d_barszczak

No problem, I never even thought of the bandwidth thing good job somebody did

Hi Runnerjp, Just had a quick look at the code and it does not look like you are checking any data that is submitted before you use it to query the database. This may have left the site open to SQL injection attacks. There are a few posts on this forum that explain how to prevent injection attacks.

Hi WOPR, I use this to get files off my local server to prevent full path disclosure but I have no idea if you can retrive files over http. <?php $filename = "CTF-SpoonDog_PC.rar"; $realfile = "http://www.themeinerz.com/dl_files/ut3/maps/pc/CTF-SpoonDog_PC.rar"; header('Content-Description: File Transfer'); header('Content-Type: application/octet-stream'); header('Content-Disposition: attachment; filename='.basename("filename")); header('Content-Transfer-Encoding: binary'); header('Expires: 0'); header('Cache-Control: must-revalidate, post-check=0, pre-check=0'); header('Pragma: public'); readfile($realfile); ?> May be worth a try.

Hi Mchl, Maybe it is, maybe its not and we don't really need to re-create that thread here I personally would always reommend it because the first time you create a column named date it will all go pear shaped. Although that said, renaming the column to date_created would also fix the same problem but when you want your code to be consistant you would use ``. Anyway thanks for the input.

If you are trying to update an existing query you would need something like the fillowing but obviously with all the data you need. $query = "UPDATE `links` SET `name`= '$name', `description`='$description' WHERE `url`='$url'; If you are inserting an new row then your query would work without the WHERE '$url' = URL. Just a pointer but it looks as though the WHERE '$url' = URL bit is wrong too. It would be WHERE URL = '$url' but I would also put `URL` as it is best practise.

Hi, Im not sure exactly what you are trying to do but I think I have an idea. Are the months in the year the length of subscription? If they are I would create the bill with a start_date and an expiery_date. I would certainly keep a table of all bills so you have a record. You could then query the database for the expiery date as well as the username and password. If the date is => todays date then deny access. You may need to mark the current subscription to make the query a little easier.

Hi, Im not 100% on this but if you run exec ("/usr/local/bin/php emailsend.php >/dev/null &#038;"); the script will still wait for the command to finish. If speed is a factor I would store the data in a database and have a cron job that runs the emailsend.php script every 5 mins or so that goes through the database and removes the entries as it sends the emails. This would ensure that your users dont have to wait for the email to be sent and getting the data is a simple mysql query. Plus if the script crashes the data still waiting to be send will be stored in the database.

Thanks for the info. I fully understand that hosting a web server is a full time job and that I should not be offering a managed hosting service if I am unsure of the security complications. This is the reason why I currently only host websites designed by myself on a very secure and reliable setup. I though asking the question in a PHP support forum may be a good start. I will under no circumstances start running a managed hosting service until I can guarantee my users security. This question was just to point me in the correct direction of further research. Thanks

Hi all, Hoping someone can help me here. I currently have a web server that hosts my customers websites. At the moment the only sites hosted are ones that have been developed by my company. I would like to offer a hosting package but am worried about security with php. I don't want my users to access files outside their hosting directory via php as it usually allows full access to the system. Do you know any ways of restricting php like this? Its a Ubuntu Server running php and mysql. The server hosts apache virtual hosts. Thanks in advance!!

OK thanks, was hoping there would be a simple query

Hi all, I am developing a chat application which stores messages in a database. I don't need to keep any more than 100 lines so i will need to run a query that deletes all rows apart from the last 100 submitted. id = message id room = room id submit_time = Submitted time msg = message SELECT * FROM post_table WHERE `room` = '1' limit last 100

Hi, I would usually do both. Have the smaller methods such as usr_check() that actually do the tasks and the a lager method such as usr_create() which uses the smaller methods to complete the whole task. That way your script can create a user in this example but should you need to create another script that needs to check a user you don't need to rewrite the usr_check() code. Plus if you ever wanted to create users in a different way you can always copy the usr_create() rename the function and make the changes. The core of the code would more than likely be the same and therefore would still be able to function using the smaller methods.

Hi, i have been asked to implement a Chess Club into an existing website but i wanted to know if there are any existing scripts that can do this or even just a Chess game that allows multiplayer and i can design the structure myself. Any ideas anyone free or fee i don't mind.

I use ubuntu myself but i assume yum is the package manager for fedora. If imap shows up in phpinfo() then it is installed. You should then be able to connect to an imap/pop3 server.

OK so your installation did not come with the php_imap installed. You need to download the file into your extensions directory and insert the line above.

You will need to make sure the php_ldap.so extension is in your php extensions directory and that you have a line in your extensions list along the lines of: extension=php_ldap.so ;extension=php_ldap.so This may already exists as a comment so just remove the semi-colon to apply. You may also have to restart the apache service.

Hmm You need th have your checkboxes name or they won't get put in the array correctly You code: <input name="meet[]2" type="checkbox" id="meet[]2" value="Carla João Ribeiro" /> Carla João Ribeiro<br /> <input name="meet[]3" type="checkbox" id="meet[]3" value="Vitália Barros" /> Vitália Barros<br /> The meet[]2 and meet[]3 should be just meet[].

Something like: $meet = $_POST['meet']; foreach ($meet as $value) { strip_tags($value)"; echo "$value<br>"; } That would echo all the names that were selected i think. You might have to name the check boxes as name="meet[]"

What OS are you running PHP on? You need the PHP_IMAP extension installed.

Can your users only select one person to meet with? If so change the name of your checkboxes to the same name ie. meet The the selected value will be $_POST['meet'] If more than on can be selected you will have to scroll through the array.

You should be able to download a free email system and give it a domain of example.com then it should send internal emails to itself which you can work with.

Yes. There are various ways of doing this but i suggest you create a dummy email accout to learn with then have a read about the function on the link below: http://uk.php.net/imap

If your sending email via a php script then your can set a Windows Task to run your php script at the times you require.

Why are you using mysql_num_rows + 1 to give your files their unique identifier. You should use a Primary Key with auto increment. The problem you have is that you can duplicate your ids. eg. I have 10 images in my database with ids 1 - 10 so my next id is 11. I delete number 5 so my next id is 10... But 10 already exists. You should use LAST_INSERT_ID() to get your files new id. Insert information into database. Get the LAST_INSERT_ID(). Rename the file.

I hate to say this but they are right. Unless you understand how it works you will only have the chapter that tells you how to create basic authentication. You also find it difficult to add new features at a later date. The book that i originally started with was call PHP & MySQL for Dummies. That gave me an excellent start and now i can create practically anything. This forum has also been a great help over the years.