exeTrix

I've only used SOAP a handful of times. All I can say is, from my experience, it's bloated and annoying to make simple changes. I think JSON is the way forwar. Just bear in mind that most browsers block cross site requests returning JSON, so when sending JSON from other hosts JSONP is your friend. If you have code problems post them and we'll try and help

Personally, I'd take that as they have to write their code which interacts with the functions they've defined. As Abra said it's terminology across languages. I have a colleague who uses the language cobol and he calls function sub-routines or procedure. I think it's only databases that make the distinction between procedures and functions.

I've only had a quick glance but one thing that sticks out is on login.php. What's happening is you're not starting the session before you set session data, therefore, it's not getting stored. You're then redirecting the user within your class (site::login()) to index.php when session_start is invoked and obviously the check fails. So the first fix would be to move session_start to the very TOP of every page. There may be other issues but that's the first one you need to resolve. Nice to see people having a go at OOP by the way! Good job. Any problems then post back

Because you have used single quotes. There are two solution to this problem and here they are (the first is a little more efficient): echo '<div class="form-warning">' . $message . '</div>'; //OR echo "<div class=\"form-warning\">{$message}</div>";

If you have the validation in a different file then you could utilise sessions to set whatever data you wanted and redirect the user back to the form page. session_start(); //this need to be at the top of each page you're wishing to use sessions on $validationObject = (object) array( 'validationError' => false; ); $username = $_POST['username']; //run your validation here, I've done one as an example if (empty($username)) { $validationObject->validationError = true; $validationObject->username = (object) array( 'message' => 'User name is required', 'value' => $username ); //I know setting the value here seems like a waste of time but if you were validating an email then you'd want to return the attempt to the user } //before the logic for processing the form, here we're just checking for errors if ($validationObject->validationError) { $_SESSION['validation'] = $validationObject; header('Location: whateverPageYourFormIs.php'); die(); } //process the form //html starts here Then for your form page: <?php session_start(); if (isset($_SESSION['validation']) && $_SESSION['validation']->validationError) { $validationObject = $_SESSION['validation']; //unset the validation object so it's not used more than once unset($_SESSION['validation']); } ?> <!-- HTML header here --> <form method="POST" action="submit.php"> <fieldset> <label>Username</label> <div class="form-group"> <input name="username" class="span-default" type="text" placeholder="Choose a username" value="<?php echo (isset($validationObject, $validationObject->username)) ? $validationObject->username->value : ''; ?>"> <?php if (isset($validationObject, $validationObject->username)) { ?> <div class="form-warning"><?php echo $validationObject->username->message; ?></div> <?php } ?> </div> </fieldset> </form> I haven't tested this so it might have a few errors, but I'm sure it'll point you in the right direction. It's not complicated and uses stdClass objects. You could create a validation wrapper which may make things a little neater. Hope it help anyway, any problems then give us a shout

That's not really a PHP question. This is probably what you'll want tho: <a href="/agent1.php" title="link title"><?php echo ucwords($agentdata[0]->cb_agentfirstname1.' '.$agentdata[0]->cb_lastnameagent1);?></a> Hope that helps

No, the connection will be closed as part of garbage routine. This means resources are tied up until the end of execution... Not good.

This one is a massive topic. Just to extend upon what AK has said: 2. Another point worth mentioning here would be that storing other information when a user successfully logs in can protect against session hijacking such as IP and browser information. These come with their limitations and it'll never be full proof due to HTTP connections being stateless ( request -> response done ). Anyway, you could store the logged in users IP then compare this IP every time the user visits a secure page, this will prevent session hijacking, but if it happens in the same building behind NAT you're screwed. 3. I'm not sure how salts prevent brute force I'll have to look into that one, however, they certainly prevent rainbow table I've read that somewhere before. Essentially, with salts you're protecting users passwords if your security is compromised and allowed some naught boy/girl access to your users passwords. Another thing to bear in mind is CSRF. Without some mechanism in place to verify that the AJAX request was indeed sent from a page on your server it would leave the login entry point open to brute force attacks. Normally this can be plugged with some random string imbedded into a hidden field which is submitted with the username and password. If you're really concerned about security then one of the simplest solutions is to implement an SSL cert so all requests run over HTTPS, man in the middle see ya later. Hope that helps