Ninjakreborn

No matter what you do, or how you do it, if someone wanted to do something bad enough to it, they would do something to it.  That is a fact, where there's a will there's a way, all you can do is work to make it as secure as possible, hope for the best and learn from your mistakes if you ever get hacked. Even if you tried every possible way to make it  bullet proof, bullets could still get through, nothing you can do, but try your hardest to make it secure, while still having fun. What you currently have looks pretty secure. but if your password is apples, then someone probably already got it, that's a shitty password, try letter's and numbers, you have to remember if someone get's the apssword they can connect from your database even from another website, unless there was a firewall behind it, and even then they sometimes could.  WHat I suggest, is if you haven't already create a good password.  Something with letters, and numbers, starting with a letter though.

That's with sucky formatting. here is an updated version. [code]<form action="nextpage.php" method="get"> <input type="radio" name="form_gen" value="male" checked="checked" />Male <input type="radio" name="form_gen" value="female" />Female <input type="radio" name="form_car" value="bmw" />BMW <input type="radio" name="form_car" value="ford" checked="checked" />ford <input type="radio" name="form_car" value="jeep" />jeep <input type="submit" name="submit" id="submit" value="Submit"> </form>[/code] You forgot to close those tags, and always name your submit buttons even if there just named submit,.

[code]<form action="nextpage.php" method="get"> <input type="radio" name="form_gen" value="male" checked="checked">Male <input type="radio" name="form_gen" value="female">Female <input type="radio" name="form_car" value="bmw">BMW <input type="radio" name="form_car" value="ford" checked="checked">ford <input type="radio" name="form_car" value="jeep">jeep <input type="submit" value="Submit"> </form>[/code]

That's not going to happen, being limited to just passing get variables.  You need some kind of login if you don't already have one, plus either sessions or cookies.  On top of that you need to pass the variables necessary, and even in this particular situation passing get variables between urls for this, would be pointless, you should automatically generate the url's via db interacting into the session variables, when they first login, and pass that information from page to page, this will save you a lot of time, and a lot of headaches, and be a little more secure. 

It has to be applied in the form of a link, there has to be some point when someone clicks on a link to have hte query string there. You could have a front page, that says click here for flash version, or here for non flash version non flash version has no code the other is like <a href="index.php?page=flash">Flash Version</a> That sends hte variable $page = flash across to the other page, so you can activate the flash or whatever or you can send to another redirect page and have if ($_GET['page'] == "flash") { $page = "indexwithflash.php"; header('Location: ' . $page); }else { $page = "index.php"; // regular index page with no flash header('Location: ' . $page); } Even still you can do something like have the variable disable and enable flash as necessary,

THe bottom line is if you have session_start(); at the first line of code, ther eshould be no reason why it's saying headers already sent.

you can use header if you want to relocate, I just normally leave them on the homepage in the logged in form.  As far as password protected entire pages if (isset($_SESSION['username']) { // entire page }else // you are not logged in } for a quick way 2 other ways could be at the top if (empty[$_SESSION['username']) { // exit the thing then relocate them, or whatever } there are hundreds of ways to do it literally and for the relocation [code]header('Location: ' . $page);[/code] WIth page being set to the url of the page you want them to go to, you can use relative url's as well. in this situation, whenever the script hits that line though it automatically redirects, so be careful where you place it, or you can cut off some of the important parts of your script. BUt that will redirect them to whatever page you want.

exacly like he states above.  With that example, that is exactly how I was meaning for redirect. 

No that sets the variable. It means that if you set that, http://www.domain.com/index.php?page=flash like if you have in a link index.php?page=flash they click on that, on the index.php page if you type out echo $page; it's going to say flash it just registers the variable with the value for use on the next page. Even if it's a quick script to see which one was set for redirection.

I don't care what anybody tells you, you have absolutely no reason to need to use cookies "with" sessions.  If you change the php ini settings to max session cookie lifetime, it automatically set's a cookie on the computer, then allows it to pass the session id around.  It traps it in the url when they come back to visit, and passes it around, you can test it for yourself, login's are really nothing, have 1 page that they login at.  check the db for username and password, (with hashign or whatever precautions you take. if they match, register the sessions with $_SESSION['whatever'] = whatever php.net claims session_register as outdated so I wouldn't use it then at the top of each page throw in session_start(); I have 1 sessions normally called controller, set to true then If i want something to display or not to display for people who are logged in or out I say if ($_SESSION['controller'] == true) { if I want it to display and != true if I don't want it to display, like if they can login, after that above login I put if ($_SESSION['controller'] != true) { // show login form, information to login with }else { // show link to logout, or whatever } when you are ready for them to logout throw out session_destroy(); on the logout page and that's it they can no longer go to the password protected pages.

or they could be testing the browser for flash, and if it exists it shows that, if not it doesn't, it could be anythign.

