premiso

This is why I use the $_SERVER['DOCUMENT_ROOT'] infront of all my files. That way no matter where it is called from it should work. My 2 cents.

lol That's called leeching/hotlinking and most sites do not like that and I wouldn't hold it against you if you get banned from that site for doing that. Not my way of doing things, but to each their own. Just giving some etiquette/ethics on the web. Why should they pay for bandwidth you are generating?

You would have to forward it for your router too (if you have one). And also make sure there is exception in any software firewall, like windows firewall for that port. As for if that port really works, I have no clue and I do not think he was using comcast's smtp I think he was using his own server on his own computer and just had to use that port for that server.

Exactly =) EDIT: lol you edited it and now the above doesn't make sense. Anyhow I was saying exactly to since it was an infinite loop the data was never posted to the browser cause it never stopped to do so.

Be more descriptive, what type of column? A database column, an array. What does 1-6 represent? Is it random what $str3 would be in? like it could be 4 one time or 5 the next? More descriptive and code would help.

function vac_week($avg_array, $fav_temp) { $k = 0; while($k < 52) { if($avg_array[$k] <= ($fav_temp + 10) && $avg_array[$k] >= ($fav_temp - 10)) { echo 'Your Ideal vacation week is week ' . $k; } $k++; } } Infinite loop, if that condition is true the first time it will be true every time cause K was never incremented.

http://www.davecolorado.com/index.php/comcast-blocks-my-email-on-port-25-because-of-spam/ Google is your friend. There is someone with the problem and alternate ports.

As mentioned above, if you have comcast chances are they are blocking it. Do you have the business class or personal class connection? My bet is you have personal class and that is the problem. There is nothing wrong with the code.

Another thing you can do/think about is if the user tries x amount of times and is unsuccesful implement a captcha, sort of like google. Or even make them answer a secret question to give them 3 more tries before being able to login again. The latter requires you to require the user to have x amount of secret questions so you can display a random one every x attempts. But 5 minutes is usually acceptable by most users if not they email you so yea as long as your contact form works =) The other item to make sure you have is a password reset form that emails them a temp password, this way they can just get a new password =) Hope for the best for ya.

I know that Comcast, non-business blocks port 25. That very well may be the problem. Your only option is to switch or upgrade to the business line of comcast.

Use session variables or a database to store the attempts. Sessions work, but you would have to lock out the user account being tried since IPs are easily spoofed. Example: <?php session_start(); if (!isset($_SESSION['attempts'])) { $_SESSION['attempts'] = 0; }elseif (isset($_SESSION['last_attempt']) && $_SESSION['attempts'] > 3) { if (($_SESSION['last_attempt']*60*5) > time()) { unset($_SESSION['last_attempt']); $_SESSION['attempts'] = 0; }else { echo 'You have reached the threshold. Please wait 5 minutes before trying again.'; die(); } } if (isset($_POST['submit']) && $_SESSION['attempts'] < 3) { // check credentials if (!$authenticated) $_SESSION['attempts']++; }else { echo 'You have reached the threshold. Please wait 5 minutes before trying again.'; $_SESSION['last_attempt'] = time(); } ?> At least that is the basic gist, the code above was just a spur of the moment so improvements probably can be made and it is untested. The only problem is they can just close the browser and try again without tieing in the lockout to the database. EDIT: Just noticed the IP comment. I would highly suggest against the IP, because IPS are easily spoofed or if you have 2 users at a work environment, home network or school they will be banned as you just see the outside IP from them. Putting the ban on the user account is better, an a 5 minutes ban is sufficient as that prevents what the ultimate goal is, no brute force.

Arrays are zero index based. So 0 is the starting. Count returns the actual number which can cause problems. This should fix the error. if (count($user_media) >1 ) { $where_sub =" _name = '". $user_media[0] . "'"; for($i=1;$i<count($user_media);$i++) { $where_sub .= " or _name= '". $user_media[($i-1)] . "'"; } }else { $where_sub ="_name = '". $user_media[0] . "'"; } OR if (count($user_media) > 1 ) { $where_sub =" _name = '". $user_media[0] . "'"; $cnt = count($user_media) - 1; for($i=0;$i<$cnt;$i++) { $where_sub .= " or _name= '". $user_media[$i] . "'"; } }else { $where_sub ="_name = '". $user_media[0] . "'"; } And you were also calling i instead of $i. Hope that helps.

