ignace

read the rules before posting, novice friend

you are gonna need to provide some more info, as i have no clue what your problem is

Which are considered to be the best programming practices? for example i prefer to not store sessions into files (as done by default by php), but in a database as this gives me the possibility to use the same session on multiple servers, this is possible because of the session_set_save_handler() function! So which do you use (non-oop)? To enlarge the topic a bit: which threads are all out there and how do you solve them (e.g.: cross site scripting)?

TRUNCATE TABLE if you want everything to be reset

this manner is called "variable variables" just so you know

you should be using sprintf() especially when using queries, also *_real_escape_string() is recommended or something along those lines like addslashes()

1. nope, you don't have to change the filename, but when it exists it will be overwritten (btw: when using file_exists() results are cached, use clearstatcache() to clear the buffer) 2. time() gives the current time and will never be the same because it keeps counting up... (unless you can time travel) 3. done.

add the current time after your image, this way the image never will have the same name and never will be overwritten // 1. seperate the file to: array ( 'file', 'ext' ) // 2. gleu it together using: _123456. // 3. result: file_123456.ext $file = implode('_'.time().'.', explode('.', $_FILES['uploadname']['name'])); // only usable under file.ext condition, if you need a more complicated version pm me

// recommended suggestion $time = time() - 60 * 15; $members = sprintf("SELECT * FROM members WHERE last_activity <= %d", (int) $time); // polymorphism ftw? // $members = mysql_query($members); $result = mysql_query($members); $i = 0; if (mysql_num_rows($result) > 0) { while (false != ($row = mysql_fetch_assoc($result)) { echo($row['username']); ++$i; } printf('There are <b>%d</b> users online.', (int) $i); } session_name("sid"); session_start(); include("database.php"); $user = $_SESSION['username']; // UPDATE phpbb2_users SET lastseen=NOW() WHERE username = '{$user}' // lastseen? // SELECT * FROM members WHERE last_activity <= $time // last_activity? // using last_activity don't know which one is correct $q = "UPDATE phpbb2_users SET last_activity=NOW() WHERE username = '%s'" mysql_query(sprintf($q, $user)) or die(mysql_error());

LiamProductions means he fixed some errors.. forgot the $to issue though so here it is with all errors fixed according to adrianphp <?php error_reporting(E_ALL); $msg = "We would like you to come see our site!\nThis is why:\n\n"; $msg .= "Your friend " . $_POST['FullName'] . " thought you might like Somewhere.com\n"; $msg .= "So comeon " . $_POST['FriendName'] . " and join us now!\n"; $msg .= "Someplace.com is a site for investors and people\n who want to sell their homes quickly\n"; $msg .= "So what are you waiting for?\n Come see what your friend is talking about!\n"; $to = $_POST['Email']; $subject = "Your friend " . $_POST['FullName'] . " wants you to check this out!"; $headers = "From: register@Somewhere.com\n"; $headers .= "Reply-To: noreply@Somewhere.com\n\n"; if (mail($to, $subject, $msg, $headers)) { echo "Thanks For Telling Your Friend About Us!"; } else { // mail not send... } ?> more about mailing in php: http://www.php.net/manual/en/ref.mail.php

no thx, we are only here to do just this

in addition to what grimmier wrote: instead of step 3 where you would delete all rows out of a table you will probably not use anymore, use: DROP TABLE your_table this will delete the complete table

we all can help, but would it be possible to be a bit more specific? If you want to hire someone, then you are posting in the wrong section...

