Jump to content

Psycho

Moderators
  • Posts

    12,157
  • Joined

  • Last visited

  • Days Won

    129

Everything posted by Psycho

  1. If the number is 26 characters or more, I would copy/paste. So, the length would be inconsequential.
  2. I didn't state that I have a script. I merely stated that is the method in which I have seen hotlink preventing implemented before.
  3. Obfuscation is not a valid form of security. If you want to prevent unauthorized users from accessing the admin page, then implement an authentication mechanism.
  4. The way I've seen hotlinking prevented is to use a server-side page to serve the images (which are not publicly available). That page can then perform the logic of whether to provide the requested resource or not. If not, you can provide a default image to use in its place (i.e. "hotlinking not allowed message" or something similar). So, instead of providing src values of "http://www.mydomain.com/image.jpg" you could use something like "http://www.mydomain.com/getimage.php?name=image" or "http://www.mydomain.com/getimage.php?id=3" (with an identifier for the image). If you you image names you have to be very careful on how the data is handled to prevent malicious values from being acted upon. I'm not too knowledgeable on ModRewrite rules. but,if you can redirect all requests for images to the php script then you could implement the above logic without having to change any of the image src values.
  5. The code I posted above worked for me. Did you add anything else other than what I provided (although I just noticed the code isn't creating a complete, valid HTML page - which would not affect the behavior in question). Is there anything page that includes the script above? Try adding some code to the page to debug the issue (trouble shooting 101). Add this to the bottom of the page to see what the data is on each page load: echo "<b>Debug Code:</b><br><br>\n\n"; echo "<pre>\n"; echo "POST DATA:\n" . print_r($_POST, TRUE) . "\n\n"; echo "GET DATA:\n" . print_r($_GET, TRUE) . "\n\n"; echo "SESSION DATA:\n" . print_r($_SESSION, TRUE) . "\n\n"; echo "</pre>";
  6. @NotionCommotion: Use a UUID: http://dev.mysql.com/doc/refman/5.7/en/miscellaneous-functions.html#function_uuid mysql> SELECT UUID(); -> '6ccd780c-baba-1026-9564-0040f4311e29'
  7. <?php session_start(); //Define array of messages $messages = array( "Oh. Hello there. How'd you get in here? Oh well, just please don't push that button, okay?", "What are you doing?! I just said not to touch that! Leave it alone now!", "Stop! Are you trying to kill us all?! Get away from there!", "Okay, let's start over. We're obviously off to a bad start. Hi. My name's Tim. I work at this lab and it's my job to ensure that button is never pressed.", "Ha..Ha..Ha.. Okay now. Don't do anything hasty. What's got you feeling so down that you want to go and kill everyone, huh?", "Please stop pushing that button. Talk to me. Tell me what's wrong buddy. I won't judge you, I swear.", "Come now. What could possibly be so bad that you'd want to kill everything? Is life really so hard? Why won't you speak to me?", "I'm sorry but if you continue pressing that button, I'm going to call security and have you forcibly removed from the premisis.", "What's this? So you don't believe I'll actually do it? Fine. GUARDS! Come quick! There's a maniac in here trying to destroy us all!", "Well I hope you're happy. I don't like being the mean guy, you know? I just wanted to be friendly, I don't get any visitors. But now look what you've gone and made me do. They should be here any minute now.", "Would you stop hitting that button already? It's over. They're coming to get you and take you away. You're most likely going to be sent to a maximum security prison for breaking in here you know.", "Yup. Any minute now. So you might as well stop hitting that button. The jig is up. I think I hear them now. It sounds like they're carrying some big guns too. I'd suggest just laying down and giving up now. But no, you just keep on hitting", "Okay, stop. This is getting ridiculous. Just give it up and relax while you wait for my guards to take you away. They'll be here any second. Any second now.", "Yup. Any time now..", "Yup. Any... Okay you got me. I don't have any guards. But you seriously need to stop hitting that button. Actually, go ahead and hit it. I don't care anymore. Just keep pressing it. See if I care.", "Nope. Go ahead. Push it some more. I wont try to stop you. It's not like I have anything to live for anyways. I have no wife, no kids. I live in this lab; that's my bed over there. I've never had a girlfriend, not even a real job. All I do is sit here and stare at a button all day.", "Yeah, that's right. Blow this place up. Kill everything like the little button pushing demon you truly are.", "Wait! I changed my mind! I don't want to die. I want to live. I want to get a girlfriend. I want kids. I want a house of my own, somewhere off in the country so my children can run and play all day. Please, if you have any humanity left in you at all, please don't push that