Ninjakreborn

Does that go at the very top or something, right under session_start(); I never worked with ini_set() before but it sounds like a good idea?

thanks

I found something in one of my includes here [code]<ul> <li><a href="/gateway.php?url=pets" title="Pets">Pets</a></li> <li><a href="/gateway.php?url=jewelry" title="Jewelry">Jewelry</a></li> <li><a href="/gateway.php?url=electronics" title="Electronics">Electronics</a></li> <li><a href="/gateway.php?url=personalitems" title="Personal Items">Personal Items</a></li> <li><a href="/stolengateway.php" title="Stolen Items">Stolen Items</a></li> <li><a href="/gateway.php?url=miscitems" title="Misc Items">Misc Items</a></li> <li><a href="/postfound/found1.php" title="Post Found Items">Post Found Items</a></li> <li><a href="/postlost/lost1.php" title="Post Lost Items">Post Lost Items</a></li> <li><a href="/advancedsearch.php" title="Advanced Search">Advanced Search</a></li> </ul>[/code] Those url's it is complaining about Here are some of the errors [quote]Warning Line 53 column 35: cannot generate system identifier for general entity "PHPSESSID". <li><a href="/gateway.php?url=pets&PHPSESSID=cdc07925fc3affa87855d873a5649dec" t An entity reference was found in the document, but there is no reference by that name defined. Often this is caused by misspelling the reference name, unencoded ampersands, or by leaving off the trailing semicolon (;). The most common cause of this error is unencoded ampersands in URLs as described by the WDG in "Ampersands in URLs". Entity references start with an ampersand (&) and end with a semicolon (;). If you want to use a literal ampersand in your document you must encode it as "&amp;" (even inside URLs!). Be careful to end entity references with a semicolon or your entity reference may get interpreted in connection with the following text. Also keep in mind that named entity references are case-sensitive; &Aelig; and &aelig; are different characters. If this error appears in some markup generated by PHP's session handling code, this article has explanations and solutions to your problem. Note that in most documents, errors related to entity references will trigger up to 5 separate messages from the Validator. Usually these will all disappear when the original problem is fixed. ✉ Error Line 53 column 35: general entity "PHPSESSID" not defined and no default entity. <li><a href="/gateway.php?url=pets&PHPSESSID=cdc07925fc3affa87855d873a5649dec" t This is usually a cascading error caused by a an undefined entity reference or use of an unencoded ampersand (&) in an URL or body text. See the previous message for further details. ✉ Warning Line 53 column 44: reference not terminated by REFC delimiter. ...href="/gateway.php?url=pets&PHPSESSID=cdc07925fc3affa87855d873a5649dec" title If you meant to include an entity that starts with "&", then you should terminate it with ";". Another reason for this error message is that you inadvertently created an entity by failing to escape an "&" character just before this text. ✉ Warning Line 53 column 44: reference to external entity in attribute value. ...href="/gateway.php?url=pets&PHPSESSID=cdc07925fc3affa87855d873a5649dec" title This is generally the sign of an ampersand that was not properly escaped for inclusion in an attribute, in a href for example. You will need to escape all instances of '&' into '&amp;'. ✉ Error Line 53 column 44: reference to entity "PHPSESSID" for which no system identifier could be generated. ...href="/gateway.php?url=pets&PHPSESSID=cdc07925fc3affa87855d873a5649dec" title This is usually a cascading error caused by a an undefined entity reference or use of an unencoded ampersand (&) in an URL or body text. See the previous message for further details. ✉ Info Line 53 column 34: entity was defined here. <li><a href="/gateway.php?url=pets&PHPSESSID=cdc07925fc3affa87855d873a5649dec" t Warning Line 54 column 47: reference not terminated by REFC delimiter. ...f="/gateway.php?url=jewelry&PHPSESSID=cdc07925fc3affa87855d873a5649dec" title ✉ Warning Line 54 column 47: reference to external entity in attribute value. ...f="/gateway.php?url=jewelry&PHPSESSID=cdc07925fc3affa87855d873a5649dec" title ✉ Error Line 54 column 47: reference to entity "PHPSESSID" for which no system identifier could be generated. ...f="/gateway.php?url=jewelry&PHPSESSID=cdc07925fc3affa87855d873a5649dec" title ✉ Info Line 53 column 34: entity was defined here. <li><a href="/gateway.php?url=pets&PHPSESSID=cdc07925fc3affa87855d873a5649dec" t Warning Line 55 column 51: reference not terminated by REFC delimiter. ...gateway.php?url=electronics&PHPSESSID=cdc07925fc3affa87855d873a5649dec" title ✉ Warning Line 55 column 51: reference to external entity in attribute value. ...gateway.php?url=electronics&PHPSESSID=cdc07925fc3affa87855d873a5649dec" title ✉ Error Line 55 column 51: reference to entity "PHPSESSID" for which no system identifier could be generated. ...gateway.php?url=electronics&PHPSESSID=cdc07925fc3affa87855d873a5649dec" title ✉ Info Line 53 column 34: entity was defined here. <li><a href="/gateway.php?url=pets&PHPSESSID=cdc07925fc3affa87855d873a5649dec" t Warning Line 56 column 53: reference not terminated by REFC delimiter. ...teway.php?url=personalitems&PHPSESSID=cdc07925fc3affa87855d873a5649dec" title ✉ Warning Line 56 column 53: reference to external entity in attribute value. ...teway.php?url=personalitems&PHPSESSID=cdc07925fc3affa87855d873a5649dec" title ✉ Error Line 56 column 53: reference to entity "PHPSESSID" for which no system identifier could be generated. ...teway.php?url=personalitems&PHPSESSID=cdc07925fc3affa87855d873a5649dec" title ✉ Info Line 53 column 34: entity was defined here. <li><a href="/gateway.php?url=pets&PHPSESSID=cdc07925fc3affa87855d873a5649dec" t Warning Line 58 column 49: reference not terminated by REFC delimiter. ..."/gateway.php?url=miscitems&PHPSESSID=cdc07925fc3affa87855d873a5649dec" title ✉ Warning Line 58 column 49: reference to external entity in attribute value. ..."/gateway.php?url=miscitems&PHPSESSID=cdc07925fc3affa87855d873a5649dec" title ✉ Error Line 58 column 49: reference to entity "PHPSESSID" for which no system identifier could be generated. ..."/gateway.php?url=miscitems&PHPSESSID=cdc07925fc3affa87855d873a5649dec" title ✉ Info Line 53 column 34: entity was defined here. <li><a href="/gateway.php?url=pets&PHPSESSID=cdc07925fc3affa87855d873a5649dec" t[/quote] I didn't classify this as html, because my url's have to do with php.  And it is adding an & at the end of those to add session id behind the scenes, but it's not escaping it, that is one of the problems, so if I can fix that, it will fix it on most of the pages throughout the website, because that is included on every page.

