Guestbook Script

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
    #1

    Guestbook Script

    hello boys and girls wapmasters here is a nice and simple guestbook script for your wapsites
    Attached Files
    wapZan Mobile site builder - Yours is here



    http://wapzan.com?ref=2wap
    Tags: None
    #2
    hello boys and girls wapmasters here is a nice and simple guestbook script for your wapsites [/b]
    nice work

    Comment

      #3
      nice work[/b]

      Ok but where is config.php?

      Comment

        #4
        sql table and config files??? anyone have??

        Comment

          #5
          Code:
          --
-- Structura de tabel pentru tabelul `data`
--

CREATE TABLE `data` (
  `id` int(10) NOT NULL auto_increment,
  `nick` varchar(100) NOT NULL default '',
  `email` varchar(100) NOT NULL default '',
  `msg` varchar(100) NOT NULL default '',
  `device` varchar(100) NOT NULL default '',
  PRIMARY KEY  (`id`),
) ENGINE=InnoDB DEFAULT CHARSET=latin1 AUTO_INCREMENT=1;

--
-- Salvarea datelor din tabel `data`
--
          something like this
          Hate romains that take codes from here and tell to all that they had made that

          Comment

            #6
            Security Updates

            Send.php

            Find
            Code:
            $adding = mysql_query("INSERT INTO data SET nick='".$nick."', email='".$email."', msg='".$msg."', device='".$device."'");
            Replace With
            Code:
            $adding = mysql_query("INSERT INTO data SET nick='".mysql_real_escape_string($nick)."', email='".mysql_real_escape_string($email)."', msg='".mysql_real_escape_string($msg)."', device='".mysql_real_escape_string($device)."'");
            -------

            index.php

            Find
            Code:
            echo "[b]Nick:[/b]$nick
"; 
echo "[b]Email:[/b]$email
";
echo "[b]Device:[/b]$device
";
echo "[b]Message:[/b]$msg
";
            Replace With
            Code:
            echo "[b]Nick:[/b]".htmlspecialchars($nick)."
"; 
echo "[b]Email:[/b]".htmlspecialchars($email)."
";
echo "[b]Device:[/b]".htmlspecialchars($device)."
";
echo "[b]Message:[/b]".htmlspecialchars($msg)."
";
            Tats just what ive found from a quick look over it .. it obviously has the huge security implications of relying on register globals but since most of you here use register globals in 90% of your code theres no point changing it

            Comment

              #7
              but config file any1 have??
              if like my post click:

              http://coding-talk.com/images/totall...ost_thanks.gif

              Comment

                #8
                <div class='quotetop'>QUOTE (djlee @ Nov 9 2008, 05:34 PM) <{POST_SNAPBACK}></div>
                but since most of you here use register globals in 90% of your code theres no point changing it[/b]
                and just how have you come up with that figure huh? do you know what script every single person here is using?

                Comment

                  #9
                  <div class='quotetop'>QUOTE (sweetangel @ Nov 9 2008, 09:35 PM) <{POST_SNAPBACK}></div>
                  but config file any1 have??[/b]
                  lol :|
                  Hate romains that take codes from here and tell to all that they had made that

                  Comment

                    #10
                    <div class='quotetop'>QUOTE (amylee @ Nov 10 2008, 01:22 AM) <{POST_SNAPBACK}></div>
                    and just how have you come up with that figure huh? do you know what script every single person here is using?[/b]
                    i shud have guessed you&#39;d be the perdantic one ... well considering nearly all the scripts posted here both the supposingly fully working modifications and addon as well as the scripts people post to get help with most of um rely on register globals. No doubt there may be the odd few people with enough knowledge to know never to use that function and have changed their sites completely but i bet out of the whole member base of this community at least 90% probably are using a script that relies on register globals (even though 90% was just an example figure to indicate a LARGE portion.. but ur obviously too thick to realise that huh)

                    Comment

                      #11
                      most servers have it on.

                      the register globals can be used as hackin tool.

                      But if your server is unhackble ur lol lol lol lol all the way home lol

                      sof.us.to is unhackble cuz there is no cpanel ffor hackers to hack at

                      also it has 256 bit ssl and hack ware to keep a eye out for me
                      Visit: Chat4u.mobi - The New Lay Of being a site of your dreams!
                      Visit: WapMasterz Coming Back Soon!
                      _______
                      SCRIPTS FOR SALE BY SUBZERO
                      Chat4u Script : coding-talk.com/f28/chat4u-mobi-script-only-150-a-17677/ - > Best Script for your site no other can be hacked by sql or uploaders.
                      FileShare Script : coding-talk.com/f28/file-wap-share-6596/ -> Uploader you will never regret buying yeah it mite be old now but it still seems to own others...
                      _______
                      Info & Tips
                      php.net
                      w3schools.com

                      Comment

                        #12
                        A. No server is unhackable.. only a n00b would make such a comment so dont say it again. gives ppl the wrong impression.

                        B. It doesnt matter what type of encryption you use. That will only encrypt bit code snet in data packets ... that means if someone gets inside in one way or another .. a 1000000 bit encryption would be of no better use to you. Transmissions within the server are also not encrypted... SSL only protects you some what towards packet sniffers and such.. but even then if someone stays around long enough and gathered around 1,000,000 IV&#39;s they could crack a 256 bit encryption within a few minutes. 128bit requires only 250,000 with obviously the more IV&#39;s the quicker they will get a result. Thats where you need proactive measures to stop the sniffers in the first place.

