requinix

It's not permissions. You're mixing up two different but related concepts: file paths and URL paths. Quick primer: File paths are paths to actual files as they are on your computer. Using Windows as the best example of their differences, C:\Windows is a file path. In PHP you use file paths whenever you deal with include()ing scripts. URL paths are in URLs. Like right now I'm at /forums/index.php on the www.phpfreaks.com website. The relationship is about how the web server turns a URL into a file. "/forums/index.php" might translate into "C:\inetpub\phpfreaks\forums\index.php". You also can't confuse the two: I couldn't go to "www.phpfreaks.com/C:/inetpub/phpfreaks/forums/index.php", and in the code I couldn't include "http://www.phpfreaks.com/forums/index.php"; With that out of the way do you understand the problem? Because the DOCUMENT_ROOT is a file path, not a URL path.

Er yeah, expense. It depends what validateUploadedPhoto() actually does. Query the database? Since you have to do a query to get the photos in the first place, why not check then? Re: Unprofessional: This is the Internet. Shit happens. As long as you deal with it appropriately (right response soon enough) and had implemented something sufficient to do so then you're forgiven. Of course that's just the general case. Overkill: You implement this pre-moderation system only to find out that 99.99% of images uploaded are safe. Sure you catch one bad image in 10,000 but how much time did you spend approving the other 9,999? Alienate: If I'm using your site and discover that not only my photos have to be approved but it takes hours to do so then I probably won't use it. There are plenty of other sites I can go to instead. Flag: How else will you know if a photo is approved? In the time between the upload and the approval the image has to be stored somewhere, and since the only difference between "new" and "approved" is, well, whether it's approved, why not reuse the same mechanism and extend it just a little bit to have that flag?

Easiest change: Add an "approved" flag to the photos table which indicates what it sounds like it indicates. You might want one on the users table too: if a user is approved then their uploads are automatically approved (lets you skip moderation of people who have shown themselves to be trustworthy). But then you'd need some kind of "report" functionality. Then do the uploads like normal. When it comes time to show an image, if approved then you do as normal, and if not then you handle it differently. Personally I would just deny that the image exists in the first place, but otherwise you could use a placeholder image and some brief "Awaiting approval" message. But before you go on with this, consider what is actually necessary. How worried are you that people will upload inappropriate images? If they do, what happens? If there's little chance or little fallout then a pre-moderation system might be overkill and a reporting system would be all you'd need. How many photos will be uploaded in an hour? Do you have enough people to handle the approval process? Quickly enough to not alienate your users? If not then you can let users find the bad ones. How about user moderation? Basically every site driven by a community includes some form of user moderation system, ranging from simple user/superuser flags to multi-level hierarchies.

Just to be sure, what's the code around that call to file_exists()?

Have you considered setting up VirtualHosts for each of those sites? Then you wouldn't have to worry about paths.

First step is finding out who is saying where the site is. On an affected machine, 1. Who are the DNS servers? 2. If you do an nslookup -type=all www.sitename.com, what results do you get? 3. If you clear the cache (and verify that it's been cleared) and ping www.sitename.com, what IP address does it use?

It should prevent many forms, but there are some it won't. It depends where you output the strings. Pretty much all you need is htmlentities() or htmlspecialchars().

So no on a billion lines of code. How about just two? UPDATE friend SET requestor_approved = 1 WHERE requestor = current user AND requestee = other user UPDATE friend SET requestee_approved = 1 WHERE requestor = other user AND requestee = current user

1. Start with the string "LPK-2k". 2. Grab the first four digits. 3. Subtract 2000. 4. Append to the string. 5. Append a "-". 6. Grab the last three digits. 7. Append to the string.

Yes. "256" means there are 256 bits in the output hash.

No. You could combine two things into one "value" but that's generally a bad idea. I see two possibilities: 1. Friendships go both directions: if A is a friend of B then B is automatically a friend of A. In which case there should only be one record which one side being the current user and the other side being the other user (be that requestor/requestee or vice versa). And the query looks like WHERE (requestor = current user AND requestee = other user) OR (requestor = other user AND requestee = current user) 2. Friendships are unidirectional: if A is a friend of B that does not mean B is a friend of A. In which case the requestor is always the current user and the requestee is always the other person. Either way you only need to keep the other user's ID in the form.

It's your query. The problem is in your query. That's why it says "in your SQL syntax". What's your query? Or rather, what's the code to generate the query?

But the request, not the response. (Which is what OP meant since requests don't have status codes.)

Doesn't work well how? What if you remove the leading slash?

Dunno, but you'll probably end up using array_combine.

And on the other hand there's terms like "global variable" and "global scope"...

You mean you think OP actually meant literally global?

What's your code?

Then you need something somewhere that tracks all the ID numbers. Like a database table with an auto_increment field, then all the other tables's primary keys are actually FKs to that table (and don't have auto_increment themselves). query("INSERT INTO global_id_table (fields that help identify what this ID is for) VALUES (information or description or something)"); $id = get insert ID(); query("INSERT INTO real table (ID, fields) VALUES ($id, values)");

Can I do what? If you're using 5.4 then you have http_response_code, otherwise you'll have to write something yourself. Assuming you'd be writing PHP code for this, you wouldn't be able to use header() directly as your new code wouldn't know of the new response code.

So change it to something you prefer. Like rather than call show() you can set a view name using a default of "(action)View.php". The Router then calls a method on BaseController to show the view, and that method basically does $this->registry->template->show($this->viewName); I would structure it like // router controller = new controller; controller->execute(action); // BaseController::execute this->viewName = action + "View.php"; this->action(); this->registry->template->show(this->viewName); // controller::action this->viewName = "customView.php";

It's always 200 unless you change it yourself... You're talking about the status code of the page that PHP is currently rendering, right? Of the script that's executing?

If it's your own framework then you do it however you want... You have some code that calls the controller/action, right? Shortly after that it can render the view.

Give it a shot. Here's something you can use in it: function timediff($start, $end) { sscanf($start, "%d:%d:%d,%d", $shour, $sminute, $ssecond, $sfraction); sscanf($end, "%d:%d:%d,%d", $ehour, $eminute, $esecond, $efraction);

Not sure what you mean, but $number comes from the matched groups in the search expression - the ones you put ()s around. If you had /([0-9])\s+([0-9])([0-9])/ (which is inefficient but suitable for this example) then $1=the digit before the space, $2=the digit immediately after, and $3=the digit immediately after that. \1, \2, and \3 also work. If you wanted groups of numbers then you'd have to change the expression a little: it only matches individual digits right now. /(\d+)\s+(\d+)\s+(\d+)/ with \d being shorthand for [0-9] and + meaning "at least one of", then $1-3 are the first through third numbers. Then you'd replace it with $1,$2,$3 (or \1,\2,\3)