MadTechie

Well the XML are completely different! even without the 60 second count down, http://fr33.ulmb.com/gr/xml.xml will give an invalid URL ie http://www.site.com/soccer-rainbow.m4v http://www.zideo.nl/media.php?playzideo=6b3447616f467478&zideo=6c49575a6e6c633d is fine, but your need to update your code to suite!

In that case use that link, instead of http://fr33.ulmb.com/gr/xml.xml

Humm.. well if ping is responding, then its not turned off! I assume you also get a response from terminal.

Can you post the full logout route/script.. if the above is the full script then you have missed the session_start(); from the start!

Where does $row['id'] come from ? Think of sessions as a global array. you should have something like this session_start(); if(!empty($_GET['debug'])) $_SESSION['viewed'] = false; //debug if(empty($_SESSION['viewed'])){ $_SESSION['viewed'] = true; echo "hey"; $SQL = sprintf("UPDATE prays set views=views+1 WHERE id=%d LIMIT 1",$row['id']); mysql_query($SQL) or die($SQL."\n".mysql_error()); }else{ echo "already viewed"; } pass &debug=true in the URL to override the "already viewed" check

Have you tried the fsocket one, instead (that's my preferred method)

Okay thats the login, that should stay the same, But what about pages inside the CMS, ie Just say you have 4 pages index.php //All users members.php //Logged in members login.php //login (sets sessions) admin.php //Logged in admins only Now, when someone goes to admin.php, the system checks to see if they are logged in and an administrator.. and the same for members.php (but with lower access rights) What's the code to check the access right on the page irself ?

If you read the whole thread your see that this has already been solved and the loopback IP was used as an example.

I'm probably missing thing here but can't you just make class B abstract ie <?php abstract class ClassB{ function __construct(){} function test(){ return "Class B"; } } class ClassA extends ClassB{ function DoIT(){ return $this; } } $A = new ClassA(); $B = $A->DoIT(); echo $B->test(); // returns "Class B" $X = new ClassB(); // return Fatal error: Cannot instantiate abstract class ClassB

Hummm, when it goes back into the CMS, do they still have their access rights ? also do you have a logged in check at the start of the CMS page ? ie session_start(); if(empty($_SESSION['UserID'])) header("Location: login.php");

you mean like this ? session_start(); if(empty($_SESSION['viewed'])){ $_SESSION['viewed'] = true; mysql_query("update table set views=views+1 where id=$id"); }

Your welcome, as a note the line if(stripos($R,"Reply from") !== false) $valid = true; worked on my WinXP machine (running wampserver)

replace if(stripos($R,"Reply from") !== false) $valid = true; with if(preg_match('/(\d+) packets transmitted, \1/i', $R)) $valid = true; all its going to do it check that the transmitted and received are the same or if(preg_match('/\d+ packets transmitted, \d+ received, 0% packet loss/i', $R)) $valid = true; to check no packets where lost ~OR~ you could do this if(preg_match('/([1-9]\d*) packets transmitted/i', $R)) $valid = true; to check at least 1 packet made it

Try his for debugging <?php $ping_ex = exec("ping 127.0.0.1", $ping_result, $pr); $valid = false; foreach($ping_result as $R){ if(stripos($R,"Reply from") !== false) $valid = true; } if($valid){ echo "On-line"; }else{ echo "Off-line"; echo "$ping_ex - ".implode("<br>\n",$ping_result); }

Oh but if you use the exec then you can check it like this $ping_ex = exec("ping 127.0.0.1", $ping_result, $pr); $valid = false; foreach($ping_result as $R){ if(stripos($R,"Reply from") !== false) $valid = true; } if($valid){ echo "On-line"; }else{ echo "Off-line";}

Personally I don't like using exec, using sockets or fsockets works fine, example <?php $URL = "www.phpfreaks.com"; $X = Ping($URL,300); if($X == 0){ echo 'Ping offline - response'; }else{ echo 'Ping online - response'; } function Ping($WebServer,$timeout=10,$Port = 80){ Set_Time_Limit(0); //Time for script to run .. not sure how it works with 0 but you need it Ignore_User_Abort(True); //this will force the script running at the end $handle = @fsockopen($WebServer, $Port,$errno,$errstr,$timeout); if (!$handle){ //echo "Failed to open ProxyServer $WebServer errno=$errno,errstr=$errstr<br>"; return 0; } else { $status = socket_get_status($handle); //Time the responce list($usec, $sec) = explode(" ", microtime(true)); $start=(float)$usec + (float)$sec; $timeout=120; stream_set_timeout($handle,$timeout); //send somthing ini_set('display_errors','0'); $write=fwrite($handle,"echo this\n"); if(!$write){ return 0; } stream_set_blocking($handle,0); //Try to read. the server will most likely respond with a "ICMP Destination Unreachable" and end the read. But that is a responce! fread($handle,1024); fclose($handle); ini_set('display_errors','1'); //Work out if we got a responce and time it list($usec, $sec) = explode(" ", microtime(true)); $laptime=((float)$usec + (float)$sec)-$start; if($laptime>$timeout) return 0; return $laptime; } } ?>

your need to echo Show_Form();

same type of problem if you look at the code you can see the error. (look at the echos)

error highlighted echo ' <center><font face="Verdana" size="2"><?php echo $GLOBALS["Advert03"]; ?></font></center>'."\n";

When you get the error, undo the last thing you added and tested again.. until you identify what part if causing the problem! also don't change the code until you identify a problem, as you this cause the last problem you had I could highlight all the error but that's not going to help you in the long run,

What part of the code no longer works ?

as thorpe covered this I'll just add my 2cents, 1. not impossible. 2. nothings 100% secure. not even zend encoder. As suggested the best protection methods are written outside PHP, ie an extension, however this makes makes it less flexible for example an extension would mean the clients need to have higher access rights, and I have to agree with thorpe this will turn off most people, Zend has been added to most shared servers that makes it a more attractive option, the biggest problem is trying to make one solution fit all, before you start you need to set the requirements

Well obfuscation isn't encoding, but it a type of "protection", aka "security by obscurity" which isn't really security! Their are many routes you can take but it depends on the final goal! Zend Guard is use encoding so without obfuscation (however obfuscation is also an option), basically it encode your code, and then zend optimizer decodes it at runtime, Obfuscation makes it harder to read, ie <?php //this is some example code $string = "hello world"; echo $string; ?> Now if you change the variable names and convert the strings to hex and dec and remove the comments and white space your end up with this <?php $x0b = "\x68e\x6c\x6co\040\167\157\162\x6c\x64";echo $x0b;?> Now both do the exact same thing but the obfuscated version would be much harder to update, but with time anyone could reverse it back, ie <?php $string = "\x68e\x6c\x6co\040\167\157\162\x6c\x64";echo $string;?> then decode from hex and decimal back to ASCII, \x68e\x6c\x6co\040\167\157\162\x6c\x64 (or just echo it) Now to make it truly secure, [REMOVED: sorry my idea is not for your sale ] so its a choice is really between security and portability.

Nothing wrong with that code.

Quick benchmark (on my PC) echo "test $r"; //0.58999300003052 echo 'test '.$r; //0.60724496841431 echo "test {$r}"; //0.65190696716309 sprintf( "test %s",$r); //0.60445594787598 sprintf( 'test %s',$r); //0.52453398704529 EDIT: sample code <?php $rnd = array(); for($n=0;$n<1000;$n++){ $rnd['test'.$n] = md5(uniqid(true)); } $start = microtime(true); foreach($rnd as $K => $r){ echo "test $r"; } echo "<BR />\n"; echo microtime(true)-$start;