s0c0

Andy, I'm not sure I understand. The line of code you pointed out comes after the response so how does this affect anything? From the page you post, it looks as if I should be using this: xhr.send(data); after declaring the content-type, but the page appears a bit skimpy on its explanation. Got that particular way of making such a request from some out-date book at the library

I'd like to get a little insight on how which of the following two is the best method, looking from both the aspects of simplicity and security. I've just completed work on my second Ajax project and set up my calls like so. Page: something.php User event triggers a JavaScript function. This function builds a URL string with some data, and makes an HTTP GET request to something.php. The URL string might look something like this: something.php?function=doSomething&value=1. At the very top of the page, something.php, there is session control that will redirect a user if they do not have a valid session. After this there is a switch statement that looks something like this: if($_GET[function]) { switch($_GET[function]) { case 'doSomething': echo somePHPFunction($_GET[value]); break; case 'dontDoIt: echo someOtherPHPFunction($_GET[value]); break; } return; } I think this is pretty secure. Since the no one can pass anything into the page without having a valid session, it seems very simple as each time you create a new JavaScript function that will be doing a request you just add another case to your switch statement, and its low on bandwidth as one it hits that case, it returns, and no further parsing of that particular page is done. It also centralizes code into a single page. Are there any downsides to doing it this, ie, is having an external page better?

For sensitive information I've switched from a GET to an HTTPS POST for my http requests. Everything works fine, and thats what boggles my mind. My existing PHP code is set to handle GET requests, not POST requests. My JavaScript code looks like this: /* create a $_GET string strArr by looping through each form field */ var strArr = ""; for(i=0; i<document.posfrm.elements.length; i++) { strArr += document.posfrm.elements[i].name + '*' + document.posfrm.elements[i].value + '|'; } /* remove offensive characters from the $_GET string strArr */ var match="1"; while(match=="1") { if(strArr.match("#")) { strArr = strArr.replace("#", ""); match="1"; } else if(strArr.match("&")) { strArr = strArr.replace("&", ""); match="1"; } else { match="0"; } } /* $_GET url to be passed to PHP method via http request */ var url = "somePage.html?func=orderConfirmation&strArr=" + strArr; if(XMLHttpRequestObject) { XMLHttpRequestObject.open("POST", url); XMLHttpRequestObject.setRequestHeader('Content-type', 'application/x-www-form-urlencode'); XMLHttpRequestObject.onreadystatechange = function() { if (XMLHttpRequestObject.readyState == 4 && XMLHttpRequestObject.status == 200) { try { var txtDocument = XMLHttpRequestObject.responseText; validationDiv.style.height = 'auto'; validationDiv.style.border = '1px solid #000'; validationDiv.innerHTML = txtDocument; } catch(err) { progressDiv.innerHTML = ''; alert("Error submitting order"); } } } XMLHttpRequestObject.send(null); } } Now my PHP code looks like this: /* GET requests: determine what function the XMLHttpRequestObject requested */ if($_GET[func]) { switch ($_GET[func]) { case 'orderConfirmation': echo $T_POS_DEV->returnOrderConfirmation(urlencode($_GET[strArr])); break; } return; } How does this work if I am posting? Just trying to understand this stuff a little better, thanks.

I'm running debian etch using postfix as my SMTP server. I am able to send via my PHP code with the following snippet: function sendMail($to, $from, $subject, $msg) { $headers = 'FROM: '.$from."\r\n"; mail($to, $subject, $msg, $headers); return true; } But when I try sending from a mail client such as thunderbird or via telnet it does not allow me. Authentication fails on thunderbird, and in telnet I get the following error: Here is what my /etc/postfix/main.cf file looks like: There error logs don't give me much to go on either, and yes, this particular server is running on a residential comcast cable connection.

bah, i was using the imap_open function incorrectly, I'm going to use that instead of fsockopen now. For pop3 connections you need to: $mbox = imap_open("{mail.server.com/pop3}INBOX", "username", "password");

so help me god, i've begun reading rfc 1939

If there is an easier way then please tell me. I've tried using the imap_open function to access the mailbox specifying port 110 instead of 143, but no dice. So I've been relegated to using fsockopen and sending telnet commands. I can use all the basic commands and retrieve individual messages, but the caveat is that I need to be able to open WAV files that are attached to these emails. I'm not having any luck with this. If I could just somehow store the wav file somewhere on the server in a tmp folder or something that would work great. For full disclosure, yes I am connecting to a remote pop3 server, if it was on the same host i imagine that would make this somewhat easier. Any ideas?

If I had a dime for every time someone questioned the legality of this site, then well, I'd have a lot of dimes.

frankly i didnt even know it was possible to do that, are you sure you can do that? However here: http://www.php.net/manual/en/ref.mail.php it looks like there is an example of exactly what you are trying to do.

thanks for all those sql injection and xsl attack attempts, did any of those actually succeed?

