jwwceo

your session variables are not stored in the browsers cookies. Just a session ID, which your server uses to grab the related session variables.

Hello, I have a secure login script that uses sessions to maintain a users logged in status. I regenerate the session ID on each page reload for added security. Sometimes, I will lose sessions, and I am hard time figuring out why. It seems to be when I have a slow internet connection. I am wondering what could be causing this?? I have a few ideas, do any of these seem plausible. -A max execution error, returns a fatal error. -An ajax request get sent before the previous request returns, so the session ID's dont match an I am kicked out. Any other ideas would be helpful. Best, James

I am building an app which requires a very secure environment. Because of this, I am using a form key on every POST, both for regular forms and also Ajax calls. This key is stored as a session variable, and is reset whenever a POST occurs. A validation script checks the submitted key against the servers key and kicks he user out of they don't match. This ensures POSTs are coming from a trusted source. It works great, and I think has made the site very hard to attack or hack. That said, it has broken the browsers back button. If I hit back, the old form key is posted, and they don't match and it kicks the user out. I don't want a broken back button, but not sure what to do. Any ideas?? James

@kicken.. we've gotten rid of GET by using Ajax to just query data without a page refresh. The ui is slick and doesn't appear to reload too much. Because of this interface, users wont see GET data in the URL so anything being typed in up there will be illegal. Aside from a small memory issues, any other issues using POST all time?? James

well..not everyone gets kicked out. Just the person with the post names not matching.....

I am building an enterprise level php cloud based application that is by far the most secure thing I have ever had to write. In fact, after learning about all the normal weaknesses, it makes my older work look insecure and I'm a little embarrassed by it. ha! I am using 100% Prepared MySQLi Statements, rigorous session verification, encrypted sha512 passes using salts/hash, etc, using a Form Key on all form submissions ( good for 1 page submit). I am also scrubbing all POST values prior to adding to the database, and am even logging people out if GET is detected at all since it's not used on the site and the only reason would be shenanigans. I am also debating whether to compare all POST field names against an approved array called $trustedPostNames or something. I got the idea from X-cart, an old shopping cart which added this layer of security after getting a shitty audit a few years ago. This would prevent someone from attempting a XSS attack where they used POST to try and send something over to my page. I realize the prepared statement will prevent an injection attack, but it will still allow scripts to run, which could then be used to find other flaws, etc or find some weird way Apache handles a reserved word or something. Using my proposed system, if strange word is POSTED over, the script will just log them out and die immediately. Something like this: foreach($_POST as $k=>$v){ if(!in_array($v, $trustedPOST)){ die('eat shit fucker'); } } Overall, where is the line drawn between hyper redundancy and losing speed/resources from a clunkier interface?? Best, James

Hello All! I am developing an app for a customer that is quite a bit more complex than anything I've made before. Basically, I am creating a cloud based software app that will have businesses paying a monthly fee to gain access. Each user will have their own set of data and the data set could get large as time goes by. My question is: Do most applications like this create a new database for each user, or do users share tables within the same database. I can see advantages and disadvantages of each. I want the application to be fast, and be scalable so as users grow we can seamlessly add resources to keep the service snappy. Best, James

UPDATE...there are about 18 million codes...they are all 4 characters...if this helps give the extent of the size issue.

I am developing a database app for a client who needs to import hundreds of thousands of codes into the DB to check against. The codes are in 4 text files about 30MB each. The codes are 3 per line, then a line break, and 3 more. Ive written a script to parse out the line breaks, turn the data into an array, then loop over thay array and insert into the DB. The problem is these scripts take minutes to run using file_get_contents and by the time the data is ready the mmysql connection is gone. Plus even these files only work after Ive cut the files into about 1MB each, so each file is 30 smaller ones. Is there a way to just put the text file on the server, and have php search it using a GREP like function that won't be such a burden to work with. Any advice helps. James

That works. Just off by one parenthesis. Thanks a million dude!!! JAmes

Hmm....gettinng closer....but the query is still not adding the number of leads per month...this is what I am getting now... total jan feb mar apr may jun first_name last_name investors_id 1 0 0 0 0 0 0 xxx xxx 5 3 0 0 0 0 0 0 Billy Bob 112

