GoFuckYourself.com - Adult Webmaster Forum
Page 2 of 2 < 1 2
Show 40 post(s) from this thread on one page

GoFuckYourself.com - Adult Webmaster Forum (https://gfy.com/index.php)
-   Fucking Around & Business Discussion (https://gfy.com/forumdisplay.php?f=26)
-   -   free tube script w/auto updating embed codes (https://gfy.com/showthread.php?t=821973)

farkedup 04-17-2008 04:22 PM
alright, just uploaded a version that cleans get and post vars where needed.

PornGeneral 04-17-2008 04:30 PM
Code:
$_POST = array_map('mysql_real_escape_string', $_POST);
$_GET = array_map('mysql_real_escape_string', $_GET);
$_COOKIE = array_map('mysql_real_escape_string', $_COOKIE);
Code:
function clean($value){       
  if (get_magic_quotes_gpc()) {       
    $value = stripslashes($value);
  }
  if (!is_numeric($value)) {
    $value = mysql_real_escape_string($value);
  }

 return $value;
}
array_walk($_GET,'clean');
array_walk($_POST,'clean');
array_walk($_COOKIE,'clean');
extract($_GET,EXTR_PREFIX_ALL,'get');
extract($_POST,EXTR_PREFIX_ALL,'post');
extract($_COOKIE,EXTR_PREFIX_ALL,'cookie');
Some old code I use to clean up so far no issues

PornGeneral 04-17-2008 05:04 PM
Don't forget some xss cleaning functions

Code:
// Prep user input for storage - XSS cleanup
function xss_input($input) {
    $input = trim($input);
    if (!get_magic_quotes_gpc()) {
        return addslashes($input);
    }
    return $input;
}

// Prep user inputed data for viewing in html page, textbox, or textarea
function xss_output($output) {
    $output = stripslashes($output);
    return htmlspecialchars($output);
}

farkedup 04-17-2008 05:52 PM
this is a variation of what I use in some other scripts which I just put into this one:

Code:
foreach($_POST as $varName => $value)
  {
    $dv=$value;
if (get_magic_quotes_gpc()) {        $$varName = stripslashes($dv); }
if (!is_numeric($value)) {    $$varName = mysql_real_escape_string($dv);  }
  };
 
  foreach($_GET as $varName => $value)
  {
    $dv=$value;
if (get_magic_quotes_gpc()) {        $$varName = stripslashes($dv); }
if (!is_numeric($value)) {    $$varName = mysql_real_escape_string($dv);  }
  };

Doctor Feelgood 04-17-2008 07:39 PM
1) can you have the videos higher up the page so i dont have to scroll down?

2) can the 300x250 adspace be edited to 250x250 by webmaster?

Boozer 04-17-2008 07:49 PM
Just so you know, your template does not look right under firefox

SmokeyTheBear 04-17-2008 07:52 PM
you should get icq

farkedup 04-17-2008 08:40 PM
Quote:
Originally Posted by Doctor Feelgood (Post 14082331)
1) can you have the videos higher up the page so i dont have to scroll down?

2) can the 300x250 adspace be edited to 250x250 by webmaster?
1) I don't have to scroll ;) the box above the videos can be tossed down under simple enough. Edit templates/play_content.tpl

2) thats easy enough, go into ads/250x250.tpl I actually don't see 300x250 ads, 250x250 is used everywhere I'm seeing.

x0pa 04-18-2008 09:33 AM
so... is the new version more secure now?

farkedup 04-18-2008 10:45 AM
Quote:
Originally Posted by x0pa (Post 14084197)
so... is the new version more secure now?
yes, right before my post above I had applied some security updates to the package.

Barefootsies 04-18-2008 10:47 AM
Quote:
Originally Posted by farkedup (Post 14084471)
yes, right before my post above I had applied some security updates to the package.
you da man
:thumbsup

farkedup 04-20-2008 12:55 PM
I'll have an embed import for a few top tube sites ready to roll out tomorrow sometime ;) after that I'm going to focus on sponsor content to get an addon out for supporting those.

