Spectre

But that's not what he wants to do. Simply use the header() function within a script to overwrite the original status and send a 404 message: header('HTTP/1.1 404 Not Found',true);

You don't need to do that in any version of MySQL - although you can, and it may be considered more 'correct' by some, there is absolutely no requirement to enclose table names in `. The error just means that the query returned no values, as has been suggested. Simply add an conditional check, and it should work fine, such as: if( $mkquery && @mysql_num_rows($mkquery) > 0 ) Also, you are not sanitizing the user input at all, allowing for the possibility of injection - eg. putting ' OR 1=1 in the username field.

The Smarty Template Engine is a simple to use, yet powerful and effective templating system that should suit your needs.

I see. But how do you know that is using PHP to directly access Messenger? As I said, it could be done by developing a program in a more suitable language (eg. C/C++), and then allowing PHP to interface with that program - and I would guess that's what they've done here. PHP is designed primarily for webscripting, and is not a good language for maintaining persistant connections - as I also said, it's intended to simply do what needs to be done, then finish everything and deliver output to the user. Again, I don't know, they may have done it using only PHP - but I doubt it. Just because the pages you view are utilising PHP does not mean that is where the actual work is being done.

PHP isn't exactly designed for this kind of thing. An MSN client would require a constant connection to the server, and a PHP script is intended to be executed quickly, and then terminate and send all output to the client via the webserver. Although I guess it would theoretically be possible to create an MSN client in PHP (if you knew the protocol it uses, which I don't), it would probably be one of the worst languages you could do it in, and would be absolutely terrible running on a standard webserver. A better way, I think, would be to create a standalone program that acts as an MSN API and allows PHP to interface with it. Oh, and I'm assuming you mean an MSN client that actually operates on the network allowing standard Messenger-like interaction with other users using the standard client, not just a simple chat script or something like MSN.

You can either use 'ping' or 'traceroute' on Linux. The name 'ping' comes from the likeness to sonar, in that it sends out a 'ping' and then awaits its return. It's essentially simply to test for network connectivity, allowing the network user to troubleshoot problems and isolate areas where communication is failing. It simply sends out an ICMP request, and awaits the response from the host, which it will hopefully return if it is active; however, some ISPs, as well as routers and firewalls, filter out ICMP packets, meaning that even if the host is active you may not receive a reply. An example of this is 'microsoft.com' - whenever I try and send a standard ping request to the hostname, it won't return a reply, most likely due to the large number of viruses that ping Microsoft's servers in order to test for an active Internet connection. It's worth noting that 'traceroute' on Linux uses a different protocol (UDP rather than ICMP) for 'pinging' hosts, so it can sometimes be used where ping fails.

The smilies go into the /images directory - there should be a subdirectory under that called 'smilies' or something along those lines. To edit the footer, there should a template called something like 'footer.tpl' or 'body_footer.tpl' or 'overall_footer.tpl' or anything containing 'footer' - just have a sniff around the template's directory and you should find it. I haven't played with phpBB for quite a while, so that's just from vague memory.

Try inversing the original regular expression, so that it scans for any characters which are not in the given set (in this case, anything that is not alphanumeric): if (ereg('[^a-zA-Z0-9]', $username)) { echo 'Invalid characters.'; } else { echo 'OK.'; } You can always add to the set to include other characters you want to allow, such as hyphens/dashes and underscores: [^a-zA-Z0-9\-_] The problem with the original expression is that it was matching any string that contained a consecutive set of alphanumeric characters at the start of the string. If any other characters followed, it simply ignored them, but still matched the expression.

