Jacques1

Since the names are plain data, it doesn't make a lot of sense to use an external script. A JSON file or any other data format works just as well and is a lot safer: If you screw up the external script while editing the names, the whole application is dead. But if you screw up the JSON file, you can go on without the feature. trademarks.json [ "bing", "google", "alexa", "microsoft" ] <?php $trademarks = json_decode(file_get_contents(__DIR__.'/trademarks.json'), true); var_dump($trademarks);

I understand what you want, but I'm telling you that it's nonsense, because you don't understand usability. Anyway, since this is clearly an amateur project with no quality requirements, go ahead.

This hack is entirely unnecessary. If your script times out, then increase the time limit until it no longer times out: <?php // set the time limit in seconds (may also be -1 for no time limit at all) set_time_limit(600); // now do the work There may also be a chance to optimize the procedure and solve the problem altogether. For example, if the timeout is caused by long-running queries, this may be due to missing/inappropriate indexes.

Yeah, and now let's think for a second and decide which one is more useful: Barand: “Dear user, there's some trademark in the name you've entered, but I won't tell you which one. Good luck finding it!” Me: “Dear user, the name you've entered contains the term ‘Google’ which is a registered trademark of Google Inc. Please choose a different name.” That's why I told you to use strpos() together with a loop. As in: Loop over the words, and if the name contains the word, tell the user: <?php // you can store additional information like the trademark owner if you use an *associative* array with the trademarks // as the key and the information as the value $trademarks = [ 'google', 'bing', 'alexa', ]; $found_trademarks = []; if ($_SERVER['REQUEST_METHOD'] == 'POST') { // collect all trademarks found within the submitted name foreach ($trademarks as $trademark) { if (strpos($_POST['url'], $trademark) !== false) { $found_trademarks[] = $trademark; } } } ?> <!DOCTYPE html> <html lang="en"> <head> <meta charset="utf-8"> <title>Title</title> </head> <body> <form method="post"> <label>URL: <input type="text" name="url"></label> <input type="submit"> </form> <?php if ($found_trademarks): ?> <p>Warning: The URL you have entered contains the following trademarks. We strongly recommend you chose a different URL.</p> <ul> <?php foreach ($found_trademarks as $trademark): ?> <li><?= htmlspecialchars($trademark, ENT_QUOTES | ENT_SUBSTITUTE, 'UTF-8') ?></li> <?php endforeach; ?> </ul> <?php endif; ?> </body> </html>

And under which account do the cronjobs run? The webserver account (e. g. www-data)?

This is nonsense. But clearly you're not able to listen at this point, so let's wait a couple of days until you hit the next problem.

You cannot “update a block of PHP code” every 5 seconds. As far as I understand, you're trying to implement some kind of chat with pure PHP. This is impossible, because PHP produces a single HTTP response to a single request. When the response has been sent to the client, you cannot go back to change it. If you want a dynamically change the page, you need JavaScript or more specifically Ajax. So the whole chat block doesn't make any sense in the first place.

Which of the variables isn't defined? This is too much code for guessing games. Besides that, you've adopted a very strange programming style. I'm not sure if you're trying to write VB.NET code in PHP, but it doesn't work like this: You do not “declare” variables in PHP on top of the script. You define them when they're needed (if they're needed at all). What's the matter with those all-uppercase variables? In PHP, variables are all-lowercase. Don't write one big block of PHPSQLHTMLCSSJavaScript spaghetti code. Keep the languages separate: PHP at the top, HTML at the bottom, JavaScript in external files, CSS in external files. Then we don't have to wade through hundreds of lines of irrelevant code for one simple problem. Indentation is 4 spaces. Your strange CRUD instance is turning into a God Object which does way, way too much (queries, HTML-escaping, sending messages and who knows what else). You realize that you can have more than one class, right?

Your connection.php has no PHP tags. Also, you shouldn't use relative paths when including files, because it's not always clear which they're relative to. Use absolute paths. The __DIR__ constant yields the path of the parent directory and allows you to start from there: <?php require_once __DIR__.'/connection.php'; require_once __DIR__.'/function.php'; // ...

