gizmola

This could be written, but you could also simply install squid on your external server and use that as a proxy server.

Did you see the article I just posted showing you how to install a Centos Linux server on your Windows machine in a Virtual machine using Sun's free Virtualbox?

Ok, I think I understand what you are meant -- you're wanting to do a config file. See Thorpe's answer. Keep in mind that most sites will have permissions that won't allow you to write out files, so most scripts do permissions checks and indicate if this is an issue, and then provide the information so it can be hand editted if desired.

That doesn't really make sense. The PHP script is not equivalent to the ultimate html that is returned. Writing a .php file would not be of any advantage.

What is the structure of the table? Does it have a timestamp or datetime column?

Certainly easy to do, but we don't know the structure of the table. What you want to do is modify the query so that it performs and inner join between cashlogs and the user table. Because you are needing to join to the cashlogs table twice, you'll need to use table aliases. In this example, I'm going to assume that the user table primary key is 'name' (again you haven't provided that info) so this is just a guess. Modify the query as needed. 'SELECT cl.*, uf.imagaward, ut.imagaward FROM cashlogs cl, user ut, user uf WHERE ut.name = cl.to_name AND uf.name = cl.from_name ORDER By time DESC LIMIT '.$start_from.'

Yes, search seems to be broken atm. Thanks for pointing it. out. Will have to get one of the Admins to look at what's going on.

Hmm well I think your problem could be traced back to the fact that UTF-8 and Latin Swedish CI are two different character sets? Yes, the best solution is to have your character sets match across the board.

No worries, glad you got it working. You might mention to them for any future machines that the instant client is a better way to go for machines that will connect to an instance running on another machine.

You are storing the password encrypted. So select the row for that user matching the username/email address associated with the account, and in the process decrypt the stored password. This gives you the plaintext password, which the user is supplying in the form when they login. If these match then the user has provided the right email/password pair.

Select the AES_DECRYPT(password, ...) where the email = $email. Compare your now unencrypted password to the one in the post. If === then the user logs in. Word of advice, you need to use mysql_real_escape_string() on your input.

You use mysql. As long as the table is only doing inserts and selects, it will perform very well. Keep in mind that you only have to insert a row into this table, when there is a bad password attempt. You should have indexes on the IPAddress and Created columns. So a structure like this will work: badPasswordAttempt -------------------- badPassword int unsigned primary key AUTO_INCREMENT IPAddress VARCHAR(15) created Timestamp Make sure you have non unique indexes on IPAddress and created. Your query should be something like: SELECT count(*) as countof FROM baddPasswordAttempt WHERE created > DATE_ADD(NOW(), INTERVAL -5 MINUTE) AND ipAddress = '$IPAddress'; You will always get a result set with one column for this query, and you simply check if the answer is > your threshold. 3 or 4 would probably be a good threshold.

You must have a syntax error. It will display something when it works properly. Check your apache error log to see what the issue is.

Not even close. Spend some time learning mySQL's sql syntax please.

thank u sir monkuar my friend, I realize that sarcasm does not always translate, especially when it is being practiced by a master of the art like CV. Let me state this another way: "Don't hold your breath." You have been participating here for 100+ posts, so I would think you would have picked up on what constitutes a good question vs a bad one, and yours is not very good. In essence you dropped a block of code in here and asked people to "Make it better." Anything is possible, but I won't be taking my time, nor apparently is CV. One piece of advise I can provide you, is to find a way to do whatever that code is doing, without resorting to the use of eval(). It's quite simply one of the most dangerous functions, from a security standpoint, that php offers. Not unlike the use of recursion, there is almost always a way to do without it.

I agree about the ambiguity -- let's all get a beer!

You're misreading the manual CV. What it means is that it will do the trim action on all those characters, unless you specify the 2nd parameter, which will then act only on the characters you specified.

Sure there are bad catpcha's that can be defeated but that is overstated. I just read a post the other day talking about this amazing javascript code that could defeat a captcha, when in fact the captcha being employed was one of the simplest and easy to defeat I've ever seen. I advocate the use of recaptcha -- not only is it secure, but your users are benefitting mankind by helping to translate books in the process. Also, since I made the initial criticism, I should probably admit that there's a reasonable case to be made for using a captcha on login, that involves bad password attempts. What you can do is track the bad password attempts (again I'd suggest by IP), and introduce the captcha once a certain number of bad attempts has been made. It's not the simplest thing to do, because you have to track the attempts by the time they're made, so that you can have a window of time. I implemented this type of code for a massive multiplayer gaming site with relatively heavy traffic, to combat cheating via the use of bots. In that case we needed to actually track logins, so the idea was a bit different, but the basic technique was the same. Once you are keeping track of login attempts by IP, along with a timestamp, you can query a count of login attempts within the last N minutes, and if the count is high for that IP, you can issue them a captcha. It's a reasonable compromise if you don't want to be concerned that blocking by IP might keep out legit users who are coming from an ISP with a big proxy range.

Guys? trim only removes whitespace characters from beginning and end of strings. Phant0m is correct. $str = "This is line 1.\nThis is line 2.\nThis is line3.\n"; $str = trim($str); echo nl2br($str);

You can always code it so that they require cookies. Sometimes bots are written simply and will not accept cookies. However, depending on a cookie for the counter isn't the best idea, because they could modify it. The simplest way to handle this is to just use the IP address, and track that. After a certain number of tries from one particular IP address, you can disable further attempts from that IP address for a period of time.

tanveer: Please make a script with this in it and report back the findings: echo "ORACLE_HOME=".getenv("ORACLE_HOME");

The mysql sum will be more efficient, than querying a table, fetching the rows and adding them up in php. However, don't understand your "20 other fields" comment sufficiently.

C'mon give the guy a break. It's *urgent*. //rest of code here echo 'Car Dealership Site';

Probably the missing piece to the puzzle for you is html_entity_decode(). I don't know why you would be doing stripslashes. That's only something you would use if you had previously used addslashes, which you shouldn't be. Again, you need to be aware of your character sets.

Getting shrill, and blaming all your problems on PHP isn't going to help you. This is not a PHP issue. My advice to you is that you need to invest some time understanding character sets, as well as web entitities. dzelenika already provided one suggestion for how to handle the problem, and you didn't respond to him at all. We don't have much in the way of information to go on. You only posted two lines of code in your original message, and we have no information about what exactly is malfunctioning in whatever your current code looks like. Right off the bat, I can tell you that htmlspecialchars() only takes care of a handful of special characters, so you probably want to look at htmlentities() instead. With that said: - What is the character set of the page that contains the form that accepts the submission - What is the character set for the mysql table where the data is being stored - What is the character set for the page where you display the data that has been fetched from the db Where is the relevant code, and where is an example of your results. Given these things, perhaps we can help.