A like PHP. I wouldn't go so far as to say I love it. Just a little expansion and clarification. preg_replace() uses the Perl-compatible regular expression engine built into PHP (as do all preg_ functions) to perform a regex search and replace operation on a given string, where the subject is searched for a pattern matching that given and replaced with the specified replacement (which can contain backreferences to the pattern matched). str_replace() is just a very simple static search and replace function for strings, where it replaces all given instances of one string within another with a specified value. preg_replace() is so much more powerful due to its harnessing PCRE - however, this means it is also slower, and should not be used unless required. Quotes only need to be escaped when that exact character is being used as a string delimiter. For instance, the string 'a"b"c' is perfectly legal, without the double quotes being escaped, as single quotes are acting as string delimiters - however, were the double quotes single quotes instead, they would need to be escaped, for example: 'a\'b\'c'. Within single quotes, no other characters will ever be escaped other than single quotes - so '\n' remains just that, whereas "\n" is the equivalent of chr(10) (and "\r" the equivalent of chr(13)). Variables will also be substituted within double quotes - eg. "the value is $variable" will become "the value is x" (assuming x is the value of the variable $variable - if that makes any sense at all). Because of these two factors, it is better to use single quotes where possible, even if this means concatenating strings delimited via two different sets of quotes (eg. 'start' . "\n" . 'end'), as it will always be faster. Although the speed difference generally isn't noticable, it can begin to slow down if large amounts of text is being processed, or if it is happening in rapid succession (eg. the code behind a very popular website), and it's simply a good programming practice to write clean, fast and efficient code. So anyway, that's my two and half cents worth.

Wow, you can really get someone's IP? I would imagine you would know all sorts of terrible things you could do with it then - such as ping it... or fire up your Windows-based port scanner with an extensive step-by-step GUI to see if you can find anything about which you have no idea... Don't mean to be rude, but it gets annoying the number of people that seem to think getting someone's IP turns them into some sort of uber hacker. Your IP is delivered to every single website you visit, and (probably) recorded for every single file you download. It's publicly viewable when downloading over such protocols as BitTorrent, and really doesn't mean a great deal in its own at all. Unless you know what you are doing. Additionaly, the code you copied (view cache) is very poorly written, and more than likely to cause errors at some point in time.

Well, evidently, the str_repeat function requires the second argument to be of integer value above 0. The 'iif' statement isn't natively supported in PHP (nor in many other languages) as far as I know, so I'm assuming it's user-defined within one of your scripts; but a quick bit of research indicates that it operates on the basis of 'iif(condition,true,false)' meaning that it is evaluating '$navlinks['level'] - 1' if '$navlinks['level']' is any different to 1 - such as if it is 0, meaning that '$navlinks['level'] - 1' obviously become less than 0 and therefore illegal in that context. Additionally, I would recommend simply using 'condition ? true : false' as it is natively supported by both PHP and a wider range of languages, and much more likely to be recognised and understood by more people.

Although not impossible, it is very difficult to guess a session ID by simply typing it into the URL. Additionally, sessions should always be re-enforced with IP checking, so if the IP 'x.x.x.x' establishes the session, an access attempt from 'y.y.y.y' with that session ID should result in the session being cleared and reauthentication required. As sessions usually only last for as long the browser window is open, the likelihood of a user changing IP addresses whilst using that session is slim.

Although for search engine purposes I wouldn't recommend it, it is possible to have PHP append the session ID to all links (eg. a link to '/page.php' becomes '/page.php?PHPSESSID=x'), as you've probably seen before. This eliminates the use of cookies.

The way most systems that use MD5 to protect user passwords, such as IPB, allow for password retrieval is by resetting the password to something random (although I would recommend using at least 6 alphanumer characters, rather than a digit) after email confirmation. Here's a very quick example of generating a random password: $pass_string = '';// Make password a random length between 6 and 12 characters.$length = rand(6,12);for( $i=0;$i<$length;$i++ ) { // Randomly decided whether next character is a letter or number. $alpha_numeric = rand(0,5); if( $alpha_numeric <= 4 ) { // Randomly decide whether next letter character is upper- or lower-case. if( $alpha_numeric <= 1 ) { $pass_string .= chr(rand(65,90)); } else { $pass_string .= chr(rand(97,122)); } } else { $pass_string .= rand(0,9); }}

