Jump to content

Christian F.

Staff Alumni
  • Posts

    3,072
  • Joined

  • Last visited

  • Days Won

    18

Everything posted by Christian F.

  1. If they use MD5, and especially unsalted MD5, to hash the users' passwords, then that might explain why there has been so many reports about leaked passwords, hijacked accounts and so forth from these systems. Personally, I doubt that they're still using MD5 to do this. However, I haven't looked at their code in a while, but I would sincerely hope that they've moved on to properly secure method as of late.
  2. Single quotes are available on all PHP installations, or rather should be. However, I suspect that the text you copied didn't actually contain single quotes. Just something that looked like single quotes, for us humans.
  3. Do you have a link to the page, so that we can see this in effect ourselves? The only things I can think of right now, is that the cookie isn't being set properly. Or that you might be doing things out of order, though unlikely. In any case, do make sure that you're not blocking the cookie, and check to see if it is indeed being sent with the request from the browser.
  4. Searching the 'net for "prevent default javascript" will give you all the details you need, and more.
  5. var_dump () and/or print_r () will help you figure out what's inside the variables.
  6. I'd ask Paypal support on this one, to be honest. Seeing as it's an HTTP error they're the ones who're best equipped to help you out.
  7. This isn't a PHP problem as much as it's an "Application design" problem, so you should really have posted it in that section. A mod will probably move it for you, once they notice it. That said, to your question: You should start with the planning phase, always. Which means you'll need to sit down, think through exactly what you want from the site, what you need to do to get those results, and what data you need in order to do it. Take a piece of paper, or several, and start with the headings; The big stuff, the end results of what you want to have on it. To take this forum for example, we've got the headings of "forum", "members page", "member administration", "private messages", "profiles", and "recent content". To take a few. Once you've got that down, you can start to drill down in more detail on what you want to have on each section. Such as "categories", "sub categories", "threads", and "posts", taking the "forum" section as an example. Filling out all of the small parts, in ever increasing detail, until you've sketched out everything you want/need. By now you should have a pretty complete list of headings, telling you what you want, and in a large part what kind of data you need. The next step is to define the logic needed to get the results needed from the data, which I tend to write down as a keyworded bullet list. Mostly using a single verb and one noun to describe what needs to be done, and the flow of logic between the steps. Using the "new post" item as the example, you can get a list pretty much like this: - Verify access. - If submitted. - Retrieve & validate data. - If validation failed. - Create validation warning message. - Prefill input values. - Show form + error. - Return. - Create query. - Execute query. - If query failed. - Create critical error message. - Prefill input values. - Show form + error. - return - Redirect to confirmation page (view new thread). - Read form template file. - Prefill input values, if any. - Show form. Once that's done, you should have a pretty much complete understanding of the logic in the application. An understanding which will make a lot easier to translate your pseudo-code into actual PHP, as you've already solved most (if not all) of the problems you had; Without ever introducing an actual programming language into the confusion. That is, paradoxically enough, what programming is mostly about.
  8. Also, I wonder if you can explain why you're doing this? $tempFile = str_replace(" ", "", $_FILES['picUpload']['tmp_name']); Not only is it quite unnecessary because the temp name never contains a space, but what would have happened if it did..?
  9. I'm afraid that this statement is false. You can indeed JOIN two tables in this way, it's just not advisable. For one it's a lot harder to read, especially if you have something more advanced than the most basic of joins. Secondly it's very easy to make it a cross-join (or end up with other unwanted results), mainly because of it's harder to read syntax. This is commonly known as the "implicit JOIN syntax". That said: It's highly recommended to stick with the proper ANSI syntax for JOINs, it'll save you a LOT of headaches.
