davidannis

Not really enough detail in the question to give a great answer but either submit the form and serve a new page which is easy but takes more computing resources or use Ajax (which is difficult but fast). Post what you have tried for a more specific answer.

Depends on the situation. I can picture a header that needs only a few files and a client who would break the page on site1 by changing the name or location of a css file without thinking through the consequences. Besides, I wonder if the OP is dealing with a client or just trying to replicate the look and feel of another of his own sites.

Or, just copy the css files to site1?

1) Is this possible? Or are there better ways to make a election/voting script? Any examples? Yes, it is possible. I might arrange the tables differently. | PRODUCT | BRAND |Question | Answer +----------+--------+------------+-----+-----+-----+-----+-----+ | | | | | | | | | | product1 | Apple | 1 | A | product 1 Apple | 2 | B | | | | | | ... You don't have to store the brand in every row (in fact you should pull it out). This allows you to have a different number of questions for each poll. 2) How can I add the values from multiple columns together and make a total score for the visitor? I'd make an array with product as key. then I would select those products where the answer was the same as the user's answer and increment the array as each question was answered. something like: $query="SELECT * FROM mytablename where Q='question_id' and answer='$users_answer'"; $result=mysqli_query($link,$query) while ($row=mysqli_fetch_assoc($result)){ $score[{$row['product']}]+=1; }

Oops, the line: if ($value==2){ should have been if ($value['number']==2){ I haven't seen the previous thread but mac_gyver is right that you should take out number if it is just a key and use it as such. I assumed number was a product number, isbn number, or something like that.

foreach ($_SESSION['cart']['content'] as $key=>$value){ if ($value==2){ $_SESSION['cart']['content'][$key]=2; } } I'd try something like this

Word documents are xml that has been compressed. You need to uncompress it and search the pieces you want. I've never done that but have gone the other way, using tinybutstrong and OpenTBS. I think it has what you need built in, but I don't have time to make sure now. You can look yourself at http://www.tinybutstrong.com/opentbs.php

I think I have it fixed. AuthType Basic AuthName "Test Site" AuthUserFile "/home/ezvaluat/.htpasswds/public_html/testezvalpro/passwd" require valid-user order deny,allow deny from all allow from .paypal.com allow from .lightspeed.lnngmi.sbcglobal.net Satisfy Any Allows me in from sbcglobal but prompts me for a password if I delete the line allow from .lightspeed.lnngmi.sbcglobal.net

Sorry to be dense but I still can't get it to work quite the way I want it to. I want anyone to encounter the Auth rule (require a username/password) except paypal. When I try to explicitly allow domains without Auth I can do so, but when I add the Auth those domains are not exempted. Here's the relevant part of my .htaccess file. AuthName "Test Site" AuthUserFile "/home/ezvaluat/.htpasswds/public_html/testezvalpro/passwd" require valid-user <Limit GET> order deny,allow deny from all allow from .paypal.com allow from .lightspeed.lnngmi.sbcglobal.net </Limit> This just denies me from comcast (or any other random domain) and prompts me for a password from .lightspeed.lnngmi.sbcglobal.net. I want it to prompt me for a password from comcast (or any other random domain) but to let me in from .lightspeed.lnngmi.sbcglobal.net or paypal with no password prompt. Also, I managed to put this in the wrong section. It has nothing to do with php configuration. I'd appreciate it if an admin would kindly move it to a more appropriate place.

I generally follow the pattern of having three versions as I develop a new site. ddd.mydomain.com for active development, ttt.mydomain.com for testing, and www.mydomain.com for a live site. I protect the test site with htaccess. However, when I want to test Paypal IPN integration, I hit a snag because Paypal doesn't understand protected directories, so to test integration I need to either temporarily remove the .htaccess file or send the IPN notification to a different domain on the same server. I don't really like either of these solutions. Is there a way to let Paypal traffic only into an htaccess protected directory? Can I use htaccess for all directories but exempt a single program (my IPN listener)? Does anybody have a better approach?

It's also important to think about how the search engine gets to your page. The page should not be accessible only via a form, you need a link to it or you need to include it in a sitemap so that it gets indexed.

