Frank_b

Sorry i did not read al of your code but it seems to be more complex then needed. First about IP-banning. If you use ip banning instead of user banning please do realise that you could ban a complete officebuilding of hospital ! Otherwise mobile devices are switching ip's many times. I always say: forget this whole IP-shit! that said, Did you ever try to use the DateTime and DateInterval standard PHP objects? <?php $last = new DateTime('2015-1-26 11:53:12'); $now = new DateTime(); $diff = $now->diff($last); echo 'Difference is:<br>'; if($diff->y) echo $diff->y . ' years<br>'; if($diff->m) echo $diff->m . ' months<br>'; if($diff->d) echo $diff->d . ' days<br>'; if($diff->h) echo $diff->h . ' hours<br>'; if($diff->i) echo $diff->i . ' minutes<br>'; if($diff->s) echo $diff->s . ' seconds<br>'; ?>

Most simple is an include() Or use Twig or Blade template engines.

AJAX means that the javascript makes a request to the webserver. (javascript runs in the browser of the client). after the call it waits on an answer. This answer comes as a variable (which can be an object) in javascript. There will be no new page loaded. But you can overwrite some content of the page (for example a <div>) with javascript using the data that comes back from the webserver. The request to the webserver can be handled by a php script. For the transportation of data (think about more than one variabele) programmers often use JSON these days. I recommand that you look for some examples on the internet with JSON and AJAX to understand this methods

if you use the POST method there will never be a GET generated unless you change the action tag to something like action="send.php?s=1". You could do this with javascript but it is unlogic. I should do something like this: <form action="" method="POST "> the empty action tag will hold the user on one and the same page. you can use $_SERVER['REQUEST_METHOD'] to test if the form has been posted. after it is you can validate the form. if there is something wrong (like no email) then you just let the page load again (with an error message). if everything is alright then you send your email and after that you can redirect the page to another page like 'thankyou.php' with this snippet <?php header('Location: thankyou.php'); exit; ?> aware that there may not be any output before you send headers

You are in the right direction. i think you have to debug a bit. For example echo your queries to see if they are allright. Are you sure that you can read the temporarily file? Or do you need to move it first?

1. store the images outside your documentroot. 2. Use sessions to remember who may download and who doesn't 3. Use a PHP script to download the images: get_image.php: <?php if(!isset($_GET['filename'])) { header("HTTP/1.0 404 Not Found"); echo 'no filename received!'; exit; } session_start(); if(!isset($_SESSION['may_download']) || (isset($_SESSION['may_download']) && $_SESSION['may_download'] === FALSE)) { header('HTTP/1.0 401 Unauthorized'); echo 'This content is not available for you.'; exit; } $path = '/var/www/private/images/' . $_GET['filename']; if(!file_exists($path)) { header("HTTP/1.0 404 Not Found"); echo 'filename does not exist!'; exit; } // output the image header("Content-Type: image/jpg"); header("Content-Length: ". filesize($path)); header("Content-Disposition: attachment; filename=". $_GET['filename']); echo file_get_contents($path); ?> To download an image: http://yourdomain.com/get_image.php?filename=picture1.jpg To show the image in a HTML page: <!DOCTYPE html> <html> <head> <title>something</title> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> </head> <body> <div><img src="get_image.php?filename=picture1.jpg" alt="picture1" /></div> </body> </html>

you wrote option instead of options

fourth: if u still dont get your email (check your spam also) then you might try to send a very simple email like this: mail('myself@myhost.com','Test mail', 'Just a test...'); If then there is still no email then you have to contact your provider. Maybe they blocked the email() function of maybe you have to send your email through a SMTP server. In that case you could use a library like PHPMailer or Swiftmailer.

first of all: place a echo 'test'; just above the mail() function so that you are sure that your code reaches this part of code. second: remove that @ before the mail function. Don't you want to be informed if an error occurs?? third: give an error if the mail function returns a FALSE. if(mail(...) === FALSE) echo 'Sorry your email could not be sent.';

The icons are not a problem. $items = array( '<i class="fa fa-dashboard fa-3x"></i> Dashboard' => 'dashboard', ); The submenus do make it more complex. You could use this example: http://www.phpf1.com/download.html?dl=21

use a array and a loop to echo your <ul>: $items = array( 'Login' => 'login', 'Dashboard' => 'dashboard', 'Page two' => 'page-two', 'Page three' => 'page-three', ); echo '<ul>'; foreach($items as $title => $basename) { $class = ''; if($p == $basename) $class = ' class="active"'; echo '<li><a'.$class.' href="index.php?p='.$basename.'">'.$title.'</a></li>'; } echo '</ul>';

