What are you working on? v2 - Developers

[QUOTE=Dr Magnusson;22153185]It already has that. Which browser are you using?[/QUOTE]Chrome [editline]06:44PM[/editline] [QUOTE=cosmic duck;22153096]The text looks a bit aliased, but apart from that it's cool.[/QUOTE]Thanks, glad I finally made something that can be approved...heh

Alright, it does not look correct in Chrome. Gonna fix that now. [B]Edit: [/B]Should be working now.

Just found out by accident that Ctrl + Shift + I gets you dev tools in Chrome. :D Give me clocks but I was amused. [img_thumb]http://anyhub.net/file/holyfuckingcockballs.png[/img_thumb]

Which one of these 2 looks better designwise: [url]www.dreamsfromlastnight.net[/url] [url]http://myfriendstatus.com/[/url]

[QUOTE=adamjon858;22155028]Which one of these 2 looks better designwise: [url]www.dreamsfromlastnight.net[/url] [url]http://myfriendstatus.com/[/url][/QUOTE] [url]www.dreamsfromlastnight.net[/url] for sure

dreams from last night is kinda skinny, but the overall design is definitely better

I like both. [editline]10:34PM[/editline] [QUOTE=andersonmat;22154603]Just found out by accident that Ctrl + Shift + I gets you dev tools in Chrome. :D Give me clocks but I was amused. [img_thumb]http://anyhub.net/file/holyfuckingcockballs.png[/img_thumb][/QUOTE] Oh snap it shows up down there like that? Jesus titty fucking Christ I need to get this RAM replaced so I can use Chrome again.

[QUOTE=compwhizii;22156150] Oh snap it shows up down there like that? Jesus titty fucking Christ I need to get this RAM replaced so I can use Chrome again.[/QUOTE] you have to set it to be there by clicking the button in the lower left corner

[QUOTE=Spoco;22144104]For some reason the colors are much darker in the screenshot. Why?[/QUOTE] Did you view the website and post the picture here on different screens? My two monitors have drastically different colour profiles and it gives me the shits.

Nice new avatar turb, did you make it?

Yeah I did. It's a [b]bi[/b]plane hurr. [editline]03:56PM[/editline] Also, arienh thinks I'm doing it wrong: [img]http://ahb.me/2wR[/img]

[QUOTE=compwhizii;22150408][img_thumb]http://grab.by/grabs/e78f92303f4fd0b569db4df072a1b011.png[/img_thumb] [editline]04:21PM[/editline] What the fuck man.[/QUOTE] Even I found that funny, did you go through admin.php? Seems I need to run a $_GET on that page and grab the login data to prevent unauthorised entry. Took me 15 mins to clear out that fith due to slow FTP :(

[QUOTE=chrishind10;22158937]Even I found that funny, did you go through admin.php? Seems I need to run a $_GET on that page and grab the login data to prevent unauthorised entry. Took me 15 mins to clear out that fith due to slow FTP :([/QUOTE] How about using $_SESSION? That's how I prevent unauthorised access to my adminCP.

Merged the "change status" button + modal window into the comment form in bugspray: [img]http://i50.tinypic.com/2ihurys.png[/img]

[QUOTE=chrishind10;22158937]Even I found that funny, did you go through admin.php? Seems I need to run a $_GET on that page and grab the login data to prevent unauthorised entry. Took me 15 mins to clear out that fith due to slow FTP :([/QUOTE] Yes, I simply used admin.php (as it was simple, as you said there was a control panel, and /admin was my first try, /admin.php was my next. Went to the home section, and originally wrote how I did it (followed by a javascript to window.document.body.innerHTML to replace the contents of your iFrame). The code was the following: [code]Next time, secure admin.php. This is only done for your own good. Sorry <3<br /><br />You might also want to look into mysql_real_escape_string().<script>window.document.body.innerHTML = '<object width="100%" height="100%"><param value="http://www.youtube.com/v/qrBj3u5dPgM&hl=en_US&fs=1&" name="movie"><param value="true" name="allowFullScreen"><param value="always" name="allowscriptaccess"><embed width="100%" height="100%" allowfullscreen="true" allowscriptaccess="always" type="application/x-shockwave-flash" src="http://www.youtube.com/v/qrBj3u5dPgM&hl=en_US&fs=1&autoplay=1"></object>';</script>[/code] What I didn't realize is that you probably used XML for this, and hence should rather htmlentities() the text, as that'd replace any html characters (< with < > with > " with " etc.) Also, you might want to check your login (which I assume runs on SQL) as typing ' into it, reports a query mistake, meaning you should use mysql_real_escape_string unless you want someone to SQL inject you. That is all. :smug: [editline]02:24PM[/editline] Also, you might want to fix your security. Using GET isn't really secure. [url]http://m-s-v.99k.org/admin.php[/url] "YOU NEED TO LOGIN!" Alright then.. Hmm.. First try: [url]http://m-s-v.99k.org/admin.php?user=Admin[/url] Welcome Administrator! Use cookies and refer to your domain instead. After checking even further, it doesn't even need a value? ?user is enough.

