tsm1248

As a side not guys this project is far from done and is constantly being changed and only the base is complete if that. I am moving over to nginx and ajax push servers. We still have soo much to do. We have a hook but must remain quiet for now. Obviously i was brief for a reason. Right now its proof of concept ..does it work,,yes..ok just throw the code in and move on.. its like robotics you build it only to tear it down and repeat and learn more and more along the way allowing flexibility of decisions, take away and adding upgrading ect. To expect a finale product would suggest poor reading ability. I am looking for a team not criticism or pointers, where they have no reason to be coming from. The question is join the team learn the secrets ..in due time or just pass the offer up.

The cookie in the end is going to fit into an equation, as i said its only purpose is to hold a value like 1 key to a set of keys as of right now the way its used is a place holder (simple concept marker). Ignore the cookie for now. They both in the end no matter what are vulnerable to manipulation and hijacking. It gets down to do i want the user to be loged in long term or short term? The cookie in itself will hold 2 distinct variables 1 (key relevant to user) (2nd irrelevant yet very relevant to access) (2 keys) that fit into a lock that must then comply with the rest of the keys to gain access. I am very aware of the differences between a session and a cookie. Here are a few good articles outlining some difficulties with this question. http://www.phpshare.org/articles/Cookies-versus-Sessions http://thinkvitamin.com/code/how-to-create-totally-secure-cookies/ Again I would like to stress that the cookie, is a simply a marker for a feature yet to be implemented. I rather have the user's input secure right now and worry about everything else later. When i get to the cookies I will gladly shoot you a link to the app and let you have your way with it. I still have't worry about Nginx and ajax push right now and these little problems are chilling in the back of the bus.

As a die not Object oriented PHP is very bad for app performance and memory. Its only positive aspect is team readability and maintenance. I would suggest making your code more static. If your calling the data from a previous page consider a form to post data to the next page or storing info in cookies or sessions. Also make sure you don't have any headers in the way so that the cookie/session can be created, and make sure they are secure.

There is a sql command to select a random row(s) ORDER BY RAND() and you could limit with u guessed it LIMIT but keep in mind the idea of grabbing a random row in php rapes performance; not in a good way.

After long chats with security coders ..it got down to just using a cookie for site login as apposed to sessions; but create strings to verify the user..the cookie is far from secure itself its name i user and holds a number value being the id. After that cookie becomes secure then i will worry about verifying the user ect.. Of course it gets more detailed than that but as of right now as you can see user input and input in general needs to be precise the idea is what every goes into the system will be absolute so when the system processes the string and shoots it out the data has no flaws. Thanks for the reply!

Whats up guys..just wanted to know if there is any security i should worry about on this Is there anyway at all to by pass this post Yes its overkill thats why im asking.. $(".like").click(function () { var id = $(this).parent().find(".id").val(); var url = 'id=' + escape(id) + '&submit=1'; $.ajax({ type: "POST", url: "Actions/insert/up.php", cache: true, data: url, success: function(){........took out some code no reason to have below is up.php <?php $id=stripslashes(trim(htmlentities(mysql_real_escape_string(strip_tags(strtolower(preg_replace('/\s+/','', $_POST['id']))))))); $s=stripslashes(trim(htmlentities(mysql_real_escape_string(strip_tags(strtolower(preg_replace('/\s+/','', $_POST['submit']))))))); $user=stripslashes(trim(htmlentities(mysql_real_escape_string(strip_tags(strtolower(preg_replace('/\s+/','', $_POST['user']))))))); define('IS_AJAX', isset($_SERVER['HTTP_X_REQUESTED_WITH']) && strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) == 'xmlhttprequest'); if(IS_AJAX) { if (isset($_COOKIE['user'])) { $connection = mysql_connect() or die(mysql_error()); mysql_select_db('mainframe', $connection) or die(mysql_error()); $idcheck=mysql_query("SELECT id FROM taken out WHERE id='$user' "); $rowic = mysql_fetch_array($idcheck); if ($idcheck){ if ($s=='1'){ mysql_query("INSERT INTO thumbsup (postidup,useridofup,typeof) VALUES ('$id','$user','up')")or die(mysql_error()); }else {die('Take it easy big guy!');} }else {die('Take it easy big guy!');} }else {die('Take it easy big guy!');} }else {die('Take it easy big guy!');} mysql_close($connection); ?>

Hey whats up guys. Iv been working on this little side project for about 2 weeks now about maybe 15 hrs total put in. I only have time for it on week ends so it's kind hard to fit it in during the week. Here's a link check it out its on a home server its far from done and i still have aaaaaa LOOOt to do (it hurts just thinking about it); but its been a fun project so far...http://98.109.55.90:8888/ if anyone wants to help out that would be awesome and just message me or email me tsm1248@gmail.com I really need a team to get this thing going a little faster teyaaanks!

