Messages

@sixthcrusifix

if the variable is undefined, it probably means that the query failed. i'm going to look closer to the code.

@ghost

to include a single quote inside a string delimited itself by single quotes, I need to escape them.
ex : $variable = 'UPDATE userbase SET password = \' (escaped single quote) ' (delimiter)

I think I found your problem.

You are doing a query and using the value mysql_query returned directly. mysql_query only returns a resource identifier that is designed to be fetched afterwards.

Try this :
$query2=mysql_query($SQL2,$conn)or die("SECOND QUERY FAILED");
$result2=mysql_fetch_object($query2);
$LPW=$result2->password;

To free memory you could also add :
mysql_free_result($query2);

$SQL1 ="UPDATE userbase SET password ='$NEW_PW' WHERE username = '$lostpw' '';

You dont need double quotes on the variables.. just the outside, which makes it easier.

My solution didn't use double quotes, but single quotes, this is why they had to be escaped. I agree that your solution is simpler, but mine is faster to process (single quotes are always faster).

Try this instead :

$SQL1 = 'UPDATE userbase SET password = \''.$NEW_PW.'\' WHERE username = \''.$lostpw.'\'';

That is the whole point of MD5 by the way. Then, you are sure that nobody can decipher your password (almost sure).

If you want to check if a password that was provided (let's call him x) is valid by comparing it to the database, just encrypt x and compare it to the encrypted value in the database. A given password will always produce the same value when encrypted with MD5.

You may also consider to use SHA-1, as MD5 is getting easier to break everyday.

Basically, you can host your website at freepgs and have your mail hosted elsewhere. Just set your A records to point to freepgs and your MX records to point to the mail exchanger of your choice.

There are a few alternatives I could tell you about :
- You could contact the admin to try to get an e-mail address for your account (not sure, he may accept but I never tried so I don't know);
- You could use a service like Live Domains (domains.live.com) by MSN to host your email by setting your MX records appropriately.
- You could try to use ZoneEdit (www.zoneedit.com). I use their service for one of my domains. Once I pointed my domain to their nameservers, I could choose to foward e-mail messages I receive to the address I select.

shall I remove  MX records?

If you want to receive mail at your domain, you need MX records. You could try to point them to mail.<yourdomain.com>
As the admin said, you also need to add an A record for the webmail subdomain.

Or, you could simply point your domain to the Plesk nameservers (NS) at plsk1.lvcs.net and plsk2.lvcs.net. This way, you would not have to set A and MX records for your domain, as Plesk would do it by itself.

you're welcome

mod_rewrite is enabled.

Changes I made in the code below :
- Added an [OR] between two RewriteCond
- Simplify your rewrite code a bit so it will run faster
- Added PNG as a protected extension

Try this :

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$ [OR]
RewriteCond %{HTTP_REFERER} !^http://(www\.)?freepgs.com/pinkness(/.*)?$ [NC]
RewriteRule \.(gif|jpg|png)$ / [F,L]

Both examples were originally provided, but the first one seems to be buggy. The second one works :

Code Select Expand

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^(http://(www\.)?freepgs.com/pinkness(/.*)?)?$ [NC]
RewriteRule \.(gif|jpg|png)$ / [F,L]

not sure what you mean by direct linking... if you mean hotlinking (another site using your image inside their page), it is getting harder to block.

many software and devices are now removing or garbling the referer header which is used to allow or block hotlinking. i must also say that blocking hotlinking may cause problems with google image search.

i know this info won't help you a lot, but it may help you reconsider this "protection" which is generally useless.

oops. just noticed the mistake.

PHP 4 has obviously less features that 5, so it would be a downgrade...
Anyway PHP 4 is only there as a maintenance release, that is : it is only updated for people who still need to run that version. To my knowledge, the recommended version is 5.

even if the freepgs control panel says your files are accessible through your domain, it might not be true.
if you had added your domain to your account before the fire (Oct 10), you'll need to add it back if you want everything to work fine

you can add your domain back at that address : http://system.freepgs.com/options.php?sec=doms

i think he meant "undecided"

If you're on the freepgs server, then it is /fpgs/fpgshttpd/username/

If you're on plesk, it is /home/httpd/vhosts/domain-name/httpdocs/ like in /home/httpd/vhosts/example.net/httpdocs/
If you have subdomains on plesk (like something.example.net), it is  /home/httpd/vhosts/example.net/subdomains/something/httpdocs