Oh I just checked it, if it's set to flash it displays the flash elements, if you take it off, the flash elements are x-ed out.

[code]?page=flash[/code] That simply means as I states the ? ends the actual url information and starts the variables the variable page is set to teh word flash $page = flash; is how you would do it, or how it would look in php. this probably tells a redirecting page to send it to the flash version of the site, or could be for something else, or something used in the script to decide whether to activate flash or not.  Could be many reasons.

That looks like it would be safe, just don't specify a time in the php.ini and if defaults to when the browser closes.  So you just close the browser after your done to kill the session, if you specify a time, then 2 things can happen. 1. it can delete your sessions before you are even finished with what you are doing. 2. if it's set too high it can make it to where if there is a lot of time left over after you close the browser someone could hijack the sessiona nd finish doing what you started, or work on what you were working on, leaving it to default makes it clear as soon as you close the browser.  Other than that it should be safe.

I liked what he showed above, that looks a lot cleaner to me.

Like you can take and do this with like 20 url's and have 1 page handle all of those url's based on the contents of the get variables, and have it use the location header to redirect them to the appropriate pages, it can severely cut down on the number of pages on your server.

[code]$regexphone = " /^[0-9]{3}-[0-9]{3}-[0-9]{4}$/";  // regex phone validation if (!preg_match("$regexphone", $_POST['phone'])) { $errorhandler .= "Telephone format invalid, use 000-000-0000 format<br />"; }[/code] format would always have to be 000-000-0000 or 555-555-5555 like area code- first3 letters- last 4 lettters

They are get queries used in universal pages or the like All it means is http://www.whatever.com that is the domain name http://www.whatever.com/index.php that is the filename that you are on, the homepage in this case http://www.whatever.com/index.php?name=west&born=1983 That is the domain name, followed by the page they are on the question mark ends hte actual url information and starts variable information there just php variables, this becomes $name = "west"; $born = 1983; what would be that those values are assigned to those variables on the next page USING the get command $_GET['name'] $_GET['born'] the first variable contains "west" the second containes 1983 Then you have other symbols for other things, if the variables values contain spaces, you see + for every space, if there are other special characters they automatically get url encoded.

if (isset($_POST['month'])) { is that what you are asking??

I will try this a little later thanks.

I don't see how ,but there using shell comment tags, remove the comments, clean it up some, if you are using that anyway, atleast clean it some so we can view it, so I can understand what everything is doing

This doesn't even look to me like it will work, what the hell kind of format is this. [code]‘:)’  => ’smile.gif’,[/code] They are all still url encoded, I don't see why they would need to be like that when displaying them.  If you want to show emoticons, it's simple get the pictures for the emoticon, or make them in photoshop. Now name them what they are, if it's a smiley gif's are better for this specific task so smiley.gif whatever now save that in a variable smiley.gif smiley = "smiley.gif"; but make sure it's leading to the path of the picture . wherever you want it to appear use <img src="<?php echo $smiley; ?>" /> that should print out the picture or you can dynamically use it from the database simply put in the url of the picture in the database and then call it from the database and do the same thing if you have the db array stored in $row again just use <img src="<?php echo $row['smiley']; ?> /> or something like that.  It's pretty simple, you can set it up any number of ways if you so desired.

see what started happening is it started running through the script every time it entered, the reason for extra db calls was to retrieve the updated version of the information, because I had to test the status on some fields, do a few updates based on that, then test it again, do some more updates then finally, test for 1 more thing, which included some previous updates in the same script, then run a few more queries.  I got everything functioning currently, it all functions like I want, so I am not being picky, If I can get it optimized, or cut down to less lines of code, to achieve the same successful result, then I don't mind giving it a try I can save my code on another page, and just pull it back if something goes wrong.

not possible, I don't think a built in function does that, only idea, is auto increment by 2, in an array.  I guess like for 0 - odd number's start at 1 auto increment it +2, for each and every array entry it'll be 1 3 5 7 9 11 and set a maximum like 500 for the maximum that should handle most of your needs then create another array auto increment it by +2 which I think is ++++ ++ is auto increment then run the array through that until a max 500 so it would be 2 4 6 8 10 and so forth, then pull out some regex's and start working with creating a variable to test it against the array, somehow and try to figure out whether it matched the array on an even number or on a odd number, that's a theory to run with atleast.

keep this post saved, if I think of any possibilities later, or have time to test some stuff I will let you know.