QuickOldCar

I agree, but when php7 is released a lot of these hosts better upgrade or will not have many customers. What do you think of this function? function salted_password($value) { if (!$value) { return false; } $salt = mcrypt_create_iv(22, MCRYPT_RAND); $salt = base64_encode($salt); $salt = str_replace('+', '.', $salt); return crypt($value, '$2y$10$' . $salt . '$'); }

I usually make plugins to add or remove certain things if(is_front_page() || is_home()){ if (function_exists('wp_nav_menu')) { remove_action('wp_head', 'wp_nav_menu'); } } In your case wrap the code you have with a check for not home or front page <?php if(!is_front_page() && !is_home()){ $anyMenu = get_terms( 'nav_menu' ) ? true : false; $menuSelect = get_theme_mod('tesseract_tho_header_menu_select'); if ( $anyMenu && ( ( $menuSelect ) && ( $menuSelect !== 'none' ) ) ) : wp_nav_menu( array( 'menu' => $menuSelect, 'container_class' => 'header-menu' ) ); elseif ( $anyMenu && ( !$menuSelect || ( $menuSelect == 'none' ) ) ) : $menu = get_terms( 'nav_menu' ); $menu_id = $menu[0]->term_id; wp_nav_menu( array( 'menu_id' => $menu_id ) ); elseif ( !$anyMenu ) : wp_nav_menu( array( 'theme_location' => 'primary', 'menu_class' => 'nav-menu' ) ); endif; } ?>

You should look into saving this into a database using mysqli or pdo It's not safe to store passwords like this, all passwords should never be saved as plain text anywhere, use password_hash and password_verify Here is something for you anyway. <?php //default defines $errors = array(); $filename = "Homework.txt"; $log = ''; $pass = ''; $email = ''; $mesaj = ''; //check if form submitted if (isset($_POST['start'])) { //check each POST value and not blank, else create an error if (isset($_POST['login']) && trim($_POST['login']) != '') { $log = $_POST['login']; } else { $errors[] = "login"; } if (isset($_POST['parola']) && trim($_POST['parola']) != '') { $pass = $_POST['parola']; } else { $errors[] = "parola"; } if (isset($_POST['email']) && trim($_POST['email']) != '') { $email = $_POST['email']; } else { $errors[] = "email"; } if (isset($_POST['mesaj']) && trim($_POST['mesaj']) != '') { $mesaj = $_POST['mesaj']; } else { $errors[] = "mesaj"; } //if no errors proceed if (empty($errors)) { //check for file if (is_file($filename)) { //open file for appending $file = fopen($filename, 'a+'); //remove submit from post array unset($_POST['start']); //post array into a string $string = implode("||",$_POST); //add file breaks $string .= "\r\n"; //write to file fwrite($file, $string); //close file fclose($file); //show message was added echo 'Datele au fost salvate! Iata ce este in fisier: <br />'; } else { //file doesn't exist echo "$filename inaccesibil!"; } } else { //there was an error in form $error_msg = "<p style='color:red;'>You have these errors: " . implode(", ", $errors) . "</p>"; } } ?> <!DOCTYPE html> <html> <head> <title>Form Data</title> </head> <style> table { border-collapse: collapse; width: 100%; } th, td { padding: 0.25rem; text-align: left; border: 1px solid #ccc; } </style> <body> <?php //show errors if exist if ($error_msg) { echo $error_msg; } ?> <form action="" method="post"> <p><label> Login: <input name="login" type="text" size="15" value="<?php echo $log;?>" ></label></p> <p><label>Password: <input type="password" name="parola" value="<?php echo $pass;?>" ></label></p> <p><label>Emailul dvs:<input type="email" name="email" value="<?php echo $email;?>" ></label></p> <p><label>Lasati mai jos mesajul dvoastra: <br /> <textarea name="mesaj" cols="50" rows="6" ><?php echo $mesaj;?></textarea></label></p> <p><input type="reset" value="Anuleaza" /> <input type="submit" value="Transmite" name="start" /></p> </form> <?php //check if file exists if (is_file($filename)) { //get file $file = file($filename); //start numbering $number = 1; echo "<table>"; echo "<tr><th>Number</th><th>Login</th><th>Password</th><th>Email</th><th>Message</th>"; //loop through all lines in file foreach ($file as $line) { //explode each line by it's delimiter $data = explode("||", trim($line)); //add them to table echo "<tr><td>" . $number . "</td><td>" . $data[0] . "</td><td>" . $data[1] . "</td><td>" . $data[2] . "</td><td>" . $data[3] . "</td></tr>"; $number++; } echo "</tr></table>"; } else { //file doesn't exist echo "$filename inaccesibil!"; } ?> </body> </html>