Hello, I am trying to write a report script that will take all my users, and tell me how many leads each has generated per month in a given year as well as the total per year. So the ideal outcome would be a table with users as the rows, and 13 columns across the top, one for each month and one for the total. The leads table has an investor ID field which matched the ID in the investor table, so the query needs to count the incidences of that ID when the date matches a certain month. The dates are in UnixTime stamp. Here is what I have so far: SELECT COUNT( leads.investor ) as total, MONTHNAME( FROM_UNIXTIME( leads.date ) = 'January' ) AS jan , MONTHNAME( FROM_UNIXTIME( leads.date ) = 'February') AS feb , MONTHNAME( FROM_UNIXTIME( leads.date ) = 'March' ) AS mar , MONTHNAME( FROM_UNIXTIME( leads.date ) = 'April' ) AS apr , MONTHNAME( FROM_UNIXTIME( leads.date ) = 'May' ) AS may , MONTHNAME( FROM_UNIXTIME( leads.date ) = 'June' ) AS jun , investors.first_name, investors.last_name, investors.investors_id FROM leads, investors WHERE YEAR( FROM_UNIXTIME( leads.date ) ) = '2010' AND leads.investor = investors.investors_id GROUP BY investors.investors_id LIMIT 0 , 30 I've only added 6 months while testing. The total part is working fine, for the whole year, but I am having a hard time getting the query to tally the leads by month. What am I missing here?? Thanks in advance!! James

So how would I use MySQL to do this work? Would I query the DB in every iteration of the loop. I'm not sure what I would even be querying. Heres the basic structure I have in place now: $start_date = strtotime($row['int_accrual_date']); $end_date = strtotime($row['maturity_date']); while ($start_date <= $end_date){ #### DO SOME STUFF ### $start_date = strtotime('+1 month', $start_date); }

Hello, I am making a website for a bond company, which has 30 year bonds. This puts the call dates at beyond 2038. None of my strtotime functions are working. Any ideas how to work around this. I think I am just storing the time as a varchar string in the DB. Can I just manually find what the strtotime value would be using sometimes like 30 times 31 556 926 seconds?? this doesnt account for leap years, etc I dont think? Any ideas?? James

hello, google is indexing a page in my site which is a nonsense page, with a blank GET value like this: home.php?category= where Category is NULL. It just shows my home page without doing anything. I want to try and redirect this to my home page, to give the home page the most SEO power, so I wrote the following script: if ($category == '0' || $category == NULL){ unset($category); header("HTTP/1.1 301 Moved Permanently"); header("Location: home.php"); But this just sets my home page into an infinite loop, where the page trying to be displayed is home.php?category= Any ideas why that GET value is being preserved. James

Hello, I have a piece of code which contains the following: <h1 class="productTitle"> Solar grid</h1> <div class="image"> <img src="../images/IGT.jpg" alt="Solar grid" /> </div> <div class="story"> XXX A BUNCH OF PLAIN TEXT XXX </div> and I am trying to parse a bunch of similar pages: I have the following preg_match code: $title = '/class="productTitle">(.+?)<\/h1>/'; $description = '/class="story">(.+?)<\/div>/'; preg_match($title,$source,$match1); preg_match($description,$source,$match2); The two search terms are identical, but only the top preg_match is returning a value in $match1, $match2 is empty. Is there something about this preg_match code I am missing?? Is is because there are other </div>'s on the page and not just one, like there are with the h1 tag?? Any help would be awesome James

Hello, I am writing a payment commission reconciling script, in php, but I would also like the commission totals to update on the page using javascript. I am uncertain of the syntax to grab an array of form elements, all having the same name. Here is my html data, where K is the payment id <td><input type='hidden' name='payment[{$k.paymentid}][total]' value='{$k.amount}'></td> <td><input type='text' name='payment[{$k.paymentid}][commission]' value='.185'></td> <td><input type='text' name='payment[{$k.paymentid}][expenses]' value='0.00'></td> <td><input type='checkbox' name='payment[{$k.paymentid}][pay]' value='Y'></td> I would like grab these values, in javascript and lop through them, and display the commission due, as the figures are typed in. I have tried this: <script type="text/javascript"> function getElements() { var x=document.getElementsByName("payment[][]"); alert(x.length); } </script> just to test if the array of items is being pulled in, and it shows 0 items. Any ideas. James

