Posts by nav33n

When adding the data to the table, use nl2br function (if you are using php).

Maybe we could have a competition of the most secure and fastest hash mechinism.

Unless we have an extremely talented hacker who can decypher hashes in minutes (or hours), we wont be able to know which is the most secure hashing mechanism. IMO, All these above posted functions are secure :)

This simply wouldn't work because this is how your source would look like.

<input type= "text" name ="ch1" disabled='true'
disabled='false'/>

Seems like a homework question to me! :)

<?php
$con = mysql_connect("localhost","root");
mysql_select_db("test");
$q = "select * from table1";
$result = mysql_query($q);
$i=0;
while($row = mysql_fetch_array($result)) {
	$result_set[$i] = $row;
	$i++;	
}
for($i=0;$i<count($result_set);$i++) {
	print "<pre>";
	if($next_element < count($result_set)-1) {
		$next_element = $i+1;
		print "Next element in the array is: <br><br>";
		print_r($result_set[$next_element]);
	}
	print "Now the array points to:<br><br>";
	print_r($result_set[$i]);
	print "</pre>"; 
}
?>

On last element of the array, it doesn't print Next element in the array is:

Maybe this isn't the best solution!

:) Yeah.. Cool!

What if the client has disabled javascript ?

*Bangs head*You are right..
But what about focus() ?

You can do this in php itself ! Why do you want to rely on javascript ?

Umm.. I am not sure actually! :-/

Did you check the source ? $string = "<div id=\"$class\"> $words </div>"; I just had everything in one script and it works fine. (Oh, I also replaced . with # of your css.

<?php
function pop_boxes($words, $class) {
		$string = "<div id=\"$class\"> $words </div>";
		print($string);
}
?>
<style>
#pop_window{
		border:1px;
		background-color:red;
}
</style>
<div id="mainarea" style="padding:10;">
<?php
$words = "Try again";
$class = "pop_window";
pop_boxes($words, $class);
?>
</div>

Answer is Yes to both the questions.

<html>
<body>
<form name='test' method='post'>
<input type='text' id='name' name='name'>
<input type='text' id='age' name='age'>
</form>
<?php
 $value = 1;
 if($value == 1) {
 	echo "<script>document.getElementById('age').focus();</script>";
 	echo "<script>document.getElementById('name').disabled=true;</script></script>";
 }
?>
</body>
</html>

You can! But you will just be adding unnecessary overload to your CPU ! I think you can use cwarn23's function. Its neat !

<?php
//path_test.php
$path = getcwd();
include($path."/get_file_contents.php");
?>

<?php
//this is get_file_contents.php
$data = htmlentities(file_get_contents("http://google.com"));
print $data;
?>

If you run the script path_test.php by typing the url, http://localhost/path_test.php?path=malwaresite.com/sneaky/malicious/nasty , it still wouldn't take the path specified in the url because, I am no where requesting ($_GET or $_REQUEST) the path.
I agree, If I didn't have this line

$path = getcwd();

and If I had enabled register.globals in my php.ini, then it would be a problem!

Hmm.. one question though.. The table will store random strings and their hashes.. I guess it would be more efficient if a dictionary (like the ones used in Brute force) with all the commonly used words are also stored..

All hail Daniweb ;) heh.. Cheers!

Do you mean this ?

http://www.daniweb.com/code/snippet130.html

Although there may be no dehasher on the market that doesn't stop you from making one. But it does require about 2 petabytes of hardrive space (2048TB or 2097152GB). I have created a dehasher that simply records every key combination and its hash into a mysql database then when dehashing, just simply do a reverse lookup by searching for the recorded hash and original word when the entry was generated. Just let me know if you would like the script.

Woah ! Something like a keylogger ? Is it in php or java/vb.net ?

But am I assuming how the hash method works, is correct?
(use any string to encrypt a variable to produce a unique 8 character string?)

Yep. Thats correct. In this case, the algorithm convert it to 8 character string.

I am good OmniX! How are you ?