I agree with the others, nothing you have there is current or secure. Time to rewrite this script, a lot of users would be mad if they knew what they were signing into. Look into password_hash and password_verify. Not sure what your protect function does, always escape input for your queries. Use mysqli_real_escape_string with mysqli or pdo and prepared statements

That is asking for a lot, the forum is designed to help people with existing code. If you change the urls to specific files like css,images,etc they would no longer work. Changing the clickable href urls while appending your redirect could be done.

Good to hear.

Check for the specific values from your saved session file, only if they don't exist use the built in session values and save. As for them expiring, default sessions uses garbage collection. If you want to simulate that you can run a cron job on the files or check the file modification date using filetime and expire it a time you decided on upon accessing them. Another option is using a database and saving timestamps along with the users session data.

What part don't you understand? The query you have should be fine if use actual values. Post your current code if need more assistance with it. btw, mysql_* functions are deprecated and will be removed in php7, you should use mysqli_* functions or pdo

It's fine to do as that, just run a second query for the update.

session_destroy is for use with the default session handler, what you are doing is saving data into a file. If you want to remove your sessions file use unlink to delete that particular file The problem with your system is when would it delete your custom session file, would need to create a cron job and check live sessions.

Let's try to stick to the original topic.

Server 1: frontend website with user accounts and browsing available websites Server 2: api access storing image locations in a db with a from/to Server 3: solely storing images and other files as you said Your biggest issue would be any mysql queries if saving the from/to associating the images with that account. Should try to cache those results to do less mysql calls, don't rely on the internal mysql query cache, it wipes out every new insert.

Good point maxxd, ginerjm summed it up with all the processing first then display html after Sometimes can't even tell in these posts if getting it complete or a snippet. Place your database connection with credentials in a file like dbcon.php and include that first <?php include("../includes/dbcon.php"); $req = mysql_query('select * FROM Venues WHERE id="' . mysql_real_escape_string($_GET["id"]) . '" '); $dnn = mysql_fetch_assoc($req); $pageTitle = $dnn['title']; include("../includes/header.php"); ?>

You don't need to do a while loop to return one result set. Look into mysqli_* functions or PDO as mysql_* functions are deprecated and will be removed in php7 Always escape your data before using them in a query mysql_real_escape_string Use the mysqli related functions if to use that and/or use prepared statements check proper data types I do not know your database structure so giving an example. <?php $req = mysql_query('select * FROM Venues WHERE id="' . mysql_real_escape_string($_GET["id"]) . '" '); $dnn = mysql_fetch_assoc($req); $pageTitle = $dnn['title']; include("../includes/header.php"); ?> You include your header file, edit that file and add $pageTitle to the title tag When is a single page using $_GET["id"] can check if $pageTitle is set, otherwise use a default title //inside header.php if(isset($pageTitle)){ $title = $pageTitle; } else { $title = "My default page title"; } echo "<title>$title</title>"; Really should change to at least mysqli, is example code there. http://php.net/manual/en/mysqli-result.fetch-assoc.php

No matter what type encoding you try, if someone really wants it they can get it. You would just be making it take more work to get it. If you really want to protect code use something like an API or SaaS, never let them see the code and host it elsewhere. Another method is to include some vital code from another server needed for the full code to work.

