sawade

Design is very simple. There is a black line appearing in the center of every page near the bottom, that doesn't seem to serve any purpose.

Grr darn it... <?php class EmailAddressValidator { public function check_email_address($strEmailAddress) { // Control characters are not allowed if (preg_match('/[\x00-\x1F\x7F-\xFF]/', $strEmailAddress)) { return false; } // Check email length - min 3 (a@a), max 256 if (!$this->check_text_length($strEmailAddress, 3, 256)) { return false; } // Split it into sections using last instance of "@" $intAtSymbol = strrpos($strEmailAddress, '@'); if ($intAtSymbol === false) { // No "@" symbol in email. return false; } $arrEmailAddress[0] = substr($strEmailAddress, 0, $intAtSymbol); $arrEmailAddress[1] = substr($strEmailAddress, $intAtSymbol + 1); $arrTempAddress[0] = preg_replace('/\./' ,'' ,$arrEmailAddress[0]); $arrTempAddress[0] = preg_replace('/"[^"]+"/' ,'' ,$arrTempAddress[0]); $arrTempAddress[1] = $arrEmailAddress[1]; $strTempAddress = $arrTempAddress[0] . $arrTempAddress[1]; // Then check - should be no "@" symbols. if (strrpos($strTempAddress, '@') !== false) { // "@" symbol found return false; } // Check local portion if (!$this->check_local_portion($arrEmailAddress[0])) { return false; } // Check domain portion if (!$this->check_domain_portion($arrEmailAddress[1])) { return false; } // If we're still here, all checks above passed. Email is valid. return true; } protected function check_local_portion($strLocalPortion) { if (!$this->check_text_length($strLocalPortion, 1, 64)) { return false; } $arrLocalPortion = explode('.', $strLocalPortion); for ($i = 0, $max = sizeof($arrLocalPortion); $i < $max; $i++) { if (!preg_match('.^(' . '([A-Za-z0-9!#$%&\'*+/=?^_`{|}~-]' . '[A-Za-z0-9!#$%&\'*+/=?^_`{|}~-]{0,63})' .'|' . '("[^\\\"]{0,62}")' .')$.' ,$arrLocalPortion[$i])) { return false; } } return true; } protected function check_domain_portion($strDomainPortion) { // Total domain can only be from 1 to 255 characters, inclusive if (!$this->check_text_length($strDomainPortion, 1, 255)) { return false; } // Check if domain is IP, possibly enclosed in square brackets. if (preg_match('/^(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])' .'(\.(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])){3}$/' ,$strDomainPortion) || preg_match('/^\[(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])' .'(\.(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])){3}\]$/' ,$strDomainPortion)) { return true; } else { $arrDomainPortion = explode('.', $strDomainPortion); if (sizeof($arrDomainPortion) < 2) { return false; // Not enough parts to domain } for ($i = 0, $max = sizeof($arrDomainPortion); $i < $max; $i++) { // Each portion must be between 1 and 63 characters, inclusive if (!$this->check_text_length($arrDomainPortion[$i], 1, 63)) { return false; } if (!preg_match('/^(([A-Za-z0-9][A-Za-z0-9-]{0,61}[A-Za-z0-9])|' .'([A-Za-z0-9]+))$/', $arrDomainPortion[$i])) { return false; } if ($i == $max - 1) { // TLD cannot be only numbers if (strlen(preg_replace('/[0-9]/', '', $arrDomainPortion[$i])) <= 0) { return false; } } } } return true; } protected function check_text_length($strText, $intMinimum, $intMaximum) { // Minimum and maximum are both inclusive $intTextLength = strlen($strText); if (($intTextLength < $intMinimum) || ($intTextLength > $intMaximum)) { return false; } else { return true; } } } ?>

