.josh

Basically whenever I see a "Can javascript do this.." or "I'm trying to do this, and my syntax seems right, but it's not working.." questions, it almost always has to do with violation of some security/privacy policy. So that is the overall theme you're basically going to see here. This is mostly a top-level "What you can and can't do with javascript" list. While I have provided some details for answering "why", or for pointing you in the right direction for a next-step on "how", this list isn't meant to be a comprehensive tutorial to fully explain the why's and hows of limitations and how to get around them, etc.. It's simply an entry point for figuring out a next step. Here is a list of common questions about javascript that I've seen come up a lot over the years Q: Can I execute php (or other server-side) code with javascript? A: No. Not directly. But you can setup a server-side "controller" script to accept requests with info and do things based on that info. Read up on AJAX Q: Can I use javascript to interact with my database? A: No. Not directly. See above. Q: I'm trying to use AJAX to request a script and it won't work A: 9/10 times this is because you are attempting to request something on a domain other than what the script is running on. You cannot do this, as it is a violation of the Same Domain Origin Policy. Otherwise known as Cross-Site Scripting (XSS). It is possible for a server to be setup to allow for it, but by default servers are not setup for this and 99.99% of servers do NOT allow this. And even then, the browser my still reject it, depending on the security/privacy settings set in the browser. One trick to get around this is to output a regular javascript tag (you can even make one with js and append it to the DOM). There are limitations to this, but it may be enough, depending on what you are actually trying to accomplish. If it is on the same domain and it's not working, then post your issue. Q: I'm trying to get or change the contents of an iframe and it's not working A: 9/10 times this is because you are attempting to access iframe contents hosted on a domain other than what the script is running on. You cannot do this, as it is a violation of the Same Domain Origin Policy. Otherwise known as Cross-Site Scripting (XSS). Also the same restrictions apply for javascript running on an iframed page whose parent is not of the same domain. Q: I'm trying to use javascript to read/write a cookie and it's not working A: 9/10 times this is because you are attempting to access a cookie for a domain other than what the script is running on. You cannot do this, as it is a violation of the Same Domain Origin Policy. Otherwise known as Cross-Site Scripting (XSS). Cookies set on the same root domain, but with different subdomains also fall under this restriction. For example, if you set a cookie on "foo.yoursite.com" and then try to read it on "bar.yoursite.com" you will get an error. However, you CAN set your cookie to just be the root ".yoursite.com" domain and then both subdomains can access the cookie. Q: Is javascript a form of java? A: No. They happen to share the same name because someone thought it would be cute to confuse everybody. Q: Can I use javascript to execute programs or read/write to files on someone's computer? A: The shorter and technically accurate answer is yes - if you count cookies and local storage. Cookies and local storage are files on the user's computer, but they are heavily isolated. The longer answer to the question you're really asking is, no, not directly. Javascript can invoke certain other things such as an ActiveX or Java applet, and those scripts can do this sort of thing. However, default browser settings are set to either prompt the user to allow them to be run (along with a very strongly worded warning), or outright prevent it. So even if you get the user to run the ActiveX or Java applet, those are the things that can access it, not javascript itself. Q: Can I use javascript to disable or change certain browser features like print, email, rightclicking, browser history, etc.? A: Short answer is no. Javascript has very limited (and usually no) access to "browser level" stuff. Basically, if you are asking this question then you are almost certainly trying to do something you can't do. Common examples: - Printing/Emailing: You can invoke the browser's print function, which will in turn invoke whatever the user has setup to happen when they would normally print, but you cannot see or control what actually happens, what program is invoked, etc. same thing with emailing, etc.. - Browser History: You can use javascript to for example simulate a forward or backward click on the browser history but you can't actually read the urls in the history or alter them. - Disabling Rightclick: Javascript does have limited ability to disable rightclicking, but it's not reliable across browsers, and if nothing else, the user can just disable javascript. - Exiting the site: Javascript does have limited ability to prevent a user from navigating away from the page. For example, you can write javascript to stop links from working as intended, or you can write code to initiate a popup (the infamous "are you sure you want to leave?" popup), etc. but this doesn't work across all browsers, and newer browser versions will even ask the user if they want to prevent the javascript from doing it. And there is nothing you can do to prevent a user from simply closing their browser. Also, it's incredibly rude to try and trap a user on your site, and is a really good way to ensure they will never return and also tell everybody they know to avoid your site! - Accessing browser bookmarks/favorites: javascript cannot read bookmarks (as in, the user's bookmarks) at all. Some browsers/versions do allow you to invoke the bookmark/favorite dialog (equivalent of ctrl+d shortcut), but this isn't the same as directly adding a bookmark, and some browsers do not even support this much. - Disabling javascript: You cannot force the browser to run javascript. If a user disables it, it is disabled, end of story. Q: Can I use javascript to validate my form values? A: Yes! But do not rely on this! It is perfectly acceptable to do some pre-validation to cut down on wasted requests to your server but you should never rely solely on javascript for form validation. It is ridiculously easy to bypass it. But also, javascript can't directly validate stuff that you would need to lookup in a file or database (e.g. correct username/password). Q: Can I use javascript to control the keyboard, mouse, webcam, etc.? A: No. You can use javascript to detect when (most) keyboard keys or mouse buttons are pressed, or current x,y coords when a mouse is moved, but only when the page the javascript is running on has focus. You cannot simulate an actual key press or button click, though you can do things like auto-pop form fields with values or invoke the click event on a form button or link. IOW you can change the state of something on your page with javascript, but you can't use javascript to act as if a user had actually pressed a button or moved the mouse. For example, you can't make the mouse curser move to another position, or you can't invoke an alt+tab or ctrl+alt+delete sequence. As far as webcams, there is no javascript interface; you can't use javascript to activate a webcam, record, receive data from it, can't even detect if it's there, etc. Q: Can I use javascript to prevent people copying my html/javascript/images? A: No. You can obfuscate your code ("security through obscurity") but this is not the same as preventing theft. Q: Can I use javascript to read request/response http headers? A: No. Many addons (e.g. firebug, httpfox, web developer) can do this because their code is within a higher scope than javascript. An addon is essentially extending the actual browser (which is why they are also known as browser extensions). Q: Can I use javascript to detect what plugins/add-ons/extensions the user's browser has? A: The short answer is no, not reliably. Firstly, take some time to read up on what the difference between a plugin, add-on and extension is. Different browsers use these terms differently. But in general, the short answer is that there is no reliable way to get a list from any browser for any of those, though it's more or less reliable to detect one if you specifically look for it, in pretty much any browser except Internet Explorer.