this is what they gave me to work off of...and Im having a hard time relating this to the actual code of writing the response. All I can think of its that they are maybe expecting an additional function called DeleteProducts, and since I dont have that yet...I am getting the error... <?xml version='1.0' encoding='UTF-8'?> <wsdl:definitions xmlns:http="http://schemas.xmlsoap.org/wsdl/http/" xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:s="http://www.w3.org/2001/XMLSchema" xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/" xmlns:tns="http://www.kosmoscart.com/demo/ws/RMSConfirmWS.php" xmlns:tm="http://microsoft.com/wsdl/mime/textMatching/" xmlns:mime="http://schemas.xmlsoap.org/wsdl/mime/" targetNamespace="http://www.kosmoscart.com/demo/ws/RMSConfirmWS.php" xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/"> <wsdl:types> <s:schema elementFormDefault="qualified" targetNamespace="http://www.kosmoscart.com/demo/ws/RMSConfirmWS.php"> <s:element name="ImportRMSProducts"> <s:complexType> <s:sequence> <s:element minOccurs="0" maxOccurs="1" name="xmlStr" type="s:string" /> </s:sequence> </s:complexType> </s:element> <s:element name="ImportRMSProductsResponse"> <s:complexType> <s:sequence> <s:element minOccurs="0" maxOccurs="1" name="ImportRMSProductsResult" type="s:string" /> </s:sequence> </s:complexType> </s:element> <s:element name="DeleteProducts"> <s:complexType> <s:sequence> <s:element minOccurs="0" maxOccurs="1" name="xmlStr" type="s:string" /> </s:sequence> </s:complexType> </s:element> <s:element name="DeleteProductsResponse"> <s:complexType> <s:sequence> <s:element minOccurs="0" maxOccurs="1" name="DeleteProductsResult" type="s:string" /> </s:sequence> </s:complexType> </s:element> <s:element name="string" nillable="true" type="s:string" /> </s:schema> </wsdl:types> <wsdl:message name="ImportRMSProductsSoapIn"> <wsdl:part name="parameters" element="tns:ImportRMSProducts" /> </wsdl:message> <wsdl:message name="ImportRMSProductsSoapOut"> <wsdl:part name="parameters" element="tns:ImportRMSProductsResponse" /> </wsdl:message> <wsdl:message name="DeleteProductsSoapIn"> <wsdl:part name="parameters" element="tns:DeleteProducts" /> </wsdl:message> <wsdl:message name="DeleteProductsSoapOut"> <wsdl:part name="parameters" element="tns:DeleteProductsResponse" /> </wsdl:message> <wsdl:message name="ImportRMSProductsHttpGetIn"> <wsdl:part name="xmlStr" type="s:string" /> </wsdl:message> <wsdl:message name="ImportRMSProductsHttpGetOut"> <wsdl:part name="Body" element="tns:string" /> </wsdl:message> <wsdl:message name="DeleteProductsHttpGetIn"> <wsdl:part name="xmlStr" type="s:string" /> </wsdl:message> <wsdl:message name="DeleteProductsHttpGetOut"> <wsdl:part name="Body" element="tns:string" /> </wsdl:message> <wsdl:message name="ImportRMSProductsHttpPostIn"> <wsdl:part name="xmlStr" type="s:string" /> </wsdl:message> <wsdl:message name="ImportRMSProductsHttpPostOut"> <wsdl:part name="Body" element="tns:string" /> </wsdl:message> <wsdl:message name="DeleteProductsHttpPostIn"> <wsdl:part name="xmlStr" type="s:string" /> </wsdl:message> <wsdl:message name="DeleteProductsHttpPostOut"> <wsdl:part name="Body" element="tns:string" /> </wsdl:message> <wsdl:portType name="RMSConfirmWSSoap"> <wsdl:operation name="ImportRMSProducts"> <wsdl:input message="tns:ImportRMSProductsSoapIn" /> <wsdl:output message="tns:ImportRMSProductsSoapOut" /> </wsdl:operation> <wsdl:operation name="DeleteProducts"> <documentation xmlns="http://schemas.xmlsoap.org/wsdl/">This method would accept product codes of the products that need to be deleted from the database and SKU codes if the inventory on certain items needs to be reset</documentation> <wsdl:input message="tns:DeleteProductsSoapIn" /> <wsdl:output