btherl

I don't really understand what you are asking. Are you saying you want to create your own templating system which has the basic features of Smarty?

From that short description, I'm not really sure what you're talking about .. PS: I know what PHP, XML, plugin and hook mean, I'm just not sure how you intend to put them together

You can look on google for "md5 recovery" or "md5 cracking" John the ripper is one of the old school ones that I used to use. But the process will be very slow unless you have some clues as to what the password may be. It's a slow process because md5 password are not intended to be converted back to the original password.

Are you sure you modified the right php.ini? Did you restart the web server after modifying it? What OS and web server are you using and how did you install php?

Another option is to use curl to submit the data to paypal (google "curl php")

No it doesn't. I'm not going to discuss this further because it's off-topic.

I mean that the program that decrypts the data must have access to a secret allowing the data to be decrypted. The "secret" could be a sequence of 128 bits, for example. Now the problem is that if the program knows this secret and can decrypt the data, then a hacker can examine the program, find the secret and ALSO decrypt the data. This is true regardless of what algorithm you use to encrypt the data. So I am still not sure what you are proposing - how will this method ensure that someone with access to the database cannot access the data while still allowing the programs that are intended to access the data to access it?

But it IS reliable enough to be a realistic solution. It works perfectly fine in practice. Read my earlier post in this thread for details on when it works and when it doesn't.

HTTP_REFERER is nothing to do with globals. It's a variable sent by the browser to the server, and ALL such variables must be made available to the php script in one form or another. Anything else is insanity. Currently the recommended method of access is $_SERVER register_globals and superglobals is another issue altogether, and has nothing to do with availability or accuracy of HTTP_REFERER. As for its accuracy, it remains high, unless your userbase is skewed towards technically inclined users. I can't believe that some people claim that it is unreliable when all real evidence is clearly to the contrary. FYI, my work involves clickstream processing of something like 200 million hits daily, where most of our data sources include the HTTP_REFERER data.

I don't see how genetic algorithms would help. The problem in all cases is that you still need to decrypt the data, and that defeats any system that doesn't rely on the user to provide some kind of secret. I think the fundamental idea is flawed.

rj, what did phpinfo() show differently for firefox and IE7? If sessions do not work with IE7, that indicates that IE is configured not to accept cookies, or not to pass cookies to the pages you want to pass them too. Does a simple session example with a single file work with IE7? Regarding criticisms of HTTP_REFERER, it is perfectly ok to use it as long as you understand its limitations. Websites should always be designed for the majority of users, and the majority will send HTTP_REFERER correctly with each request.

HTTP_REFERER is an excellent method of detecting and denying access to unauthorized links to your files. It is an insufficient method of preventing direct downloads by a determined user. It does not prevent this. If all the OP wants is to prevent direct links to his files from other sites, then HTTP_REFERER is not only appropriate but is ideal. All the arguments against HTTP_REFERER make the assumption that the user using the browser is malicious, but it still provides protection against a malicious website.

Oh .. it looks like an error in the forum software that allows that to happen. The forum software allows you to include arbitrary files on the server by setting the "page" variable. So if you can upload an image, supposedly your avatar, but which happens to include php code as well, then you can get the forum to include your image as a "page". The underlying problem is that the forum software allows you to include arbitrary files. If you fix that, then it doesn't matter what images your users upload. How to fix it (or if you need to fix it) depends on your particular forum software..

Try using phpinfo() to see exactly what IS set by IE 7. Then you can go from there.

Where have you been hearing about php image injection? If you can give me a source then I can help you.

For 1, no the function doesn't take ownership of the variable. The variable is shared between the function scope and global scope. When the function finishes, the variable goes back to being a standard global variable. If another function then declares the same variable as global, then the variable is shared by that function until it finishes. You can even call another function inside that function which also shares the same variable. There's actually a hard limit of around 64,000 times you can do this at one time, but it's unlikely you'll hit that For sessions, try this to get you going. session_start(); print "\$_SESSION[foo] = {$_SESSION['foo']}<br>"; if (empty($_SESSION['foo'])) { print "Setting it to 'bar'<br>"; $_SESSION['foo'] = 'bar'; } The first time you run it, it will show that $_SESSION['foo'] is empty. But on all subsequent runs, it will show it to contain "bar". Regarding objects in sessions, yes you should try the OOP forum But first you should learn the general idea behind sessions. Basically they let you keep variables between script runs. Session data is stored in a file on the server, and is identified by a cookie.

1. You must declare it as global inside EVERY function that accesses it, BEFORE you access it. You can think of the "global" instruction as meaning "Import this variable into local scope." $foo = 'bar'; function dothis() { global $foo; # Now you can treat access $foo as a normal variable } 2. Yes, you can dynamically define constants. Silly huh? But you can't redefine them. Example: $var = 'bar'; define('FOO', $var); print FOO . "\n"; define('FOO', 'baz'); print FOO . "\n"; 3. Sessions! You must be careful to ensure your classes are defined before session data is read though. People in the OOP sub-forum can help you with that I'm sure, I'm a bit of an OO noob.

My gut feeling is that it's a problem with your hosting provider's libraries. I recommend sending the error to them. Then again, I know very little about the GD libraries .. I'm sure someone else is better placed to advise. You might also want to try changing the "" in the imagepng() call to null, as that is what is specified in the documentation for imagepng(): imagepng($insert, null, 100);

Some examples of what you can do in C but not in PHP - Interface with libraries written in C or C++ - Write fast low-level algorithms for specific applications - Interface with system calls not already supported in php Most php extensions are just bindings to an existing C or C++ library.

Let's back up a little - what is the purpose of encrypting the secondary data table? What are you trying to achieve?

Yes you can profile in your test environment, but you should also profile in production as well. Concurrency can make a BIG difference in many situations, as well as load on the server.

Salting is definitely a good idea, otherwise you can tell when two users have the same data. But as for accessing the data, the program accessing it must know how to decrypt it. Will that depend on something input by the user? Otherwise it must be the same key for all users.

Dynamic in what way?

Looks ok to me. Substituting the solution for k gives back 97 on the LHS.

I believe this is the information you are looking for.