premiso

Yea, I am taking a Calculus class next semester to further my degree and I will probably keep going on that tangent. I enjoy math, but it has been a while since I was in a class, since my Associates degree in college for Pre-calc. But yea, I kind of gathered that hint when they are talking about how they generate the encrypted message and decrypt it. But yea, I definitely want to go more in-depth in math in my studies to hopefully understand this alot more. Hmm, I should look into seeing if they have a "cryptology" class and check out the pre-reqs.

First off, MS SQL sucks, at least in my opinion. If you want to make big bucks in database administration, Oracle is the way to go. Although just to get oracle certified costs a pretty chunk of change. But once you are, the jobs you get make $100-200+k/year. But you need to take some actual classes, unlike programming DB Classes actually help out. I took an Oracle class in College, and have not regretted it. Taught me a lot about SQL, I just wish I would have taken the next step oracle class that went more into proper sql query structure and more indepth DB structures.

Yea, I was reading different encryption types and it all depends on the key you use and how long it is. They suggest using a key that would take 10,000 years of computer processing time to solve it, and have it expire every x amount of time and re-create a new one. Anyhow, I am really getting into the cryptology. I am going to keep on reading and try and learn some fun stuff with it.

I do not think it is valid XML Syntax, hence why you are getting the error. I would read up more on proper XML syntax. :media, I think should be an attribute: <sf type="media">Here </sf> Or look into namespaces as suggested above.

lol Dreamweaver, worst program ever in my books. But I am also not a web designer, so yea. Notepad++ has my go all the way. For big projects, Eclipse with PHP plugin works wonderfully

You may want to look at the first exampled at the GD -> imagecreatefromgif Man Page. Hopefully that helps you out. EDIT: I do not think it will. What version of GD are you running (you can find out via phpinfo)

It is never good to do a }}}} to close braces. Indentation is the way to go. It just makes it harder to debug. You need to get a syntax highlighting program, if you had one, you would notice the error here: $autorep = "Message sent to <a href=\"profile.php?player=".$user."\" target=\"main\">".$user."."<br><br>Thank you for taking the time to message us!<br>As we recieve such a high amount of messages a day we are not always able to respond to all messages immediately<br> If your question is of the non urgent type then please feel free to use the Helpdesk or message a HDO for further assistance! <br>Thank you for understanding.<br> NYM Staff." Which should be: $autorep = "Message sent to <a href=\"profile.php?player=".$user."\" target=\"main\">".$user."<br><br>Thank you for taking the time to message us!<br>As we recieve such a high amount of messages a day we are not always able to respond to all messages immediately<br> If your question is of the non urgent type then please feel free to use the Helpdesk or message a HDO for further assistance! <br>Thank you for understanding.<br> NYM Staff.";

I do not think in any language you can define a class within a class. In java they use inheritance and extending. PHP does not have "inheritance" yet, but you can extend. But I think you are looking at this the wrong way. Why have a separate class for style? Is there really a need for it? You can just make it a method of "document" and then you can call something like $document->changeStyle($newStyle); You could make it into two seperate classes, without extending or inheritance then have a method called "style" which creates/returns a new style object then something like this may work: $document->style()->setBackgroundColor("#ffffff"); (disregard that) You want to extend the class, if you have document extend style, document will have access to the style class functionality. I would look more into OOP and proper methodology of it. The parse error is because you are defining a class inside of a class.

Did you create the feed, or was the feed created from another source?

You are right about the session, if you can access X user's cookies, you can validate for that user. As far as security, as long as x user keeps their computer free of virus's it is pretty safe. But the only thing saved on the user's computer is that session id, which will either expire upon browser close, logout or even an inactivity time limit. Which are generally good practices to do if you are running a secured site (especially the inactivity time limit). But the same is with any cookie on your machine. You could do that for any site potentially. To avoid something like this, you could store information about their machine and validate that, but that is also foiled by false headers. Either way, the only account compromised is the user who got infected or was cookie-hijacked. So for your "admins" I would suggest to them that they clear cookies on browser close and or force a cookie policy that the cookie expire time is always x minutes unless they have been active. EDIT: Sorry for the rambling. In the end sessions are very secure. Like stated, to make it more secure you can validate the session by IP/OS/Browser etc to make sure it is the user's session. If either changed, simply make them re-login, which should not be a huge burden on the user.