I know one aspect of it is & in urls and to replace them with &amp; but the thing is it's automatically stringing my session id's I am done with the project, I don't want to dedicate too much more time to it, but I don't want to keep leaving those validation errors if I can find away to clean it up fairly quickly, it's all related to my php.

[quote]Below are the results of checking this document for XML well-formedness and validity. Warning Line 53 column 35: cannot generate system identifier for general entity "PHPSESSID". <li><a href="/gateway.php?url=pets&PHPSESSID=27131950d80f588c760f16f44e7cf06d" t An entity reference was found in the document, but there is no reference by that name defined. Often this is caused by misspelling the reference name, unencoded ampersands, or by leaving off the trailing semicolon (;). The most common cause of this error is unencoded ampersands in URLs as described by the WDG in "Ampersands in URLs". Entity references start with an ampersand (&) and end with a semicolon (;). If you want to use a literal ampersand in your document you must encode it as "&amp;" (even inside URLs!). Be careful to end entity references with a semicolon or your entity reference may get interpreted in connection with the following text. Also keep in mind that named entity references are case-sensitive; &Aelig; and &aelig; are different characters. If this error appears in some markup generated by PHP's session handling code, this article has explanations and solutions to your problem. Note that in most documents, errors related to entity references will trigger up to 5 separate messages from the Validator. Usually these will all disappear when the original problem is fixed. ✉ Error Line 53 column 35: general entity "PHPSESSID" not defined and no default entity. <li><a href="/gateway.php?url=pets&PHPSESSID=27131950d80f588c760f16f44e7cf06d" t This is usually a cascading error caused by a an undefined entity reference or use of an unencoded ampersand (&) in an URL or body text. See the previous message for further details. ✉ Warning Line 53 column 44: reference not terminated by REFC delimiter. ...href="/gateway.php?url=pets&PHPSESSID=27131950d80f588c760f16f44e7cf06d" title If you meant to include an entity that starts with "&", then you should terminate it with ";". Another reason for this error message is that you inadvertently created an entity by failing to escape an "&" character just before this text. [/quote] is it not possible to keep a site that uses sessions validated.  because if some of the pages require you to be signed in, so the validator won't be abel to get to those, what do I do about all of this?

it's hard to explain. How do I query a database, if I didn't have any idea what database information was there, what query can I use to check all available database's to select from. and what tables are in those databases. Sort of like recon information in a blind zone, I have no db access but have to get something done.  except through my scripts of course/

I know I just checked to make sure it was I contacted her and ran a test on it, it worked right, I was unaware it happened like that.

I just ran into a difficult problem, that might have destroyed the integrity of my entire site.  I have sessions set up for people to login with, it runs off sessions. On the admin page I have the sessions running off there too, but unfortunately, it overwrites each other, when I am logged in on one browser, you see if I have a browser here and I login to my test account, then I login to her admin account.  When I log out of my user test account it kills the sessions in her admin account, is this just because I am using hte same browser or will it happen to her everytime anyone logs out, because i Have session_destroy(); set on a page, when they logout it kills the session, but I was thinking this will also cause problems now with other user's because if someone logs out then everyone in the world that is logged in get's there session killed, a lot of people will be pissed? what is going on here?

I didn't know that, I will use that, and keep that in mind thanks.

I am using google on it first.  I already did. I am checking through again, I am about to start learning how to set them up myself so I understand how they work as well, before I start using the ones the server provides automatically.

So then the more passwords the better.  Hmm.  THe other question was the cron jobs.  What do I NEED to set them up, if there not related to web pages, I am guessing they are completely seperate from php.  What language are they a part of, or they a stand alone module that can be used with many languages. Or are they part of one specific language like perl.

I realize about sessions, I figured out that sessions send cookies by default, I will eventually do my own sessions handling, but for now I had a question. Sessions vrs Straight sessionless cookies.  If I have an admin page, and I know it's only 1 admin, never anyone else, if I use her ip, THAT SHE TELLS ME, is her current ip for instance. EXAMPLE ONLY, not a real ip that I know of. 244-532-322 Ok fake ip number. For instance if she tells me, "joyel, this is my ip". I say to her "ok". then I do this for instance I have it when she logs into admin, I have her ip already stored, I check for username/password, then I check for HER ip address.  Then I set cookies.  Not sessions but cookies.  THen I log her in, and everything.  a permanent cookie by the way.  With no lifespan.  Then all of a sudden the next time she log's in, I have it setup to check her ip, and make sure it's still the same if not it automatically bans whoever's ip there was.  Is this going to be very secure, I thought it up this morning, is it going to be pretty secure or not necessarily. I was thinking to permanently ban someone, I can have it write information to the htaccess file like you would write any other file, and just write in ip addresses as they get banned, I don't see why it wouldn't work.

