shadowx

I agree with everything said already. You should use a Javascript validation to check every key press and see if that keypress is any of the following: " ' : , . @ | $ ? % ^ & * ( ) and so on.....Then in the PHP validation use a regular expression of the format: /w that should check for all alpha-numeric characters (a-z 0-9) you can also add a character limit with something like {5,20} (which is: {min,max} )Im not very good with regex otherwise i would write the whole thing for you, but it gives you a starting block

Never encountered this before, but it does seem silly, perhaps if they asked people to register with a business account or something in which they have to provide full contact details or something and then use cookies to limit it per PC and not per IP. It does make sense though, like said google is a massive target and i expect if you made a botnet of 10,000 computers (easily done with a trojan) and had each of those computers query google at an insane speed you could really affect performance. And then consider that you could theoritcally have 10 times that number of computers.. It wouldnt look preety!

Theoretically you could, i think, connect to the remote database and go from there. However the problem is you are skipping all the validation of the signup page. This might not seem to big a deal if it will be only you that uses the program but you would need to have some validation in your VB to prevent you accidentally entering wrong data and to check if the chosen username already exists (same goes for email too) otherwise you end up overwriting data. You also need to find a host who is willing to allow remote access to the database. That might not be so easy to find. If i were you i would go for loading the signup page within an internal browser in VB. You would need to create custom HTTP headers to include the POST data though, so you'd have to read up on that. To do the PHP page version you would just create a hidden browser element in VB, have a radio select box or something for each forum and then depending on which one is clicked/selected it changes the address of the inbuilt browser to https://www.salesforce.com/products/platform/overview/ etc.. with the custom HTTP headers.

/agree!Being tall i have pretty long legs which means i can happily walk twice as fast as most of the morons about today. Its really frustrating because if i walk really slowly (hencenforth known as girl-shopping speed) i start to loose my balance haha! I suppose being overweight doesnt help that but its just torture! i end up walking like a complete weirdo! Plus is so so so annoying, by the time these gimps have walked 10 meters i can have been shopping, had some lunch, got a coffee and be on the bus!I also hate people that walk towards you at just dont move! Im fairly easy to see!! So now im doing the same, i tend to walk looking to the left or right or just over the heads of anyone walking towards me and they soon move People that text when they walk and because they just cant do it they walk so slowly they might as wel not be moving! Damn if you're gonna text and walk learn where the buttons are, then you dont need to look at the phone!!

I just realized the title has a typo but i cant edit it so meh!I dont think its possible to distinguish between computers so it wouldnt work well in any noisy (meaning EMF noise) environment, however when you consider directional antennae you get a problem... by pointing the receiver directly at one machine you would probably be able to get a fairly clear reading and with the right software and hardware you could clean the noise up to reveal a clean signal. The researchers said they were using fairly low tech stuff so an organized gang could easily do better.It really is scary stuff considering EVERY keyboard is at risk (except ones using shielded cables of which i expect the only ones are in the military). Bad times!

Original Article (BBC) The story goes like this. You're in a hotel lobby on your laptop buying an expensive present with your credit card using paypal or some other recognized system. You enter your details while a strange man in the corner fiddles with his old style radio receiver. 3 days later your account is empty of cash. But how? Well the answer is a key logger than can work up to 20m away from the target computer, that man you saw in the corner with the receiver was actually tuning the antennae to the electromagnetic radiation created when you hit a key. Everytime you hit a key on the keyboard it sends an electrical impulse down a wire to the motherboard, as we know electric impulses create an electromagnetic field around them and this principal is used, but amplified, to send radio signals. So in theory if all electronic impulses create electromagnetic radiation then so does that impulse on your keyboard's wire, and with the right technology ANYONE can detect that radiation and decipher it to retrieve the key you pressed, and that is what researchers have done. Using one of 4 different receivers they were able to detect each key (or partially detect it) pressed and recreate what the user was typing on their own computer, which is exactly what a key logger does (well a logger saves the data but thats easy done once you have picked the data up). They tested their devices on different computers, using PS/2 and USB connections and with keyboards built in to laptops. Using one combination of antennae and keyboard they could detect the key strokes up to 20m away. So if they were malicious in their attempts they just stole your credit card info from 20m away! currently there is no commercial solution to this problem. I expect military computers have built in shielding but as for a home solution your only real option is to shield your cables manually and means lost of tin foil and copper wire