<?php class EmailAddressValidator { public function check_email_address($strEmailAddress) { // Control characters are not allowed if (preg_match('/[\x00-\x1F\x7F-\xFF]/', $strEmailAddress)) { return false; } // Check email length - min 3 (a@a), max 256 if (!$this->check_text_length($strEmailAddress, 3, 256)) { return false; } // Split it into sections using last instance of "@" $intAtSymbol = strrpos($strEmailAddress, '@'); if ($intAtSymbol === false) { // No "@" symbol in email. return false; } $arrEmailAddress[0] = substr($strEmailAddress, 0, $intAtSymbol); $arrEmailAddress[1] = substr($strEmailAddress, $intAtSymbol + 1); $arrTempAddress[0] = preg_replace('/\./' ,'' ,$arrEmailAddress[0]); $arrTempAddress[0] = preg_replace('/"[^"]+"/' ,'' ,$arrTempAddress[0]); $arrTempAddress[1] = $arrEmailAddress[1]; $strTempAddress = $arrTempAddress[0] . $arrTempAddress[1]; // Then check - should be no "@" symbols. if (strrpos($strTempAddress, '@') !== false) { // "@" symbol found return false; } // Check local portion if (!$this->check_local_portion($arrEmailAddress[0])) { return false; } // Check domain portion if (!$this->check_domain_portion($arrEmailAddress[1])) { return false; } // If we're still here, all checks above passed. Email is valid. return true; } protected function check_local_portion($strLocalPortion) { if (!$this->check_text_length($strLocalPortion, 1, 64)) { return false; } $arrLocalPortion = explode('.', $strLocalPortion); for ($i = 0, $max = sizeof($arrLocalPortion); $i < $max; $i++) { if (!preg_match('.^(' . '([A-Za-z0-9!#$%&\'*+/=?^_`{|}~-]' . '[A-Za-z0-9!#$%&\'*+/=?^_`{|}~-]{0,63})' .'|' . '("[^\\\"]{0,62}")' .')$.' ,$arrLocalPortion[$i])) { return false; } } return true; } protected function check_domain_portion($strDomainPortion) { // Total domain can only be from 1 to 255 characters, inclusive if (!$this->check_text_length($strDomainPortion, 1, 255)) { return false; } // Check if domain is IP, possibly enclosed in square brackets. if (preg_match('/^(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])' .'(\.(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])){3}$/' ,$strDomainPortion) || preg_match('/^\[(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])' .'(\.(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])){3}\]$/' ,$strDomainPortion)) { return true; } else { $arrDomainPortion = explode('.', $strDomainPortion); if (sizeof($arrDomainPortion) < 2) { return false; // Not enough parts to domain } for ($i = 0, $max = sizeof($arrDomainPortion); $i < $max; $i++) { // Each portion must be between 1 and 63 characters, inclusive if (!$this->check_text_length($arrDomainPortion[$i], 1, 63)) { return false; } if (!preg_match('/^(([A-Za-z0-9][A-Za-z0-9-]{0,61}[A-Za-z0-9])|' .'([A-Za-z0-9]+))$/', $arrDomainPortion[$i])) { return false; } if ($i == $max - 1) { // TLD cannot be only numbers if (strlen(preg_replace('/[0-9]/', '', $arrDomainPortion[$i])) <= 0) { return false; } } } } return true; } protected function check_text_length($strText, $intMinimum, $intMaximum) { // Minimum and maximum are both inclusive $intTextLength = strlen($strText); if (($intTextLength < $intMinimum) || ($intTextLength > $intMaximum)) { return false; } else { return true; } } } ?>

OKay... email input field.... lets see... maxlength - variable used strip_tags() - variable passes thru validation - no email addresses on page - .htaccess protects email constants - directories password protected - Can't think of anything else.

I have gone through the W3C section on RegExp, and am still not understanding the snytax. I have a code that allows for letters, numbers, and underscores. However, I want to modify it to only allow letters and nothing else. function validateFirstname(fld) { var error = ""; var illegalChars = /\W/; // allow letters, numbers, and underscores if (fld.value == "") { fld.style.background = 'Yellow'; error = "You didn't enter your FIRST NAME.\n"; } else if ((fld.value.length < 3) || (fld.value.length > 30)) { fld.style.background = 'Yellow'; error = "FIRST NAME is the wrong length.\n"; } else if (illegalChars.test(fld.value)) { fld.style.background = 'Yellow'; error = "FIRST NAME contains illegal characters.\n"; } else { fld.style.background = 'White'; } return error; } Thanks.

Have it.

Well since in the above postings, you are not looking for design critique... I will pass on that one. One the Developer/View profile page. Your layout breaks. There are two footers and two listings of ads. Otherwise... it flows in a good order.

