Jacques1

Like I said, this is nonsense. You're circumventing basic database features to implement them yourself in the most cumbersome and inefficient way. I'm not sure why you struggle with my queries, because this is nothing more than plain English and common sense: variant 1 every status is false means: no record with a true status exists variant 2 every status is false means: the number of records with a true status is 0 The query immediately yields the result. No need for any loops. You're free to do whatever you want, but if you want to be a programmer, it's a good idea to learn instead of rejecting everything you don't know yet.

This is a bad approach. I'll make it simple for you: Read reply #6. There are two queries in there. Use one of them.

@ benanamen: This is about the aggregated result (is any status true, or are they all false). SELECT NOT EXISTS ( SELECT 1 FROM streams WHERE status ) AS all_false ; SELECT COUNT(*) = 0 as all_false FROM streams WHERE status ;

@Texan78: I know what you've written. My question is what you don't understand. The data structure? How loops work? How to set a boolean variable? all_status_false := true // first assume that all status are false each stream in json: if stream.status != "false": // found a status which is not "false", change the variable all_status_false := false break // if nothing else needs to be done, stop the loop

What exactly is the problem? That you don't understand the JSON structure? That you don't know loops?

None of us is going to help you obtain material which you're obviously not supposed to have. Period. There are online errata which correct the bugs. If you still can't solve the exercises, maybe you shouldn't be tutoring.

Do yourself a favor and get rid of the ancient Dreamweaver garbage code. Since ~10 years, we use prepared statements: $customer_stmt = $database_connection->prepare(' UPDATE t_cliente SET tipo_client = ?, nome = ?, morada = ?, nif = ?, cod_postal = ?, telemovel = ?, email = ? WHERE id = ? '); $customer_stmt->bind_param( 'ississsi', $_POST['tipo'], $_POST['nome'], $_POST['morada'], $_POST['nif'], $_POST['cod'], $_POST['telefone'], $_POST['email'], $_POST['ID'] ); $customer_stmt->execute();

Guys, read the code: $data = json_decode(file_get_contents("php://input")); // ... $message = trim($data->message); // ... mail($to, "Customer Inquiry", $message); How exactly are the name and e-mail address supposed to get to the receiver? They're not in the e-mail content, they're not in any header, they're just discarded in the script. PHP doesn't magically add data to e-mails. You have to actually do it yourself, and I've already explained how.

This is definitely not a small problem. First off, your class does way, way too much. It seems you're using it as a god object where you put absolutely every feature you need in your application. That's not how OOP works. One class is supposed to have one specific purpose. So the first step is to separate your monster class into multiple simple classes. Then your error handling is fudged up. Instead of simply leaving the PDO exceptions alone so that PHP can log them and stop the script, you catch the exceptions, log only the message (what about the file, line number, stack strace?) and then continue the script. This obviously makes no sense. If you continue with a failed database connection, you'll get nothing but nonsense -- like your non-object error. There are other problems, but let's start with those two.

Whatever self::$g_con contains, it's not a PDO connection. It looks like there's a fundamental problem with your class design. If you want more specific help, post that class.

Yes, that's PHP-FPM. Do you have an init script for PHP-FPM? Then you simply need to use that instead of the nginx one after you've updated the PHP configuration: /etc/init.d/php-fpm restart (the script could be named differently) There are also plenty of init scripts on the Internet.

The user fills out the contact form and submits three pieces of data: The username, the e-mail address and the message. What you do with this data is your own responsibility. Right now, you're only using the submitted message as the e-mail content. Everything else gets dropped. It doesn't show up anywhere. If you haven't written the code, you'll at least need to read and understand it. Otherwise there isn't really much we could do.

None of us has psychic powers, so if you want help with code, you need to show that code (I mean the relevant parts, please don't upload your entire application).

