Destramic

hey guys im after a but of help regarding installing the geo ip module...now im sorry of its in the wrong forum but i couldnt see where to put it but hopefully someone can help. now i read a few tutorials copied and pasted a few lines into putty and my server has a 500 internal server error on it...so ive really messed it up. i logged into putty and used the following commands mkdir /usr/share/GeoIP cd /usr/share/GeoIP wget http://geolite.maxmind.com/download/geoip/database/GeoLiteCountry/GeoIP.dat.gz gzip -d GeoIP.dat.gz wget http://www.sohailriaz.com/downloads/custom_opt_mod-mod_geoip.tar.gz tar -zxvf custom_opt_mod-mod_geoip.tar.gz service httpd restart .htaccess ------- LoadModule geoip_module /usr/local/apache/modules/mod_geoip.so GeoIPEnable On GeoIPDBFile /usr/share/GeoIP/GeoIP.dat MemoryCache any advise on how i can repair my server and what it is i have done wrong please? thank you guys

ok thanks but is it possible to get my results from the database like so:

hey guys, i have a bit of a strange question and dont know if what im asking can actually be done with mysql but here goes. basically i have a table like so: items -------------------- item_id category sub_category sub_sub_category name price --------------------- now what im after is a result like so: category sub_cat sub_sub_cat [consoles] => [accessories] => [headsets] => [0] => ('name' => 'item1', 'price' => '10.00') now ive seen a query which converts to json (but didnt work) but would be great if its possible to do what i want it to do SELECT CONCAT("[", GROUP_CONCAT( CONCAT("{username:'",username,"'"), CONCAT(",email:'",email),"'}") ) ,"]") AS json FROM users; any advise would be great thank you

i'm not a great fan of passwords being changed on demand either but thought it may help security...but thank you for you views and help guys...gonna go with looping it and checking it through a loop cheers

hey guys i want to pick you brains regarding user password records please. what im trying to achieve is when the user changes his/her password in 6 months time that its not the same as previous passwords. when a user registers i use password_hash() for the password and insert into users database table...now i want to keep a record of passwords in my password_records table. 1. do i save the password (not hashed) so i can compare in later in the future? or 2. save the hashed password in the password records and do a foreach loop of the password hashes using password_verify()? may seem transparent to go with the lata, but any advise or a better solution would be great. thank guys

well ive been fiddling about with for a few days now to see if i can accually get a result which returns my country...reason being because i get a city result when searching on maxmind and other geo ip site. i've even tried this: SELECT l.country, l.city, l.postal_code, l.latitude, l.longitude, l.dma_code, l.area_code FROM blocks b INNER JOIN locations l ON b.location_id = l.location_id WHERE MBRCONTAINS(b.ip_polygon, POINTFROMWKB(POINT(INET_ATON('95.146.187.2'), 0))); is there any other methods of me getting the users city?...if not a suppose i could go down the route of the user inputting it. and when searching locations table for my city "Cwmbran" i can find it, but my longitude and latitude from my ip is like 1 out on each thank you

thank you...although i havent got the geoip extension installed on my localhost/server so im uable to use it....thats why i went down the route of mysql. here is the query i'm using...but when using it doesnt return a city (which is the main reason i need this) SELECT l.country, l.region, l.city, l.postal_code, l.longitude, l.latitude, l.dma_code, l.area_code FROM blocks b JOIN locations l ON l.location_id = b.location_id WHERE INET_ATON('95.146.187.2') BETWEEN b.ip_start AND b.ip_end LIMIT 1 now ive downloaded the free blocks and locations....how am i able to get what i need?...do i need to pay for the service with maxmind? thank you for your help

that worked beautifully thank you...and yeah i meant CSV. what im trying to achive is: 1. to get longitude and latitude via users ip 2. and to get city by longitude and latitude i've tried to google for sql querys but couldnt find what i was after if you coud help or point me in the right direction. thanks again

hey guys ive decided to use geoip via my database on my server. now i've download blocks.cvs and location.cvs from: http://geolite.maxmind.com/download/geoip/database/GeoLiteCity_CSV/GeoLiteCity-latest.zip but when trying to load block.cvs in excel it says: does anyone know of another source where i can that/these files from please? thank you

thanks for your posts guys...cronix that was just what i was after ...cheers

first of all...its good to see the site back . my question guys is i'm wondering is there a way of getting the column number when reading a .cvs file? ie. a, b, c, d, aa, ab etc? $row = 1; if (($handle = fopen($file, "r")) !== FALSE) { while (($data = fgetcsv($handle, 1000, ",")) !== FALSE) { $num = count($data); echo "<p> $num fields in line $row: <br /></p>\n"; $row++; for ($c=0; $c < $num; $c++) { //echo $data[$c] . "<br />\n"; } } fclose($handle); } now $num counts the columns...but i want to convert that into a alphabetical column...is there a easy solution? thanks guys

