Jump to content

Muddy_Funster

Members
  • Posts

    3,372
  • Joined

  • Last visited

  • Days Won

    18

Muddy_Funster last won the day on April 25 2017

Muddy_Funster had the most liked content!

Contact Methods

  • Website URL
    http://muddy-dev.blogspot.com

Profile Information

  • Gender
    Male

Muddy_Funster's Achievements

Regular Member

Regular Member (3/5)

99

Reputation

12

Community Answers

  1. CloudFlare could be worth a look.
  2. I agree, I don't think "what's the best" is an accurate question when it comes to code editors/IDE's. What is a feature to one group can be a pain in the backside for another. I don't think that there is a universal right answer, although there may be, I have used a pitiful number of applications to code in. I do like it simple myself, and have been prone to using PSPad for a number of yeas now. I drifted into using eclipse for a little while, but setting up workspaces and projects was too much of a pain in the backside after a while and I just gave up. I also couldn't be bothered with the load up time of starting eclipse every time I wanted to go in and do a bit of coding. I have just recently started using an IDE/editor called CodeLobster, and I have to say, I'm quite liking it. It doesn't suffer from PSpads single most infuriating habit of auto closing absolutely everything as soon as you open it. i.e. you type a double quote and instantly you have two on the page, one in front of the cursor, and one behind. It drives me nuts. Code Lobster also has an integrated debugger - which I haven't trued yet, but if you set up your webroot it lets you preview pages in a single click, without having to change window and hit f5. Like other environments it lets you change the color theme in as few as 4 clicks (choices include all the popular editors), offering a preview of how each theme looks on each type of code (CSS/PHP/HTML/etc.). All in, it's shaping up to be a pretty polished bit of software. The basic version is free with the option to spend a nominal amount to upgrade to lite or a bit more to get pro. I was going to go into the differences but read through it and it looked like a rather shameless advert, so I deleted it and I'll leave it there.
  3. Cool,I had no idea you would know so much about the project, but yeah, just do enough to get by and everything will be fine - great mantra. I don't think the question was anything to do with IP addresses, limited login atempts or telling end users what to do or how to do it, I'm pretty sure it was directed at the script provided. Great talk down though.
  4. Thanks for the blank sha1 is not much different than md5 in terms of they are both fairly dated algorthims which have been superceded. I did see a simple password hash using a combination of whirlpool and blowfish algorithms someplace...where was it....oh yeah, in my sig. just tweek the number for blowfish passes and the number of characters returned and it's job done, you can even use something other than whirlpool for the salt if you preffer, I only picked that one for the example because I liked the sound of it, it's not what I personaly use.
  5. and are you wantiing this done in the SQL or with the PHP?
  6. PHP is server side, it's run on the server, before it gets to the browser. Javascript is client side, it's run on the client machine and interacts directly with the browser. PHP can't call a javascript function because the function is on a page that hasn't been written at the time PHP is running. You would probably be best using an AJAX call to check the login and using a javascript window.location = on success. this will let you still use php for validation and should enable you to call your lighbox script on failure. On another note - I don't think auto loading the registration form on a failed login atempt is at all user friendly - people make mistakes with logins all the time, I know I'd be frustrated if I constantly got redirected to a registration form every time I done it, but most can tell the difference, when clearly presented with the options, between logging in and registering.
  7. Script security is a bit like religion - it meens more to some than it does to others and everyone has their own oppinion on what's right and wrong about it. From my point of view the biggest issues here are the use of MD5() is kind of dated, there are a lot of rainbow tables out for brute forcing it. Your not setting any advanced options on the cookie, so it could be carried accross browser sessions depending on the default setup and expose other parts of your site needlessly. And your script is running a select * against the users table, which, assides from being crap coding practice, meens that a packet sniffer watching your SQL server could get access to all the data recorded for that user - including the md5() version of the password. All you need to do is SELECT id FROM and SELECT token FROM, set some specific cookie options and I would probably include the HTTPOnly setting as well Do that and change your hashing algorithm to be somthing a little more advanced and it should be ok (assuming your sanitaziation and validation are sound that is). That's my opinion anyway, although it's seldome worth much.
  8. it would help (more than a little) if you gave some relevence to the second number set you want to get.
  9. so member_awards = member_id | ac1 | ac2 | ac3 | ac4 | ac5 | ac6 | ac7 | ... | ac20 | 1 | 1 | 0 | 1 | 0 | 1 | 1 | 1 | ... | 1 | and awards = award_id | award_description | ac1 | Biggest Muppet | ac2 | Worlds Best God | ac3 | Zealot of the Day | ... and you want to display 5 awards per member relating the column name from one table to the field value in another to display "Jim has recieved : award1, award20, award5, award6, award7". is that the basics of it?
  10. Why would you think to store dates as anything other than a date datatype? Best way to fix your problem is to fix your data.
  11. From what I read here: http://forumtopics.org/busobj/viewtopic.php?p=699540&sid=f419f6d2af088d5120d21f7908cc859d There is no way to link directly, but it can be done with a SOAP connection to a java web service
  12. lets tidy this up a little: $statement = "votes LEFT JOIN rants ON votes.rantid = rants.id WHERE vote = 'up' GROUP by rantid ORDER BY nrRatings DESC"; $query = mysql_query("SELECT votes.*, rants.*, COUNT(votes.*) AS nrRatings, DATE_FORMAT(rants.date, '%M %e, %Y, %l:%i%p') as newdate FROM {$statement} LIMIT {$startpoint} , {$limit}"); turns into: $sql = <<<SQL_BLOCK SELECT votes.*, rants.*, COUNT(votes.*) AS nrRatings, DATE_FORMAT(rants.date, '%M %e, %Y, %l:%i%p') as newdate FROM votes LEFT JOIN rants ON votes.rantid = rants.id WHERE vote = 'up' GROUP by rantid ORDER BY nrRatings DESC LIMIT $startpoint , $limit"; SQL_BLOCK; $query = mysql_query($sql) or die(mysql_error()."<br><br>Returned by Server when atempting to run the following query:<br>$sql"); not the use of the or die to capture the SQL error and return it to the screen. Also note I havn't actualy changed any of your SQL, only formated things a little differently so that when the error comes back you can see the SQL statement that was sent to the server as it was at that point.
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.