Creating configuration constants with define() is OK for now. Constants are all-uppercase per convention, though. Include this script wherever you need it, then pass the constants to the function: <?php define ('DB_HOST', 'localhost'); define ('DB_NAME', 'labor'); define ('DB_USER', 'user'); define ('DB_PASSWORD', 'removed'); define ('DB_CHARSET', 'utf8'); require_once '/path/to/config.php'; // ... $database_connection = mysqlconnect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME, DB_CHARSET);

Are you sure you have the right firmware as described on the page? Are you sure you've activated the feature and entered a key? Have you tried plain HTTP rather than HTTPS? There isn't too much we could do from here. If nothing works, ask them.

I've never needed different durations, but this has been successfully hacked into the slick plugin.

Besides that, your code has plenty of other problems. You're either storing the passwords as plaintext, or you're using some toy password hash scheme like md5(). This is unacceptable. In fact, if there actually is an SQLi vulnerability, it's safe to assume that all current passwords are compromised. And why on earth would you use the error suppression operator “@”? Errors need to be logged so that you can fix them, not suppressed. If your PHP setup prints error messages directly on the screen, that's yet another problem.

Like I said, the plugin doesn't support different durations for individual slides. If you need this special feature, you either have to rewrite the plugin or choose a different one.

Look at the demo. It's right in the code: $('#slideshow').dsSlider({duration: 5000, direction:"right"}); ^^^^^^^^^^^^^^ If you want different durations, you'll have to edit the plugin. It's still a TODO: //TODO: dynamisk duration

First off, who says that your application has SQL injection vulnerabilities? A professional penetration tester? An automated scanner? Yourself? Secondly, that two lines of code don't tell us anything, because we can't see what you're doing with the input. You claim that you're escaping it, but this critical part is exactly what you've left out. The mysql_* functions in generally are hopelessly outdated (since more than a decade) and have been removed from PHP. Nowadays, we use PDO and prepared statements.

... which is entirely useless, because now the user has no idea which trademark he's about to violate.

Your job is to write a PHP script which is ready to receive and process the reports as JSON-encoded data in HTTP POST requests. Then you register the URL of the script at CloudTrax, and they'll start to send you the reports. The code on the CloudTrax page is just an example. It doesn't do anything useful (it merely writes the raw data into a text file). If you're not getting any reports despite a correct registration, ask CloudTrax.

And you've hopefully learned to check your error log.

What is the problem? What do you not understand? All I've done is change your function. You pass your connection parameters as arguments to mysqlconnect(), and the function returns the connection: <?php // those parameters should be in an external configuration script $database_host = 'localhost'; $database_user = '...'; $database_password = '...'; $database_name = '...'; $database_encoding = 'utf8'; $database_connection = mysqlconnect($database_host, $database_user, $database_password, $database_name, $database_encoding); // now you can call $database_connection->query() etc.

You have an HTML form with a text field and a submit button, right? For some reason, you've named the text field “rmail” and the button “submit”. Those names are wrong. They have to be “sendmepass” and “affiliatername”. So all you have to do is change the two names in your form.

Ajax simply means that JavaScript makes additional HTTP requests in the background. The page content isn't affected by this in any way. If you want to update parts of the page, you have to do that yourself with JavaScript. For example, if the div element has the ID “status”, then $('#status').text('Success'); will change the text content of the element to “Sucess”. Generating complex HTML structures like lists is more difficult. If you have a specific question, post your code.

Why do you need to get data back into the form? If you use Ajax, the form content doesn't get deleted at all (unless you do that yourself).

The form parameters don't match the target script at all. Your forgotpass.php expects a “sendmepass” parameter and a “affiliatername” parameter. The former is appearently supposed to be the name of the submit button, the latter is for the username.

That's not possible. Unless the script crashes or the loop is aborted, $row_d will contain each row one after another. Put a var_dump($row_d) at the beginning of the loop body (line 68) and tell us the result. Does this show each row?