

//**EDIT TO YOUR TABLE NAME, ECT. 

$t = mysql_query("SELECT username FROM $tbl1_name WHERE sex = '$show_all'"); 
  if(!$t) die(mysql_error()); 
    
$a                = mysql_fetch_object($t); 
$total_items      = mysql_num_rows($t); 
$limit            = 3; 
//$type             = $_GET['type']; 
$page             = 1; 

//set default if: $limit is empty, non numerical, less than 10, greater than 50 
if((!$limit)  || (is_numeric($limit) == false) || ($limit < 10) || ($limit > 50)) { 
     $limit = 3; //default 
} 
//set default if: $page is empty, non numerical, less than zero, greater than total available 
if((!$page) || (is_numeric($page) == false) || ($page < 0) || ($page > $total_items)) { 
      $page = 1; //default 
} 

//calcuate total pages 
$total_pages     = ceil($total_items / $limit); 
$set_limit       = $page * $limit - ($limit); 

//query: **EDIT TO YOUR TABLE NAME, ECT. 

$q = mysql_query("SELECT username FROM $tbl1_name WHERE sex = '$show_all' LIMIT $set_limit, $limit"); 
  if(!$q) die(mysql_error()); 
     $err = mysql_num_rows($q); 
       if($err == 0) die("No matches met your criteria."); 
	   

$s_a = urlencode($show_all); //makes browser friendly 

//Results per page: **EDIT LINK PATH** 
//echo("<a href=http://localhost/new.php?sex=$s_a&amp;limit=2&amp;page=1>DART</a> |"); 
echo "<br>"; …

Why won't that work. Is there something in the included library that prevents it working. The only thing I would suggest is escaping the variable $key like the following:

$zips = $z->get_zips_in_range("".$my_zip."", "".$distance."", _ZIPS_SORT_BY_DISTANCE_ASC, true); 

foreach ($zips as $key => $value) {}

$key=mysql_real_escape_string($key);
$sql="SELECT * FROM users WHERE zip='$key'"; //<-- should work
$res=mysql_query($sql)or die(mysql_error()); 
$i = 0; 
$num_of_cols = 5; 
echo "<table cellspacing=\"10\" cellpadding=\"10\"><tr>"; 

while($row = mysql_fetch_array($res)) { 
	$fname=$row['first_name'];
	$age=$row['age'];
	$id=$row['id']; 
	
	$sql1="SELECT prof_pic FROM user_profile WHERE user_id='$id'";
	$res1=mysql_query($sql1);
	$numr=mysql_num_rows($res1);
	while($r1=mysql_fetch_array($res1)){
		$pic=$r1['prof_pic']; } etc.

'check-box-1' thats the name of the check box right.

From my experience yes it is.

This might be out of your price range, but Rack Space has a really good hosting deal. It is $100/month, but they are very reliable, you can set up billing, hosting limits, register domains, etc. all from their control panel. It is mainly if you make websites for people and you want to manage all of them together.

Another really good thing is their customer service. You give your customers their phone number, and Rack Space answers the phone using your business title, as if they were the tech support for your business.

There is more information here:

http://www.rackspacecloud.com/cloud_hosting_products/sites/faq

I entered in the specs of the plan I'm on with my host and it's over double the price. If there was something like that where you can decide cpu, storage space and bandwidth for a third of the price then I would be very interested in the near future. BTW, the cost that came up for me was $200/month before I add some fancy stuff then it ends up around $325/month. Hope a list of more hosts where I can decide the plan but cheaper can be listed in this topic.

To retrieve the variable param from the url simply use $_GET to get its value.

I did a google search and the following link might be of great interest to you. http://www.m6.net/ Enjoy.

I would suggest trying the following 3 functions:

array_multisort()
arsort()
asort()

I can't tell for sure which one or if any will work because there isn't an example for me to test.

if( !@include( $path ) ) {

That part of the syntax is totally wrong. I don't think that an include is not meant to be in an if statement. Also replace the include with the require function which does the same thing but with error reporting. Also I would advice removing those @ symbols. So the above quote should be the following:

if(file_exists($path)) {
require( $path );
} else {

I thought I would confirm this, so your getting some unexpected hyperlink in your page which needs deleting or changing. Also by any chance does your url at any stage match the one that's output.

When I say template I refer to all of the include() and require() files. That is your best bet.

Hi Again, so what action would cause that to happen outside of the form.

I can't see that hyperlink in your code anywhere so it is probably part of your template or something because I can't see that link in your code.

Hi Again, so what action would cause that to happen outside of the form.

What's outside the form now?

Edit: I forgot to check the previous page. Will reply soon.