message="tns:DeleteProductsSoapOut" /> </wsdl:operation> </wsdl:portType> <wsdl:portType name="RMSConfirmWSHttpGet"> <wsdl:operation name="ImportRMSProducts"> <wsdl:input message="tns:ImportRMSProductsHttpGetIn" /> <wsdl:output message="tns:ImportRMSProductsHttpGetOut" /> </wsdl:operation> <wsdl:operation name="DeleteProducts"> <documentation xmlns="http://schemas.xmlsoap.org/wsdl/">This method would accept product codes of the products that need to be deleted from the database and SKU codes if the inventory on certain items needs to be reset</documentation> <wsdl:input message="tns:DeleteProductsHttpGetIn" /> <wsdl:output message="tns:DeleteProductsHttpGetOut" /> </wsdl:operation> </wsdl:portType> <wsdl:portType name="RMSConfirmWSHttpPost"> <wsdl:operation name="ImportRMSProducts"> <wsdl:input message="tns:ImportRMSProductsHttpPostIn" /> <wsdl:output message="tns:ImportRMSProductsHttpPostOut" /> </wsdl:operation> <wsdl:operation name="DeleteProducts"> <documentation xmlns="http://schemas.xmlsoap.org/wsdl/">This method would accept product codes of the products that need to be deleted from the database and SKU codes if the inventory on certain items needs to be reset</documentation> <wsdl:input message="tns:DeleteProductsHttpPostIn" /> <wsdl:output message="tns:DeleteProductsHttpPostOut" /> </wsdl:operation> </wsdl:portType> <wsdl:binding name="RMSConfirmWSSoap" type="tns:RMSConfirmWSSoap"> <soap:binding transport="http://schemas.xmlsoap.org/soap/http" style="document" /> <wsdl:operation name="ImportRMSProducts"> <soap:operation soapAction="http://www.kosmoscart.com/demo/ws/RMSConfirmWS.php" style="document" /> <wsdl:input> <soap:body use="literal" /> </wsdl:input> <wsdl:output> <soap:body use="literal" /> </wsdl:output> </wsdl:operation> <wsdl:operation name="DeleteProducts"> <soap:operation soapAction="http://www.kosmoscart.com/demo/ws/RMSConfirmWS.php" style="document" /> <wsdl:input> <soap:body use="literal" /> </wsdl:input> <wsdl:output> <soap:body use="literal" /> </wsdl:output> </wsdl:operation> </wsdl:binding> <wsdl:binding name="RMSConfirmWSHttpGet" type="tns:RMSConfirmWSHttpGet"> <http:binding verb="GET" /> <wsdl:operation name="ImportRMSProducts"> <http:operation location="/ImportRMSProducts" /> <wsdl:input> <http:urlEncoded /> </wsdl:input> <wsdl:output> <mime:mimeXml part="Body" /> </wsdl:output> </wsdl:operation> <wsdl:operation name="DeleteProducts"> <http:operation location="/DeleteProducts" /> <wsdl:input> <http:urlEncoded /> </wsdl:input> <wsdl:output> <mime:mimeXml part="Body" /> </wsdl:output> </wsdl:operation> </wsdl:binding> <wsdl:binding name="RMSConfirmWSHttpPost" type="tns:RMSConfirmWSHttpPost"> <http:binding verb="POST" /> <wsdl:operation name="ImportRMSProducts"> <http:operation location="/ImportRMSProducts" /> <wsdl:input> <mime:content type="application/x-www-form-urlencoded" /> </wsdl:input> <wsdl:output> <mime:mimeXml part="Body" /> </wsdl:output> </wsdl:operation> <wsdl:operation name="DeleteProducts"> <http:operation location="/DeleteProducts" /> <wsdl:input> <mime:content type="application/x-www-form-urlencoded" /> </wsdl:input> <wsdl:output> <mime:mimeXml part="Body" /> </wsdl:output> </wsdl:operation> </wsdl:binding> <wsdl:service name="RMSConfirmWS"> <wsdl:port name="RMSConfirmWSSoap" binding="tns:RMSConfirmWSSoap"> <soap:address location="http://www.kosmoscart.com/demo/ws/RMSConfirmWS.php" /> </wsdl:port> <wsdl:port name="RMSConfirmWSHttpGet" binding="tns:RMSConfirmWSHttpGet"> <http:address location="http://www.kosmoscart.com/demo/ws/RMSConfirmWS.php" /> </wsdl:port> <wsdl:port name="RMSConfirmWSHttpPost" binding="tns:RMSConfirmWSHttpPost"> <http:address location="http://www.kosmoscart.com/demo/ws/RMSConfirmWS.php" /> </wsdl:port> </wsdl:service> </wsdl:definitions>