I'm not saying that you should ignore session security if the result of the blown security is possible fraud or compromise of your website, but sessions can be used for all sorts of low security purposes. I think that I stated that ignoring the threat of a hijacked session was true only if you are coding a low security application. Perhaps I was unclear. As an example, one site that I am working on now is a teach yourself Japanese site. It keeps track of which questions a user has answered on a quiz in a session variable. Nobody will ever care enough to hack the sessions and if they do, the repercussion is a missed question or incorrect score on a quiz that the user is taking. For that kind of application I can't see why I would need to worry.

Re: your points 2 and 3: The known issues with hijacking a session are discussed here. Unless you have a very sensitive app (financial transactions), I think the known issues can be pretty safely ignored. In addition to unset you should technically kill the session cookie. An example is provided on the session_destroy manual page. I often don't bother in low security applications.

Whether you determine the status of the user from the db or not, you're going to use sessions to authenticate the user. The only other choices are to set a cookie on your own (and reinventing the wheel is error prone) or reauthenticating on every page. Assuming a hacker can take over a session that stores an admin's ID he'll be in as an admin whether you get admin status from the DB or from the $_SESSION array.

I tend to agree with Psycho but if you are worried another compromise would be to set the session to expire after a reasonable length of time. http://stackoverflow.com/questions/16108621/php-sessions-expiry-time-keeping-session-alive-for-a-specific-number-of-minute

You don't need the for $i. The for each will loop through your array. Just put a counter in $x++; and then if ($x%3==0) {echo '</table><table>';}

Try to echo the query in branch. Php and execute it in phpmysql directly. I think the problem may be with your data

I've never tried it but seems to me you can add an anchor to the blank post. echo '<form method="post" action="#myanchorname"> then you need to have <a name="myanchorname"></a> on the page where you want to come back to

If you put an alert in the javascript as suggested do you get a window that shows the option code? If not, try accessing branch.php directly and see what you get. Also, please sanitize your input with mysql_real_escape_ string and consider mysqli instead of mysql.

Do you get any messages? Is the javascript actually working? Try putting an alert or two in the javascript to see where it fails: <script type="text/javascript"> $(document).ready(function(){ $('.userAddress').change(function(){ var company=$('.userAddress').val(); alert (company); $.ajax({ type:"post", url:"branch.php", data:"company="+company, success:function(data){ alert (data); $("#branch").html(data); } }); }); </script>

I think that I finally figured it out. Turns out the space between name="answer"　autofocus="autofocus" was typed in a foreign character set (I've been switching back and forth between Japanese and English). Hence, the error message: Error Line 106, Column 57: No space between attributes. just deleting the space and retyping it fixed it. I believe that this page was once XHTML but I changed it because the top lines are: <!DOCTYPE html> <html lang="en"> Seems to work either way in both Firefox and Chrome but I changed it to just autofocus.

I have a form and want to avoid having the user need to select the text input field every time the page loads, so I added the autofocus attribute. It worked for a while, I changed nothing, but then it stopped working. Here's the section of code: <form method="POST" action="vocab_quiz.php"> <input type="text" name="answer"　autofocus="autofocus" autocomplete="off"><br> <input type="hidden" name="dictionary_id" value="23516"> <input type="hidden" name="deck_id" value="4"> <input type="hidden" name="box" value="4"> <input type="submit" value="Check My Answer"> </form> When I try to validate the page at w3.org I get the following errors, which I don't understand. Error Line 106, Column 57: No space between attributes. … <input type="text" name="answer"　autofocus="autofocus" autocomplete="off… ✉ Warning Line 106, Column 98: Attribute 　autofocus is not serializable as XML 1.0. … <input type="text" name="answer"　autofocus="autofocus" autocomplete="off"><br> ✉ Error Line 106, Column 98: Attribute 　autofocus not allowed on element input at this point. … <input type="text" name="answer"　autofocus="autofocus" autocomplete="off"><br>

denno020 is right, you need to find data for a single user. Instead of using fetch_all you can use fetch_data which returns the data for a single user.

and they should be salted (combined with some arbitrary text, preferably a different value for each record) before they are hashed. That makes it hard to run a dictionary attack against a set of hashed passwords.

You need to set a value when they successfully log in something like this if ($user_name==$db_user_name && $pass==$db_pass){ //or whatever your successful login logic is $_SESSION['status']=logged_in ; }else{ echo 'Wrong username / password'; } Then you can check on your page that requires a log in. if (!isset$_SESSION['status']) || $_SESSION['status']!='logged_in'){ die ('you need to be logged in'); } Of course, these are code segments. You still need session_start()