ttocskcaj

Try using a template engine instead of using php as your template engine. http://www.smarty.net/ http://twig.sensiolabs.org/ They help separate the HTML from your code, and allow an easy way to have variables in your HTML (Templates). They will also help with XSS problems.

Just a note, redirecting to a different site for a mobile device is kind of old fashioned now. Have you looked at things like Bootstrap, that help you have one site that scales to any device?

This package is quite good for hashing passwords and checking them. http://www.openwall.com/phpass/

Can a few people please check this registration/login page for SQL injection or any other vulnerabilities please? http://dev.minecms.org/account/register http://dev.minecms.org/account/login Link to profile: http://dev.minecms.org/phpfreaks.txt

Sorry, that was just a typo. It should read: $stmt = $db->prepare("SELECT * FROM `?` WHERE `?` = '?'"); which still doesn't work. Also the $by and $value get checked before that code.

I'm new to using PDO and prepared statements. I have the following code: $db = MineCMS::get()->getDatabase(); $stmt = $db->prepare("SELECT * FROM `` WHERE `?` = '?'"); $result = $stmt->execute(array($db->prefix('servers'),$by,$value)); $row = $result->fetch(); Where $db is an instance of PDO. It returns the following error: SQLSTATE[HY093]: Invalid parameter number: number of bound variables does not match number of tokens What am I doing wrong?

Can't see any Javascript errors on chrome or firefox. The HTML is simply not there for the tables.

A while ago, phpMyAdmin stopped showing the tables to enter data in when you try insert a row. I've tried updating phpMyAdmin and that had no effect. Normal MySQL usage works just fine. PHP 5.3.1 MySQL 5.1.44 phpMyAdmin 3.5.1 Any ideas?

You were right. SELinux was blocking apache from network access. Running this command fixed it. # /usr/sbin/setsebool -P httpd_can_network_connect 1

$url = "http://113.21.224.170:20059/api/call?method=runConsoleCommand&args=%5B%22manuadd%20Jack%20Admin%22%5D&key=XXXX"; $h = fopen($url,'r');

How would file permissions come into it? I'm talking about opening a URL. I'll try that kicken

I'm trying to open a URL using fopen() and I keep getting this error: Failed to open stream: Permission denied I can not work out what is wrong, it's not a firewall as far as I can tell.

Weird. I thought I already tried that :s But thanks. It worked.

I'm trying to create styles/HTML for a news feed (similar to what you see on facebook etc). Here is the code that I have at the moment: #feed-list{ margin-top: 20px; } .feed-item{ display: block; } .feed-image{ width: 48px; height: 48px; display:inline; } .feed-user{ margin-right: 170px; font-size: 18px; line-height: 1.5em; text-decoration: none; color:#363636; } <ul id="feed-list"> <li class="feed-item"> <img class="feed-image" src="img/dummies/avatar.jpg" /> <div class="feed-content"> <h6 class="feed-user">ttocskcaj</h6> <span class="feed-text">New Topic: <a href="#">My awesome post!</a></span> </div> </li> </ul> This creates this: But what I want is this (The text is in line with the image). Any ideas?

Thanks I also just learnt that returning false in a function will stop its default action?

I'm using jQuery and HTML5 to try and create an AJAX navigation. I have the navigation in standard <a> tags like so: <a id="forums" href="{url route="forums"}">Forums</a> When JS is enabled on the browser, I don't want the browser to follow the link, but rather have AJAX take care of it (The AJAX part works fine). What I'm stuck on, is disabling the default behavior of the link. I've tried using preventDefault(), but it seems to have no effect?? Here's the code that handles the PushState/AJAX stuff. $(document).ready(function() { $('a#home').click(function(){ preventDefault() history.pushState({state:'new'},'Home','{$baseaddress}'); readurlstate(); }); $('a#forums').click(function(){ preventDefault() history.pushState({state:'new'},'Forums','{$baseaddress}forums/'); readurlstate(); }); $('a#account').click(function(){ preventDefault() history.pushState({state:'new'},'Account','{$baseaddress}account/'); readurlstate(); }); }); function readurlstate() { $("#content").html('<p>Loading...</p>'); $.ajax({ url: document.location.href }).done(function( html ) { $("#content").hide().html(html).fadeIn("fast"); }); };

Yea, I had a closer look at the logs, and removed the bad stuff. I believe it was XSS. I'm just more curious what those two strings do?

Our admin panel for a gaming community was recently hit by a successful MySQL injection attack. Here are the parameters they entered into forms to gain access. ${99319+100354} <?xml version="1.0" encoding="utf-8"?> <!DOCTYPE acunetix [ <!ENTITY acunetixent SYSTEM "http://testphp.vulnweb.com/dot.gif"> ]> <xxx>&acunetixent;</xxx> Not sure which one worked, or how they even managed to POST to that page. But how do these two strings work? What do they do?

