Daniel0

I think the quality of higher education differs from institution to institution. I'd expect that if I pay a butt load of money to attend e.g. MIT that I would get quality teaching from professors who care and know what they talk about.

Dude that is bull. I would tell them I want it done while I sit there and watch, or give me the refund. 1 month to repair is bunch a crap, especially when they "repaired" it with bad hardware. That is their fault. Ultimatum, repair it within 1 day, since it was their fault for not properly testing the system, or give you the refund so you can go and spend your money on something that works. Unless of course you really liked the PC and do not care for the refund, just a fixed computer. I agree that it's bullshit, but making a formal complaint through the right channels and such will likely take way longer time than waiting for repair. The guy I spoke to was management. Basically they are delegating the repair work to another company, though I think that one month is outrageous as well. He told me that he told them to address it ASAP, so hopefully it'll be quicker. The law is tricky though. I can cancel the purchase (i.e. get my money refunded) if it "is a significant inconvenience for [me]" getting it repaired. Moreover, I have the right to demand a replacement if it is estimated that it will only be an insignificant economical loss for them to do it. That being said, if it's returned with ANY errors this time then I'll go for canceling the purchase. It shouldn't be too difficult to argue that it's a major inconvenience for me seeing as it's a machine I need every day and they are not supplying me with a temporary computer during repair time. I've found a case where purchase was canceled including the extended service level agreement that was purchased. I don't care about that specific computer. It's just some hardware. I've got all the data backed up anyway. Getting a refund or replacement would be far more favorable to me. They even lost my computer last time for a little while. I certainly won't make another purchase with them again nor recommend them to anyone I know.

Just spoke to the store and they insisted on repairing it again instead of giving me a refund. Repair time is up to one month... wtf? Anyway, thanks to anyone who tried to help me.

As far as I'm concerned, only the owner of a file can change its permissions, so you must be the owner of the file. However, in both 755 and 777 the owner has write permissions, so it seems redundant to me. I might be wrong though and I haven't tested it.

Well, you are calling nl2br() which replaces all line breaks with HTML line break tags, so if you have a line break after your center bbcode then you'll get an HTML line break.

Are you changing the working directory between calling ftp::conFTP() and ftp::closeFTP()? Also, why are you even doing this in the first place?

That's difficult to say as there can be many reasons why it is happening. You may want to post in the CSS forum with some particular code to get that answered.

How exactly doesn't that work? You might want to do <?php echo $loc ?> instead of just $loc.

Where? FYI, all new topics are moderated in this forum, so if you can see it then a moderator or administrator has manually approved it.

Your queries are completely redundant as well... select `city_id` from `players` where `city_id`=1 You are selecting the city_id of the players where the city_id equals 1?

Hmm... http://dk.php.net/mysqli_query => mysql_query() http://dk2.php.net/mysqli_query => mysqli::query() / mysqli_query() Strange...

How doesn't that work? ???

You cannot send any headers after you've sent output.

Not just ideally. If an HTML parser doesn't ignore comments then it's broken.

You can create a file like this: <?php phpinfo(); ?> and run that file via a web browser. If you can find mysqli in that file then it's installed. Otherwise you'll probably have to talk to your host. If you administrate the server then there is likely a package available for your specific distro. On Gentoo you'll have to add the mysqli use flag for the dev-lang/php package for instance.

MySQLi is short for "MySQL improved", so yes, it's better to use than the old mysql extension. It "was developed to take advantage of new features found in MySQL systems versions 4.1.3 and newer" and it is "strongly recommended" that you use it if you use MySQL 4.1.3+ (source: http://php.net/manual/en/mysqli.overview.php) Installation instructions are available here: http://php.net/manual/en/mysqli.installation.php On Windows you essentially just need to uncomment the line in php.ini corresponding to that extension.

The manual tag was a specific tag we implemented.

Always plan for the worst scenario. Expect your users are malicious. Except that your system will be compromised. Trust nobody, trust nothing.

You're going to need some somewhat advanced math if you're really going into cryptology.

Admins can, I'm not sure about mods. PFRs cannot. Edit: Yeah, mods can too.

I'll have to agree with premiso. I think some people wouldn't like the privacy implications it'll have as well.

I've lowered the requirements for password strength.

You could do that. It's a bit messy though.

Regardless of the hashing algorithm you choose you need to use salting to make brute forcing and dictionary attacks more difficult. I'd recommend an application wide static salt that never changes coupled with perhaps a user specific salt that changes e.g. when logging in. I'd probably go with a strong hashing algorithm like SHA-512 available through the hash() function. As for changing the algorithm, that's a bit more difficult. You could keep the current password and then create a new field called "password_new" or something like that. When authenticating you'd check if password_new is empty and then use the old algorithm. Seeing as the password is supplied when authenticating you'll be able to update to the new algorithm. This means, however, that you'll still be vulnerable to attacks using the old algorithm's weaknesses. Another option would be to simply require all users to reset their passwords and send them an email informing them about it. The former has security implications, but is transparent to the user. The latter is more secure, but isn't transparent and requires the user to actively do something.

I overlooked this. It won't protect you from what you intended, but it's excellent for blocking CSRF attacks.