NotionCommotion

See the last sentence in my first post. Or see Barand's post.

The var_dump command displays all the elements in the variable. $_GET is an array. As seen, there isn't any indexes the the array. You then ask for $_GET['org_id'] which obviously does not exist, thus the error.

At the top of your PHP script, add var_dump($_GET);. What do you see? Is it set? You later use isset to first check which is the way to do it if you don't want a notice.

Could someone please execute the following script. The test.msg file needs to be an MS Outlook file. To create one, open an email using Outlook and save as a msg file. I'm not sure if OpenOffice will work as well. <?php $finfo = finfo_open(FILEINFO_MIME_TYPE); $filetype=finfo_file($finfo, 'test.msg'); echo($filetype); ?> What output did you get? I get application/CDFV2-corrupt. Is that correct? Shouldn't it be application/vnd.ms-outlook? I am running Centos 6. What operating system are you using? Thank you

I have the request headers for three posts. Can someone help me interpret them? Some like the Host, Referer, Unser-Agent, and Cookie are rather obvious, but not positive about the rest. Thanks Traditional form with post method Accept text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Encoding gzip, deflate Accept-Language en-US,en;q=0.5 Authorization Basic TWljaGFlbDpTdW5zaGluZQ== Connection keep-alive Host www.example.com Referer https://www.example.com/lib/testing/post.php User-Agent Mozilla/5.0 (Windows NT 6.1; WOW64; rv:35.0) Gecko/20100101 Firefox/35.0 jQuery Ajax with post method Accept */* Accept-Encoding gzip, deflate Accept-Language en-US,en;q=0.5 Content-Length 192 Content-Type application/x-www-form-urlencoded; charset=UTF-8 Cookie BACKSESSID=ldeklk651f1fia0olqaubfqrb6 Host test.sites.example.com Referer https://test.sites.example.com/administrator/index.php?cid=2&controller=detail&id=1125382824 User-Agent Mozilla/5.0 (Windows NT 6.1; WOW64; rv:35.0) Gecko/20100101 Firefox/35.0 X-Requested-With XMLHttpRequest xhr request using fineuploaded plugin Accept text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Encoding gzip, deflate Accept-Language en-US,en;q=0.5 Cache-Control no-cache Content-Length 11480 Content-Type application/octet-stream Cookie BACKSESSID=ldeklk651f1fia0olqaubfqrb6 Host test.sites.example.com Referer https://test.sites.example.com/administrator/index.php?cid=2&controller=detail&id=1125382824 User-Agent Mozilla/5.0 (Windows NT 6.1; WOW64; rv:35.0) Gecko/20100101 Firefox/35.0 X-File-Name Circuit%20Breaker.xlsx X-Mime-Type application/vnd.openxmlformats-officedocument.spreadsheetml.sheet X-Requested-With XMLHttpRequest

Turns out it was something I was doing. Using an older version of FineUploaderBasic (xhr streaming file uploading) caused the warning. The file was uploaded so I didn't know there was an error.

CroNiX, As far as I know, I am not posting anything which is causing this error. I just looked in my error log and saw the message. Maybe someone is hitting my server using cURL, and it isn't me at all. But if someone is and it is causing php errors, I should at least know the nature of the error and it's potential impact, agree? It seems like the clue is in Unknown on line 0, where normally I see in /var/www/example/application/classes/site_frontback.php on line 150. What could cause the filename from showing up as Unknown and the line as showing up as 0?

