amelierosalyn

Skip navigation

All posts tagged with "PHP"

You don't need to ConvertToPHP just to use includes

I have seen countless threads on the various forums from people who are asking for help because their member lists don't show in whatever popular fanlisting script they're currently using. When asked for their code, 9 times out of 10 it looks like this:

<?php
include('header.inc');
if(!$_SERVER['QUERY_STRING']) { ?>

Here are all my members!!!!
[Insert member list code here]

<? } include('footer.inc'); ?>

Can you spot what's wrong with that?

If you can't, here's the answer. Most fanlisting scripts use the query string (that's the bit that comes after a ? in a URL, such as country=USA in a URL like members.php?country=USA) to display members from different countries. The code there includes a line which says if (!$_SERVER['QUERY_STRING']) { which means "if there is no query string, do the following..." ... and the person has stuck their member code in the "do the following" bit (signified by the { and }). The members list WILL fail here, because it relies on the query string. If you tell the members to only show when there is no query string, it will break when you attempt to go to a country.

Now the reason this is happening so often is because it seems that people think "ooh I need a PHP page... How do I do that? Ah, NL-ConvertToPHP." This is wrong, people! All you need to have a "PHP page" is to give it a .php extension. If you want headers and footers (which NL-Convert uses as well), there are millions of tutorials on how to do this online. Don't assume that just because that script is called "ConvertToPHP" it is the be-all and end-all of how to make PHP pages.

Oh yeah, and I have internet again. Just in case anyone was wondering.

How to change your WordPress username

Sick of using the name 'admin' to login to your WP installation? Have a user with the login 'PiNkbUnNiEz!1" but want to change it without that user losing all their posts/creating a new account etc.? Tried to do it but found the field disabled in your WP admin panel?
Here is what you need to do.

  1. Before you do anything, backup your database. If you don't know how to do this, ask at the WP forums or Google it - there are some plugins that will do this for you if you don't have access to things like phpMyAdmin (a MySQL tool which can be used to backup your database - Jem has a tutorial on this which may be useful)

  2. Paste this into a file. Name it anything you like, as long as it has a .php extension:

    <?php
    $existing_username = 'admin';
    $new_username = 'MY_NEW_USERNAME';

    // —————

    if (!file_exists('wp-config.php')) exit('Could not find wp-config.php, please make sure you place this file in the same directory as all your WP files.');

    require 'wp-config.php';

    $link = @mysql_connect(DB_HOST, DB_USER, DB_PASSWORD);
    if (!$link) exit('Could not connect to MySQL');
    mysql_select_db(DB_NAME, $link) or exit('Could not connect to MySQL');

    if (mysql_query('UPDATE `' . $table_prefix . "users` SET `user_login` = '" . mysql_real_escape_string($new_username, $link) . "' WHERE `user_login` = '" . mysql_real_escape_string($existing_username, $link) . "' LIMIT 1", $link)) echo 'Username updated, your username is now ' . $new_username . '.';
    else echo 'Could not update your username. MySQL said: ' . mysql_error($link);

    mysql_close($link);
    ?>

    Change the first two lines (excluding the one that says '<?php', obviously :P ) to your existing username (probably admin) and your new desired username. Save the file, then upload it to your WordPress directory. Make sure this file is in the same place as wp-config.php.

  3. Go to the file in your browser, e.g. yoursite/wordpress/the-file.php and voilà! :D

PHPAskIt Security Vulnerability

It has been brought to my attention that there is a serious security vulnerability within all versions of PHPAskIt, which states that the conversion scripts for Wak's Ask&Answer and the classic Ask&Answer can be hacked through the directory variables.

The security vulnerability is a hoax. The import files CANNOT be hacked through the $qadir and $dir variables even with register_globals on.

I find it such a shame that the person who discovered this has gone round telling everyone who will listen that my script's insecure (and every major security site there is) but 1) won't inform me (I found out through a Google search) and 2) makes things up. I've contacted them several times but each time the mail has bounced back. *Rolls eyes* How mature.