requinix

You begin checking the web server configuration. Web. I don't recommend starting with the cronjob or syslog configuration.

The 404 has nothing to do with the SSL certificate. The problem is somewhere in your web server configuration.

As a very simple and hopefully straightforward approach, try copying the certificate file to your computer and just seeing what sorts of things you can do with it. You assume you know how to right-click?

Private keys are private. Keep them that way. IIRC you take the public key from the server and install it on your computer. Then, when your browser sees that and asks your computer what to do, your computer can say that it's trusted. For creating a certificate authority... nevermind. It's going to be too much work. Do the Let's Encrypt thing, or if you can't then the install thing.

Yes. You would accomplish that by writing code to prevent it from inserting values into MySQL if they are left blank. Also, you need to switch to prepared statements now. You can continue using mysqli if you wish, but much of the PHP community prefers PDO because it is a little easier to use.

Where's the rest of the code?

You will get the warning when your computer does not trust the signing authority. Which is the case for self-signed certificates. The certificate functions, it's just not trustworthy. You can download and store the public key on your computer and tell it to trust that. Or you can create a certificate signing authority, trust that, then have it create the cert. Or you can get a certificate by Let's Encrypt, if there's a way to get the domain name publicly exposed.

Have you considered that might have something to do with the part of your code that deliberately returns a 500?

Are you getting an error from mysqli? Or is it from PHP this time? Do you see the "no data found" message?

You need to learn how to read error messages from the software you want to use. Syntax error messages from MySQL (and forks) will show you where in your query the problem was detected. That almost always means what you need to do is look at that spot, or perhaps slightly before, to see what's wrong.

Your query failed to run. Get an error message from mysqli to see what the server thinks is wrong. Or spend a couple minutes looking closely at the query. That might do it too.

Apparently some bad people have finally realized how to make obfuscated scripts in a way that can't be decoded by just anyone. It's more than 99.9% likely that's malicious. Assume that your website and any databases have been compromised. Take down your website, restore everything from backups, update WordPress and all your plugins, then bring the site back up. Also notify your web hosting company that your site was compromised so they can make sure their own systems weren't affected.

That question has the same answer as whether $a = 1; $b = 2; is a "better coding practice" than $b = 2; $a = 1; No. The second form suggests that you don't know whether the session has been started yet, and not knowing what your code is doing is not "proper".

That's not all you have to change... What input is the Javascript expected to send and what response is it looking for? To make sure we both understand the requirements.

Sure, why not.

A new error. You have to fix your code so that it doesn't assume everything, like query string parameters, are in the format you expect. This particular problem you're dealing with is something most PHP developers never even care about. They should, they just don't. No. Not only will the code not make the problem go away (and actually create a new problem along the way), what you're trying to do is not a good idea. It'll take me longer to explain what I'm thinking in words than in code, so here: class SearchQuery { public $value = ""; public static function readFromRequest() { $query = new self(); if (isset($_GET["search"]) && is_string($_GET["search"])) { $query->value = $_GET["search"]; } return $query; } } $query = SearchQuery::readFromRequest(); // pass $query around to places that need to know about searching

Oh, that's what the file was? I think the issue is in {$smarty.request.search|escape:'htmlall'} That's the only place that uses unknown input. The search was an array, as in search[]=.... Submit a regular search, then go into your browser's address bar and add brackets to the search=. Then see what happens. How to fix that, it's kinda up to you. Standard MVC is that you should be passing the search value into the view, not getting it from the request. If you did that then you would validate the search value in your regular code: the 404 page, and any other place that ends up including top_menu_bar. Right, yes, you did post the code I asked about. What I meant was "well that's not where the problem is". Was rather ambiguous, now that I look at it again.

Well that's not it. Most recent template was Smarty_Internal_Template._subTemplateRender("file:page_elements/top_menu_bar.tpl", null, null, "0", "120", Array[0], "0", false) What's in that file?

