[Applying multiple ssl's to one ip address, multiple websites]

Check your certificates. Or if they're both online somewhere then we can see them.

 

You should probably clarify what exactly the "error regarding ssl by the browser" is.

[How is a stolen session id implemented and other session questions.]

I don't understand how you would implement a stolen session, isn't this generally hard coded in php?

How do you submit that to the website as if the website created that itself, or would it be used say in an injection attempt where the user is valid?

But how PHP know which session it should use? The browser has to tell it somehow.

 

Sessions are controller by a session cookie (by default named "PHPSESSID") which contains a session ID (a random value). PHP gets the cookie with the request and loads the corresponding session data.

Stealing a session is a matter of getting that session cookie and setting it in your own browser. PHP itself doesn't know the difference because all it has to work with is the session ID. That's why an application needs to verify session data: record IP address, user agent, stuff like that, in the session and then verify it with each request.

 

In this case, should I not use account names/user names for session ids because these are seen in the public say from posts and then they could be attempted as valid session ids.

Given what I just said about session IDs, this statement does not make sense.

 

I guess in this case I would have to generate session ids that expire at a certain time and renew.

Depending on your application you may need a few things:

1. The session ID regenerates frequently and the old session ID is invalidated. This prevents concurrent browsing (eg, by the user and an attacker).

2. The session ID doesn't last long, depending on what kind of activity you expect from a user. Long enough that a user doesn't get logged out just because they stepped away from the computer, short enough that it's not feasible for an attacker to simply store the ID somewhere and use it later.

3. You may need persistence with a "remember me"-type token, which can partially identify a user.

 

And SSL for everything, of course.

[Applying multiple ssl's to one ip address, multiple websites]

This is my virtual host setup at the moment and the two port 443's are identical yet the first one works, while the second one has problems. Specifically the form https://site2.com throws an error regarding ssl by the browser but the https://www.site2.com version is fine.

That would be because the "site2.com" hostname doesn't match the "www.site2.com" hostname in your certificate. You should be able to get a cert with both names in it. I don't remember the correct terminology but you specify one as the primary name and the other as a secondary name.

 

Fun fact: up until relatively recently (a couple years or so?) https://amazon.com would present the SSL warning. Someone else had that problem too, forget who it was.

[Parse content from xml url using php]

how would i use to show the values of each string ?

 

(string)$xml->Device["publicAddress"]

(string)$xml->Device["clientIdentifier"]

I dunno. echo? print? Mobile app? You decide.

 

Both are date stamps i guess i can use date to convert to more readable format.

 

[createdAt] => 1447797662

[lastSeenAt] => 1447797662

That would be why I suggested it.

[Parse content from xml url using php]

The publicAddress and clientIdentifier are attributes on the .

(string)$xml->Device["publicAddress"]
(string)$xml->Device["clientIdentifier"]

I don't know where you're getting the created time from but use date to make it more readable.

[bold font in php email]

Use like you expect. However your emails have to be sent as HTML, which basically means formatting everything in the email as if it were HTML. Preferably with and and

s and such.

Once you have the HTML markup correct (you can send yourself test emails to verify that), make whatever you use to send emails send them as HTML. If you're not sure about how to do that, we'll need to see the code that does the actual sending.

["Masked" Forwarding, aliasing a domain and all that - How To Do that!]

Right. Do not redirect, make sure your website doesn't have the domain name hardcoded anywhere, and make sure your web server is configured to show the same site/virtualhost for all four domain names.

 

 

Mind the SEO impact, though. If all four websites show the exact same content then they will all be punished for it in the search results. To be frank, what you want to do is a bad idea.

[frmvalidator.addValidation regexp for a line break?]

Order does not actually matter.

 

What did you have that wasn't working and what do you have now?

[frmvalidator.addValidation regexp for a line break?]

\r and \n are easier than the \u syntax, but they'll be interpreted by Javascript and you'll get those characters inside the actual string.

Escape the backslashes like "\\r\\n".

