gizmola

++

Query strings are in the format "name=value". So the ?error=$error is correct, if you want to utilize php's conversion of the querystring into the $_GET superglobal.

SQL does not offer this --- you'll need to render them out using code in your PHP script. The easiest way would be to create an array that provides the order you desire like this and use that to cross reference a second array that contains the ordered data. Here's an approximation: $order = array(595 => 1, 585 => 2, 159 => 3, 112 => 4, 140 => 5, 692 => 6); $rows = array(); while ($row = mysql_fetch_assoc($get_person)){ $roworder = $order[$row['person_id']]; $rows[$roworder] = $row; } // Now rows is in the order of the IN statement. foreach ($rows as $row) { echo "{$row['last_name']} "; }

Did you look at the imagecreatefrom... functions in the GD manual section?

Ok, so if $_SESSION['ID'] is what you are using to indicate the presence of a session, then there's no problem using that. If ID is an integer (perhaps the user ID?) then your code would be better to have: if (isset($_SESSION['ID']) && ((int)$_SESSION['ID'] > 0) { // logged in } else { header("Location: login.php") exit; } Your logout is looking good. However, you do want to add session_unset(); before your session_destroy. You might also want to be super careful and specifically unset($_SESSION['ID']) if that's your key variable. The important thing about this is that session_start() must have been called before any of these calls.

For forms, people usually use the POST method. This does not provide extra security, but at least the data doesn't show up in the querystring for everyone to see. In each case the data does go across the internet in plain text. The only way to secure that is to have this occur inside https:// but very few public community sites go to that trouble. If you want true security, then you need https://. In this case however, it makes sense to use POST for your form, but you shouldn't confuse that with adding security. It is in this case the right solution for a form that has a password input on it.

It's not that easy to understand how you're structuring things. It would be better if you could put [code=php:0] [/code] blocks around your code. When you do form variable assignments to your $_SESSION[] variables, that is find. Again you can use them like any other type of variable, so once you assign values to them you can echo them, use them in computations, or whatever you desire. There is no need to create other variables. All your input should come from the $_GET[] (url parameters from the query string) or $_POST[] (from your forms with method=POST). You can also manipulate these variables inside the script, so again you don't have to make temp variables of the same name if you want to use them or manipulate them. I don't know where you cribbed code from but you do not use session_register() for anything. The $_SESSION is a superglobal. Again I can't really follow the flow of what you have because I don't know what the goal of that code is, however, it does seem you want to at some point set: $_SESSION['valid'] = 'yes'; So in the small snippet of code at the bottom, its hard to say because I don't know what $id is suppossed to be, or where it comes from. I will say that in general you have an init file that will start the session. There is no reason not to start a session always, because people don't necessarily navigate a site the way you want them to. Otherwise--- yes header() followed by exit is important, so that people who are trying to hack your site with tools that don't follow a redirect can't drop down into code that they should have been redirected away from. session_start(); if (isset($_GET['id'] && (int)$_GET['id'] > 0) { header("Location: http://site.com/book/pick_modcontact.php"); exit; } if ($_SESSION['valid'] != 'yes') { header("Location: http://site.com/resource/admin/admin_menu.php"); exit; } Presumably somewhere in admin_menu.php the user is authenticated and $_SESSION['valid'] = 'yes'?

It's not a memory issue. Mysql grabs the memory it uses when it starts, and does not dynamically acquire or release memory while it's running. That's all handled internally. The issue is that your query is taking way too long. At the range of joining a 120k row table to a 240k row table, that requires every single row in each table to be read from disk and compared -- yes that is going to take a long time, limited really by your IO performance. Since there's no other limiting criteria, it is also no surprise that it takes forever, and the WHERE (email_addresses_secondary.status = 1) is probably not helpful because it is likely a low cardinality value that will also not benefit from any indexes that might be available. I don't know how often you need to run this query, looks like some sort of report? What you need to do is change the php settings so the script does not time out before the query returns, and the query is going to take a LONG time. It probably is crushing your mysql server when it runs, but it will eventually return. If you had indexes on the email_address columns in each table, it would help this query, however because you are using TRIM() the indexes can not be used, even if they existed. In the php.ini file, there's a setting "max_execution_time" which limits the time a script can run to 30 seconds by default. You can set it to 0 and allow unlimited run time. In order to test this, that is probably the best course to take if you really need this query.