Ok ill submit that ticket now just to make sure things go smoothly! (damn opaque you got 1725 cents at the time of writing!) Thanks for the heads up

Sql Injection, its one of those terms that is banged around the internet, and not everyone knows what it is. Basically it is what it says it is, its a way of injection SQL code into a script (in this case a PHP script) that connects to, and queries a databae, specifically an SQL based database. So how do you inject code into code? Think about this logically and with some code examples, the following code takes the users input in POST variables: $user = $_POST['username'];$pass = $_POST['password'];$query = mysql_query("SELECT * FROM users WHERE username='$user' AND password='$pass'");$rows = mysql_num_rows($query);if($rows == 1){ echo "logged in";} ELSE { echo "Wrong user/pass";} NOTE: This code may or may not work, im not testing any code i use here, its mainly for illustrative purposes. So the basics of it are: we get the username/password entered by the user, check the database for a row with those details. If there is ONE row it means the user and pass are correct and we log them in. Otherwise chuck em out! If i entered username: admin password: password the query looks like this: $query = mysql_query("SELECT * FROM users WHERE username='admin' AND password='password'"); But what happens if i enter this: username: ' OR 1='1' password: ' OR 1='1' our query looks like this: $query = mysql_query("SELECT * FROM users WHERE username='' OR 1='1' AND password='' OR 1='1'"); In other words: Select everything from the table where the username matches '' (nothing) OR where the number 1 is equal to the number 1. Now of course 1='1' is TRUE because 1 does equal 1 and so the script logs you in even though you never entered a real username or password. As far as the code is concerned the query returned TRUE and so it logs you in. THAT IS BAD! Not only can i log in without having a valid username and password, what happens if i enter my username: ' DROP TABLE 'tablename' --? (-- is the comment character in SQL so everything AFTER the -- is ignored by SQL we now have: $query = mysql_query("SELECT * FROM users WHERE username='' DROP TABLE 'tablename' -- AND password='' "); so our SQL does the following: select everything in the table where username = NOTHING then delete the entire table called tablename then ignore everything after -- ignored ignored ignored ignored...... So ive just delete EVERY user your site ever had! Bad times! So how do you protect your sites against these attacks? Pretty complicated i suppose? So many things that can go wrong it must be a complex solution! WRONG! ONe function solves ALL these problems! mysql_real_escape_string(STRING, LINK TO DATABASE);//for example:mysql_real_escape_string($username, $link); That little function will prevent all those bad things happening to you. Remember however that you MUST connect to the database BEFORE you use this function. The $link variable there is the resource ID for the connection to the database, this is needed because mysql_real_escape_string() will format the STRING in accordance with the database format. So this function should work on ANY database compatible with mysql (hopefully). So here is our fixed and secure code: $user = $_POST['username'];$pass = $_POST['password'];$pass = mysql_real_escape_string($pass, $link);$query = mysql_query("SELECT * FROM users WHERE username='$user' AND password='$pass'");$rows = mysql_num_rows($query);if($rows == 1){ echo "logged in";} ELSE { echo "Wrong user/pass";} I hope that helped some people This vulnerability is NOT limited to login systems. Any system with a mysql_query using user submitted variable data is a possible target. In one study out of 1000 sites 11.8% were vulnerable against this attack. Not a huge percentage, but how many websites are out there? now work out 10% of that number... Big number huh?!

Im a PHP developer, so i say PHP is fast on the whole, Java requires a an applet to load which could take 1 second or 30 seconds depending on the user's computer speed. .net is (i think?) powered by and run on a windows based system. PHP can be run on a linux system (which is what i prefer when choosing hosting) If you consider that (i think) EVERY linux distro/server IS faster than a comparable windows system it seems that PHP, hosted on a linux server would be the fastest.Thats just what i think though!