I don't think there is any decrypting script/function which you can download. They have mentioned how there can be a collision between 2 different strings giving out the same hash ! I tried to read some more about the same, but, everything is going right over my head :(
http://www.mscs.dal.ca/~selinger/md5collision/
http://www.unixwiz.net/techtips/iguide-crypto-hashes.html

Thank you for creating this thread.. I can spend the rest of the evening reading these links ;)

I just love this question. In my opinion, it is best to use more than one hash so that it is harder to crack. And so that those online database chrackers can't store your hash, include the whirlpool hash. So below is a function I have made for a much better hash:

function truehash($hashzzz) {
return hash('crc32b',hash('whirlpool',$hashzzz));
}

The function above will be really hard to crack as it uses oppisite types of output. One of the advantages with the function above is that crc32b is short (less data recorded) and whirlpool is long (containing more data). And since a whirlpool hash is 128 characters long, I doubt anybody will have a giant database of the whirlpool conversions. Of course you could use all of the hashes in the function but may make take a bit of cpu.
Any other comments?

Thats a very nice function. I wish I could give you more rep today :)

Check this link.. http://www.hudzilla.org/phpbook/read.php/17_3_7
I also read here that md5 can generate collision (and is not safe anymore!). Someone also mentions (in the 2nd link) that whirlpool (as mentioned by cwarn23) is a good replacement! SHA1 isn't a safe encryption method too! :S Hmm.. I should stop using SHA1 !

:) Cool!

if($filename!="NULL" || $filename!="FALSE" || $filename!="")

This must be

if($filename!=NULL && $filename!=FALSE && $filename!="")

In your example, you are checking if variable filename value is NULL or FALSE (which is wrong). And, you should use logical operator "and" instead of "or".

Take a closer look at my script. Line 25. In my post I solved a way around the last appended | symbol by using the following line:

I was just giving him an example how the result would look like! I just copy pasted the error messages and I forgot to take the last "|" from it.

http://localhost/careers.php?error=Name%20is%20a%20required%20field%20please%20complete%20and%20submit%20it%20again.|Email%20is%20a%20required%20field%20please%20complete%20and%20submit%20it%20again.

This is exactly how it looks like (if there are 2 errors).

No it wont! cwarn23 is appending a "|" after every error message. So, if there are 2 errors, the query string would look like,

Name is a required field please complete and submit it again.| Please fill in a correct email address|

I personally don't prefer doing it this way since the query string look quite long and bad. Maybe using a session array variable is a better choice.
Whenever there is an error, add it to a variable, then make that a session variable. After displaying respective error message, unset the session variable.

and another issue: include("$path/...") ===> you are giving dynamically path to your pages, this is not secure. don't do that.

Could you please explain why ?

I haven't tested the application in the link you have specified. But, you can use is_file or is_dir and display relevant image (file image if its a file and directory image if its a directory!)

2 errors. 1st one is on line 30. $message = $_POST('$SchoolName',....
2nd error, there is no ; after mail function. Please check this for the correct syntax of mail function!

Edit: Also, this

echo "Form not properly completed")

is not terminated by a semicolon and there is an extra )

Well, thats because only the last value is stored in variable $val because of the while loop.
You can
1. Put value of $row["name"]; to an array and iterate through that array in your select tag
or
2. Use <option> tag in your while.

I don't think so. I didn't add any but I still see it ! :-O

Great :) Congrats!

Then use <p> instead :-/ It would be very helpful if you show us the output !

Hello everyone!

I am not sure if someone has already reported this bug, but here it is.
An example:

<form method='post' onsubmit='javascript: validateform(this);'>

When you click on "Toggle Plain Text", you can see < b >< /b > getting appended to javascript ! :-/

Some more example threads.

http://www.daniweb.com/forums/thread177790.html
http://www.daniweb.com/forums/thread176123.html

I have tested it on both Firefox and IE7.

Cheers!

As I said in my earlier post, \n is just a delimiter. How do you know it contains 20 lines of of data ? How are you separating the lines ? Using \n or by using <br> ?
Try this simple example.

$query = "select content from blogs limit 1";
$result = mysql_query($query);
$row = mysql_fetch_array($result,MYSQL_ASSOC);
print htmlentities($row['content']);
?>

If the lines are separated by <br> tag, use that as a delimiter.
Btw, I use mysql_assoc to get only the associative indices. I can use mysql_assoc instead, but I like using mysql_fetch_array. :)
Check Return Values in this link for more details.
http://in.php.net/mysql_fetch_array

Use single quote in your query ' instead of ". The second argument \n is a delimiter. If you are storing the values in a table with <br> try giving that instead of \n. I tested at my localhost and it works without any problem.

