vineld

Thanks, at least I'm not way off Yeah, letting the user choose himself is the optimal solution but for some sites I have had thousands of photos that needs to be resized and it's too time consuming to handle them manually.

How do you usually design PM systems? I have so far been quite straight-forward, using only one table and setting flags for read, deleted, archived etc. If there are some illegal or otherwise doubtful activities taking place I think it's good to have all messages saved whether they have been deleted or not. There is a big argument for changing the structure a bit though since this structure will build up in size very quickly and not before long I am storing a lot more deleted messages than not which makes the system highly inefficient. Another reason for separating the deleted messages (if you do not delete them for real) from the rest would be that it's much easier to simply export and empty that table once it grows to a certain size. So I am thinking about redesigning my system into three tables actually - one for the inbox, one for deleted messages and one for saved sent copies which will probably not be accessed even near as often and do not need all fields of the inbox table. Does this sound like a good idea or does it have major flaws? This will of course not work well if you want the user to be able to view all sent messages although I rarely ever see a point of doing this. Then you might as well adjust the system for that specific project.

What method do you use if you want to automatically resize an uploaded image to any given format (that fits within it of course but isn't necessarily of the same proportions)? What I do right now is that I simply check to see what proportions the original image has compared to the one I want to create. Depending on this I start by shrinking it down along either the x or y axis. I now have an image which is either as high or as wide as the one I want. Next I simply cut the middle part of the image since focus is usually in the center of photos. This seems to work well in most cases for "horizontal" images although not always as well for higher "vertical" ones. Are there any other better methods of doing this? Note: This is not about simply resizing a photo, cropping needs to be done as well, unless the proportions happen to be the same.

I have never had this problem before either :-\ I have stripped the code down to make it readable although I doubt it will do any good (unless I have failed to catch something obvious that I am blind to at this point): <?php include [file where session is set: session_start(); ] // Error check prints print_r($_SESSION); print_r($_POST); // Database connection and log in check // Check if form has been submitted if (isset($_POST["submit"])) { // External attack check if (isset($_SESSION['secret']) && $_POST['secretValue'] == $_SESSION['secret']) { // yada yada yada PHP code if [file has been selected] { [error handling, image editing etc.] } } } // Secret key is set $secret = md5(uniqid(rand(), true)); $_SESSION["secret"] = $secret; // Error check echo $secret; ?> <html> <head> </head> <body> // yada yada yada HTML // The form itself <form method="post" action="[same file]" enctype="multipart/form-data"> <input type="hidden" name="secretValue" value="<?php echo $secret; ?>" /> <input type="submit" class="submit" name="submit" value="Send" /> </form> </body> </html> Don't take my pseudocode literally

If the code followed a different path depending on the situation I would probably think so too :-\ However, nothing changes and it seems random albeit unusual. The code itself is not really complex, there is only one form and it posts to the same page. File uploads are done in the same file but some image handling take place in included functions but that's about it. The code where the session is first initiated is also in an included file but that shouldn't matter... Judging from the strange random factor I find it very hard to believe that the flaw is anywhere else but on the server but, if so, what could possibly cause it?

I have printed all values (key, post and session arrays) and they are always set. I have also searched the file + included files and those are the only places where the variables are in use. As it appears only once in a while, even if I do the exact same thing, it seems very strange. Could other users' use of sessions on the server affect mine as well in any situations?

Yup, that's exactly what is done, everything goes in the order I listed in the first post. Most of the time it works just fine and the only page where I have encountered it to fail (once in a while, whenever it feels like it apparently) is where I do file uploading so I wonder if there is some instability over at my host's server?

Maybe you're right but I think you might stop some automated bot scripts this way. After all, now that it's there it would be a waste of time to remove it No matter what, I would still like to know the reason for this strange behavior since it might cause other problems in the future. Is it possible that server sessions can become unstable and for some reason time out prior to the set limit?

I definitely agree. Always try to choose relevant data types for your tables before inserting data. That will make your life easier and you will have complete freedom to both search the database and easily format everything in the html output. You will save a LOT of time if you design your database structure carefully, both types, relations and indexes.

