[Spoof Jquery Request]

Like a regular user. It is impossible to tell if a request comes from a real person.

[To test a prime number]

1. You can start at $i=3 and skip even numbers.

2. You can stop at sqrt($num).

3. Make your function return true/false instead of outputting a string.

4. There's absolutely no need to keep track of all those $numbers: if it's divisible by $i then false, and make it return true after the loop finishes.

5. Research other methods of determining primes.

[Spoof Jquery Request]

As your jquery_test.php code shows, there needs to be an X-Requested-With HTTP header with the value "XMLHttpRequest".

 

Add a

curl_setopt($ch, CURLOPT_HTTPHEADER, array("X-Requested-With: XMLHttpRequest"));

[restore removed classes]

They're gone. You can't get them back.

 

Consider hiding the elements instead of completely removing them.

[Problem unlinking files using While()]

On 4/17/2015 at 6:00 PM, A JM said:

Can you elaborate on the security issue and how the htmlspecialchars() functions aleviates the problem?

PHP_SELF contains a portion of the URL that is pretty much exactly as the user entered it in their browser. Most of the time someone can enter in something you didn't expect and still execute your script. For example, "script.php" may be triggered with "script/foo/bar": the web server sees "script", realizes there's a matching file "script.php", and then executes it.

[Problem unlinking files using While()]

Nah, I sighed because this question comes up a lot but it's not the easiest thing to Google for. Problem is the symptoms vary, like broken links or losing form data. And just given those symptoms it's not necessarily obvious what's wrong, and the first place you'd check (the PHP code) isn't actually where the true problem is. Just one of those things where you know the answer from experience, not from raw PHP knowledge.

[Problem unlinking files using While()]

(sigh)

 

You should always put quotes around attributes in HTML. If you don't do that then spaces will mess it up and you'll lose stuff.

Also, PHP_SELF is not safe to use unless you wrap it in a function like htmlspecialchars().

echo "<form method='post' action='"?><?php echo htmlspecialchars($_SERVER['PHP_SELF']).'?delete=true&recordid='.$doc_folder.'&deletefile='.$file;?>
<?php echo"' ><a href='/pages/download.php?file=$file'> $file </a>   <input type='submit' value='delete'></form>";

And what's with your opening and closing tags? You've gone crazy with them.

[PHP help]

There's only one place in your code that updates the CurrentPoints and that's in the import script.

		if (strtotime($date) > strtotime('2009-09-20'))		

		{

			echo "-------------------------------DATE FOUND-------------------------------";



			// PLAYER ONE

			$query = "SELECT CurrentPoints From Players WHERE PlayerID = $playerIdOne";

			$result = $mysqli->query($query);

			$resultRow = $result->fetch_array(MYSQLI_BOTH);

			

			$currentPoints = $resultRow['CurrentPoints'];

			//$pointsEarned = CalculatePoints($numberOfTeams, $finish);

			$pointsEarned = CalculatePoints($genderId, $divisionId, $numberOfTeams, $finish);

			$currentPoints += $pointsEarned;

			

			$query = "UPDATE Players SET CurrentPoints = $currentPoints WHERE PlayerID = $playerIdOne";

			$result = $mysqli->query($query);

			

			// PLAYER TWO

			$query = "SELECT CurrentPoints From Players WHERE PlayerID = $playerIdTwo";

			$result = $mysqli->query($query);

			$resultRow = $result->fetch_array(MYSQLI_BOTH);

			

			$currentPoints = $resultRow['CurrentPoints'];

			//$pointsEarned = CalculatePoints($numberOfTeams, $finish);

			$pointsEarned = CalculatePoints($genderId, $divisionId, $numberOfTeams, $finish);

			$currentPoints += $pointsEarned;

			

			$query = "UPDATE Players SET CurrentPoints = $currentPoints WHERE PlayerID = $playerIdTwo";

			$result = $mysqli->query($query);

		}

(most of the interesting variables came from a row of the CSV file that the script is loading)

 

However what you sent me doesn't have any recent CSV files to look at. I assume you have them around somewhere?

Also, loading the Matt Mueller page you linked earlier gives different results than before: now it's 154 points vs 179 actual, which is a 25 point difference and points to either the June 14th or August 23rd tournament. So what has changed with the site and/or data in the last couple days?

[Call a function in a class]

It's not a static method so you'll need an instance of the class.