I think you are up a creek on this one. You may be able to use curl but I do not know how that would work. Other than that, I do not think it is possible. I could be wrong, a quick google and I pulled up no results. Cross-domain login is tricky. You could try and linking the two databases, then sending a hash to the other server which would "validate" the user upon arrival. But you would have to be able to access the IIS server mysql on the linux box and vice versa. Which is not really hard to do, and can be relatively safe by allowing it from x server's IP with a hard to guess login/pass. Not much help, but figured you might as well get a jump on alternatives.

Why do you need to know who viewed your post? I look at posts all the time, and I bet with this mod in place, all mods/gurus/recommendeds and admins will be getting PM'ed all the time...."Hey I saw you viewed my thread, can you help me?" I do not like this idea.

It could be...but I doubt it. I think if you miss the first (few) times you try a different format from what you were doing. Generally it is either case insensitive or case sensitive, if one fails try the other. As for me, anytime I do a captcha I try to match case, as that will work either way.

MySQL PHP Insert

I am not sure that <sf:media> is a valid name for a tag....I am no XML expert, but maybe reading up on: http://www.w3.org/TR/REC-xml/#NT-Name and http://www.w3.org/TR/REC-xml/#sec-starttags1 Are you creating this RSS feed, or are you pulling it from somewhere?

On your site, is there anywhere that you write to a file or include a file from GET data? Changing the FTP password is just a security measure. They can modify a file, etc. Let me know on my questions of the writing to a file/include. If that is being done, please post relevant code.

Yea, I am just digging a hole for myself. I am not sure how your class or the mysqli class work exactly. So instead of guessing again I would highly suggest you read up on the MySQLi class particularly on method Mysqli->error.

if (!empty($first_name) && !empty($last_name) && !empty($email)) { $dbc = mysql_connect($db_host,$db_user,$db_pass) or die('Error connecting to MySQL server.'); mysql_select_db($dbname) or die ('Error connecting to DB: ' . $dbname); Is the proper way to connect to a database. mysql_select_db EDIT: Decided to add info on the mysql_connect As you can see the 4th parameter is not a database, it is "new_link".

Maybe I used it in the wrong way, sorry. Like I said I am not familiar with the mysqli class: mysqli::query($insert) or die("ERROR IN SQL: $insert <br /> ERROR MSG: " . mysqli->error() ); See if that does anything different...

I am not familiar with mysqli but try this: mysqli::query($insert) or die("ERROR IN SQL: $insert <br /> ERROR MSG: " . mysqli::error() ); And see if that spits out an error or not.

Just a correction (I had it wrong in mine) the 7 should be 6, since substr it is 0 based.

<?php $string = "test this"; $check = substr($string, 0, 6); if (strtolower($check) != "http://") { echo 'The price is wrong BOB'; }else { echo 'ok...'; } ?> substr would be your huckleberry. edit: Changed 7 to a 6.