I have a dialog which contains an input field. The input field should display a default value, and have a jQuery autocomplete attached to it. I have it 99% working with the below code, and a live demo is at http://jsbin.com/zihoxekacu/1/. The problem is if user types "tw", they can select "two", but after they do, I wish to have the input field go back to "Search Help", and not display "Two". Interestingly, even if I reload the page using FireFox (not IE or Chrome), the input still displays "Two". Thanks! <!DOCTYPE html> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> <title>Testing</title> <link href="https://ajax.googleapis.com/ajax/libs/jqueryui/1.10.3/themes/ui-lightness/jquery-ui.css" type="text/css" rel="stylesheet" /> <script src="https://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.js" type="text/javascript"></script> <script src="https://ajax.googleapis.com/ajax/libs/jqueryui/1.10.3/jquery-ui.js" type="text/javascript"></script> <style type="text/css"> </style> <script type="text/javascript"> $(function(){ $('.getHelp').click(function(e){ $('#dialog-help').dialog('open'); }); $("#dialog-help").dialog({ autoOpen : false, height : 500, width : 640, open: function(event, ui){ $(this).find('input.searchHelp').val('').blur(); } }); $("#dialog-help input.searchHelp").autocomplete({source: ['one','two','three'], minLength: 1,select: function(event, ui){ $(this).val('').blur(); $('#dialog-help div').text(ui.item.value); }}); $('.default-value').each(function() { var $t=$(this), default_value = this.value; $t.css('color', '#929292'); $t.focus(function() { if(this.value == default_value) { this.value = ''; $t.css('color', 'black'); } }); $t.blur(function() { if($.trim(this.value) == '') { $t.css('color', '#929292'); this.value = default_value; } }); }); }); </script> </head> <body> <button type="button" class="getHelp" >open</button> <div id="dialog-help" class="dialog-help"> <input class="searchHelp default-value" type="text" name="search" value="Search Help" /> <div></div> </div> </body> </html>

That is the issue. I don't know what the problematic code is. It is just a line in my error log. Line 0? What is line zero? What file did the error occur in? All my other log entries look something like the following, and I have a clue where to start looking: [Mon Feb 16 10:48:09 2015] [error] [client 22.33.444.555] PHP Fatal error: Call to undefined method com_maintainance_controller_default::save() in /var/www/example/application/classes/site_frontback.php on line 150, referer: https://foo.bar.example.com.com/index.php?cid=22&preview=640030448 Again, don't want to needlessly increase some parameter until I know what is causing it.

What might be causing this error? How would you recommend troubleshooting? Thanks [Tue Feb 17 13:34:32 2015] [error] [client 11.22.33.44] PHP Warning: Unknown: POST Content-Length of 97807773 bytes exceeds the limit of 8388608 bytes in Unknown on line 0, referer: https://foo.bar.example.com/administrator/index.php?cid=2&controller=buy&id=1949621100

Agree with Psycho. By the way, each does the same thing: $message = “{$nonce}{$token}{$path}0.1buy965.45”; $message = $nonce.$token.$path."0.1buy965.45”; $message = $nonce.$token.$path.'0.1buy965.45';

Not sure I understand the question. What are you attempting to do?

Since you are initiating from a button, this means you are initiating from the client. Why not just use Ajax to start the routine? Or, is it a different domain? If so, you have same origin policy to deal with. I believe there are workarounds (Access-Control-Allow-Origin, jQuery's jsonp), but I believe there are security risks. If you want to hit the originating server first, you can use curl. If you don't want to wait for the transaction to complete, you might either need to run a thread in the background, or send headers telling the browser the transaction is complete (the later is typically preferred).

I actually contacted my provider (Comcast), and they said while it is not officially allowed, it is okay as long as it is not abused (i.e. has much bandwidth, obviously serving inappropriate content, etc). For my case, it is a development server which is only accessed by me, and sometimes I wish to view the site remotely. For the OP, I would expect he only will be accessing it, so it is probably find. In regards to the OP's question, I agree with mac_gver. What do you wish to accomplish? What is "reading" the files on your local machine? If you wish to access files on your local machine via a web browser, consider hosing a simple website on that machine. You still need to deal with public/local IPs as mac_gyver indicated.

