greenace92

Wow that full calendar is nice. I realize I could have just used say Google's calendar which I use Gmail a lot, have Google+ account, YouTube, etc... but I built it because I thought I could. I was taking a Java course once in university and I couldn't get for loops, we were building a connect-four game, and I was making every single grid position by hand rather than using two forloops. So when I made this calendar with for loops to fill in the tiles, it was kind of cool. Today I just noticed that the dates are off by 1, particularly compared to my local server and that of the public server. Must be using the timezone of the hosting provider... dang. Another thing to fix. ha Thanks for the links.

That's kind of cool, seems malicious in intent unless you intend to be a proxy, but cool non the less. Thanks.

Thanks for this tip and the bit about checking username existence. I'll write these down and use it for future implementations.

Thanks for the explanation. Regarding preventing the same username being used. What if I were to "pretend" a username someone typed in was not able say while it's in the username text input field and if the person decided against that name (backspaced) that name is removed from the "being considered" table. Sounds nuts. If this is again, "GO READ THE F------ MANUAL" then please don't respond I'll find out eventually. I keep track of these responses and look stuff up/put into a future research log when I start to implement what I'm asking about.

Hey thanks for the links, I'll give them a read. Out of curiousity that little calendar you have on your site, did you build that or use some library/drop in code?

I understand. Sorry that took so long. I didn't mean to imply that I cared about people seeing other people's posts. This is a demo with fixed input and also if I was to have users, the calendar would be governed by session id/user name. But my concern which you guys have addressed was the concern of I think "race-condition", well somebody's post get's skipped or ignored. Thanks for the clarification.

That right there. What am I supposed to do there? That doesn't seem acceptable to me, like "Too bad person B". I want to implement something that monitors the inputs and makes sure that no-one's post is lost. I am seeing the value in dealing with the most urget/necessary matters first before other hypothetical what-if scenarios. Thanks for the help, everyone.

Okay, thanks for elaborating.

@benanamen, you're right in what you said. Today's one of those days where I slept briefly, feel really productive, but man I can't handle criticism even if it's constructive or someone just pointing out something minor. I feel this like uhh... I don't know. Gotta work on that on my part. Zen haha. I will try and post less/read more though. I get that.

This is not a response in spite, which "basics" in particular are you referring to? I'm trying to get positioining down, understanding block/flow of websites, I've been looking at the W3C visual formatting model. I guess I haven't had the time to read the entire manual of PHP/MySQL but I get the point of "researching before you ask". And as far as worrying about things beyond my scope at this time, why not? I know that there's a lot of things I don't know, and don't need yet. But I'd like to get an idea ahead of time, and start learning about it. What is this bit about "This is a very rare instance where I think you are just wasting peoples time." ? I always wonder/ask what is the incentive why people hang around forums and answer questions. Why don't they charge money? A friend answered me and said "They were in that position(not knowing) so they try to help others." I would like to do the same but right now I'm at the instance or position in my web development journey of scrapping together material and trying to build things. I accept and acknowledge that I am in the wrong about asking help before really having tried to search/find out for myself. I realize it's easy to say things too without owning up to it, so I suppose change/time is the proof. This is the fastest method I've found to learn, is to ask directly, but on every forum/site I see the rules/stickies "Research first before you ask." Alright, I need to read more, speak less, I guess I get excited sometimes(sounds weird). Oh man there goes that ego... ahhh.

Dang. Well said again. The form part I figured a script that requested a submit/post request over and over again with the same data. But the captcha kills the argument. So I guess I will just come up with an overlay-pop up then where the form can be of sufficient size to have the re-captcha. I'll probably implement the time thing else where. Not sure for what.

Thanks for this information, I'm going to have to look into this more and decide. I'd probably go with the method that avoids nonsensical hostnames if it doesn't prevent any functionality/access on my websites. Vulnerabilities, yeah, that's always a concern. What did I miss.

That's a great response. I have looked at the documentation in the past. In this particular instance, I did not look. I looked at some stack overflow posts first then came here. Barand Thanks for the link and the quote. That's great to see actual numbers (bytes) I can begin to compute things, expected load, number of connetions etc. Yeah I apologize, I'll mark this question as solved with requinix's response. Thanks to Barand as well. I need to go do some reading.

I don't want to compare it to a DDOS attack. In this particular instance, a public form submission without registering an account or captcha seems like a vulnerability to me. I also implemented the fixed-input so that I don't get any "funny guys" typing dumb things over and over again for others to see. I'm supposed to look like I know what I'm doing instead of being spoon fed knowledge. So the limiter which limits a person from posting too many times in a row is a server load safety net I guess, I don't know. As I said I haven't really had any users before. I have to try that load test to bench mark what my server can handle as far as traffic goes and concurrent submissions and whatever. I've seen things in I think both the Apache config and PHP.ini that specify things like "max connections" and "keep alive" I'll have to look into those further.

