scootstah
-
Posts
3,858 -
Joined
-
Last visited
-
Days Won
29
Posts posted by scootstah
-
-
Your code works. Example here: http://jsfiddle.net/hjqs4L4f/
You need to remove the td selector from this line though:
$('table th:eq(' + _index + '), table td:eq(' + _index + ')').addClass('pink');Otherwise, both the cell and the header get colored pink.I also added this at the top to remove the color from other cells when you click a new one (not sure if that is desired or not):
$('table th').removeClass('pink'); $('table td').removeClass('red');I don't see you using any <th></th> in your example HTML though, which may be why you can't get it to work? -
In this instance I'd expect the '/' to refer to the base domain - i.e. example.com - so that irrespective of where I include the file from it always has a sound reference.
You're confusing the way HTML works with how filesystems work. The filesystem has no idea what "example.com" is. Filesystem directories are not based on domain names. On UNIX-based systems the filesystem is a tree structure, and begins with a "/". The "/" is referred to as "root".
By using a "/" at the beginning of a path name, you are starting from the root of the filesystem. That is an absolute path. If you want to start from any other directory you would use a relative path, by omitting the "/" from the beginning.
Since you're on Windows, a "/" means the root of the partition that the script was executed from. So if your PHP file is located in C:\, then "/" would refer to C:\. If your script is located in F:\, then "/" would refer to F:\.
Yeah I could use a relative path but on other servers I've worked on they've set them up so you just use /includes/file-name.php and it doesnt matter where you then make the call from it still works.
You must be mistaken, because that's simply not how it works.
-
Fair enough.
-
Even worse: Since anybody can request a token, it's even possible to target specific accounts (e. g. admins).
Hmm, excellent point. That would be nasty.
EDIT: Although, that's kind of not solving anything. If you have an SQL injection vulnerability, couldn't you just change the column value for an admin's password or token? Or, promote yourself to admin level?
-
Ah, I believe the reason is so that you get A-Z and not A-F. So in fact you're getting a lot more entropy by hashing it.
-
Of course, but why does that matter? You're storing the same length value of the same entropy whether you hash it or not. So what is the point of hashing it?
EDIT: I guess part of my question is, why not just store it plaintext?
-
You're not supposed to store the plaintext token, but you do store its SHA-256 hash.
Why hash it instead of just using bin2hex()?
-
It's probably being cached somewhere. Do you run APC? What is the application?
-
This a perfect example of why I tell people not to waste their money on programming degrees.
-
1
-
-
@Psycho,
I was just thinking, if you are using real time credit card processing, at some point you are going to have to pass the total value to the third party processor such as paypal or authorizenet. How do you propose to do that without the total being $_POST'd from a hidden field or where ever?
The request would be server -> payment gateway, not client -> server.
-
What's sad is you can only use up to PHP 5.4 in CentOS
That's not entirely true. The official repository only goes to 5.4, but you can easily install 5.6 or 7 with RPM's or compiling from source. Also, contributors will still fix security bugs for package versions in the official repositories.
And, running multiple PHP versions on the same server is pretty clunky. There isn't really any good reason to do that. If you need two different versions get two different servers.
-
ComputerColumbus, you seem to have a very poor understanding of even the most very basic programming concepts. You need to back up in your learning and work on understanding things like variables and function arguments. Make sure that before you move on to a new topic, you fully understand the one you just finished. If you do not understand how variables work you will never be able to create your own programs.
-
-
You only use password_hash() when registering. To login, you use the plain-text password and compare it to the hash from the database.
password_verify($plainTextPassword, $hashFromDatabase);
.-
1
-
-
First of all, var_dump() doesn't return anything. So your $id will be null.
Secondly, parse_url() returns an array not a string. Did you look at the manual?
EDIT: Oops sorry, you're using a component flag, so it does return a string.
-
-
A good starting point are PSR-1 and PSR-2, because they're thought-out and have already been adopted by many projects.
Beat me to it.
More and more projects seem to be running with this, so in my opinion, you should too. It means that when you cross paths with these other projects, everything is already familiar and natural.
-
Those are headers, I see no error.
You said the script works when you visit from a browser, but does it work when you visit from the command line? Cron is not a browser, it uses command line programs.
Can you post your script?
-
when u can do the same thing with dreamweaver that an experienced coder with notepad can do... u have magic click&dragging hands :-)
Being "good" at Dreamweaver doesn't make it produce less shitty code.
-
1
-
-
A dedicated server, virtual dedicated server or virtual private server are the better ones in that order
I think it's important we define the term "better". Dedicated servers are better for some things, and VPS' are better for some things. It really depends what you're trying to achieve.
-
1. which is better - Virtual Private Network or Shared-network (like GoDaddy.com).
I think you mean Virtual Private Server, also known as a VPS. This really comes down to your ability to manage such a server. You will need knowledge of the Linux command line, and knowledge of how things like web servers and database servers work, how to edit and manage configuration files, how to manage log files, how to setup security, etc. If you had to ask this question it means you are probably not ready to take all of that on.
2. what should I do If i want to have a job at web development - using coding or Adobe Dreamweaver CS6 or CC.
I need to decide what is best for me to create my own website with PHP. I believe it is easier to create website with Adobe Dreamweaver, but I was told by experienced guy that Dreamweaver is no good to use, most companies are prefer to use using code than Dreamweaver. is that true?
Dreamweaver is garbage. You need to know how to write code, not generate it.
Any code editor will let you create websites with PHP. Which one is best is a highly opinionated and personal question. For me, I recommend PHPStorm or Sublime Text.
-
Don't sweat it man. Do research on all of the things that you struggled with or didn't know. This is how we grow.
Interview questions are largely bullshit anyway. They're more about memorization and pointless trivia than they are actual coding ability.
-
-
Just showing your employer that you care this much to get it right will say a lot all on its own.
Login with password_hash()
in PHP Coding Help
Posted
What does that have to do with including a WHERE clause for the password? You'd have SQL injection either way.