|
PHP - Check My Security Input Against Hackers
Code: [Select]
if ($ibforums->input['display1'] == "1"){ // }else{ $std->Error2("You're being Nawty!"); } Ok, this works fine. If they submit anything other then "1" for that input it shows "you're being nawty" but I want it to beable to be anything besides 1 or 0 so I added Code: [Select] if ($ibforums->input['display1'] == "0" OR "1"){ // }else{ $std->Error2("You're being Nawty!"); } and it still let's me submit anything...... i only want my $ibforums->input['display1'] to accept 1 or 0 as a input!!!! I don't want any hackers submitting other input values for this field! any help?! Similar TutorialsGood day friends, please i am still an upcoming developer please could you help me check if this contact form code is secured from hackers. Thanks
<?php Hi all, if someone of you has a little spare time i would love to hear what you find about the small code below. I combined some scattered stuff around the internet. and was hoping some guru could tell me if its ok to output without any sneaky javascript to get inserted within the tags or other nasty stuff. Its a bb code that first trims the string, applies html entities than puts newlines to breaks and finishes it of with a little bbcode in the end. I was hoping if this is secure enough to output text in this case a post var but am aiming for data from the database. Thanks in advance Code: [Select] <?php //replace stuff //bb function function bbcode($data) { $input = array( '/\[b\](.*?)\[\/b\]/is', '/\[i\](.*?)\[\/i\]/is', '/\[u\](.*?)\[\/u\]/is', '/\[img\](.*?)\[\/img\]/is', '/\[url\](.*?)\[\/url\]/is', '/\[url\=(.*?)\](.*?)\[\/url\]/is' ); $output = array( '<strong>$1</strong>', '<em>$1</em>', '<u>$1</u>', '<img src="$1" />', '<a href="$1">$1</a>', '<a href="$1">$2</a>' ); $rtrn = preg_replace ($input, $output, $data); return $rtrn; } // if(isset($_POST['submit'])&& !empty($_POST['textvar'])){ $error_message = ''; $string = trim(htmlentities($_POST['textvar'], ENT_QUOTES)); $clean = nl2br($string); $super_clean = bbcode($clean); }else{ $error_message = 'enter some text'; $clean = ''; $super_clean =''; } am I missing anymore input attacks to pass not having 2 of the same balls? Code: [Select] $numbers = "19|20|19"; $numArray = explode("|", $numbers); if ($numArray['0'] == $numArray['1'] OR $numArray['0'] == $numArray['2'] ){ $std->Error2("You cannot pick 2 numbers with the same ticket"); } The if function will see if 19 = 20, or 19 = 20 then I would it need to do $numArray['1'] == $numArray['2'] and so on right to get all possible ways? If so, is there a easier way instead of just using all OR Statements and not manually thinking about what possible way, isn't there just a way to check if 2 arrays are the same? (or 3) Hello, I'm creating an application where a user can input there own CSS. The problem I'm having is understanding if this will open security holes if... 1. Users input is saved to a file called style.css 2. Each user is on their own a sub-domain from my reseller hosting plan. 3. The style.css file will be included in the page code like so: Code: [Select] <link type='text/css' rel='stylesheet' href='style.css' /> Any advice? I am trying to keep the user input clean with this script but can't figure out what is wrong with it. the error I am getting is Warning: preg_match() expects parameter 1 to be string, $bad_strings = array( "content-type:", "mime-version:", "multipart/mixed", "Content-Transfer-Encoding:", "bcc:", "cc:", "to:", ); if (preg_match($bad_strings, $first_name)) { die; Hi, Just received this email from a random person saying they were able to obtain the username and password for the site admin page from the MySql Database: [07:33:33] [INFO] testing if GET parameter 'id' is dynamic [07:33:34] [INFO] confirming that GET parameter 'id' is dynamic [07:33:35] [INFO] GET parameter 'id' is dynamic [07:33:35] [INFO] testing sql injection on GET parameter 'id' with 0 parenthesis [07:33:35] [INFO] testing unescaped numeric injection on GET parameter 