Yep that is completely true. Back in my "script kiddie" days, I would setup a page that mimiced Hotmail but was hosted on my server than at school I would just change the address manually and got a few of my friends passwords, after they hit submit it went to MSN like normal but gave me their data =) (bad I know) But the point is that is totally viable and how some people spam.

Correct. If the ultimate goal is to see if the actual email account exists, unfortunately that is not possible without using an email account from the server for returned emails and parsing them etc then updating the database if it bounced. Or do the confirmation email, but as personal experience, especially aol hotmail and yahoo tend to filter emails from my server as spam if they are not added to the trusted list so the user never sees those emails. So the confirmation emails has to be overriden to verify the user in this case cause they may never see the email. Hope that helps either way, at least it is one step closer to being a valid email address.

If the script is hanging chances are there is an error. Have you tried explicitly telling the script to display errors with the following: error_reporting(E_ALL); ini_set('display_errors', 1); And see what the error is? My bet is either the mysql is throwing the error when retrieving the rows or the ini_set you have there is throwing an error for whatever reason. If that is not it, when a user logs out are you destroying the sessions properly?

Either $queryResult is correct. I was just stating that since you have that die portion, there is no need to do an if check cause it would never get called upon. It would be like setting up an if statement like this: <?php if ($i == 1) { echo "$i = 1"; }else { if ($i == 1) { echo 'This will never be true and this statement will never get executed.'; } } ?> Yes you would just put them at the top of the page and remove them when you are done testing.

case 'textfile2': $textfile = 'textfile2.txt'; break; Was missing a semi-colon after break.

The best way to do this with php is the checkdnsrr http://www.sitepoint.com/article/users-email-address-php/ Is a site about that.

convert the spaces to dashes or underscores...then when you retrieve it either account for that or convert them back to spaces. Also $HTTP_GET_VARS is long since deprecated. Use $_GET instead.

You have a syntax error here: if (mysql_error()) { echo ("<a href=\"register.php\">Back to Register</a>"); mysql_error(); } } // extra paran else { echo 'The following errors were found:<ul>'; foreach ($errors as $error) { echo "<li>$error</li><br>"; echo '</ul>'; } include ("registerform.html"); } ?> I would suggest turning on the following to show errors while developing. error_reporting(E_ALL); ini_set('display_errors', 1); Also see above about the mysql_error reporting. It will never be reached if there is an error because of the die statements.

Did you start the session by including session_start() at the top of each page before any output is sent to the browser?

Sort of, a bot can pull out all the fields and then just send in those fields filled out. Or even another human can easily create their own form that posts to your site. example: <form action="http://www.yoursite.com/page.php" method="post"> <input type="hidden" name="zipcode" value="asdf" /> <input type="submit" value="Send" /> </form> That will successfully send a zipcode of asdf, given that your page is page.php that processes the data and that you do have a field called zipcode.

Do you have part of the script coded already? If so show us what you have. The basic gist would be to use fopen and fwrite to write the contents to a file and save it. You should find plenty of examples at those functions manual on php.net.

Yea I guess I could have elaborated on that. But basically if you called the include like: include "http://www.yoursite.com/file/search.php?keyword=garden&submit=Search"; It would work, granted that url_include is allowed, which most servers disable for security reasons. The above way I posted is the preferred way since no processing is needed to be done and that way it does not just give you the straight html, like calling the above would.

// will show if there has been an error and tell what error it is if (mysql_error()) { echo ("<a href=\"register.php\">Back to Register</a>"); mysql_error(); } That will never get executed. After each mysql_query you DIE the script. So that check is pointless unless you remove the die's after each mysql_query. As for why it is not echoing, no clue. Also I would not check $queryResult == 1 I would check $queryResult > 0 just to be safe.