Sorry what does "...default host pointing to your application..." mean? When you mention probes, is that like crawling? I've logged a few Baidu spiders before.

I'm thinking of using two separate columns for Date and Time, so then I'm hoping I can use the built in search functions of MySQL to sift through dates for example a range. I see that the DATE column has a length of 10 with YYYY-mm-dd and time has 8 with HH:ii:ss If I don't specify lengths does that matter? When I searched this in Google: if you don't specify length of column does that affect performance mysql The first three results were from stack overflow with "...importance of varchar length..." is it only varchar? There was something about using Text too which was slow. I use that for things that have indeterminite length and are expected to be large like bodies of comments or posts/messages. Thansk for any help.

Hey Jacques1! Good to see you on phpfreaks haha. Well I haven't actually had any users yet on any of my sites. I haven't had any up for the longest time, revisions, revisions, revisions. I'm concerned about things... the number 10 was just an easy to get across point I guess. One of my current projects is a calendar that I built with PHP/Javascript and I am putting it on my portfolio/projects in a way where it's usable. I don't know if this is a bad design but each tile or day has a unique id and when one tile is clicked, this calls an AJAX request to refresh the entries for this day and attach them to the content panel which shows entries for the selected date. When a person writes on the same panel and hits save, this saves the entry, and again pings for new entries, adding the newest added entry. Since this is a demo, one thing I did was to not allow text to be entered at will, rather each post only writes a specific set of words like "sample" or "demo". I then thought, I should limit the number of times someone can hit post. They could just keep hitting post over and over. With each post, the inputs/textarea are cleared. But in this case, instead of placeholders, the placeholders went directly as values so a person could actually keep hitting enter over and over. So what I'm trying to do at the moment, is to grab their ip when submitting, storing that ip in a table and when a person submits, check to see if that ip has posted, has it been 5 minutes since they last posted, and each ip can only post 4 times. 4 is a random number. I mention this in the projects page where people can see my work. I don't know... I guess I'm paranoid because I don't know what's going on. Blind

Sorry for the crappy title. So I wrote a PHP IP tracker that I include in all of my websites. This logs what time the client connected to my server, what they were requesting, number of times they've connected, and their ip-address. I use the following to get the last ip-address even if they went through an "ip-bounce", not sure what to call that. This is my understanding anyway. Ah proxy, right. <?php // this is only a part of the script, specifically how I get the ip, as well as the url-requested $client_ip = $_SERVER['REMOTE_ADDR']; // If more than one ip address is returned, the last one is captured if ( array_key_exists('HTTP_X_FORWARDED_FOR', $_SERVER)) { $client_ip = array_pop(explode(',', $_SERVER['HTTP_X_FORWARDED_FOR'])); } // url requested $url_requested = "http://$_SERVER[HTTP_HOST]$_SERVER[REQUEST_URI]"; ?> Anyway my question is, one of the logs I tracked had the ip-address 222.85.138.75 and when I look that up at ip-lookup.net it says China. The requested URL was http://www.baidu.comwww.baidu.com:443 I don't get why that is, how could an inbound url request lead to my server. Is that a way to affect SEO? Like my server was requesting that url? I don't even know...

Wow thank you so much gizmola, great post. I do create my databases/tables entirely with PHPMyAdmin and whenever I set an id column, I use Index (this seems to have solved the no index used error) and set auto-increment. This "overlap", I don't know if that's physically possible, but I'm concerned about it. If two people hit enter at the same time, down to the microsecond (that small?) I'm not sure if it's possible to overlap. Maybe one will always be there first depending on connection, computer, os, etc... I know that LAMP is sort of old, I had asked a question if LAMP was outdated and eventually I believe I'm looking to setup a LEMP stack with NGINX and Postgresql. I looked up php-fpm, I see this "FastCGI Process Manager" what's a simple example of what that would be used for? I haven't had any web-applications made public yet, that actually has users, so I don't have any experience/problems with load. I've also considered implementing secondary overflow cloud servers to handle load if there were any problems like that. I haven't worked with Node/NPM but I use javascript quite a bit. I think I just got my first taste of JSON with implementing Google's re-captcha on a website. Thank you for the link and the new words for me to learn. I rent a cheap single-core-10GB-storage-1GB-ram VPS, so I guess I'll have to see what specs I can get out of it.

Awful thread title but what I'm asking about I think pertains to race condition. Well in particular I'm concerned about targetted efforts to bring down a server or in general how to handle so many requests. Say you have a basic form, has three fields, name, email, message. Let's say 10 people are in the same room, all 10 have filled out the form, all 10 submit at the same time. What part of the server/applicatin determines who gets inserted first? Do I specify scenarios that handle queue's to prevent potential data loss? I'm thinking that I should cache inserts somewhere in case of a failed connection or waiting due to too many people submitting. I'm running a LAMP server with MySQL as database. I'm not sure if I should look at apache.config file or php.ini or both... Should I have things in mind. How can I test my server to see how many concurrent connections/inserts it can support, etc... At the moment I'm keeping track of the client's ip (I realize they could bounce ip's), then the time of each insert to limit. This pertains more to public demonstration web applications, as opposed to one that uses registered users. I could also implement a recapctha which would slow the person/attacker/script down. I'm not sure about the script part with a re-captcha. I'd appreciate your thougths or any good reading material (the manual ha). Thanks for your time.

