WolfRage

This link can tell you all about $_SERVER http://us3.php.net/manual/en/reserved.variables.server.php Everything else looks like variables where is the rest of the script that it came from then we can tell you what those lines are doing.

ok If you are concerned make sure you exit the script before starting it again. I doubt you are going to grab many resources simply checking for jobs and sending emails. Never the less you can monitor system load and decide if you should continue the script with: $load = sys_getloadavg(); $maxload=2; if ($load[0] > $maxload) { //here you can write a string to your error log file that would state that the system's load is too high and the script exited. exit; }

Sorry I thought you were sending plain text email change this line : $message='Name: '.$name."\n".'E-mail: '.$email."\n".'Phone #: '.$phone."\n".$message; to this: $message='Name: '.$name.'<br />E-mail: '.$email.'<br />Phone #: '.$phone.'<br />'.$message; In effect in a pliantext email you write "\n" to create a new line, but for html you use '<br />'; Well for security I use htmlentities, unless I know I need to allow special characters. For instance the emal has to allow '@' so we can't convert it so we use htmlspecialchars. But for everthing else we do not have to worry about coverting characters so we use htmlentities. The effect is that in the email everything is converted and will be displyed as html in a safe format.

Ok so you made me go look and you are right, it's been awhile since I was messing with this topic. They limit the amount that you can all the script. But if you remember you can execute a script for a long time on the server like I said if you use sleep. SO create a script that gets called every hour. Then have it start up and check for jobs, execute the jobs then go to sleep. keep waking every 60 seconds or so and check for new jobs. If jobs present do them, else sleep again. Do this until time is 59 minutes from start time, then exit. By that time the next script will start up. What do you think?

Use single qoutes instead of double qoutes and it will be faster. Unless you are trying to use a variable, then you want to put php into eval mode. This only really becomes important when you have large scripts.

I have GoDaddy and I have looked at this a hundred different ways, so let me give you multiple techniques. 1: You can set up a cron using GoDaddy's web panel and have it run as often as you would like, for instance every minute. Just give it a log file that it can check and clear, then the other script can assign jobs to this log. When the cron starts it will check the log for jobs and complete them. 2: You can make sleeper scripts, this was an interesting experiment, the scripts will only be allowed to sleep for so long before GoDaddy times them out, I believe 15 mins was the max. If it wakes prior it can keep going for about 4 hours then GoDaddy stops execution of the script. My times may be off I don't have my laptop with the final scripts on it in front of me. Now having the script eventually killed is a problem. But you can solve this two ways, every time a new job is added you can restart the sleeper. Not a good enough solution, you can have the script prior to the time when execution would be stopped call a URL on the server and that url will be a script that starts the sleepers brother. Yes I had to run the scripts as brothers, one checks and sleeps and prior to closing it calls the brother, who then takes over. This gets much more complex, but if you want it explained I can do that. I highly recommend number 1. There are some other techniques too, but GoDaddy is pretty restrictive when it comes to crons, or even better daemons.

1: Rewrite all of your echo statements that are not outputting a variable using a single qoute. Using double qoutes puts php into eval mode, meaning it is looking for variables to convert. 2: If this page is not susposed be accessed directly then why have it echo so much information, instead have it return a string or better yet an array of errors that can then be echoed by the form page on failure. 3: You should use an array to store different errors in your error checking, this will eliminate the need to have switch statements, instead if there is an error your array will exist and you can return that to the form where it can echo the errors in the proper locations. 4: Finally security! Never trust user input, particularly when inserting directly into a data base.... SQL Injection is why to easy.

Right, I understand. But I don't have my production machine setup to display errors that are non-fatal. Also you can supress those further with "@".

No Problem, can you mark it solved.

Sorry for the double post, I made an error on correcting it the first time.

You forgot to include ";" on line four and line six and eight. <?php $undecided = 3.14; echo "Is " .$undecided. " a double? " .is_double($undecided). "<br />"; // double settype ($undecided, 'string'); echo "Is " .$undecided. " a string? " .is_string($undecided). "<br />"; // string settype ($undecided, 'integer'); echo "is " .$undecided. " an integer? " .is_int($undecided). "<br />"; // integer settype ($undecided, 'double'); echo "is " .$undecided. " a double? " .is_double($undecided). "<br />"; // double settype ($undecided, 'bool'); echo "is " .$undecided. " a boolean? " .is_bool($undecided). "<br />"; // boolean ?>

Sorry I did not get to check that out last night, but I will look it over tonight. I can not get to that site well I am at work.