I use a unique key in certain places to make sure that the pages don't receive external post data. The "problem" is that I store this in a session variable. Unfortunately this seems to time out when least expected at the site I am currently working on. Here is the logic of what happens in the file. 1. Session is initiated: session_start(); $session = session_id(); 2. If form has been posted, check that the posted key is equal to $_SESSION["secret"] 3. Set $_SESSION["secret"] to a random key Am i failing to see some simple mistake in this process or why does this happen? I checked session.gc_maxlifetime and that was set to 1440 (24 minutes) both local and global.

Yeah, I have used that as well although if it's possible that the $_FILES['myname'] array is empty there will be no error either. Will the look of the array depend on the browser or is it php that decides? I think I still have PHP4 versions running in some places...

I have seen plenty of examples, even in the php manual, where they only check to see if the $_FILES['whatevermynameis'] array is empty or not set although this do not seem to work properly. I often encounter that the array is always set after the form has been submitted no matter if a file has been uploaded or not so I normally check size instead. Why is this? What is actually the "correct" way to check if a file has been selected?

You need to use proper double quotes: echo "This is a PHP line"; not echo “This is a PHP line”;

I would like to reawaken this thread once again since it is an interesting subject to discuss I think. Security is far from good at many sites I've encountered over the years. This log in script of mine, which, in my defence, was written a while back, is troubling me. What is troubling is that I don't really know what my train of though was back then. Why do I set a cookie when I might as well store the values as session variables? On the other side, why do I even use sessions when I might as well just generate a random id for the cookie? It apparently makes no difference to my script. The problem now is, if someone steals the cookie, they are obviously able to pose as the user. Would you say the system is sufficient or what would you do in order to improve it and make it more secure?

I ran some tests a while back, and found it was fractionally slower using the ternary operator than writing out the full if statement in longhand. Quite why this should be, I don't know.... I'd expected to find that both forms compiled to the same code. Thanks for the input, fractionally slower would mean that it doesn't really matter which one you use then. Even if they compile to the same code they will still need to be parsed and that's probably wherein the difference lies.

I think that is a sound way of thinking. Thanks for correcting me as well, English is not my mother tongue so I may seem a big ignorant at times

What would you consider to be the maximum size of an .htaccess file for a relatively high traffic site? Within which limits would you normally want to keep it? Naturally the objective is to keep the file as small as possible with as few rewrite rules as possible. At the moment I am working on a site where I have approximately 5-6 pattern rules and about 10 single pages added to the .htaccess. Is that good practice? Also, does the order of the rewrite rules matter (except for those that would interfere with each other of course)?

Unless your css is inline you do not need to place it where the action is so to speak. Use the suggested example and link to an external css file within <head></head>. It will then apply to your entire html document and make your life easier. Maybe you should read a little about the basic structure of websites.

That's because you never print the css. Look at where your php tag begings, right after <?php.

If you wish to do so without reloading the page you will need javascript. Then this is not a PHP issue. Simply add an event to each of the two fields and then update the third field.

Sometimes your Javascript code will need values generated by PHP right from the start. Usually I just print these values directly into the Javascript code since it's the quickest solution. What do the rest of you do, and more importantly, why? I am currently trying to ease the workload for a few sites with high traffic and try to compress js code where it's possible but then I can of course not have any php code there. Perhaps it would be a good idea to store these key values in a hidden form? After all, that is a more flexible solution.

If the files are on the same server as where you're running the script you do not need to use the FTP functions of PHP. You just have to set the correct path which is where it goes wrong I suspect?

I am always trying to make my applications run as efficiently as possible and am trying to remove as many unnecessary operations as possible without making the code less readable, both for performance and environmental reasons (which is really one in the same in most cases). Regarding CSS, which of the following two alternatives is the quickest: .firstClass { blabla } .secondClass { blabla } .firstClass { blabla } .firstClass htmlTag { blabla } Will this ever make a difference? If so, then why? I know there are reasons why I might choose one over the other (and must in certain cases) but now I'm only talking about the performance.

I have not really began using the short-hand if statements with question marks and colons myself, mostly because I think it makes the code more difficult to read for others, but I am wondering why those of you who use it have chosen to do so? Is it just to shorten the code? Performance-wise, which alternative is best, if any?

Did you even care to read and think about what I described above concerning the "hierarchy string"? You would use that when deleting in that case, not your rids all along the way. That is not an alternative. Using my suggested method you will only have to do one single sql query instead of countless loops. Either that or use real hierarchical structures for which you will find all the information you need on deletes and inserts if you let Google do your job.