'id' [07:33:37] [INFO] confirming unescaped numeric injection on GET parameter 'id' [07:33:37] [INFO] GET parameter 'id' is unescaped numeric injectable with 0 parenthesis [07:33:37] [INFO] testing for parenthesis on injectable parameter [07:33:40] [INFO] the injectable parameter requires 0 parenthesis [07:33:40] [INFO] testing MySQL [07:33:41] [INFO] confirming MySQL [07:33:41] [INFO] query: SELECT 0 FROM information_schema.TABLES LIMIT 0, 1 [07:33:41] [INFO] retrieved: 0 [07:33:51] [INFO] performed 13 queries in 9 seconds [07:33:51] [INFO] the back-end DBMS is MySQL web server operating system: Linux Red Hat web application technology: PHP 5.2.11, Apache 2.2.3 back-end DBMS: MySQL >= 5.0.0 +-------+------------------------ +----------- +---------- +---------------------------------- +--------+--------------- + | admin | email | firstname | lastname | password | userid | username | +-------+------------------------ +----------- +---------- +---------------------------------- +--------+--------------- + | 1 | blah | blah | blah | blah | 1 | blah | +-------+------------------------ +----------- +---------- +---------------------------------- +--------+--------------- + blah MD5 : blah -- I've changed all the details to 'blah' for the purpose of this post. Does anyone know how I can secure my PHP to stock this injection? Thanks, Jack In the form below how do I alter the code so when someone types something into the email that is clearly not recognized an an email address it either asks the customer to recheck or fails
<tr>
<td align="right"><?php echo $LANG['index_email_add']; ?> </td>
<td>:</td>
<td align="left"> <input name="email" type="text" id="email" required></td>
</tr>
<tr>
<td align="right"><?php echo $LANG['index_pass'] ; ?></td>
<td>:</td>
<td align="left"><input name="password" type="password" required id="password"></td>
</tr>
<tr>
<td align="right"><?php echo $LANG['postcode'] ; ?> </td>
<td>:</td>
<td align="left"><input class="input" id="geocomplete" type="text" placeholder="<?php echo $LANG['index_location']; ?>" name="address" required>
<input name="action" type="hidden" id="action" value="joinNow" /></td>
</tr>
The problem I have is that any data can be added to the 3 fields and by anything even using !@#$%^&*():"{}';<>.,
How do I prevent those special characters from being used.
When it asks for email I can enter ;
When it asks for password I can enter '
and last PostCode I can enter: ]
How to prevent this from happening?
Thanks
I did not post this in Regex because I do not believe it is a problem with the preg_match. My input check on the username length works without any problems, however the check to make sure the user only uses a-z and whitespace does not work. I am not sure why and I am new to PHP. Should I setup the input check differently? The error code is never displayed if I input "!@*(#(!$)$@(" and it will not stop that from being submitted. Any help is GREATLY appreciated!! Code: [Select] if(strlen(trim($_POST['name'])) > 15 || strlen(trim($_POST['name'])) < 1) { $errors[] = $lang['No name']; } if(preg_match('/[^a-z]\s/i', $_POST['name'])) { $errors[] = $lang['Invalid char']; } Hi i would like to know what is the best way to check if a textarea or an input box is empty. Is the empty function effective? I have a register script, and I am wanting to make it so that if the username field contains, lets say "mod", "ass", and more, then it'll return an error and wont let them register. Hello All: Trying to work with PHP on a contact form with a jQuery Validation to make certain that the visitors fill out the required information. I'll try to show everything that I have, and then the error I am getting when the visitor hits "submit." I don't know PHP all that well, and trying to learn my way through it. I used a couple of tutorials to add the features I needed and did my own styling on the live site. Here is the PHP that is currently in the header of my markup: <?php //If the form is submitted if(isset($_POST['submit'])) { //Check to make sure that