JasonLewis

That's the thing: most websites offer some sort of members list so it's hardly difficult to obtain someones username. So you know for a fact you'd be getting it right, even if the error message kept saying "invalid username or password". If anything I think providing a more detailed error message is helpful for the user who may be silly like me and have a small range of username/password combinations with slight differences.

Was having a discussion with a friend about logins, since I was developing mine to determine which of the credentials was incorrect to inform the user that they got the password wrong. Is this security issue? My friend seemed to think so. The way I thought of it is, they'll probably know your username anyway. Like people here will know what my username is from looking at my, well, username (although my display name was changed recently, mwhaha!). So telling them that they specifically got the password wrong if they logged in incorrectly with my username isn't going to mean anything, right? That's my thinking. I personally like seeing a more detailed message, as on various sites I go by jaysonic, or jaysonic1991 (if jaysonic is taken) and sometimes even jaysonic91 (I don't know why...). So when I login and it says "Your username or password was incorrect" I curse them silently because I don't know which! Since I also have a few various passwords this makes it somewhat annoying sometimes. Long story short. Are detailed login error messages (specifically stating which credential was wrong) a security issue?

Better safe then dead. Or something...

Although a search wasn't even required in this instance... which means the OP really didn't give a rats ass if anything had been posted previously, or even a week or so ago. I believe only half a dozen topics down is a related topic which would have been in clear view.

You know what would make this design sparkle, a marquee! I'm drooling just thinking of all the things you could put inside that marquee.

Yeah josh.

I don't think my clients will agree with that... That wasn't meant to be taken 100% seriously. Like I said, unless you need it to work in older browsers I'd use the rgba method. I still prefer the absolute minimum http requests.

I heard he has a crush on Rebecca Black as well.

A little bit of rasta man, oh yeah.

How about screw those guys on lame ass old browsers. Update or gtfo. Unless of course you really really really need to ensure it has the opacity in an older browser. If not, just set a lighter gray as the background color then set the background to the rgba value. Degrades gracefully enough and those who aren't tadling around in the year 2000 can enjoy your nice div. I honestly prefer anything that uses less http requests.

Yeah pain in the ass that isn't it. Depending on your needs you can use rgba. Example: #mydiv { background: rgba(0, 0, 0, 0.5); }

Let's look at your code Debbie. This is the start of your log_in.php file. As you can see you start displaying HTML. That's all good. <?php // Start Output Buffering. // ob_start(); // Initialize a session. session_start(); // Access Constants. require_once('config/config.inc.php'); ?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <!-- HTML Metadata --> <title>My Site - Log In</title> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <meta name="description" content="Log in to your account to access special member-only areas." /> <meta name="keywords" content="Something" /> <!-- Page Stylesheets --> <link type="text/css" rel="stylesheet" href="css/main.css" /> <link type="text/css" rel="stylesheet" href="css/dropdown.css" /> <link type="text/css" rel="stylesheet" href="css/log_in.css" /> </head> But now further down the file you're trying to use header. That's a no no. You've already begun to show HTML above it, so it chucks a tantrum and throws errors at you. Bummer huh. Basically, to fix your problem you must do any sending of headers or starting sessions before you output any HTML. So technically this stuff would need to above everything. // Redirect User. if (isset($_SESSION['returnToPage'])){ header("Location: " . $_SESSION['returnToPage']); }else{ // Take user to Home Page. header("Location: " . WEB_ROOT . "index.php"); } If you can't do that, then the fact is that you probably aren't piecing it together very well. So that leaves us with output buffering. What you're doing with output buffering is preventing any of your HTML from being sent. The stuff that you display is instead stored internally. This allows you to still send headers and start sessions. Then at the end of the page you flush the internal buffer thus displaying all of the contents of the page. Seems pretty good. It is. But in your case you shouldn't really be doing it. But if you really can't re-structure your code then you may have to settle for buffering your output. Good luck.

No, they shouldn't. As long as you have your code structured so that any PHP that deals with headers is at the very top you shouldn't be encountering any problems and should have no need for output buffering.

Make sure there is nothing, not even a single whitespace character before your opening PHP tag. It must be at the very top. On output buffering, no it's not evil and yes it does have its uses. I've used it to capture the output of included view files so I can manipulate the views or pass variables to them etc. Many frameworks do the same thing. But for something like the old "headers already sent" error you should avoid using output buffering to patch it up. If you need to send headers or start a session it should always be done at the very very top before absolutely anything.

Jeeze, big move. I had been thinking of doing the same but feared it might throw to many off. lol yeah... gonna take some getting used to, even for me... feels weird... but I figure I'll get used to it eventually. Figured it was time to "grow up" a little Was gonna say, who the frak is that .josh son of a bitch. Turns out to be that CV son of a bitch.

You could add the address to an array, and use in_array to see if the address has already been used. $query = "SELECT data_txt FROM jos_sobi2_fields_data WHERE fieldid = 76 AND itemid = $mySobi->id"; $result = mysql_query($query) or die(mysql_error()); // An array of unique addresses $unique = array(); while($row = mysql_fetch_array($result)){ if(in_array($row['data_txt'], $unique)){ // This is not a unique address, add it to the div or whatever }else{ // Address is unique, new row or something and add it to the array. $unique[] = $row['data_txt']; }

I'd hate to be an ass, but if you noticed it was deprecated you probably should've noticed the link to the PCRE extension.

Perhaps it has something to do with creating multiple XMLHttpRequest objects? Try placing that code outside of the function so it's only run once.

What is the white-space property set to on the containing div? If it's breaking out of the containing div I'd look at making sure that white-space is set to normal. white-space: normal; http://reference.sitepoint.com/css/white-space Are you sure this is JavaScript related?

You can use either DISTINCT or GROUP BY. Both will achieve what you want. I'd go with GROUP BY though: SELECT data_txt FROM jos_sobi2_fields_data WHERE fieldid = 76 AND itemid = $mySobi->id GROUP BY data_txt No reason to do this in PHP, you're better off restricting the query like above.

If you're using output buffering to fix this you shouldn't be. The code you're running should be placed before any output anyway, as it is doing nothing with/to output. Output buffering isn't a solution to this problem, it's a band aid.

Are you using a syntax highlighter? You can see your problem above. My general rule of thumb is to use single quotes whenever possible. echo '<img src="' . base_url() . 'assets/images/avatar.jpg" alt="" />'; I removed the $data->avatar_file, not really sure what you want done with that? Basically, you were escaping your quotes but that buggered up your concatenation. You needed an extra quote, here is an example of how you'd do it how you were trying to: echo "<img src=\"" .base_url() . "assets/images/avatar.jpg\" alt=\"\" />"; I still prefer the single quotes method though, that way you don't need to escape your double quotes.

Where are you from? @TLG: Good god it's a brick! How badass would you look busting that thing out. Be even cooler if you had to manually raise the antenna! Haha.

Yeah it's always a tough decision. I might see if any of the phone shops around my area even have them in store. Heh, we don't have many phone shops around here. But I'll see. From what I've read though everyone digs the Samsung more mainly for it's super sexy screen. Well, that's what it seems like. It all comes back to the screen eventually. I'll just have to have a play. Thanks guys.

Ooohh. That's interesting. I have a friend who has the Galaxy S and he won't stop going on about it. Why do you like the Sensation a lot? The UI? Speed? Responsiveness? From reading some comparisons they're both close in all aspects.