gizmola

Have you checked the permissions on the directories involved? Often this is caused by the web server not having the permissions it needs on one or more of the directories.

You are on the right track, but missing a detail. The element that is selected needs to have that attribute set in the html markup as you indicated. A small mod similar to this will allow you to continue to work with your array and foreach loop. foreach($cast as $role => $actor) { $t = " if ($role === $_POST['dropdown']) $t .= ' selected'; echo $t . ">$actor\n"; }

The pear convention (also used by the Zend Framework) is to have each class in its own file with the same base name as the class. You capitalize the first letter of the directory and class names. It is also important to understand the php include path. Typically you place your classes in a directory structure that is in the include path. Let's assume that the include path contains among other thing: '/var/httpd/mysite/include/' So you decide to create your own library, named for your site: MYSITE. And let's say that you create a utility class called Timer. Then you would have a structure like this: /var/httpd/mysite/include/Mysite/Utility/ Since everything up to the include directory is in the php include path, you can ignore it as far as naming is concerned. All that's important is that PHP can find and load those classes. And in the Utility directory, you would create your new class file name timer.php. Your class should then be named: class Mysite_Utility_Timer { } An autoloader as simple as this will now work for your classes: function __autoload($class) { $filename = strreplace('_', DIRECTORY_SEPERATOR, $class) . '.php'; @require_once $filename; }

Probably has a bug in the code. Did you check the web error log? You could also try adding this code temporarily at the top of your script: error_reporting(E_ALL); ini_set("display_errors", 1);

Whether or not a CMS is a help or hindrance depends entirely on the *features you need*. It's extremely important that you have such a list and focus on it. If the cms provides you the majority of what you require, then it may be worth the effort required to learn the ins and outs of the cms. You could also use a blog like wordpress or my personal preference Serendipity as the basis of your site. Blogs often have a lot of the features of that a cms has without much of the complexity. In your case, however, it does seem that the user and subscription features are something that will save you a lot of time and effort. You might also want to consider Joomla. Having in the past been project lead on a Joomla mod (Ponygallery) developing extensions to Joomla is completely feasible, although like anything requires a high level of development expertise.

Well, 2 of those are CMS, and one is a blog (although the difference between blogs and CMS is often fairly minimal). Between Drupal and Joomla, flip a coin. Either one has the features you require. They both have a learning curve, but also have extensive documentation and community support. I'd suggest you visit each site and take a look and see which appeals to you. You can also visit http://opensourcecms.com In particular, since your assignment involves a custom template, you will want to investigate template development and customization for each. In a nutshell, the general consensus is that Drupal is much better architected, while Joomla is more feature packed, primarily due to the extensive number of mods available for it. For your assignment I don't think this will be relevant to you at all.

One consideration for this is what version of PHP you are using. If you're using php5 then all objects are passed by reference. In PHP4 this was not the case. Hopefully you're using PHP5. If it's appropriate for your application to be dealing with objects then you should be using them. Only you can answer that question. For example, if you have a factory class that creates objects, then it would be a very poor design if it did not in fact pass back the object it had manufactured.

You need to read up on PHP Arrays and learn the basic syntax. I've illustrated a variety of techniques in this thread, but it's not going to help you code if you don't understand what I'm doing. This code should be pretty close to what you asked for, although it might have syntax issues. $query = "SELECT * FROM $dbBiographyTable WHERE approval = 1 ORDER BY title ASC"; $result = mysql_query( $query ) or die ( "Error on db query biographies.php" ); mysql_close( $session ); $num_rows = mysql_num_rows( $result ); if(mysql_num_rows($result) == 0) { echo("Nothing to Display!"); } else { while($row = mysql_fetch_array($result)) { $rows[] = $row; } } foreach($row as $value) { $title = $value['title']; $namesarray[$title[0]] = array('title' => $value['title'], 'id' => $value['id']); } foreach($namesarray as $letter => $title { echo " " . "$letter" . " "; foreach ($title as $value) { echo '' . $value['title'] . ''; } } [\code]

There are a lot of different possibilities here. Usually you need to go into your web logs and look for the attacks. We really don't have enough information or access to your site, so there's no much we can do to help you.

yes, did you look at the php rand() function?