button anymore.", "PLEASE! Stop it! Oh god! You won't listen will you?! You're going to kill all of us! Stop it! Oh god the clicking! I can hear the cliking of that button in my head! Make it stop! MAKE IT STOP!!", "OH GOD!! The noise!! MAKE IT STOP!!! ARRRGH!! ROCK PAPER SCISSORS SHOOT!! What am I saying?! Why are you doing this to me?! STOP IT!! GET OUT OF MY HEAD!!", "ARRRGGGGH!!!! I'M GOING TO KILL YOU ALL!! STOP THE NOISE!!!! I CAN HEAR IT!! YOU'RE DOING THIS TO ME!!! STOP IT!!!!", "GRAHH!! DIE! DIE! DIE! *Tim charges you and tackles you to the ground. As you black out from the heavy head impact the last thing you see is Tim bearing down on your throat with a scalpel.", ); //Dynamically determine total button presses $totalButtonPresses = count($messages); //Set starting button presses if needed if(!isset($_SESSION['presses_left']) || isset($_GET['refresh'])){ $_SESSION['presses_left'] = $totalButtonPresses; } if($_SESSION['presses_left'] > 0) { //Determine message to display $messageIndex = $totalButtonPresses - $_SESSION['presses_left']; echo "<h3>{$messages[$messageIndex]}</h3>"; echo "Button presses left until the end of the world: {$_SESSION['presses_left']}<br/><br/>\n"; //Reduce presses left $_SESSION['presses_left'] -= 1; echo "<a href='page_load_counter.php'><button>Launch Missile</button></a><br/>\n"; } else { echo "<h3>Boom!</h3>"; echo "<a href='page_load_counter.php?refresh'><button>Reset</button></a>"; } ?>
  8. I'm confused on your explanation. You keep stating you want to use the "highest" three numbers to generate a fourth. But, all of your examples just happen to have the highest (largest) numbers in the last position. So, it is not clear if you are talking about the three numbers with the greatest value or the ones in the last positions of the array. Also, you keep stating the generated value should be based on three numbers, but the logic you have presented only seems to use two. EDIT: Also your explanation of the rules to determine the number are a mess. You state rules when the 4th and 5th numbers are equal to each other, but then give examples where they are not equal to each other. I would think that for a lottery they would never be equal.
  9. What do you mean by "the first row"? Are you saying there is an HTML table on the page and the word would exist within the first TR instance? If so, does it exist within a specific TD instance in that row (e.g. the first, second, third, etc.). Is the word the only thing in the TD container or is there other content? What are the other potential words that might be in that same place? There are too many variables for me to provide a solution without knowing more. Provide a sample of the HTML code where the word exists and the word you are looking for and I can give you something.
  10. [i removed the other post] Yes, it is possible. "How" you do it would depend on the structure of the page and how the word exists in the page. For example, if the word you are looking for is "car" you wouldn't want to just look for those three letters in succession. Otherwise you would find "carpet" as well. Perhaps the word you are looking for would be contained within a DIV on the page. If so, then you would write the code to look specifically for that div and within the div for the content. This is typically referred to as screen-scraping. Depending upon what you are doing and how you use that information, you may be violating copyrights or terms of use for the site in question. At worst it could be illegal. It may just be immoral/bad etiquette. Or, if the owner/author is OK with it and you are not reusing the content and presenting it as your own, then it might be OK. Bottom line - tread carefully.
  11. You should check the REQUEST_METHOD to determine if a POST was made instead of some arbitrary field. You would still need to validate that all required fields have data anyway. I know that in some older browser an input submit button would only be included in the POST data if the user actually clicked on the button (as opposed to pressing the enter key on the keyboard which would also submit the form). Also, I would highly suggest changing the conditions to check for the negative conditions so you can put the error message next to the condition that checks for it. Otherwise, you create all these nested conditions making it difficult to "see" which message goes with which condition. This is the structure you have now if(condition1) { { //Do something if(condition2) { //Do something if(condition3) { //All conditions passed } else { echo "Error condition 3"; } } else { echo "Error condition 2"; } } else { echo "Error condition 1"; } This is much cleaner: if(!condition1) { { echo "Error condition 1"; } else { //Do something if(!condition2) { echo "Error condition 2"; } else { //Do something if(!condition3) { echo "Error condition 3"; } else { //All conditions passed } } }
