.josh

I would equate that analogy with going from plain old notepad to using a basic editor with syntax highlighting and stuff. Basic oven with regular heat elements, some turn dials, etc.. I'd equate using a whole IDE to getting one of those ultra wide, double ovens with automatic timers, flat stovetop with the elements built-in to it that look like they are painted on it. 8 elements instead of standard 2 or 4. multiple digital timers and touchscreen everything. automatic setting for N weight meat (and by meat type, to boot!). Little 2 inch robot that comes out a side door and stirs your shit every 5 minutes.

No, it's not that simple. That was just the "making it not directly accessible" part. When you click on the zip file as a direct link, your browser makes the request to that file type and the server/client does all that header stuff automatically. But now that you have it outside of a publicly accessible directory, you must use a server-side language to access it and output it. Well at that point, the only headers that are really automatic are default ones sent for plain text. Usually none at all, really...that's why a lot of times people's text comes up as gibberish when output: because they don't do things like send headers specifying char-set types. So you have to send headers to the browser telling it that you are outputting a zip file. It's fairly standard headers. Just google "php output zip file" or whatever.

It's blank because you are no longer linking directly to the file. So you need to send the browser headers telling it to expect a zip file. You do that with header. Since you are echoing something before it though, you're going to get a "headers already sent" error. So you need to a) remove the thank you echo, b) use output buffering with ob_start or c) have you script say the thank you for a couple secs, and then redirect to another php file that does nothing but output the file with the headers. If you go for option 'c' then yes, you will have to pass the token to the new page, using session_start etc... again.

mmm...i guess that goes back to the whole efficiency thing. negligible with such a small match, but still... conceivably having to backtrack all the way to what, 2nd char?

function checkUsername($username) { if (preg_match('~^[a-z\d][a-z\d]*?[-_]?[a-z\d]*[a-z]$~i',$username)) return true; return false; } there.

well if the problems were easy they'd hardly be problems now would they I don't follow... ah foobar moment...see, I'm not perfect I forgot about the .*'s

mmm...no... the regex would return false if it found those.

and yeah, none of this does any kind of check against "acceptable" things, like if the user were to include profanity in their name.

yeah I thought about that lazy quantifier too. But as you said, usernames are small checks, so while technically it's more optimal to make it greedy in that case, we probably couldn't even measure it, even if we were to throw thousands of simultaneous checks against it.

or...untested, but: function checkUsername($username) { if (preg_match('~^[a-z\d].*?[-_]?.*?[a-z]$~i',$username)) return true; return false; } that should work for allowing only 1 - OR 1 _, no?

condition still assumes that username can have one - AND one _ though. As you pointed out, have to wait on clarification on that count.

function checkUsername($username) { if (preg_match('~^[a-z\d].*?[a-z]$~i',$username) && (substr_count($username,'_') < 2) && (substr_count($username,'-') < 2)) return true; return false; }

pfft. Who cares about SC. I want my D3.

if htdocs is your root public folder, then you will want to have your pdf on the outside of that. Like in /usr/local/apache2/somefolder/file.pdf or /usr/local/apache2/file.pdf etc...

Yes, Adrock's example is another way of doing it how I showed in my previous post. His condition is just checking to see if the variable exists. It's not as explicit as checking to see if it's the exact value, but it's for the most part good enough.

It doesn't matter which order you put it in. What matters is how you write the condition. The condition says: If the token does not equal this value, do the following (user came here directly). else, do this (in other words, since the condition is false, the else implies that the token DOES equal the value, so the user came from the previous page). You could just as easily have written it like this: <?php session_start(); if ($_SESSION['token'] == "some value") { // user came here from the form give them the file download } else { // user tried to access the file directly bypassing the form, do something } ?> notice how I changed the != to == and thus swapped the code (well, the comment placeholders) I personally fashion the condition so that whichever code is shorter, comes first. But that's just me. If it's easier for you to understand it the other way around, then go for it.

Okay, so here's the problem. I have a page with links on it. Also, on this page, I have a div tag like this: <div id='rc1'></div> When You click on a link on the page, I have a function called in an onclick. The function looks like this: function goAction(mBox, tUrl) { document.getElementById('rc1').innerHTML = '<iframe scrolling="no" src="convTrack/' + mBox + '.html" width="1" height="1" marginheight="0" marginwidth="0" frameborder="0"></iframe>'; sleep(1); location.href = tUrl; } So the idea is to insert an iframe into the div. The iframe does get written into rc1's innerHTML. The path/to/file is correct (I used alert to verify all this). So here's the thing: The src being loaded by the iframe looks like this: <html> <head> <script language="javascript" src="../mbox.js"></script> </head> <body> <div class="mboxDefault"></div> <script language="javascript"> mboxCreate(); </script> </body> </html> include path for mbox.js is okay, checked to make sure. So the problem is that when I do all this, mboxCreate(..) is not firing off. Now, in goAction, after I assign the iframe to rc1's innerHTML, if I were to for instance, do this: alert(document.getElementById('rc1').innerHTML); or this: document.write(document.getElementById('rc1').innerHTML); it will fire off. But I obviously do not want to be doing that. So my question is, why is it not firing off? Am I overlooking something?

preg_match('~^Password:.*~',$string,$match); can't be more specific than that without more info.

I loathe code completion features. Maybe I just suck at using them, but I swear, every time it's turned on in whatever program I'm in, it always ends up at best distracting me with the constant popup, at worst, auto-completing what I'm typing with something other than what I want.

I don't see a closing quote for your src='...' Also, in your script in your OP, did you try echoing out the GET var to make sure it has what you think it has?

put your downloadable file outside of your public directory. then, form.php <?php session_start(); $_SESSION['token'] = "some value"; ?> <!-- form stuff here --> targetpage.php <?php session_start(); if ($_SESSION['token'] != "some value") { // user tried to come here directly, do something } else { // get your file from an include or whatever, display it } ?>

where is the $_GET var coming from? post that.

what you want is called pagination. http://www.phpfreaks.com/tutorial/basic-pagination

you could program your own client program. But that doesn't stop 3rd party screen capture tools that are independent of browsers. Suppose you could have it check if known ones are running... but, it would only be a matter of time until someone cracks your program.

It's because they can't accept the fact that they should be catering to us. Sooner they get that through their heads, the better off they'll be.