sounds more like a memory problem, not an ftp program problem. By "map" I assume you mean folder or directory, right? you may need to ftp from command line or write your own script that ftps to it..IOW a method that doesn't involve trying to grab and display a list of the working directory/folder. And then NOT do things like list or display dir content.

Except that lying to get free shit (which is the same as stealing) is wrong. Even moreso since you can afford it.

Hello All, We have a http://forums.phpfreaks.com/topic/273124-readme-everything-youd-want-to-know-about-php-freaks/#entry1405504'>sticky that explains what the badges under members' names are, but a Guru in particular is basically anybody who has demonstrated that they are actively trying to be a part of the phpfreaks community and in general know wtf they are talking about. You don't have to be some super ninja expert at everything, nor do you have to be posting 100 posts a day to achieve this rank. Traditionally the process for "gaining rank" around here involves you joining our community and making an effort to help others out with their questions. And after a while of this, one or more members of the staff (guru, mod or admin) may take notice of your efforts and then nominate you to join the ranks (this happens internally). In addition, we try to look at things like rep and posts marked solved to find you. But maybe you feel like you've been making an effort for naught. Most of us don't regular all the forums; we just hang around the ones we are the strongest at or most interested in. So maybe the one thing you're really good at is the one forum nobody else really hangs out in. Or maybe the stars just don't seem to align right or something. So, in order to ensure that nobody feels like they are going unnoticed, I want to extend the nomination process to the entire community. If you feel like you've been hanging around and helping out for a while and have what it takes to wear a Guru badge, or if you know someone around here who does, please post your nominations here, as a way to ensure yourself or someone else is on our radar. .josh

Are you requesting an OOP Tutorial? We do have a multi-part "OO PHP" Tutorial, as well as a multi-part "Design Patterns" tutorial. If you have read those and still don't understand OOP, perhaps you can be more specific about what you don't understand? Feel free to post asking questions (but not in this forum; go to the Application Design forum)

No, the mbstring regex functions are not deprecated. Was that an oversight, or did they specifically decide to make an exception?

