Daniel0

$names_array=array("a c b","b a c","a b c"); $names_array = array_map(create_function('$s', 'return str_replace(" ", "", $s);'), $names_array); sort($names_array); print_r($names_array);

If you've got admin rights on that computer, you could edit their hosts file so your websites domain name won't resolve for them.

Maybe, maybe not. I know Firefox uses an SQLite database to store its cookies. You could probably insert the cookies into that. I'm not going to do that for you unless you pay me though.

Okay, so I checked Yahoo's login form. This will log you in: <?php $loginInfo = array( 'login' => '[email protected]', 'passwd' => 'abc123', ); $curlSettings = array( CURLOPT_CONNECTTIMEOUT => 30, CURLOPT_USERAGENT => 'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)', CURLOPT_SSL_VERIFYPEER => false, CURLOPT_RETURNTRANSFER => true, CURLOPT_COOKIEJAR => 'cookies.txt', CURLOPT_FOLLOWLOCATION => true, CURLOPT_URL => 'https://login.yahoo.com/config/login', ); $ch = curl_init(); curl_setopt_array($ch, $curlSettings); $res = curl_exec($ch); preg_match_all('#<input type="hidden" name="([^"]+)" value="([^"]*)">#', $res, $matches); $formInfo = array('.save' => 'Sign In', '.persistent' => 'y'); for ($i = 0, $max = count($matches[2]); $i < $max; $i++) { $formInfo[$matches[1][$i]] = $matches[2][$i]; } $formInfo['.md5'] = $formInfo['.hash'] = $formInfo['.js'] = '1'; $loginInfo['passwd'] = md5(md5($loginInfo['passwd']) . $formInfo['.challenge']); $postData = array_merge($formInfo, $loginInfo); curl_setopt_array($ch, array( CURLOPT_POST => true, CURLOPT_POSTFIELDS => array_merge($formInfo, $loginInfo), )); $res = curl_exec($ch);

Well, something like this: <?php //create array of data to be posted $post_data = array(); $post_data['emailAddress'] = 'emailAddress'; $post_data['password'] = 'password'; $post_data['submit'] = 'submit'; //create cURL connection $curl_connection = curl_init('https://login.yahoo.com/config/login'); //set options curl_setopt($curl_connection, CURLOPT_CONNECTTIMEOUT, 30); curl_setopt($curl_connection, CURLOPT_USERAGENT, "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"); curl_setopt($curl_connection, CURLOPT_RETURNTRANSFER, true); curl_setopt($curl_connection, CURLOPT_SSL_VERIFYPEER, false); curl_setopt($curl_connection, CURLOPT_FOLLOWLOCATION, 1); curl_setopt($curl_connection, CURLOPT_COOKIEJAR, 'cookies.txt'); //set data to be posted curl_setopt($curl_connection, CURLOPT_POSTFIELDS, $post_data); //perform our request $result = curl_exec($curl_connection); //show information regarding the request print_r(curl_getinfo($curl_connection)); //close the connection curl_close($curl_connection); But what are you going to tell your friend? "I got a senior member on a PHP forum to do it, so I won the challenge". Anyway, let me make this clear to you. This will not log you in in your browser, but using the same cookie jar you will for any subsequent requests to the Yahoo server be logged in. So if you start Firefox, Internet Explorer, Google Chrome or whatever browser you use, you will still be logged out. You'll probably have to explain what you are trying to do. We aren't psychic. Edit: I might want to further add that I didn't actually check how Yahoo's login form looks. I assumed you did a proper job of gathering the required information.

Maybe this will be of any help? http://www.phpfreaks.com/tutorial/php-security/page8

Well so that i dont have to write my password again and again. I am a kid of 15 years and my friend who becomes oversmart challenged me to do so. I beg u to solve my problem. What you're trying to do won't work. You can get it to log in, and you can get it to save your cookies and have it persist the login. However, when you fire up your browser you will still be logged out because your browser doesn't have the required cookie.

What's the purpose, might I ask? Yeah, I know you want to login, but what for?

Yeah, check the post above.

You need to learn just basically how the HTTP protocol works. If you want the page at http://www.phpfreaks.com then you first open up a connection to 66.97.171.5 on the port 80, and you tell the machine something like this: GET / HTTP/1.1 Host: www.phpfreaks.com An empty line denotes that there are no more headers. Then the server will respond with something like this: HTTP/1.1 200 OK Date: Sat, 25 Apr 2009 10:35:00 GMT Server: Apache/2.2.8 Content-Type: text/html; charset=utf-8 *HTML SOURCE CODE HERE* Again, the an empty line denotes the end of headers. What that means is that when you're done with your headers, you're done. There can be absolutely no more. Headers first, body after. So if you send content, then the headers will have to be sent, but if the headers have been sent, then you cannot send more headers. That's the way the HTTP protocol works.

[iurl=http://www.phpfreaks.com/forums/index.php/topic,249473.0.html]Duplicate[/iurl]. Locked.