I guess the question is -- how large is your table. The key problem here, is most likely in your join comparison. (TRIM(email_addresses_secondary.email_address) = TRIM(email_addresses.email_address)) guarantees that no indexes will be used in the join, so each table will be table scanned and compared row by row. If you have a lot of rows, this is going to take a long time and your script may be timing out. You can explore these issues by using the EXPLAIN EXTENDED {YOUR QUERY HERE, no curly brackets} which is most easily issued inside the mysql command line client or in phpMyAdmin's sql window.

Fantastic -- glad you got it sorted out. Once you figure these details out, it's really a pretty great way of accessing a soap interface, when you compare the amount of code you need to a language like java.

Don't use globals. Globals have nothing to do with sessions. Likewise, register globals should be set off, and is set off for php by default. I can't provide you a definitive tutorial to sessions but they aren't complicated. By default sessions utilize a cookie that sets a session id which by default is named phpsessid. When you call session_start this cookie is either read from the request header [session exists] or a new cookie is created. If the session exists, the session handler goes and gets existing session data, which it identifies by the session id. By default session data is stored (serilaized) in individual files on the php server. When a script is running, you can add/change/remove/read session variables by either reading or assigning to $_SESSION[]. While the script is executing, they are just like any other type of variable. The only thing special about them is that when the script ends, a special handler kicks in, that takes the session variables, and serializes them out to the file again. By default the session cookie that is created lasts as long as the browser is open. If the browser is closed, the cookie expires. People who want to reinstantiate beyond the life of a browser session need to use another cookie to supplement this. People ask about this all the time so i throw it in for completeness. The variables that control cookie behavior are set up in the php.ini. You can change all sorts of things about them if it suits you, but the main thing to understand is that sessions also have an expiration. Under a site with at least steady traffic, the handler will be invoked enough when people visit, that it will clean up expired session files predictably. This is really only important to know, in terms of understanding that you don't have to worry about cleaning up these session files yourself. Questions?

Well, unfortunately, no I don't think this will work. In my test, the mta does not carry over any headers. I think your only option is to include a tag in the actual body of the email, and then parse the body for it. You could for example include something like: [replycode: xxxxx] Perhaps at the bottom of the email, and use that to track it. Sorry but an email header will not work. One other thing you could do would be to set the reply-to address to include a portion of the address with the code. For example: Have it be Reply-To: someaddress_xxxxxxx. Your mta would need accept all these emails and send them to the same mailbox, and then use the To: address which will have the someaddress_xxxxxxx and parse it to get the response number. I know some customer service products that have implemented this scheme for tracking correspondence related to a particular case#

The $_COOKIE comes from the webserver, and includes all cookies sent from the client browser. You never set it -- only read from it. One comment-- I don't know what your user table looks like, but you'd be better off if the key was an integer, and not the the username. Nevertheless --- function rememberME($username) { // Call this function to set cookie on new login, when remember me is checked. define('SECRET', 'Some secret phrase you want to use here for your site.'); $hash = md5($username . SECRET . time()); $config->query("UPDATE member SET remembercode = '$hash' WHERE username = '$username'); setcookie("sesstoken", $hash, time() + 259200, "/", ".yoursite.com", 1); }

I don't understand what you can't figure out. I have already suggested you a solution. Set an email header field with whatever value allows you to do the matching. This field name should start with X- See my code snippet. You would then need a custom program that will read emails out of the email box using imap or pop, and do whatever it is that you need to do, using the X- header value to establish your link.

If you're going to store that in their user row, then sure that could work, although I'd highly recommend at least an additional salt or secret phrase that the md5() has be based on -- using the time() alone isn't a very good input, while something like username+phrase+time() is much better. Just to reiterate, this is only something that should be looked at if the user doesn't already have a valid session. In other words, you only want to go to the expense of checking the rememberme cookie if they aren't already logged in. Then check cookie, and if no hash match, prompt for username/pw.

So --- then use some variation on the code I provided -- set and X- header, and your process that reads emails should parse for that. Since you haven't really described the application at all, that's the best I can offer.

The $_SERVER['QUERY_STRING'] variable gives you the original query string, which you are free to parse up and handle yourself. explode() using the '&' should work pretty well to get the name=value pairs.