We get posts asking about this error on a fairly regular basis, so here's a sticky detailing the error and what to do to fix it. PHP has a number of POSIX regex functions for performing regex matching/replacing/splitting. All of these functions are deprecated, which means they are currently still available in php, but are going to eventually be removed from a future version of PHP. This is an "annoyance" to you now, because it causes an error, which may or may not show up, depending on what your error reporting settings are. This is bad news for you in the future, because your code will break when you upgrade to a future version of PHP that no longer supports these functions. The solution is to convert the POSIX functions to one of the PCRE regex functions instead. Here is the manual entry summarizing the differences, as well as what the PCRE function replacements are. For most cases, you simply have to pick the PCRE equivalent and wrap a delimiter around your pattern. You may also need to use the i modifier if you are using a case-insensitive POSIX function (eg: eregi vs. ereg). Example: Check if a username is only numbers, letters (case-insensitive) and 6-12 chars long. POSIX regex if ( eregi("[a-z0-9]{6,12}",$username) ) { // good username! } else { // bad username! } PCRE regex if ( preg_match("~[a-z0-9]{6,12}~i",$username) ) { // good username! } else { // bad username! } In the PCRE regex example, I use ~ as the delimiter and added the i modifier to make the regex case-insenstive. If doing this doesn't fix your problem, then more than likely your pattern itself has POSIX-specific stuff in it, and you will need to change that, in which case, feel free to post in this forum asking for help.

@kicken: lol I remember playing #2 w/ paper/pen when I was a kid, sittin' in church w/ my siblings

I'm a big fan of "generator" type scripts, especially ones that have to do with words. Example: IT Department [name] Generator from seventh sanctum

You can work yourself up to at least Guru membergroup status and be able to post tutorials yourself. Or you can submit to can submit the tutorial to us for review.

This thread is not meant to promote using frameworks instead of using core javascript for everything. That is just silly. Frameworks are not alternative languages, they are tools built on existing languages to make certain things easier. This thread is about using a framework for AJAX specifically.

What this board is for If you have some code you are wanting people to debug, or a website you are working on that you want people to 'beta test,' post the code/link here. The idea of this forum is that you have finished your code, and now you wish for people to test it for weak spots, logic problems, etc.. While you can of course expect feedback from your testers, if you need more help fixing your code, use the Help forums. This forum is for testing and testing feedback ONLY. This is NOT a "rate my script/site" forum. Please go to the critique forum for that. Try to give a good description of what your code is supposed to be doing. We can do little more than find syntax errors if we don't know what it's supposed to be doing. Your topic doesn't show? All new topics are moderated, meaning that they will not show up until a staff member approves it. Read the rules for posting in this forum and follow the directions. Some advice to be cautious Be very careful on what kind of info you post, especially when it comes to posting links to your site. Posts of this nature are often times aliases of "please try to hack my site and tell me if you do, and how, so I can fix it." We cannot and will not be held liable for any kind of damage or loss that results from you posting any of your stuff here (or anywhere else on the site, for that matter). Not everybody out there is honest. Someone out there may read your post, go to your script, find a security hole and exploit it without telling you, all the while giving you the thumbs up. Rules Regarding "Exploit Scanners" Use of exploit scanners can be an effective way to discover exploits on a website, so we have no intention of banning posting scanner results. But these scanners can also return bogus results. Secondly: Give a man a fish and you feed him for a day. Teach a man to fish and you feed him for a lifetime. As of now, posting scanner results is only allowed under the following conditions: 1) You must share the name and how to get the scanner 2) You absolutely MUST explain every item in the result (why is this a risk, not just because the scanner says so) As with all forum rules, ignoring these could lead to moderation action. Ignorance of these rules is not a defense. Thank you for your cooperation.