I have 2 questions. The first question I have is about PHP Security.  I am wondering about double password access.  It's easy for someone to "guess" a username, but normally they have to "force the password.  If I use 1 username, but have double passwords(2 passwords) for each username does that increase security.  Any standard tool used for "brute force" or "dictionary" attacks would be unsuccessfully, because they are created to crack 1 text box, or 1 password area, with 1 username and 2 passwords, both passwords are different, and random numbers, I don't see how anyone can get in. mini-question- Is it possible for someone to use brute force on something but never get the password.  Can they get into something that is password protected in other ways, without figuring out the username and password, or if you secure the username and password protected is it impossible for them to get in. Question Number 2. Cron Jobs, I "feel" personally that I have mastered my current languages Xhtml, CSS, PHP, MySql, and Javascript but I am ready to move onto some other things.  The few things I want to ask about here are I am going to definitely learn ajax, xml, cron-jobs, ruby on rails, and start beginner courses on asp, jsp, perl, and c+, doesn't mean I am going to learn them completely yet, I just want the basics, so I can be well rounded, not enought o do anythign with them, but enough to have a general idea of most of the basics.  For now I have 1 question About cron-jobs, this is the main question, I think cron-jobs are php, so I put it in php. What are cron jobs, I know there something that recur's but if you set one up, can it redo itself over and over again whether someone visit's a script or not.  Does it run even if noone goes to it, if it does that can be invaluable, and time saving and save server load, insteead of doing regular php programs to do something on each login you could have cron jobs doing it regularly at scheduled intervals.  Can I set up cron jobs with just a regular unix server, php page, and php processor, or is there something special I need to start learning how to set one up.  What are there main uses for.

can you do it with php my admin also I will check into that for now thanks

How do you reorganize fields in a table I have 4 fields, and I want to make the 3rd field up to where the 1st is, it was my primary, I want my primary on top but have never had to change them around before.

no paypal automatically sends everything you need to do that, if you tell it to notify, the people never even go to that page, it just sends a token to the page, that activates the page, and handles things, I told you, you are getting into something pretty hairy, you might want to freshen up on php a bit before tackling this, it can get pretty rough, and I have to get back to concentrating on work soon.

yes when I rewrote the code I took that out, you can use some comparison operators but on variables, like less than greater than sometimes using sql operators are more helpful than pulling them into php and doing it, but for statements you HAve to use [quote]AND OR[/quote]

[code]<?php if ($num===0) {     echo 'Your Password And/Or Username Are Not Correct-Please Try Again <a href="index.php">Here</a>';     } else { $query_2="SELECT id FROM users WHERE username = '$username' && password = '$password'"; $result_2=mysql_query($query_2) or die(mysql_error()); $id=mysql_fetch_array($result_2); // returns the data found-hopefully. print $id; ?>[/code] ok if you don't clean this up like I said you'll regret it later your echo. And your trying to access your id wrongly.  Here is the thing you don't understand right now mysql_fetch_array() is meant to capture an ARRAY into the variable, meaning you have to understand arrays to do this, that's whY i said earlier basic's first, you can't jump straight to mysql queries without knowing other stuff, like arrays and general variables. THis is what your code should look like print is fine, but I find echo better, if you use print 1 itme in your script use all print, if you use echo, then use all echo it's neater. here is your code again, with what it should look like if you want it to do what you want. and I cleaned it up a bit. [code] <?php if ($num===0) {     echo "Your Password And/Or Username Are Not Correct-Please Try Again <a href=\"index.php\">Here</a>"; }else { $query_2 = "SELECT id FROM users WHERE username = '$username' AND password = '$password';"; $result_2 = mysql_query($query_2) $id = mysql_fetch_array($result_2); // returns the data found-hopefully. echo $row['id']; ?> [/code] as you can see a few thigns you were doing are bad habits.  Now the $row calls the array if you had of use $shithead = mysql_fetch_array($result_2); then you access it $shithead['id']; same thing you access the array, followed by the value $row['id']; if you had other stuff you just replace the variable with the field name in your database $row['variable']:

no return just returns them after they pay, You have to get it to send a token to your script if you want to play with the variables, just add <input type="hidden" name="notify_synch" value="http://www.yourdomain.com/script.php" /> or something and it will send the information to your script there are things you HAVE to do, for it to work, so all of that script except my database calls are from paypal, that HAS to happen, you just put your db calls in there, how much php do you know??  The stuff get's pretty hairy in themiddle of it.