Thanks Kicken, Yes, I suppose it is the same as the "Forgot Password" routine. I'll probably, however, wish to increase the duration due to the nature of the business request. I am creating my tokens using the following. Seem random enough? $token=bin2hex(mcrypt_create_iv(16, MCRYPT_DEV_URANDOM)); At times, I've attempted to make them more human friendly using the following. Is Crockford's Base-32 better? Is there an easy way to implement it? $encoder = new Base2n(5, '0123456789ABCDEFGHJKMNPQRSTVWXYZ'); $token = $encoder->encode($token); In regards to allowing the user to copy the token, do you ask them to copy the link and put it in their browser, or copy just the token and input it in a form? Thank you

An email is sent to the user which contains a link with an ID which identifies the recipient of the email plus the nature of the message conveyed. The user clicks the link on the email, and a page is displayed which displays the user's identity plus details of the message based on the ID. A link is included on the page which performs one (and only one) of the following three tasks: If the user is logged on (as determined by a session), an edit page is displayed which allows the user to modify data pertaining to the message. If the user (as determined by something in the link) is not logged on but they have previously set up a password, a username/password form is displayed to allow them to log on. Upon logging on, they will be sent to the aforementioned edit page, however, I have this part handled. If the user is not logged and they have never set up a password, a form is displayed presetting their username which allows them to set their password. I know I "could" just sent them to the normal logon page (task 2), but don't like this approach from a ux prospective. Upon completing the form, I will probably return them to the logon page instead of automatically logging them on, but that is a different story. My question relates to the third task. Obviously, I can't use some weak ID which makes it easy to find forms which allow passwords to be set. Is this approach acceptable providing that I use a strong random ID? Should the ID be the same ID as used on the originating email? Any other thoughts on how to implement this? Thank you

Think you got a loop going on with the multiple posts! Why don't you just not display the record if it doesn't exist?

You really got a response like that? It doesn't appear to be valid JSON. On a side note, I am going to stress that you use the following code often when starting off. You could also use var_dump($array) which actually gives you more information, but the below is easier to read when you are new. echo('<pre>'.print_r($myvariable,1).'</pre>'); For instance, maybe one of your variables includes something crazy like the below. Where do you start? Well, print_r first tells you that the top part is an object. That means that you access properties using ->someobjectpropertier (as apposed to ['somearrayelement'] for an array). someobjectpropertier and somearrayelement are just names I picked, and don't mean anything special. As you go down, print_r tells you if it is an object, an array, or if neither, a string. So, if I need something_I_need, I could use $myvariable->myarray['myobject']->something_I_need. Make sure you understand this perfectly as you will be doing this often. stdClass Object( [high] => 8650.00 [last] => 8500.00 [timestamp] => 1410341807 [bid] => 8310.00 [vwap] => 8414.15 [volume] => 107.05882350 [low] => 8480.00 [ask] => 8500.00 [myarray] => Array ( [high] => 8650.00 [last] => 8500.00 [timestamp] => 1410341807 [bid] => 8310.00 [vwap] => 8414.15 [volume] => 107.05882350 [low] => 8480.00 [ask] => 8500.00 [myobject] => stdClass Object ( [high] => 8650.00 [last] => 8500.00 [timestamp] => 1410341807 [bid] => 8310.00 [vwap] => 8414.15 [volume] => 107.05882350 [low] => 8480.00 [ask] => 8500.00 [something_I_need] => The Prize! ) ))

I totally agree. For most applications, the user should assess the risk, and chose a password of applicable strength.

I've seen applications which prevent me from using the same password if used for the past 10 passwords. Don't know if this really improves security as it forces one to put sticky notes all over their monitor, and it gets hard to even see the monitor thru all of them. But if this functionality was desired, you would need to store the previous hashed passwords.

If you are going to save the passwords in the database, don't even bother hashing them in the first place. That being said, you don't want to not hash your passwords, thus do the second choice!

On a past project, I used JavaScript on a PC under my control (or it might have been the server), used PHP to convert it to an image, and had the user's browser view the image. I might have some of the detail wrong as it was a while ago, however, it worked perfect. Or you could just tell non-JavaScript users "no fancy graphs for you!"

Go by my script, not my narrative

I was just giving an example on how json_decode() works. Try the following. The print_r() is just to show you what is happening. Given some json, you use json_encode() to turn it into an array, and then you access the various array elements as you desire. <?php $ch = curl_init('some_api_information'); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_HEADER, false); $result = curl_exec($ch); $array=json_decode($result); echo('<pre>'.print_r($array,1).'</pre>'); $low=$array['low']; echo($low); ?>

Did you look at the link I sent you?