OO nvm u da best i f@c$ing love you

OK so i have a textfield and i have everything going to the database and then displaying on the page. Now is there a way to display code on the page but disable it from executing? There are some break tags in there so i would still like them to be executed on the page.

I need to tie the check boxes with them so i can update the correct unique field from the checkboxes id and then insert one of the options into the row

First off thanks for responding i really need some help on this one a bit stuck test1.php <?php mysql_connect("localhost", "root", "root") or die(mysql_error()); mysql_select_db("db1") or die(mysql_error()); $query = "SELECT * FROM tickets ORDER BY id DESC"; $result = mysql_query($query) or die(mysql_error()); while($row = mysql_fetch_array($result)) { print "<input name='delete[]' value='{$row['id']}' type='checkbox'>"; mysql_connect("localhost", "root", "root") or die(mysql_error()); mysql_select_db("db1") or die(mysql_error()); $query2 = "SELECT * FROM admin"; $result2 = mysql_query($query2) or die(mysql_error()); print "<form name='namestoupdate' method='post' action='test.php'>\n"; print '<select>'; while($row2 = mysql_fetch_array($result2)) { if ($row2['priv']==prov){print '<option value="'.$row2['user'].'" name="prov['.$row['id'].']">'.$row2['user'].'</option>';} } print '</select>'; print "<input type='submit' value='submit' />"; print "</form>"; } ?> test.php <?php $delete[]=array(); if(isset($_POST['delete'])){ foreach($_POST['delete'] as $ticket) $delete[]=$_POST['prov'][$ticket]; } echo count($delete) . " tickets to remove <br />"; for($i=0;$i<count($delete);$i++){ $n=$i+1; echo " #{$n} - {$delete[$i]} <br />"; } ?> This is what the code now looks like and outputs the following regardless if a checkbox is checked and its the same output each time output 1 tickets to remove #1 - Array

Ok so i want to grab an id from the checkbox then grab the option drop down associated with that check box and update a mysql row here is my code so far any help is awesome help taaaanks guys <?php mysql_connect("localhost", "root", "root") or die(mysql_error()); mysql_select_db("db1") or die(mysql_error()); $query = "SELECT * FROM tickets ORDER BY id DESC"; $result = mysql_query($query) or die(mysql_error()); while($row = mysql_fetch_array($result)) { print "<input name='delete[]' value='{$row['id']}' type='checkbox'>"; mysql_connect("localhost", "root", "root") or die(mysql_error()); mysql_select_db("db1") or die(mysql_error()); $query2 = "SELECT * FROM admin"; $result2 = mysql_query($query2) or die(mysql_error()); print "<form name='namestoupdate' method='post' action='update.php'>\n"; print '<select>'; while($row2 = mysql_fetch_array($result2)) { if ($row2['priv']==prov){print '<option value="'.$row2['user'].'" name="prov['.$i++.']">'.$row2['user'].'</option>';} } print '</select>'; print "<input type='submit' value='submit' />"; print "</form>"; } ?> Visual aid

I have a checkbox when it is checked i garb its value ---meaning the id i take that id and i would like to use it in my where mysql_query statement then I would like to insert the array from the other foreach one after another with a prov meaning provider here is my code print "<select name='prov[]'>"; print '<option value=""></option>'; mysql_connect("localhost", "root", "root") or die(mysql_error()); mysql_select_db("db1") or die(mysql_error()); $query2 = "SELECT * FROM admin"; $result2 = mysql_query($query2) or die(mysql_error()); while($row2 = mysql_fetch_array($result2)) { if ($row2['priv']==prov){print '<option value="'.$row2['user'].'">'.$row2['user'].'</option>';} } print '</select>'; print '</div>'; <?php if (!empty($_POST[submitdeletetic])) { foreach ($_POST["delete"] as $key => $id) foreach ($_POST["prov"] as $prov) { mysql_query("UPDATE tickets SET prov='$prov' WHERE id='".(int)$id."'") or die(mysql_error()); } } ?>

OK so the first time loop outputs the first line both loops work then after that only the first loop works?

Wow just figured it out just placed an if statement on one page for both of them..thanks for all your help guys great community and great people

Thanks guys that worked fantastically can i have a forum within a forum and have the button within the html forum tag send to a different php page <forum> <forum> both forums go to dif pages </forum> </forum>

Sry had to shorten the code..sry it took a little long

Scroll all the way to the bottom! <?php mysql_connect("localhost", "root", "root") or die(mysql_error()); mysql_select_db("db1") or die(mysql_error()); $query = "SELECT * FROM tickets"; $result = mysql_query($query) or die(mysql_error()); while($row = mysql_fetch_array($result)) { can i have another loop here from a different table } ?>

Yes i connect and do the normal routine and i echo out all the rows that have a $row->type==tickets the issue is can i now call from a different table a loop os users into that table? So another question arrises can i loop from another table within a loop

Is it possible to have a loop run in a loop ?