Daniel0

I call BS. I already said that several posts ago: Yet he kept claiming that MD5 (and thus hashing algorithms) can be cracked. Not just once, but numerous times. Of course he has demonstrated a few times in this post that he doesn't actually read the posts before responding to them. Failing to understand something doesn't mean it doesn't work, it just means you don't understand it. I don't know how cars work either, but that doesn't mean cars don't work. Read back a few pages. Running a value through the same hashing algorithm multiple times increases the risk of hash collisions.

Well, some people regard their job as being paid to do their hobby...

I'm not a lawyer and don't know much about contract law, but if you can find a host whose ToS doesn't prohibit the scenario you are talking about you should be set. I don't think they can just arbitrarily terminate your contract, so you could take them to court if they don't live up to their part of the agreement.

http://www.youtube.com/html5

That's an ongoing debate. It depends on whether the judge/jury regards it as facilitating crime.

Are you stupid or something?

I think you need to start reading what people write. It gives random output because it gets random input. Remove the randomness in the input and you will remove the randomness of the output. Again, this is a math concept. The input is called the independent variable, the output is called the dependent variable. The dependent variable depends on the independent variable. Only if you have infinite amounts of time. You can get a value that produces the same hash, but you have no means of verifying whether it's the original value or one of the colliding values. Why is that so difficult to understand?

Sorry, my bad. It has to be like ORDER BY someField DESC, not just DESC.

My script produces random output because I give it random input. If you use the same input you'll get the same output. Try it out. Then you probably need to work on your math skills. Do you understand the post I just wrote? If foo => baz and bar => baz and I just tell you "baz". How are you going to know if I had "foo" or "bar"?

Change LIMIT 5 to LIMIT 5 DESC in your query.

Not necessary in this case. You're just doing a comparison of two strings.

Try to change $result = mysql_query($sql); to $result = mysql_query($sql) or trigger_error(mysql_error());

Probably some sort of error occurred. Try to run the query manually (using e.g. phpMyAdmin) and see what happens.

That's for the most part true, but some things would be better depending on your skill level. Gentoo would for instance certainly not be advisable if you know nothing about Linux.

It doesn't. It makes new lines and indentation for you. Remember that PHP just outputs text and nothing else. If you give that text to a browser it will be interpreted (by default) as HTML.

That "main class" doesn't sound too good. http://en.wikipedia.org/wiki/God_object

You'd want that regex to be /\.pdf$/ though. If you want to include others you can do like /\.(foo|bar|baz)$/.

You sure don't seem concerned about losing $50 to someone who can guess it. It wouldn't matter. Even if you borrowed the local university's supercomputer you couldn't solve that task. I required a proof that the one you found is what I put into it. That is just not possible. Of course you might argue that if you find what I get you'll instantly see that it's the one(otherwise it would have to be an extraordinary coincidence), but that still wouldn't be a proof. I could offer $100, $1000 or even $1000000. It wouldn't matter because the task is impossible to solve. Going with a mathematically much simpler hashing algorithm like GingerRobot mentioned earlier it might better illustrate the point. If we say that f(x)=x mod 10 we have a very simple hashing algorithm. So, f(0)=0, f(1)=1, f(2)=2, etc. However, f(10)=f(20)=f(-10)=0, f(11)=f(21)=f(-9)=1, f(12)=f(22)=f(-=2, and so on. I'm sure you can see the pattern. So essentially we have [tex]f : \mathbb{Z} \to \{x\in \mathbb{Z} \mid 0 \leq x < 9\}[/tex]. So if I tell you that my hash is 5, how are you going to find out if my input value was 5, 15, 25, 35, etc.? It just is not possible. You have no way of knowing if you got the correct one unless you already know the number from the start. MD5 (and SHA-256 like I used) work in the same way. They all map an infinite number of items to a finite number of items, which quite obviously means that for each possible output value there is an infinite number of input values, or in other words there is an infinite number of hash collisions. Because nobody can solve it, I might as well put up the solution. The code I wrote looks like this: function generateRandom($length = 32, $extraChars = false) { $chars = '0123456789abcdfghjkmnpqrstvwxyzABCDEFGHIJKLMNOPQRSTUVW'; if ($extraChars) { $chars .= '_-+=%&*\'"`\\()~@{}[]<>,.?#| '; } for ($i = 0, $charRange = strlen($chars)-1, $password = ''; $i < $length; $i++) { $password .= $chars[mt_rand(0, $charRange)]; } return $password; } function hashPassword($password, $salt, $salt2) { $salt2Length = strlen($salt2); for ($i = 0, $max = strlen($password); $i < $max; $i++) { $password[$i] = chr(ord($password[$i]) ^ ord($salt2[$i % $salt2Length])); } return hash('sha256', $salt . base64_encode($password)); } $salt = generateRandom(32, true); $salt2 = generateRandom(32, true); $password = 'goodJob'; $hash = hashPassword($password, $salt, $salt2); echo "Salt: {$salt}\nSalt 2: {$salt2}\nPassword: {$password}\nHash: {$hash}"; And the output was: So rv20, you most certainly cannot decrypt/crack/brute-force/whatever a hash. My sister once asked me what you can use mathematics for. I suppose one application is that an understanding of it makes sure you won't look like a fool when you persistently claim that hashing can be "cracked".

It's SHA-256. Now I've already helped immensely I'll let the offer stand though.

It would look like this: https://bespin.mozilla.com/

Looks SGMLish I'm not too much into this cloud computing either. What if the company storing your shit goes bankrupt?

I can't reproduce it either.

You were already shown how to check the extension. How about you show some initiative yourself instead of just demanding that other people write your code?

Would be much easier to just use glob... $files = glob('/path/to/files/*.pdf');

Other things on the frontend you will want to do is to use CSS sprites and combine CSS and Javascript files into single files. You will also greatly benefit from design principles such as separation of concerns because it ensures that all your CSS and Javascript is cachable. Also, why are you unsetting ETags? These help with caching. I also noticed "<ifmodule mod_php4.c>" in one of your previous posts. I haven't done any tests, and I can't be bothered to search for any, but I'm pretty sure PHP5 is faster than PHP4.