The14thGOD

Not sure what's up, but basically I am getting no session or cookies... (cookies are enabled) Here's the log in script. <?php session_start(); import_request_variables('pg'); if(empty($required)){ //spam field = required, if its filled, its spam include('../includes/connect_db.php'); $query = "SELECT * FROM challenge_users WHERE username=LOWER('".mysql_real_escape_string($username)."') LIMIT 1"; $result = mysql_query($query); if(mysql_num_rows($result) != 0){ $row = mysql_fetch_assoc($result); //password manipulation here if($secure_pass == $row['password']){ //also set session incase user doesnt accept cookies setcookie("cotw","$row[username];$secure_pass;$row[name];$row[email]"); $_SESSION['username'] = $row['username']; $_SESSION['password'] = $row['password']; $_SESSION['name'] = $row['name']; $_SESSION['email'] = $row['email']; //$data = explode(';',serialize($_COOKIE['cotw'])); //chk the database to see if the current challegne is completed, return value in array //so that the js doesn't show the wrong message/form if it is $chk_query = "SELECT completed FROM challenge_challenge WHERE the_date='".mysql_real_escape_string($the_date)."' LIMIT 1"; $chk_result = mysql_query($chk_query); $chk_row = mysql_fetch_assoc($chk_result); //encode in json //send this info back so JS can use it $json = array('error'=>0,'name'=>$row['name'],'email'=>$row['email'],'username'=>$row['username'],'pass'=>$secure_pass,'completed'=>$chkrow['completed']); //echo mysql_error(); echo json_encode($json); }else{ //encode in json //send this info back so JS can use it $json = array('error'=>1,'errors'=>'user/pass'); //echo $secure_pass; echo json_encode($json); } }else{ $json = array('error'=>1,'errors'=>'user/pass'); echo json_encode($json); } } ?> I know sessions work on this server, I use them for a different site on the same server. Once I figure out why I have no sessions or cookies, the rest of the scripts that are based on those should work too =P. Any and all help is greatly appreciated. Justin **edit I should note that it sends all the variables just fine in the response.

Um, a lot of ajax calls and form checking type things. I had another function in there so though it was ok. I just put it outside, along with the colon variable, and it appears to be working. Thanks, justin

I'm a noob when it comes to JS, but every example I've seen for a looping function looks the same but when I do it I get 'startTime is not defined'. here's the function: (it's inside a jquery ready function, so it doesn't start till everything is loaded) var colon = 0; function startTime(){ var today = new Date(); var hours = today.getHours(); var mins = today.getMinutes(); var monthdate = today.getDate(); var ampm = 'am'; if(hours>11){ ampm = 'pm'; } if(mins<10){ mins = '0'+mins; } $('#the_date').text(monthdate); $('#the_time_h').text(hours); $('#the_time_m').text(mins); $('#the_time_ampm').text(ampm); if(colon == 0){ $('#the_time_colon').css('visibility','hidden'); colon = 1; }else{ $('#the_time_colon').css('visibility','visible'); colon = 0; } //month var month = today.getMonth(); var months = new Array(13); months[0] = "January"; months[1] = "February"; months[2] = "March"; months[3] = "April"; months[4] = "May"; months[5] = "June"; months[6] = "July"; months[7] = "August"; months[8] = "September"; months[9] = "October"; months[10] = "November"; months[11] = "December"; $('#month p').text(months[month]); $('#month p').addClass(months[month].toLowerCase()); timer=setTimeout("startTime()",500); } startTime(); Thx for any and all help. Justin

Ok, I know I'm probably opening myself up to 'read the manual' or 'google' but I have and am still confused or finding things from 2001. (Sorry, this seemed to be the best area to put this in, I was looking for a 'general' category but didn't see one.) What is the current best encryption? I used to use md5 but I hear that's not very secure. I've seen people say sha512 or AES. Can anyone enlighten me (link articles if you wish). I'm only securing passwords for a private site, but I'm looking to learn more. This is a side project I'm doing to kill time. I plan to use salt(s) to also help in a method I read and it sounded good. Option was basically a random salt in the database as well as a salt not in the db (each user has their own salt as well as a site wide one). Though I'm not sure if that's just unnecessary or pointless? Also I was wondering what the best field to store a database in? When people store cookies, do they store your password in them? (I'm hoping to keep the user logged in when they come back the next day or something.) Thanks for any and all help, Justin