No, hehe. All you need to do is take the code where I make the $names array. Instead of a static definition of the names, you replace that code with your mysql select and fetch loop, only inside each fetch you simply get the name and add it to the names array. Something close to this should work: $namesarray = array(); foreach(range('a', 'z') as $value) { $namesarray[$value] = array(); } $names = array(); $query = "SELECT * FROM $dbBiographyTable WHERE approval = 1 ORDER BY title ASC"; $result = mysql_query( $query ) or die ( "Error on db query biographies.php" ); mysql_close( $session ); $num_rows = mysql_num_rows( $result ); if(mysql_num_rows($result) == 0) { echo("Nothing to Display!"); } else { while($row = mysql_fetch_array($result)) { $names[] = $row['title']; } } foreach($names as $value) { $namesarray[$value[0]][] = $value; } foreach($namesarray as $letter => $names) { echo "$letter \n"; foreach ($names as $name) { echo "$name \n"; } }

Yes. Concentrate on getting your login system going, which is non-trivial. If a user should not be able to access a url unless logged in, then this needs to be handled in your authentication logic, which is typically done with an include at the top of the script, or in a class you create for the purpose.

Yeah it's because the way you have coded, you only print out a title from the db if it happens to have the same first letter as the letter in the range that matches the value of $i, which you increment every time a row is read from the database. The two loops (one to produce the letter headings, one to fetch rows from the result set, have nothing to do with each other, and it's just happenstance that the first two rows have names that start with A and B respectively, so you get a match. There is no way to make that structure work out. You could fix this in a number of different ways, but what I'd suggest is this: $namesarray = array(); foreach(range('a', 'z') as $value) { $namesarray[$value] = array(); } $names = array('alan', 'bill', 'bob', 'dan', 'david', 'fred', 'henry', 'niamh', 'tim', 'tracy', 'zoe'); foreach($names as $value) { $namesarray[$value[0]][] = $value; } foreach($namesarray as $letter => $names) { echo "$letter \n"; foreach ($names as $name) { echo "$name \n"; } } The output of my test script is this: [david@penny ~]$ php rmerge.php a alan b bill bob c d dan david e f fred g h henry i j k l m n niamh o p q r s t tim tracy u v w x y z zoe So hopefully you get the basic idea -- fill in an array during the fetch loop. When you exit it, you're ready to output the list. Add the html you need, as my command line test couldn't use html. So basically $names was just used as a substitute for your result set.

Did you try something like this? $insertSQL = sprintf("INSERT INTO job_details (uid, job_id, job_no, country, eng_name, status, `date`,) VALUES (%s, %s, %s, %s, %s, %s, %s,)", GetSQLValueString($u_uname, "text"), GetSQLValueString($_POST['job_id'], "int"), GetSQLValueString($_POST['job_no'], "text"), GetSQLValueString($_POST['country'], "text"), GetSQLValueString($_POST['eng_name'], "text"), GetSQLValueString($_POST['status'], "text"), GetSQLValueString($_POST['date'], "date")),

Thanks for your advice on HEREDOC, I'll try to implement it. As for the third party script section, I did not know that such forum existed. Sorry about that. Is there a way to "move" this topic to that board? Getting back to the issue, I understand that there is a significant difference between COD and PayPal in terms of data exchange, but the information that I'm missing originates from my side and PayPal server does not alter any. Therefore, I should be able to simply retrieve it and print it out, as in the COD case. That's all I want to do. Thanks again I can move it there, so I will do that if this goes on further. In answer to your question this code starting at line 49 or so is where all the calculation occurs. / load the before_process function from the payment modules $payment_modules->before_process(); require(DIR_WS_CLASSES . 'order_total.php'); $order_total_modules = new order_total; $order_totals = $order_total_modules->process(); So for whatever reason, $order_totals, which is expected to be an array of strings, apparently is empty when it processes. The code for the order_total class is in order_total.php, which you didn't include. As oscommerce appears to be a rats nest with a mindboggling number of global variables it is relying on, again the most logical explanation is that there's something happening inside the factory class that's different when it's paypal. Again glancing at the paypal script, there are calls being made and files being generated and all sorts of stuff that could fail due to simple things like permissions or php.ini settings that prevent the use of fopen().

No it's not. There is no security, and a lot of processing power required. I say again --- you have not secured anything just because you generate a hash and pass that because there is no secret involved, since the url param has the hash value IN THE URL! Where people make the argument for that technique is when they are trying to prevent people from randomly guessing id numbers, say for example in a system where you might have something like: showprofile.php?userid=4 And this lets a user see their profile. So naturally someone thinks --- let me try showprofile.php?userid=5 and they get the profile page of someone else. Regardless of whether or not they hash the userid in some way, that's still not security, if the requirement is that nobody should be able to see and edit a profile page other than their own. The solution to that problem is not to user url params at all and use session vars instead, and have the script pull the appropriate information from the database for the logged in user. Since that resides serverside, there's no need to even have url params.