I made this login form, and this is the javascript that I included as an external link. I'm concerned about mixing the way clicks are handled eg. onclick="someFunction();" vs. $(document).on("click"...) vs. $(document.ready(... The form accomplishes the following: - checks for empty fields, if empty, turn their borders red, and shake. - when clicking into a field(or tabbing from username to passwrod field), the borders are reverted back to the original color if they're red, error message goes away - then form is submitted, and redirect occurs Also if you have any formatting tips, indents vs. space, that sort of thing, or where brackets should go, I'm not sure if javascript follows similar formatting as PHP where I'm going to adopt the PSR-2 formatting. I also think it's possible I'm making things way more difficult than they need to be. Thanks for any help. Images are for reference. <script type="text/javascript"> function showRegister() { window.location = "http://directory"; } var lastState = "login"; function displayTos() { var currentLabel = $("#tosB").html(); if(currentLabel == "Terms of Service"){ $("#login-form").hide(); $("#tos").show(); $("#tosB").html('back'); } else { $("#tosB").html('Terms of Service'); // back to login $("#tos").hide(); $("#register-form").hide(); $("#login-form").show(); } } $(document).ready(function() { $('#password').on('focus', function() { if($("#password").css("borderTopColor") == "rgb(255, 0, 0)") { $('#password').css("border-color", "#282828"); $("#error-message").hide(); } }); }); $(document).on("submit", "form", function(e) { loginCheck(); }); $(document).on("click", ".input", function() { selectedId = $(this).attr('id'); if($('#'+selectedId).css("borderTopColor") == "rgb(255, 0, 0)") { $('#'+selectedId).css("border-color", "#282828"); } if($('#'+selectedId).css("borderTopColor") == "rgb(255, 0, 0)") { $('#'+selectedId).css("border-color", "#282828"); } var usernameBorder = $("#username").css("borderTopColor"); var passwordBorder = $("#password").css("borderTopColor"); if( (usernameBorder != "rgb(255, 0, 0)") && (passwordBorder != "rgb(255, 0, 0)") ) { $("#error-message").hide(); } }); // errors function showError() { $("#error-message").show(); } function usernameError() { showError(); $("#username").css("border-color", "red"); $("#username").effect("shake", {times:1, distance:5}, 300); } function passwordError() { showError(); $("#password").css("border-color", "red"); $("#password").effect("shake", {times:1, distance:5}, 300); } function loginCheck() { // check if any of the fields are empty // get values var $username = $('#username').val(); var $password = $('#password').val(); // check if values are present if(($username == '') || ($password == '')) { passwordError(); usernameError(); // return false; } if($username && $password != '') { $.post("login.php", { username:$username, passsword:$password }).done(function() { alert('Success'); }).fail(function() { alert('fail'); }); // return true; } } </script>

I found a solution, instead of trying to use Filezilla to connect to the local web server, just open up the file manager as root though bash. Then the file transfer is as easy as drag and drop.

I rent a VPS and I've always transferred files by FTP through port 22. I don't think I have any sort of FTP service enabled on the sever. I'm trying to connect to my local web server and I'm not getting through. I'm not sure if port 22 is open. I am not able to simply right click and open as root the directory /var/www/html where I could simply drag and drop files as opposed to using Filezilla. Currently I manually copy each file into /var/www/html by bash. So what am I missing? I apologize if this question is in the wrong forum, I don't know where to put it.

I see what you mean, that makes sense. Thanks for your help.

Thanks Jacques1 I could have simply redirected to a different folder eg. /login vs /register... but with jQuery I hoped to just keep the user on the same page, by making fields appear/disappear. I don't understand what you mean by the "...now the business logic depends on the label of your submit buttons." Why is this not a good solution? Maybe it really doesn't matter(noticeable) if I redirect to new page that looks exactly like the last one with an extra field for email and a different submit button value. Ohhh man, having an obsession moment... just the other day I learned/found out about CSS sprites to save bandwith. I'm working on media queries right now and see that I could just use one style sheet. Similarly with this login/register, the register form only has one additional email field. So I figure why have four things when I can have two... but at the same time the additional headache... For instance there is a Terms of Service button at the bottom of the form, and I've created a "last state" javascript variable that keeps track of the last window that was open, so that when you click on the ToS button, then click on the ToS button again, you return back to what form you were last looking at. I'm having problems with this too. My last state variable is getting stuck in certain combinations of clicks. So to just use two separate directories for login and register would clear all of that headache, but the extra code, but then it's like how often do people register/login as opposed to just using the site... I don't know...