I just recently discovered this: http://dev.mysql.com/doc/refman/5.0/en/query-cache-operation.html And did some researching, it looks like its enabled by default (the settings were already what was in the configuration page: http://dev.mysql.com/doc/refman/5.0/en/query-cache-configuration.html). So is that all there is to it? I don't have to do anything with my SQL statements or php pages? It looks like there's an optional SQL_CACHE function but the setting for query_cache_type is 1. Thanks for clearing this up! Justin

Header("Location: ./page.php#middle") Give an element (usually an anchor tag): name="middle" attribute You can replace middle with anything you want.

Recently I did a project where I didn't actually need to return anything, was just counting. At the time I was just doing it fast cause of time so I did: SELECT browser FROM the_stats WHERE browser='Firefox' (just as an example) Whats the performance on that vs: SELECT COUNT(*) FROM the_stats WHERE browser='Firefox' (my first impression would be the above is bad due to the * like SELECT *) or SELECT COUNT(browser) FROM the_stats WHERE browser='Firefox' Thanks for any help on clearing this up. Justin

is the @ allowed in folder names on a server? even if it is, would that cause link problems?

a few ways i can think of. 1. have a javascript on select fire an ajax request to pull in the next drop down 2. make it a step process, once the user selects the class they have to hit submit, the page reloads and has the 2nd drop down with only the options corresponding to the first drop down. 3. render out all of the 2nd drop down possibilities and display:none; on them. then on select have a javascript function display:block; on the corresponding drop down menu.

I've always been curious. Whenever I run across tutorials on the web or forums I usually see people explaining forms and their variables using $_POST. Is there any difference (mainly benefits) from using $_POST['whatever'] vs using <?php import_request_variables('p'); $whatever; ?> Thanks in advance, Justin

I probably should of read that more carefully. I thought it was linking to only the ones you can change via ini_set, my bad. I guess I'll have to wait till i can get in to the database I was just hoping there was something really obviously wrong haha. Thanks, Justin

php_value upload_max_filesize 20M php_value post_max_size 20M php_value max_execution_time 200 php_value max_input_time 200 well..that didnt come up last time..ill try this. **Edit** tried and no success, same thing, blank white page, not much time delay from when I hit submit to the white page.

hmm according to this you can: http://us3.php.net/manual/en/ini.list.php it was linked from the ini_set function Even if I upload a small pdf, 200kb, the default of 2mb in php.ini, it still gives me a blank white page Do you have an example of how to set it via htaccess? I'll do a google search right now as well in case you don't get back.

Because Plesk's login system blows, this is going to be a little screwy. Currently I'm locked out of cpanel so I have no access to a database to back it up to start messing with code. Basically whenever a user uploads a PDF I get a blank white page (theres probably errors but error reporting is turned off to avoid any accidental variables being over written with wrong values). Does anyone see something wrong with the following code? I've used it before so not sure why it's breaking, figured a fresh pair of eyes would help: <?php if($_FILES["pdf1"]['name'] != ''){ $uploaddir = '../pdf/'; $rand = get_rand_id(; $filename = $rand.'_'.$_FILES["pdf1"]['name']; $file_dir = "$uploaddir" . "$filename"; $file_dir = str_replace(' ','_',$file_dir); move_uploaded_file($_FILES["pdf1"]['tmp_name'], "$file_dir"); }else{ $file_dir = $pdf1backup; } //pdf2 if($_FILES["pdf2"]['name'] != ''){ $rand = get_rand_id(; $filename = $rand.'_'.$_FILES["pdf2"]['name']; $file_dir2 = "$uploaddir" . "$filename"; $file_dir2 = str_replace(' ','_',$file_dir2); move_uploaded_file($_FILES["pdf2"]['tmp_name'], "$file_dir2"); }else{ $file_dir2 = $pdf2backup; } $file_dir = str_replace('../pdf/','',$file_dir); $file_dir2 = str_replace('../pdf/','',$file_dir2); ?> pdf1 and pdf2 are the names of the upload fields. I tried setting: <?php ini_set('upload_max_filesize','16M'); ini_set('post_max_size','16M'); set_time_limit(100); ?> but that didn't do anything. get_rand_id( is a function for random characters, its linked up right. I'd turn on errors but without a backup of the database I dont want to risk the script actually running. Any ideas? The error only occurs when uploading PDF's. This was built cheaply (the client didnt want to pay that much) so there is no file checking to make sure its a PDF. Only the client has access to this. Thanks for any and all help. Justin

