gizmola

It has come to our attention that someone managed to get their hands on a database dump of the phpfreaks members table used in our forum database. We apologize for the inconvenience and concern this may cause you. *UPDATED* Based on research, we believe that the individual(s) responsible utilized some exploits available in the forum software that allowed them to run a php script that dumped the data from the forum user table. While the passwords are hashed a number of time and in many cases salted, someone who is highly motivated to do so, may be able to derive your original password, especially if you did not use good password practices. A hash password can not be decrypted, but by generating rainbow tables, crackers can determine if your password matched one of many they may have in a database. The table also includes your name, so it may or may not associate you with the email address you used to register. We highly recommend that you take the following actions: 1. Change your password 2. Change the password on any system where you used the same account name/email/password combination. 3. Use unique high/quality passwords on any and all systems you frequent now and in the future. Should we make any additional determinations or discoveries in relation to this issue, we will provide updates here. *PLEASE NOTE* We will not be deleting accounts upon request. We stated that we would not delete accounts for any reason in our TOS when you signed up. Deleting accounts is not going to retrieve the user table data.

Sorry about that, I killed the backlog, but not before it sent out a lot of stuff while I was still debugging.

Start by installing on your workstation and using git for your development work. You can also set up a free account on bitbucket, that will allow you to make private repositories. You can utilize it as a free backup. -Develop locally, git commit your code each time you have a working build -Git push to your bitbucket remote Doing this will get you started and familiar with git as well as giving you the benefit of having change control of your projects. Many a person has accidentally deleted or overwritten an important file. Git will bail you out on those mistakes. It also helps you diff so you can see what you changed revision to revision.

This is how you create spaghetti. functions should be discrete and do one thing. Planning to "add a different MySQL statement later" isn't the right solution. You should write a different function for that. It's also clear that getID() is a bad name for this function. It really should be named something like: function getEmployee($id) { }

This line: if(getID($staffid)) { --- depends on getID returning a boolean equivalent value. You have changed the function so that it no longer works that way. You will need to rethink the way that code is written if you want to change the way getID() works. Returning false or an array is no longer compatible with returning false OR some positive integer that will evaluate to true.

Strongly agree with the prior respondents. Media queries are current best practice for responsive design, as they are built into css and supported by the browsers. With that said, they aren't focused on determining what device someone is using, but rather the size of the screen. So long as you're not trying to have something silly like: "Hey Iphone6 user...." they are definitely the recommended path at this point, as well as HTML5, Grids, css3 etc.. QoC has some good examples. If you do some googling you can find some nice templates that people have created you can use as boilerplate in your css. This is a good one, but there are many others: https://responsivedesign.is/develop/browser-feature-support/media-queries-for-common-device-breakpoints

Personally, While QoC's code will work and answers the question, I don't feel that a 404 is appropriate there. 404's are really for URL's that can't be found, as part of the HTTP spec. In your case, I think you should simply return a message to the user indicating the issue. Exactly what you want to do is really a matter of personal preference, that comes down to User interface design.

Quick and effective debugging tool for these types of problems: var_dump($_POST);

Git is one of the most important software development technologies to emerge in the last decade. It's pervasive use has given rise to github, and it has basically taken over version control, as well as vastly improving the effectiveness of open source projects. Yes version control is indispensable in my opinion, not to mention something that differentiates professional developers from hobbyists. It's also an excellent tool for pushing code to production, especially for small companies. Old way: Develop (locally perhaps?) Figure out manually how many scripts were changed. Use some tool to FTP files. Do you trust file stamps? Maybe use ftp tool, and pray that you don't have a burp in the middle. Oh crap! It's not working, did we miss a file? Sit down and try and get it working again by manually going through the list of files trying to remember what exactly you changed. With Git: Develop, iterate, push to git branch. For simplicity/1 person you can just use master branch. Time to deploy? -> git pull (on production machine). Did something go wrong? Git is atomic -- all files will be deployed or none. Something wrong? git checkout {previous commit#} We are back to where we were, and you can relax and figure out what went wrong on dev! And of course version control answers questions for you along the way like-- what did I change last month in that module? Did that other programmer add a regression, even though he said he didn't change anything? What is the change history of this file? Just an amazing tool, from Linus Torvalds, that when all is said and done, will probably be more important to the future of software engineering than Linux.

Anything you do of this nature is going to be proprietary and ultimately unreliable. You can not "give" a digital asset of any kind to someone and also make it non-editable. If people really want to edit something, they will find a way. Just pointing that out---- With that said, I agree that for dissemination of documents, PDF's are a much better solution than word documents, which require the user to have a compatible version of office.

The very name of this method should indicate to you that it is not designed for updating values in a table. This is completely out of context, as obviously you are using some sort of database class or ORM here, but you've provided no information as to which one. To change the data in one or more rows of an existing table, I expect that there is one or more different methods for doing that. This also sounds like a one-off maintenance activity which begs the question, why not just go into mysql and issue: UPDATE ..._users SET 'active' = 1;

I think the point here is that there isn't really a reason to check is there? If someone gives you an IP and a net mask, you can utilize the net mask to determine the host# regardless of what they provided for IP. Requinix has provided the functions and bit operators to do that. This makes your tool simpler and more useful in my opinion --> regardless of what they provide you, you return an acceptable route command.

You don't understand how to add an html form element to that code? There is a password input type in html. Seems like that should be trivial to add.

For those employers putting weight on things like this, you get more credit for contributing code to other projects. Don't get me wrong, if you want to be good at something like using git for VC, you have to actually use it, so you could make a bitbucket account and store your full site code in a private repo, and I'd suggest that you do so, but not for the benefit of potential employers.

I've used highcharts in the past, and it's one of the best javascript graphing libraries available these days.

I'm just going to throw out, that there are 2 common solutions to the caching of relational data. MemcacheD and Redis. These are both daemons that you run, and require some memory allocation. They are close to RAM speed for fetching data in most cases, and serve to buffer the database from SELECT/READ activity, so they are widely used for performance and scalability concerns. I'm not clear from your description what the nature of the queries are, but let's assume that they are individualized to each user. When you create your cache buckets, you'll name them in a way that they'll be locatable again. I know this is very confusing for people, but in most cases, you have to roll your own solution for cache integration. The basic prescription is this: -You query -Code checks for the existence of an existing cache entry --If it exists (return data from cache) --If not, query, store data to cache with TTL (similar to what you have now) ----return data from cache A simple bucket name might be: '/calender/user/{member_id}'; For your insert/update/Delete code for the calendar, you simply need to make a delete cache entry that uses the member_id variable to locate the cache entry, and delete it, should it exist.

I don't want to get into XSS and have this thread meander away from your subject. SQL Injection! The answer was provided for you by Quick Old Car. Use prepared statements! http://php.net/manual/en/pdo.prepared-statements.php You are using some sort of database class which we aren't privy to. At this juncture, you should either be using one of the well known ORM's available (Doctrine, Propel, Eloquent) or just using vanilla mysqli or PDO. For someone starting out, I like Doctrine2 because you can drop down and just use DBAL and get the main benefits you want of using a db library while also having the option of moving up to the full ORM later. Regardless, using prepared statements solves the problems of having to escape input AND eliminates SQL injections. It's a 2 for one, that makes your code simpler and better at the same time. Accept no substitute.

<p><?php printf( __( 'You can access your account area to view your orders and change your password here: %s.', 'woocommerce' ), wc_get_page_permalink( 'myaccount' ) ); ?></p> Needs to be changed to: <p><?php printf( __( 'You can access your account area to view your orders and change your password <a href="%s">here.</a>', 'woocommerce' ), wc_get_page_permalink( 'myaccount' ) ); ?></p>

If a user can have multiple images uploaded, then the relationship is 1 record -> to many images. This requires that you have a separate images table with the foreign key of record_id to link the image back to its user.

Psycho, Agreed 100%. I stated this, but without the examples you provided, when I said that it would treat them first as constants, generate a notice, but still resolve them as string constant keys in the array. As you state the manual indicates that you can leave off the single quotes, but I think that's bad form, and as it happens causes the notice to fire. If we're trying to be notice -free, then the way to go is to use the blocks around the array variables, and I think that is what people should be taught, and become comfortable with, and adopt as a best practice.

These are 'Notices'. A notice is not an error per-se. Your code will work without the use of a string index: name vs. 'name' However, you are causing PHP to do extra work, because it generates a notice (if the error level includes notices) has to first check to see if there is a constant with that name Obviously this is not best practice. Frequently I find that people have gotten into the bad practice of omitting single quotes around the string constants they use, because they are having parsing problems with interpolation. This doesn't work: $name['first'] = 'Fred'; $name['last'] = 'Stone'; $output = "Hi $name['first']! I hope that you and the rest of the $name['last'] family have a great visit with us at our first class resort!"; echo $output; Run this and it generates a parsing error: The secret to getting around this issue is to wrap the array variables in a php block - { }. This code works: $name['first'] = 'Fred'; $name['last'] = 'Stone'; $output = "Hi {$name['first']}! I hope that you and the rest of the {$name['last']} family have a great visit with us at our first class resort!"; echo $output; Output:

Global variables introduce side-effect bugs, and go against the grain of good procedural and object oriented coding practices. A function or method should be discreet and provide unit testable reproducible behavior. Specific input(s) should produce specific results and return values. When you use globals, the function stops being discreet, and becomes dependent on the state of the global variables used. Worse yet, the globals are available and shared by any code that desires to make use of them. This leads to situations where you will have a hard time tracing down or reproducing problems because some path of execution has lead to a global variable being changed, and you won't be able to know easily what lead to the problem. They also contribute in general to spaghetti code where it becomes difficult to trace or understand what is happening. Specifically, imagine you are looking at some source code and a function is called, that then makes use of a global variable. Given the alternative of using a parameter, you can see where the parameter got it's value in the source code, because to call it you have to pass the parameter specifically. Contrast this with a global, where you may have no idea what has happened to that variable previously, where it came from, or what created its value. It is simply referenced in the source code at some point.

My goodness that is some really old code. What CMS are we talking here? function slashString_gpc() { foreach (array('REQUEST', 'COOKIE') as $gpc) $GLOBALS["_$gpc"] = array_map('slashString', $GLOBALS["_$gpc"]); } Inside there looks like it should be: function slashString_gpc() { foreach (array('REQUEST', 'COOKIE') as $gpc) $GLOBALS[$gpc] = array_map('slashString', $GLOBALS[$gpc]); }

Here's what often happens: You join a company/project that is trying to build some software to do a number of things, as set out in the goals/design/specifications. You break things up into tasks and different members of the team start working on them. Frequently there is a framework being used, and hopefully some conventions, but frequently there is a lot of uncertainty. People start plowing away, and the way Programmer A does things vs. Programmer B might be substantial. Now you have 2-3 semi-working pieces of the product and you start looking at the code, and right away it's obvious that this code was produced by two different people. As "hypothetically" I might have been one of the people involved, even as I was coding my piece, I realized along the way that there were some things my code did, where given more time I might have made it more reusable, or had a better design, so if I'm lucky I might stashed a few comments or TODO in my code. Now we're on to more items, and programmer 2 is doing something very similar to the first item, and there's a lot of copy and pasting involved. We do some code reviewing, and it's clear to everyone that this is not DRY. There is a lot of code being repeated. Programmer 3 just joined, and now has to do something very similar to what Programmer 1 did, and I did, but the problem is, that even though they are similar items, the team has not agreed which is the best way to do it, so Programmer 3 basically has to just pick someone to emulate (if we're lucky) or maybe decides that everyone else was an idiot and does the new component in a completely different way than the two previous components. The PM and QA are reviewing things, and everyone is super excited because we're only three weeks behind the original schedule (of completion in 6 hours) and the system basically seems to do the things that it was supposed to do. The only problem is, that the underlying code now looks like it was assembled by a chimp with ADD, and there are 12 new features planned for next week.... If you're lucky, maybe there's a lead dev, who goes in and adds a couple of much needed unit tested components, and redoes one of the sections and this then becomes "the reference" for how to do something similar. If you're lucky, there's some design patterns being used. If you're lucky there are code reviews. If you're lucky people go back before anyone notices and refactor things to be consistent. If you're lucky you have appropriate roles and responsibilities and some division of labor. Programmers that care about the overall quality of the underlying design, or are incented to insure it has minimal bugs, or have to maintain it or keep it running are going to be interested in refactoring. Then there are situations where someone is brought in to start working on legacy code, and they realize that what they've just been assigned to work on is a rat's nest of rotten spaghetti, and those three things that "the old guy never got around to adding but should be easy right?" are actually close to impossible to add given the original architecture (or lack thereof) and the fact that doing just about anything to it has the potential to create side-effects that will break unknown areas of the system, causing everyone to question the new programmer's basic competence. No, I would not say that refactoring is related to understanding someone else's code, and thus used as an excuse because you can't understand what they were thinking.

There are times when I question whether Barand is an actual human or a SQL generating Cyborg sent from the future to help the human race combat it's lack of relational database understanding.