[[SOLVED] $_SERVER['HTTP_REFERER'] Forging]

But if you're on a shared server (like me), other users can potentially hijack an active session (since most shared servers have a common session_save directory).

[Image size limit in sigs]

Maybe if it's not in the ACP, you can download a mod for it. 

[[SOLVED] $_SERVER['HTTP_REFERER'] Forging]

Yes, people generally say that sessions are more secure than cookies. This piece of code that I've posted is what I generally use on making sure that the form came from my website.

[[SOLVED] Something Wierd]

Aren't you supposed to have an "if/else" statement on the last line of code that you've posted? "==" are generally in if/else statements...

[[SOLVED] $_SERVER['HTTP_REFERER'] Forging]

Have this:

$page = $_SERVER['PHP_SELF'];
$_SESSION['page_check'] = $page;

on login.php

 

and on the process page, have something like this:

<?php
session_start();
if($_SESSION['page_check'] == "login.php") {
   unset($_SESSION['page_check']);
   // Proceed
}
else {
   unset($_SESSION['page_check']);
   // Fail - Display an error message
}
?>

[ErrorDocument]

...or make the error document larger. You never know with browsers and their limits... 

[[SOLVED] Users Online (from scratch)]

However, if you want somebody to completely make the code for you, please post your request in the freelancers area.

[Users Online Type Thing]

First of all, list all the fields you have for the table (as well as their types). I need to know what you're table structure is first.

[[SOLVED] $_SERVER['HTTP_REFERER'] Forging]

As stated in the PHP manual, it's not very reliable.

[[SOLVED] What is Wrong With This]

If you wish for someone to rescript it for you, please post that in the freelance area.  But for now, just use the code that you have, and start to read on sessions.

[Searchable date format]

What do you mean by asking "is it searchable"?

[How to make your URL stay the same]

Either use a .htaccess file (using mod_rewrite) or use frames (not recommended)

[phpinfo.php downloads why?]

The last two responses obviously assume your using windows, and the last also assumes IIS, shudder.

 

LOL I guess I'm used to using Windows 2k....

[phpinfo.php downloads why?]

This is a good tut.

[Kontactr.com - One Click Contact Forms]

This looks more like an advertisement than it does an ask for critiques.

 

What exactly do you mean by that?

[Images upload]

chmod().

[how much should i take for this project?]

This has nothing to do with HTML. If you need specific HTML help, post here. Otherwise. please post in the correct category.

[Kontactr.com - One Click Contact Forms]

The layout's pretty good. But I noticed that the top right navbar was replaced by a link to the main page here. You might want to fix that. Also, maybe for a future project, add some options for the user to choose from to customize their forms.

[[SOLVED] Session logic]

I'll check those out. Thanks.

[[SOLVED] Exploited contact form]

Yeah, you really need to check everything that the user inputs, and escape them if necessary.

[Users Online Type Thing]

Set the Type to TIMESTAMP, and Attributes to ON UPDATE CURRENT_TIMESTAMP.

[Users Online Type Thing]

http://us2.php.net/manual/en/function.create-function.php

 

Look at example 722.

[Help: logout after idle X minutes]

Um, I think time would be fine...

[Users Online Type Thing]

Let's say you wanted to log a user out after 10 minutes. Create a new function named whatever you want, and a new column in the table named something like last_activity and set the type to timestamp. In the function, use strtotime to check when the user was last active, and if that was more than 10 minutes ago, unset the session for that user. Put the function in a file, and include/require that for every secure page.

 

[Help: logout after idle X minutes]

If that's the case, then yes, it'll be wise to put that inside of that function.