.josh

You keep saying that it can't be the code because sometimes it works and other times it doesn't, and it works for some people and not others. But these arguments are not strong enough to rule out whether or not it's your code. At a minimum, your code could just be inefficient sucking up a fair chunk of resources itself, and perhaps that could be part of the overall problem. Especially since you mentioned that a previous upgrade seemed to do the trick for a while. So my thought is this: did you actually evaluate/audit your code to see if there's a problem there, in terms of logic bugs or inefficiency in general, or did you just dismiss it as a possibility, based on your stated observations? Because if your answer is the latter, you need to audit your code.

@objnoob: well this is why i said it's a double edged sword. I agree that with no enforcement, if a user selects a super simple password, like a regular word in the dictionary like "something", it's probably going to get cracked really fast, since most sophisticated crackers will "check the obvious" first when it comes to brute forcing. But on the other hand, if the cracker knows for example it must contain at least 1 number, it can rule out all combinations involving no numbers. And if it knows pw has to be a certain length, that's even more combinations to throw out. Also, the amount of non-number strings in 8-20 length string is far larger than a standard dictionary lookup list. And that's just the "at least 1 number" equating to "rule out strings with no numbers" part of the possibilities. IOW by enforcing a pattern, you're ruling out more of what it can't be, than what it can be. I personally usually go for enforcing a length (like the 8-20), and I also check if the pw contains or equals other form fields they enter in (e.g. I reject if he enters his name as John Doe and pw is something like "Johniscool" or "JohnDoe123"), and that's it. Depending on sensitivity of data, I might throw in mandatory pw resets every x amount of time.

In general, regex for what you described should be: #^(?=.*[a-z])(?=.*[A-Z])(?=.*[0-9])(?=.*[^a-zA-Z0-9]).{8,20}$# But I'm not quite sure I understand what you mean by this: But IMO, a more user-friendly approach would be to check each thing individually and return an error message for where specifically the user actually went wrong. Actually, I hate it when places try to enforce a password format on me to begin with. First off, it's annoying. 2nd, it's a double-edged sword. You may think you are making them pick a "stronger" password, but in reality, your form is telling crackers how to narrow down possibilities of password combinations to try. IMO it would be better to show a "strength" meter and/or offer suggested formats for a "strong" password, but don't actually enforce a format.

$GNumberkurse != $GNumberKurse

total_time is the total time for the complete transaction. There's more to the request involved than just downloading the physical contents. It includes time for name resolution, establishing connection, any redirect(s), general server processing, etc.. So even if 0 bytes of content were returned, total_time would still have a certain amount of overhead. pretransfer_time is the time passed since the start of the curl request to just before the file transfer begins. So a more accurate estimate of actual download time would be $downloadTime = $info['total_time'] - $info['pretransfer_time'];

Well no, as far as php is concerned, it's just echoing out text. It doesn't care if it's xml or html or javascript or raw image data. It is your javascript that's doing something with it. Now, you can use header to set the content type as xml if you want but again, that's just sending that back to the browser; it's all just text to php, it's the browser and/or js doing something with it.

you just echo it out.

A php session has nothing to do with the database, unless you specifically write php script to store session variables and/or id. The session will apply to any browser tab that has the same domain. In your situation, "localhost" is the domain. But the same would hold true if both your projects were on the same www.mysite.com. But this is as far as sharing the same session id and shared access to session variables. The 2ndary reason you wind up being logged in to both your projects, is because both your projects must share the same login logic and variable naming conventions. For example, even with a shared session id, if projectA looked for $isLoggedIn and projectB looked for $loggedIn, well those are separate vars. So you must be using the same code for both projects (which isn't uncommon). If you want to restrict your projects to certain subdomain(s) and/or path(s), you can use session_set_cookie_params or add extra logic to your login status to check for a specific namespaced var or value that is unique to each project. Also, same principle.. logging in/out of facebook doesn't log you in/out of twitter because they are on different domains. Even if they happen to share the exact same login code (which is extremely unlikely), they are still on different domains.

well in your update query, you're using mysql to md5 the value of $password1 which has already been md5'd by php so you are doing it twice when you should only be doing it once. Are you also doing this in whatever registration script you are using? Or did it work the first time and then stopped working the 2nd time and on?

okay well then you can do return false!==array_search('error',(array_column($array,'status'))); but note that array_column is introduced in php 5.5.0 so using it will probably not be very portable for a while..

1) can you serialize the overall array and post that here, so that we can easily reconstruct the array 2) what is "name"? I see no "name" variable or element anywhere. 3) you provided a "before" array dump example (but refer to #1). Can you provide an "after" array dump example? IOW "this is what I have now. This is what I'd like it to look like." IOW don't just describe what you want, show the actual array structure as you want it to end up being.

Okay, well basically you want to add a click event listener that invokes an AJAX call onclick. The AJAX call should make a request to a controller script that queries your database based on the value and returns results. Then in the AJAX response callback, do something with the results. This is essentially a basic AJAX tutorial scenario, literally thousands of tuts for it out there. Look one up and if you get stuck on something in particular, feel free to post a specific question.

