NotionCommotion

Fife, While it might not be doing what you want it to do, the good news is it is doing exactly what it is suppose to do. You JOIN your tables, and then put a WHERE clause on it to filter for a given user. This removes all the tests which the user has never completed, which obviously is not your intent. I made a couple mistakes in my previous query, but I still think it is the way to go. See how the condition to check the user is in the ON clause and not in the WHERE clause? Note that it assumes ut.expires is the date when the user must retake the test. Does this make sense? If it is just a flag, then I agree with Barand's remarks, and you should rethink your strategy. SELECT tt.idtreatmentTest FROM treatmentTests AS tt LEFT OUTER JOIN userTest AS ut ON ut.idtreatmentTest=tt.idtreatmentTest AND ut.iduser=123 WHERE ut.expired IS NULL OR ut.expired<NOW(); EDIT. Also, when getting unexpected results, I highly recommend testing your queries the old fashion way directly in MySQL instead of through PHP. Nine times out of ten, it will be obvious right when you see the query.

Not saying I didn't trust you , but I put together the following script just to prove it to myself. Sure enough, using domain .mysite.com allows subdomains to set cookies for one another. I'll need to mull it over for a bit. Thanks again for your help. <?php $domain=explode('.', $_SERVER['HTTP_HOST']); $primary=$domain[count($domain)-2].'.'.$domain[count($domain)-1]; $value="value for cookie {$domain[0]}"; $host=$_SERVER['HTTP_HOST']; $cookies=print_r($_COOKIE,1); setcookie('server_side_cookie_'.$domain[0], $value); echo("<script type='text/javascript'> document.cookie = \"client_side_cookie_{$domain[0]}='{$value}';domain=.{$primary};path=/\"; </script> <p>Host={$host}</p> Cookies Array:<pre>{$cookies}</pre>"); ?>

Access a second session array.

My query assumed tt.expired is a datetime field indicating when the user's certificate will expire.

Try something like the following. SELECT tt.idtreatmentTest, tt.expired FROM treatmentTests AS tt LEFT OUTER JOIN userTest AS ut ON ut.idtreatmentTest=tt.idtreatmentTest AND tt.iduser=123 WHERE tt.expired IS NULL OR tt.expired<NOW();

Any problems with the following? Is there a better way to do it? Thanks <?php //Use a cookie based session, and read and write to it session_start(); $_SESSION['foo1']='bar1'; $bla1=$_SESSION['bla1']; //Get some data from a second session (note that I don't think it matters, but I will not be writing to the second session) $session_id=session_id(); session_id($_GET['session_id']); session_start(); $data=$_SESSION['data']; //Go back to first session. session_id($session_id); session_start(); //Read and write to the first session $_SESSION['foo2']='bar2'; $bla2=$_SESSION['bla2']; die(); ?>

After giving more thought, I am going with the longer domains as you recommend. bob.public.mysite.com bob.administrator.mysite.com www.mysite.com The "administrator" subdomain is user defined, and I will just query the DB using the name "bob" to confirm it matches, else return a missing page header. www.mysite.com is the features/signup/etc site. It seems to me that "www" is just another, albeit very common, subdomain. Cookies under this site will be isolated from the other two, right?

Thanks Jacques1, Yes, there was some confusion, but less so now. Not saying I necessarily do or do not wish to do so, just that I wish to understand the implications. Good point about login.yourdomain.com, and I probably should put some controls in place for login.user_sites.yourdomain.com as well.

Thank you CroNiX for your reply, I actually am but didn't think this changes the implications of my question as I am using a cookie to store my session ID and not passing it via the URL.

My expectations are that it is not possible. Please confirm or deny.

I started http://forums.phpfreaks.com/topic/292413-cookie-priority-with-common-names/ a while back, and basically heard that I should use separate domains if I wish to ensure that cookies cannot be manipulated between one another. For instance, each of the following three URLs will have their own cookies which cannot be accessed from the others. joe.user-sites.example.com/index.php joe.site-admin.example.com/index.php main-site.example.com/index.php Problem is I don't wish to force the user to use these long URLs. Instead, I wish the user to see: joe.example.com/index.php admin.joe.example.com/index.php (or joe.example.com/admin/index.php if it is easier to make secure) example.com/index.php How is this accomplished? Thank you

I really gotta get this regex thing licked!

I don't know. Maybe he is really interested in cats and dogs, and your solution is perfect.

But it is the thought that counts

Thanks ignace, Yes, I was thinking of something similar. May I ask whether you actually do so in practice? What is the purpose of type hinting (PDO and PageFactory) the arguments sent to __construct()?