  10. The problem isn't with your MySQL query, but with your (PHP code) logic: You haven't actually fetched the returned row from the result, just executed the query. You'll need to use mysql_fetch_array () to get the (first) row of results. Also, you should never use @ to suppress errors, and the use of "or die (mysql_error ())" must be limited to debugging purposes only. Once you've fixed the script, you should handle errors in a more proper manner. So that you yourself gets all the details about the error, but your users only get told what part of their operation went wrong (such as "could not validate against database"). This'll help you make sure your scripts work as they should, without giving any malicious users any information they could potentially use in an attack on your site.
  11. If you're using an AJAX call to this script, and have no trouble actually getting the proper result from the cURL call, then your issue is a Javascript issue; Not a PHP issue. I suspect you've simply forgotten to prevent the default behaviour (submit form/follow link), but without knowing the code it's merely a guess. Check out my suggestion first, and if you still can't figure it out, please post your JS code (in the appropriate section).
  12. SocialCloud: The quotes are not the issue there, as he's properly ended the single-quoted string and concatenated the variable. Pokebert: Please see this thread for how to properly debug SQL errors.
  13. Do you get any error messages? Try commenting out the content-type header, and see.
  14. If you're talking about how to enter the values into the system, and not how it should be stored in the DB, then using a textarea (or straight import from a file) would probably be the best way. Yes. Since you mention a macro, I reckon you already have it in a spreadsheet? If so, then just export it as CSV and MySQL can import it directly. The table itself need to have two fields (key and value), where each pair gets one row. Then it's a simple SELECT query to retrieve the correct value(s).
  15. Or, the slightly more readable version. echo $_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'] Do take into consideration potential XSS injections and other security risks when doing this, as this will send whatever the user wrote in the address-field unmodified!
  16. If you want to send the file to the user, then you'll need to look up readfile () and header () in the PHP manual. A search for "force download php" should also give you a lot of examples, and if you add "pdf" to that those search terms you should find some specific cases for exactly what you want to do.
  17. A slight correction on the wording, to avoid any confusion: The name of the $_SESSION superglobal is case-sensitive, as with all variable names in PHP, and thus needs to be in upper-case. As that's how PHP has defined it. The indices are also case-sensitive, but they can be set to either lower, upper or a mix of cases as you see fit.
  18. I think you're using the wrong JOIN syntax there, actually never seen that variant myself. What you want to be doing is using a straight INNER JOIN, using the following syntax: SELECT {$Fields} FROM {$Table} [AS alias_1] INNER JOIN {$Table_2} [AS alias_2] ON alias_2.entry_id = alias_1.id AND {$Lang} {$Conditions}
  19. OK, it seems it was my math that was off. Sorry about that.
  20. I think he meant for the values to the the sum of the children elements + its own number, but forgot to add a 2 in the results for EU and BG.
  21. I recommend reading the page I linked to, as it'll show you an example of how to properly destroy your session. That noted, I'd also recommend you to all of the PHP processing to the top of the file. That way you can use the header () function to properly redirect your users, without having to write out the login form again. Doing it that way will give you a lot more freedom and flexibility in what you can do with your code as well, since you're not constrained to whatever HTML you may or may not have sent to the browser. Not to mention that you can actually manipulate the HTTP headers, something which is impossible once you've sent something to the client.
  22. That's not a PHP errors, that's a standard HTTP 404 Not Found. The file doesn't exist at the address specified. Check the name and path on the server, and make sure you've written it correctly.
  23. No, what she's saying is that there is no way to mix image-data and non-image data. Your PHP code outputs into one format, and one format only, at a time. What you'll need to do is to shell out the image generation into a script of its own, then set that script as the source of the image element you want to show it in. The JSON bit, and anything else, needs to come from a separate file. Normally you'll call that file with the AJAX. If you want to generate an image based upon the AJAX call, then you will still need to to this in two operations: First the AJAX call, to get the data you need (including the image name). Then set the image src to the image-generation script, using the data you've just retrieved from the AJAX call.
  24. If you only want 99 users (or less), and want to save on space, then you should be using TINYINT instead.
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.