MasterACE14

Session Security

add 'LIMIT 1' to the end of the query if you want just a single record.

I've got a feeling you've got the $_POST name wrong, all three containing 'delete' should either be 'delete_goauld'(including the isset()) or all three should be 'delete' ?

array_sum() echo array_sum($source); // 6

Ah ok, I shall give that a go. Thanks

Good Day, I'm using the following example script from http://php.net/manual/en/function.session-set-save-handler.php which I have placed in session-handler.php and is included at the top of my index.php file. I have multiple domain names for the same website, so naturally when a person logs into the site, I would like the session to be active across all the domains instead of them having to login again if say they go from mysite.com to mysite2.com. session-handler.php <?php function open($save_path, $session_name) { global $sess_save_path; $sess_save_path = $save_path; return(true); } function close() { return(true); } function read($id) { global $sess_save_path; $sess_file = "$sess_save_path/sess_$id"; return (string) @file_get_contents($sess_file); } function write($id, $sess_data) { global $sess_save_path; $sess_file = "$sess_save_path/sess_$id"; if ($fp = @fopen($sess_file, "w")) { $return = fwrite($fp, $sess_data); fclose($fp); return $return; } else { return(false); } } function destroy($id) { global $sess_save_path; $sess_file = "$sess_save_path/sess_$id"; return(@unlink($sess_file)); } function gc($maxlifetime) { global $sess_save_path; foreach (glob("$sess_save_path/sess_*") as $filename) { if (filemtime($filename) + $maxlifetime < time()) { @unlink($filename); } } return true; } session_set_save_handler("open", "close", "read", "write", "destroy", "gc"); session_start(); ?> The script above doesn't appear to be throwing any errors, and I can login like normal but it doesn't seem to be saving the sessions at all. So I still have to login to each separate domain. Any ideas? Thanks, Ace

I'm thinking this may be the best way to go about it. I can see how that'd work and is a good solution, however I will be adding more websites overtime, so redirecting to 3 or more 'blank' pages to setup a session probably won't be the best approach. For just the 2 domains that's a clever approach. Thanks for your wisdom and knowledge as always! Kind Regards, Ace

Hello, I have two websites on the same server, but with two different domain names. I have it setup so you have a single account which you can log into either website. So if you're logged into one of the sites, you're automatically logged into the other website as well. This all works fine locally as it's the single domain http://localhost/ however on my website when you log into one, you have to then log into the other one as well because obviously the session saves to the one domain. After googling I found.... session_set_cookie_params(0, '/', '.crikeygames.com.au'); works fine for that domain and all subdomains, but I believe I can only use this function once? or atleast for only one domain. I have seen people saying you can append the session id to the URL when switching between the sites to maintain the session. I'm not sure if that's the most ideal way. Maybe it can be achieved with .htaccess? Or would session_set_save_handler() be the way to go? Thanks, Ace

should leave the form 'action' field blank action="" there's security risks of using $_SERVER['PHP_SELF'] there.

You need to escape any data that goes into the $aStatement query, especially $_POST's and $_GET's

got it, cheers thorpe!

Hi Guys, Haven't done this before so am I a bit lost. I log into my webserver via FTP, and have placed my cron.php file in the '/' directory, for clarity the same directory that contains the 'www' and 'public_html' directories. Now according to Cpanel my home directory is '/home/crikeyga' so I'm not exactly sure what the exact path to my cron.php is, or if I even have put it in the right location where it can't be accessed publicly? Thanks in advance, Ace

ah ok, thanks again!

just one problem with this line though: // trim the item_quantity so that it doesn't surpass how many soliders you have if ($row['item_quantity'] = ($row['item_quantity'] - $extra_weapons) != 0) is it suppose to be == or... ? Thanks

that's done the trick! many thanks!

Sorry I just noticed the mistake I made in the comment in my first example, should of been $soldiers * item_power rather than item_power * item_quantity.

My apologies, $soldier = 100; is the total amount of soldiers the user has(usually comes from the database, 100 for the purpose of this thread). I'll try to explain my problem differently. If I have 100 soldiers, and say 3 records for weapons(items) this particular user has in the database containing... weapon -------- item_quantity ---------- item_power 1 30 25 2 50 10 3 50 5 I want to determine the total power(damage) that this player has by essentially adding `item_power` * `soldiers`(from strongest item_power to lowest) until there is no more 'weaponless' soldiers or, there is not enough soldiers to virtually 'equip' the items. So in this scenario the total power of this user would be: first weapon: 30 * 25 (30 soldiers have the first weapon equipped) second weapon: 50 * 25 (50 soldiers have the second weapon equipped, 80 soldiers have weapons equipped in total now) third weapon: 20 * 5 (20 soldiers have the third weapon equipped, 100 soldiers have weapons equipped in total, 30 are weaponless) total power = (30 * 25) + (50 * 25) + (20 * 5) If in this scenario there was less weapons than soldiers, it would not equip anymore weapons once all the soldiers have weapons.

assigning weapons to soldiers is different to assigning arrays to variables.

assigning weapons to soldiers is an explanation of what I'm theoretically trying to achieve, I'm not literally trying to assign an array of values to each individual soldier. As I commented within my example thinking something like... if($soldiers > $row['item_quantity']) { $damage += $row['item_power']; } else // ...

I'm trying to avoid a method in which a loop is used to pass through every single soldier, in the likely case that a user has say 30 million soldiers, that could get quite ugly. I Appreciate the suggestion.

Good Day Everyone! I'm having trouble figuring out how to assign weapons from a MySQL table to soldiers. Say I have the following... $soldiers = 100; $damage = 0; $q = mysql_query("SELECT `item_quantity`, `item_power` FROM `items` WHERE `owner_id`='".$userid."' ORDER BY `item_power` DESC"); while($row = mysql_fetch_assoc($q)) { // assign weapons to soldiers and add `item_power` * `item_quantity`to $damage } I want to assign all the weapons until there's not enough soldiers to assign them to, and I want to assign them in order of `item_power` descending. I'm sure this is really simple, I just can't for the life of me get my head around it. Thanks in advance! Kind Regards, Ace

$statisctis = ("SELECT date_liked , COUNT(site_id) AS num_site_id FROM `liked` WHERE date_liked < CURDATE() AND date_liked > CURDATE() - INTERVAL 1 WEEK AND site_id='45' GROUP BY date_liked"); $result1 = mysql_query ($statisctis) or die(mysql_error()); echo "date_liked - num_site_id"; while($row = mysql_fetch_assoc($result1)) { echo $row['date_liked'] . " - " . $row['num_site_id']; }

Can you forget about your code for a second and tell us what you're trying to achieve? I'm sure there would be a better solution to your problem.

this is a much cleaner solution RON_ron, I'd just change one thing. $count = count($match); for($i = 0; $i < $count; i ++){

you need to use either an array or this... ${'match'.$matchWcounter} $match . $matchWcounter is appending their values, rather than the variable names. Personally I think an array is more appropriate. $match = array(); $match[1] = "W" $match[2] = "W" $match[3] = "L" $getawayr="Group A"; if($getawayr=="Group A"){ for ( $matchWcounter = 1; $matchWcounter <= 3; $matchWcounter ++) { $numOfWinsCount = 0; if($match[$matchWcounter]=="W" and $numOfWinsCount <3){ $numOfWinsCount=$numOfWinsCount+1; $matchresult . $matchWcounter = "Qualified for Quarter Finals!"; } } }