Daniel0

Try ignore_user_abort(true); set_time_limit(0); instead.

Right, and that patent application illustrates the stupidity of modern software patents. Moreover, IT is a fast paced industry, so even if you patent something which seems brilliant today, it will quickly become rather mundane before the patent expires 20 years later.

Copyright, which is automatic and free. It's fair that you can sue people if they blatantly steal your code and rip you off. Patenting ideas such as progress bars is completely retarded. It's virtually impossible to know if you infringe a software patent, but it's not impossible to know if you copy code someone else wrote and put it in your application. If you write a script it's automatically copyrighted to you and people aren't allowed to copy it unless you give them explicit permission to do so. Copyright is a tool against bad people, but patenting is a tool against honest people. It's a tool to control market share.

My point is that suggesting patents as a form of protection is a bad idea because overall they do more bad than good. Maybe not to the patent holder, but to the community in general. All software patents should just be invalidated.

You'll need the table's collation to be UTF-8, you'll need to set the connection to UTF-8, you'll need to tell the browser that it's UTF-8 and when using functions like htmlentities you'll have to tell it that it is UTF-8. Generally, you need to make sure you use the same character set throughout the entire process.

Generate a random password and send it to the user.

Software patents are one of the most moronic ideas ever. You have undoubtedly infringed numerous patents already. Image previews is a valid patent for instance. http://webshop.ffii.org/ - All of those mundane things are still valid patents.

Well, if they hadn't done it you would just have another browser with majority market share and locked propriety, so that's sort of a moot point.

Horse wagons were also the best means of transportation once. Does that mean everybody should use horse wagons today? If you were given the choice between a free horse wagon and a free Ferrari, don't you think choosing the horse wagon would be a moronic choice? Wouldn't you be annoyed if a lot of people taking the moronic choice jammed traffic on the highways because horse wagons are damn slow compared to a Ferrari? http://www.phpfreaks.com/forums/index.php/topic,241805.msg1140447.html#msg1140447

Sounds like you should upgrade your software then...

What do you mean with "doing .htaccess on a folder"? .htaccess files just contain Apache configuration directives. Not only does it have nothing to do with PHP whatsoever, but it can all be looked up in the Apache documentation.

(int)$string and intval($string) will always result in the same.

I don't see the point in trying to protect it. The script exposes information to your users. It's just giving it in a more raw and unformatted way (e.g. JSON or XML).

It's not a security issue being able to access the PHP backend callback for your AJAX request.

No it's not. You haven't stored anything as a property as the exercise tells you to do. I'll leave the task of figuring out what a property is and how you use it to you. Edit: Well, you have, but you aren't using the properties for anything.

PayPal even has something called Payments Pro (or something like that) where you can hide it completely from the user. There is also authorize.net. There is no reason whatsoever to create your own payment processor. It's way too expensive and requires living up to very strict standards.

Yeah.

When the user views it, set status as unread (or 0 or 1 or however you denote it in your system).

It depends on what the search term and type is used for later on in the script. I've written a tutorial you might want to read that covers things like that: http://www.phpfreaks.com/tutorial/php-security

You're not allowed to put block elements inside inline elements. Just saying...

If you can't even bother to write properly, why would he trust you to code properly?

A deprecated way of escaping GET, POST and COOKIE values. Burn the book and buy a new one. It's too old.

Run a Google search using the keywords. Check if it's on page 1. No? Check page 2. No? Check page 3? Time out after n pages and say it wasn't among the n*10 (there are 10 results per page). You'll want to look into things like curl and regular expressions.

That would be PCI DSS.

So the pages and users are linked using a one-to-one relationship. You just do this: if ($user['is_admin'] || $page['user_id'] == $user['user_id']) { echo "what's up?"; } else { echo 'gtfo'; } Assuming your page comes from the database, your page table would have a field called user_id which references a user in the users table.