the First name field is not empty if(trim($_POST['firstname']) == '') { $hasError = true; } else { $firstname = trim($_POST['firstname']); } //Check to make sure that the Last name field is not empty if(trim($_POST['lastname']) == '') { $hasError = true; } else { $lastname = trim($_POST['lastname']); } //Check to make sure that the Street Address 01 field is not empty if(trim($_POST['street01']) == '') { $hasError = true; } else { $street01 = trim($_POST['street01']); } //If Street02 is filled out, give it a value $street02 = $_POST['street02']; //Check to make sure that the City field is not empty if(trim($_POST['city']) == '') { $hasError = true; } else { $city = trim($_POST['city']); } //Check to make sure that the State field is not empty if(trim($_POST['state']) == '') { $hasError = true; } else { $state = trim($_POST['state']); } //Check to make sure that the Zip field is not empty if(trim($_POST['zip']) == '') { $hasError = true; } else { $zip = trim($_POST['zip']); } //If Email is filled out, give it a value $email = $_POST['email']; //If Telephone is filled out, give it a value $telephone = $_POST['telephone']; //Default Subject Value $subject = "VMC Inquiry"; //Check checkboxes foreach($_POST['check'] as $value) { $check_msg = "Checked: $value\n"; } //If Message is filled out, give it a value $comment = $_POST['comment']; //If there is no error, send the email if(!isset($hasError)) { $emailTo = 'xxxx.xxxx@gmail.com'; //Put your own email address here $body = "Name: $firstname $lastname \n\nStreet Address: $street01 \n\nStreet Address*: $street02 \n\nCity: $city \n\nState: $state \n\nZip: $zip \n\nEmail*: $email \n\nTelephone*: $telephone \n\nCheck Box: $check_msg \n\nMessage:\n $comment"; $headers = 'From: XXXXX <'.$emailTo.'>' . "\r\n" . 'Reply-To: ' . $email; mail($emailTo, $subject, $body, $headers); $emailSent = true; } } ?> So basically I am using classes to say whether or not something is required, which ties into the jQuery validation. If it isn't required, whatever the visitor types into the box is put into something like "$telephone" which is then printed in the e-mail. The markup for the forms in the body is the following: Code: [Select] <p class="contact-text-right">For more information, or to have a list of our properties mailed to you, please fill out the form below.</p> <div id="contact-wrapper"> <?php if(isset($hasError)) { //If errors are found ?> <p class="error">Please check if you've filled all the fields with valid information. Thank you.</p> <?php } ?> <?php if(isset($emailSent) && $emailSent == true) { //If email is sent ?> <p class="accept"><strong><?php echo $firstname;?>,Your Email Successfully Sent!</strong></p> <?php } ?> <form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>" id="contactform"> <div id="names"> <label for="firstname"><strong>First Name:</strong></label> <input type="text" name="firstname" id="firstname" value="" class="required" /> <label for="lastname"><strong>Last Name:</strong></label> <input type="text" name="lastname" id="lastname" value="" class="required" /> </div> <div id="address01"> <label for="street01"><strong>Street Address:</strong></label> <input type="text" name="street01" id="street01" value="" class="required" /> </div> <div id="address02"> <label for="street02"><strong>Street Address*:</strong></label> <input type="text" name="street02" id="street02" value="" /> </div> <div id="city"> <label for="city"><strong>City:</strong></label> <input type="text" name="city" id="city" value="" class="required city" /> <label for="state"><strong>State:</strong></label> <input type="text" name="state" id="state" value="" class="required state" /> <label for="zip"><strong>Zip Code:</strong></label> <input type="text" name="zip" id="zip" value="" class="required zip" /> </div> <div id="email"> <label for="email"><strong>E-mail*:</strong></label> <input type="text" name="email" id="email" value="" class="email"/> <label for="telephone"><strong>Telephone*:</strong></label> <input type="text" name="telephone" id="telephone" value="" class="telephone" /> <p class="bottom">*Optional fields.