  12. thara, you are missing the point. There was nothing, specifically, wrong with the query you were using in post #3. What Barand was asking was if the existing record actually had an id of '1'. Your response was that there should only ever be one record. But, that doesn't mean that record will have an id of 1. Since it is an auto-increment value, the first record would normally have an id of 1 if not specified in the INSERT statement. But, that id could have been specifically set to another value in the INSERT statement, changed later, or if you deleted the first record and created a new one (which could happen while testing/debugging) the id could be anything. So, to answer your question in #10 - which is the same question you asked in #1 and #3, you can use ON DUPLICATE KEY UPDATE using any field as a unique key as long as you include the value of that field in the query and the value is a duplicate of an existing record. Changing from id to company_name makes no difference.
  13. So, you are now apparently using a download script and not "opening" the files. That script likely has the 'name' of the download hard-coded. You would need to show us the code.
  14. @bluefrog: When researching a function you have never used before, here are some suggestions for a beginner: 1) Read through the entire manual page (at least everything before the user contributed notes). If something doesn't make sense to you at first, continue till the end of the content for that function. Then re-read to see if those sections now make sense to you. 2. Pay special attention to the examples. Find one that is close to what you want to accomplish and do it exactly as it is shown. 3. Take the example and make small modifications to change it to what you need. After each modification, run it and ensure the change is working as you expect. If there is a problem, review your code to see what the problem was and fix it. If you can't figure it out at that point, then post what you have to this forum and explain what you are trying to achieve, what you have done so far, and what the problems are that you are facing.
  15. No one is suggesting to use another table - those were examples. Did you even read ginerjm's response? How do you know that there is a HTTP_CACHE_CONTROL value? You need to add code for debugging purposes. <?php if(!isset($_SERVER['HTTP_CACHE_CONTROL'])) { echo "HTTP_CACHE_CONTROL doesn't exist"; } elseif($_SERVER['HTTP_CACHE_CONTROL'] != 'max-age=0') { echo "HTTP_CACHE_CONTROL doesn't equal 'max-age=0'. It is '{$_SERVER['HTTP_CACHE_CONTROL']}'."; } else { $db = JFactory::getDBO(); if(!$db) { echo "Unable to create DB reference"; } elseif(!$details->id) { echo "Details id does not exist."; } else { $query = "UPDATE __hdflv_upload SET times_viewed=1+times_viewed WHERE id={$details->id}"; $db->setQuery($query); if(!$db->query()) { echo "Error executing query. Follow Joomla documentation to output the error."; } else { echo "Success"; } } } ?>
  16. @Sandeep590, you state that these could be any type of file. If that is true, then what you are asking cannot be achieved. Only some file types can be opened within a browser. Other file types can be opened by the user's system if they have the corresponding application for the particular file type. But, that is a hit and miss based on the user's browser and the particular file type. Also, Double-click? Don't tell me you double-click on links in a web page.
  17. There is no need to run a SELECT query to get the current count in order to increment it by one before running the UPDATE query. You can do it all within an UPDATE query UPDATE table SET field=field+1 WHERE id=$id
  18. Here's a revision that adds some debugging: <?php if (!$_SERVER['REQUEST_METHOD']=="POST") { echo "Error: No POST data provided"; } elseif(!Input::exists()) { echo "Error: Input does not exist."; } elseif(!Token::check(Input::get('token'))) { echo "Error: Token check failed."; } else { $db = DB::getInstance(); $sql = "UPDATE `guests` SET `admin` = ?, 'adminid' = ?, `tableposition` = ?, `seat` = ? WHERE `id` = ?"; $guestUpdate = $db->query($sql, array( $_POST['admin'], $_POST['adminid'], $_POST['tableposition1'], $_POST['seat1'], $_POST['id1'] )); if(!$guestUpdate) { echo "Error: Guest update failed."; } else { Redirect::to('membertableguests.php'); } } ?>
  19. What, specifically, is not working? Are you getting errors? Are you providing specific values that are returning results you don't expect? If so, what values are being provided, what are the expected results and what are the actual results? EDIT: I see you have multiple if() conditions to determine when to execute the functionality. However, you have no else conditions. Never assume you will get the requisite data. Including else conditions will provide error/debug handling to help identify errors. E.g. if (empty($_POST['position-guests'])) { echo "No post value provided."; } else { // Code to run goes here }
  20. Dates aside, you have an error in the condition $membershipyear = '2016' That should use a double equal sign for comparison. Also, based on what you provided I assume you have a lot of if/elseif statements for all the different permutations: different org size, renewal year, etc. You should not embed costs into code as it makes updates a complicated and potentially error prone process. It would be better to store the rates in the database and have a single function to calculate the renewal cost. For example, you could have a table with the fields: size, renewal year, normal rate, early rate.