Check it out and criticize http://www.mp3crib.com

This is what you want to do, echo our your sql query to the screen and run it directly. I think one of the problems in your sample of code there is that in your sql query you are not doing it like this: $getthreads = "SELECT * FROM forumtutorial_posts WHERE parentid='0' and forumid= '[b]$_GET[forumid][/b]' ORDER BY realtime DESC"; I'm anal and so I put all mysql keywords in caps, but the main part in there is the '$_GET[forumid]' Echoing your sql query is a to the screen and making sure that runs correctly is a good first step though, then you can move on to other portions of your code.

I think you're correct roopurt. I should have one xmlhttprequest trigger multiple method calls server-side and just return more data at once to prevent multiple requests. Damnit, I'm sick of fixing things, this is what happens when management sets strict unobtainable deadlines that I told them could not be met in the first place and they do not allow for proper testing of the application...ARRRRGGGGHHHHHHH!!!!!!! Working at home tonight...ROUND 10...FIGHT!

When I make more than one XMLHTTPRequest inside a javascript function I get errors and exceptions. So I have to encapsulate other XMLHTTPRequest functions inside the setTimeout function, to pause the functions time of execution. Is this a valid way of handling such a problem? Is this really just some lowly hack? Is there a better way to do what I am attempting? Please advise.

i dig this.

It looks professional, however it looks like something that was purchased off of templatemonster to be honest, which can mean both good and bad. My main suggestion, play around with different font styles as the one you've chosen doesn't do it for me.

Not sure, I use PHP/MySQL on linux like it was meant to be. Perhaps your error/warning settings in your php.ini file are set to high...does the login for work, but just displays an error at the bottom?

Why are you not using the stanard move uploaded file function for this? Here is an example of what I'm taking about: http://www.w3schools.com/php/php_file_upload.asp Has php introduced some new way of doing this that I am not aware of? If this is not the problem perhaps the max upload file size option in the php.ini file is set to low.

Ive been interested in doing a real time strategy game on a LAMP system + Ajax for a while now, just dont wont to take it up on my own. Oh sure there is one other out there, but it doesn't use any ajax or flask, its basically completely text/form based. Id like to really take it a step further. Anyways, a guy at my work does a pretty cool sudoku site like the one you described, check it out http://www.daily-sudoku.org/sudoku/

I've read that using POST is not any more secure than using a GET in your xmlhttprequest object. My company has recently deployed a point of sale system for our CSRs that is heavy on ajax and uses only GET requests. At this point all the traffic is inside our network, but there is still a bit of security concern there that I would like to address immediately, further more at some point in the near future this will be opened up to contractors and other companies to sell our products. I am worried about these get requests sending peoples credit card information across the web. If I were to implement POST over HTTPS would the data contained inside the POST be encrypted by SSL, is this correct? And it would not matter if we were sending GETs over SSL since someone listening in could still view the url string, correct? Please advise.

No you have not missed the point, this is an acceptable solution. However I was hoping to use preg_replace since you can put the characters youd liked removed in an array, but Im lazy to ill use this instead.

I am returning a string from PHP script that queries a mysql database to javascript which then later seperates a bunch of values with an asteriks and passes them back to a PHP script to be exploded on that character. So when I'm returning products with asteriks * in them its bound to cause some problems. I have tried using the following preg_replace("/*/", "", $row[name]) but I get the following error: Compilation failed: nothing to repeat at offset 0 in somescript.php on line 143 I have tried using trim and ereg_replace as well, but with no luck. I have also tried using javascripts replace method, but it does not do a very good job of this. Any ideas on how I can solve this problem?

best thing to do is ask questions about the company during the interview and study before you get the job. before my job i asked what standards they usesd, what versions of php and mysql they were on, and what platform they used. I then based on those answer ebgaan studying php 4 , mysql 4, zend, and centos. Im doing just fine.

The concept is hilarious lol. Design could use some work, this reminds me of hot or not. Haha, way to be original, manymates lol. How do you stop people from cheating though? I guess there is no way really huh? Anyways your design is very simple, but I think thats okay with this site. I've personally never liked black as a background and I'm not sure it fits your site at all. Your site is a very social type site, not a dark disturbed site, and is therefor best represented by lighter colors IMO.

Overall I like this. One suggestion I would play around with is trying out some different backgrounds. I like your graphic and use of curved borders. Oh the blue border on the FAQ page around the text area has got to go. I does not fit the color scheme of your site at all and is very painful to look at. On an ending note, I would be satisfied with my work on this site had I designed it this way. Good job, just please get rid of the blue border and consider playing around with background colors.