</p> </div> <div class="checkbox"> <p><input type="checkbox" name="check[]" value="properties">XXX</p> <p><input type="checkbox" name="check[]" value="contact-regarding">XXXX</p> <p class="indent">(Please list properties or ask specific questions in the space below.)</p> </div> <div id="comment"> <label for="comment"></label> <textarea name="comment" id="comment" ></textarea> </div> <div id="button"> <input type="submit" value="Send Message" name="submit" /> </div> </form> All seems well until I hit submit on the live site. I think get this error returned to me: Warning: Invalid argument supplied for foreach() in ......./html/development/contact.php on line 64 The e-mail goes through, with all the information, no problems! I just can't get this error message to go away. Line 64 of contact.php is where the checkbox coding is: //Check checkboxes foreach($_POST['check'] as $value) { $check_msg = "Checked: $value\n"; } I know I've submitted a lot of code here, and tried to narrow you down to the exact spot I think the problem is, but hopefully some of you PHP gurus can pick out the flaw in a heartbeat. I really appreciate all the help. B I have just made a couple of forms that submit data to a mysql database. I was wondering what measures I need to make to in order to keep the whole thing very secure. At the moment I have stripped the inputs of tags and forward slashes. Is there anything else I should do? Also some field in the form allow the user to enter a url. With these fields I have not stripped them of forward slashes. Is this a bad idea? Should I do something like replace the forward slashes with something else and then reverse this process every time I extract that data from the database? Hi there, I'm in serious need to find a way to block people from a website I code for. The thing is, we have a jailing system, nice and simple, and IP/email ban system too. But with proxies, advertisers and repeated troublemakers keep coming back because we just get the new proxy IP each time and it's a losing battle. What I need is a way to ban them properly from the site, like somehow stopping the computer they use from accesing the site. someone once said you can use a cookie to stop a browser getting on the site, but I don't know how to set it up to give the cookies out upon login and find the one associated to an account we don't want (by "cookie" banning I guess?") and stop them from logging in. I'm building an e-commerce website using php and mysql and I'm a bit worried about security issues. The website is going to be handling personal information so I want to make sure that it's secure and that no-one can get hold of it. I don't really have any idea about and security issues or problems that I could run into and perhaps you could point me in the direction or some tutorials that would be really great. Also if anyone here has been in the same situation what did you do to make your site as secure as possible? Thanks for any help. Besides "mysql_real_escape_string"ing all the user input what other security strings should you definitely include n your site? I want to create an ADMIN directory with several directory under that. I want to be certain that the user cannot log into any of the directory unless they have confirmed login. Is $_session id's the best way to go? Should I create on the flyer and attached to username? What is the best practice for this? Regards, DED I have been working on a website for some time now. My work is now 95% finished and now I am starting to look at security, as I am using PHP. My webpage uses HTML FORMS. When most of these forms get send back to the server, 50% of the time PHP is inserting the value of the FORM inputs into MySQL. To give a basic run down, I have a newsletter sign up system. "Enter your e-mail address"... and then the user enters their e-mail and submits.. PHP runs a MySQL query to insert that FORM value into the database along the lines of this: Quote insert into newsletters (email) values ('.