-
Posts
960 -
Joined
-
Last visited
Posts posted by Destramic
-
-
ok thanks
but is it possible to get my results from the database like so:
category sub_cat sub_sub_cat
[consoles] => [accessories] => [headsets] => [0] => ('name' => 'item1',
'price' => '10.00')
-
hey guys, i have a bit of a strange question and dont know if what im asking can actually be done with mysql but here goes.
basically i have a table like so:
items
--------------------
item_id
category
sub_category
sub_sub_category
name
price
---------------------
now what im after is a result like so:
category sub_cat sub_sub_cat
[consoles] => [accessories] => [headsets] => [0] => ('name' => 'item1',
'price' => '10.00')
now ive seen a query which converts to json (but didnt work)
but would be great if its possible to do what i want it to do
SELECT CONCAT("[", GROUP_CONCAT( CONCAT("{username:'",username,"'"), CONCAT(",email:'",email),"'}") ) ,"]") AS json FROM users;
any advise would be great
thank you
-
i'm not a great fan of passwords being changed on demand either but thought it may help security...but thank you for you views and help guys...gonna go with looping it and checking it through a loop
cheers
-
hey guys i want to pick you brains regarding user password records please.
what im trying to achieve is when the user changes his/her password in 6 months time that its not the same as previous passwords.
when a user registers i use password_hash() for the password and insert into users database table...now i want to keep a record of passwords in my password_records table.
1. do i save the password (not hashed) so i can compare in later in the future?
or
2. save the hashed password in the password records and do a foreach loop of the password hashes using password_verify()?
may seem transparent to go with the lata, but any advise or a better solution would be great.
thank guys
-
well ive been fiddling about with for a few days now to see if i can accually get a result which returns my country...reason being because i get a city result when searching on maxmind and other geo ip site.
i've even tried this:
SELECT l.country, l.city, l.postal_code, l.latitude, l.longitude, l.dma_code, l.area_code FROM blocks b INNER JOIN locations l ON b.location_id = l.location_id WHERE MBRCONTAINS(b.ip_polygon, POINTFROMWKB(POINT(INET_ATON('95.146.187.2'), 0)));
is there any other methods of me getting the users city?...if not a suppose i could go down the route of the user inputting it.
and when searching locations table for my city "Cwmbran" i can find it, but my longitude and latitude from my ip is like 1 out on each
thank you
-
thank you...although i havent got the geoip extension installed on my localhost/server so im uable to use it....thats why i went down the route of mysql.
here is the query i'm using...but when using it doesnt return a city (which is the main reason i need this)
SELECT l.country, l.region, l.city, l.postal_code, l.longitude, l.latitude, l.dma_code, l.area_code FROM blocks b JOIN locations l ON l.location_id = b.location_id WHERE INET_ATON('95.146.187.2') BETWEEN b.ip_start AND b.ip_end LIMIT 1
now ive downloaded the free blocks and locations....how am i able to get what i need?...do i need to pay for the service with maxmind?
thank you for your help
-
that worked beautifully thank you...and yeah i meant CSV.
what im trying to achive is:
1. to get longitude and latitude via users ip
2. and to get city by longitude and latitude
i've tried to google for sql querys but couldnt find what i was after if you coud help or point me in the right direction.
thanks again
-
hey guys ive decided to use geoip via my database on my server.
now i've download blocks.cvs and location.cvs from:
http://geolite.maxmind.com/download/geoip/database/GeoLiteCity_CSV/GeoLiteCity-latest.zip
but when trying to load block.cvs in excel it says:
Failer to load completly
does anyone know of another source where i can that/these files from please?
thank you
-
thanks for your posts guys...cronix that was just what i was after ...cheers
-
first of all...its good to see the site back .
my question guys is i'm wondering is there a way of getting the column number when reading a .cvs file?
ie. a, b, c, d, aa, ab etc?
$row = 1; if (($handle = fopen($file, "r")) !== FALSE) { while (($data = fgetcsv($handle, 1000, ",")) !== FALSE) { $num = count($data); echo "<p> $num fields in line $row: <br /></p>\n"; $row++; for ($c=0; $c < $num; $c++) { //echo $data[$c] . "<br />\n"; } } fclose($handle); }
now $num counts the columns...but i want to convert that into a alphabetical column...is there a easy solution?
thanks guys
-
Your right...I've just made something so simple complex...that's what you get for looking a other people's ideas and thinking it's the best way. I'm gonna remove most of the crap and just have it as you say...one token for a whole session...thanks again for your help
-
hey guys,
i was introuduced the the world of csrf a little while ago by a member of PHP Freaks, beofore hand i had'nt a clue...so i decided to read a little more into and created a class to deal with generating tokens and ensuring the site is free from CSRF.
now my understanding is that a CSRF can be made from clicking on sponsers, images and basically anything that can cause a request to another site/domain.
now with the script allows the user to have multipule tokens and a new token is generated everytime when filling a form or whatever, allowing user to have more than one tab open. I'm just a little concerned that a CSRF attack can still be made this way as a new token is made on each form page.