Disallow: /secureforms/forms/demo/hipaaprivacy.php I do it like this. As well as each folder by hierarchy. As well as list each form. I changed it so that each folder is under a new User-agent: *

This works perfectly. Thank you!!

Hmm I wonder why that form is vunerable. It is coded the same way as all the others. Hmmm.

I tried changing the order to allow deny. Didn't work. For some reason if any of this 4 scripts are input the site is not viewable.

I tried this, but it made it so the website is not viewable at all. <Directory /> AllowOverride None </Directory> <Directory /> Order Deny,Allow Deny from all </Directory> <Directory /folder/folder> Order Deny,Allow Deny from all </Directory> UserDir disabled root

disallowed certain files... did some more today to the htaccess file. Boss said it's done. How many attacks is it at now??? Thanks.

Added some more into the robot file.

Right. Which is why I used isset

I can't just keep it in the main directory and reference folders?

Okay, I don't know if this question was directed to me or not... One thing, I see that can limit your accessibility to your clients. You are using a javascript navi menu. If the user does not have javascript enabled they will not see it. Second thing, validating your code you have 57 errors as XHTML Transitional. Which brings up a question, why are you using transitional? You can say 'because I want to butt out' that's fine. Third thing, think of a webpage as a building. You first need to construct a foundation and internal structure. This is what (x)html is for. With (x)html you should have a completely blank and rather ugly site when you are done. Think of when you first walk into a finished building, it has walls and order, but it's all concrete floors and white walls. Boring right. This is were CSS comes in. Anything that you would hire a designer to come do at the building is what you would use CSS for in a webpage. If you want purple carpets and green wallpaper, bring in the CSS. Do not use the construction crew to do, since they will probably get it wrong. PS: The mouseover thing you were talking about, can be handled easily with CSS.

I'm sure there must be away, but again I know nothing about how to write the .htaccess file. I have looked up tutorials and whatnot, but they all seem to be written in gibberish. In my file I have the following: <Files .htaccess> deny from all </Files> I was wondering if I can apply this same principle to other files? Example: Exclude error_log Exclude /folder1/folder2/filename Exclude /folder1/folder2/folder3/ (all files) I have this at the beginning of my file, if it helps... Options +FollowSymLinks # DISALLOW includes to execute code Options +includesNOEXEC # DISALLOW peek into directories without an index file Options -Indexes RewriteEngine On RewriteBase / AddHandler application/x-httpd-php5s .php

I am getting a new error. This warning showed up after installing Zend Optimizer for PHP 5.2.x. PHP Warning: implode(): Invalid arguments passed Here is my code: $history = isset($_POST['history']) ? $_POST['history'] : ''; $history_list = implode(", ", $history); <tr> <td> <input type="checkbox" name="history[]" id="history22" value="Scarlet fever" <?php if (isset ($_POST['history']) && in_array ("Scarlet fever", $_POST['history'])) echo ' checked="checked"'; ?> /> <label for="history22">Scarlet fever</label> </td> <td> <input type="checkbox" name="history[]" id="history23" value="Psychiatric treatment" <?php if (isset ($_POST['history']) && in_array ("Psychiatric treatment", $_POST['history'])) echo ' checked="checked"'; ?> /> <label for="history23">Psychiatric treatment</label> </td> </tr> etc.etc. This error only occurs when there are no values in the array. Once a checkbox is checked the warning goes away.

Bingo. Exactly. Thanks.

Basically like networking? Connect the the client outlook programs into the server, download the calendars into the database. And execute php scripts from the database. Am I heading in the direction?

Hey, Is it possible to download the scheduling out of an Outlook Calendar and with the info taken from the calendar execute php scripts? IE: Person 1 schedules an appointment on 11/5/2009 at 5:00pm PHP script 1 downloads this appointment and executes php script 2 to send email to Person 1 regarding the scheduled appointment. Or something like that anyway. Is PHP good or maybe javascript? Any ideas?

What you are asking for is SEO. Meta tags, as well as attributes names in img, links, etc all help with search engine ratings.

Took the advice. Implemented a robots.txt file. Will probably put something in the meta tags as well. But it's the weekend, heeehee can wait for work to start again monday.

But won't that make it so the files in that directory won't show?