$POST['email'].') I fear this is very vulnerable to injection attack as it means a trouble maker can come along and enter anything they want into my database, potentially wiping it out. I believe I need to "sanitize" my input with a MySQL "real_escape_string" or something? Is there anything real obvious I should look out for when it comes to PHP security? Is there a way to forbid all strings/arguments except the few I need or something perhaps? Hi, I am looking to create a directory that can not be accessed using .htaccess and neither can files directly. But I want to make it so when you are signed into joomla you can access the files via a mp3 player on the sight. My mp3 extention is joomline player flplayer. And I heard that if I cange the name of the file in joomla fomr lovelove.com/audio/love/abc.mp3 to lovelove.com/audio/love/abc.php?name=abc and then that abc.php script (inside the script it checks if you are logged in) will retrieve the file name, and the joomline will play it it will work. is this possible? Also, if not what can I do for this to work? Right now my script is not working as the joomline looks up all the mp3 files as one big string. this is the abc.php which on my site its calld psp.php
<?php
define( '_JEXEC', 1 );
define( 'JPATH_BASE', realpath(dirname(__FILE__).'/../../' ));
require_once ( JPATH_BASE .'/includes/defines.php' );
require_once ( JPATH_BASE .'/includes/framework.php' );
$mainframe =& JFactory::getApplication('site');
if( !empty( $_GET['name'] ) )
{
// check if user is logged
if(JFactory::getUser()->guest) {
die( "ERROR: invalid song or you don't have permissions to download it." );
}
else {
$psp = preg_replace( '#[^-\w]#', '', $_GET['name'] );
$psp_file = "{$_SERVER['DOCUMENT_ROOT']}/audio/live/{$psp}.mp3";
if( file_exists( $psp_file ) )
{
header( 'Cache-Control: public' );
header( 'Content-Description: File Transfer' );
header( "Content-Disposition: attachment; filename={$psp_file}" );
header( 'Content-Type: application/mp3' );
header( 'Content-Transfer-Encoding: binary' );
readfile( $psp_file );
exit;
}
}
}
?>
then I have joomline player jlplayer
<?php
/**
* JoomLine mp3 player - Joomla mp3 player
*
* @version 1.5
* @package JoomLine mp3 player
* @author Anton Voynov (anton@joomline.ru), Sergii Gaievskiy (shturman.kh@gmail.com)
* @copyright (C) 2010 by Anton Voynov(http://www.joomline.ru)
* @license GNU/GPL: http://www.gnu.org/copyleft/gpl.html
*
* If you fork this to create your own project,
* please make a reference to JoomLine someplace in your code
* and provide a link to http://www.joomline.ru
**/
defined('_JEXEC') or die('Restricted access');
function ascii2hex($ascii, $reverse = false) {
$hex = array();
for ($i = 0; $i < strlen($ascii); $i++) {
$byte = strtoupper(dechex(ord($ascii{$i})));
$byte = str_repeat('0', 2 - strlen($byte)).$byte;
$hex[] = $byte;
}
if ($reverse) $hex = array_reverse($hex);
return implode(" ",$hex);
}
function read_frame (&$f, &$tagdata, $frame) {
$pos = strpos($tagdata,$frame);
if ( $pos !== FALSE) {
// frame found. read length of this frame
fseek($f, 10+$pos+4);
$frame2len = hexdec(ascii2hex(fread($f,4)));
if (($frame2len-1) > 0) {
// read frame data
fseek($f, 10+$pos+4+2+4+1);
$data = trim(fread($f,$frame2len-1));
$hexfdata = ascii2hex($data);
if ( substr($hexfdata,0,5) == 'FF FE' or substr($hexfdata,0,5) == 'FE FF' ) {
$data = iconv("UCS-2","UTF-8",$data);
} else {
if (!preg_match('//u', $data)) {
$data = iconv("cp1251", "UTF-8",$data);
}
}
return $data;
} else {
return false;
}
} else {
return false;
}
}
function readmp3tag($file) {
$f = fopen($file, 'rb');
rewind($f);
fseek($f, -128, SEEK_END);
$tmp = fread($f,128);
if ($tmp[125] == Chr(0) and $tmp[126] != Chr(0)) {
// ID3 v1.1
$format = 'a3TAG/a30NAME/a30ARTISTS/a30ALBUM/a4YEAR/a28COMMENT/x1/C1TRACK/C1GENRENO';
} else {
// ID3 v1
$format = 'a3TAG/a30NAME/a30ARTISTS/a30ALBUM/a4YEAR/a30COMMENT/C1GENRENO';
}
$id3v1tag = unpack($format, $tmp);
// read tag length
fseek($f, 8);
$tmp = fread($f,2);