[xml parse]

$entry is only an . There is no and such in it. You have to go down into the to get those.

foreach ($xml->entry as $entry){
    $Fnum=$entry->content->{'filing-type'};

[Set associative array at pointer]

There is a way to do it as you describe, so if you want that solution for academic reasons there's that. However it uses references (PHP does not have pointers but references are close) and I try to avoid references unless I know my audience (eg, coworkers) will be comfortable working with them.

 

For normal code I would go with either

a) The recursive version, as posted by Barand, or

b) A loop-based version where you construct the array backwards, as in

array()
array('key3' => array())
array('key2' => array('key3' => array()))
array('key1' => array('key2' => array('key3' => array())))

[moving a file to another directory]

"The file input"?

 

rename (which does moves too)

Figure out the path to the file in directory A, figure out the path you want it for in directory B, and pass both to rename().

[Can anyone show me how to add "days" to this code?]

I did that and the days stay at 00.

Okay, you got the "and a description of what's going wrong" part but you forgot about the "post the code you have".

 

As you can see, my "$timeLeft" variable == hours only.

No, that's milliseconds.

 

I found another counter that includes the days.  It works perfectly, except it always adds extra "6 hours" on top of my time.  Which is weird. Can't figure out why.

Probably to do with timezones.

[Doctrine fetches 160 results from a table when 3 are present]

So if you go into a MySQL client program (like phpMyAdmin) and execute

SELECT * FROM reactions WHERE topic_id = 1

then you only get three rows?

 

Dump out or log the value of $row2 somewhere. If it shows three rows then you're looking in the wrong place, and if it shows more than three rows then Doctrine is doing something spooky.

[Can anyone show me how to add "days" to this code?]

Should be pretty straightforward: take the lines that deal with hours/minutes/seconds, create a duplicate fourth line for the hours, and make sure you get the math right.

 

Example 1:

<span class="hour">00</span>
<span class="min">00</span>
<span class="sec">00</span>

becomes

<span class="day">00</span>
<span class="hour">00</span>
<span class="min">00</span>
<span class="sec">00</span>

Example 2:

var hoursContainer = $(container).find('.hour');
var minsContainer  = $(container).find('.min');
var secsContainer  = $(container).find('.sec');

becomes

var daysContainer  = $(container).find('.day');
var hoursContainer = $(container).find('.hour');
var minsContainer  = $(container).find('.min');
var secsContainer  = $(container).find('.sec');

Go ahead and give it a shot. If you have problem, post the code you have and a description of what's going wrong.

[what are the reasons to upgrade from PHP5.2 to newer ?]

Opinion? You should have upgraded YEARS ago. Because 5.2 stopped being supported YEARS ago. No updates since then. Not even security updates. Who knows how vulnerable the application is!

 

It will take time and lots of testing but it needs to happen: upgrade to PHP 5.6. There are migration guides available to help with the process.

[Mail issue leads to need for complex str_replace?]

You also need to be putting $new_recipient back into the array, not the original $recipient.

 

Another thing. Keep in mind that strpos() can return 0 if the string starts with a @. And 0 == false. So you'd get something like "@foo@xyz.com". The alternative is "@foo" (looks like an email so don't change it), which isn't good either but it would probably be better to keep that. So use === false for an exact comparison.

[Mail issue leads to need for complex str_replace?]

So you've got $new_recipients. explode() that into a new variable. It'll be an array, so you can foreach over it to get the various bits inside.

foreach ($exploded_new_recipients as $key => $recipient) {

Each $recipient bit will be an email address or name. If you exploded on just a comma (which I suggest) then there could be some spaces too that need to be trimmed off. Once you have the "plain" value, you need to tell if it's a name or email. The easy way to check is to see if there's an @ sign, given that the user should really only be entering names or email addresses. (You could really scrutinize them if you wanted to, though.)

 

For email addresses you'd just leave them alone. For names you'll want to modify them to be email addresses instead: update $recipient with the new value (replace spaces and add "@xyz.com), then update the original array too with

$exploded_new_recipients[$key] = $recipient;

(Because updating $recipient won't also automatically update $exploded_new_recipients.)

 

After all that, the array should be just email addresses. implode() it back together (using comma+space this time, for a more nicely formatted list) and you're back to a single string of everything.

