carbonize

I stopped using Avast as it failed to detect a virus. AntiVir detected the virus but doesn't scan email unless you pay. I've decided to go with what is reputed to be the best (although not free) NOD32 from Eset.

OK I've just released 1.6 although I uploaded the wrong zip file so the full package is still 1.5.5 and I can't change it as I'm at work and they've blocked my domain. Such nice people. Will fix that in the morning (19:50 here at present).

I personally use Filezilla but I highly recommend FlashFXP. It is a very powerful (but not free) FTP client. It even lets you edit files on the server from within the program. Something text editors do but few FTP clients. I use Fire FTP at work but now they have gone and blocked my access to FTP which is almost annoying as the fact the added my domain to the banned list.

It has just been brought to my attention that there are two exploits in Lazarus. It would of been nice if the person who had posted them on Secunia had informed me but I guess they are more interested in attention than getting things fixed. Right to patch. First download the attached file, extract the picture.php and replace your existing one with the new one. The second exploit is in your codes-LANG.php file. For me that means code-english.php but it could be what ever language you use such as codes-dutch.php etc found in lang folder. To patch this open it in a text editor such as word pad. replace <title><?php echo($_GET['show']); ?></title> with <title><?php $_GET['show'] = htmlspecialchars($_GET['show']); echo( $_GET['show']); ?></title> Save it and upload to your lang file. Delete codes-english.php if you do not use it. picture.zip

Did you set the correct permissions on the target folder?

I thought I explained in the file that you had to get the database password from the config file? I do recommend updating to AG 2.4.1 as it has anti spam now and comes with a password reset script in the misc folder.

phpBB has no real anti sam measures other than only allowing members to post or moderating every entry before publication. SMF does have a nice mod that adds image verification to registration AND guest postings.

Are you going to impose any restrictions on whats uploaded? Security will be an issue for you though so I do recommend not allowing such files as php. If the files are just to be downloaded by users and not viewed you could use something like SMF where the file name has additional text added to change the file name. You could append a word to the end of the extension such as STOP (ie .php becomes .phpSTOP) then remove the word STOP when displaying the file listing and have all files downloaded via the PHP script.

Why use FTP and not just upload the file using HTTP ?

And what you will end up with is a lot of home made blogs etc that all work in exactly the same way and all do exactly the same things. Their will be nothing unique. Simple is not always good. You will get people throwing together scripts with little or no scripting experience and end up with sites getting exploited through holes they didn't realise existed.

I think you are overdoing the headers. Since you are sending plain text all you really need is the From: header.

Hmmmm the problem could lie in the very first header Return-Path: <nobody@server98.tchmachines.com>

Not arrived yet.

USe it to send an email to webmaster@carbonize.co.uk so I can see the headers.

I don't like runyonrails for the same reason I'm not over ken on .NET. It makes making things easy but you have little power over what happens. I prefer to get my hands dirty and that way you know exactly whats going on.

You need to supply a from address in the email so servers know where to return the emails to. At the end put "From: \"Your name\" <you@yoursite.com>\n" and then any bounced emails should go to the address you provided.

Thought I'd keep this thread upto date with new features etc of Lazarus ( although you should all be reading the Lazarus site ) Fixed a lot of bugs Now has pagination for guestbooks that span multiple pages Can unaccept posts so they only appear in Easy Admin and not in the book Can now block posts containing words on your censor list Better IP detection function to prevent logging of local IP addresses Lots of other things Coming in 1.6 (It's in beta but to be released soon) Ad block code in Admin so you can display adverts etc in the middle of your entries Can delete/accept/unaccept multiple entries in Easy Admin Can now choose CAPTCHA as the anti bot test Can now specify an email address for thank you emails to come from You can also specify that all notifications to you come from above address and more stuff I have noticed a lot of hosts now seem to be offering Lazarus as one of the fre scripts. I believe that is because they are using CPSkins from cpskins.com

Basically like this "From: "NAMEHERE" <EMAILADDRESSHERE>\nX-Mailer: Lazarus Guestbook\nContent-Type: text/html; charset="UTF-8" The above is lifted from Lazarus as you can see.

I'll try and plough through the code again sometime to see what changes I made and make a list of them. Atleast it would be a start. basically I just used the same email encryption I use in Lazarus Guestbook.

Actually I made my SMF encrypt email addresses and didn't have to touch the database. I suppose i should look at writing a mod to do it so others can encrypt the addresses as well.

<sarcasm>I think the "Advanced guest book" gave it away Bruce</sarcasm> There is a password reset script available from my Lazarus forums that also works for AG. Bit late now I know.

You'd probably be better of using a PHP script as Javascript is dependant on a lot of variables at the users end. Just make the link point to the PHP script and make the PHP script then forward them to the correct M3U file.

Yup modern spiders can read and understand javascript.

Cheers I'll go with the SHOW INDEX route.

Ok I'll be brief. I need to find a way to check if a particular MySQL field has been indexed or not. It is for the smart updater I am writing for Lazarus.