<?php
$con = mysql_connect("localhost","root");
mysql_select_db("test");
$blog="select id,SUBSTRING_INDEX(question, '\n', 5 ) from quiz_questions limit 1";
$result = mysql_query($blog) or die (mysql_error());
$row = mysql_fetch_array($result,MYSQL_ASSOC);
print "<pre>";
print_r($row);
print "</pre>";
?>

:) Get a good editor with syntax highlighting.. That way you will know where you are going wrong!

Are you sure it doesn't work ? I downloaded the script and it works just fine! See the attached screenshot..

update journey j, passengers p, shuttle s set j.occupancy=j.occupancy - 1 where p.journey_id = j.id and s.id = j.shuttle_id and s.id = 1 and p.passenger_name='bill gates'

wouldn't this work ? Many people at my workplace avoid joins (they say its comparatively slower than normal queries).

I tried many ways to do this , first of All I tried to work with Distinct but I figured out that Distinct is applied to a Row not a field

What do you mean ?

select distinct state from A order by entry_date desc limit 5

will return 5 records with distinct state, sorted on entry_date in descending order.

Select Distinct State,Id From A group by State Order By Entry_Date desc Limit 5

This query will return 5 records with combination of distinct state and id sorted on entry_date in descending order.
for example,
state --- id
state1 --> 1
state1 --> 2
state2 --> 3
state3 --> 4
The above query will return state1 --> 1 as well as state1-->2, since they make unique combination !

I guess, you don't have enough permissions on tmp directory. Give all the permissions to tmp directory and try again. When you use session_start, it will create a cookie if this option session.use_cookies is turned on.

Check mysql function substring_index

Eg.

SELECT SUBSTRING_INDEX(columnname, "\n", 10 )
FROM table

I prefer for each forum a man of forum each month, that's would be good idea

I don't think that is a good idea! It would be a herculean task for the committee to find one person in every community every month (not that there aren't enough people, but there aren't enough qualified ones)!

No probs! Btw, foreach is useful when you have irregular array indexes.
eg.

$array[3]=30; $array[10]=10; $array[11]=10;

foreach($array as $value) simply means, for every element in the array, assign its value to $value.
foreach($array as $key => $value) assigns the index of the array to $key and value of that index to $value.
:S I hope I am not confusing you!
This is almost similar to for loop.

for($i=0;$i<count($array);$i++) {
  echo "Key is".$i."Value is".$array[$i];
}
//is same as
foreach($array as $key =>$value) {
 echo "Key is".$key."Value is".$value;
}

Google "login form php". You will find atleast 10000 links.

This isn't the best solution (Infact, its kinda sloppy!). First, use preg_match to search for pattern "xxx". If found, then, use preg_match again, but this time, search for pattern, '/<script[^>]+\>(.*)<\/script>/s' . This will again return the string between <script> tags. Then use str_replace and replace the matched string with "".

$pattern = "/x{3}/";
$string = preg_replace($pattern,'', $string);

This will look for xxx, if found, replaces it with null.

i want to remove all word from that string if that string have minimal three word'x'

I am not clear what you want. Do you want to search for xxx, if found, remove it ?

@Rhyan, \n will return extra line breaks. For example, If the actual string is

ab
bc

\n will return

ab 

bc

<?php
// removal malicious script by forzadraco

$filename="target.php";

$existfile=fopen($filename,"a+");

if($existfile){
echo "file berhasil dibaca \n\n";
}else{
echo "file gagal dibaca \n\n";
}


if( false == ($str=file_get_contents( $filename )))
echo "Could not read file.";
else
echo "File contents: ".htmlspecialchars($str);

$hsl=preg_replace("/xxxx/i","draco",$str);

echo "<hr />".htmlspecialchars($hsl);

fwrite($existfile,$hsl);
fclose($existfile);

?>

Check "mode" http://in2.php.net/manual/en/function.fopen.php . Mode "w" : Open for writing only; place the file pointer at the beginning of the file and truncate the file to zero length. If the file does not exist, attempt to create it.