Was really....really bored at work. Not the best coded and could use improvements for efficiency etc, but should work: <?php session_start(); if (isset($_GET['reset'])) { foreach ($_SESSION as $key => $val) unset($_SESSION[$key]); unset($_POST['submot']); } $output = ""; if (!isset($_POST['submit']) || isset($_GET['error'])) { $error = isset($_SESSION['error'])?$_SESSION['error'] . "<br />":''; unset($_SESSION['error']); $output = <<<OUTPUT <div style="color:red;">{$error}</div> <div align="center">Welcome, please enter a number from 0-100 in the form below.<br /><br /></div> <div align="center"> <form method="POST" action="{$_SERVER['PHP_SELF']}"> <input type="text" name="number" value="" size="5" /><br /> <input type="submit" name="submit" value="Let's Start!" /> </form> </div> OUTPUT; }elseif (!isset($_SESSION['number'])) { // initial settings. Check first if the number is valid $number = isset($_POST['number'])?(int) $_POST['number']:null; if (is_null($number) || $number < 0 || $number > 100) { // nope. show error $_SESSION['error'] = "The number has to be between 0 and 100. Please try again."; header("Location: {$_SERVER['PHP_SELF']}?error=1"); die(); } // yep let's initialize our values and make our first guess $_SESSION['number'] = $number; $_SESSION['range'] = range(0, 100); $_SESSION['last_guess'] = array_rand($_SESSION['range']); // We do not want to guess it right away while ($_SESSION['last_guess'] == $number) $_SESSION['last_guess'] = array_rand($_SESSION['range']); $next_guess = $_SESSION['last_guess']; } // If this is te first guess we do not want to be in there. if (isset($_SESSION['number']) && !isset($next_guess)) { $last_guess = isset($_SESSION['last_guess'])?$_SESSION['last_guess']:'nill'; // just incase something flaky happens. // Yep we guessed it, let them know. if ($last_guess == $_SESSION['number']) { $output = <<<OUTPUT <div align="center" style="color:red;">{$_SESSION['error']}<br /></div> <div align="center"> EUREKA! Your number is: {$last_guess}!<br /><Br /> It took me {$_SESSION['counter']} trys to guess it!<br /><br /> <a href="{$_SERVER['PHP_SELF']}?reset=ok">Play Again?</a> </div> OUTPUT; }else { $action = isset($_GET['action'])?$_GET['action']:''; if ($action == "higher") { // if it is higher, we limit the array to just those values for ($i=$last_guess; $i>=0; $i--) unset($_SESSION['range'][$i]); }elseif ($action == "lower") { // if it is lower, lets limit the array to those values for ($i=$last_guess; $i<101; $i++) unset($_SESSION['range'][$i]); } // Let's make our guess and increment our counter $next_guess = $_SESSION['last_guess'] = array_rand($_SESSION['range']); $_SESSION['counter']++; // Uh oh, the user lead us wrong. if (count($_SESSION['range']) < 1 && $next_guess != $_SESSION['number']) { $_SESSION['error'] = "You must have tried to cheat!"; $next_guess = $_SESSION['number']; } // we just guessed it! if (($next_guess == $_SESSION['number'])) { $_SESSION['last_guess'] = $next_guess; header("Location: {$_SERVER['PHP_SELF']}"); } } } // Display to them to tell us if it is higher or lower. if (isset($next_guess) && isset($_SESSION['number'])) { $output = <<<OUTPUT <div align="center">Time to guess your number! Simply press if your number is higher than the one displayed or lower!<br /><br />My Guess:<b>{$next_guess}</b><br /> (Your number is {$_SESSION['number']} as a reminder)<br /></div> <div align="center"> <form method="POST" action="{$_SERVER['PHP_SELF']}?action=higher"> <input type="submit" name="higher" value="Higher!" /> </form> <form method="POST" action="{$_SERVER['PHP_SELF']}?action=lower"> <input type="submit" name="lower" value="Lower!" /> </form> </div> <br /><br /> <a href="{$_SERVER['PHP_SELF']}?reset=ok">Start Over?</a> OUTPUT; } // echo it out. echo $output; die(); ?>

Gotcha. Well, I have been reading up a bit on Cryptology. And I think the best way, if I want to do this, would be to implement a form of RSA via Java/Javascript. Since I would really only need it on 2 pages, I may just do that. As I understand it, that is all SSL really is. A 128bit key encryption with a Public/Private key through a certificate, which can be "Verified" if you want to pay out the money. SSL is probably more secure than how I am planning on implementing the RSA, but as it is this is a learning process for me understanding how different cryptology's work. I know that if someone wants to break a sent encrypted message, they will, but why make it easier for them? Thanks both of you. I am going to be doing a lot of reading the next few days and see if I cannot get my head wrapped around some more of this stuff. I actually read the RSA wiki. Amazing that a method made back in the 1970's is still used today as a secure encryption. But I guess if a method is not known fully to the public of what it can do for 20 years, that has it's advantages of being secure longer. @corbin: regarding the Chinese version, it looks like that is very simple to crack after reading over the wiki. The upside was it is quicker, downside it has a major loop hole. Thanks guys! I am just trying to figure out different methods of doing stuff, you can never learn too much! The day I stop learning, is the day that I die.

The kicker on the has portion is it would require session, thus cookies. Being that, only web fetchers could potentially grab it. But yea, I can see why the hashcheck may not work, I will have to revamp my idea on it a bit. The IP blocking I do like, at least in the sense I described it. I am going to think on that one a bit more too. And I will also look into the RSA and see if I cannot work that out. Thanks corbin, appreciate the responses!