Thanks mac_gyver. I've never used constant() before. Looks like it is only needed when you wish to dynamically assemble the constant name (No point in using echo constant("MAXSIZE"); as described by http://php.net/manual/en/function.constant.php, right?). The array approach would work, however, I would need to use a global variable if used in multiple scripts and there is no way to prevent them from inadvertently being changes, so they are not true constants, right? Maybe a singleton class which is accessed as const::const('someConstant') or const::const('someGroupConstant','someGroup')? Or is what I am asking not typically desired, and maybe I should re-think my needs?

Hi Rafal, Its been a long time since I haven't used PDO (and you really should check it out), however, it looks like you are okay with sql injection. Most sites inform the user that the username and/or password is invalid as it prevents a bad buy from first knowing they have a valid username and then trying random passwords with it. Your approach informs them if they have a valid username but invalid password, and is actually more code intensive (not a big deal) as it queries the database twice. Your choice. In regards to session hijacking, you probably want to rely on others for final judgement.

Often in the very beginning of index.php, I will define a bunch of constants. To make sure I can quickly identify them as being one of my defined constants, I will often include some sort of prefix. define ('xzy_somecontant',123); define ('xzy_anothercontant',321); Sometimes I have a bunch of constants that are related; define ('xzy_id_for_page1',123); define ('xzy_id_for_page2',231); define ('xzy_id_for_page3',312); It would be nice to somehow group them into say "xzy_page_ids", and then access them by some index such as "page1" or "1" (or whatever makes sense for the given naming structure). Is this possible? Is there another defacto way of doing so such as a static class or something? Thanks

SQL injection will only occur when you interface with the database. Since you didn't show this scope, we wouldn't know. Note that SQLinjection is most easily prevented by using PDO prepared statements. If the data isn't escaped, the "data" desired to be inputted into the DB can change the SQL query to perform some unintended result. I also don't believe your script indicates whether session hijacking can or can't be accomplished. I suppose if this is your only script and a user has no ability to add JS to the content, you should be okay. You might want to look at password_hash() instead of hash(). Also, I don't think using a cryptic key for your session array (i.e. $_SESSION["e64X96ea"]) provides any protection.

I could be wrong, but it sounds like he is trying to learn regex, and wanted to use regex for this example. I messed around with it for a bit, but I am really bad at regex.

I know it is totally unrelated to your question, but I recommend not opening and closing PHP tags as often. Maybe there is some performance savings (or maybe the opposite), but any potential savings will greatly pale to the lost time in your life trouble shooting it (if others disagree, please comment). foreach($FinalName as $key => $item) { echo('<tr><td><input type="checkbox" name="fSelected[]" value="'.htmlspecialchars($FinalID[$key]).'" />'.($FinalID[$key] & $item).'</td></tr>'); } As for your specific question, I would probably do one of the following: Don't use Ajax, but submit each item to your server, and have it update your session value and send back the appropriate HTML. Don't use Ajax but just JavaScript (or jQuery which is JavaScript for noobs like me) to add hidden inputs on the existing page. If you do wish to use Ajax to update your session, you will need to send with it the session ID so that the server knows the session file to update.

Issam, I tend to agree with Requinix's questions/recommendations that you might be chasing the wrong carrot. If you really wanted to do so, my first inclination was to use some sort of native operating system function (are you running Linux/Windows/etc?) along with PHP's exec(), and then parse if if necessary. On a whim, I Goggled "php find cpu load", and the first hit was http://php.net/manual/en/function.sys-getloadavg.php, so you might want to check out this as well. Before doing so, however, you should find out what is causing over usage and deal with it.

Thanks requinix, On my original post, I said less than 500 documents per user. But what if I am wrong? I will change to something that spreads things out evenly. For now, I won't save the full path. If I ever need to, the paths can be derived from the ID. Thanks for your help

So, you would not create a separate folder for each user, correct? Why or why not? Two character will result in 256 sub-folders per folder instead of 16, however, I guess this is better and agree. I actually wasn't planning on storing the hash, just the following four fields, and and the fifth if the full path was saved. Saving the full path just seems anti-normalized, however, maybe it makes sense. id: 5 name: blabla.pdf users_id: 27 date_uploaded: 2014-11-15 13:59:59 full_path_to_file: /bla/bla/user_files/e4/da/3b7fbbce2345d7772b0674a318d5

Ah, you've redeemed my faith in Newbies! So I condensed the output to make it simpler. It contains two primary elements: transactions which is in turn an unassociated array containing (7) associated arrays, and lastblock which is a string. When you apply the foreach on it, you or iterating over these two elements, yet it is obviously that you need to iterate over the transactions array (and when you do, $tx will be one of those 7 associated arrays, and sure enough category, confirmations, address, amount, and txid are all there - at least I hope so because I didn't check While this didn't not specifically solve your issue, it gives you the clues to quickly figure it out. Array ( [transactions] => Array ([0] => Array(...),[1] => Array(...),[2] => Array(...),...,[7] => Array(...)) [lastblock] => 00000000000000000db5d7c653732396fa7345bb4f97cbab73720e29d9c0b7bd )