mostafatalebi
-
Posts
200 -
Joined
-
Last visited
Posts posted by mostafatalebi
-
-
Thanks Jessica
-
Hello Everybody
I need a javascript for my redirecting page to animate three dots after the word "please wait" just like thousands of websites on net. How Can I achieve it?
Please Wait...
(the above example, I need the dots to be turned on one by one from right and then again this loop happens)
-
So what do you think? is it worth purchasing(SSL)?
-
Sorry, what about SSL? is it hard to implement?
-
Quick clarification on the "close browser == delete session" bit of the discussion:
....
This is a very important distinction to keep in mind, especially when dealing with systems that require a minimum level of security. If anyone gets a hold of the session cookies, they are (for all intents and purposes) the original user that started the session. Unfortunately there's very little that can be done about that, at least reliably.
When it comes to session hijacking an account while the user is actively using it, it comes down to a question of whether convenience vs security: Do you want the user to be able to use multiple browsers/tabs/windows at the same time, and to what degree, or how difficult you want to make it for others to impersonate said user.
For the more insidious session hijacking attack, namely taking over an abandoned session, setting the session lifetime and GC probability sufficiently low/high (respectively) will help. Albeit, with a trade off of increased server load. The tricks used to complicate hijacking of active sessions will also have an positive effect on preventing this type of attack, but while the user is active it carries the same negative side effects.
Basically: It's a huge balancing act, with no definitive answer, I'm afraid.
But what happens when I need a very strict session control? not allowing users to explore the site using several devices. Each entrance to site must equal a sign-in. Being strict is due to the fact that my site has pay services, or in other words, it is a commercial website. Even I have not yet enabled cookies, since it increases the chance of hacking.
-
Take "Multiple" as a word for the sake of question's root clarity. I mean Multiple Signing in.
-
Oh! It seems that when the user closes the browser, $_SESSION gets emptied.Closing TAB does not unset it. Thanks Jessica
-
I have close one tab, and the only tab which was connecter to the site. the other were for other websites. And my test was on a real host. I mean I put the page+includes on the server. Everything works except the fact that the session didn't get unset.
-
Yes. You are right. But another question:
What happens to SESSION when the user exists the browser? I have made a session which holds a long set of characters added to the URL to make it work only within the session when the user is in the site. but now I did a test. I copied the URL with the random characters in it, and closed the browser, But when I reopened the browser and entered the URL, I saw it works. What shall I do? what is the problem? here is an example:
www.mydomain.com/gallery/archive/feb/user.php?dlurtg155wddv4g4th1k5
-
Hello
I need to avoid multiple users log in with the same account. I think with the basic procedures for authentication using php, this would not be achieved. Maybe something like a sql or somwthing. Can anybody help me?
Thanks in advance
-
Ahan this is a nice solution. To delay the download after the redirected page. I like it... thanks
-
Hello everybody
I have made a download script that would send HTTP headers to the browser so to generate a download dialog box. But I need to redirect after the download window is shown. Like many sites on the internet. I cannot achieve this since it is a common problem. A redirection cannot happen as headers are already sent. What shall I do?
Thanks in advance
-
Thanks so much. Very useful.
-
Hello everybody
I have two questions about mysqli:
1- What does store_result do when it is used in conjunction with bind_result+fetch ? Should it be used? Does using it affects anything?
2- Is it adequate to end you SQL with $Mysql->close or you need to free the result?
Thanks in advance
-
It is due to security reason. I often use it. recently I read a book at which this method was also used. When I use prepare in place of query (and of course some more change such as execute() added) it errs that the method mysqli_stmt::fetch_array is undefined.
-
Sorry I again encountered a problem
The below part of script doesn't work with "prepare", while it easily runs with "query";
DEFINE("SELECT", "SELECT english, persian FROM ");
$statement = SELECT . $table . " ORDER BY id DESC LIMIT 6";
if($data = $database->query($statement))
{
$b = $data->fetch_array(MYSQLI_NUM);
echo $b[0] . " " . $b[1];
$data->close();
}
-
Thank you Jessica. Again you helped me
-
With Hostile I mean the id column of sql table do not update accordingly. OK if the id is the only solution I employ it.
My table has many many rows, and I need only the last six rows. I want to get all the rows and then by using array keys fetch them: $result[$size-1]; $result[$size-2] and ...;
If I could store only last six rows directly from the SQL statement, then life would be much easier.
-
Hello
I need to get all of my result in an array, I mean each as an array's element.
So if I say $result[63] it right goes to 63th row and fetch the result.
I'm hostile to the column id, but if there don't be any other solution, I should go to it.
-
Hey Jessica Thanks so much.
-
I use the id for each row. and add them to the end of the name for each of the divs. now I have for instance one hundred divs incrementally named. then How do I understand which div's button is clicked (the problem is not the names, is understanding which div. I need something like Javascript to write the clicked button's div's name into a .xml node and then retrieve that written name using php. Something Like this.
-
you know the problem is that I don't know how many divs are. they are generated based on a dynamic user-filled (minute-by-minute) database tables. So there may be one hundred divs generated. I need a super procedural way to catch the name of the div.
How?
-
But it does not seem to work (I have not tried it yet) My issue is that how I can transmit the one div that its button is clicked by the user? something like this: We have three divs generated by a php code out of fetching a sql table's data, the middle one is clicked, and I need to distinguish it from the other. How then?
<div id="info"> <input type="submit" name="send" /> </div> <div id="info"> <input type="submit" name="send" /> </div> <div id="info"> <input type="submit" name="send" /> </div>
-
hello
I have a php page, which gets several rows of data from a mysql table, and arrange each row's data(fields) in one div, and renders them:
an example: the div include a place for : name_of_customer, price, and a button.
Then when I have four orders in the table (which means literally four rows), I get for divs rendered. Which means four name_of_customer, four price and four button all with the same names. the when I select the button I want to transmit only and only the selected div's information. I can't simply declare:
$_SESSION["name_of_customer"] = $name_of_customer //
because there are four $name_of_customer;
How shall I solve this?
best way to secure password
in PHP Coding Help
Posted
What is the best way to secure passwords, so that the hacking programs could not fetch it through rainbow table-matching ? I have read that all rainbow tables are length-limited, for instance 14 character limitation imposed. Is this true?
is the combination, crypt() + md5() + a prefix added to each password to increase the length of password, enough to add more security?