Daniel0

There is a built-in constant called PHP_EOL that will contain the line break sequence for your operating system.

Don't do that. I'm not sure what you're trying to do, but there is definitely a better way.

It shouldn't be logged at all. Allowing it to be logged allows for potential attackers to see a history of generated passwords. This could clue an attacker in on the characteristics of your password generator and the type of passwords it produces. That information could potentially be abused. Call me paranoid... Maybe I'm just missing the point, but if they're in your file system, I think you've got bigger problems than people analyzing your logs. Well, for the most part you will have to pay for a certificate. You could make a self-signed one, but then the UA will tell you that your computer will explode and kittens will die should you choose not to heed their warning. To be able to cater to the widest possible amount of users you would also need a dedicated IP address, which would most likely mean an additional cost from the host. SNI is not supported by IE on XP, and it's not supported by IIS at all. Paying for that is definitely worth it if you want "really secure login". You could even get one of those fancy EV certificates.

Setup an A record for each of the domains to point to the server's IP address, and then setup a vhost on that server for each of the domains.

You need to make sure that the file itself is stored in UTF-8 (without BOM if your editor asks you).

^^ THIS is one of the reasons why I think Excel sucks. In my opinion, it has a poorly implemented DSL. I don't have any solution to your problem. I just came in here to say that.

To be honest, if I would implement "really secure login", I would just go with public key authentication. Instead of that entire logging issue, can't you just say it expires within fifteen minutes OR when it's first used? Make it a one time password. Delete it, mark it as used or something like that when it has been clicked.

There are plenty of dictionaries on the internet. I once extracted one from aspell that you can use: http://daniel0.net/dict-en.txt.bz2

It loads pretty fast, but no faster than Google for me even though I have a few extensions that modify the result page after it's been downloaded. Anyway, Bing is using Akamai as a CDN, and like Google, they've minified the amount of transferred data.

That functions sucks. It doesn't work, and even if you fixed it it would still suck. Please stop posting bad advice all over the place.

Sounds like poor project management to me. Consistent reliance would seem to indicate that someone needs to start setting more realistic goals. Besides, if you plan on overtime, how is it overtime in the first place? Seems sort of contradictory to me.

That doesn't necessarily mean you cannot write a TDD primer.

Looks like an encoding issue. Try to use UTF-8.

You will need some sort of char <-> int translation table. E.g. a=0, b=1, etc. It wouldn't make sense to say 'a'+7 unless you define a numerical value for 'a'. On a computer and with the English language, one would normally use ASCII, but this is obviously not a choice for you. You would also need to handle overflows such that if you shift 'z' two positions forward in the English language you would get 'b'. You can use the modulo operator that. I don't see how you can pull this off easily though. You say "English or a non-English language", which literally means every possible language. As I mentioned earlier, 'z'+2='b' in English, but 'z'+2='ø' in Danish and Norwegian for instance. The classical crypto systems such as Vigenère and Ceasar have fixed ranges and domains. If you want to limit it to only English and Turkish then you can just setup a translation table in form of an array and use that. E.g.: array( 'a','b','c', // etc. ), So now 0=a, 1=b, 2=c, etc. Upon detecting an invalid or undefined character you could either choose to 1) strip it out, 2) ignore it and don't shift it, or 3) throw an error. As for storing it in the database, that's no problem. The only thing you have to assure is that you use the same character set throughout the entire application. This means your files must be saved in utf8 format, your tables and rows must be set to utf8 and when you open a connection to MySQL you will also need to set the character set to utf8 (run the query SET NAMES utf8; after connecting). I suspect the reason why you will get e.g. &#2342; is that you are running it through htmlentities(). This is not at all necessary for inserting into a database. For that you should do something like mysql_real_escape_string or prepared statements using MySQLi or PDO. htmlentities is for escaping in an HTML context, but you're using it (incorrectly) in an SQL context. On an entirely different level, encrypting passwords using Vigenère is not at all a safe option. It would be a much better idea going with a one-way hashing algorithm such as SHA-256. Vigenère is simply too easy to crack and shouldn't be used to secure sensitive information in any way.

That's not what I (or roopurt for that matter) is talking about. The fact that your query executes and has the correct side effects means it is correct. Asking whether or not it is correct when you've just found out that is redundant.

Well, a bit of independent thinking doesn't hurt you know. If it works then there isn't anything wrong with it. That's a logical truth. If there is something wrong with it then it doesn't work, so these are logical equivalents. Negating both of them will cause them to still have the same truth value.

fry2010, no, I was referring to laffin's post above mine.

"U" is a letter, not a word. Just saying.

I'll assure you that databases can take a high load. That is of course if you designed the schema well and optimized your queries.

No offense, but that sounds pretty stupid. What if your user goes out to take a shit or something? Anyway, just have to enter the time offset and subtract/add it to the timestamp. Same concept as you'll see here for setting the time zone on this forum.

1) Burn your book and buy a new one. The one you have is too old. If you are learning from a tutorial, find another one. 2) Logical OR is done using ||, not | which is bitwise OR. 3) Look up the words whitespace, readability and indentation (also see: http://en.wikipedia.org/wiki/Indent_style). 4) Array indices are done like $_POST['username'] not $_POST[username] unless username is a defined constant. 5) Look up the term "SQL injection" and realize that you need to use the function mysql_real_escape_string a number of times throughout your script. 6) htmlspecialchars() is irrelevant for inserting rows into a database. 7) You can use time or MySQL's NOW() function for inserting the registration date. I would advise having a field type like DATETIME and use MySQL's NOW().

Right, well, your sample data isn't very good either. There is a 806 second = 13 mins 26 secs difference between the timestamp and when you requested the page. Either way, doing addition instead of subtraction as explained above should fix it.

Sorry, try with + instead of -. My bad.

http://www.phpfreaks.com/forums/index.php/topic,252620.msg1186465.html#msg1186465

time() contains the current time (obviously). Just compare the lastseen with the current time. The lastseen has to be converted to a UNIX timestamp which is what strtotime does. if (strtotime($time)-30*60 > time()) { echo '<td><img src="Images/useronline.png" border="0" /></td>'; }else{ echo '<td><img src="Images/useroffline.png" border="0" /></td>'; } should do it (assuming you mean 30 minutes and not 30 seconds).