$tmp = ascii2hex($tmp);
$taglen= hexdec($tmp);
$tagdata = "";
if ($taglen > 0) {
//read tag data
fseek($f, 10);
$tagdata = fread($f,$taglen);
}
// find song title frame
$title = read_frame ($f, $tagdata, "TIT2");
if (!$title) {
if ($id3v1tag['TAG']== 'TAG' && ascii2hex(substr($id3v1tag['NAME'],0,1)) != '00' ) {
$title = $id3v1tag['NAME'];
} else {
$title = explode(DS,$file);
$title = $title[count($title)-1];
$title = explode('.',$title);
$title=$title[0];
}
if (!preg_match('//u', $title)) $title = iconv("cp1251", "UTF-8",$title);
}
$artist = read_frame ($f, $tagdata, "TPE1");
if (!$artist) {
if ($id3v1tag['TAG']== 'TAG' && ascii2hex(substr($id3v1tag['ARTISTS'],0,1)) != '00') {
$artist = $id3v1tag['ARTISTS'];
} else {
$artist = "";
}
}
if (!preg_match('//u', $artist)) $artist = iconv("cp1251", "UTF-8//TRANSLIT",$artist);
$id3tag['NAME'] = $title;
$id3tag['ARTIST'] = $artist;
return $id3tag;
}
if (DS == "/")
$dir = str_replace("\\",DS,$music_dir);
else
$dir = str_replace("/",DS,$music_dir);
$dir = JPATH_ROOT.DS.$dir;
if (!is_dir($dir)) {
echo "Wrong dir in settings";
} else {
$files = glob($dir.DS."*.{mp3,MP3}",GLOB_BRACE);
if (count($files) > 0) {
sort($files);
$host = $base_uri;
foreach ($files as $file) {
$tags = readmp3tag($file);
$file = explode (DS, $file);
if ($server_utf8 == 1) {
$fname = rawurlencode($file[count($file)-1]);
} else {
$fname = rawurlencode($file[count($file)-1]);
}
$fname = substr($fname, 0, -4);
$file = $host."/".$music_dir."/psp.php?name=".$fname;
echo $file;
$artist = trim($tags['ARTIST']);
$artist = $artist == "" ? "" : "{$tags['ARTIST']} - ";
$playlist[] = '{name:"'.$artist.$tags['NAME'].'",mp3:"'.$file.'"}';
}
}
/*
*
//if(!window.jQuery) {
document.write(unescape('<script type="text/javascript" src="<?=$base_uri?>/modules/mod_jlplayer/js/jq.js">%3C/script%3E'));
document.write(unescape('<script type="text/javascript">jQuery.noConflict();%3C/script%3E'));
//}
*
*/
?>
<script type="text/javascript">
var myPlayList = [
<?php
echo implode(",\n ",$playlist)."\n";
?>
];
Array.prototype.find=function(v){
for (i=0;i<this.length;i++){
if (this[i]==v) return i;
}
return 0;
}
var plIndex = [];
for (i=0;i<myPlayList.length;i++) {
plIndex[i] = i;
}
<?php if ($shfl == 1) : ?>
//shuffle
function randOrd(){
return (Math.round(Math.random())-0.5);
}
plIndex.sort(randOrd);
<?php endif; ?>
function setCookie (name, value) {
document.cookie = name + "=" + escape(value) + "; expires=Thu, 01-Jan-2055 00:00:01 GMT; path=/";
}
function getCookie(name) {
var cookie = " " + document.cookie;
var search = " " + name + "=";
var setStr = null;
var offset = 0;
var end = 0;
if (cookie.length > 0) {
offset = cookie.indexOf(search);
if (offset != -1) {
offset += search.length;
end = cookie.indexOf(";", offset)
if (end == -1) {
end = cookie.length;
}
setStr = unescape(cookie.substring(offset, end));
}
}
return(setStr);
}
function changeShflStatus(el) {
nowPlay = plIndex[playItem];
if (el.checked) {
setCookie("jlp_shfl","shuffle");
plIndex.sort(randOrd);
} else {
setCookie("jlp_shfl","notshuffle");
plIndex.sort();
}
playItem = plIndex.find(nowPlay);
}
</script>
<script type="text/javascript" src="<?=$base_uri?>/modules/mod_jlplayer/js/jq.js"></script>
<script type="text/javascript">jQuery.noConflict();</script>
<link href="<?=$base_uri?>/modules/mod_jlplayer/skin/skin.css" rel="stylesheet" type="text/css" />
<script type="text/javascript" src="<?=$base_uri?>/modules/mod_jlplayer/js/jquery.jplayer.min.js"></script>
<script type="text/javascript">
var playItem = 0;
jQuery(function(){
var jpPlayTime = jQuery("#jplayer_play_time");
var jpTotalTime = jQuery("#jplayer_total_time");
var jlp_shfl = getCookie("jlp_shfl");
if (jlp_shfl == "shuffle") {
document.getElementById('jlp_shfl').checked = true;
} else if (jlp_shfl == "notshuffle") {
document.getElementById('jlp_shfl').checked = false;
}
jsuri = baseuri+"/modules/mod_jlplayer/js/";
jQuery("#jquery_jplayer").jPlayer({
ready: function() {
displayPlayList();
playListInit(enable_autoplay); // Parameter is a boolean for autoplay.
