deerly

More information: It seems that the problem with $admin->checkLogin() is that the page, when accessed by $.post, isn't able to read the 'auth' cookie. Also, using $.post I cannot check the referring page, as weak a security attempt that would be at least it would be something. I'm wondering if there is some kind of htaccess trick that can prevent a file from being accessed directly but still allows jQuery to utilize it? Pipe dreams? How do people secure their jQuery/ajax external pages then? :confused:

Hi all! I have been dabbling in some ajax/jquery and noticed that the .post/.get methods can only utilize php documents that are above the document root. This makes sense enough but I have to wonder how I can protect these files from nosy snoopers. For some reason trying to use my admin->checkLogin() class isn't working on these pages and is disrupting how they function. For example, I have a photo gallery administration page that only an authenticated user should be able to use. This page has a pretty ajax way of saving the title/description/price/tags/etc for each individual image. It calls an external PHP document that does the more serious filtering and saves the information to the database. How can I keep that PHP page from being accessed directly? Trying to hide it behind the document root and then accessing it through ../includes/blahblah doesn't work with ajax near as I can tell. Thanks so much!

Alright, gotcha! I think I have a game plan now, for some reason I thought it was bad practice to keep recreating objects for the same user over and over again. At least I can keep going the way I was now!

Ok, thank you! So I guess my next question would be -- is it good practice to store an instance of an object in a session for user authentication? So I would have a cookie with identifier:token and then a session variable with thisUser object. Then I'd use thisUser object -> checkLogin or doWhatever() methods that way? Pulling info from the cookie? Or, is it basically the same thing to just recreate an object on every page with the information pulled from the cookie?

Hi everyone! I'm trying to figure out a clever system to keep track of a logged in user's information in an OO way. Right now the checkUserLogin method validates a token/identifier against the database to see if the user is logged in and makes sure things are kosher. I don't want to recreate a new User class everytime a page is loaded. As I understand it, using a Singleton class can persist the user's information. So! I create my singleton class, instantiate it when the user logs in and then.... do I store the instance of the class in a cookie? That doesn't seem very secure and then doesn't that defeat the point of storing the identifier/token in a cookie as well? I'm sure there is a way to have a user class that isn't recreated every page load while still only storing the bare minimum of information in a cookie for authentication? I'm still pretty new at all this, I'm just trying to wrap my head around how this can and should be done! Thanks for any help

Figured it out! I guess I just was looking for some fresh eyes but stepping away was good enough! For anyone who is curious... I did a str_replace to make the "\n" into </p><p> before sending the string through JS (instead of escaping the "\n") Then... I had to change the jQuery from .text(blahblah) to .html(blahblah) DUH!

:-*Hi everyone! Hopefully I can explain this well enough so someone can help! Using jQuery I am updating a mysql table with some POST data. Then I want to send the POST data into a javascript function so that it does fancy things to appear on the page. This all works great UNTIL I put in line breaks! The \n in PHP was causing the javascript to give me an "unterminated string literal" error so I did the following: So here is the problem! When the text is displayed on the page, there are no line breaks and, since the page is not reloading, I am not sure how to format it so that it does display with line breaks. Refreshing the page, str_replace does the trick (n2br makes my w3 strict settings freak out) but what can I do before that? Also, the hide me function does: Update Thought I'd include this before anyone responded -- I tried javascript replace() method but that just prints a <p>

Hello! I am new to ZF and MVC in general and am working on my very first ZF application which at the moment is entirely a learning effort. My question is regarding experimenting with this tutorial: Login and Authentication with Zend Framework - phly, boy, phly I put the LoginForm class in a file called Login.php in /applications/forms However, when i call getForm() I receive the following error: Fatal error: Class 'LoginForm' not found in /home/gurriburd/dev/application/controllers/LoginController.php on line 7 Seems that it cannot locate the form. I'm wondering if there is a basic naming convention or expectation that I am overlooking. ??? Thanks so much!

So basically ... everything I was reading seems to have been overcomplicated things and making me confused. So really, the IMPORTANT part of zend framework just seems to be the library (and the file I downloaded had dozens of other directories and files (including tones of heavy images!) that just wasn't necessary. Zend Quickstart in general seems more complicated. Piecing everything together from various sources but it works. Thanks, solved.

Ok, neat! So I would just upload the file structure just like that from the package I downloaded (and extracted on my PC) from Zend? There is no actual installation required, just uploading all of those files to the webserver? Edit So I'm uploading this huge file that I downloaded to my web server (behind documentroot) and then I will ALSO upload the file structure you posted above (which matches my Zend Framework Project) wherever I would like that to be and....... that works? I guess I will just try it, but the uploading of the library and everything is taking quite a long time and I feel very confused and frustrated in the mean time ???

I guess I still don't quite understand how to "copy" to webserver. I have WAMP and can install it there but how do I "move" it to the webserver? For future reference at the very least, I can't seem to find this anywhere! The "quick start" guide on zend doesn't seem to talk about "copying" it to an actual web server unless I am completely overlooking something. ??? Thanks very much for your help. Edit I have Zend Studio -- Eclipse which allows you to create Zend Framework projects and apparently already has the framework installed to use. How can I move these projects (and the framework!) to a webserver ???

Hi there! I only recently purchased a virtual dedicated web server and am trying to install zend framework. Unfortunately, all I can seem to find on the Zend website and elsewhere online is that you "extract the files" and are done. How do I *upload* the framework files to my server's IP? I assume that i shouldn't just use FTP to upload them as I would a normal file? Or should I and if so directly to the IP or for one specific domain or... ??? Very confused, appreciate any help! Edit: I'm running a linux server with the latest red hat fedora

Hi there! I am trying to utilize a flag/block feature that allows someone to flag or block a posted bookmark and then only that person won't have to see it anymore. So there is a blocked_users table and when you block a user it records your customer_id if logged in and also your IP address. For the display bookmarks function, I added this to the select statement: I thought it worked perfectly until I noticed that when other people would visit the site from completely different IPs/computers they could not see bookmarks posted by users who I blocked. More code: Where $customer_id is a variable passed to the function of the logged in user's ID

Got it all figured out a while ago, just updating here in case others have the same problem. I was right, it WAS exceptionally simple! You can view all your database users with: SELECT user, host, password FROM mysql.user; You can also view specific permissions for a user with: SHOW GRANTS FOR userName@"%"; Easy as pie, I was just missing the right syntax. Weird that it was so hard to find online though! I hope this helps!

Oh, I wish that worked! I get an error 1064 with both of those, error with SQL Syntax :-\