Aeglos

Whoops, thanks for clarifying. Didn't test it with anything less than -1. And gurroa's alternative is indeed simpler and nicer, but I got the impression that he was looking for some math/algebraic formula (excluding boolean ). [/disclaimer]

At first glance, try removing the double quotes around $polno = "$_POST['polno']"; like so: $polno = $_POST['polno']; Remember $_POST is a variable, no need to encase it in double quotes when passing it's value around.

Ternary operator. It's a shorthand for an IF-THEN-ELSE. condition ? true_expression : false_expression If the condition is true, evaluate the true_expression, otherwise evaluate the false_expression. In your example: $real_result = $boolean_result ? 1 : 0; is equivalent to: if ($boolean_result) { $real_result = 1; }else{ $real_result = 0; }

Easy, use: x/{abs(x) + 1} + 1/{abs(x) + 1} Which is the same as (x + 1)/(abs(x) + 1) Hope it helps, cheers.

That would be the 80-column marker, to let you know when you're lines are "too long". Read the first part, "4.1 Line length" here: http://java.sun.com/docs/codeconv/html/CodeConventions.doc3.html Or check some short recent slashdot rant about the issue here (Didn't find it very insightful though). http://ask.slashdot.org/article.pl?sid=07/07/07/1931246

You should look into Content Managment Systems (CMS). Joomla, Seditio, Mambo, Drupal to name some of the most commonly known.

This is with the Demo account: Right after login in, I renamed "main" into "tutorials", which didn't throw any complaints, but didn't seem to do much either. The renaming didn't happen. So, then I went on to docs.markups and again, renamed it into "tutorials". This is what I got: Warning: rename(pages/docs.markups,pages/tutorials) [function.rename]: No such file or directory in /home/fastst/public_html/zapwiki/barn/commands.php on line 341 Warning: session_start() [function.session-start]: Cannot send session cookie - headers already sent by (output started at /home/fastst/public_html/zapwiki/barn/commands.php:341) in /home/fastst/public_html/zapwiki/barn/engine.php on line 562 Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /home/fastst/public_html/zapwiki/barn/commands.php:341) in /home/fastst/public_html/zapwiki/barn/engine.php on line 562 Warning: Cannot modify header information - headers already sent by (output started at /home/fastst/public_html/zapwiki/barn/commands.php:341) in /home/fastst/public_html/zapwiki/barn/engine.php on line 565 Warning: Cannot modify header information - headers already sent by (output started at /home/fastst/public_html/zapwiki/barn/commands.php:341) in /home/fastst/public_html/zapwiki/barn/engine.php on line 566 Upon clicking back on the browser, it THEN read "doc.markup could not be renamed". So, to press my luck a little more, I created a new "doc.markup" (no trailing S) page, and then renamed it to "doc.markups" and thus wiping out the Markup documentation (sorry )... Due to the direct rename attempt failure I assumed the documentation was protected, but I may be wrong and it was editable/rename-able (sic)... so I made no further tampering as this was the Demo account and not very conclusive . I also tried, and succeded in renaming "tutorials" into "sandbox" without warnings... the tutorials page now gives me "Test your markup here..." without textarea (Sorry about that :-X) that was the only place where I did not encounter some kind of overwritting check though. Maybe some "Are you sure you want to overwritte XXX?" would be nice. Then I registered, and attempted to see this page: http://www.fast.st/zapwiki/demo/index.php?p=action.all It says it's blocked, and the first entry in the bottom bar is "invalid link". I then created a new "test.one" page (As a registered user I can't rename nor copy pages). I inserted this link: [[?boguslink|uglylink]] And got this: Warning: preg_match() [function.preg-match]: Compilation failed: nothing to repeat at offset 1 in /home/fastst/public_html/zapwiki/barn/engine.php on line 437 Warning: preg_match() [function.preg-match]: Compilation failed: nothing to repeat at offset 1 in /home/fastst/public_html/zapwiki/barn/engine.php on line 437 Also I can edit non existant pages, and upon submiting the edit I get the "missing page" error. Also: (Not really important though): http://www.fast.st/zapwiki/demo/index.php?p=top http://www.fast.st/zapwiki/demo/index.php?p=bottom Now, [(math 1/0)] throws: Warning: Division by zero in /home/fastst/public_html/zapwiki/barn/functions.php(165) : eval()'d code on line 1 [(math 0.1.2)] throws: Parse error: syntax error, unexpected T_DNUMBER in /home/fastst/public_html/zapwiki/barn/functions.php(165) : eval()'d code on line 1 [(rand -1 a)] throws: Warning: preg_match() [function.preg-match]: Empty regular expression in /home/fastst/public_html/zapwiki/barn/engine.php on line 324 Warning: preg_match() [function.preg-match]: Empty regular expression in /home/fastst/public_html/zapwiki/barn/engine.php on line 324 Warning: rand() expects parameter 1 to be long, string given in /home/fastst/public_html/zapwiki/barn/functions.php on line 246 Using the [redirect] tag allows me to place text before the page header ( "Welcome to..." ). Leaving unclosed [t] tags messes the bottom bar's palcement. Finally, I managed to lock the site in an infinite loop by forwarding a page onto itself with [(forward page)]. And that's all for now... if I find anything else, i'll post. Hope it helps in some way. ( http://www.fast.st/zapwiki/demo/index.php?p=login.malicioususer for my up to date tampering. ) Cheers and nice work.

