JonnoTheDev

These are the variables that contain the transaction information sent to your site from paypal. Store them in your database on successful or failed transactions. $item_name $item_number $payment_status $payment_amount $payment_currency $txn_id $receiver_email $payer_email

Forget all that rubbish in the comments. What they are saying is that this line indicates a successful transaction: if (strcmp ($res, "VERIFIED") == 0) { So what you do is replace the comment block with your own transaction logging i.e. where you save the successful transaction into your own database. you can add checks to make sure that the $txn_id id has not already been processed by checking against your own database records. You would obviously store this number for customer reference. This indicates a failed transaction. You may also want to store failed transactions also else if (strcmp ($res, "INVALID") == 0) {

When you need to modify a variable outside the scope of a function lets say a counter as an example: $counter = 1; function startCounting(&$counter, $stopAt) { for($x = 0; $x < $stopAt; $x++) { $counter++; } } startCounting($counter, 10); // displays 11 print $counter;

There are a couple of methods: 1: $name = "joe bloggs"; // will print Joe Bloggs print ucwords($name); 2: $name = "david o'leary"; // will print David O'Leary - ucwords() will not in this case print mb_convert_case($name, MB_CASE_TITLE, "UTF-8");

I am guessing that you do not have error reporting turned on in your php.ini configuration file. The include is generating an error but you are not seeing it on screen. The script is terminating at this point. Look for display_errors in your php.ini and set to On. Restart your webserver. You can also add the following line to a php file that is included on all your pages: ini_set('display_errors', 'On'); ini_set('error_reporting', E_ALL & ~E_NOTICE); You should then see why your include is not working. Probably to do with a filepath.

Set a loop counter when displaying the results. This is an example - fit into your own loop. $results = array('product 1', 'product 2', 'product 3'); $itemNum = 1; foreach($results as $product) { print $itemNum.". ".$product."<br />"; $itemNum++; }

Poor choice to use AJAX. Google will never be able to index you pages

OsCommerce 2.2 has a who's online module. Download the source code and extract this portion. http://www.oscommerce.com

You also need to store the referer page, probably the last click time and the time of login. Also remove any entries in you table for sessions that have expired.

gettype() returns the type of the variable as a string

You must escape your post data to prevent sql errors $title = mysql_real_escape_string($_POST['fTitle']); $entry = mysql_real_escape_string($_POST['fText']);

OK When you login a user the following method is used: $this->login_user($user, $password) A call is then made within the method to $this->check_user($pass) . This method checks the database for the existence of the user and returns true on a record returned or false on no record. If true the following method is called $this->set_user(); . This method will set the following sessions: 'user', 'pw'. It will then redirect to the next page located in $this->main_page . On the protected pages the following line is checking that you are authenticated: $page_protect->access_page(); It is checking for the existence of the session variables. Your session_start() is included with the class so should be OK. It is also calling the $this->check_user($pass) method to check the user in the database also. If either return false then you are redirected back to the login page. To debug you will need to print some of the class data to the screen in various methods and make it exit at points to see if the user is being properly located in the database, the session variables exist, none of the methods are returning false when they should be returning true, etc.

Mod Rewrite is not really associated with PHP. It is an apache module that uses PERL regular expressions. Mod Rewite is a subject in itself with a variety of uses for HTTP requests.

You are posting on the wrong forum my friend. Find a Visual Basic forum if your intent is to make a desktop application.

You can set an SMTP address in the php.ini but if the server requires authentication then it cannot be done. You will need to use the PEAR::Mail libraries or something like SwiftMailer to do this.

Why would you save the username & password in a cookie file (even if it is md5 encrypted)? Don't you think if somebody was to grab the cookie data they could gain access via your login page. It is far better to store the user ID in the cookie file or when they login create a unique key for the user that is stored in the cookie to identify them to the site. This can expire and a new key created on each login.

Add it in or add the line in an .htaccess document php_flag allow_url_include on I would also disable SELINUX on the server as it is a pain in the arse

Is the URL that you are trying to include on your own webserver. allow_url_fopen is for incoming requests, not outgoing. If it is on your own server then why do you not use the full server path i.e. include("/var/www/html/domain.com/docs/sidebar.php");

You can only set a cookie to a directory that you have permissions to. You cannot save a cookie to another webserver by default. To save a cookie to a certain path use the setcookie() function i.e: setcookie("TestCookie", $value, time()+3600, "/~rasmus/", ".example.com", 1);

If you wat to remove the numeric ID values from the URL you have a few options: 1. Use a RewriteMap (research this) 2. Edit your script to use the title as the lookup instead of the numeric ID 3. Edit your script to use a title to ID map i.e. an array that has all titles as the key and the ID as the value. You can then return the ID from the array via the title to perform your lookup It is however easiest to keep the numeric ID contained within the URL

This has absolutely nothing to do with session_start() as your authentication class is cookie based. You should remove this line. You need to paste the whole class really as you have only posted a section (post in a code bock so its readable). You also need to post the code that is at the top of each page where a user must be authenticated to access. It is obviously checking for the existence of a cookie which cannot be set correctly.

Remember to escape your quotes " $FirstImage = "<a href=\"biggerimage.php\"><img src=\"re_images/$im_array[0]\" width=100 height=100 border=1></a>";

Create a php page with the following code: print phpinfo(); View the page and the location of the php.ini will be displayed near the top. Remember you must restart the webserver after making changes to the ini file

It doesnt matter whether the cookie is on the users machine. The data in the cookie is still requested by the server and can easily be read by a packet sniffer as can session data. The concept of hijacking applies to both sessions and cookies. You will obviously need a reference in each storage method to marry the 2 bits of data i.e. This username marries up with this password. Anyone who really wants to get at the data will. I think you are creating more work for yourself with no real benefit. In fact im not sure why you would even store the username and password in a cookie or session at all, this is madness. Once authenticated to a website you may store the users database ID or even a unique key that identifies them to the site in a session or cookie. A secure method would be to make the users key expire after a period of time and on next login create a new key. If you believe that you are going to suffer from hijacking because you have sensitive data to protect then get an SSL certificate.

It will be your IP address that is banned not anything else. Use a proxy but you'll only end up getting them IPs blocked aswell. Most of the free proxy addresses you can get hold of are banned by Google for this reason. Use the Google AJAX API on your own site in a manor that will not get you banned.