$myclass = new MyClass();

Then use the -> arrow operator.

$myclass->repairCategories(/* whatever value for $parent_id you want here */);

[While Loop Issues]

if(sqrt($hold) % 1 == 0){

It's not safe to use modulus with non-integer numbers. Try something more like

if(floor(sqrt($hold)) == ceil(sqrt($hold))){

[edit] But you have another problem: sqrt(1) == 1.

[PHP help]

I'm alright with you PMing me a link to download the code. I'll be looking to see how and when that CurrentPoints gets updated, then for a reason why that might not have happened. But I'm also working so it won't be very quick.

[PHP help]

It doesn't know the dates: CurrentPoints is just a number and it seems it wasn't updated properly when those September 6th figures were entered into the database or whatever. Were there any other dates after that? The question goes to whether updating stopped working entirely or whether it was just that one date that had problems.

[PHP help]

You have points being tracked in two different locations and they've started disagreeing with each other: Players.CurrentPoints (163) and the individual points per game (179).

 

That's a 16 point difference, which happens to be the number of points scored on September 6th. Coincidence? I don't know. Do any other players have a similar discrepancy?

[PHP help]

Not there. I think Players.class.php has a class named Players and in there a method named GetPlayerPreviews. That's what I'm interested in.

 

I could zip the php files together and email if that's easier..?

Let's see how far we can get without that.

[PHP help]

function is defined as...

Nothing useful in there. How about the code for Player::GetPlayerPreviews()?

[Specify how many times a message should be printed in a form]

You need a for loop and a while loop? One for loop is plenty for this. You can do a for loop or a while loop, though...

 

[edit] Anyways, with just a for loop, you're close.

for (first statement; condition to keep executing; statement to execute at the end of the loop's body) {

What you have: start with $random=0, keep executing as long as $random is less than 10, and every time at the end of the loop's body (that is, after the echo) it will increment $random by $number.

What that should be: start with $random=0 (although a better variable name would be nice), keep executing as long as $random is less than $number, and every time it increments $random by one.

[PHP help]

Please use a more descriptive title than "PHP help". You're posting a question here. We know you need help

And please use

 tags around your code. Makes it much easier to read that way.
 

$points = $playerPreviewCollection[$key]->GetCurrentPoints();
That's where the points are coming from so we'll need to see the code for that.
 

And can you describe what you mean by "not adding the points correctly"? How is it wrong? What is it supposed to be?

[simplexml_load_string Problem]

SimpleXML is a bit picky about what it shows when you print_r() or var_dump() it. Namespaces can make it look like there's no data when there is.

 

Fact is that trying to get data out of it is the easiest way to see if it's working. Try

echo $in0 = $xml->Body->children("http://ws.configureone.com")->fireOrder->in0;

or if not that,

echo $in0 = $xml->children("http://schemas.xmlsoap.org/soap/envelope/")->Body->children("http://ws.configureone.com")->fireOrder->in0;

[search to specific array key]

Make sure $kz is sorted, then foreach until the previous key = desired key. If it's not an exact match then pick whichever of the previous and current keys is closest.

[Help decoder php files!]

I hate Mega. At least this time I was actually able to download something successfully.

We will not reverse-engineer obfuscated code. If you need help with something, contact that person.

[php array]

$focus[]=array($row['focus']);

$focus is already an array. By doing this you're making it an array of arrays.

 

Forget the array() part and just use

$focus[]=$row['focus'];

[is there a way to make "size" work on "number" input]

size isn't valid on number inputs. Use CSS instead.

[general request security]

You can't prevent someone from listening to requests and faking their own. It's just not possible.

 

The best thing you can do is rely on them being unable to read the game's code. Which isn't true, but it's harder than simply sniffing traffic. For example, you can hash some private key with the name and score (known as request signing) and get something like

http://www.example.com/addscore.php?name=jimmy&score=100&signature=1234567890abcdef

addscore.php calculates and verifies the signature before recording the score.

[Just a quick question]

It won't be. Remember what I said about not trying to outsmart the database? Really. Don't do it.

 

All you have to do is put an index on the user ID in the table. That tells the database where to look for records for user #13. Then everything will work smoothly.

[Just a quick question]

Very wasteful. Your application should never have to routinely modify your database schema.

 

One log table and include the user ID in it. Remember that database servers are built for this exact kind of work. Don't try to outsmart them.