when you are allowing them to sign up simple have [code]<?php $select = "SELECT username FROM userinfo WHERE username = '$username';"; $query = mysql_query($select); if (mysql_fetch_array($query)) { echo "I apologize but the username is already taken"; } ?>[/code] that's it, as for pulling the info where user name and password is tested after they click submit to login it's [code]<?php $select = "SELECT username, password FROM userinfo WHERE username = '$username' AND password = '$password';"; $query = mysql_query($select); if ($row = mysql_fetch_array($query)) { echo "You have logged in successfully"; } ?>[/code] these examples won't work but it'll give you an idea on wher eto start.

of course I can.  But I have to hurry I am working. <p>$5.99(30 day plan)</p> <form action="https://www.paypal.com/cgi-bin/webscr" method="post"> <input type="hidden" name="cmd" value="_xclick"> <input type="hidden" name="business" value="ewkilgore@yahoo.com"> <input type="hidden" name="item_name" value="upgrade account 1 month(30 day) plan"> <input type="hidden" name="item_number" value="30"> <input type="hidden" name="amount" value="5.99"> <input type="hidden" name="no_shipping" value="1"> <input type="hidden" name="no_note" value="1"> <input type="hidden" name="currency_code" value="USD"> <input type="hidden" name="bn" value="PP-BuyNowBF"> <input type="hidden" name="return" value="http://www.elostandfound.info/thankyou.php"> <input type="hidden" name="cancel_return" value="http://www.elostandfound.info/cancelpayment.php"> <input type="image" src="https://www.paypal.com/en_US/i/btn/x-click-but02.gif" border="0" name="submit" alt="Make payments with PayPal - it's fast, free and secure!"> <img alt="" border="0" src="https://www.paypal.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form> <p>$19.99(365 day plan)</p> <form action="https://www.paypal.com/cgi-bin/webscr" method="post"> <input type="hidden" name="cmd" value="_xclick"> <input type="hidden" name="business" value="ewkilgore@yahoo.com"> <input type="hidden" name="item_name" value="account upgrade 1 year(365 day) plan"> <input type="hidden" name="item_number" value="365"> <input type="hidden" name="amount" value="19.99"> <input type="hidden" name="no_shipping" value="2"> <input type="hidden" name="no_note" value="1"> <input type="hidden" name="currency_code" value="USD"> <input type="hidden" name="bn" value="PP-BuyNowBF"> <input type="hidden" name="return" value="http://www.elostandfound.info/thankyou.php"> <input type="hidden" name="cancel_return" value="http://www.elostandfound.info/cancelpayment.php"> <input type="image" src="https://www.paypal.com/en_US/i/btn/x-click-but02.gif" border="0" name="submit" alt="Make payments with PayPal - it's fast, free and secure!"> <img alt="" border="0" src="https://www.paypal.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form> Ok these are my forms, you can just copy and paste these forms but you just have to change a few things. Here is a cut down of the various fields and what you can change them with. [code]<form action="https://www.paypal.com/cgi-bin/webscr" method="post"> It has to go to that address, just set it there WITH the https  it also HAS to go through post method <input type="hidden" name="cmd" value="_xclick"> This HAS to be _xclick <input type="hidden" name="business" value="ewkilgore@yahoo.com"> Here you can simply change that email address to your paypal email address you are working with. <input type="hidden" name="item_name" value="account upgrade 1 year(365 day) plan"> This is the item NAME, the actual name of the item <input type="hidden" name="item_number" value="365"> This can be for an item number, OR some notes on the item, just to help you remember something <input type="hidden" name="amount" value="19.99"> This is the price, whatever you want it to charge the person. <input type="hidden" name="no_shipping" value="2"> leave this alone unless you are more advanced <input type="hidden" name="no_note" value="1"> leave this alone <input type="hidden" name="currency_code" value="USD"> leave this alone unless you are