ignace

+1 for this solution.

If this is a shared host it's quite likely you are not allowed to edit the php.ini

else { $total_rounds = 10; } Shouldn't this be $score_count = 10;

PEAR has a handy class for that XML_Unserializer http://pear.php.net/manual/en/package.xml.xml-serializer.xml-unserializer.getunserializeddata.php Or the Serializer component from Symfony components. https://github.com/symfony/serializer

You really should check out our freelance section. Just curious, what are you building?

I have 10 fingers. Require a DNA sample

-- the user's table users (usr_id, ..) -- the messages table: author_id references usr_id messages (msg_id, author_id, ..) -- a message may have multiple recipients, type=to,cc,bcc recipients (msg_id, usr_id, type) -- each folder is owned by a user, so that my inbox will never be visible to you, type=inbox,spam,.. see folder_types -- this means that when a user registers you need to create all system dependent folders (inbox, spam, ..) for this user -- there is another way you can create this relation, which involves a compound pk, this one is simpler, you still would need to insert -- the relations, but you wouldn't have to insert the name of the folder. folders (fldr_id, usr_id, name, type) -- which messages are contained in this folder? folder_has_message (fldr_id, msg_id) -- folder types, inbox, spam, .. also is_deleteable, for custom folders this is always true, for system dependent folders (inbox, spam, ..) this is false -- unless you would also start to allow something like rules (put a msg from a specific author in a specific folder) folder_types (fldr_tp_id, is_inbox, is_spam, .., is_deleteable)

Talking about said author, try: http://twittee.org/ and (my favourite, I have yet to find a package by fabpot that I don't like ) http://pimple.sensiolabs.org/

Unless their forms are csrf protected. Then you will also have to retrieve the token first. @op you can register them but not log them in not even with curl. Login involves a cookie send back to tbe browser in this case curl is your browser so the user will never get this cookie. You need an api like oauth to do that.

enable PDO in your php.ini by removing the ; in front of it. ;extension=php_pdo.so Restart apache afterwards: $ apache2 -k restart If that is not supported: $ apache2 stop $ apache2 start

Google?

Here's your class again with the actual queries/database/table abstracted. If you would want to store your users in a mssql db tomorrow all you need to do is change the driver to mssql all code will still work the same even though you changed the actual RDBMS. class MembersSystem { private $usersGateway; public function __construct(TableGatewayInterface $users) { $this->usersGateway = $users; } function check_login($username,$password) { $foundUsers = $this->usersGateway->select(array('username' => $username)); if (count($foundUsers) !== 1) { return false; } $user = $foundUsers[0]; if ($user->username !== $username || $user->password !== $password) { return false; } return $user; // return the actual user object on success instead of true. } } $members = new MembersSystem(new TableGateway('user', new Adapter(array('driver' => 'mysqli', ..));

He did and I was payed VERY generously, even got a serious bonus, but I don't know how old you guys are but if you are young, like me, I find it vital you do NOT stick there and instead find an environment that challenges you, and allows you to write with the latest and greatest, it's a better career move when you are young to work somewhere you earn above average each month BUT LEARN A LOT EACH DAY than earn A LOT and learn nothing over the years that you work there. If you get fired one way or another (company goes belly up for example) you have something to add to your CV. Potential employers are not gonna be amazed when you tell them that you worked in an ancient environment and never heard of PHP 5.4 (there is a version 5 ?!?) and did absolutely NOTHING to improve this situation, just went on your merry way as long as got payed every month and your boss thought you were an asset and were productive...

The problem is, in these type of situations, you find yourself standing alone as all other dev's happily program against php3

https://pear.php.net/manual/en/installation.getting.php

Inside the class you can access these constants like self::CLEAR_ALL. No need for all that extra typing. You don't have to use Exceptions per se anything else is good too as long as it does not involve a global function. Turn your Show_Error() function into an object for example and pass that to your class $this->error->Show();. That will make the dependency more visible than a stowaway function.

There is a big difference. preg_match_all() is a function, not a class and thus can't create class constants. Now you are just being ignorant. Look at other popular established frameworks none of them uses a if (!class_exists('SomeClass')) {. You can name your classes specifically towards their goal class SQL_Conn_MySQLi extends SQL_Conn_Base { now using a beautiful thing called polymorphism I can make my code abstract of the DBMS public function createNewUser(SQL_Conn_Base $conn, $data) {. To create a new user in MySQL I would do $this->createNewUser(new SQL_Conn_MySQLi, $userdata); to write this same data to a PostGreSQL DBMS $this->createNewUser(new SQL_Conn_PostGreSQL, $userdata);. The function could look like public function createNewUser(SQL_Conn_Base $conn, $data) { $conn->insert('users', $data); }. See, the code inside createNewUser() does not have to be altered yet works with every possible DBMS.

1. if (!class_exists('SQL_Conn')) { That should not be there. If you want to avoid problems with require(). You can also autoload your class.. After watching your example I think I get what you are trying to do. You should create an interface/abstract class and create separate classes for each of the different DBMS. Take a look at the Adapter pattern. 2. I would make those constants part of SQL_Conn and drop the DB_ prefix. 3. SET NAMES 'utf8' You should be using mysqli_set_charset() for this. I would also make this configurable in case you would use some different charset. 4. Show_Error() Not really a fan on using custom global functions inside a class. It hurts the re-usability of your class. I would make it either that the class handles the error or throw an Exception. Should the client always define this function before including the class? or should it be part of the class? There's a lot of code, I haven't gone over all of it.

If that was in reference to my post (I could not find any other post mentioning lifetime). Then, no I was not. I am well aware that a cookie may be long gone before a session is. And that it's possible to hijack this session if one can re-create the matching cookie. If no security measures are in place like a simple user-agent string check and/or ip-address check or any other measures.

I recommend you try ChristianF's solution, because: 1) easier for you to implement, error handling also becomes easier. 2) use of Post/Redirect/Get to avoid the browser popping up messages because of POST.

You can use a session to hold the data between requests and a page number to verify if one can access said step. session_start(); define('STEP', 3); if ($_SERVER['REQUEST_METHOD'] === 'POST') { // user posted data // data was posted from previous step. OK. update step. do not put any other code here. if ($_SESSION['step'] === (STEP - 1)) { $_SESSION['step'] = STEP; // user can not yet access this page. ERROR. redirect user or something. } else if ($_SESSION['step'] < STEP) { // code here } $_SESSION['formdata'] = array_merge($_SESSION['formdata'], $_POST); } Step 1 only initializes the session data and does not validate steps like the subsequent pages. session_start(); if (!isset($_SESSION['step'])) { $_SESSION['step'] = 1; } if (!isset($_SESSION['formdata'])) { $_SESSION['formdata'] = array(); }

Like this: $small_image = $target_path . $last_id."_small".$ext; $medium_image = $target_path . $last_id."_medium".$ext; $large_image = $target_path . $last_id."_large".$ext; $large_image_created = move_uploaded_file($_FILES['uploaded_image']['tmp_name'], $large_image); $medium_image_created = copy($large_image, $medium_image); $small_image_created = copy($medium_image, $small_image); move and copy do not resize images so if you don't have any resize code in there _small and _medium are all going to be the same size as _large.

nvm

See, now your just getting on his bad side.. As that is pretty much a nice FU

How should I interpret this? You extract and create the "allowed" variables, but then afterwards you go ahead and extract ALL variables?!