Jeigh

Yes if it's a shared host you can't install it yourself. However, if it's a decent hosting company it should already be installed. Check in your control panel some will have an option to switch between PHP 4 / 5 if not just contact them and ask them about it.

I managed to sign up the username 'testaccount' again (twice). You'll notice now if you try logging in with the username 'testaccount' and password 'sj2383mds' or 'testtest' it will still log in. I'm not expert on the matter but this was achieved through MySQL truncation, I signed up with the username: testaccount x (going over the maximum allowed limit in the database) So when it checks if the username already exists it dosnt (since it has the x on the end) but in the database it will still be 'testaccount' without the x since it went over the limit. The error did come up saying I was using too many characters but it still let me submit and processed it anyway. Make sure you don't let people enter anymore than 50 in the input area and also check the input in PHP before inserting rather that just with Ajax.

You'll need to add validation for data entry in the form, I didn't try 'hacking' it but I can just enter whatever I want in there as many times as I want. For example, you say to include http:// in the URL but you can just delete that out of the input box and it will still submit. If I wanted to advertise my site example.com I can also just keep entering that in the box 100s of times (or even bots could do it) so your site will just be flooded with the same site, I'd suggest adding CAPTCHA for that. Try searching for sanatizing input in PHP.

I'm quite new to Javascript but I'm planning to pick up a bit of it as I incorporate it into a new site I'm making. I'm using the following script to toggle div elements: function getObject(id) { var obj = null; if(document.getElementById) obj = document.getElementById(id); else if(document.all) obj = document.all[id]; else if(document.layers) obj = document.layers[id]; return obj; } function toggleObject(id) { var obj = getObject(id); if(!obj) return false; if(obj.style.display == 'none') { obj.style.display = ''; } else { obj.style.display = 'none'; } return true; } Im attempting to make a hierachy style menu like the following: Books -book1 -book2 Pencils -pencil1 -pencil2 Rulers -ruler1 -ruler2 etc. I've managed to do this fine with PHP and MySQL however I'm trying to incorporate javascript to only show the parents of each category, and only display the children when clicked. To do this I'm using the following PHP / JS: (Not too sure whether the problem lies within the JS or PHP) $parent_array is an array storing all the information in the database for each entry. It is set up so there is a column called 'child_of' if the row is set as a child it uses the number stored in 'child_of' which is the id of its parent. foreach($parent_array as $parent) { $title = $parent['title']; $link = $parent['link']; $id = $parent['id']; echo "<div id=\"parent\" style=\"display: block\"><a href=\"#\" onclick=\"return !toggleObject('$id');\">$title</a> - <a href=\"$link\" target=\"_blank\">$link</a></div>"; echo "<br />"; $parent_for = $parent['id']; $child_q = "SELECT * FROM table WHERE child_of ='$parent_for' AND username ='$username'"; $child_array = $db->query($child_q); //Display Children foreach($child_array as $child) { $c_title = $child['title']; $c_link = $child['link']; echo "<div id=\"$id\" style=\"display: none\"><a href=\"$c_link\" target=\"_blank\">$c_title</a>"; echo "<br /><br />"; } } The result this gives me is similar to what I want but it works more like a folder system. It will only display the first parent eg: Books Once books is clicked it reveals books children and the parent for the next category eg: Books -book1 -book2 -Pencils Then clicking pencils will do the same again: Books -book1 -book2 -Pencils --pencil1 --pencil2 --Rulers and so on. I'm not sure why this is happening, I checked the output on the source code and all the children are set to display: none; and the parents are not. I hope I've explained well enough and I appreciate any help. Thank You.

Mainly I'm trying to protect myself, for the most part the only person who will have access to the file is the person who uploaded it so I assume it will be safe to allow .xls files then? But yeah I just want people to post any other files like that, that may not be safe to allow apart from the obvious such as .php, .asp, .exe etc.