IllTestYourGirls 04-20-2008 03:15 PM
looks sweet how do I get a copy of this?

jimbona 04-20-2008 03:18 PM
Still not really secure, youve just thrown in a auto convert of the _GET and _POST to local vars which will still be incorrect as you clean then once with

get_magic_quotes_gpc() check
then use the initial raw data to do the mysql_real_escape_string() clean.

But then, if the value is an integer, its not cleaned at all, so the raw data is still flowing through.

Make use of (int) or intval() if you know the variable you want HAS to be an integer.

jimbona 04-20-2008 03:19 PM
Quote:
Originally Posted by IllTestYourGirls (Post 14091005)
looks sweet how do I get a copy of this?

https://gfy.com/14077683-post23.html

x0pa 04-24-2008 11:48 AM
bump whats the latest?

splooge 05-19-2008 08:29 PM
updates please?

Scroto 05-19-2008 09:03 PM
bumpppo :)

Porn Ass 05-20-2008 12:10 PM
bump coz he seems to care more about Garmin Mobile XT phone replacing GPS :1orglaugh

Porn Ass 05-20-2008 04:53 PM
bizzump yo :disgust

Porn Ass 05-20-2008 05:21 PM
:):pimp:(:disgust:mad::1orglaugh

farkedup 05-21-2008 06:44 PM
Quote:
Originally Posted by splooge (Post 14208964)
updates please?
status update: been busy, took on a few paid jobs from a few people (barefootsies is one) to get some more cash rolling.

This system talked about in this thread is FREE, what makes me $$$ is obviously my top priority. I'll work this in when I have time.

I'm trying to finish off a custom CMS this week and then I have another one on my schedule right behind that

Porn Ass 05-21-2008 06:47 PM
Quote:
Originally Posted by farkedup (Post 14220232)
status update: been busy, took on a few paid jobs from a few people (barefootsies is one) to get some more cash rolling.

This system talked about in this thread is FREE, what makes me $$$ is obviously my top priority. I'll work this in when I have time.

I'm trying to finish off a custom CMS this week and then I have another one on my schedule right behind that
im with ya, its all about the $$$

does the free script even work as is?

farkedup 05-21-2008 06:53 PM
last I checked it was working as is...

I have a '68 mustang that took me too long to get just the way I wanted it and I'm having some financial trouble but I think it would kill me to have to sell it so I have to whore myself out for a quick buck

Porn Ass 05-21-2008 06:56 PM
good luck m8 :)

halfpint 05-21-2008 07:13 PM
Quote:
Originally Posted by farkedup (Post 14220270)
last I checked it was working as is...

I have a '68 mustang that took me too long to get just the way I wanted it and I'm having some financial trouble but I think it would kill me to have to sell it so I have to whore myself out for a quick buck
You talking about that horrible red thing you have :winkwink:

jealousy creeps in

TampaToker 05-21-2008 07:49 PM
You site been hacked? http://demo.fastfreemedia.com/

farkedup 05-21-2008 07:55 PM
Quote:
Originally Posted by TampaToker (Post 14220456)
You site been hacked? http://demo.fastfreemedia.com/
yeah, that one was using the initial release of V1.5 or maybe it was 1.4 I'm at V1.6 now and never got around to updating that one

farkedup 05-21-2008 07:56 PM
notice that: http://adult.fastfreemedia.com/ didn't get touched... you can bet the same person who hit the other link TRIED to get adult. too but failed.

Doctor Feelgood 07-05-2008 12:57 PM
i get this error in rating.php when i click rate

Warning: mysql_real_escape_string(): Can't connect to local MySQL server through socket '/tmp/mysql.sock' (2)

geeknik 07-05-2008 01:23 PM
Tube sites are overrated.


All times are GMT -7. The time now is 03:24 AM.
Page 2 of 2 < 1 2
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2025, vBulletin Solutions, Inc.
©2000-, AI Media Network Inc123