[Mail issue leads to need for complex str_replace?]

1. explode() on commas and foreach

2. Trim extra whitespace

3. If the thing isn't an email then replace space->period and add "@xyz.com"

4. implode() back together into a string

[Boolean]

 

echo true ^ true;
echo !(true);

 

You're suffering from PHP's loose typing. ^ is not a logical operator but a bitwise operator. It acts on numbers. true^true is interpreted as 1^1. The answer is, of course, 0.

However ! is a logical operator. !true is false, but PHP decided that the string representation (ie, what you get when you try to echo it) is empty.

 

Try

echo "1 and 1 = "; echo (1 && 1 ? "1" : "0");
echo "<br>1 or 1 = "; echo (1 || 1 ? "1" : "0");
echo "<br> 1 xor 1 = "; echo (1 ^ 1 ? "1" : "0");
echo "<br>Not 1 = "; echo (!1 ? "1" : "0");

or

function showvalue($expr) {
	echo $expr ? "1" : "0";
}

echo "1 and 1 = "; showvalue(1 && 1);
echo "<br>1 or 1 = "; showvalue(1 || 1);
echo "<br> 1 xor 1 = "; showvalue(1 ^ 1);
echo "<br>Not 1 = "; showvalue(!1);

You should also (re)acquaint yourself with PHP's various operators. I suggest you stick with the bitwise operators only, meaning use & and | instead of && and ||.

[DNS nameserver changes]

I changed the nameservers from the default 123 reg ones to the prophet tech ones in the nameserver management section for the domain in the 123 reg control panel, and nothing else. Do I need to do anything else in the DNS?

Yeah, there's more to it than just the nameservers.

 

Say you have a question about your website. You go to Google and search for "where can I find my website?" Google does not tell you what the answer is, but rather it tells you where to find the answers. You still have to look at the search results. You try the first one, and you get the answer you need. Great. But maybe it doesn't have it. If not then you go to the second result. And third. Until you find your answer or run out of results and give up.

 

Google is the domain registration. You asked it about your website and it told you where to look next.

Google's search results are the list of nameservers. You try each one until you get the answer you need.

 

All you did was tell Google what search results to show for the question. You still have to make sure that each search result has the right information.

[DNS nameserver changes]

You updated the domain registration to use the new nameserver, great. But did you update the nameservers themselves with the information for the domain? Do the nameservers have that configuration? Because it's not magic: you have to actually tell them the DNS records for the "thepizzacompany.co.uk" and "www.thepizzacompany.co.uk" and so on.

 

Or alternatively, did you do a zone transfer from the old nameservers to the new ones?

[DNS nameserver changes]

If I run nslookup on Windows I get

------------
Server:  www.newcastlesedationclinic.co.uk
Address:  88.208.228.254

------------
SendRequest(), len 39
    HEADER:
        opcode = QUERY, id = 2, rcode = NOERROR
        header flags:  query, want recursion
        questions = 1,  answers = 0,  authority records = 0,  additional = 0

    QUESTIONS:
        thepizzacompany.co.uk, type = ANY, class = IN

------------
------------
Got answer (39 bytes):
    HEADER:
        opcode = QUERY, id = 2, rcode = REFUSED
        header flags:  response, want recursion
        questions = 1,  answers = 0,  authority records = 0,  additional = 0

    QUESTIONS:
        thepizzacompany.co.uk, type = ANY, class = IN

------------
*** www.newcastlesedationclinic.co.uk can't find thepizzacompany.co.uk.: Query refused

Compare that to the output for that working site.