...and you are NOT using a framework like jQuery or Prototype, think long and hard to come up with a very good reason why you are not! In all my years of coding, the only valid reason I have ever seen for not using one of these tools, is because someone is trying to learn it the old fashioned way (but not necessarily actually build websites with it). Or...someone is trying to build their own framework. That's it! IMO there has been no other reason worthy enough to warrant not using jQuery or the like! "It will bloat my website, increase page load time, blahblah" is not a good enough reason! These frameworks are compacted and browsers will cache them! So if you post an AJAX question here and your code and/or question does not involve the use of an existing framework like jQuery, then be prepared for you first response to be something along the lines of "Why aren't you using a framework?" Seriously. It is super easy. Way easier than that code you're trying to post. Save yourself the headache. Get jQuery or similar. DO IT.

Also, since we probably won't be jumping in individually welcoming every single person comes by, here's your generic welcome message: Greetings, ___________ ! Thank you for joining the board! Feel free to ask any question, but please don't be stupid about it. Make an effort to pick the right forum, make an effort to be detailed about your question, make an effort to read relevant stickies/rules, and we'll make an effort to help you. .CV

http://www.phpfreaks.com/tutorial/php-basic-database-handling

"level system" is pretty ambiguous... care to be more specific?

http://www.phpfreaks.com/tutorial/php-add-text-to-image

GENERAL RULES AND GUIDELINES FOR POSTING This forum is not meant to be a formal freelance service system. It is available for those who wish to seek out services or work from other people, as a courtesy to the members of the phpfreaks community. phpfreaks.com does not specialize in freelance services. This forum is an informal mechanism, as a courtesy to the community. We have no formal mechanism in place (like escrow) to guarantee payment, refund, work done, etc... phpfreaks.com shall not be held responsible for any losses you incur. we have never and continue to not act as any kind of mediator or verification/compensation source for people/organizations who use those forums. We will not be held responsible/liable for any damages, loss, etc. that occur from use of those forums. If you hire someone and they rip you off, don't come crying to us. If someone hires you and they rip you off, don't come crying to us. Those forums are a convenience. If you want something more official that offers guarantees, go to a real freelance site! If you have any questions regarding the freelance forum, feel free to ask them here. RULES: WHERE TO POST:If you want to offer your services, post in the Service Offerings sub-forum.If you want to offer a job or position of employment, post in the Job Offerings sub-forum. DO NOT post your 'resume' in job posting threads. You must directly contact the person you wish to reply to. The only reason replies are allowed is to ask for clarification/details about the job. Failure to adhere to this rule will result in all kinds of things, like you getting banned, or us disallowing replies. DO NOT make more than one thread offering your services. You can edit/reply to your thread to reflect additions/changes. DO NOT post advertisements to other sites offering freelance system services. For example, rentacoder.com, odesk.com, etc.. we have no partiality for or against those sites, but posts such as those are regarded as advertisement, which is against our main site rules. We fully acknowledge that this freelance system is limited, but we aren't here to provide free advertising for other places. If you prefer to do actual business through one of those sites, please specify in direct contacts with the person. You are allowed, as a freelancer or freelance company, to post a link to your personal portfolio/company to those sites, or a site that you own. But general promotions to those other sites are not allowed. GUIDELINES: When posting in the freelancing forum it's important that you provide a way for users to contact you. They will not be able to reply to your topics so they need a way to contact you privately. This can be using PMs, emails, any type of instant messaging service (MSN, Gtalk, AIM, Jabber, etc.) or however you see fit.The more specific you are about your skills, previous experience(s), availability, rates, etc.. the better your chances of getting serious inquiries. Posting vague "I'm available for anything and everything" might get more inquiries on average, but there's a good chance that it will come to nothing, based on any number of things that you could have posted here in the first place. Better to receive 10 emails from people who have some idea of your qualifications/terms, than 100 emails that don't.Be honest about your skills. All day long we see people posting about how they jumped on a job and bit off more than they could chew. They tell the client they can do everything they need and more, promise them the moon, and then promptly crap their pants about 5 minutes into it. Don't be that person! Some people get lucky and figure it out. Some people get lucky and get help that figures it out. Most people end up having to give up the project. Which leads us to....Wasting people's time and money. You waste the client's time. You waste your own time. That bad rep will more than likely come back to haunt you. All day long we get people trying to get us to delete their posts because they don't want their skeletons to come out of the closet (no we won't hide them for you). So be smart! Do the simplest easiest thing to avoid all this headache: be truthful about your skills. If you feel that being truthful will limit your potential clients, then get off your bum and hit the books. You can't seriously be in the business of trying to con people, are you?Be very clear about what you are doing. Some clients know your job, and are just looking for extra set of hands. Most do not, and therefore seek someone who does. Therefore, if you want to avoid headaches, it is your responsibility to be very clear about what it is you're going to do. What you're willing to do. What kind of support you offer after the fact, etc... on that note..Be up front and thorough about your prices. Take a look at the situation. Quote a price for it. Quote prices for things that might come up later. The more you have to go back later saying that xyz was unforseen or xyz wasn't part of the deal, regardless of whether or not you are in the right, the more you are going to come off as shady, to the client. It's like when you take your car to a mechanic and that funny noise goes from being one little $50 thing to a $2000 rebuild because the mechanic kept coming back to you saying something else is wrong. That stuff may indeed be needed, but the fact that you didn't think about it and let them know ahead of time speaks volumes about your skills as a coder. Some things just aren't foreseeable. Most things are.