Ive no idea how its calculated! Presumably its calculated on a timed basis so every X hours it updates (perhaps 4-5, the same as the billing update) Nice to logon and see you suddenly have 60 more cents though!

No worries :)I wonder if it would be possible to prevent this problem in future? I cant be the only one that will change their email on the forums and forget the other one so it might be an idea for Opaque to consider a unique reference that is separate from email addresses and that cant be changed. Perhaps just generate an MD5 hash of their username and password combined or something and use that as a reference to link the two accounts.Just a suggestion anyway, i know its still in fairly early stages yet and there will be many changes, but great work so far! Opaque is making me a rich man! (almost )

The only way to do this would be to set up the HOST computer (the one with the file on it) as an FTP server, and then use an FTP client on the other computer to connect and download the file.Bear in mind that 1gb is a HUGE amount of data and would take perhaps 10 hours or more to transfer (and thats on a fast connection, on a slower connection EG 1mb/second it might take a full 24 hours or more)

Keep an eye on your MyCent value under your forum avatar, when that reaches 100 or more you will be flagged for an update. As i understand it these updates happen every 4-5 hours, so if like me and SM (at the time of writing this) we have over 100 credits but our billing page hasnt changed yet because the the update hasnt happened yet, so if you had 99 cents at the time of update you'd have to wait another 4 or 5 hours at least for it to update.As of the time of writing this you (sky) have 54.66 cents so its not too far from getting 100 and then getting the billing updated. Make sure that your emails match too, even if you registered with the same email make sure you didnt change your email on one of the sites like i did! Because if they dont match the script cant get the data from the forums.EDIT: Seems i was beaten to it!

The domain name and hosting are different, but you get a subdomain name with your hosting for free. for example you get something like yoursitename.trap17.com for free, or you can buy something like yoursitename.com for about $10 per year (i think) When you get 10 credits (you can check how many you have when you login it will display your credits near the top of the page) you then apply for hosting by going into the "Free webhosting requests" forum and following the instructions. IF you have the 10 credits and all of your posts are decent, good quality posts then you will be given free hosting with 20mb space (or if you chose the 30 credit plan, 500mb) and the subdomain you chose (example: veerumits.trap17.com) If at a later date you want veerumits.com as your website name you have to buy that with real money or 250 credits. Your hosting credits show how many days free hosting you have. When you apply for free hosting 10 credits (or 30 if you chose the 30 credit plan) will be taken away from you to pay for it. Then if you have 3 credits left you have 3 days of hosting left. IF you have 20 credits then you have 20 days hosting. To increase your credits you just post on the forums. So if you make one post per day on the forums you will probably earn about 1 credit per day, but only if your posts are long enough and of a good quality. The basic rule is that as long as you post topics/replies on the forums you will have free web hosting. If your credits reach 0 or lower your site will be suspended, so no-one will be able to see it until you get 1 credit or more again (by posting on the forums) This link will explain it more fully: http://forums.xisto.com/index.php?actE=01&HID=18

You would have to use Javascript i think, but as i said i dont know much javascript so i cant do it for you. If you know javascript than make some code that does what i described and it should work i think. Im not sure though, it was just an idea!

I dont really write Javascript but could you do something like:print page onedocument.location = pagetwo.htmprint page twodocument.location = pagethreee.htmprint page threeand so on?

Will do, thanks for the prompt reply :PJust to confirm: I have updated the BILLING email to set it to the NEW address im using. correct? (i think thats right but i dont want to screw the system up because i shouldve reset my FORUM email instead!)If thats correct then this topic can be closed :)If im wrong then let me know!

Thanks for replying, you answered everything there! Now we wait for the termination of hosting credits, quite exciting really Good good! I didnt really read in detail about what is included and whats optional! Thanks again for the great reply! Thats what sets T17 apart from other services, sure i could get free hosting somewhere else, but would i get the community? I doubt it very much! Lets hope things go smoothly!