Those are two separate pieces of code. The first code is the form submission location and the second code is a hyperlink. So they are completley unrelated. However in the hyperlink it appears that it is showing the ip of your server instead of the domain name.

$row{'products_type'}

WTH - You rebugged your code by not studing the code in post #9. The array formatting you used (example in above quote) should be as follows:

$row['products_type']

Notice how the brackets are different. That's one of your biggest problems but do this in addition to what you were doing before.

Well if the $row array (not far after the while()) wasn't displaying it's value and yet $row yields it's values on print_r, logic would say that it is the 2 includes above $row. But if this isn't the case I wouldn't have a clue and would try commenting sections at a time.

Try rebooting the apache httpd service. I've noticed on windows rebooting the computer doesn't restart the httpd service so you will need to go into your controll panel to restart the apache httpd service.
Edit: Not the windows control panel.

I changed it's value to On, but it still doesn't work.

Well a server can have several php.ini files and only one of them are really used. So make sure the php.ini file you changed is the same one as listed when you use the following code:

<?php phpinfo(1); ?>

The above code will tell you the real location of the php.ini file and a few other settings.

Perhaps the following:

//get username
$username='Bill Gates';
//validate
$username=mysql_real_escape_string($username);
//set the sql query
$result=mysql_query('SELECT * FROM `table` WHERE `usercolumn`="'.$username.'"');
//check if it exists
if (mysql_num_rows($result)>0) {
    //it exists
    } else {
    //it does not exist
    }

The only thing I can suggest is try commenting the two require functions which are directly below the while loop as the array $row might be over-written or something.

Try just before the while loop each of the following codes but will need to be done separatley:

die(mysql_num_rows($result));

$ddd=mysql_fetch_assoc($result);
echo '<xmp>';
print_r($ddd);
echo '</xmp>';

And let me know of the results of when each of those code are on line 33.

Do all your columns begin with products_ or is that your table name because you don't use your table name in the $row array.

Wow, big bugs. Try the following:

<?php
//passed values from form
$category_id=$_POST['category_id'];
$make=$_POST['make'];

//Sanitize input values
$category_id=mysql_real_escape_string(stripslashes($_POST['category_id']));
$make=mysql_real_escape_string(stripslashes($_POST['make']));

//$result = mysql_query("SELECT * FROM products WHERE products_make ='$make'") or die(mysql_error());
//or
//$resultb = mysql_query("SELECT * FROM products WHERE products_make ='$make' AND products_category_id ='$category_id'") or die(mysql_error());
require('includes/header.php');// Include header

//setting user host and password values
$username = "**********";
$password = "******";
$hostname = "localhost"; 

//connection to the database
$dbhandle = mysql_connect($hostname, $username, $password)
 or die("Unable to connect to MySQL");
//echo "Connected to MySQL<br>";

//select a database to work with
$selected = mysql_select_db("Streetwise",$dbhandle)
  or die("Could not select Streetwise");

//execute the SQL query and return records
$result = mysql_query("SELECT * FROM products WHERE products_make ='$make'") or die(mysql_error());

//fetch tha data from the database

while ($row = mysql_fetch_assoc($result)) {
   
	require('includes/body.php');
	
	require('includes/vehicle_panel.php');
	// display the database output query
	echo '<div class="font">'.'<h3>'.$row['products_type']." ".$row['products_make']." ".$row['products_model']." ".$row['products_year'].'</h3>'.'</div>';
	echo "<h3>";
	//echo'<br>';
	echo '<div class="price" align="right">'.'<img src="images/odyssey/'.$row['products_Image'].'" alt="Car batteries" height="75" width="75" border="0" align="center">'."&nbsp; &nbsp; &nbsp; ".'</div>'."Price &pound;".$row['products_price']."&nbsp; &nbsp";
	echo "<br>";
	echo '<p>';
	echo '<br>';
	echo "<br>";
	echo "</h3>";
	echo '<form>';
	echo '<fieldset>';
	echo '<legend>Fitting Details </legend>';
	echo '<br>';
	echo '<div class="image" text-align="right">'.'<img src="images/'.$row['products_other1'].'" alt="Car batteries" height="90" width="100" border="0" align="right">'."</div>";
	echo '<br>';
	echo '<ul>';
	echo '<table>';
	echo '<tr>';
	echo '<td width="130">'.'<li>'."Weight".'</td>'.'<td width="100">'.$row['products_weight']."&nbsp;kg".'</li>'.'</td>';
	echo '</tr>';
	echo '<tr>';
	echo '<td width="130">'.'<li>'."Length".'</td>'.'<td width="100">'.$row['products_length']."mm".'</li>'.'</td>';
	echo '</tr>';
	echo '<tr>';
	echo '<td width="150">'.'<li>'."Width".'</td>'.'<td width="100">'.$row['products_width']."mm".'</li>'.'</td>';
	echo '</tr>';
	echo '<tr>';
	echo '<td width="150">'.'<li>'."Height".'</td>'.'<td width="100">'.$row['products_height']."mm".'</li>'.'</td>';
	echo '</tr>';
	echo '<tr>';
	echo '<td width="150">'.'<li>'."ah@20 hr rate".'</td>'.'<td width="100">'.$row['products_ah_20hr']."&nbsp;AMPS".'</li>'.'</td>';
	echo "</tr>";
	echo '<tr>';
	echo '<td width="150">'.'<li>'."S.A.E Cold Start".'</td>'.'<td width="100">'.$row['products_sae_cold_start']."&nbsp;AMPS ".'</li>'.'</td>';
	echo "</tr>";
	echo '<tr>';
	echo …