MD5 hashes can be 'cracked'. There is no question of that, and most people who deal with the 'message digest' algorithm are aware of it. It simply cannot be reversed - it is a one-way encryption algorithm, meaning once the 16 byte binary hash has been calculated, it can never be directly turned back into its original form (although there has been talk of it being possible to reverse the algorithm - but as cryptography isn't really my area, I couldn't tell you much more than that I've simply heard rumour of it). The way MD5 'crackers' work is by taking a list of passwords (either from a dictionary file or from those which it has generated), and encrypting each one using the same algorithm that the original password was encrypted with. The encrypted string is then checked against the string that was originally given to it to 'crack' - if they match, it obviously knows the plaintext form of the password, as the value of a hash is constant (eg. 'abc' will always be equal to '900150983cd24fb0d6963f7d28e17f72' in hexadecimal form when hashed - it does not vary at all as some other, usually reversable, encryption algorithms may). Anyway, this is all getting very off-topic... farsiscript, to address your solution simply, let me just say that it is never possible to reverse an MD5 hash, and you will therefore be unable to recover the passwords stored in the database in encrypted form. The only possible way would be to 'crack' each one individually - a process that could literally take years. If you need to be able to access passwords in plaintext, you must either store them as such, or encrypted using a simple reversable algorithm. The only thing I could suggest is forcing all users to log out, and then storing their passwords in plaintext form in the database next time they log back in (obviously after checking them against the hash, as per the normal login process).

Because you aren't specifying a password: '(using password: NO)'. Did you notice how old this thread was?

Um, ok then... PHP.net is obviously the official PHP site, where the language is developed and shared with the world, and the documentation resides. It is not a place for Flash tutorials or anything else that isn't explicitly PHP related (although some users do post the occasional demonstration script or code examples). If I were a PHP admin, I would most definately not post tutorials there, because that just isn't what the site is for. I think it's absolutely fine the way it is, and wouldn't want to change anything significant about it - there are many other sites dedicated to the language that offer tutorials, books, examples, and all the other things you mentioned, but PHP.net just isn't one of them. It has a purpose, and it serves it perfectly.

It should work fine, assuming you've connected to your MySQL host and defined a database to use via mysql_connect() and mysql_select_db() respectively (or used other appropriate functions) prior to executing the query. You might want to check the data in the database, and that you are referencing all fields correctly.Note also that 'LIMIT' starts at the first record (record 0) by default; so although it really doesn't matter, using 'LIMIT 0,X' will produce identical results as just using 'LIMIT X'. I tend to use the mysql_fetch_assoc() function as well instead of mysql_fetch_array() when requiring an associative array; but that doesn't really matter either.

MySQL allows you to sort results in either ascending or descending order. For example: mysql_query('SELECT field FROM table ORDER BY field2 DESC'); Where 'field2' contains the values you want all rows to be sorted by.

The problem is the variable '$2ndReferencenameaddressphone' which first appears on line 41 - although they can contain them, variables cannot begin with a number, and this one evidently does. A simple fix would be to replace all instances of '$2ndReferencenameaddressphone' with '$secondReferencenameaddressphone' or something similar (just make sure it's unique).

I seem to remember suggesting how to physically print with PHP in the first post I made in this thread - the only post which, might I point out, actually addressed the problem exactly as .hack//GU described it. I'm not saying there is never a benefit to dynamically displaying JavaScript code. If you read my previous post, I said 'In this case, there is absolutely no benefit...'. Yet you continue to insist there is. I'm glad you find my refusal to agree with pointlessly wasting time and inability to build an empty argument on that 'hilarious'. I share a similar view of your inability to grasp logic and reason.