Susan, First off, I glanced at html_checkout_process. This entire file does absolutely nothing other than interpolate a big string. While this has nothing to do with your question, there's just a much better way to do what you're doing there, and it's called a HEREDOC. Heredocs will interpolate values the same way as using " stuff $var stuff". You do this: $myvar = Put my html in here, and mix in vars like $var as I like. no need for escaping. Here's more stuff! Isn't this better! HERE; $echo $myvar; Secondarily, this is just oscommerce code --- so you should be posting in the 3rd party scripts section, as this isn't code you wrote is it? All things considered, I think the most likely explanation is that you have a configuration issue with your server, or paypal or both. There's no point in us trying to debug code that is part of a well known ecommerce system. Needless to say there's a huge difference in just indicating COD where there's nothing that needs to happen, vs. paypal where the paypal servers are being called and results are being stored.

I'm not sure what it is that you're trying to accomplish by calling md5() all over the place. You are accomplishing absolutely nothing at the expense of a huge number of hash calls. All that you could possibly hope to accomplish is to obscure the fact that you are passing a url param with the same name as the menu item? It's not like I can't take the md5 hash and just use that if I want to try and exploit your controller code. It doesn't matter if I don't know what it hashes to -- the hash is in the link and you're accepting it. This approach provides no security whatsoever.

Look at the array functions. There are a variety of ways you can combine two arrays together, and of course you could probably write the code to do this manually i'm betting. Once you have one array, your single foreach will work.

you can check prior to the loop, by comparing $this->metadata to NULL, for example: if ($this->metadata != null) { //Do your foreach //etc You can also turn down the errorlevel so that it doesn't include warnings, if there's no particular logic concern. Of course on a production server you should not have error reporting on anyways, as you will want to log errors instead.

I agree with everything Andy wrote, and I can add to it: Do you really understand your tables? This is how I approach most queries: 1. Write the query using a literal example and run it in phpMyAdmin. Does the query return the right columns? 2. Replace the literal portion with a variable as needed. You should test some semblence of this: SELECT paypal_payment_info.datecreation, paypal_cart_info.itemname, paypal_cart_info.itemnumber, paypal_cart_info.quantity FROM paypal_payment_info INNER JOIN paypal_cart_info ON paypal_payment_info.txnid = paypal_cart_info.txnid WHERE paypal_payment_info.datecreation = 'some date that matches format of datecreation'; Since we don't know what the datatypes are we're just guessing, but one thing you can't do is mix in a php function in the middle of a string and have it interpolate. You need to get the value first, assign it to a variable and then include it. Also, you have lots of spurious parens that aren't doing anything. Only add parens when you're sure you need them. After your first query runs, assuming you have a result set, you then need to fetch the rows in a loop, and inside of this loop you will do your UPDATE query. Again, there are just sooo many examples of this, you should be able to come up with something that resembles a working solution given a little reading.

Andy my friend -- just responding to the portion of this question that referred to "chron" -- Hopefully you guys will get the logic sorted, but obviously a loop is needed at very least A job that runs on the server is ideal, but it appeared to me from a quick google that Yahoo merchant doesn't offer this option. Although it's far from ideal, you can get around this by putting the script in webspace, and having another server with a scheduler run it for you. Yahoo serving looks pretty crappy if they don't even offer you a way of scheduling a job. There are of course other ways to hack something up, but it seems like we'd be getting to a point where we're no longer teaching someone how to fish, but handing them a bucket of fish instead.

What they were saying is that on a Unix system there is a generic scheduling daemon called Cron. If your server is unix or linux, then cron is available to you. If your update script works and can be called via the command line PHP, then you should be able to schedule it to run using Cron by making a cron entry using the crontab program. Crontab entries specify the schedule, and follow a format that is documented in the man page, and in many places on the internet, easily found with google. For example, su to root and use: crontab -e You should be popped into vi where you'll see the existing crontab. What cron needs in the crontab entry is the the name of the program to run, so you'll have something like: 29 * * * * * /usr/bin/php -f /path/to/yourscript.php > /dev/null The '*' indicates that for that element of time (minute, hour, day of month, month of year, day of week) to match all possibilities. A literal number matches only that time. So in the example above I'm specifying to "run this program on the Half hour, once every hour of every day." Hopefully this is enough to get you going, and have your scheduled inventory job running.

Umm, why would you want to do that? Often this is used by spammers to trick unwitting victims who think they are registering for something free, into doing the dirty work for spammers. I wrote about this phenomenon on my blog back in Jan 07: http://www.gizmola.com/blog/archives/73-CAPTCHA-busting-A-sucker-born-every-minute.html I think we need more specifics about the site in question, and the reason for doing a redirection to their registration system.

Looks good. Currently there's not really a reason not to have your check_login be declared static, because you are really just using it statically. As for the basic concepts you've used quite a few, with the abstract class etc. It's simple enough but what you've done is clean and concise.