ShogunWarrior

If you store the epoch timestamp as an INT field, most time operations are very easy, and very flexible. You would store the timestamp using the PHP [b]time()[/b] function. Then, to delete old ones, simply: [code] $time_to_delete = time() - (60*60*24*30); //Now ,minus 30 days $query = "DELETE FROM your_table WHERE date<$time_to_delete"; [/code] Also, you can easily compare and subtract timestamps in INT format.

Ireland, A ok.

Concerning getenv, they may be able to tamper with the date by calling putenv("HTTP_HOST=haha.com") before your script.

Could you preface the page with the encoding header? PHP has all sorts of problems with encodings, you could output the content-type: header("Content-type: text/html;charset=Shift-JIS); ** I have "Shift-JIS" in here but I'm not sure if this is the correct encoding name.

Using: <?php header("Location: mypage.php"); ?> Is the easiest and fastest option.

I can't be sure how non-fakable it is because I haven't tested extensively but I think the most secure is to send $_SERVER['HTTP_HOST'], getenv('HTTP_HOST'),IP etc. so you can cover most of the bases.

Wow, this is weird. I started working on the exact same thing a few days ago (a banner for a website, rotating new products) and I ran into the same XML caching issue. I came up with the same non-caching headers, it was very annoying having to clear the cache until I added them. Anyway.. weirdly similiar project.

HTTP_HOST is given to PHP by Apache/IIS (the server) so you shouldn't be able to manipulate it on the client side. You _could_ use the Server IP to reverse DNS and get the hostname by then I assume they could change the IP. I briefly tested and changing $_SERVER['HTTP_HOST'] does not affect getenv( 'HTTP_HOST' ); which also returns the host.

Hmm, that's strange. That is normal, and what PHP was designed for. Can you show what headers were returned?

Yes, they can change it to whatever they want. For instance, this code (on my machine): echo $_SERVER['HTTP_HOST']; $_SERVER['HTTP_HOST'] = 'hahahahaha.com'; echo $_SERVER['HTTP_HOST']; ?> Prints: localhost hahahahaha.com So, it can be changed easily.

Just google "javascript obfuscator"

<?php $time=time(); include("config.php"); mysql_query("UPDATE players SET energy=energy+15"); mysql_query("UPDATE players SET energy=750 where energy>750"); mysql_query("UPDATE players SET hp=max_hp, ops=ops+1"); mysql_query("UPDATE players SET ops=150 where ops>150"); if( mysql_num_rows( mysql_query("SELECT cronjob FROM cronjobs WHERE cronjob='turns';") )<1 ) { mysql_query("INSERT INTO cronjobs VALUES ('turns','$time');"); } else{ mysql_query("UPDATE cronjobs SET lastran=$time WHERE cronjob='turns'"); } I just refactored the code a bit, could you log something to a file to check if the script is running twice somehow?

INSERT INTO table2 SELECT * FROM table1 I believe.

The problem may be that when your start with a slash [b]/[/b] I think the server looks from the server root, not the document root. So you can use [code] $myImage = $_SERVER['DOCUMENT_ROOT'] . "images/clubs/logos/".$id.".jpg";[/code] I think should work.

You could add HREFs to the URLs, and have a none-AJAX backend for search engines and non-AJAX users.

I believe: [code] INSERT INTO mytable ip = '$ip', referer = '$referer' [/code] Should be: [code] INSERT INTO mytable (ip,referer) VALUES('$ip','$referer') [/code]

You can use [b]file_exists[/b].

Perfect.

There are quite alot of shortcomings with the products. I have seen quite a few instances where someone found their code "nulled" even though they had encoded it with a commercial encoder and thought it was safe. Even commercial encoders will sometimes do nothing to actually protect your code but will look secure because they will aesthetically obscure the code quite a lot. (changing variable names, base64 encoding etc.)

So you came up with an answer?

If they all access the server with separate IPs then your PHP app could maintain a list of allowable IPs. E.g: If they have paid for 5 viewing stations then your PHP app should start off with an empty list of five IP addresses. As each viewing station connects, your PHP app would check the IP is not in the list and if there is space left, insert the IP into the list. On subsequent connections if the requesting IP is not in the list and there are no spare slots then they are obviously accessing with a 6th IP and the connection should be rejected. I hope that reads ok.

Opera should be more popular than it is. I use it as my complete web centre: Mail, chat, RSS Feeds, Web.

I suppose by it I mean design that is simple, yet powerful and well thought out. Perl is designed for purpose, but arguably over-complicated in the syntax it allows. PHP however clearly isn't designed  - rather it "evolved" and why that can mean it adapts very well and is easy to pick up it also means there are alot of inconsistencies.

Despite Nameless12's [possibly] provacative statements I do agree - and believe it is hard to deny - that in terms of design PHP is pretty poor and will ingrain some bad habits into users who don't take it upon themselves to look into other languages. In terms of clean design I think [b]Python > Perl > PHP[/b] is the order of things.

I get this: [code]   Hello_this_is_an_arg [/code] Seems to be working I'd say.