You're all over the place with that idea. PHP sessions are for browsing/http. If you want to put your own header fields into the original email with some sort of id in it, yes you can do that. Assuming you're using the php mail() function, the fourth param lets you pass in additional mail headers, each line deliminted by an ending "\r\n". So you could have something like: $headers = "X-repId: $repid\r\n";

I doubt seriously it ever included http:// ... __FILE__ is suppossed to be the "The full path and filename of the file. If used inside an include, the name of the included file is returned. Since PHP 4.0.2, __FILE__ always contains an absolute path with symlinks resolved whereas in older versions it contained relative path under some circumstances." If you're using this for includes, then it really doesn't matter what it is, so long as it resolves correctly. PHP is suppossed to do the right thing on windows regardless of whether or not the path seperator is "/" or "\"

You might have a look at the sourcecode for the serendipity blog. It provides this type of functionality. Often what will happen is that the admin system will provide a function that looks through the plugins directory for new plugin directories, comparing the structure against a table of currently installed plugins. There's a lot to this, so I really don't want to say too much more about it, as a book could be written on the subject. Many systems also see value in having a manifest file that provides configuration info, as per the suggesion from teamatomic. This file might also specify the list of files, and sometimes even a hash so that the system can determine if the plugin is complete and valid. Often plugins have install and uninstall scripts that set up a newly installed plugin for the first time, or allow the system to remove the plugin and clean up after itself. I'm afraid you'll have to be a lot more specific about what your objectives are.

Recoding because you did something wrong, is called "refactoring". In other words, it's part of being a programmer. My main comment to you would be in your use of sessions. Perhaps you did not know that php sessions by default and depending on configuration, already uses a cookie. Your remember me cookie should only come into play if the person does not have a valid session state. Typically people use the existence of the cookie to do something that basically bypasses the standard username/login and authenticates the user. This is of course a huge security hole, so you need to consider ways to insure that you'll accept this cookie. There are a number of different schemes including: -taking the username and password and using something like mcrypt to store it in the cookie using strong encryption. -issuing a token that is stored in relation to the user and allows them to be looked back up. An md5 or sha1 hash of a number of elements related to the user can make for a good solution. In both cases you want to throw in a serverside salt that makes it unlikely someone will figure out your scheme.

roopurt -- I think that your framework works for you, and if that's what makes you efficient, then there's no need to defend yourself. However, I agree with CV, that in a traditional development house where they have a breakdown of wedevs and webdesigners, the designers usually are able understand what they need to in the creation of templates. It's the developer's job to get what they need into the view in a form that is useful for that particular template. This is where template systems have tried to provide value and reusability whether that be through a template scripting language like smarty or through one that allows for drop in of php, short tag format, and view helpers and partials. Designers typically can understand the rudiments of looping, and in some cases are full blown developers who know js, html and css very well, but may not know php.

Right, because the name column is a string so your query needs to be: "SELECT * FROM characters WHERE name = '$player'" It's always good to check the return value after you query. $level = mysql_query("SELECT * FROM characters WHERE name = $player"); if ($level) { // fetch } else { // There was an error. }

I guess this falls under assumptions -- my assumption is that this is a one off, so whether it's one ad or 5 from this publisher, it's only going to allow for 4 views of *any* of those ads. Also, again, I assume that adViews() would be used inside of his existing display_ad function. Could be something as simple as: function display_ad($ad_size) { $customerviews = adViews(); If ($customerviews > 3) { // Has already seen the ad 4 times // Don't show ads 232, 233, or 234 $sql = "SELECT * FROM tags WHERE add_id NOT IN (232, 233, 234) AND ad_size='$ad_size' AND status='1' ORDER BY rand() LIMIT 1" } else { // normal query $sql = "SELECT * FROM tags WHERE ad_size='$ad_size' AND status='1' ORDER BY rand() LIMIT 1" } $result = mysql_query($query); $row = mysql_fetch_array($result); $countads = array(232, 233, 234); foreach ($countads as $value) { if ($row['add_id'] == $value) { countViews(); } } return $row['tag']; } This could certainly be refactored into something more generic, and possibly database driven, but I'm not going there

Looking at the wsdl, these map to complextypes. Thus you have to make an object to pass as the parameter, and it will likewise create an object on the return. The problem is that i don't see a definition for the object, as it seems to be empty, so for example: