Jump to content
xisto Community

electron

Members
  • Content Count

    163
  • Joined

  • Last visited

Everything posted by electron

  1. It is in the main folder where your forum is placed.If you cant log in to CPanel tru using FTP and then copy the contents of Settings_bak.php to Settings.php .
  2. Has anyone been able to send the Mail.Well i guess i have figured out the problem.The server sends an error number 220 rather than 250 on Saying 'HELO mail.subdomain.trap17.com'.(Standard form of shking hands with the mail client.)Is everyone experiencing the same thing.Please let me know.
  3. No need to do that reuploading stuff.I suffered from them too.Everything is just fine they have just edited the Settings.php in your forum that SMF leaves it at CHMOD 777.Replace the contents of it with Settings_bak.php .The page you see 'Hacked by SpyHackerz.......' is in the Settings.php .And now i got it how they get through.We all leave the Settings.php CHMOD to 777 which can be accessed from a account on Xisto.com as there may be a bug with CPanel on restriction between accounts.Using that they just change the Settings.php .I am just assuming the bug.Dont reload the SMF files.
  4. Well nice one but use sha1() function rather than MD5().But its a good one
  5. Well you should use a salt for additional security.Now a salt is a additional number that is specific only to the user like his ID or day of signup.This is because MD5 gives the same encrypted text for some words (though one in a million match).So for additional security from hackers and for the safety of the users use a salt like the users id.Just join the users id with the password given by him and then use md5 to encrypt it.That should do the trick.Also sha1() is a more popular and believed to be more safer encrypting technique for the passwords and secret answers to the questions.
  6. I never understood that why did the files have the numbers at the end of the files what do the indicate.Also why did you change all the days into numbers as their day numbers.Is it some style of recording dates.
  7. Well i dont think that the credit point system would be that tough.It is long but not that head breaking.I mean the way you get credits and the thing you get credits would be exactly reversed or recalculated whenever that thing for which the credit is given is changed or simply done with(in this case posts).Wherever you give points for the posts you reverse it or recalculate it.The main tough part is that how did you guys integrate it into the CPanel software that is on the LINUX OS to suspend the account when the hosting credits are insufficient OR to UN-suspend the same when the credits are back by way of posting.It needs to act simultaneously with the Forum and that i am unaware of.
  8. Well if you have any PHP software running on the computer you could actually check the session files in the PHP Directory.Also only one thing is stored on the Client Side(User) i.e. the PHPSESSID (PHP Session ID) which is actually a 32 bit character code and is transmitted with the help of GET method or COOKIES.Anyone who has that PHPSESSID gets access to all you data.On the Server Side the information is stored in a temporary directory and the name of the file is the PHPSESSID itself.All the info in the file is deleted after a particular time and not when the user leaves the site.This time limit is in the PHP.ini file.Hope you get a clear info now
  9. I am using RC3 and it was only hacked. Also i am not raising the question the Xisto has a security hole. I thought u guys might be knowing something
  10. Well i have asked the SMF guys lets see.
  11. You can have everything in just one page. Use an array the way you did in the case of the array you build of all the files. So the array would look like this: <?php$number['number1'] = "<img src=\"images/number1.gif\" width=\"57\" height=\"171\" alt=\"\">";$number['number2'] = "<img src=\"images/number2.gif\" width=\"57\" height=\"171\" alt=\"\">";$number['number3'] = "<img src=\"images/number3.gif\" width=\"57\" height=\"171\" alt=\"\">";$number['number4'] = "<img src=\"images/number4.gif\" width=\"57\" height=\"171\" alt=\"\">";?> Now just use you if condition and call the Variable you got. That was easy and you dont need to include a file for that. However if you wanted to include then first include and then use array. Hope that helps
  12. I dont know how but my board was hacked by some site by the name Spyhackerz.com . I use SMF as my board and the main settings file Settings.php was hacked. This file had the password of my DB and i dont know whether they have it or not. They changed its content to the following: <html><head><meta http-equiv="Content-Language" content="tr"><meta http-equiv="Content-Type" content="text/html; charset=windows-1254"><title>Hacked by Spyhackerz.com</title></head><body bgcolor="#000000"><p align="center"><a href="http://www.spyhackerz.com/'>http://http://www.spyhackerz.com/;&'>http://www.spyhackerz.com/'>http://http://www.spyhackerz.com/;& border="0" src="http://rootingsabotage.sitemynet.com/sht.jpg" width="503" height="387"></a></p><p align="center"><font face="Verdana"><b><font color="#FFFFFF"><a href="http://www.spyhackerz.com/'>http://http://www.spyhackerz.com/ color="#FFFF00">http://www.spyhackerz.com/ color="#FFFF00"></font></b></font></p><p align="center"> <EMBED src=http://spyhackerz.com/music/index.mp3 width=20 height=15 autostart="true" loop="true"></p><p align="center"> </p></body></html> Well do you guys know of this.Do those guys have my password now. I changed back my file and my Board is working now. Please help as this is a very very serious matter
