Kryptix

How much work do you to stop CSRF? Like, I've made sure when changing passwords/e-mails (or anything related to account security) they have to confirm their own password so CSRF can't really do much. I've got a header referral check on everything but this is really easy to spoof so without putting hidden tokens in each form is there any easier way? I can't really be bothered and the worst thing they can do is get a user to post a spam post on my forum or something trivial. How far do you take it?

Is there a way to get what page included it? For example, if index.php includes header.php, how can header.php display 'index.php' automatically?

What's the best way to display when a page was last edited/modified?

It's causing my layout to mess up slightly and after 4 hours of messing around with it I still can't figure out why. In the end I've just ripped it out. Plus it's so difficult to read.

I want a really sleek captcha on my site that's easy to implement. Any ideas?

Thanks!

Can someone please give me 3 #COLOR codes for a pale green, yellow and red? I need them to be the same lightness and contrast so they all match each other in colour depth whilst being 3 different colours if that makes sense? I'm not sure how to calculate them so they're even.

Hi, I have this JavaScript/jQuery regex: var username_regex = /^[A-Za-z0-9 ]{2,12}$/; It's perfect except: I want it to return false if the username starts or ends with a space. I want it to turn false if there's more than 1 space in a row. Can anyone help me please? Cheers

Yeah it's the lack of parameter I'm talking about. Is using Apache's mod_rewrite the only way to do this? Is there no way to do it solely using PHP? What if you loop through all $_GET variables for example?

As title really... viewthead.php?385784 How does the ID relate? How do you use it? Can you give me a code snippet please?

So if I have the following columns in the users table: username password password_salt ident last_ip last_visit In the cookie if I store their ident hash and if their IP is different to the last_ip entry it simply logs everyone out by clearing the ident. When a user logs in successfully a new ident hash is generated and their IP is added as the last IP. If the user returns 2 weeks after the the last visit time it also logs everyone out by clearing the ident. Will that work OK?

Hi, For the last few years on my website I have been using FluxBB/PunBB's login script which basically just stores a cookie with their user ID and their password hash. This is fine except if the database got leaked anyone can login as anyone else providing they have their hash. I'm trying to be more secure about this now. Can someone explain a better process to me please? I was thinking of storing sessions with a unique hash in an 'active_sessions' table and providing they have a cookie with that hash they are granted that session? If someone uses a different IP to what that session was created with it's deleted? I'm new to all of this so any advice would be great. I want this to be secure.

Which would be better to use in your opinion?

So I have a friend system, it's just a table with 2 columns: user (int), friend (int) Now it currently has over 2 million rows and seems pretty pointless having a row per entry because the data doesn't need to be searched in any way. The data doesn't need to be joined or anything. I'm considering adding a new column to the users table called 'friends' and just store the data like: <FRIEND ID>;<FRIEND ID>;<FRIEND ID>;<FRIEND ID>;<FRIEND ID>;<FRIEND ID>;<FRIEND ID>; Is this a bad idea? Which would use less disc space and/or be more efficient? When you login to the game all it currently does is: result = db.getQuery("SELECT * FROM `friends` WHERE `user`= '" + userID + "'"); while (result.next()) player.addFriend(result.getInt("friend")); So instead of that I'd just use Java's equivalent of PHP's explode() looping through the ID's and adding them. If there's no problem in doing this, which data type is the best to use for this kind of stuff? As I said there's literally no other usage, I will never need to use the friend system for anything else except from the above code.

I'm doing all those too but on a large site I'm sure the names add up to a few kB of data. If I can cope with using singular letter names there's no negatives in doing so, right?

So when trying to make websites fast, surely using short names for classes and what not is better than using long names? So like instead of having a class called "right_container_column" it's best to just use a single letter? Am I thinking right?

Thanks, that's really helpful. So I'm including it from Google Code which is fine, and I'm also including a JS file with all my own JS in it. Is it best to merge these to one file and min it or should I keep them separate? Is there a way to compress HTML/CSS/JS on the fly using PHP? Is that a bad idea? If it's a bad idea, is there any programs to minify instantly and like un-minify for dev?

I'm using this to check username's are valid (letters, numbers and spaces): if (!preg_match("/^[a-zA-Z0-9 ]+$/", $username)) However, people can use names like "Hello 4" (5 spaces in a row). How would I eliminate this? Is it best to just replace the 5 spaces with 1 or would that confuse users? Is it best to just throw an error up? Can someone change the regex above to fix it or is it more complicated than that?

Is there a program or anything that will go through a CSS file and tidy it up? Like, I think I've added stuff that isn't needed or could be done with less code. Is this a manual process or does anyone know of a way?

I want to use jQuery for a few things like centring and popping up an alert box div and possibly a date picker but I hate the idea of having to include lots of different files. Is there a way to include the absolute bare minimum? I'm trying to avoid using jQuery just because of how big the files are to include.

I am, and I usually do that, but I'm trying to make the website as fast and efficiently as possible with the least amount of code, I'd much sooner use a list to auto add numbers to the list, but wasn't sure how I could incorporate that into a table. Could I not just put a <span>post count</span> inside the <li> and float it to the right or should I definitely be using a table?

Only the bottom one did but thanks!

I'd like to still use <ul> so I can have a number next to each top poster, I'm not sure how I'd incorporate that into a table with 2 columns (one for their rank and name and one for their post count)?

Alright thanks guys.

I have a <div> that's 250px wide and inside that I want to display the top forum posters like: 1. User 3,298 2. Another User 2,385 ...etc I want their post count to be centred right and I want the rest to he centred left. Is this possible to do somehow just using a <ul> <li>? If not, what's the best/sleekest way to do it using the least code as possible? Cheers