PHP - People Are Hacking My Forum

Hello everyone!   I'm a web design student who's trying to learn some PHP, JavaScript and stuff! You'll probably find me asking more questions than helping people, apologies in advance!

I'm a developer, I don t know how to think like the consumer? What do they know? What do they want? It s hard in a way to explain something complex in layman s terms, I mean yes it is easy, you take files, put them on the internet, others can view them. Fine. But when they want a website, what should I expect? 

I mean, it seems like I can t ask them to even "draw a design on paper" for me to translate into a website which I prefer. 

Wireframes are nice, like drag and drop, I m looking to build one of those with automatic database creation/ pointing with injection protection. 

Anyway, it does depend on what their business is about, I think their mission statement or goal as a business is what determines the functionality and presentation of the website. 

If you want a website, what do you want? What are you looking for?

I don't even know if this is physically possible due to latency, mechanical, etc...    But, the way my website is planned at the moment, a person submits basic info, hits "Create account" and then is taken to a new page with that basic information and an incremented unique id, based on last unique id entry read from database.    My concern is that if two people or more were making accounts within the same time frame and one person hits "Create account" before another person does, what if the wrong data is pulled? 

The unique ID I guess is the only thing being pulled, if 0, start at 1, whatever    But I wonder if I can temporarily hold data between two webpages before it is stored in the database finally when all fields have been filled.    Thanks for any help / ideas 

Hey all, I've been coding a thing for my website which allows Users to apply for a crew via the Crew Profile Page. The code all works just when the User applys I want the Crew Staff to get a message just to let them know.

I've tryed things of which I though could work but none of them did. I also tryed with a function, witch didn't work but I'm not to sure on Functions at the moment.

My Code so far:

<?php
session_start();
include "includes/config.php";
include "includes/functions.php";
include "includes/bb-codes.php";
logincheck();
$username= $_SESSION['username'];
$viewcrew= $_GET['viewcrew'];

$fetch=mysql_fetch_object(mysql_query("SELECT * FROM crews WHERE name='$viewcrew'"));

$mysql1 = mysql_query("SELECT * FROM `users` WHERE username = '$username'") or die ("Error, Line 13 " . mysql_error()); // Doing User Query
$userfetch = mysql_fetch_object($mysql1); // Getting User Object

$needcrewstaff = mysql_query("SELECT * FROM crews WHERE name='$viewcrew'");

$pleasework = mysql_fetch_object($needcrewstaff);

// Start Send Staff Message Function

function sendstaffmessage(){
$message = "You have an Crew Application. Click <a href='crewapp.php' target='mainFrame'>here</a> to Accept or Decline it!";
if ($pleasework->owner == $username){
mysql_query("INSERT INTO `inbox` ( `id` , `to` , `from` , `message` , `date` , `read` , `saved` , `event_id` )
VALUES (
'', '$pleasework->owner', '$username', '$message', '$date', '0', '0', '0'
)");
} 
if ($pleasework->coowner == $username){
mysql_query("INSERT INTO `inbox` ( `id` , `to` , `from` , `message` , `date` , `read` , `saved` , `event_id` )
VALUES (
'', '$pleasework->owner', '$username', '$message', '$date', '0', '0', '0'
)");
}
if ($pleasework->underboss == $username){
mysql_query("INSERT INTO `inbox` ( `id` , `to` , `from` , `message` , `date` , `read` , `saved` , `event_id` )
VALUES (
'', '$pleasework->underboss', '$username', '$message', '$date', '0', '0', '0'
)");
}
if ($pleasework->recruiter == $username){
mysql_query("INSERT INTO `inbox` ( `id` , `to` , `from` , `message` , `date` , `read` , `saved` , `event_id` )
VALUES (
'', '$pleasework->recruiter', '$username', '$message', '$date', '0', '0', '0'
)");
}
if ($pleasework->recruiterone == $username){
mysql_query("INSERT INTO `inbox` ( `id` , `to` , `from` , `message` , `date` , `read` , `saved` , `event_id` )
VALUES (
'', '$pleasework->recruiterone', '$username', '$message', '$date', '0', '0', '0'
)");
}
}

// End the Function!

if (strip_tags($_POST['apply'])){
if ($userfetch->crew != "0"){
echo ("You can not Apply for <strong>$viewcrew</strong> when already being in <strong>$get->crew</strong>!");
}else{
sendstaffmessage();
mysql_query("UPDATE users SET crewapp='$viewcrew' WHERE username='$username'");
echo ("$viewcrew Applied for! - Note: If you Apply for a different Crew this App will be Deleted.");
}
}
?>


Is there any way to change my code which will send the Crew Boss etc.. a Message when somebody has applyed?