i'm gonna answer a lot more then you originally asked for (don't know if this is a good thing though): first of all, i do not recommend using sessions like they where originally implemented, but using a db instead, much easier using the session_set_save_handler() function implemented in php (dl: http://www.php.net/manual/en/function.session-set-save-handler.php) you will still be able to use the session_* functions as you would normally afterwards but your application would be much secure. Also you are using the following query: SELECT username, password FROM accounts or something along those lines afterwards you do something like: if ($user==$row['username'] && $pass==$row['password']) i know where you are pushing to.. but then i would suggest using sprintf("SELECT username, password FROM accounts WHERE username = '%s'", $user); sprintf (if not familiar): http://www.php.net/manual/en/function.sprintf.php because your situation would go through the complete table (what mysql also does) until it reaches the row which contains the username & password as requested, not a problem if you only have 2 rows, but imagine a few million? and you happen to be the latest registered user... by the time the user is logged in he would be reaching his 99th birthday (just joking). so make sure you atleast narrow it down by using atleast a where clause afterwards you check if the provided password equals the one stored in the database, however make sure the password stored is encrypted.. useful encryption links: http://www.php.net/manual/en/function.md5.php (32 character length) http://www.php.net/manual/en/function.sha1.php (40 character length, recommended) check if it equals using: if (sha1($pass) == $row['password']) now for your question in how to build a logout button, is quite simple you just check if the user is logged in, like you already did, there are more advanced ways so go ahead and have a look at: http://pear.php.net/package/Auth documentation can be found here: http://pear.php.net/package/Auth/docs hope it helps, ignace

if (is_integer($decimal_or_integer)) { // integer (normal) } else { // decimal (not normal ) } usefull links: http://www.php.net/manual/en/function.is-float.php http://www.php.net/manual/en/function.is-integer.php

there are always security risks, but i don't really understand what you are planning to do? So mysql is located on your comp? And you want to use it as a storage for an online application? Or do you mean that you are developing an entire application offline?

I have a file like this: [database] type=mysql server=localhost user= pass= name= [website] title= description="a long description" keywords="a, long, description, in, short" i load this file throught file() which gives me an array where every key is a line from the file. Now, what i want to do through regular expressions is finding the lines which contain a word between the [ and ], so as the backslash is the escape character i tried the following: ^(\[[a-z]\])$ but nothing turns up, probably you guys know why, but i don't, so pls fill me in, i already read a book about regular expressions without any success i also have a cheat sheet doesn't work for me neither thanks in advance, Ignace

You are experienced with cron so just call this snippet, buf before you do use this, add the absolute folder path in sFolder! <?php // Folder !!!NO TRAILING SLASH!!! $sFolder = '[folder comes here]'; // Delete all files within the folder DeleteRecursive($sFolder); // Function function DeleteRecursive($sFolder) { // open folder $pFolder = opendir($sFolder); // read through folder while (false != ($sFile = readdir($pFolder))) { $sAbsolute = $sFolder . "/" . $sFile; if ($sFile != "." && $sFile != "..") { if (is_file($sAbsolute)) { unlink($sAbsolute); } else { // Directory assumed DeleteRecursive($sAbsolute); // Remove all files within the folder rmdir($sAbsolute); // Remove the folder } } } } ?>

1) yes just use the _POST superglobals 2) b is recommended, c is even better 3) sessions, are cookies on the server, you should only be worried about session hijacking etc... more about session security, can be found within the source code of: http://pear.php.net/package/Auth 4) yes, your job is done, however i do not recommend to put secure files into the web root, i mainly put them in the real root now, this is my advise, and it is solely supported by my current knowledge so i sincerely recommend consulting other persons, who are more advanced in SSL greetz, Ignace

seems not but you are encouraged to make your own, so someone some day may call upon your pre built function

yes that is possible, however i am not really experienced into cron, however after asking my friend google for some advise, he gave me these results: http://www.unixgeeks.org/security/newbie/unix/cron-1.html http://www.aota.net/Script_Installation_Tips/cronhelp.php3 greetz, Ignace

well, then i would suggest you use my best friend called debug, and do: echo($answer . " == " . $input); if (strcasecmp($answer, $input) == 0) ...

if it says that DIRECTORY_SEPERATOR does not exist, then add the following code just above that snippet: (normally it is implemented into php) define('DIRECTORY_SEPERATOR', (substr(PHP_OS, 0, 3) == 'WIN') ? "\\" : "/"));

// The mistake you make, is very common // you forgot to include the path, because the file 1.jpg does not exist // in your current directory, but it exists in your upload_folder/1.jpg while ($file = readdir($dir_handle)) { if ($file <> "." && $file <> "..") { $full = $path . DIRECTORY_SEPERATOR . $file; rename($full, strtoupper($full)); } }

If you wanna program your own, i suggest reading about MVC (model-view-controller) framework, and starting by using CakePHP and CodeIgniter