I just rembered something.The email i used to sign up on the forums was a hotmail.com one. I signed up with the new credit system at the billing page with the hotmail.com address. So my forum and billing was linked. But then because i dont use my hotmail account anymore i changed my FORUM email to a gmail.com account. But my billing email is still the hotmail one. Does this matter? Should i change the billing email to the gmail address? Or leave it as it is?I would prefer to centralize all my emails to the gmail account, but if that will cause problems then i will leave it as it is. Im just not sure how the billing-forum interaction works, if the billing queries the forum once and links the accounts using something other than the email then i should be safe to have two different email addresses with no problems, but if the billing queries the forum more than once, using the email address as a reference then i would need to have them both the same, right?

Ive read the entire topic and theres one thing im not sure about...I HAVE signed up at the billing page with the same email and my accounts are linked. So what now? Currently as i understand it we are still using the credit system so at the moment one credit = one day. But i also understand that once fully upgraded the credits go away and we buy the hosting packages, i understand that fully.But what im not sure about is what i/we have to do while we wait? Are we still going to use credits untill the full update, at which point we will get an email saying "you have to go here now and buy hosting or your hosting goes away"? Or should i go to the billing page right now and buy hosting? i and many others of course dont want a week of downtime because we havent understood properly and didnt "buy" our hosting. So how will i/we know when we need to "buy" the hosting? Or should we buy it now? And thanks for this stuff, its really good. Confusing at first but i like it a lot, before we had two options, 10 credit plan or 30 credit plan, but now we can tailor it to EXACTLY what we want, if i dont want PHP then i save some "cash" to spend on something else, and if i decide i want to use some PHP i just add it on. Nice!

You could use robots.txt to prevent search engine bots accessing certain parts of your site. Presumably you use this to disallow all bot traffic to subdomain.trap17.com but ALLOW all bots to access domain.com Im not sure how that would work but it *might*. I cant remember the syntax for robots.txt but google it and youll find the answers. The other reason you get so many results from T17 is because T17 has a massive page rank meaning it comes near the top a lot and because all the posts are trawled by google any mention of your subdomain or domain (for example in your hosting/upgrade request posts) get pushed very high in the results list.Remember that a user wont be searching for mysite.com they will be searching for keywords so it might not list T17 at all with those keywords.

Ive never used vista, and the reason is this....: Youll find that vista is EXTREMELY heavy on RAM and CPU cycles. Its likely that you wont be able to reduce this amount by much at all because most of it is probably Vista itself. However disabling special effects like Aero (they may have renamed it, during the Beta it was called Aero, its where you can make windows transparent etc...) and disabling extras like the desktop clock, calendar etc....

Im currently have some fun annoying people in free for all with a 4 grenade launcher set up:m14 with nade launcherg363c with nade launcherOverkill perkExtreme Conditioning Good stuff for runnin and gunnin! It also really annoys people because i can whip round after being shot in the back and blow the hell outta that guy, then turn around and have 3 grenade launchers in case my first doesnt do the job! Good fun if i fire two at an enemy and he then thinks im empty, run up stairs, jump out the window behind him and blow him up from behind For hardcore team death (i love hardcore, id play hardcore free for all except they dont have it...) i have my stealth class which is very similar to your class but i use the M14 silenced with bandolier, UAV Jammer and dead silence. I then have a silenced pistol, a "90" something? I cant remember but is said to be the best all round pistol when silenced due to its reasonable capacity, speed and range/damage. The reason its silenced is that way if i need to do an emergency switch to pistol i still dont show up on UAV etc...

Booting linux is surprisingly easy. One guy in my class just brought in a bootable linux disc (i think it was DSL, Damn Small Linux or some other run from CD version) stuck it in the drive and wolla.... linuxIUd like to add that once he booted into linux there were no restrictions on what he could access. the HDD, network drives etc... and of course because it was booted on linux the only trace of it be online at all would be an IP in a connection log but with no username or other info it was pretty good, unless they looked at CCTV to see who used that computer at that exact time.

Aha! A question i could write a whole book on! But xpress got most of it down already! Let me talk about HTML and templates, HTML has already been described and it was the first language i ever learned, followed closely by javascript, then PHP, MYSQL syntax, CSS a little of VB and ive stopped there! IF you wanted to make a templste you would usually use a recognized format, for example you would draw it up in a graphics program first to create the graphics, perhaps having a section to the left containing a list of links, a large header image at the top and the content in the remaining space. To make the template fit the screen you have two options. The first is to use flexibly sizing. Within HTML you size objects with code like : Width=40% height= 100% so if i was sizing an image it would take up 100% of the browser's vertical space and only 40% of its horizontal space, so the image would be stretched from top to bottom, no matter what size window you had. If you have a screen which is 800px by 600px it would fill that space, or if you had a screen the size of a cinema screen it would still fill up all the vertical space. so you can see that if i was sizing a template i could use percentages to make sure a top image only took up 10% of the space leaving 90% for the webpage content. Or you can use static sizing using pixel values like: height=100px width=800px (you dont need to add "px" to the end but i usually do) So in this example the image would be 100px wide which is a VERY optimal size for a header image or any other part of a website as 800x600 is the second most common screen size so you would not loose out visitors. So if i were to create a template using pixel values i would make sure that all my content fits within 800px wide. That way 99% of computer users can see ALL of my website! Good times! As i said the first step in making a template is to draw it out on paper or a computer. You then create the individual elements. So you would draw the entire template and then cut and paste the little buttons and other graphics and save them individually. If you dont already know HTML try learning it, its pretty easy stuff! As for how do i know how tall to make the template, i dont need to. If i make a table that is 20 pixels high and i put in 100 lines of text that use up 400px of space the table will automatically get bigger to fit the text in (unless i tell it not to but why would i do that?!) So no matter what happens the HTML template will ALWAYS be tall enough for the content inside it. Also when you specify a background colour or something that will fill the whole page of the background. eg bgcolor=black would make the background black, no matter how long my page was, whether it was one page long or a million pages long, the background is always black, so theres no worries about the page turning plain white half way down!As touched on by xpress the interaction between PHP and a MYSQL database is fairly simple. There are a few steps:1) Connect to the database: $link = mysql_connect("Server", "username", "password"); 2) Select the database: mysql_select_db("database_name", $link); NOTE: "$link" is a variable as shown by the dollar sign. When doing the first step you must assign a variable to that function. Basically the first step creates a link to the database and that link is stored within the $link (or whatever you want to name it) variable. Its like a telephone call and the $link variable keeps the call open. Within this there is no connection!3) execute a query: (using xpress' example:) $result = mysql_query("SELECT * FROM table_name WHERE field='VALUE'", $link); NOTE: See the $link variable? It tells the code what connection to use. Also note ive added a WHERE clause, so if i put in a username where VALUE is it would look through the database and return any and all rows with the username i tell it to find. Useful!4) Get the data from the $result variable: We use a variable called an array. An array can store lots of info for example: $array[0] = "ZERO"; $array[1] = "ONE";That single variable can contain two (or a million!) different sets of data. So in my example of the query it might return 3 rows so we use: $row = mysql_fetch_array($result); So now the variable $row contains ALL of the data returned from the database ready for me to look through it, check it, show it to the user etc.....And they are the basic steps involved in using a MYSQL database with PHP. As i understand it (im not sure on this, even after about 2-3 years of personal experience!) MYSQL is simply a database format. In fact Microsoft Access has support for mysql code/queries. PhpMyAdmin is a tool used for managing these databases. (so you can imagine PhpMyAdmin is like Microsoft Access. It isnt a database in itself it is more like a program or tool used to make the database look friendly and easy to edit! I hope that helps PHP is an amazing language! So much can be done with it. In fact what language powers this forum? PHP! alongside CSS (for formatting) Javascript (the shoutbox (technically AJAX but basically Javascript!) and for the quick reply) MYSQL (to get the data our of the database, this data includes user login info and post data etc..) HTML of course to build the actual page. and i think thats it! SO if you were good enough you could make your own forum, shopping cart, login systems, contact forms, newsletter mailing lists, text based games (like those text based RPGs) Profile sites and sites like myspace etc... loads of stuff!To make graphical games you would need to learn a language like Java or flash which do indeed use libraries and object/class files. But i never got on with those!