I believe thorpe is working on something like that right now. Don't have an ETA or anything.

How about a captcha tutorial? Lots of them around, but we're supposed to be a resource, right? I may do it myself, if someone else doesn't volunteer.

Honestly I don't really see anybody writing a tutorial like that on a technical level (actual code). Maybe on some kind of abstract level, like conveying general principles and program flow and good design, advice and pitfalls, etc.. but most tutorials that involve actual code are for teaching how to make building blocks. Things like forums and blogs and cms' are more like actual buildings, not building blocks. If you sit down and break down for instance all the things in a forum, you will quite easily find tutorials for just about all of those 'building blocks.' I suggest you either do that, or maybe find an open source version of one of those things and jump into it, instead.

Basic Database Handling

okay I thought I'd make a new post instead of editing the last one, since it's on a new page. Okay, It's all about.. Bride of Franky! <?php $relatives = array('mother', 'father', 'sister', 'brother','uncle', 'auntie'); $verbs = array('dislikes', 'sits on', 'licks', 'sucks', 'looks like', 'does', 'discusses the pros and cons of Web 2.0', 'loves', 'caresses', 'slides onto', 'hates', 'kisses', 'learns PHP with', 'has an AJAX interface with'); $animals = array('dogs', 'cats', 'horses', 'birds', 'giraffes', 'elephants', 'hippos', 'hamsters', 'gerbils', 'monkeys'); $adjectives = array('abhorrent','abject','abnormal','abrasive','absorbed','absurd', 'abusive','acrid','agonizing','ambiguous','ancient','apathetic', 'average','bad','barbarous','bawdy','belligerent','berserk', 'bizarre','black','boorish','brash','brawny','burly', 'callous','cold','colossal','combative','crabby','craven', 'crazy','creepy','crooked','cynical','demonic','deranged', 'devilish','direful','dirty','disagreeable','draconian','drunk', 'dysfunctional','erratic','evasive','evil','filthy','flippant', 'gaudy','giant','gigantic','greedy','grotesque','grouchy', 'gruesome','grumpy','guiltless','hellish','horrible','huge', 'hulking','icky','immense','irate','jaded','jittery', 'macho','maddening','malicious','mammoth','maniacal','massive', 'mighty','mindless','moaning','moldy','murky','mysterious', 'nasty','nauseating','noxious','oafish','obscene','psychotic', 'rabid','ruthless','sassy','scary','smelly','snobbish', 'snotty','spooky','threatening','tightfisted','tough','towering', 'trashy','ugly','unbecoming','unsightly','vagabond','vengeful', 'venomous','vulgar','wicked','wrathful','wretched'); function insult($secondary_person) { global $relatives; global $verbs; global $animals; $r_size = sizeof($relatives) - 1; $v_size = sizeof($verbs) - 1; $a_size = sizeof($animals) - 1; $r_rand = rand(0, $r_size); $v_rand1 = rand(0, $v_size); $v_rand2 = rand(0, $v_size); $a_rand = rand(0, $a_size); $insult = "Your {$relatives[$r_rand]} {$verbs[$v_rand1]} $secondary_person and {$verbs[$v_rand1]} {$animals[$a_rand]}"; return $insult; } class Greeting { function Greeting() { echo "Hello World!"; } } interface Singleton { public static function getInstance(); } interface Actor { public function speak(); public function meet($person); public function eat($animalArr); } abstract class Intestant_Abstract { abstract public function input($input); abstract public function output(); } class Stomach extends Intestant_Abstract implements Singleton { private static $instance; public static function getInstance() { if (!isset(self::$instance)) { self::$instance = new self; } return self::$instance; } private function __construct(){ } public $kilosOfFood; public function input($input){ $this->kilosOfFood += strlen($input); echo 'Franky liky to eats '.