One of the scripts I'm currently working on I want to let users upload as many file types as possible without causing a security threat. For this reason I'm going to take the approach of making a whitelist rather than a blacklist and list as many as I can using the following code: $ext = strrchr($_FILES['uploaded_image']['name'], "."); if ($ext != ".gif" AND $ext != ".jpg" AND $ext != ".jpeg" AND $ext != ".bmp" AND $ext != ".GIF" AND $ext != ".JPG" AND $ext != ".JPEG" AND $ext != ".png" AND $ext != ".ppt" AND $ext != ".xls" AND $ext != ".txt" AND $ext != "etc. etc.") { $error = "your file was an unacceptable type.<br />"; Obviously I'm not going to allow any .php, .js, .html, .exe or other such files but my question is, is there any commonly used files that could pose a security threat? For example allowing .xls files, most users would use that fine however by adding a certain code in the file when it's accessed it would cause some kind of problem (I know that it dosn't, not that I know of anyway, just trying to give an example of what I mean).

<?php $var5 = $var3*$var4; $finalvar = $var5*1.20; $var = $var1*$var2; if($var == $finalvar) { //PHP CODE } and of course if you want 120% and greater just use > rather than ==. There is probably an easier way to do it than this and I'm not entirely sure that multiplying it by the decimal will work (3:30AM now anyway, my thinking is a little off).

This should work: SELECT * FROM members WHERE rename != 'NONE'

Wouldn't using a .htaccess file require people who are logged in to enter another username and password when they are accessing the file? If not how is this achieved?

I'm attempting to solve a similar problem and with the above code I don't think it will work that way he wants. If people attempt to download it through the site by clicking a link or whatever that will work, but if they just guess the file name, or somebody tells them the file name they can just type: http://www.example.com/files/filename.pdf in their browser and it will allow them to download it.

Thanks for the responses, I will probably use somthing like what papaface posted. Seems neat and fairly simple to do.

Ah, Is there a certain way of doing this that is generally accepted as being the most 'professional' or effecient?

I was reading this tutorial http://www.phpfreaks.com/blog/mod-rewrite-ignore-dir on PHPFreaks and read the following at the start of the tutorial: "So i have my little website and like a lot of websites, I have one index page that I simply pass a parameter through a GET request and that determines the output of the site." All websites I've made I just have each feature of the site in a different php file, for example I'll just have addresses like: www.example.com/register.php www.example.com/uploadsomthing.php www.example.com/showsomthing.php?id=1 I'm making a new site now and want everything to be as professional as it can be, and to me this always seems very messy and unprofessional. So my question is what exactly is that quote talking about and how is it achieved. I'm assuming it will involve somthing like: if($_GET['p'] == "register"){ (HTML + PHP for register here } else if($_GET['p'] == "upload"){ (HTML + PHP for uploading page here) } and the addresses will be www.example.com/index.php?p=register or /index.php?p=upload etc. I also assume having it set up like this would make using mod_rewrite much easier (which I also plan to do). So before start jumping in and doing stuff I want to make sure what I'm assuming is correct or if not how exactly do I go about doing it. Thanks for any help.

I only know the basics of .htaccess but I assume the only way to do that would be creating a username and password for the user (after they've signed up, and I assume that would have to be done manually?) which I think would complicate the process a bit too much. I heard storing files outside of the 'public_html' folder would be able to achieve this but I'm not entirely sure how. Thanks for the response.

Hello, I'm currently making a script that involves users uploading a file and then later downloading that same file again. I'm able to do this fine however I'm concerned about how secure the files will be. The best way I've thought of restricting access to the file to just that user is buy giving the file a name of a string of random numbers, eg it would be stored in /uploads/0917209348201974829872.jpeg. Then I'd provide a link to the file to the user when they are logged in. But this way anybody, logged in or not can put that into their browser (although it would be unlikely for someone to guess, it is still very possible especially with brute force scripts and even a bit of luck) and download the file. So what I'm looking for is a method where I can allow them access to the file through using a PHP script, but not through typing the link in their browser. Any help is very much appreciated.