echo "<form action=http://www.romancart.com/cart.asp method=post>\n";
echo"<input type=\"hidden\" name=\"itemname\" value=\"$m_id\">";
echo'<input type= hidden name=returnurl value="http://217.146.126.103/passenger.php">';
echo"<input type=\"hidden\" name=\"price\" value=\"$p_id\">";
echo"<input type=\"hidden\" name=\"storeid\" value=\"45983\">";

The above quote should turn into the below code:

echo '<form action="http://www.romancart.com/cart.asp" method="post">'."\n";
echo '<input type="hidden" name="itemname" value="'.$m_id.'">';
echo '<input type="hidden" name="returnurl" value="http://217.146.126.103/passenger.php">';
echo '<input type="hidden" name="price" value="'.$p_id.'">';
echo '<input type="hidden" name="storeid" value="45983">';

You mentioned my previous post which is not resolved, any ideas for a solution.

What's the problem or is this solved?

In future please use code tags as this is not your first post. Also the following code should do the trick:

$category_id=mysql_real_escape_string(stripslashes($_POST['category_id']));
$make=mysql_real_escape_string(stripslashes($_POST['make']));
$result = mysql_query("SELECT * FROM products WHERE products_make ='$make'") or die(mysql_error());
//or
$resultb = mysql_query("SELECT * FROM products WHERE products_make ='$make' AND id ='$category_id'") or die(mysql_error());

In Ubuntu. ok. I found this problem when I first got a Virtual Private Server. The server had a different file structure than what my Ubuntu did. So try to browse around your server to make sure those are the locations for your servers Operating System. There seems to be two mains sorts of systems of sorting files from my experience.

No error. That's because you didn't echo the exec function. Line 18 should be as follows:

echo exec($createBackup);

Try replacing line 11 with the following:

$file[] = str_replace(" ","_",$_POST[$files1]);

Try on line 34 the following code and tell us the results:

echo '<xmp>'; print_r($file_names); echo '</xmp>';

That should dump the keys and values of the array. They don't always have numbers between the brackets.

I believe it is the break; code in the switch statement. That is why I suggested replacing it with an if statement. But obviousley there is something fishy going on with the $returnCode variable.

Weird. Should have worked. :?:
Below is another piece of code you can try and hopefully it should work.

$returnCode = (int)curl_getinfo($ch, CURLINFO_HTTP_CODE);
        if ($returnCode!=='200' || $returnCode!==200 ||$returnCode>200 || $returnCode<200
|| $returnCode!==(int)200 ||$returnCode>(int)200 || $returnCode<(int)200){
                $result = 'ERROR -> Status '.$returnCode;
        }

I tested it and it worked in my tests but worked too well. It only reports 404 errors and if you got a 500 error then it would not be reported.

$returnCode = (int)curl_getinfo($ch, CURLINFO_HTTP_CODE);
        switch($returnCode){
            case 404:
                $result = 'ERROR -> 404 Not Found';
                break;
            default:
                break;
        }

Replace the above with the below:

$returnCode = (int)curl_getinfo($ch, CURLINFO_HTTP_CODE);
        if ($returnCode!==200 || $returnCode!=='200'){
                $result = 'ERROR -> Status '.$returnCode;
        }

Thanks for that sknake and that info should be in a pinned topic if not already.

Partial bug. Whenever I post in code tags it seems to use the forum syntax. However this is not the same with all other members. Below is a link to an example post and if you check the bbcode source it shouldn't have any syntax highlighted.
http://www.daniweb.com/forums/post981558.html#post981558

If it returns the following and never returns 404 then that would make the switch statement useless.

Total time for request: 0.308465003967 XXXXXXXXXX3738246550#Messages Sent1

So I would suggest trying what I suggested in my previous post as it should work.