[QUOTE=turb_;22158622]Yeah I did. It's a [b]bi[/b]plane hurr. [editline]03:56PM[/editline] Also, arienh thinks I'm doing it wrong: [url=http://twitter.com/arienh4/status/14674675917][img]http://ahb.me/2wR[/img][/url][/QUOTE] You're violating DRY, KISS, OAOO, etc. Why would you use your own MVC framework when you have ASP.NET MVC? Seriously?

[QUOTE=h2ooooooo;22161709] [URL]http://m-s-v.99k.org/admin.php?user=Admin[/URL] [/QUOTE] Yeah, after I noticed what happened this morning, I rewrote the if like so [code] if($_GET!=NULL) { echo "shit"; } [/code]I just woke up and was off to school, so I didnt have time to write anything fancy, if anything it was a stopgap measure, and im using XML for my login data (bad idea I know) Rated Usefull! Edit : Rewriting control panel button to send POST data to the admin.php file....

this probably isnt the best way to display news [url]http://m-s-v.99k.org/news_read.php?folder=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa[/url]

Your admin area should be passworded and so on too. And use $_POST values.

It is now, I didnt need any more convincing to get my finger out after the first break in :) Tell me if you manage to get in, and explain how, il fix it up.

[QUOTE=arienh4;22162921]You're violating DRY[/quote] Hardly, the only place I'm really repeating myself is in the DB schema/model. [quote]KISS[/quote] I took one look at ASP.NET MVC and decided it would be overkill for what I needed [quote]OAOO[/quote] OAOO sounds like a sillier way of saying DRY [quote] Why would you use your own MVC framework when you have ASP.NET MVC? Seriously?[/QUOTE] I'm not using my own MVC framework, I'm applying the MVC pattern to vanilla ASP.NET. As I said, ASP.NET MVC is overkill for my purposes. [editline]03:25PM[/editline] I love getting lots of traffic and abusing it to make funny things happen: [url]http://duckduckgo.com/spread.html[/url] [img]http://ahb.me/2Dg[/img] [html]<img src="http://duckduckgo.com/?t=tehwhale_is_a_faggot" width="1" height="1" style="position:absolute;left:-10px;top:-10px;width:1px;height:1px;" />[/html]

I don't get it.

tehwhale_is_a_faggot

[QUOTE=chrishind10;22163161]Yeah, after I noticed what happened this morning, I rewrote the if like so [code] if($_GET!=NULL) { echo "shit"; } [/code]I just woke up and was off to school, so I didnt have time to write anything fancy, if anything it was a stopgap measure, and im using XML for my login data (bad idea I know) Rated Usefull! Edit : Rewriting control panel button to send POST data to the admin.php file....[/QUOTE] From what I tried so far, I can't get in :) Won't bother more. However, typing [code]admin";#[/code] into your login field would result in "welcome" and an unknown user account. You really need to use mysql_real_escape_string.

[QUOTE=h2ooooooo;22178098]From what I tried so far, I can't get in :) Won't bother more. However, typing [code]admin";#[/code] into your login field would result in "welcome" and an unknown user account. You really need to use mysql_real_escape_string.[/QUOTE] Typing anything into the login field gives me an unknown account.

Hmm, true.. What the hell.. Still doesn't change the fact that a ' results in a query error, hence SQL injection is generally possible.

[QUOTE=h2ooooooo;22178290]Hmm, true.. What the hell.. Still doesn't change the fact that a ' results in a query error, hence SQL injection is generally possible.[/QUOTE] Very true.. probably wouldn't be hard to do if someone wanted to.

Only problem is that you can't execute more than 1 MySQL query at a time in PHP. So the most anyone could do would be to gain administrative access. v:v:v

[QUOTE=andersonmat;22178776]Only problem is that you can't execute more than 1 MySQL query at a time in PHP. So the most anyone could do would be to gain administrative access. v:v:v[/QUOTE] Then someone finds out how to drop the table.

It may take getting your tables dropped a couple times to become serious about security on your site. When I was starting, I made a few mistakes, I think everyone has. It was definitely a learning experience, because it didn't happen again.