                        C. Register Globals if enabled acts on ALL php scripts. You can have a NASA supercomputer with as much security as you like but register globals will still run on those php scripts. You also do not need a CPanel of any kind for register globals to the become a problem. Register globals allows the setting of vars from the URL. Potentially allowing a malicious user to set vars as they see fit and change the way your php script is executed. Doing it is not easy, but since its a common knowledge vunerability im guessing their are those out there that have perfected the trick.

                        -------------

                        i really dont see why so many of you try to disprove my comments... whats gonna happen when PHP6 is released and php5 is slowly taken out of commission. Yes some of the more knowledgeable people that rely for some strange reason on magic quotes will make sure they purchase a server with php5 or less on ... but mysql will also still keep updating. and everyone knows at some point mysql will advance to a version where you must have phpv6 to use it. Are people just gonna stay in the dark ages forever with these scripts ??? At what point in the future will you admit that fixing one security vunerability and keeping up with php standards will in turn protect you even further.. you gonna wait until your hacked via a well known bug in the PHP engine thats been patched in V6 but you couldnt update because you couldnt be bothered to take someones advice ?

                        Ah well.. i give up trying to convince people register globals and magic quotes are bad. I post the main security issues for those that dont wanna wait to be hacked before crying over it.. up to everyone else what they do with the info

                        Comment

                          #13
                          hey but any1 have the config file 4 this script?
                          if like my post click:

                          http://coding-talk.com/images/totall...ost_thanks.gif

                          Comment

                            #14
                            <div class='quotetop'>QUOTE (djlee @ Nov 10 2008, 03:26 PM) <{POST_SNAPBACK}></div>
                            i shud have guessed you&#39;d be the pedantic one ... well considering nearly all the scripts posted here both the supposingly fully working modifications and addon as well as the scripts people post to get help with most of um rely on register globals. No doubt there may be the odd few people with enough knowledge to know never to use that function and have changed their sites completely but i bet out of the whole member base of this community at least 90% probably are using a script that relies on register globals (even though 90% was just an example figure to indicate a LARGE portion.. but ur obviously too thick to realise that huh)[/b]
                            who the **** do you think you are? i asked a simple question "how did you MANAGE to come up with that figure" with no intention to be "pedantic" yet here you are calling me THICK very mature...
                            plus if people want to use globals let them use them

                            if you wish to truely help people, please respectfuly create a topic with your ideas, agendas for fixing flaws, scripts fixes, rants against dumb people like me and what not instead of these enigmatic replys you sprout up every now and again

                            thank you and if you feel the need to call me thick again or any other childish comments please use this link HERE

                            Comment

                              #15
                              Originally posted by ^^
                              and just how have you come up with that figure huh? do you know what script every single person here is using?
                              Yup sure looks to me like you wasnt picking at the figure ???

                              and at which point am i demanding or forcing users to not use globals.. im simply making sure that people know the security implications of using them. Unfortunately i come from a site with a lot of great minds who hold security and optimisation of scripts well above flawed, buggy scripts. im sorry if this community is a "copy & paste" community and not one that wants to develop themselves.

                              and whats the point creating a topic for security and such .. do you really think that anyone is going to read a 20/30/40 page article on php security and optimisation.. i think not.. hence the idea of posting security updates and such relevant to each addon that is posted.. if you dont like it .. then BAN me.. would that not solve your problem?

                              and coming from the most childish arrogant person on here who has a problem with everyone that shows an opinion or level of intelligence thats not in her little clique .. proven by the fact i spent weeks on here reading thread after thread of you and other members arguing .. surely so many members cant be at fault.

                              but anyway ur boring me now...

                              -------------

                              @sweetangel... i dont think this code works.. for a start the SQL given has no site column yet in index a site column is referenced unless i missed it .. i am tired lol. also it doesnt successfully select the data from sql because of this. heres a config file i threw together..
                              Code:
                              <?php
$dbhost = "localhost";
$dbuser = "mysqluser";
$dbpass = "password";
$dbname = "gbtest";

//===Lets Make our connection
if (!@mysql_connect($dbhost, $dbuser, $dbpass))
 {
 switch (mysql_errno())
  {
    case 1040:
    case 2002:
  if ($_SERVER[REQUEST_METHOD] == "GET")
     die("<html><head><meta http-equiv=refresh content=\"5 $_SERVER[REQUEST_URI]\"></head><body><h3 align=center>The server load is very high at the moment. Retrying, please wait...</h3></body></html>");
    else
     die("Too many users. Please press the Refresh button in your browser to retry.");
  default:
   die("[" . mysql_errno() . "] dbconn: mysql_connect: " . mysql_error());
  }
 }
mysql_select_db($dbname)
 or die(&#39;dbconn: mysql_select_db: &#39; + mysql_error());

?>
                              2nd... move include(&#39;config.php&#39;) to the TOP of the scripts and save them. Otherwise the die() statements will error because uve sent wml headers before them.


                              If you run into any more probs let me know and i&#39;ll see if i can sort um out for ya .. but i really would advise against using this .. even if you applied the security patches i provided and added your own it lacks any kind of data validation, it will take quite a bit of work to get it working properly from what i can see... and too be honest im guessing you have some experience with php and you could probably build this yourself in an hour.. simple GB&#39;s are easy and a really great way to learn more about all aspects of PHP coding. ... but the config files there if you want it to try .. it will make ur connection to the database and thats the only thing i can see missing at the mo

                              Comment

                              Previous template Next
                              Working...
                              X