Mahngiel
-
Posts
1,068 -
Joined
-
Last visited
Posts posted by Mahngiel
-
-
where in this chain of events is the system breaking? at validation? after validation? you said login works fine, so it's not there, right?
-
Not sure what problem you're having with the width, i was able to get it to work just fine here: http://jsfiddle.net/Mahngiel/nkf4A/2/
For your phone thing, you'd likely need to run preventDefault() and set an action to double-clicking.
-
Few issues to fix before anything else:
* It doesn't work in <= IE8
I don't see this as a problem.
I for one, congratulate you on your abandonment of it. 
:thumb-up: -
Obscurity doesn't add security.Sure most cars all start by turning a key, but what the car's computer does once the car is started is completely unique.
What I'm saying is it's not about obscurity, it's about designing the process for one's application. There's a lot of stuff that can happen during the log-on process that an application uses. I don't think this is something resolved by using prebuilt-anything.
-
registration & login processes need to be unique to an application and not found inside some copy / paste tutorial.
-
Something they should seriously consider adding: a parse error if 'global' is used within class code, and a warning if it's used anywhere else. It's the latter half of 2012, yet I still see 'global' used frequently both here and on Stack Overflow. Ridiculous.
While i don't disagree with you at all, i fear half of the web would explode! Look at the fallout from GoDaddy's hosting services' recent changes. If there are websites out there relying on software source last updated 10 years ago, how can ye hath faith phasing
globalout would accomplish much at all.
-
I admit, when OP said "Git Bash' i was like
. It's why I asked if he was using winders. Your persistence on this, however, thorpe, had me do some google'in and it's funny what you said:Well that is a ridiculous name for a Windows program.
Because the softs says:
-
Ok, I think you're a little confused on what the problem is. The problem doesn't lie with composer.phar but rather that php isn't in the environment path. Using php in a shell/command is the prompt to use PHP to execute the forthcoming commands. You need to find the path to the php executable and put THAT into your env paths.
-
The fact that people might use the same password for their bank as they do for your forum is also irrelevant and out of the hands of the developer. You can discourage it, tell them that it's bad, whatever. But, at the end of the day, you have no control over it - so there's no point worrying about it.
While I concur with what you've said, I believe the dev community as a whole can help each other by eliminating the potential headaches that occur with compromised users. That's the only reason I mentioned this as a reason to not send plaintext PWs.
-
I have a web application that's getting a substantial number of concurrent users. Occasionally, when there are around 2k users the site chokes out and 502's. When this happens, the CPU (~18%) and RAM (~40%) are relatively low, so I assume this is due to network congestion.
I'm trying to gather as much information as I can before I commit to any solution, but I believe the best approach to a solution revolves around load balancing through a reverse proxy. I'm hoping there is some experience on these boards with this and am looking for some approach advice and common pitfalls - as well as some suggested hardware specs.
I assume for a proxy to balance across two servers, I would need three servers: The proxy and two cloned production servers. Some outstanding questions I have are:
In regards to a proxy, what is more important: The proxy or the server specs behind it? I this this is a obvious rhetorical question, but I feel it needs to be asked. Currently, the site is running on a 3ghz i5 with 4gb of ram served over a 1gbit pipe.
In regards to cloning the servers, is there a standard method for the master to copy down to the slave? My best thought on this would be to set up an scp script, but I've read twitter uses bittorrent, so there has got to be a plethora of ways.
Any input on what I have or have not mentioned in regards to balancing and reversing would be appreciated.
-
wrong kind of path. See this: http://www.computerhope.com/issues/ch000549.htm
-
Foremost, you're committing a cardinal programmer's / webmaster's sin by storing unencrypted passwords in your database. Passwords should be one-way encrypted, meaning they cannot ever return their original value. Furthermore, you should never send a user's password to them in their email - a compromised email ccount has just given an attacker a user's password that's likely used at every other site they belong to, including banks.
There are two more appropriate approaches to the 'forgotten password' scenario: Security Questions and Password Resets.
Security Questions
You've surely seen these before. A user has access to set up security Q&As in the event they forget their login credentials. This is often preferred.
