scootstah

Why would it fail?

You may be susceptible to Local File Inclusion.

The stuff we miss, a user usually reports and it is gone within a 10min of being posted. It's been like this on any site I've worked on. So now I'm actually curious. How many spam posts are deleted per week?

Pretty much. If it starts to become a problem, find a few people or users you can trust and grant them some moderator privileges. Enough to remove posts or edit user profiles or something. I'm sure this site gets quite a bit of spam, but I hardly ever see any of it because of the large and awesome mod team.

Why? There's no problem with exposing ID's. I don't have a solid response, other than that sure doesn't feel right... It's not really a big deal. This very site exposes user ID's in their profile link. Your ID is 113246.

Try: $result = mysql_query($query) or die(mysql_error());

You could use a stronger algorithm (which also adds server overhead) or, like I said, you can recursively check the file name before saving. It's sort of a safety net. Chances are you will never encounter a collision but just in case you do, you can regenerate a new hash and you'll probably be okay.

Some form of a captcha most likely. Well, right now you have to be a Registered member, and you have to be Logged In to post a Comment, so isn't that enough? Or should I add CAPTCHA on top of that? Debbie No, you're probably fine. I was just talking about blog, in which I don't require registration for commenting.

In that case I would go with my first recommendation which is to use a reseller account. It will take away a lot of the headache involved.

Add a "report abuse" link (or something similar) to the profile page. When a user clicks it, they can fill out a brief summary of why there was abuse, and then you will be alerted (email, SMS, a little button on your admin page, whatever) and you can deal with it accordingly. What is the "report abuse" sending me? An ID? A URL? Something else? Come on, use your imagination. You are the coder, make it send you whatever you need it to send you. It could just say "Joe's profile has been reported for abuse" and then click it to see the brief summary they filled out. Some form of a captcha most likely.

Open the functions.php file with Notepad++ and then go to View > Show Symbol > Show All Characters. Does anything appear before <?php?

As long as the usernames are unique you should be fine using it as the file name. You wouldn't even have to hash it, just store it as "doubledee.jpg".

Since you assigned $image to "images/$first", you don't need to do "images/$image" in the img tag. Just put src="$image". You might want to throw the domain in front of it though.

If any such software exists, it cost millions!! http://www.phpclasses.org/package/3269-PHP-Determine-whether-an-image-may-contain-nudity.html Free. And that was only about 30 seconds on Google, I'm sure others exist. So what would I have to build in order to make that a reality? Add a "report abuse" link (or something similar) to the profile page. When a user clicks it, they can fill out a brief summary of why there was abuse, and then you will be alerted (email, SMS, a little button on your admin page, whatever) and you can deal with it accordingly. So changing topic for a moment... What do you think about User Content? I currently allow Registered Users to post Comments beneath my Articles (like most online newspapers do). Right now I have it set so I have to approve all Comments before they appear beneath an Article. I manually approve comments for my blog as well, at least for now. It is a new blog and so doesn't have much (if any) traffic and I've only received two comments so far. Not a big deal for me to login and accept them, and it completely eliminates spam. However if it were to get relatively large where I am getting several comments a day or something, I would probably change it up to allowing comments automatically and then letting people flag them for abuse/spam. I would also take additional steps to annoy users to try to prevent spam.

I'm a little confused. Which is it: you want to start a hosting company, or you need to host websites for 25 people? The solutions are pretty different for each scenario. If you want to be an actual web host, I would recommend starting off with a reseller package from a decent host. That will get you set up on a solid infrastructure with a whole bunch of experts on hand for any problems you run into, plus (usually) free management software. If you just want to host websites for 25 people, you might be better off setting up your own server so that you have more control. Depending on the disk space and bandwidth requirements you might be able to get away with a couple VPS's from someone like Linode. Alternatively, you could rent a dedicated server or collocate your own box. As far as online payment, it shouldn't be too hard to get a Paypal merchant script setup. You could even install a light eCommerce platform if you wanted. For server management, there are a few open source or free cPanel alternatives like Webmin or VHCS. Or, you could purchase a cPanel license (but they are pretty costly). Hope that helps.

The mime type is not stored in the filename. *A* file extension is, but not the file's mime type. A file extension does not define the mime type. To properly obtain the mime type you'll want to use either fileinfo or getimagesize. That doesn't necessarily guarantee a unique token because a sum can be reached in multiple ways. For example you can get 40 from both 4*10 and 5*8. If all you want is a unique token, most of those suggestions are just...weird. PHP has a function built in to give you unique tokens; uniqid. It is not bullet-proof, but it should be good enough for this task. You can always recursively check to make sure the file name doesn't exist before saving it, just to rule out any 1-in-a-million collisions.

I would rather have the application itself figure out where to route the traffic. I guess that would work alright on very simple websites, but it greatly limits when you can do.

Of course you need to change your links. How else do you expect it them to change?

Here's the options that I thought of real quick: 1. As mentioned, you can run the images through an analyzer to check for nudity or whatever. Maybe instead of disallowing any images that trip it, have it alert you so you can manually review only those images that bothered it. You'll probably get a lot of false positives, and probably a lot of images will slip through anyway - but it's a good first line of defense. 2. Manually review all images. This is pretty tedious and overly unnecessary IMO. I've been apart of a lot of large forums and community sites, and I really don't think any of them ever did this. If someone uploaded something indecent or against their ToS, it was reported and dealt with. It never became a problem. And no offense, but these sites were likely orders of magnitude larger in terms of user-base than yours will be. 3. Allow other users to report offending users. Personally, I would go with option 3 and leave it at that. It is unlikely to become a big enough problem to worry about it.

At this point you basically need "infinite categories". There are a couple of methods to deal with that, and I recommend you read this article. Hopefully that points you in the right direction.

According to your example string this will work: $str = '2012/05/244bebb53c70825476bb9675d49232c8%s.jpeg'; $str = substr_replace($str, '', -7, 2); However it won't work if you switch to a 3 character extension, like .jpg or .gif. If the text you want to remove is always "%s" then you can simply use str_replace. $str = str_replace('%s', '', $str);

Each scene should have a unique ID in the database, as well as a list of acceptable keywords to advance the scene. Ideally you would normalize that data into two tables. A crude example might look like: scenes -------------------- id | name 1 | forest keywords -------------------- scene_id | id | name 1 | 1 | castle 1 | 2 | house 1 | 3 | road So now you know that the scene "forest" will only accept the keywords "castle", "house", and "road". You can grab this data with a quick JOIN: SELECT s.id AS scene_id, s.name AS scene_name, k.id AS keyword_id, k.name AS keyword_name FROM scenes AS s LEFT JOIN keywords AS k ON k.scene_id = s.id Is that what you were looking for?

You'll need to match the name of the image in the database to the physical image on the webserver. Something like... $result = mysql_query("SELECT flag FROM countries"); while($row = mysql_fetch_assoc($result)) { if (file_exists($image = 'images/flags/' . $row['flag'])) { echo '<img src="http://yoursite.com/' . $image . '" /><br />'; } }

Sure, you can use substr_replace.

You're on the right track, but you need to output the contents of the file to the browser. So after the two header() calls, use readfile to output the file. header("Content-type: application/octet-stream"); header("Content-Disposition: attachment; filename=$name"); readfile('files/' . $row['name']);