apparently PHP development headers are not enabled on the server and they can not install them because they take up too much resources and they havnt fully tested security with them (this is what they said). So I guess I can't use memcache.

thanks, i have a friend who is going to help me with this, he's a little unsure of the compiling part though. is it just un-taring it? I also have to wait for bluehost to enable ssh, there some hoops to jump through so hopefully I can get that going. thanks for your help =) justin

I called bluehost, and the guy I spoke too was unfamiliar with it. He asked how it was installed and I said I didn't really know and it looked like it was through shell but I'm not familiar with it. He said if it's through shell I can do it. Otherwise I could go and try sending them what information I have and they would see if they could figure it out. Any advice or more info that would help me get this installed by chance? Thanks for any and all help. Justin

I'm looking to start messing with memcache(d?) and have a few questions I'm hoping to get quick answers for. Yes I know google is my friend but I don't think it'll answer these 'quick' Memcache==Memcached? (Doing a google search for memcache brings up memcached, also in php.net's documentation for installation they mention memcached) http://www.php.net/manual/en/memcache.installation.php I was looking for a tutorial on how to install memcache(d?) but I don't see anything useful (yet). Anyone got a good and easy tutorial link? Also I'm hosting on bluehost, and no experience with shell. The stuff in the link above looks like I'd have to use that? Is there anyway around that? I'm a little nervous doing that since I'm not familiar with it? I've never really installed anything on a server. Thanks, Justin

ok, hold on I think I figured it out, and it's a dumb thing... on my end of course =P Sigh, brb, to attempt this... *Edit * Yep I'm an idiot. I built this thing like 2-3 months ago and forgot that the main navigation pages are not editable, navigation wise, so they are on a slightly different (easier) system to modify the pages. I was on the completely dynamic pages system. So the reason why I wasn't seeing anything was because that page wasn't being called at all. I updated info and copied the INNER JOIN SQL and it worked fine. Thank you and sorry for all the posts.