------------
Server:  azzuriuk.com
Address:  88.208.228.254

------------
SendRequest(), len 36
    HEADER:
        opcode = QUERY, id = 2, rcode = NOERROR
        header flags:  query, want recursion
        questions = 1,  answers = 0,  authority records = 0,  additional = 0

    QUESTIONS:
        justgeordies.co.uk, type = ANY, class = IN

------------
------------
Got answer (242 bytes):
    HEADER:
        opcode = QUERY, id = 2, rcode = NOERROR
        header flags:  response, auth. answer, want recursion
        questions = 1,  answers = 6,  authority records = 0,  additional = 3

    QUESTIONS:
        justgeordies.co.uk, type = ANY, class = IN
    ANSWERS:
    ->  justgeordies.co.uk
        type = MX, class = IN, dlen = 9
        MX preference = 10, mail exchanger = mail.justgeordies.co.uk
        ttl = 86400 (1 day)
    ->  justgeordies.co.uk
        type = TXT, class = IN, dlen = 19
        text =

        "v=spf1 +a +mx -all"
        ttl = 86400 (1 day)
    ->  justgeordies.co.uk
        type = SOA, class = IN, dlen = 46
        ttl = 86400 (1 day)
        primary name server = ns1.prophettech.co.uk
        responsible mail addr = admin.prophettech.co.uk
        serial  = 1418996338
        refresh = 10800 (3 hours)
        retry   = 3600 (1 hour)
        expire  = 604800 (7 days)
        default TTL = 10800 (3 hours)
    ->  justgeordies.co.uk
        type = NS, class = IN, dlen = 2
        nameserver = ns1.prophettech.co.uk
        ttl = 86400 (1 day)
    ->  justgeordies.co.uk
        type = NS, class = IN, dlen = 6
        nameserver = ns2.prophettech.co.uk
        ttl = 86400 (1 day)
    ->  justgeordies.co.uk
        type = A, class = IN, dlen = 4
        internet address = 88.208.228.254
        ttl = 86400 (1 day)
    ADDITIONAL RECORDS:
    ->  mail.justgeordies.co.uk
        type = A, class = IN, dlen = 4
        internet address = 88.208.228.254
        ttl = 86400 (1 day)
    ->  ns1.prophettech.co.uk
        type = A, class = IN, dlen = 4
        internet address = 88.208.228.254
        ttl = 86400 (1 day)
    ->  ns2.prophettech.co.uk
        type = A, class = IN, dlen = 4
        internet address = 88.208.230.230
        ttl = 86400 (1 day)

------------
justgeordies.co.uk
        type = MX, class = IN, dlen = 9
        MX preference = 10, mail exchanger = mail.justgeordies.co.uk
        ttl = 86400 (1 day)
justgeordies.co.uk
        type = TXT, class = IN, dlen = 19
        text =

        "v=spf1 +a +mx -all"
        ttl = 86400 (1 day)
justgeordies.co.uk
        type = SOA, class = IN, dlen = 46
        ttl = 86400 (1 day)
        primary name server = ns1.prophettech.co.uk
        responsible mail addr = admin.prophettech.co.uk
        serial  = 1418996338
        refresh = 10800 (3 hours)
        retry   = 3600 (1 hour)
        expire  = 604800 (7 days)
        default TTL = 10800 (3 hours)
justgeordies.co.uk
        type = NS, class = IN, dlen = 2
        nameserver = ns1.prophettech.co.uk
        ttl = 86400 (1 day)
justgeordies.co.uk
        type = NS, class = IN, dlen = 6
        nameserver = ns2.prophettech.co.uk
        ttl = 86400 (1 day)
justgeordies.co.uk
        type = A, class = IN, dlen = 4
        internet address = 88.208.228.254
        ttl = 86400 (1 day)
mail.justgeordies.co.uk
        type = A, class = IN, dlen = 4
        internet address = 88.208.228.254
        ttl = 86400 (1 day)
ns1.prophettech.co.uk
        type = A, class = IN, dlen = 4
        internet address = 88.208.228.254
        ttl = 86400 (1 day)
ns2.prophettech.co.uk
        type = A, class = IN, dlen = 4
        internet address = 88.208.230.230
        ttl = 86400 (1 day)

So, are you sure the nameservers are configured to serve that domain?

[DNS nameserver changes]

ns[12].prophettech.co.uk? They're refusing DNS queries...

[Combine 2 variables and use as an ID]

x+y is "#inputList2". A string.

[x+y] is ["#inputList2"]. An array.

 

I don't know where you're getting those []s from but get rid of them.