Exactly, it does not make any sense. Do not think too difficult! Even if you store the mysql username and password in a normal accessible .php file then normal http users will not be able to read the code in the .php file. So the options mentioned above is allready a little extra security. And as ginerjm mentioned above it is much more important to use strong password protection for other protocols like SSH and FTP because that are main entrances! (Think about locking all the windows from the house but forget to close your frontdoor )

I do not understand what an emailing class has to do with the creation of a new contract.. What i do know is that users do not think about relations and jointables. They want a userfriendly application and press buttons and write forms as less as possible. With that reason in mind i would give the people/{person-id} page a button 'Add contract' what would bring the user to the people/{person-id}/create-new-contract page. There you will need to show a form just to add a new contract. On the background you do allready know for who this new contract will be. And of course as for any form you will need to accept a GET and a POST method. The GET method will just show a new empty form and the POST method will validate input and if validated insert a new record into the table(s). In this case it would insert a record to the contracts table AND insert a record to the JOIN table both. A full working system has four actions per table: CREATE, READ, UPDATE and DELETE. (CRUD). You did not add any actions for READ and DELETE until now. Besides this four actions you could give a fifth action for many-to-many relations: change the relation. Think about this scenario: One College stops working into your company because he or she accepted another job. Now the contracts need to be moved to another college... You will need to make an administration tool for that too.

I prefer to store it outside the documentroot of your website. So in case your documentroot is /var/www/html then i should maybe store it in /var/www/config/config.php. Another possibility is to store it in a subdirectory of the documentroot and protect it by an .htaccess file with the content Deny from All If you are using apache 2.4 then it should be Require all denied

and your problem is? do you get any errors? if you dont see errors: enter this at the beginning of your code: error_reporting(E_ALL); ini_set('display_errors', '1');

foreach($element as $row) { echo $row['name']; echo $row['url']; }

if you want to track registered users only (read 'after login') there is no need to store the session id into the database because you have the unique user id allready. To track anonymous visitors you only have the unique session id and it will be the only way to keep the visitors seperated.

I do NOT have experience with Suse. But i do have with Centos and Ubuntu. You will need an extra empty partition on you harddisk next to the windows partition or empty unlocated space on the harddisk. (There are tools that can shrink your windows partition to create free space) BE CAREFULL AND MAKE A BACKUP IN THIS CASE After you have an partition or free space you can easily install Centos or Ubuntu and probably Suse. Just follow the instructions of the installer and be sure not to overwrite your windows partition

What happens: first the query between the brackets will be run. The result is the top 3 from the items table but sorted on their views score second from the result that has been created we will SELECT all records but then sort them by name (alphabetical) which of course you can change to id. any subquery must have his own alias in mysql, so i gave a random name t1.

why do you have all the columnnames double? (eg gId and id) Anyway you will need a subquery like this: SELECT * FROM ( SELECT * FROM items ORDER BY views DESC LIMIT 3 ) AS t1 ORDER BY name

This is a two step process. a) any time that a user requests for a new page, the database will be updated with the current datetime. b) to display active users a query will be run that retrieve all the users that has been active for the last xx minutes. Only if users logout the exact time of inactivity can be measured but 90% of all users will never logout so we use a timeout mechanism.

http://php.net/manual/en/function.imagecolortransparent.php

Your mysql server needs to accept requests from outside in that case, which can be very insecure. You should absolutely configure your mysql server to use and only accept connections over a SSL connection. To make a certificate and configure the mysql server is work for an expert if i may say so. An api works in most cases from PHP application to another PHP application but for sensitive data like userdata for example it is also highly recommanded to use SSL connections,

i bet that your last insert queries did not work. You can retrieve users and apps in one query. Maybe you should take a moment to read a bit on the internet? SELECT u.user_id, u.firstname, u.email, a.app_id, a.name, a,download_url FROM users u JOIN users_apps j ON u.user_id=j.user_id JOIN apps a ON a.app_id=j.app_id WHERE u.user_id=123 AND a.default=1 If you are starting right now, do not use the mysql_ functions. They are deprecated! Instead try to learn PDO or minimal mysqli_ functions. to improve security use prepared statements too. If you are using the mysqli_ functions do not forget that these functions can return errors. If you do not handle these errors you wont see them and you want know what is going wrong.

this is a guess.. what is the file extension of your file? is it html? change it to .php explanation: Php scripts are executed on the webserver. The result of te script after execution (in most cases HTML) will be sent back to the client. Most webservers are setup to only execute files that have the .php extension.