You can enter more than 1 digit per square and it messes the sudoku's formating when clicking on other cell.

*edited* (whoops, wrong thread... my bad).

But what if (thinking ins scalability here) I have to change the language of the basic system messages, so for example instead of saying "Form submited" it says "Formulario enviado" or whatever. Having to re-code ALL the debug() methods would be impractical, as also would be having ALL the classes read the same language file thus duplicating the amount of disk reads and increasing the variable overhead. Spliting all the messages in different class specific files would leave me with a host of micro files which carry the same -or worse- issues. Centralizing all the system messages which are template independant is what I'm trying to achieve, thus the doubt between the message object or the super global functions.

Hello peeps, I am seeking advice and enlightment with a "philosophical" issue I'm having. I'm beginning to code a small MVC framework as a learning project and future site building tool (Being tired of recoding and redesigning everything all the time); the basic crunchy bits are done (registry, controllers, URIs, etc)... but I arrived at a point where It seemed that I would benefit having some sort of BOS (as in "Basic Output System") or as it might be more commonly known, a message abstraction layer, which I'd like to: [b]A)[/b] Output basic messages, such as "Controller not found", "Failed to load class", "Form subtmited", etc. [b]B)[/b] Generate and log similar messages, at a more crude description level for debugging purposes, such as "file ../include.php not found", "Class_Form class loaded", "Object registered", etc. Now, searching around Dr. Google I found this: [url=http://www.phpfreaks.com/tutorials/109/0.php]http://www.phpfreaks.com/tutorials/109/0.php[/url]. Which helped me with implementation, language separation and what not. Yet I thought "Well, i'll just do it OOP-style and make a message class". There I got to a redundancy problem... For the messager class to be readily available for status output by the various OTHER classes (including the registry!), it has to be set in the registry objects array. Now, the set() method on the registry is supposed to log the "Object set correctly/failed" message(s), thus making the message class sort of mandatory, which I don't feel like doing since I feel it would break encapsulation (registry and message layer too interdependant). But on the other hand, if the message class is NOT mandatory (to the registry at least), I have no way of loging any message, so I'm really lost  ??? (And I quickly scrapped the idea of making every other class constructor's use the message layer instead of the reg's set() method, for the same reasons, and many other obvious problems with that approach). I've looked at what codeigniter does, and as in the above tutorial, it makes use of 2 "common" global functions, "show_message()" and "log_message()". Now here is where I'm torn... since i'm going OOP all the way, feels kinda akward to use global functions residing outside all my clases as sorts of "superglobal methods"  :-\ but so far it's the most simple and practical approach I've found. Any suggestions on how to tackle this? Another thing I've thought is to include my message/log methods in the base controller, since they should be "common functionality" throughout the whole application, but then again I'm not sure if such methods belong in a controler in the first place since they feel more like model or even view. (and yet none of them at the same time  :-\ ) I know I'm probably drowning in a glass of water here because of excessive OOP zealotry, but i really want to find some "elegant" solution to this, without having to scrap the whole message abstraction layer idea which I feel to be usefull (and of my personal liking). So the whole thing might be summed down to: Is using global functions outside class scope, which may be accesible to all (or none) classes against the OOP principles and practices? Thanks to all in advance, and cheers for a great community. (And sorry for the long post  ;D)

Well, since I always read the forum I guess I should finally post something remotely helpfull... The site is in good tracks but really... check your validation. It's a TOP concern before adding new functionality. I got around the "<script>" check by not declaring the javascript and using an onMouseOver event handler (Check the ASDF link... inside the big fat table) instead...  ;D a not so friendly onLoad handler and your page goes kaput. And well... I kinda feel guilty since the view adress page is now really messed with my table tampering  :P I even got marquees, Forms and CSS in (after a few tries I remembered to use ":" instead of "="). So htmlentities is your friend here and/or some alphanumeric REGEXP. Looking forward for the next version! Cheers. Edit. Lol, did a search for the word "now", two results popped up: "Unknown" and "now" (second one submited by me... entry contains a "malicious" submit buton). So, I clicked on "now" and took me to the "now" profile page. My "ClickMe" malicous button of DooM was there, and upon clicking it, I stumbled to a page which displayed "You should not be on this page."  :D On further inspection, that happens when there is no GET argument passed to the search and profiles pages. Consider redirecting them to the default search and directory listing views instead. Edit nº2. Incidentaly I now found out that while playing with the "Back" button on my browser I re-posted some fields... that should NOT happen... I realised thay you are passing every single form argument through GET to the addadress.php page... why? POST is already there, why pass the arguments through GET?? Only adds more complexity and potential security holes. Also alows to skip any direct on the fly javascript validating on the form fields, since a user could simply populate the browser adress with malicious code.