It was not my intention (nor do I think I implied it) to say you're stupid if you don't use a framework. I said do yourself a favor and make your life easier. Also, I am not "just another soldier" in the "we use frameworks" army. I actually actively resisted and opposed frameworks for a very long time. I too made arguments such as "If people learn jQuery, they won't learn the core language and therefore they will be weak." But the bottom line is that there's always going to be a certain amount of coding involved to keep things cross-browser compatible. And after several years of developing and maintaining my own baked framework (because that is essentially what you wind up with), I came to the realization that there's a whole lot of people out there much smarter than me who are dedicated to maintaining frameworks such as jQuery, vs. just myself, and on my very best of days my code will look very similar to theirs anyways. In short, I came to the realization that it was a waste of my time trying to develop and maintain my own baked framework, because my coding career does not revolve around that framework. Now, I still agree with the notion that one should take the time to learn javascript without frameworks, before diving into using them. I still absolutely agree with the dangers of not properly learning the nuances of javascript if you don't. And the same can be said for any language and framework. But if you've reached that level of expertise, all you are doing is holding yourself back by dedicating time and effort to maintaining your own baked solution. There's basically no compelling argument to do it, unless you are looking to distribute it and focus solely on it. Literally thousands of sites and coders out there developing, testing and submitting feedback etc. to a framework will always do it better than you, one person, trying to basically do the same thing on your own. And for what? Bragging rights? If I'm "just another.." then tell me, what makes you think rolling your own is better? I honestly want to know, because as I said, I did start on your side of the fence. Anyways, I also agree that there's little point in using it if you're only going to use like 1 tiny piece of it. I suppose I will concede that maybe I should amend the OP to weigh the options. But thing is, 9/10 times I see people not using a framework for stuff like AJAX.. turns out the site they are working on is already using a framework. This certainly comes up a lot more for freelancers and coders working in agencies who work with many clients on many sites and it's constantly new sites/clients in the door, vs. some coder working as web dev for a single company. Point being that if you get hired by a client to do some work on their site, it is better to evaluate what they already have going on there and use what's already there, than to just start throwing your own stuff into the mix. If you want to talk about unnecessary bloat, well that's a prime example right there. P.s. - telling me to "keep it civil" right after you've thrown out a "you're just another.." statement.. classy.

be more specific.. is the value a static value you want to show? Or is it pulled from a database or what?

always amazes me the people who don't wanna try on their coding homework, asking others to do it for them.. it's not like it's required course or anything.. why bother even taking the class?

what have you tried? you could have gotten these from literally putting each question as-is in google... 1. Open the text file “status.txt” as read only using variable $handle to store the file handle. fopen 2. Begin a session. (what does it mean begin session? does it mean start using the if condition?) session_start 3. Return the number of elements in array $days. count 4. Convert an array $data with five elements into a string that is delimited by tab. (what does it mean by delimited by tab?) implode 5. Check if the form text item "status" obtained via get method is empty. $_GET using empty

well, there are no workarounds. There's a few tricks to stave off the noobies and a few bots but overall it's ridiculously easy to circumvent. Basically you just need to restructure your script to handle direct requests elegantly.

there is no 100% way to prevent this.

javascript does not remember anything from page to page (or page reload) by itself. One way to do what you want is to use js to save the tab id/name/whatever in a cookie and then on page load, use js to read that cookie and change it to that div.

Couple notes here: 1) you shouldn't use font tags, as they are deprecated 2) it's okay to have an id for all your elements, but it's not really necessary most of the time 3) you shouldn't make your labels and inputs with the same class. Or rather, you should at least have a separate class to separate the two, so that you can more easily target just the labels or just the inputs. 4) this will be a lot easier with jQuery library (and what I will use below) In any case, here is one way to do it. You can see a working demo here. <!DOCTYPE html> <html> <head> <meta charset="utf-8"> <script src="http://code.jquery.com/jquery-1.10.1.min.js"></script> </head> <body> <form action="szc.php" method="post"> <label class="p1_label"><input type="radio" class="p1_radio" name="rg" value="anything1">This?</label> <label class="p1_label"><input type="radio" class="p1_radio" name="rg" value="anything2">Or this?</label> <input type="submit"/></form> <script type='text/javascript'> // make sure the document is loaded $(document).ready(function() { // listener for when radio button is clicked. listens for a click on anything with class p1_radio $('.p1_radio').on('click',function() { // select all elements with p1_radio, move up to the parent (the label tag) and change the color to green // this acts for changing the previous red one back to green $('.p1_radio').parent().css('color','green'); // now change the clicked one to red by selecting "this" as in "the one that was clicked", moving up to the parent // (the label tag its wrapped in) and changing the color to red $(this).parent().css('color','red'); }); }); </script> </body> </html>

meh.. DOM isn't so bad.. it's the inconsistency between browsers that kills you.

Well the code i posted is a self-contained working example. But perhaps it won't work because of other code you have, yes. In any case, as I mentioned, php is server-side. Once the php script is done running, that's it. As far as the server is concerned, that client no longer exists. If you want to re-run a query without refreshing the page, you can use javascript to make an AJAX call and receive a response. But if the above code doesn't work for you, then an AJAX call isn't going to work for you as-is, either. Bottom line is you're going to have to restructure the rest of your code to handle being "refreshed", or make a separate php controller script that can handle doing nothing but the query and whatever else is involved in refreshing.

See this SO answer they explain it a lot better. At least read the top 2 answers, though there's good info in a lot of the rest. As far as displaying the value.. well that depends on what you mean by "display". This will output the value of the first element to the javascript console: console.log(array1[0]); This will give you a popup alert: alert(array1[0]);

here is an example: <html> <head> </head> <body> <form name='someForm' id='someForm' action='' method='post'> <input type='text' name='field1' /><br/> <input type='text' name='field2' /><br/> <input type='submit' name='submit' /><br/> </form> <script type='text/javascript'> window.setInterval( function() { var elems = document.forms['someForm'].elements; for (var e=0,l=elems.length;e<l;e++) { if ( (elems[e].type!='submit')&& (elems[e].type!='hidden')&& (elems[e].type!='button')&& (elems[e].value) ) { return true; } } location.href=location.href; }, 30000 ); </script> </body> </html>

if you make javascript do the refresh then you can use javascript to do this. PHP cannot do this though, as it is server-side, and as far as it is concerned, the page doesn't exist any more once it's sent to the browser.