more advanced <input type="hidden" name="bn" value="PP-BuyNowBF"> have no idea <input type="hidden" name="return" value="http://www.elostandfound.info/thankyou.php"> this is the address that paypal will return the user to after they pay, just make it one of your pages, and leave a little thank you message or something should do.  this will be after they saw payment details so all you really have to have there is thank you, but you can turn that off if you want, it just brings them back to your site where you specify <input type="hidden" name="cancel_return" value="http://www.elostandfound.info/cancelpayment.php"> this is where they go if they cancel during the middle of the payment, they go to your site where you specificy, if you don't want this you can just leave it off. <input type="image" src="https://www.paypal.com/en_US/i/btn/x-click-but02.gif" border="0" name="submit" alt="Make payments with PayPal - it's fast, free and secure!"> <img alt="" border="0" src="https://www.paypal.com/en_US/i/scr/pixel.gif" width="1" height="1">[/code] add this one in there too somewhere <input type="hidden" name="notify_return" value="http://www.elostandfound.info/recieve.php" / > this is the most important line of code, the paypal system will send information to a script on this page, and take care of everything from there.  On your recieving script you have to have a minimum of standard, te hn you can do your database operations based on what you have. [code]<?php // read the post from PayPal system and add 'cmd' $req = 'cmd=_notify-validate'; foreach ($_POST as $key => $value) { $value = urlencode(stripslashes($value)); $req .= "&$key=$value"; } // post back to PayPal system to validate $header .= "POST /cgi-bin/webscr HTTP/1.0\r\n"; $header .= "Content-Type: application/x-www-form-urlencoded\r\n"; $header .= "Content-Length: " . strlen($req) . "\r\n\r\n"; $fp = fsockopen ('www.paypal.com', 80, $errno, $errstr, 30); // assign posted variables to local variables $item_name = $_POST['item_name']; $item_number = $_POST['item_number']; $payment_status = $_POST['payment_status']; $payment_amount = $_POST['mc_gross']; $payment_currency = $_POST['mc_currency']; $txn_id = $_POST['txn_id']; $receiver_email = $_POST['receiver_email']; $payer_email = $_POST['payer_email']; $connect = mysql_connect("localhost", "##33", "####"); $select = mysql_select_db("elostand_general"); if ($item_number == "30") { $paydate = date("m/d/y"); $timeperiod = 30; $paid = "yes"; $update = "UPDATE userinfo SET paid = '$paid', timeperiod = '$timeperiod', paypalid = '$payer_email', paydate = '$paydate' WHERE email = '$payer_email';"; mysql_query($update); } if ($item_number == "365") { $paydate = date("m/d/y"); $timeperiod = 365; $paid = "yes"; $update = "UPDATE userinfo SET paid = '$paid', timeperiod = '$timeperiod', paypalid = '$payer_email', paydate = '$paydate' WHERE email = '$payer_email';"; mysql_query($update); } if (!$fp) { // HTTP ERROR } else { fputs ($fp, $header . $req); while (!feof($fp)) { $res = fgets ($fp, 1024); if (strcmp ($res, "VERIFIED") == 0) { // check the payment_status is Completed // check that txn_id has not been previously processed // check that receiver_email is your Primary PayPal email // check that payment_amount/payment_currency are correct // process payment } else if (strcmp ($res, "INVALID") == 0) { // log for manual investigation } } fclose ($fp); } ?>[/code]

ah, I see that, thank you for the advice, it is appreciated.

emtpy?  if you mean removing everything from the table, I delete it all and it doesn't reset, is there an option called empty, where do I find this.??

what is the error, line, or error message.

I think I didn't even use it. I logged into her paypal account, and went over and started making buttons,a fter some difficulties I tried another paypal system, that wasn't for me, so I used ipn, and I saw the manual on the website.  It was easy, just pass a few specific things into the form that you are sending through paypal, I wanted to use paypal's encrypted buttons, but it's such a low budget project, I don't give a shit.