  21. Then you are doing it wrong. You stated previously that the value would be "yes" or "no" based on the checked status. That implies a Boolean value. If you are mixing a Boolean and other types of values in the same field it sounds as if the DB schema isn't correct for the intended need
  22. @Andy_Kemp Regarding Jacques1's previous statement: A Boolean is not the string value of "true" or "false". It is a distinct data type just like strings, integers, floats, etc. Depending on the language/context it can be represented in different ways. In PHP, for example, the literal TRUE Boolean value is represented as: $foo = TRUE; //Literal Boolean However, you can also use other values that will be interpreted as true/false within PHP. Basically anything with a non 0, non-empty value would be interpreted as True (http://php.net/manual/en/language.types.boolean.php). In the MySQL there is no literal Boolean field type. There is a Bool field type which is just an alias for a tiny int. The intent is that Booleans are stored as 0/1. In fact, if you use a literal Boolean in the INSERT query it will be stored as 0 or 1. By storing the strings "true"/"false" you would have to add additional/unnecessary logic when using those values, e.g. if($captcha_login_VALUE_FROM_DB=='true') { //do something } Instead, if you just store as a Boolean/Int 'captcha_login' => isset($_POST['captcha_login']) //Will be TRUE or FALSE Then you can use the returned value directly without having to compare to an arbitrary string if($captcha_login_VALUE_FROM_DB) { //do something }
  23. Some tips: 1. Put all your logic (i.e. PHP code) at the top of the script. Use it to assign dynamic content to variables. Then create the output (i.e. HTML) at the bottom of the script using just PHP echo statements for the content created within PHP. This separates the logic from the presentation. As you build more complicated applications you will completely separate the logic and presentation into separate files. but, for now, go ahead and use a single script. 2. mysql_fetch_row() will return an array into $row, but then you are testing the value against a string. They will never compare. Plus, you are returning id and race, but only looking for one value apparently. Just pull the data you need. 3. Instead of multiple if/elseif statements, use a switch() statement 4. There is no else condition. Perhaps there are no records where a value would not equal one of those options, but it is a bad design. Code should never 'assume'. Create conditions to handle unintended scenarios. 5. The three conditions in your if/elseif statements should only define what is different - in this case just the src for the image tag. Right now, it is fairly simple, but since each condition will output an image, that part should not be included in the condition statements. As the output of such conditions gets more complicated it becomes all too easy to introduce bugs. For example, if you want to change the border of the image to 1 you would have to change it in three places instead of just one. 6. Use PDO or mysqli for database operations. mysql_ has been deprecated for years. 7. If the select statement will take a user defined parameter for the id, you should be using prepared statements Not tested <?php //Set the race ID to be queried //Can be user supplied via $_GET/$_POST $raceID = '1101'; //creating a connection with the database include_once 'dbconnectgs.php'; //Replace the contents of 'dbconnectgs.php' with the following // - using appropriate values for host, database bname, username & password ## $db = new PDO('mysql:host=localhost;dbname=testdb;charset=utf8', 'username', 'password'); ## $db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); ## $db->setAttribute(PDO::ATTR_EMULATE_PREPARES, false); //Create & run prepared statement $query = "SELECT race FROM siege_locations WHERE id=:id LIMIT 1"; $stmt = $db->prepare($query); $stmt->execute(array(':id' => $raceID)); //Get the race from the query results $row = $stmt->fetchAll(PDO::FETCH_ASSOC); $race = $row['race']; //Determine correct image name switch($race) { case 'ELYOS': $imgName = "elyos.png"; break; case 'ASMODIANS': $imgName = "asmodian.png"; break; case 'BALAUR': $imgName = "balaur.png"; break; default: $imgName = "unknown.png"; } //Define the full IMG tag one with just the variable image name $raceImage = "<img src=\"http://someaddress.me/sieges/img/fortezze/{$imgName}\" border=0>"; ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <link rel="stylesheet" href="styles/eye.css"> </head> <body> <div id ="Divine"> <?php echo $raceImage; ?> </div> </body> </html>
  24. Ok. So, did you have a problem or a question? All you did was state what you have done but not provided anything about any errors or what you want to do differently.
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.