},
errorAlerts:true,
warningAlerts:true,
swfPath: jsuri
})
.jPlayer("onProgressChange", function(loadPercent, playedPercentRelative, playedPercentAbsolute, playedTime, totalTime) {
jpPlayTime.text(jQuery.jPlayer.convertTime(playedTime));
jpTotalTime.text(jQuery.jPlayer.convertTime(totalTime));
})
.jPlayer("onSoundComplete", function() {
playListNext();
});
jQuery("#jplayer_previous").click( function() {
playListPrev();
return false;
});
jQuery("#jplayer_next").click( function() {
playListNext();
return false;
});
});
function displayPlayList() {
for (i=0; i < myPlayList.length; i++) {
jQuery("#jplayer_playlist").append("<div id='jplayer_playlist_item_"+i+"'>"+ myPlayList[i].name +"</div>");
jQuery("#jplayer_playlist_item_"+i).data( "index", i ).click( function() {
var index = jQuery(this).data("index");
if (plIndex[playItem] != index) {
_index = plIndex.find(index);
playListChange( _index, index );
} else {
jQuery("#jquery_jplayer").jPlayer("play");
}
});
}
}
function playListInit(autoplay) {
if(autoplay) {
playListChange(0, plIndex[0] );
} else {
playListConfig(0, plIndex[0] );
}
}
function playListConfig(_index, index ) {
jQuery("#jplayer_playlist_item_"+plIndex[playItem]).removeClass("jplayer_playlist_current");
jQuery("#jplayer_playlist_item_"+index).addClass("jplayer_playlist_current");
playItem = _index;
jQuery("#jquery_jplayer").jPlayer("setFile", myPlayList[plIndex[playItem]].mp3);
}
function playListChange(_index, index ) {
playListConfig(_index, index );
jQuery("#jquery_jplayer").jPlayer("play");
}
function playListNext() {
var _index = (playItem+1 < myPlayList.length) ? playItem+1 : 0;
var index = plIndex[_index];
playListChange(_index, index );
}
function playListPrev() {
var _index = (playItem-1 >= 0) ? playItem-1 : myPlayList.length-1;
var index = plIndex[_index];
playListChange(_index, index );
}
</script>
<?php include_once(JPATH_ROOT.DS.'modules/mod_jlplayer/skin/tpl.php'); ?>
<?php
}
I was messing around in there with $file
if ($server_utf8 == 1) {
$fname = rawurlencode($file[count($file)-1]);
} else {
$fname = rawurlencode($file[count($file)-1]);
}
$fname = substr($fname, 0, -4);
$file = $host."/".$music_dir."/psp.php?name=".$fname;
echo $file;
I am unsure how to retreive a file title only, with out the whole path, just the name and not even the file ext.It comes up with all the files names in the echo. Also I am not sure how joomline chooses just one file. I am not a php designer and I am quite confused lol Any help would be appreciated! Thank you. I really have less idea about website security. Yesterday for the first time I learned website hacking and applied that method to my web page. My webpage was completely down after applying that. Q) To free a site from hacking what techniques are followed? |
|||||||