5kyy8lu3

As I typed the statement I immediately wanted to eliminate ajax as the problem. I then made the exact link somewhere else on the page without any JS interaction and same result. Is there no way around this? I gave you a solution... Here... read how I use the script, and you might see it's the same scenario as you: index.php on my website is the backbone... it loads all my content pages with includes depending on a value i set in my session variable. so... if I click a link for "home", it reloads index.php and then index.php include()'s home.php. the problem is, I have index.php load a header for each page, so I don't want people directly accessing my php files, home.php for example. so... i put that script at the top of home.php and then if someone try's to directly access it, the script sees that index.php isn't he parent document so it redirects them to 404. if index.php accesses it on the other hand, the script sees that the parent document IS index.php so it doesn't redirect and everything works just fine. I'm pretty sure this would work for your situation. Heck, tell me the name of the html file and I'll even write the exact script you can copy/paste into the top of 1.php.

What happens with that statement is the redirect occurs if accessed directly but when clicking the tab to initiate the ajax call to the 1.php, nothing. File doesn't even come up. I didn't literally mean for you to copy/paste that and hope for it to work lol, I'm not exactly sure what you're trying to do and what your filenames are but I figured it could get you on the right track. In your case, change /index.php to whatever your html file is... so /index.html or whatever it is. then put that code at the top of 1.php. so.... you'd put this code at the top of your 1.php page, only you'd change "/index.html" to whatever your html filename is <?php if ($_SERVER['PHP_SELF'] != '/index.html') { header("Location: 404.php"); } ?> so... if the html page calls for 1.php, it loads fine, but if they try to directly access 1.php, that script will redirect them to 404.php or whatever you wish

I think we're gonna need to know a little more than that to help you out, and I'm not even sure you posted in the right sub-forum

I see what you're saying. I have my index.php "include" all my required php files, but I don't want people to be able to open the individual files by themselves, so I just check with a script. You could do something similar: <?php if ($_SERVER['PHP_SELF'] != '/index.php') { header("Location: 404.php"); } ?>

I had a weird problem with a weird character that got into my text, back when I used regular windows notepad. it corrupted my code. If all else fails, you might look into that.

explode will work. <?php $pics = explode(',', $_GET['pics']); $NumberOfPictures = count($pics); $location = 'http://www.YourWebSite.com/pictures/'; for ( $i = 0; $i < $NumberOfPictures; $i++ ) { echo $location . $pics[$i] . '<br>'; } ?> that would echo out a link for each picture, but i'm not completely sure that's what you were asking, it wasn't very clear.

http://us2.php.net/manual/en/function.date.php

yea session variables are usually the preferred way to restrict content. you can make a login system and after they successfully log in, you can set a session variable to show that they're logged in. like so: $_SESSION['LoggedIn'] = 'yes'; if ( $_SESSION['LoggedIn'] == 'yes' ) { //your html stuff }

that works. you can also use php's date() function too if you prefer, it's probably faster and less code. date("Y/m/d", $DateFromTable); //kinda like this

take out the semicolon and echo like this: <?php if ( $rows['is_solved'] == 1 ) { //stuff }

you could try file_get_contents() update: i also wanted to ask, what's the error or problem you're getting/having?

yes. you can change the session timeout in the php.ini file so it's longer than 2-3 hours, or you can set it so it never expires.

no built in function to do what you need but you can write a function to do it. i'm sure you can find a function someone else wrote too if you'd rather do it that way.

on the page your form posts to: put this at the top of both pages: session_start(); then save the post variables into session variables $_SESSION['username'] = $_POST['username']; then on the page where you have your form, set value="$_SESSION['username']" and if it's empty it won't matter so you don't have any need for an if statement hope that helps

do a multidimensional array, with numbers as the keys. then use $a = rand(0, 10); or whatever you want for your range to get a random number. echo $array[$a];

nah. for an avatar, it could be smaller but 10k isn't much now that we live in a broadband world.

not many =) if anything, just require that they have javascript enabled to use your site. with jquery and ajax ever-so-popular, i don't think it's "wrong" anymore to require JS. just my opinion of course =)

you could just use an html meta refresh, and set it to 15 minutes. php's date() goes off of server time so you could use that if you need to know server time for your script.

javascript. php being serverside can't really help much with time differences. an easy option is to have the user enter and save an offset (-3, 0, +5, etc) and add that to time. so, they log in, it saves their saved offset to a session variable, then you just add that offset onto the time/date anywhere you use date or time. or you could use javascript.

as far as I knew, variables don't show up inside single quotes. this is how I make queries (lots of ways of doing it, this is my method) $delq = 'DELETE FROM ' . $TableName . ' WHERE id="' . $id . '"'; try that, i think your variable isn't pasting into the query because you're using single quotes

str replace the www. and http:// with nothing, then explode it by the periods. $a = 'http://www.a.b.c.domain.com'; $a = str_replace("www.", "", str_replace("http://", "", $a)); $DA = explode('.', $a); Then the array will have these contents: $DA[0] = 'a'; $DA[1] = 'b'; $DA[2] = 'c'; $DA[3] = 'domain'; $DA[4] = 'com'; So... the last element is the domain extension, the second to last is the domain itself, and any preceding elements in the array are subdomains. count($Array) can give you number of elements.

Salting only really helps for when a hacker gets access to your database and pulls passwords. They plug the password in, and it won't work. Beyond that, it doesn't offer much increase in security. Salting and all the hashing in the world won't stop a brute force. Brute force is even faster now using parallel processing with gpu's (like cuda). Yes, you can rainbow table lookup a few passwords, look for static characters (those being the salt), and then rainbow lookup the dynamic part. Nothing will ever be 100% hack proof. The best protection? Using complex passwords. Capital letters, numbers, characters, and making the password long (10+ characters). The amount of time and processing power it takes to brute force "abcdefghij" vs "Zg3m70aF!Q" is almost an exponential difference. That being said, whether it's for a "commercial" site or not, it's NOT a waste of time. It's not very hard to type a few characters to hash something before throwing it into a database. Even adding a salt is stupidly easy, so why not do it? I don't see how you could call that a waste of time.

oh well, it's all a part of coding glad you got the problem resolved

If you felt adventurous you could even use a dynamic salt. This is similar to what I use: Code that creates the dynamic salt, hashes, then adds salt onto the end product for later retrieval. <?php $StaticSalt = 'Whatever you want this to be.'; $DynamicSalt = md5(time() . sha1($StaticSalt) . microtime()); $Salt = substr($DynamicSalt, 0, 16); //<-------------cut dynamic salt in half $Pepper = substr($DynamicSalt, -16, 16); $Hash = md5($Password . $DynamicSalt); $SaltedHashbrown = $Salt . $Hash . $Pepper; //add dynamic salt to front/back ?> This is the code you use to pull the salt off to use to check the user entered password against the entry in the database. <?php $Front = substr($PasswordInDatabase, 0, 16); //<---------------------pull salt off $Back = substr($PasswordInDatabase, -16, 16); $ActualHash = substr($PasswordInDatabase, 16, (strlen($PasswordInDatabase) - 32)); $DynamicSalt = $Front . $Back; //<----------------------recombine the dynamic salt $Comparator = md5($EnteredPassword . $DynamicSalt); if ( $Comparator == $ActualHash ) { //correct } else { //incorrect } ?>

it basically executes a string of php code. $a = 'echo "Hello world!";'; eval($a); That would output: Hello world! There's also call_user_func("FunctionName", "Arguments"); if you need to call functions with a string.