Password Resets
This is the avenue you're approaching in your OP. The practical approach follows these general steps:
> User clicks the 'forgot my password' link
> User enters identifying details (email)
> Query the database for this address and if successful, prompt the user if they want a reset link sent
> If the user accepts the email link, update their row with some sort of identifying string
> Send this string to the user's email address in link form example.com/activate?id=234;aldsfjk324
> That link performs a DB query, returning the user's row
> The user can now create a new password that you will securely hash
-
you'll need to ensure that PHP is in your paths. I'm assuming you are using windows, which I haven't used for more than gaming in years, so you'll have to do some googling with that.
-
I would like a simple example on this one.
Listen, this forum is not a place to get your scripts done for you. You'll need to provide some sort of evidence you've tried this on your own, or you'll never find this community accepting of your posts.
-
You'll need to correctly set up your array and do multiple loop levels. Consider:
Array(
[0]=>[category1]
Array([0]=>item1 [1]=>item2 [2]=>item3] )
[1]=>[category2]
Array([0]=>item1 [1]=>item2 [2]=>item3] )
)
Now, you have a multidimensional array and can
foreach( $array as $category ) echo '<ul>'; foreach( $category as $key=>$item ) echo "<li>{$item}</li>";dump the array for a more explicit answer
-
yea, you're right. your site is uber delux. lol. have fun with it.
-
I'd scrap that thing without even the slightest thought about recycling. The box shadows are terrible, the standard facebook feed is amateur, the nav hover color is so random it's not funny, links are not presented as being links, white shouldn't be used, find a shade of gray that compliments your font/link colors, your paragraphs suffer from incorrect line heights...
the site is generally unappealing, and if i weren't writing this post, I would have only lasted 5 seconds on your page.
-
"Idiot tax" is borderline offensive. My 2 cents.
The lottery IS for fools. Lottery winners are statistically doomed to be broke within five years, landing themselves in worse financial distress than they were rescued from by hitting a jackpot. It's a fool's dream to win the lottery, as winning has shown "... that lottery players have below-average incomes and education; it's no great leap to assume they tend to have limited financial literacy " (source) and the money will accomplish nothing.
As a budding freelancer I've been burnt more times than I care to count by fast-talking "partners" who pitch me into equity-based propositions. I've always been smart about it, however, and hosted the files on my own servers. So when they don't honor their end of the bargain, i pull the fuckin plug. But that doesn't give me back my wasted time, effort, stress, and legitimate revenue streams.
The entire concept is whack without loads of legalese, anyway. No logical person would enter into a business arrangement without thoroughly investigating the statistical probability of success. Not with your family, not with some dude you met over Skype. There are very, very limited circumstances I would accept an equity-based arrangement, and every time, they involve a well-reviewed contract. Otherwise, like Kevin said "fuck you, pay me".
-
for development what you have is fine. but when your site is in production / live you're adding HTTP requests which = bad. The browsers don't care if you have a 20k line css file or twenty 1k line files. It is common practice to compress all your css files (stripping white-space and such) into one css file for production sites.
-
haha, that was pretty sweet!
-
Correct me if im wrong - but dont i use PHP to build the forum, and dont i use PHP to do the query thats in question. If im wrong please do correct me.
Yes you do, sort of. PHP has functions that wrap around the mysql queries, else you would never be able to assign the returned values.
The old way is to use mysql_query, mysqli_query, and the newer PDO
-
So using a framework is also alot more safer?? What can you do in terms of security with a framework that you cant do without one??
"Alot safer" is relative, but the basic answer to this is yes. The benefit of using a framework is the multitude of eyes that will see the code - thus it is subjected to scrutiny and improvement. The general purpose of frameworks vary, as some take extraordinary steps in some areas, while others may not. Consider codeigniter. The system will respond to any and all server requests within it's control. Contrary to that, symfony requires that you 'white-list' particular routes, else they are met with failure.
Frameworks are meant to kill the task of setting an application up, if you don't know what that means, take a look at any framework's bootstrapping process: Symfony / CodeIgniter
-
looks like you need a templating system.
-
Needless to say, seniors on the road is worrisome if theyre NOT in giant SUVs
News Site
in Website Critique
Posted
That's an absurd statement. IE9 has as much, if not more of a share than IE8. IE8 was released 3 years ago and IE9 over a year ago. Both are ancient by today's standards.
http://www.w3counter.com/globalstats.php
http://www.statowl.com/web_browser_usage_by_version.php?timeframe=last_6&interval=month&chart_id=4&limit[]=ie&fltr_os=&fltr_se=&fltr_cn=