JonnoTheDev

lanmonkey is correct. Use md5() on the users email address to generate a unique key.

The variable is outside the scope of the function. You need to pass it in as a parameter: function displayBalance($user){ global $database; $q = "SELECT username,points FROM users WHERE username='" . $user . "'"; } displaybalance("cslevente");

In terms of redirection after bad url params you are better using a 404 header rather than redirecting to lets say the home page. Ive seen (and done) it before where you can create a page of spoof links that contain bad params and end up all redirecting to a certain page. Google comes along and sees all links hitting the same page and you end up in the supplimental results for duplicate content. This is just a note if your site requires SEO treatment of course.

Oh lovely! Firstly you need to make sure that you hosting environment is suitable for your website. Does your site need a database? If so have they given you a database dump. You will need to import the database to your new server. You may need to edit some of the site files that may contain website configuration details such as file locations, database connection details, etc. Only the developer will know this. Upload the site files to the document root of your hosting account and hope for the best. Good luck.

Only use regex when the standard string functions will not do the job so: if(strstr($str, "(")) { // do whatever }

Add a virtual host entry for the non ssl domain name also

You dont need to disguise the url param but using a mod rewrite does help as it limits what characters are accepted in the url param. Just remember the golden rule: always filter input and escape output

Yes $cat_id must be cleaned. In the least use mysql_real_escape_string($cat_id);

The reason you are probably getting this is because the browser address bar is referencing the https address but elements on your page are called via the non https address i.e. image tags <img src="http://www. or iframe or stylesheets, anything really. They should all be referenced via the https location.

Not all people can receive email on a phone but all CAN receive SMS! Get an SMS provider. You can usually buy credits suited to the amount of recipients. They also deal with message unsubscription. It is LAW that users have that option.

You require a non flash php file to validate email addresses entered. You would need to save the addresses into a database. Email addresses are validated when a user clicks the link in the validation email and this will perform a lookup in the database, setting a flag if the record is valid. You then only send future emails to validated addresses.

I dont get any popups in firefox and IE states that the page contains some insecure items which is a common popup on https requests.

What is the URL?

For a bot to crack a CAPTCHA it needs to read the letters / numbers using OCR techniques. The weakest captchas are alphanumerics on a plain coloured background with little or no skew on their positioning. Even worse are those who think people are thick enough not to realise that the captcha code is stored in a hidden field in the HTML form. Check this out: http://www.afreearticle.com/signup.php The best captchas use noise within the background and skew the characters. The actual code will be encrpted along with some kind of secret key so its impossible for a bot to decrypt this. When the page is reloaded it will change so there is no chance of grabbing, reading and submitting as the code will change. Your best bet is to download an implementation and then refactor. Some good ones found at http://www.phpclasses.org

The URLS generated aren't SEO friendly: http://www.rabbitcoder.com/web%20development_articles

Overwrite with the following: if($error)exit(); $msg = "Name: ".$_POST["name"]."\n\n"; $msg .= "Email: ".$_POST["email"]."\n\n"; $msg .= "Phone: ".$_POST["phone"]."\n\n"; $msg .= "Subject: ".$_POST["subject"]."\n\n"; $msg .= "Message: ".$_POST["message"]."\n\n"; $ok=mail($sendTo, $subject, $msg, $headers); I cant believe you paid for this!

You can see the cert details by clicking on the yellow padlock on the bottom toolbar on IE. Im guessing your security settings are quite high in IE and are the cause of the popups.

There are plenty. I prefer to use my own as it is a security measure so no one else actually knows how it is working, rather than taking an off-the-shelf approach. Depends on your skillset really. You will need to make sure you have the GD libraries available on your php installation as you will be working with images.

He shouldnt have got in the ring with that guy. Bad move by Frank Warren! Kahn thinks hes better than he actually is and got a reality check.

With a database and knowledge of PHP. You better get a book.

This is down to your security level setting in IE. Does the SSL key fully match your server info? i.e. does the common name match your server hostname, etc. How did you generate the cert file? using openSSL?

You should implement CAPTCHA on contact forms that send out email. It doesn't take long on any website before contact forms start getting hit.

Not for beginners. I would not recommend tring to implement this if you are not using an existing framework. This statement makes no sense: OOP is all about data abstraction, classes, objects, inheritence, etc Guessing your skillset you maybe better sticking with a procedural approach.

Then you must be saving the text into the database using nl2br(). The BR tags do not need to be stored in the DB. Line breaks will be saved as \r\n in your DB automatically. Use the nl2br() function only when formatting inside HTML.

You would need ajax to do that in the background. Also you should use SQL syntax to do the increment rather than application logic: $query = "UPDATE games SET plays = plays+1 WHERE id = '$id'";