Of course make note that using require will result in a fatal error if the file is not included, which can spit out a error message that will give away your server's file structure, to eliminate this you can use include and then check for a variable that is defined in the included file and if the variable does not exist then you know the file was not included and you can use your own error handling procedures.

Can you give an example page? Sounds like flash! Flash uses Action Script and can do all sorts of user interaction. That is what it was built for, doubtful it is any sort of direct PHP code.

At first looking over your code I thought maybe it was a Undefined Constant issue, however I think you did define these constants, but you have left out that code and more. This makes it hard to troubleshoot your code. Please post the script more completely. Of course leave out the actual values for the constants. Also make your subtraction from time larger it won't hurt. Finally is "gone" defined?

Are you actually submiting any $_POST Values? Sounds like you are not triggering your "if" statements.

Here is your script back, I did not attempt to clean up the remainder of the code (Primarily I just don't like the way the script is laid out, but other than that it is functional.), but I correctly inserted my own code. Let me know how it works, feel free to look it over first. If you have questions or would like to understand the script better just reference the section you have questions about and I will do my best to explain. Also please mark this as solved. But if you continue to post I will continue to respond to try and help you out. <?php // Define your email address - where to send messages - here define("MAIL_TARGET","info@selfstoragecentersofamerica.com, pikeymylove@yahoo.com"); // Here you can redefine error messages define("errorName","Invalid name! It must be at least 3 characters long."); define("errorEmail","Invalid email address!"); define("errorMsg","Invalid message! It must be at least 10 characters long."); function createForm($name="",$email="",$phone="",$message="",$error1="",$error2="",$error3=""){ ?> <div id="caption"><img src="images/ContactInfo.png" width="48" height="48" alt="Contact Us" />Suggestions, questions, submissions here.<br /><br /> <span class="rlabel">All fields required.</span> Use a valid name and email address or your message may be deleted as spam.</div> <form class="cform" action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post"> <span class="label">Name: </span><span class="error"><?php echo $error1; ?></span><br /> <input class="text" type="text" name="name" value="<?php echo $name; ?>" /><br /><br /> <span class="label">Email:</span><span class="error"><?php echo $error2; ?></span><br /> <input class="text" type="text" name="email" value="<?php echo $email; ?>" /><br /><br /> <span class="label">Phone:</span><input type="text" name='phone' value="<?php echo $phone; ?>" /><br /> <span class="label">Message:</span><span class="error"><?php echo $error3; ?></span><br /> <textarea cols="40" rows="6" name="message"><?php echo $message; ?></textarea><br /> <input class="mbutton" type="submit" name="submitBtn" value="" /> </form> <?php } function isValidEmail($email){ $pattern = "^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$"; if (eregi($pattern, $email)){ return true; } else { return false; } } function sendMail($name,$email,$message){ $subject = "Message from Self Storage Centers of America Online"; $from = "From: $name <$email>\r\nReply-To: $email\r\n"; $header = "MIME-Version: 1.0\r\n"."Content-type: text/html; charset=iso-8859-1\r\n"; $content = htmlspecialchars($message); $content = wordwrap($content,70); mail(MAIL_TARGET,$subject,$content,$from.$header); } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>Self Storage Centers of America - Contact Us</title> <link rel="shortcut icon" href="favicon.ico" /> <meta name="verify-v1" content="X/S8QSefsEYzDf/O4GJZvK9IRw2tgg1ldG/Pb+rL4xs=" /> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" /> <link rel="stylesheet" type="text/css" href="styleindex.css" /> <style type="text/css"> /*<![CDATA[*/ #contactd{ float:left; min-height:150px; background:#fff; font-family:Arial,Helvetica,sans-serif; font-weight:bold; font-size:14px } .cform{ margin-left:10px; padding:5px; margin-bottom:10px } #caption{ height:60px; font-family:Arial,Helvetica,sans-serif; font-weight:bold; font-size:14px; color:#000; margin:10px } #caption img{ vertical-align:middle; float:left; padding-right:10px } #result { height:50px; font-weight:bold; font-size:14px; margin-left:10px; margin-top:40px; padding:5px } #result img{vertical-align:middle} .label{color:#000} .rlabel{ font-family:Arial,Helvetica,sans-serif; font-weight:bold; font-size:14px; color:#F00 } .error{ font-family:Arial,Helvetica,sans-serif; font-size:14px; color:#F00; padding:10px } .text{ color:#000; background-color:#ddd; border:1px solid #F00 } input{width:200px} textarea{ width:500px; height:220px; color:#000; background-color:#ddd; border:1px solid #f00 } .mbutton{ background:transparent url(images/ContactSend.png) no-repeat 0 0; border:0px; width:105px; height:33px; margin:0; padding:0; cursor:pointer } .mbutton:hover,.mbutton:active{background:url(images/ContactSend.png) no-repeat 0 -33px} /*]]>*/ </style> </head> <body> <div id="page"> <!-- Left Column --> <div id="leftcol"><?php include("sidemenux.html"); ?></div> <div id="rightcol"></div> <!--Header--> <div id="buildingpic"><a href="index.html"></a></div> <div id="maincol"><h1>Contact Us</h1></div> <!--Header End--> <div id="shader"></div> <div id="maincontent"> <!--START Content--> <div id="contactd"> <?php if (!isset($_POST['submitBtn'])) { createForm(); } else { $name = isset($_POST['name']) ? $_POST['name'] : ""; $email = isset($_POST['email']) ? $_POST['email'] : ""; $message = isset($_POST['message']) ? $_POST['message'] : ""; $phone = isset($_POST['phone'])? $_POST['phone'] : ""; $error = false; if (strlen($name)<3) { $error = true; $error1 = errorName; } if (!isValidEmail($email)) { $error = true; $error2 = errorEmail; } if (strlen($message)<10) { $error = true; $error3 = errorMsg; } if ($error){ createForm($name,$email,$phone,$message,$error1,$error2,$error3); } else { $name=htmlentities($name, ENT_QUOTES); $email=htmlspecialchars($email, ENT_QUOTES);//Note: Used htmlspecialchars so that the @ symbol does not get converted as it would in htmlentities. $message=htmlentities($message, ENT_QUOTES); $message='Name: '.$name."\n".'E-mail: '.$email."\n".'Phone #: '.$phone."\n".$message; sendMail($name,$email,$message); ?> <div id="result"><img src="images/ContactSent.png" width="48" height="48" alt="Mail Sent" />Message sent. Thank you!</div> <?php } } ?> </div> <!--END Content--> </div> <div class="clear"> </div> </div> </body> </html>