Then something like this perhaps (assuming id is the primary key): session_start(); if (!isset($_SESSION['selected'] || !$in = join(',', $_SESSION['selected'])) { $in = null; } else { $in = ' AND id NOT IN (' . $in . ')'; } $res = mysql_query("SELECT * FROM pq_crtp_quiz WHERE testname = '{$testname}'{$in} ORDER BY RAND() DESC LIMIT 1"); $row = mysql_fetch_assoc($res); $_SESSION['selected'][] = $row['id'];

What?

for ($i = 0, $max = sizeof($_POST['choice']); $i < $max; $i++) { // $_POST['choice'][$i] // $_POST['select'][$i] } Assumes that the size of the two arrays are equal though.

You script doesn't know about your post here. You need to tell it yourself.

Can't you just set the LIMIT in the query to the number of rows the user asked for?

How is it supposed to know that? That filename isn't even mentioned in your code.

It's C.

Write a small script. Vi(m) can replace using regex only. Anyway, you can do e.g. :s/01/25/g, but unless you can write a pattern that catches all your matches, you cannot use it's search/replace features.

PageRank, a link analysis algorithm invented by Larry Page that's used to calculate the weight/rank of a given element. It can also mean public relations, but considering you are posting in the SEO board, the former is more likely to be what you're looking for.

I don't know about you, but I always write my code under the assumption that it works (if I knew it didn't work then I wouldn't have released it). As Seneca said, "errare humanum est", and considering I'm a human it would be reasonable to expect that I could have made a mistake somewhere. If we for a moment imagine that I never do err, then say for instance I decided to write some sort of application. We could take an open source forum system as an example. Seeing as my code was perfect, there would be no security vulnerabilities. However, because this product will have many deployments that are not under my control, it is impossible to ascertain the security of the server it is running on. Moreover, because this is open source, people would likely write and distribute plugins and/or modifications. These people might not be perfect like me, so they may err, or create security vulnerabilities if you wish. We presupposed that nobody would be able to get to the raw database in the first place, so that in fact makes hashing the password (with or without salting techniques) completely redundant; if no unauthorized person ever sees it, then there is nobody to protect it from. A security problem consists of three entities: 1) an asset, 2) an attacker, and 3) a vulnerability. If you remove any of them then you have no problem. If there is nothing of interest, then nobody will try to get it. If there is nobody to get your asset then nobody to protect from. If there is no vulnerability then there is no way for the attacker to get to the asset. Because we presupposed that #3 didn't exist, it would have been wasteful to implement additional security measures. In light of the circumstances our aforementioned open source application runs under, there can be potential security issues, so we have all three entities in play. Had the hashing not been done then whoever got a dump of the database would have a list of passwords. Had I used hashing it would be slightly more difficult, but looking over some of the most popular passwords, all of them would be easily cracked using dictionary attacks or rainbow tables. Most non-tech savvy users do not have insight in proper password policies so their passwords are pretty weak. As an attacker, knowing that you could probably get a good deal of plaintext passwords out of a dumped table that's just hashed. Using a salt you get additional benefits. The string will be too large to make brute-forcing feasible, and it'll make sure the string doesn't exist in a dictionary. Rainbow table attacks would be unlikely as well. A larger password combination range would require a larger rainbow tables. The size of a such rainbow table would increase exponentially. For a mixed case alphanumerical password, the number of combinations would be 62n where n is the password length. If we suppose that the average password has a length of 6 chars and your salt is 32 that would be a 38 string long input to the hashing algorithm. To even list all those passwords you would need 6236 byte ≈ 1.29*1068 byte = 1.29*1040 YB. That rainbow table will not exist (well, maybe on DreamHost's servers because they have infinite space). As I see it, salting makes it considerably more difficult to get to the plaintext password. You cannot make it impossible to break in, but you can make it increasingly difficult to break in. The more time and resources it will take, the more valuable an asset you must have, but even then there is a limit on how many resources and how much time the attacker can and will use on breaking in. Why not, it's an ultimate truth. Perhaps lies make better arguments, or perhaps saying truth is a lie is closer to the truth. Essentially because it can support neither side of the argument. You can reverse it to say "as long as you've not secured it properly, you are not secure", or in other words if P => Q then ¬P => ¬Q (proof by contrapositive). So if "as long as you've secured it properly, you are secure" (1) is true, which it is because it's a tautology, then that also makes "as long as you've not secured it properly, you are not secure" (2) true. So if (1) supports one side of the argument, then (2) must support the other side. That makes it useless in a debate context because it indirectly supports the other side of the argument as well

What are you saying? I can't hear you. Could you come over here? Now you're on my lawn. *BOOM* Headshot. Castle doctrine FTW!

The slash does not and has never meant a self-closing tag. I'll repeat myself: HTML is not XHTML (and vice versa).

Well, that's easy to say for someone whose primary language is English. English doesn't really use other characters than a through z. Many other languages use various diacritics to give different meanings. Compare these words in Spanish for instance: año (year) vs. ano (anus), papá (dad) vs. papa (potato (or pope)).

Well, essentially years of experience and reading. As for your problem areas, books like Design Patterns (GoF), PoEAA (Fowler), PHP Objects, Patterns, and Practice (Zandstra), The Pragmatic Programmer (Hunt & Thomas), etc. might have you out. I haven't really read those books from cover to cover (I rarely do), but they do contain some useful information. You might also want to subscribe to a lot of blogs about web development (but perhaps not too many, I can't keep up with my feed reader).