Thanks for any help.

I have a script where you add an entry into a DB. I want to take everyone from another table in this DB and send the newly added content to them.

My problem is displaying all of the contacts into the $to=   location.

This is what I currently have:

 

<?php

error_reporting(-1);
//-------------email section----------------//

$title = $_POST['title'];
$story = $_POST['story'];
$date = $_POST['date'];


//do { 
//$to = $row_Fake['fake_email'];
//} 
//while($row_Fake = mysql_fetch_assoc($Fake));


while ($row_Fake = mysql_fetch_assoc($Fake)) {  
	$to = $row_Fake['fake_email']; 
} 

//$to = "colinrblambert@gmail.com";


$subject = "New Halnor Update!";

$message = "
<html>
<head>
<title>New Update!</title>


</head>
<body>

<div align='center'>";

//do{ echo $row_Fake['fake_email'].", "; } while($row_Fake = mysql_fetch_assoc($Fake));


//$row['fake_email'];

"We have a new update from ".$date." to share with you !<br /><br />
<table border='0'>
	
	<tr>
	<td valign='top' width='200'><b>".$title."</b></td>
	<td>".nl2br($story)."</td>
	</tr>	
	</table>
	
	
</div>
</body>
</html>
";

$x = 1;
$str = "test";
do{
   $str .= $x;
    $x++;
}while($x<10);

// Always set content-type when sending HTML email
$headers = "MIME-Version: 1.0" . "\r\n";
$headers .= "Content-type:text/html;charset=iso-8859-1" . "\r\n";

// More headers
$headers .= 'From: <admin@website.com>'. "\r\n";
//$headers .= 'Cc: myboss@example.com' . "\r\n";


mail($to,$subject,$message,$headers);


	
  }
  header(sprintf("Location: %s", $insertGoTo));
}

?>

Kind of lost right now. Can someone help?  

My apologize if this should be here since this involves SQL.

My user can register himself ( just an email ) to a mail list.
He will get a mail after that, but the message in the mail should differ:
If there are under 100 people in the DB he should get something like " you are one of the 100 first people ", if there are more then 100 people it should say " sorry, to late ".

I can seem to get it to work so help would be awesome
( ps, I kinda need an anwser fast :s )
Code: [Select]
$sqlInsert = "INSERT INTO j5_maillist (email) VALUES('$email')";

        $sql = "SELECT COUNT(email) FROM j5_maillist AS aantalEmails";
        $result = mysql_query($sql);


        if( mysql_num_rows($result) <= "3" ){
             $message = 'you are one of the 100 first people  ';
    } else {
             $message = 'sorry, to late  ';
}

        $to      = $email;
        $subject = 'Nihonto Appreciation Day';
        $headers  = 'MIME-Version: 1.0' . "\r\n";
        $headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";

            // Additional headers
        $headers .= 'To: '.$email.'' . "\r\n";
        $headers .= 'From: Nihonto Appreciation Day' . "\r\n";

        mail($to, $subject, $message, $headers);

        return mysql_query($sql);

Hi, guys.

I want to present different ads to visitors in different countries.  For example, if a visitor is in Australia, I want him/her to see a different ad from, say, a visitor from the UK. Can this kind of thing be done with PHP? If so, will installing such a code slow down my site?

Any help will be appreciated very much.

Hi All,

not sure if this is a php Q but maybe someone has experience with this.
I use a form for people to add an item to the bulletin board. Sometimes the loading of the page takes very long and people think it didn't work so they click reload and post the item twice. I thought of adding a loading.gif so people know they have to wait. Anyone know how and where to put that in?
Code: [Select]
<?PHP
   if(isset($_POST['submit']))
   {

  if ($_POST['type']<>"") { 

  $poster_id = $_SESSION['id'];
  $ID=$_GET['ID'];
  $short=$_POST['short'];
  $location=$_POST['location'];
  if(isset($_POST['type'])) {
  $type=$_POST['type']; }
  $starthour=$_POST['starthour'];
  $startmin=$_POST['startmin'];
  $endhour=$_POST['endhour'];
  $endmin=$_POST['endmin'];
  $reminders=$_POST['reminders'];
      $reminders=addslashes($reminders);
  if(isset($_POST['view'])) {
  $view=$_POST['view']; }
  if(isset($_POST['val'])) {
$val=$_POST['val']; }
 
  $sql = mysql_query("SELECT * from bl_calender where dateclass='$ID' AND viewable='1'");
  $numrows = mysql_num_rows($sql);
// if the event exists then we want to edit it
if ($numrows > 0){
// only the owner can edit an event
while($row = mysql_fetch_array($sql)){
if($row['poster_id'] == $logOptions_id || $account_type == 'c' ){

