Leaderboard

If you really want to be secure you should use MD5 hashing for the passwords. So if a hacker get's access to your database, he's nothing with the data.

Escaping means to escape all the characters that could cause trouble. if you were to have a piece of code //without escaping quotes echo ' Hello, My name is O'Reilly It's nice to meet you ' ; You'll get an error here because the string is broken due to the single quotes (') in O'Reilly and it's. The highlighter makes this problem obvious here. This is a problem in every programming language and a lot of them escape these characters in the same way. By preceeding them with a \ Eg: echo ' Hello, My name is O\'Reilly It\'s nice to meet you ' ; Escaping information you're going to use in a query is especially important because, if you don't escape it, You leave your queries vulnerable to SQL injection. Look at this script here: $strCheckUserSQL = "SELECT * FROM subs WHERE username='$username'"; The string in $_POST['username'] is substituted in place of $username. If my username were to contain a single quote (Like O' Reilly) You'd have an invalide query which looks like this. "SELECT * FROM subs WHERE username='O' Reilly"; This doesn't seem that serious but i could easily add SQL commands into my username to make your query execute commands that i want it to. I could steal all your passwords this way. To prevent SQL injection (Or atleast make it really difficult to do), You can use the mysql_real_escape_string() function. It requires you to have a connection to the database but you already have that. //Like this $username = mysql_real_escape_string( $_POST['username'] ); I guess it's better that i don't post the string i'd enter to get your passwords. Here's an example i wrote up if you're interested in learning what SQL injection is: http://ping-localhos...brickhouse.html Also, You could md5 encrypt your passwords. A lot of identity theft happens because people use the same passwords on many sites. So if i were to steal passwords from your sites, I'd try them on every other site too.

First, you need to modify your "subs" table to include "created" column. Make this column a type of boolean, and give it a default value of FALSE. Then, break this up into two scripts. First script: <?php include 'mysql-connect.php'; $username = $_POST['username']; $password = $_POST['password']; $firstname = $_POST['firstname']; $lastname = $_POST['lastname']; $email = $_POST['email']; $ip = $_SERVER['REMOTE_ADDR']; $strCheckUserSQL = "SELECT * FROM subs WHERE username='$username'"; $CheckUserQuery = mysql_query($strCheckUserSQL); $strCheckEmailSQL = "SELECT * FROM subs WHERE email='$email'"; $CheckEmailQuery = mysql_query($strCheckEmailSQL); // You really should escape these values, but I'm not going to do that here mysql_query("INSERT INTO subs (username, password, firstname, lastname, ip, email) VALUES ('$username', '$password', '$firstname', '$lastname', '$ip', '$email')"); Create this cron script in your [home] folder, NOT your public_html folder. #!/usr/bin/php <?php $strCheckSubSQL = "SELECT * FROM subs WHERE created=false"; //Connect to the database $result = mysql_query($strCheckSubSQL); while($row = mysql_fetch_array($result)) { //Create the user in cPanel //Update the record with created=true } //Close the connection You'll also need to chmod the cron script to 777.

This entire script he has is not very secure, as someone could possibly inject malicious content into the $username parameter, but it's his account.

Try this: <? $username = $_POST['subdomain']; $path="http://seifhate:pass@seifhatem.co.cc:2082/frontend/x3/subdomain/doadddomain.html?rootdomain=seifhatem.co.cc&domain=$username"; $f = fopen($path, "r"); file_put_contents(__DIR__.'/log.txt',stream_get_contents($f)); fclose($f); ?> <html> <form method="POST" action=""> Subdomain: <input type="text" name="subdomain"/> <input type="submit" name="submit" value="Create"/> </html> . Then, check the contents of log.txt to see the problem Sorry i can't understand this part You can do this in your cPanel under "cron jobs." See this for instructions of how to create a PHP cron script.

echo stream_get_contents($path) to see what the problem is.

Sub-domain creation does not work on Stevie. cPanel staff are working on the problem.