Lets see the script for 1, and 2: genericnumber1 is right about including externally, which also slows down your page processing. 3: I think you are confusing the difference of including a function and including another script. 4: Seeing the code will let us beter determine your particular problem(s). In the long run it will only help you.

But so long as you do not bear the session variable to the user then the session variables should be safe. But if you are on a shared host then you need to store your sessions in a secure folder, or on the database, which will result in the high number of inquires. To prevent Hijacking you will need to use extra means of user validation. Like using a coded cookie or two and user browser integrity.

Use Sessions and if some one logs in as a admin they get the page with the admin buttons else they get the non-admin page.

I was going to try and rewrite your code but the format is giving me a headache. So If you want to add a phone number field to your form use this code. <span class="label">Phone:</span><input type="text" name='phone' value="<?php echo $phone; ?>" /><br /> next you have already added $phone to the function createForm, but when you call it you will need to add that variable to the call of the function. createForm($name,$email,$phone,$message,$error1,$error2,$error3); Also before you send the email you need to join the phone number to the message. $message=$phone . $message; But before you do that you should clean the message with htmlentities. htmlentities($message, ENT_QUOTES); But before you make these changes I would like to help you make the script more secure. Also I would like to help you understand the script's function better if you would like. OK, next do you really understand what this script is doing or did you borrow it? Just post a reply if you would like to learn more.