*Sigh. Here we go again. Despite saying my previous post would be my last in this topic.. moldboy, please don't argue just for the sake of arguing. This is getting ridiculous and childish. Outputting JavaScript via PHP involves PHP doing nothing outside of sending the data as output; it has absolutely no influence over nor is it all influenced by how the outputted JavaScript operates. Obviously, having PHP send output is using PHP; I was referring to the fact that it is not using PHP to instigate whatever operation the JavaScript will then execute. In this case, there is absolutely no benefit in having PHP send JavaScript as output over simply having it contained staticly within a file - quite the opposite in fact, it will result in further processing power being required in order to have the PHP output a non-dynamic piece of plaintext, especially if you use doublequotes as elrohir suggested. Illogical, pointless things frustrate me no end.

I don't think he wants to remove HTML, as such, just make it so that it is displayed as plaintext rather than as HTML. As has already been mentioned, htmlentities() will do this for you by converting certain characters into their HTML entities (&[htmlentity]; which can either be a number of predefined entity titles, or the ASCII value of the character) - however, it's not a 100% surefire way to prevent injection. I don't know exactly how IPB sanitizes posts, but it is quite an extensive process. Anyway, that's going off topic; back to the original problem. You could try something like: $post = htmlentities($post);$post = str_replace("\r\n","\n",$post);$post = preg_replace('#([\n]+)#e', 'strlen("$1")>1?"<p />\n":"<br />\n";', $post);What that should do (it's untested and only theoretical) is replace all single instances of '\n' (new line character) with a '<br>' (line break), and all multiple instances with a '<p>' (paragraph). Strictly speaking, <p> tags should be closed, but it will result in the desired visual affect. Hope that helps.

PHP comes equipped with a host of very useful filesystem functions. file_get_contents() (PHP >= 4.3.0 only) is basically a shorter method of what you are trying to do - it reads an entire file into a string, but with one simple function. You can then do with the string as you will. The file() function is also a useful method for reading a file into an array line by line. I'm not 100% sure what you are attempting to do, but if it's what I think it is, try something like this: <?php$sou = file_get_contents($urladd);$sou = str_replace("\r\n","\n",$sou);$sou_a = explode("\n",$sou);for( $i=0;$i<count($sou_a);$i++ ) { mysql_query('INSERT INTO table (field) VALUES (\'' . @mysql_escape_string($sou_a[$i]) . '\')');}?>

I don't want to argue about this with you anymore. You clearly know little about PHP - which is fine, but just don't pretend otherwise. It's not a difficult language to learn, so perhaps you could take the time one day. I'm not trying to pretend I'm an expert or anything either. Echoing static text does nothing that you couldn't do without putting it into a static file. Echoing JavaScript with PHP does not use PHP at all, other than to output the plaintext code. Just to re-iterate for the 300th time. Printing can be achieved with PHP (although possibly not directly - ie. executing a system call on the server side to print data) - why you would use it for such a purpose I don't know, but it is possible. Having the server print files via PHP and having JavaScript print files via the client's browser are two very different things. I don't know why you would even suggest outputting JavaScript from PHP as a method that uses PHP, because it doesn't. It is an alternative way, yes, but it is completely irrelavent to PHP. PHP is not natively capable of processing JavaScript code. This is the last time I am going to post in this thread. I'm glad .hack//GU's problem appears to be solved; although it seems it was completey different from as he originally described. And because it doesn't seem to be getting through: no matter how you want to acheive it, text which is sent as output via PHP is never treated as anything other than text. Therefore... <!-- Having this in a HTML file: --><script language="JavaScript">alert('blah');</script><!-- Is identical to having this in a PHP file: --><?phpecho '<script language="JavaScript">alert(\'blah\');</script>';// Orecho "<script language=\"JavaScript\">alert('blah');</script>";// Ordie('<script language="JavaScript">alert(\'blah\');</script>');// Orexit('<script language="JavaScript">alert(\'blah\');</script>');// Orprint('<script language="JavaScript">alert(\'blah\');</script>');?>