You are only sending the message as the e-mail content, so how exactly do you expect to receive the name and e-mail address? PHP only does what you tell it to do. You either have to actually put the contact data into the e-mail content, e. g.: name: <insert name here> e-mail address: <insert address here> message: <insert message here> Or you add them to a Reply-To header so that they show up in your e-mail program. In any case, the mail() function sucks and is going to cause security problems as soon as you start adding dynamic headers. Use a proper mailer library like PHPMailer. The whole JSON stuff doesn't make a lot of sense either. You can skip all the encoding and decoding if you use plain old default form encoding.

PHP isn't embedded into nginx as is the case with Apache, so restarting the webserver has no effect on PHP (unless your init.d script does more). How are you running PHP? Are you using PHP-FPM? Then you need to restart the PHP-FPM processes. Either through an init script (if available) or by killing the master process (the PID is written to a file depending on the configuration).

The slow hashing still allows a user to distinguish between the two cases: If the username is wrong, the application responds immediately, otherwise there will be a noticable delay due to the password check (e. g. one second). This can be slightly improved by hashing a dummy password when the username is wrong, but there will still be subtle differences (timing, unique errors of particular execution paths etc.). Personally, I just use public usernames instead of trying to hide the accounts.

You can just add each value to a variable outside of the loop, or you can use array_sum().

By the way: You'll make life a lot easier for yourself and everybody involved if you implement the features one by one and test them before moving on. What good is your collection of 14 PHP scripts when appearently none of the relevant features work? Now you have lots of broken code which you can't fix and others don't want to fix. Pick one feature (e. g. user registration). Work on just this one feature until it reliably yields the expected results. The major benefit of this approach is that debugging and getting help is so much easier, because there's just one or maybe two scripts involved, not 14.

You forgot the HTML-escaping. Dynamic values which are inserted into an HTML context must be escaped. Don't just assume that they're safe. I don't think you understand the structure of $_POST['select_car']. It's an associative array with the car ID as the key and the car value as the corresponding value: ID => car value Right now, you're trying to use the car value as the ID, which doesn't make sense. The ID is the key: foreach ($_POST['select_car'] as $car_id => $car_value) { } Also, don't forget about the CSRF vulnerability.

Think again, my dear. Right now, your code says this: If the user is logged in, redirect them to the index page and cancel the script. Otherwise (i. e. the user is not logged in), take the nonexistent user ID and store the post. Sounds like you have it backwards. You want to redirect the user if they're not logged in, otherwise you store the post with the user ID.

Your form design doesn't work. The select_car array from the checkboxes does contain only the checked car IDs, but the values arrray from the hidden fields (which you're currently iterating over) contains every possible value. Even worse, you have no idea which value belongs to which ID. There are two options: Add the values to the checkboxes themselves and get rid of the hidden fields: <input type="checkbox" name="car_values[insert the HTML-escaped ID here]" value="insert the HTML-escaped value here">. This gives you an associative which maps the IDs of the selected cars to their values. Only transmit the IDs and look up the values again afterwards. Be aware that this can result in different values if there have been updates in between. Note that your car values can both be manipulated and submitted on behalf of another user (at least I see nothing which would protect you against CSRF attacks). So unless this is one of those "school projects", you might want to reconsider your approach.

If you want to have a discussion, I'm afraid you do have to read the suggestions in detail. There's a variety of approaches, but you seem to be neither interested nor clear about what you want. So maybe you should think about this, do some research on the above suggestions and come back with more solid feedback. Alternatively, just go back to the infinite loop. If that's good enough for you, it's certainly the quickest and most fool-proof solution.

How is the second query even possible? Are you storing your passwords as plaintext?

What did you use before to write your code? Microsoft Word?

Your Python code yields this hash: 220937f1bc13e2d44609c2126186291e39e92d31 My PHP code above yields this hash: 220937f1bc13e2d44609c2126186291e39e92d31 Looks identical to me. So, yes, the PHP implementation should be functionally equivalent to the Python implementation. Of course there may still be problems with the input (e. g. you got the wrong secret or session parameters), or maybe you're not transmitting or checking the result correctly. But that's something I cannot do much about.