| Author |
Message |
|
|
|
They will also need to edit the admin_enter.php if they use 2.2 as the target for the form data is hard coded into it as
|
 |
|
|
|
Yup please supply the url for your guestbook.
|
|
|
|
open up your admin/config.inc.php and locate
and replace the "" with "http://gastenboek.denbockereyder.com".
|
|
|
|
800x600 is the most used resolution along with 1024x768. http://counter43.bravenet.com/index.php?id=360544&type=screenres&usernum=3681556748 is the url for the stats of my most visited page. The total number of hits is 368664 and due to the nature of the page most are unique visitors.
179202 - 49.67 % use 800x600
152906 - 42.38 % use 1024x768
|
|
|
|
Yup sounds perfectly logical to me. My main gripe was that Jared had said to save the initial file as anything you want.php and then used a specific include path and file name. I was mainly pointing out that this may confuse a lot of people and that the full path they used would not apply to all as every server is set up differently.
I still prefer my fix.
|
|
|
|
|
I don't think hate has anything to do with it. This will just be kids with no actual opinions of their own jumping on a bandwagon. I mean they claim to be defacing guestbooks as a show of defiance against the US and Israel and yet they deface guestbooks that are on UK sites that use the .co.uk domain. Me and JTD do on occasion do a google search to find hacked guestbooks and if possible fix them but a lot of them appear to have been abandoned by their webmasters/mistresses.
|
|
|
|
I personally haven't used the advanced poll yet but a quick look at it suggests you edit the display_head.html and the display_foot.html files for the relevant template you are using.
On a different note I'd just like to point out that your site is actually wider than the screen on 800x600 but only just as you have set the width as 803. This means users on 800x600 (45% of users) have to scroll to see somethings.
|
|
|
|
If the PHP engine doesnt find the file indicated in the include it will report an error but carry on with the rest of ths script. If it doesn't find the file indicated in require it will stop running the script at that point.
My instructions
1 - Open up your favourite text editor, notepad for example.
2 - Place the following in the empty file remembering to make the password the same as your guestbook password
3 - Save the file as passwordlock.php making sure your text editor has not added a different extension to the end.
4 - Upload the new passwordlock.php file into your guestbooks directory.
5 - Open up admin.php and just after the <?php put now save admin.php back to your server.
|
|
|
|
Just a couple of errors in your instructions Jared.
First I would use require and not include as this way if the password file is not found the script wont run.
Second the path will vary for every user. But given that, hopefully, the password script will be in the same directory as the admin.php we could use This is also assuming that they named the file passwordlock.php.
Basically users want to open notepad and copy the first bit of script from jareds post into it. You then want to save the file as passwordlock.php and then upload the file to your guestbooks directory. Make sure that the file ends in .php and that your text editor has not added an extension on the end. Now open up admin.php and just after the <? put .
I personally don't like this method for various reasons but it will do the job.
|
|
|
|
It would serve no purpose because even if we listed all the IP's used so far if they have a dynamically assigned IP it would not stop them. Most dial up ISP's used dynamically assigned IP's. This means that everytime you connect you get assigned a different IP. The best security is to make sure you are not exploitable.
As for the failed logins page it's format is simple and copied directly from my 404's log. First is the time of the attempt in GMT (or BST at present which is GMT+1), next is the password they tried to login with, then I have the link they came from but this is irrelevant, next is the useragent string their web browser sends out and finally is their IP.
If you really want a laugh have a look at my 404 log, http://www.carbonize.co.uk/404s.php. Starting at about 17:54 on August 2nd I had somebody trying a huge list of exploits against my site.
|
|
|
|
The problem is you are limited in the size of the words you can post in the comments. The following function in vars.class.php checks the length
It wont allow words tht are longer than 200 characters or longer than the variable max_word_length but I am unable to find the max_word_length. If you are sure your urls are not over 200 characters try chaning it to
|
|
|
|
|
Have a look at http://www.htmlgoodies.com/beyond/nocache.html for a quick tutorial on the pragma nocache tag.
|
|
|
|
|
The url is always the guestbook directory/admin.php
|
|
|
|
You cannot do it for specific answers withough hard coding some javascript into the script. You can however make it open a new page upon submission of the data by using the target="_blank" attribute in the form tag as follows:
<form method="post" action="poll.php" target="_blank">
|
|
|
|
|
I've hard coded my password into an actual file so even if there is a similar exploit in 2.3.1 it will never get that far. I have actually suggested that people with 2.2 rename their admin.php file to something totally different remembering to change the action="admin.php" part of the admin_enter.php template.
|
|
|
|
![[Search]](/forum/templates/html/images/icon_mini_search.gif){kind=icon}
![[Hottest Topics]](/forum/templates/html/images/icon_mini_recentTopics.gif){kind=icon}
![[Members]](/forum/templates/html/images/icon_mini_members.gif){kind=icon}
![[FAQ]](/forum/templates/html/images/icon_mini_faq.gif){kind=icon}
![[Register]](/forum/templates/html/images/icon_mini_register.gif){kind=icon}
Register![[Login]](/forum/templates/html/images/icon_mini_login.gif){kind=icon}
Login