Your right...I've just made something so simple complex...that's what you get for looking a other people's ideas and thinking it's the best way. I'm gonna remove most of the crap and just have it as you say...one token for a whole session...thanks again for your help

hey guys, i was introuduced the the world of csrf a little while ago by a member of PHP Freaks, beofore hand i had'nt a clue...so i decided to read a little more into and created a class to deal with generating tokens and ensuring the site is free from CSRF. now my understanding is that a CSRF can be made from clicking on sponsers, images and basically anything that can cause a request to another site/domain. now with the script allows the user to have multipule tokens and a new token is generated everytime when filling a form or whatever, allowing user to have more than one tab open. I'm just a little concerned that a CSRF attack can still be made this way as a new token is made on each form page. when creating a form i do this: <input name="csrf_token" type="hidden" value="12345" /> then on post im able to do something like this: $token = $csrf->get_token(); // token for input if ($csrf->is_safe($post->csrf_token) && form->is_valid()) { echo "safe" } else { echo "unsafe"; } here is my class <?php namespace Security; use Session\Session as Session; use Security\SSL; class CSRF { protected $_expiration = "3600"; public function get_token($expiration = null) { $ssl = new SSL; $token = $ssl->random_string(20); $session = new Session; $session->start(); if ($expiration === null) { $expiration = $this->_expiration; } else if (!is_numeric($expiration)) { // error } if (!$session->offset_exists('csrf_token')) { $session->csrf_token = array(); } $expiration = time() + $expiration; $session->append('csrf_token', array('token' => $token, 'expiration' => $expiration )); return $csrf_token; } protected function token_exists($token) { $session = new Session; $session->start(); $csrf_token = $session->csrf_token; $result = false; foreach ($csrf_token as $key => $array) { if (time() > $array['expiration']) { $session->offset_unset('csrf_token', $key); } else if ($array['expiration'] > time()&& $array['token'] === $token) { $session->offset_unset('csrf_token', $key); $result = true; } } return $result; } public function is_safe($token) { if ($this->token_exists($token)) { return true; } return false; } } any advise would be greatful, thank you

thank you for the great information guys...i've just decided to go with a cheap one for now and possible with time, users and more money i think i'll be worth investing in a EV certificate. sorry for the delay in reply

was a simple as me connecting to the wrong db!...silly me...thank you for your reply and help

buying a multi domain was a big misunderstanding...just a single domain will be sufficient. ok well i looked into each certificate a bit more, and obvious the more you pay the better it is. now as my site is a working progress and may not possibly work i think a cheap cheap one would be ok for now...and then maybe purchase a comodo-ev-sgc-ssl in time? but regarding the ev green adress bar...some certificates come with and some don't...isnt the green bar like a reinsurance to the user that the site is actually secure? thanks for your help guys...much appreciated

well this is truely embarrising...i have a insert statement which works within phpmyadmin but when using mysqli_query it returns a error. INSERT INTO users (username, timestamp) VALUES ('test', UTC_TIMESTAMP()) i've been playing about with this for a few hours now ...tried changing the column name (timestamp), adding ` around column names as well as table name. the column exists which is the strangest part, and ive even checked there is no space after the column name in the db. whats going on please?

sorry i meant sub-domains...but yeah i think a wildcard is what im gonna need by the looks...and it will be for e-commerce aswell as login. users registers, logs in, buys sells products, money transfers via somewhere like paypal. thank you

hey guys im wanting to buy a SSL Certificate for my server, so i can allow a secure connection on sensitive information. now i've been looking at https://www.ssls.com...l-certificates/ and it looks a lot more complicated than i'd imagined. ie. what certificate do i choose?...i know i want it for multi domains so that i can do it for register, login, logout etc. But with so many options its not so clear on which one to choose...i just want a certificate some advise on one to choose would be very helpful. Also any information regarding using it in my php and mysql (tutorial). thanks guys

ok thank you

ok thank you

no i need to get one but dont know what type of certificate it is i need to buy from the url i gave above...any advise would be great thanks

i did a bit of reading on the openssl_random_pseudo_bytes() which seems just the thing i need thank you. now i've never dealt with ssl before and im about to buy a certificate...but im not sure what certificate i need to buy if anyone can please help? https://www.ssls.com/comodo-ssl-certificates/ now i need a wildcard so i can use the cert on pages such as login and register (dont know what else) but there are so many different name types and different validations...confused! any help would be great thanks guys

hey guys, i need a little help on the best way to generate a seo friendly token...at the moment i use password_hash() with a peice of users information to create a key so that the user can verifiy account by a url sent via email. now the problem i'm having with that is it contains forward slashes which is killer for my uri and not to mention all the other seo friendly characters it conatins. how do i make the hash url friendly?...any advise would be great thank you

some great advise there Jacques...thank you...i'll be sure to use these methods in my build