when creating a form i do this:
<input name="csrf_token" type="hidden" value="12345" />
then on post im able to do something like this:
$token = $csrf->get_token(); // token for input if ($csrf->is_safe($post->csrf_token) && form->is_valid()) { echo "safe" } else { echo "unsafe"; }
here is my class
<?php namespace Security; use Session\Session as Session; use Security\SSL; class CSRF { protected $_expiration = "3600"; public function get_token($expiration = null) { $ssl = new SSL; $token = $ssl->random_string(20); $session = new Session; $session->start(); if ($expiration === null) { $expiration = $this->_expiration; } else if (!is_numeric($expiration)) { // error } if (!$session->offset_exists('csrf_token')) { $session->csrf_token = array(); } $expiration = time() + $expiration; $session->append('csrf_token', array('token' => $token, 'expiration' => $expiration )); return $csrf_token; } protected function token_exists($token) { $session = new Session; $session->start(); $csrf_token = $session->csrf_token; $result = false; foreach ($csrf_token as $key => $array) { if (time() > $array['expiration']) { $session->offset_unset('csrf_token', $key); } else if ($array['expiration'] > time()&& $array['token'] === $token) { $session->offset_unset('csrf_token', $key); $result = true; } } return $result; } public function is_safe($token) { if ($this->token_exists($token)) { return true; } return false; } }
any advise would be greatful, thank you
-
So EV does increase the security of the site. It prevents man-in-the-middle attacks. Of course it doesn't help you with SQL injection problems or server misconfigurations, and it doesn't cure AIDS either. But I don't think anybody made that claim. We're talking strictly about network traffic security.
Again, I'm not saying that every small company can and should afford EV. But the security benefits are unquestionable. The green bar is indeed a strong security indicator, not just decoration.
thank you for the great information guys...i've just decided to go with a cheap one for now and possible with time, users and more money i think i'll be worth investing in a EV certificate.
sorry for the delay in reply
-
was a simple as me connecting to the wrong db!...silly me...thank you for your reply and help
-
buying a multi domain was a big misunderstanding...just a single domain will be sufficient.
ok well i looked into each certificate a bit more, and obvious the more you pay the better it is. now as my site is a working progress and may not possibly work i think a cheap cheap one would be ok for now...and then maybe purchase a comodo-ev-sgc-ssl in time?
but regarding the ev green adress bar...some certificates come with and some don't...isnt the green bar like a reinsurance to the user that the site is actually secure?
thanks for your help guys...much appreciated
-
well this is truely embarrising...i have a insert statement which works within phpmyadmin but when using mysqli_query it returns a error.
INSERT INTO users (username, timestamp) VALUES ('test', UTC_TIMESTAMP())
Unknown column 'timestamp' in 'field list'
i've been playing about with this for a few hours now ...tried changing the column name (timestamp), adding ` around column names as well as table name.
the column exists which is the strangest part, and ive even checked there is no space after the column name in the db.
whats going on please?
-
sorry i meant sub-domains...but yeah i think a wildcard is what im gonna need by the looks...and it will be for e-commerce aswell as login.
users registers, logs in, buys sells products, money transfers via somewhere like paypal.
thank you
-
hey guys im wanting to buy a SSL Certificate for my server, so i can allow a secure connection on sensitive information.
now i've been looking at https://www.ssls.com...l-certificates/
and it looks a lot more complicated than i'd imagined. ie. what certificate do i choose?...i know i want it for multi domains so that i can do it for register, login, logout etc.
But with so many options its not so clear on which one to choose...i just want a certificate
some advise on one to choose would be very helpful. Also any information regarding using it in my php and mysql (tutorial).
thanks guys
-
ok thank you
-
ok thank you
-
no i need to get one but dont know what type of certificate it is i need to buy from the url i gave above...any advise would be great
thanks
-
since search engines won't ever post data to your site, they should never get to the point of seeing one of your links containing an account verification token. it doesn't matter if the url is seo friendly or not.
also, the token should be completely random and not tied to any user specific values.
if you have the openssl_random_pseudo_bytes() function available, it is the current recommend method of generating a chosen length, random token.
i did a bit of reading on the openssl_random_pseudo_bytes() which seems just the thing i need thank you.
now i've never dealt with ssl before and im about to buy a certificate...but im not sure what certificate i need to buy if anyone can please help?
https://www.ssls.com/comodo-ssl-certificates/
now i need a wildcard so i can use the cert on pages such as login and register (dont know what else) but there are so many different name types and different validations...confused!
any help would be great thanks guys
-
hey guys,
i need a little help on the best way to generate a seo friendly token...at the moment i use password_hash() with a peice of users information to create a key so that the user can verifiy account by a url sent via email.
now the problem i'm having with that is it contains forward slashes which is killer for my uri and not to mention all the other seo friendly characters it conatins.
how do i make the hash url friendly?...any advise would be great
thank you
-
some great advise there Jacques...thank you...i'll be sure to use these methods in my build
geo ip mod
in PHP Coding Help
Posted
hey guys im after a but of help regarding installing the geo ip module...now im sorry of its in the wrong forum but i couldnt see where to put it but hopefully someone can help.
now i read a few tutorials copied and pasted a few lines into putty and my server has a 500 internal server error on it...so ive really messed it up.
i logged into putty
and used the following commands
any advise on how i can repair my server and what it is i have done wrong please?
thank you guys