  13. These characters are allowed and infact they act as a distinguishing factor if the name of the table or field resembles a name of a MySQL function like SUM .It is advisable to use it rather.By the way Arne-Christian you have used a class in PHP but not given the entire class and gave only the functions.Please post the entire class.
  14. Well thats quite easy if the name is not imprtant or if the name is common and it has many subfields that you just have to process.My method includes an array and a foreach loopYou could name the input fields as say 'name[]'.Notice the square brackets([]).Name all of your fields with this name.In PHP it would be posted as a array.So you could use its values as $_POST['name'][n]('n' stands for the array key).To process the fields use the foreach loop.This method is used for multiple input fields whose numbers are not fixed and keep on varying e.g. for a multiple file upload it is used.However yo wouldnt know the actual use of a particular field as thats not you objective.
  15. Well (int) is not a function.If you place this before anything PHP will convert it to an integer even though it is a string .But it must be numeric.Non numeric characters will make it value to Zero.It is very useful for forms using GET/POST and fields whose values are to be integers.You can also convert a integer to a string by ptting before the VARIABLE (string).
  16. Well i did that and then too i couldnt get it to work.I am not interested anymore for it.The thing i couldnt get to work is that after filling in the form it doesnt save the changes.Therefore it did not work.
  17. Well there is even for PHPBB and SMF try those out.Are you starting a free forum hosting service or something.Well SMF is better i believe as long as PHPBB3 isnt out of the BETA Testing Stages.
  18. Well it is submitting the POST VARS but you are redirecting it to another page so the POT Values dont get redirected.Hence it is not working.Instead of redirecting include the processing file in the same page if the $_POST['Submit'] is set or show the form.I doubt that this is even working in Internet Explorer or FireFox as this is not a brower issue but a PHP issue.Hope this works out.
  19. Well you couuld use a little security stuff.Like if you know the value of the $_GET['act'] is a Number you could use the is_numeric function that checks whether the $_GET['act'] is a number or no.This is because all the GET and POST VARS are treated as only strings and not numbers , integers or float values.You could also use the trim() function to trim white spaces in the value of the GET VAR or ARRAY Value.Also importantly use htmlentities() function of PHP to convert characters that could confuse either PHP or MySQL in case you are using it.If you dont do this then someone could make a MySQL injection attack or could confuse PHP to give you E_ERROR and then your script fails.Hence one must ensure safety in such a way.Hope this information was useful to you guys.
  20. Well session_start() must be the first thing you must call before any headers are outputed.If headers are first called before the session_start() function is called it would result in an E_WARNING level error.Your present script does not contain this function in the beginning resulting in this false return.Also I would like to add that Sessions are stored on the Server itself in a file or if you want in a Database like MySQL and the client is recognised by means of a SESSION ID that is transmitted through either the cookies on the Client side or through the URL using the GET Method. So if the user has no COOKIES Enbled it would again result in the failure of your script.Well this is just part of all the Security concerns and when sessions could fail.Hope this info helped.
  21. Well i feel you should rather use EasyPHP as it is better compared to XAMPP.It has all that XAMPP has and the main thing is that it is PATH indepedent. Meaning if you have EasyPHP on D:\ drive in windows and shift it to C:\ it will still work but not XAMPP.Also i think that you dont need to do changes to my.ini or php.ini .There might be a error with the code or your MySQL server might not be on. Both the PHP and the MySQL servers must be on.Please post your code that you used to connect to MySQL.
  22. Well to create a software would be a little tedious job.But if you want to use a free one try SMF.It is quite good and better than PHPBB2
  23. Thats exactly what i said.Xisto and most of the servers have this feature enabled.But if yo dont want Xisto SMTP google it out to send a mail without the Servers SMTP.There are many prebuilt ones
  24. Hey what do you want to do ? Do you want to use mod_rewrite in apache and make a not found page having the URL http://forums.xisto.com/no_longer_exists/ Or do you want to send a header that the page wasnt found. Please Clearify
  25. Well even i tried to use that stupid software but it didnt work.It was not good and it was taking me too much time to get through(10 min).So i left that thing and i would adwise you to find some better one.
×
×
  • Create New...

Important Information

Terms of Use | Privacy Policy | Guidelines | We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.