most of that code is just for parsing the xml..and turning it into an array...then writing it to a DB. It seems like the response it looking for a parameter named "s", but I don't see how I name the "response". Seems like the return is unnamed, when it should be in the form of a parameter. I am also wondering if this matters, since the values are being written to the DB, it's just the response that is not being recognized. There is prolly a simple answer I am overlooking somewhere. Thanks again in advance. James

here is my code: <?php function _del_p(&$ary) { foreach ($ary as $k=>$v) { if ($k==='_p') unset($ary[$k]); elseif (is_array($ary[$k])) _del_p($ary[$k]); } } function ImportRMSProducts(&$string) { $parser = xml_parser_create(); xml_parser_set_option($parser, XML_OPTION_CASE_FOLDING, 0); xml_parse_into_struct($parser, $string, $vals, $index); xml_parser_free($parser); $mnary=array(); $ary=&$mnary; foreach ($vals as $r) { $t=$r['tag']; if ($r['type']=='open') { if (isset($ary[$t])) { if (isset($ary[$t][0])) $ary[$t][]=array(); else $ary[$t]=array($ary[$t], array()); $cv=&$ary[$t][count($ary[$t])-1]; } else $cv=&$ary[$t]; if (isset($r['attributes'])) {foreach ($r['attributes'] as $k=>$v) $cv['_a'][$k]=$v;} $cv['_c']=array(); $cv['_c']['_p']=&$ary; $ary=&$cv['_c']; } elseif ($r['type']=='complete') { if (isset($ary[$t])) { // same as open if (isset($ary[$t][0])) $ary[$t][]=array(); else $ary[$t]=array($ary[$t], array()); $cv=&$ary[$t][count($ary[$t])-1]; } else $cv=&$ary[$t]; if (isset($r['attributes'])) {foreach ($r['attributes'] as $k=>$v) $cv['_a'][$k]=$v;} $cv['_v']=(isset($r['value']) ? $r['value'] : ''); } elseif ($r['type']=='close') { $ary=&$ary['_p']; } } _del_p($mnary); $xml_response = "<?xml version=\"1.0\" encoding=\"utf-8\"?> <XMLResponse>"; mysql_connect("localhost", "dubcorpm_test", "1234") or die(mysql_error()); mysql_select_db("dubcorpm_test") or die(mysql_error()); foreach($mnary[Products][_c][ProductItem] as $k=>$v){ $productcode = $v[_c][itemCode][_v]; $xml_response.= "<Product Code=\"".$productcode."\"> <Error Code=\"0\">Success</Error> </Product>"; mysql_query("INSERT INTO test (data,id) VALUES ('$productcode','1')") or die(mysql_error()); } $xml_response.= "</XMLResponse>"; return $xml_response; } $server = new SoapServer(null, array('uri' => "urn://www.dubcorp.com/test/soap.php")); $server->addFunction("ImportRMSProducts"); $server->addFunction("_del_p"); $server->handle(); ?> I wrote a script to test the output here: http://dubcorp.com/test/soapclient.php Any ideas??

I am writing my first php SOAP application, to talk with a POS system. I have the thing working kinda, but I am still unsure exactly the relationship between my SOAP app and the WSDL the POS company gave me to copy from. There just seems to be a lot of info that I'm not sure what is for. So far, when the POS sends the request to my php script, I have it working to where the data is grabbed, inserted into the DB, and the a response is sent. But I am still getting this error: There was a problem communicating with the web service. More information: Value cannot be null. Parameter name: s I am not sure what parameter name s is, or how it relates to anything. Any help would be appreciated since I am more than a little lost. James

yes...I did that as a fix... Im just curious why this would happen? Can php break?? Do I need to re-compile maybe?? james

I renamed php5.cgi as a test, but it doesnt change the $_SERVER variables. I still get php5.cgi instead of home.php for the filename.

Sorry if I'm not being clear. the problem is that the variable is not holding the right name. This file is called home.php, not php5.cgi. It is not returning the correct name, and that is breaking all my scripts where I use PHP_SELF. JAmes

#!/bin/bash PHPRC=$DOCUMENT_ROOT/../etc/php5 export PHPRC umask 022 SCRIPT_FILENAME=$PATH_TRANSLATED export SCRIPT_FILENAME exec /usr/bin/php5-cgi