$input.'..<br />'; if($this->kilosOfFood > (strlen(implode('',$GLOBALS['animals']))/1.5)){ $this->output(); } } public function output(){ echo '<br />Bhaarf..<br />'; } } class Guts implements ArrayAccess, Singleton { private static $instance; public static function getInstance() { if (!isset(self::$instance)) { self::$instance = new self; } return self::$instance; } private function __construct(){ } private $intestants; public function add($name){ $this->intestants[$name] = call_user_func(array($name, 'getInstance')); } public function remove($key) { unset($this->intestants[$key]); } public function offsetExists($offset) { return isset($this->intestants[$offset]); } public function offsetGet($offset) { return $this->intestants[$offset]; } public function offsetSet($name, $value) { $this->add($name); } public function offsetUnset($offset) { unset($this->intestants[$offset]); } } class Franky implements Actor { private $person; public function meet($person){ $this->person = $person; } function eat($animals){ shuffle($animals); $guts = Guts::getInstance(); $guts->add('Stomach'); $guts['Stomach']->input(next($animals)); } public function speak($insult_them = false){ if($this->person == null){ $greet = new Greeting(); echo '<br />'; } else { echo 'Hello '.$this->person.'!<br />'; if ($insult_them) { echo insult($this->person) . '<br />'; } } } } if (isset($_POST['relativeName'])) { $relativeName = $_POST['relativeName']; $relativeType = $_POST['relativeType']; $h = new Franky; $h->speak(); $h->meet($relativeName); $h->speak(true); $h->eat($animals); $h->eat($animals); $h->eat($animals); $h->eat($animals); $h->eat($animals); $h->eat($animals); $h->eat($animals); $h->eat($animals); $monstername = $adjectives[array_rand($adjectives)]; echo "<br/>Franky wants to marry your $relativeType.<br/>"; echo "$relativeName will join the monster family and<br/>"; echo "$relativeName's monster name will be $relativeName the $monstername.<br/>"; } else { $person = $relatives[array_rand($relatives)]; echo <<<FORMINT What's your $person's name?<br/> <form action = '{$_SERVER['PHP_SELF']}' method = 'post'> <input type = 'text' name = 'relativeName' size = '10'> <input type = 'hidden' name = 'relativeType' value = '$person'> <input type = 'submit' value = 'submit'> </form> FORMINT; } ?>

<placeholder>

Yeah I meant no php5 on account of some people maybe people unable to test it if they don't have it installed, yes. But who cares. Cheating? Bah! I don't consider that cheating. In fact, I'm surprised the original "hello world" is still there. Why? Because I can put "Jesus" into the input field and it will in essence be do the same thing as before. p.s. - rewriting code to run more efficiently or "better" is okay too. I'm certainly not the most php saavy person here; for instance you guys' OOP skills are much better than mine. So if you feel like "Franky" is somehow being crippled because of his internals, rewriting/reorganizing is okay - to an extent. We don't want complete rewrites every single post, I guess. But, well..well for instance, exactly how redbull turned the simple "hello world" into a method inside a class. LoL, I ran the code and this is what I got: