NotionCommotion

Once you echo anything, you cannot set any headers or sessions. Do all your work first, and then display content. Even a simple empty space is too much. PS. You are not escaping your SQL. Recommend using prepared statements all the time until you know when you can do differently

Hi, I have a layout with a sidebar and image background. Please see https://output.jsbin.com/gujonedije. If the amount of content in #custom-content exceeds a given amount, I either need a scrollbar or need the total height of the page to increase. As seen, I have added a scrollbar, but it looks a little odd as it is centered in the page. Given the sidebar, is it possible to put it on the far right of the page? Or can I modify the script to allow the total height of the page to increase? Not sure how to do this given the full page image background. Thanks <!DOCTYPE html> <html> <head> <meta http-equiv="content-type" content="text/html; charset=UTF-8"> <title>Testing template</title> <link rel="stylesheet" type="text/css" href="https://cdnjs.cloudflare.com/ajax/libs/normalize/3.0.3/normalize.css"> <link rel="stylesheet" type="text/css" href="main.css"> </head> <body class="metal"> <div id="header"> </div> <div id="middle"> <div id="sidebar"><p>My Sidebar</p></div> <div id="content"> <ul id="mainMenu"></ul> <div id="wrapper"> <div style="height:400px;">Stuff goes here. Keep height fixed.</div> <div id="custom-content"> <p>Page should adapt to this content.</p> <p>bla</p><p>bla</p><p>bla</p><p>bla</p><p>bla</p><p>bla</p><p>bla</p><p>bla</p><p>bla</p><p>bla</p><p>bla</p><p>bla</p><p>bla</p><p>bla</p><p>bla</p><p>bla</p><p>bla</p><p>bla</p> </div> </div> </div> </div> <div id="footer"> <div class="footer-block"> <div class="footer-bottom"> <ul id="subMenu" class="submenu"></ul> </div> </div> </div> </body> </html> #custom-content{height:400px;overflow-y:auto;} body { font-family:Arial, Helvetica, sans-serif; background-color: #CECECE } .right{float:right;} .left{float:left;} .clear { clear:both; } #header { height:60px; background:url(http://i.imgur.com/sihSa9h.png) repeat-x #e2e2e2; } #middle { /* DONE LATER: background-image: url("../images/background3.jpg "); */ background-repeat: no-repeat; background-size: cover; background-position: center; height:900px; min-width: 1015px;/*960px(content)+50px(sidebar) plus a little extra for good measures */ } #sidebar { /*background-color: #FFFFFF; opacity: 0.30;*/ background: rgba(255, 255, 255, .3); filter: alpha(opacity=30); /*ie8*/ border-right: 4px solid #f15a29; height:100%; width:50px; float:left; } #sidebar p { -webkit-transform: rotate(-90deg); -moz-transform: rotate(-90deg); -o-transform: rotate(-90deg); -ms-transform: rotate(-90deg); transform: rotate(-90deg); position: relative; top: 50%; font-size:30px; white-space: nowrap; } #content {margin:0 auto; width: 960px;padding-top:45px;overflow-x:auto;height:100%} #wrapper{padding-top:20px;} #footer { height:60px; background:url(http://i.imgur.com/juPqbXY.png) repeat-x #e2e2e2; } #footer .footer-block { width:960px; margin:0 auto; } #footer .footer-bottom { clear:both; margin-top:3px; } body.metal #middle { background-image:url(http://i.imgur.com/UlDBmPh.jpg); } #middle div { color:#FFF; }

Thank you gizmola. I appreciate your and requinix's and ginerjm's help. Regarding setting the "text name" portion to be the same for both, do I understand you to mean: From Email: myaccount@mydomain.tld From Name: theirname <theiremail@theirdomain.tld>

For the record, ginerjm, I don't want to allow people to send out fake emails and generate spam. While I had been setting the SetFrom address as the user's email, I stated in my response to gizmola that I no longer think it is a good idea. It has nothing to do with ethics as feel in an ideal world it is more appropriate to display identifying email of the individual who authored and sent the communication, and only to do with how to feasible deliver well intended emails. I agree requinix there are many legitimate use cases. To see how Evite does it, I just signed up. They use the recipricant’s name and reply email, but an Evite from email. I think this is what I will do. My problem with the SPF/DKIM option is it would be too much work for some small individual in a big organization to get IT to make the changes (or am I missing something?). Thanks gizmola. Bigcorporation.com is only a possible recipricant. The headers I showed you came from my site, and went to my gmail account. I think I am benefiting from mywebhosting.com’s whitelisting, and while I am not sending out spam, I should not take it for granted. Agree an email from my site as the FROM email, the user’s name, and the user’s email as reply only makes sense?

Hi gizmola, Thank you for your comprehensive response. I learned a new word today: “nefarious”. Well used I have had almost 100% delivery success when using both gmail smtp servers as well as my hosting companies smtp servers. The one issue I have witnessed is when sending an email where the FROM email belonged to a large company and the recipient belonged to that same domain, the email wasn’t delivered. That being said, it appears that I have been relaying and you have me convinced that negative consequences will likely arise in the future. A typical email header when sent to a gmail account looks like the following (if I send it to a corporate email, there is much more). Relaying? Do you mind explaining any other implications gleamed from these headers? Delivered-To: jane.recipient@gmail.com Received: by 10.27.231.134 with SMTP id e124asp2784405wlh; Mon, 30 Nov 2015 07:02:42 -0800 (PST) X-Received: by 10.50.18.114 with SMTP id v18xr418453asd.91.1448895762159; Mon, 30 Nov 2015 07:02:42 -0800 (PST) Return-Path: <john.sender@bigcorporation.com> Received: from smtp1.mywebhosting.com (smtp1.mywebhosting.com. [987.654.32.109]) by mx.google.com with SMTP id 88si11073401ioi.168.2015.11.30.07.02.41 for <jane.recipient@gmail.com>; Mon, 30 Nov 2015 07:02:42 -0800 (PST) Received-SPF: neutral (google.com: 987.654.32.109 is neither permitted nor denied by best guess record for domain of john.sender@bigcorporation.com) client-ip=987.654.32.109; Authentication-Results: mx.google.com; spf=neutral (google.com: 987.654.32.109 is neither permitted nor denied by best guess record for domain of john.sender@bigcorporation.com) smtp.mailfrom=john.sender@bigcorporation.com Received: (qmail 30248 invoked from network); 30 Nov 2015 15:05:52 -0000 Received: from unknown (HELO subdomain.mysite.com) (outgoing@mysite.com@123.456.789.01) by smtp1.mywebhosting.com with (DHE-RSA-AES256-SHA encrypted) SMTP; Mon, 30 Nov 2015 10:05:52 -0500 Date: Mon, 30 Nov 2015 07:02:40 -0800 To: Jane Doe <jane.recipient@gmail.com> From: John Doe <john.sender@bigcorporation.com> Subject: Request for Bid - My Subject Message-ID: <d8513dfb2385467256e7684c6913fef8@subdomain.mysite.com> X-Mailer: PHPMailer 5.2.12 (https://github.com/PHPMailer/PHPMailer/) MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="b1_d8513dfb2385467256e7684c6913fef8" Content-Transfer-Encoding: 8bit The trick of using a valid FROM email address and the email author’s email address for the REPLY TO doesn’t seem that bad. You stated “I know that's not what you're trying to do…”. Are there many shortcomings of this approach? If the email author’s email address is john.sender@bigcorporation.com, would it work to use a fictional FROM email of john.sender@mysite.com and a REPLY email of john.sender@bigcorporation.com. Thanks again!

Wow, I didn't know I was guilty of all that. Think they will let me into Heaven?

Thanks ginerjm, You mean send it from my email client (i.e. Outlook, etc)? Or send it from my website using FROM notioncommotion@mysite.com, and using the email's author's REPLY email only?

Thanks requinix, I currently have some notice at the bottom of the email stating that the email was sent by mysite.com. Yes, bigcorporation.com is the domain I am claiming to send as. In response to your three options: Maybe it will be viable if I give the user the ability to either use their own email service, or if they don't know it or wish to share it, use mine at the risk of having emails to their intended recipients be blocked. If I worked at bigcorporation.com, however, I would likely be wary of doing so as I might get in trouble. For DKIM and SPF, will the IT manager of bigcorporation.com need to alter the companies email policies? If so, probably not going to happen. Maybe. At a minimum, the most email clients would display the recipient's name, true? Using their email as the reply email will never be blocked, right? Maybe adding something to the effect of "Sent in behalf" as the send email address will make it more clear?

I can think of one good reason. If I, as a user, use some application to send someone an email, I want them to know it is from me so they take the time to open it. As a recipient, I often will not even look at an email if I do not know who it is coming from.

I have a website which allows users to send emails in their behalf. I am using PHPMailer with smtp using the mailserver provided by my hosting company, and setting SetFrom as the user's email. As the user is generating the email, I don't think I am doing anything unethical or illegal. If you disagree, please advise why. Recently I noticed Gmail displayed the following warning when receiving such an email: Upon clicking "Learn more", multiple content was displayed, however, it appears that the following applied. Is this what is causing this warning? Is there anything that can be done to prevent it? If need be, an acceptable solution is to have the user provide such authentication data, store it in a DB, and include it with all emails initiated by him or her.

Not worried about ON DELETE CASCADE not being perfect, only my memory not being perfect. Typically I use RESTRICT 90% of the time and SET NULL the rest of the time. I will sometimes attempt to delete a record and catch it and respond if it fails an integrity constraint. Not good I if forgot that I have it to cascade! I also have a problem with viewing some script, and not seeing the other functionality such as CASCADE’s or triggers (not saying I never use triggers, I just don’t make a habit of doing so). I expect better documentation by me may mitigate both of these concerns.

Or maybe instead of basing the decision to use ON DELETE CASCADE on the trust of the user who makes the change, it should also be based on the type of record deleted. For instance, is a many-to-many cross table a good canidate to always use it on?

I wish to remove all the data that depends on the parent record. So, do you use CASCADE for this need, or do you use RESTRICT or NO ACTION on the dependent records, use the application first delete the dependent records, and then have the application delete the parent records? Why?

Yea, my first two statements with an "Agree?" question were more of a SQL question. Added them trying to give context, but probably shouldn't have. But the last part was where I need help. You imply that not using ON DELETE CASCADE results in highly visible, easy to change, one place in code. Presumably, using ON DELETE CASCADE may result in the opposite? Not trying to go round and round in a debate; just trying to better cement my own approach. I believe that it does matter who executes a query. If I have multiple applications (or even more relevant, multiple people) performing queries, then ON DELETE CASCADE likely makes sense. Do you know of any other reasons why one would recommend using ON DELETE CASCADE?

This is more of a PHP question (or at least an application question) and not really a SQL question, so please read on. First, would like some opinions of my assumptions... ON UPDATE CASCADE should typically be used on natural keys but never on surrogate key regardless of whether a human or PHP is executes the queries as the natural key values may be changed in the future. ON DELETE CASCADE should typically be used on surrogate keys where a human executes queries, but most likely never on natural keys regardless of whether a human or PHP executes the query as it just seems wrong. Disagree? If so, why? So, my question.... Should ON DELETE CASCADE (or maybe even ON DELETE SET NULL for that matter) ever be used when PHP solely executes the queries? Please provide rational why or why not. Thank you

Well, I feel silly. PHP is being ran as apache. Probably better to use something like www-data so it is simpler to change websevers if desired. Still odd that I earlier wasn't able to create the directory. I changed permissions to 0775, and apache belonged to the NotionCommotion group. Oh well, all is good now, and probably best not to use groups like I did for this.

Yes, I recognize that permission is denied. Why? As I showed on the original post, the parent directory is 0755 and is owned by the PHP user.

I am sure it is a silly mistake, but don't see it. Can anyone tell me why I cannot create a directory? Thanks echo('filepath1: '.$filepath1.'<br>'); echo('filepath2: '.$filepath2.'<br>'); echo('fileowner: '.posix_getpwuid(fileowner($filepath1))['name'].'<br>'); echo('fileperms: '.substr(sprintf('%o', fileperms($filepath1)), -4).'<br>'); echo('current_user: '.get_current_user().'<br>'); echo('filepath1 exists: '.(file_exists($filepath1)?'Yes':'No').'<br>'); echo('filepath1 is a directory: '.(is_dir($filepath1)?'Yes':'No').'<br>'); echo('filepath2 exists: '.(file_exists($filepath2)?'Yes':'No').'<br>'); if(!file_exists($filepath2)){mkdir($filepath2, 0755);} filepath1: /var/www/main/user_resources/documents/30 filepath2: /var/www/main/user_resources/documents/30/01 fileowner: NotionCommotion fileperms: 0755 current_user: NotionCommotion filepath1 exists: Yes filepath1 is a directory: Yes filepath2 exists: No An error occurred in script '/var/www/main/ application/classes/application.php' on line 197: mkdir(): Permission denied (error no: 2). [12.34.56.789]

Agree a port needs to be open to hear through that port. Doesn't websockets by default use 80 and 443? I don't claim to know, and base this on https://en.wikipedia.org/wiki/WebSocket. If so, could a server that responds to websockets not act as a webserver? Needless to say, I am very new to sockets!

Thanks 0X00, Sorry for being cryptic, but I am not allowed to communicate the application. What I heard you say is "yes, this is possible, but not really with PHP and will require some lower level language such as C, etc." If I misread you, please advise. PS. I like your comment "All networks are based on sockets, e.g. Berkley Sockets, WinSock, etc..." It confirms what I somewhat already suspected. Thanks again, Michael

Yes, I totally agree. I tried to make that clear in the original post. Assuming that server B initiated the connection, will http://php.net/manual/en/book.sockets.php work? My initial review indicated that they are not sophisticated enough to pass header information to return to originating client. If not, how can this be accomplished?

Don't want port forwarding or a DMZ. For arguments sake, lets say Server B is located behind my home router, and my router has a semi-static public IP as defined by my IP provider. If I am using a browser behind my home router, it is my understanding that I could initiate a websocket to a server, and later receive pushes from that server. If a browser could do it, why could it not be done without one?

But websockets uses port 80/443 by default, no? How does it accomplish it?

Maybe something like the following... <?php $data=array(); $query=''; foreach(array('name','phone') as $key) { if(isset($_POST[$key]) && $_POST[$key]!=''){ $data[$key]=$_POST[$key]; $query.="$key=:$key,"; } } if(!empty($data)){ $sql = 'UPDATE myTable SET '.trim($query, ",").' WHERE id=:id'; $data['id']=123; $q = $conn->prepare($sql); $q->execute($data); }

Thank you Scootstah, No, there is no web browser client, and I will check sockets out. Something I've always planned on doing, but never really did in earnest. Note that assuming the firewall is configured to allow communication on standard ports such as 80 or 443 is acceptable, but setting up port forwarding to a given local IP is not. It sounds like I am okay in this regard, but if you feel differently, please advise. Thanks again! EDIT. Will some network configurations prevent this? Somehow Server A needs to get back to Server B, and without port forwarding or equal, the local IP needs to be somehow bundled in the response.