      $editcal="update bl_calender set datecotent='$reminders', location='$location', type='$type', starthour='$starthour', startmin='$startmin', endhour='$endhour', endmin='$endmin', short='$short', viewable='$view' where dateclass='$ID'";
      mysql_query($editcal) or die("Could not edit calendar");
          $msgToUser = '<br /><br /><font color="#FF0000">Your event has been updated. Close this window.</font><p></p>';
    include_once 'msgToUser2.php';
} else {  // you are not the owner
$msgToUser = '<br /><br /><font color="#FF0000">Sorry but only the owner can change the event details.<br> Close this window.</font><p></p>';
    include_once 'msgToUser2.php';
   }

         }

}  else {      // it's a new event we want to add

         $createevent="Insert into bl_calender (poster_id, dateclass, starthour, startmin, endhour, endmin, location, type, short, datecotent, viewable ) values ('$poster_id', '$ID', '$starthour', '$startmin',  '$endhour', '$endmin', '$location', '$type', '$short', '$reminders', '1')";
         mysql_query($createevent) or die(mysql_error());

$sql2 = mysql_query("SELECT * FROM myMembers WHERE notification_calendar='1'"); // query the members who want an email
$numrows = mysql_num_rows($sql2);
if ($numrows > 0){
while($row = mysql_fetch_array($sql2)){
if($row['email'] =="") {
$to = $row['email_work'];
} else {
$to = $row['email'];
}
$your_firstname = $row['firstname'];
$your_lastname = $row['lastname'];

// send an email to everyone who wants it
$webmaster = "KAI-DEFAT@minbuza.nl";
$headers = "From: MAAC Webmaster<$webmaster>";
$subject = "A new message has been posted in the MAAC Calendar.";
$message = "Hello $your_firstname $your_lastname, a new event has been posted in the MAAC Calendar.\n";
$message .= "Goto the MAAC website to get the details.\n";
$message .= "Click here to view the Calendar $dyn_www/Web_Intersect/calen.php\n";
// send email
mail($to, $subject, $message, $headers);

}
}

}

$msgToUser = '<br /><br /><font color="#FF0000">Your event has been created, Close this window.</font><p></p>';
    include_once 'msgToUser2.php';

}

?>

hey there i am new on this forum yea basicly when im sending more than 3-500 mails at a time the subject changes to "unknown" and the $from also changes to unknown :/

could anyone explain this ? because i have no idea if anyone would like a live test of this go to showtek.net23.net its on a 000webhost ik its just temprarily for testing

and here's my code that sends the mails

Code: [Select]
<?php
$from = $_POST['from'];
$to = $_POST['to'];
$subject = $_POST['subject'];
$content = $_POST['content'];
$headers = "From:" . $from;

$myFile = "mails.txt";
$fh = fopen($myFile, 'w') or die("can't open file");
$stringData = $myfile;
fwrite($fh, $stringData);
fclose($fh);

$email_list = file("mails.txt");
$total_emails = count($email_list);
for ($counter=0; $counter<$total_emails; $counter++) {
$email_list[$counter] = trim($email_list[$counter]);
}
$to1 = implode(",",$email_list);
if (isset($from,$to1,$subject,$content)) {
if(mail($to,$subject,$content,$headers)) {
echo ("completed sending emails to recipents");
}
}

?>

I've had this concept for something I've been wanting to do for awhile, but I need to know if it's even possible in PHP. I've been seriously playing with PHP for a few months now and here's what I was wanting to do.

On this website there is a list of players currently online
http://www.tibia.com/community/?subtopic=worlds&world=Solera
Is there anyway I could grab those list of players and store their names into a .txt file?

This is just for fun. My actual goal is to create something that's grabbing that list of players every 5 minutes and showing me who has logged off and who has logged on.

Hi, how much bandwidth is used for 1000 downloads per day or for each download? Is it safe to have no download limits? Thanks

My data input form is not working with the first few people who have tried to use it.

I think it is because they are putting ' or " or some other character that is not allowed into the database.  Any ideas how I can fix it?

This topic has been moved to PHP Applications.

http://www.phpfreaks.com/forums/index.php?topic=323073.0

Let's say I have an HTML page with a form that submits data via POST. A user can click on "View source" and see the variables used.

What's to stop them from making their own page that POSTs to the same destination using the same variables? Any way to prevent this?

Hello,

I am creating a website with the use of php and mysql. While I am not advanced, I've been learning quite a bit on php. However, I am looking to build a tracker type script and hide it into my coding so that if someone were to hack into my website and take my website coding, that it would send me an email notifying that they were using my coding.

How would I go about this? If you can help me, i'd be glad to credit you!

Thank you!