If you skip over the template stuff in the backtrace, you'll see these two lines: include("/home/siteaddress/public_html/errors/404.php") # line 34, file: /home/siteaddress/public_html/smarty_plugins/function.load_product.php Product.init("api") # line 5, file: /home/siteaddress/public_html/smarty_plugins/function.load_product.php What is the code for function.load_product.php?

Get your proof by recording activity according to the user's account, not their IP address. After all, they have to be logged in to see stuff. If the account has been active enough then you don't allow the refund. Then it doesn't matter whether someone browses with Tor or not. Or whether they browse from home, or the office, or their phone, or anywhere else that there will be a different IP address. Give previews of content so that people have some idea what they could get, then charge for full access. But yeah, there's basically nothing you can do to stop people from copying the content while they have access to it and then using the copies when their access expires or gets cancelled. You can try to spot abuse with scraping, with bad repeat customers, with content sharing, and any other way you can, but ultimately you cannot stop everything. Make it easy for people to get what they want and they'll be less likely to fight the system, then track what they do so you can give yourself some degree of confidence that you're able to detect typical levels of abuse.

Wait a minute. Your goal here is to not issue refunds to people who have paid money for use of your site and have used the site enough that you feel they have received their money's worth, right? We're talking about money here. Aren't you dealing with user accounts to do this? User creates an account, spends money, and gets content?

callables

Is there a particular reason you want to block people from trying to browse the internet anonymously? Not everyone has the kind of freedoms that the western world gets to enjoy.

You're off to a surprisingly good start, actually. Most people who are like "I'll just make a database for it" just kinda go for it without really knowing what they're doing. That said, you're a treasurer. You have a rather important job of keeping very good track of money. You need detailed records of everything that happens, not just a summary of it all. So here's the database design I'm thinking of: units tenancies charges payments ----- --------- ------- -------- ID ID ID ID number unit ID tenant ID charge ID notes tenant date date start date amount amount end date? notes notes There are four concepts involved here: 1. The units. You could go with just numbers but that doesn't allow you do do anything else with the concept. 2. Tenants. It's one thing to track payments against units, but units don't make payments. People do. And people move in and out of units all the time. You should be able to differentiate between payment #100 for unit #1234 made by John Smith and payment #101 for unit #1234 by the new occupant Jane Doe. 3. Charges. Because how can you record a payment of $100 when you don't even know what it's for? 4. Payments. You may only want this system to tell you who is up to date with payments, but what you need is to be able to know every little detail about how money is changing hands. I imagine you would use the system something like this: A new tenant is moving into the area. You open the application and go to the page where you manage tenants. You open the details for the unit they will be moving into and see that your system correctly thinks it's unoccupied (having handled the previous tenant's previous moving out earlier). You enter their name and start date and save. A new month starts and new HOA dues are required from each unit. You open up the application and go to the page where you enter new charges. You tell it that you want to enter a new charge for all currently-occupied units and how much the dues are. The system tells you that it created new charges for some number of units. You receive a check for from some unit. You open up the application and go to the page where you enter new payments being made, and it asks you for the unit. On the next page, it presents you with the current state of that unit: who lives there, what charges they've owed, and what payments have been made. The page tells you that they have not yet paid (fully) for a particular charge. You look at the check, confirm the name and address on it, confirm that the charge they wrote as a note is indeed what they still need to pay, and confirm that they aren't overpaying. You select that charge, enter the amount paid, and save. The system tells you that they've fully paid for that charge (or not), and perhaps also lists any other charges still unaccounted for. The HOA comes to you and asks for a report of everybody who hasn't paid their dues yet. You go to a reports page, then to the page that can tell you about outstanding charges. You select the charge corresponding to the month's dues and the system tells you each occupant who hasn't paid (fully) yet. An IRS agent comes knocking to conduct an audit. You go to a reports page that tells you all activity over a date period. You select the past year and the system tells you about every charge and every payment, and even summarizes it. The IRS agent compares your printout to their notes, frowns, and tells you that everything is in order. You then wake up from your dream and wish audits were that simple.

By putting it in the prototype instead of directly on the object instance. Using the prototype means everyone calls the same function, literally, while putting it on the instance means everybody is calling their own version of the function. Or are you asking how that mechanism works?