Just an idea, instead of parsing line by line can't you do something like named blocks in your templates and let your code fill in the correct data as needed? Is a matter of adding the data versus editing them. Can do defines for included scripts or values, or add some unique naming to replace as doing now. <html> <head> <title><?php echo TPL_TITLE;?></title> </head> <body> <div> <?php echo TPL_HEADER;?> </div> <div> <?php echo TPL_CONTENT;?> </div> <div> <?php echo TPL_SIDEBAR;?> </div> <div> <?php echo TPL_FOOTER;?> </div> </body> </html>

Your code is pretty basic, not much to optimize, php7 is supposed to be faster, we'll see about that. You can use prepared statements in mysqli as well. Did you happen to create indexes in mysql on any WHERE/AND/OR values will be using? That could speed the queries up. Can check what you need and see slow queries. https://dev.mysql.com/doc/refman/5.7/en/slow-query-log.html show status like 'Slow_queries'; show variables like '%slow_query%'; EXPLAIN ANALYZE TABLE

After reading this many times, it seems you have to check if id exists and handle it. So pass an id tag and a value of 1 if not there or -1 the rest of id's

Yours will be ok. The mysql_* functions are deprecated and will be removed in php7, you are using mysqli_*. If you wanted to can use PDO instead and also prepared statements.

Can post which project it is from github so others can look at it.

Did a test myself in phpmyadmin and seemed to work fine. 1 row(s) affected. ( Query took 0.0009 sec ) UPDATE `ipb_core_members` SET `signature` = replace( signature, "<p style=\"text-align:center;\"> </p>", '' ) New data: <p style="text-align:center;"><img src="http://i1382.photobucket.com/albums/ah259/maphilli/Axial%20Yeti/Logos/MS%20Banner_zpsfrtm0dpx.jpg" alt="MS%20Banner_zpsfrtm0dpx.jpg"></p> <p style="text-align:center;"><a href="<___base_url___>/topic/199518-zombis-axial-yeti/">My Axial Yeti Build Thread</a></p> <p style="text-align:center;"><a href="<___base_url___>/topic/202762-zombi/">My Sales Feedback Page</a></p> <p style="text-align:center;"><a href="<___base_url___>/forum/167-gowtt/">GOWTT Trailing Group Forum - Derbyshire Peak District</a></p> <p style="text-align:center;"><a href="https://www.facebook.com/pages/Loaded-Ox/437880833003825" rel="external nofollow">Loaded Ox Facebook Page</a></p>

You want to define the default $w and $h variable above, as they are now are rewriting the POST values <?php $w=0; $h=0; if(!isset($_POST['submit'])){ ?> <form method="post"action="<?php echo $_SERVER['PHP_SELF'];?>"> <h2>Please enter rectangle value</h2> <p>Enter width value <input type="text"name="w"/></p> <p>Enter height value <input type="text"name="h"/></p> <p><input type="submit"name="submit"value="Submit"/> <input type="reset"name="reset"value="Reset"/></p> </form> <?php }else{ if(empty($_POST['w'])|| empty($_POST['h'])){ echo"please enter value<br/>"; } elseif(!ctype_digit($w)|| (!ctype_digit($h))){ echo"value must be integer<br/>"; } else { $w=$_POST['w']; $h=$_POST['h']; } echo "Total area is ".calc($w,$h); } function calc($w,$h){ $area=$w*$h; if($w==$h){ echo"It is a square<br/>"; }else{ echo"It is a rectangle<br/>"; } return $area; } ?> <div style="width:<?php echo $w;?>px;height:<?php echo $h;?>px;background-color:red;border:1px solid #000;"></div>

It's not a very good way to replace characters with another manually. This is one reason why there are so many encoding issues across the internet. Should detect the encoding, convert to utf-8, save as utf-8 in database, display as utf-8 in html. Look into iconv