Ya I'm stumped. i just did the query from SQL and it ran fine. Copied everything over. I do it from the site and it doesn't work. Here's the entire script: <?php import_request_variables('pg'); include('includes/connect_db.php'); include('includes/urlpathback.php'); include('includes/adminloggedin.php'); //Grab Info from databases $website_query = "SELECT * FROM website WHERE uid='$_GET[uid]' ";//$_SESSION['theurl'] is what the old url used to be from edit.php $website_result = mysql_query($website_query); $website_row = mysql_fetch_assoc($website_result); $preview_query = "SELECT * FROM preview WHERE uid='$_GET[uid]' ";//$_SESSION the new url which is stored in preview's db $preview_result = mysql_query($preview_query); $preview_row = mysql_fetch_assoc($preview_result); //upate database $query = "UPDATE subnav SET parent='$_SESSION[parent]',navtitle='$preview_row[navtitle]',url='$preview_row[url]',weight='$_SESSION[weight]',status='$_SESSION[status]' WHERE uid='$_GET[uid]' "; //Since subnav wasn't updated, you use the variable made in edit.php mysql_query($query); //$query2 = "UPDATE website SET pageid='$preview_row[pageid]',navtitle='$preview_row[navtitle]',title='$preview_row[title]',keywords='$preview_row[keywords]',description='$preview_row[description]',url='$preview_row[url]',headline='$preview_row[headline]',body='$preview_row[body]',status='enabled' WHERE uid='$_GET[uid]' "; //mysql_query($query2); $updateQuery = 'UPDATE website AS w INNER JOIN preview AS p ON (w.uid = p.uid) SET w.navtitle=p.navtitle, w.title=p.title, w.keywords=p.keywords, w.description=p.description, w.url=p.url, w.headline=p.headline, w.body=p.body, w.status=p.status WHERE w.uid = '.mysql_real_escape_string($_GET['uid']); mysql_query($updateQuery); //change all items that have a parent of as this page //if($oldnavtitle != strtolower(preg_replace('/[^a-zA-Z0-9-]/','',str_replace(' ','-',$navtitle)))) { //$newurl = str_replace($oldnavtitle,$url,$something); if($_SESSION['oldparent'] != $_SESSION['parent'] || $_SESSION['oldnavtitle'] != strtolower(preg_replace('/[^a-zA-Z0-9-]/','',str_replace(' ','-',$preview_row['navtitle'])))){ $query = "SELECT * FROM subnav WHERE parent='".$_SESSION['oldparent'].'/'.strtolower(preg_replace('/[^a-zA-Z0-9-]/','',str_replace(' ','-',$_SESSION['oldnavtitle'])))."' "; $result = mysql_query($query); while($row = mysql_fetch_assoc($result)){ $query2 = "UPDATE subnav SET parent='$preview_row[url]', url='$preview_row[url]".'/'.strtolower(preg_replace('/[^a-zA-Z0-9-]/','',str_replace(' ','-',$row['navtitle'])))."' WHERE uid='$row[uid]' "; mysql_query($query2); $query3 = "UPDATE website SET pageid='$preview_row[pageid]', url='$preview_row[url]".'/'.strtolower(preg_replace('/[^a-zA-Z0-9-]/','',str_replace(' ','-',$row['navtitle'])))."' WHERE uid='$row[uid]' "; mysql_query($query3); } } //done updating rest of pages unset($_SESSION['editdraft'],$_SESSION['oldnavtitle'],$_SESSION['oldparent'],$_SESSION['status'],$_SESSION['weight'],$_SESSION['parent'],$_SESSION['theurl'],$_SESSION['draft'],$_SESSION['uid'],$_SESSION['editurl']); header("Location: $preview_row[url]"); exit(0); ?> I mean really its just those 2 lines we are concerned about, the other stuff is editing other crap. I don't know what else could be affecting it, like I said, the data gets into the draft table just fine. Justin

The single quote is still not coming through to the website table. It's in the draft table (I'm in the database looking at it). It previews just fine (single quote is there in the copy) but after it publishes it still breaks. None of the changes I do happens (for example I just deleted a line of text and added single quotes, when I go to update, the text is the same as it was before I removed it. Meaning the query failed, but I'm not getting an error.)

I was just talking with someone about joins, guess this will be the first time I've used one. Thanks, I will try this and let you know! Justin

<?php $preview_query = "SELECT * FROM preview WHERE uid='$_GET[uid]' "; $query2 = "UPDATE website SET pageid='$preview_row[pageid]',navtitle='".mysql_real_escape_string($preview_row['navtitle'])."',title='".mysql_real_escape_string($preview_row['title'])."',keywords='".mysql_real_escape_string($preview_row['keywords'])."',description='".mysql_real_escape_string($preview_row['description'])."',url='$preview_row[url]',headline='".mysql_real_escape_string($preview_row['headline'])."',body='".mysql_real_escape_string($preview_row['body'])."',status='enabled' WHERE uid='$_GET[uid]' "; ?>

I woudln't have to worry about data being escaped then? (apparently mysql_real_escape_string() is not solving my issue. It's not liking the single quotes/apostrophes ', in the data. Any ideas?) It also may be helpful to note, the field im having issues with is a tinyMCE field.

This is the first time I had to add a preview function to my CMS so I went with what I thought would be easier to maintain. This is really the only hiccup I've run into because of the 2 tables. You would be correct, I am just grabbing the data from a query and using that data in another update. No $_POST at all. I'll go ahead and add hte mysql_real_escape_string function then to those fields. Luckily its a pretty small database. Thanks, Justin