I don't know anything about linking tables. But in my original code, just edit the foreach loop where it breaks on not finding any rows. These are the classes that have no discount, so just add the un discounted prices to the total there. // NOTE We have to define grand_total here because we're using it earlier. So remove the old $grand_total = 0. $grand_total = 0 foreach ($selected_classes as $class => $quantity) { $result = mysql_query("SELECT * FROM `active_discounts` WHERE `code` = '{$discount_code} AND `class_id` = '{$class}'"); if (mysql_num_rows($result) > 0) { $discount_row = mysql_fetch_assoc($result); $discount_type = $discount_row['type']; $discount_value = $discount_row['value']; $discount_name = $discount_row['name']; $result = mysql_query("SELECT * FROM `classes` WHERE `id` = '{$class}'"); $class_row = mysql_fetch_assoc($result); $class_name = $class_row['name']; $class_cost = $class_row['cost']; $classes[$class]['name'] = $class_name; $classes[$class]['cost'] = $class_cost; $classes[$class]['discount_name'] = $discount_name; $classes[$class]['discount_type'] = $discount_type; $classes[$class]['discount_value'] = $discount_value; $classes[$class]['quantity'] = $quanity; } else{ $result = mysql_query('SELECT * FROM `classes` WHERE `id` = '$class'); if (mysql_num_rows($result) > 0){ $row = mysql_fetch_assoc($result); $grand_total += $row['cost'] * $quantity; } else { // The class doesn't exist } } } Or something like that..

This is how I would do what I think you're trying to achieve: Database 3 tables: classes discounts active_discounts classes would be contain all the possible classes a person can choose. ID - Auto Incremented ID Name - The name of the class. Cost - The original cost. discounts would contain all of the possible discounts that can be applied to a class. ID - Auto Incremented ID Name - Display name of discount Code - The discount code Value - The value of the discount. Type - The type of discount (Percentage, Discount of each item, Discount off total) I'm going to assume here, that only one discount can be used at one time. (So someone can't get a discount off one class, and then another discount off the total) active_discounts would link the discounts to class table. ID - Auto Incremented ID. class_id - The ID of the class to apply the discount to. discount_id - The ID of the discount to apply. Now when someone submits the form, the PHP would be like this: <?php $discount_code = "irish"; //The discount code, if entered. $selected_classes = array(56 => 1, 52 => 2); //How many of each class was selected. class_id => quantity // We'll build an array with information about each class, and what discount it can get. $classes = array(); foreach ($selected_classes as $class => $quantity) { $result = mysql_query("SELECT * FROM `active_discounts` WHERE `code` = '{$discount_code} AND `class_id` = '{$class}'"); if (mysql_num_rows($result) > 0) { $discount_row = mysql_fetch_assoc($result); $discount_type = $discount_row['type']; $discount_value = $discount_row['value']; $discount_name = $discount_row['name']; $result = mysql_query("SELECT * FROM `classes` WHERE `id` = '{$class}'"); $class_row = mysql_fetch_assoc($result); $class_name = $class_row['name']; $class_cost = $class_row['cost']; $classes[$class]['name'] = $class_name; $classes[$class]['cost'] = $class_cost; $classes[$class]['discount_name'] = $discount_name; $classes[$class]['discount_type'] = $discount_type; $classes[$class]['discount_value'] = $discount_value; $classes[$class]['quantity'] = $quanity; } else break; } // We'll set some constants, to make the code more readible. define("OFF_TOTAL", 1); define("OFF_INDIVIDUAL", 2); define("PERC_TOTAL", 3); define("PERC_INDIVIDUAL", 4); // Now we loop through each class and take off any valid discounts $grand_total = 0; foreach ($classes as &$class) { if ($class['discount_type'] == OFF_INDIVIDUAL) { $total = $class['cost'] * $class['quantity']; $discount = $class['quanity'] * $class['discount_value']; $total = $total - $discount; $gand_total += $total; } if ($class['discount_type'] == PERC_INDIVIDUAL) { $total = $class['cost'] * $class['quantity']; $discount = ($class['value'] / 100) * $class['cost']; $total = $total - $discount; $gand_total += $total; } if ($class['discount_type'] == OFF_TOTAL) { $gand_total += $class['cost'] * $class['quantity']; $discount_type = OFF_TOTAL; $discount_value = $class['discount_value']; } if ($class['discount_type'] == PERC_TOTAL) { $gand_total += $class['cost'] * $class['quantity']; $discount_type = PERC_TOTAL; $discount = ($class['value'] / 100) * $class['cost']; } } if($discount_type == PERC_TOTAL){ $discount = ($discount_value / 100) * $grand_total; $grand_total = $grand_total - $discount; } if($discount_type == OFF_TOTAL){ $grand_total = $grand_total - $discount_value; }

I'm not too sure what you're asking? Do you wanna be able to provide a different discount on each item, and then total the discounted values? If you have an array of items, all with 30% off, you can just total the original price and take 30% off the total. You get the same result. If you have an array of items and want to take different percentages off each one, then use a foreach loop? foreach ($items as &$item){ $item = $item['value'] * ((100-$item['discount'])/100) } Where $items is an array of items such as: array ("tennis_ball" => array("value" => 10, "discount"=>5), "baseball_bat" => array("value" => 50, "discount"=>25))

Yea, it would be used by the AJAX on the actual website as well. Through jQuery most likely.

A browser shouldn't really be accessing an API should it? They generally return JSON or XML and are made for computers to access.

The reason I'd want to have content on a 200 status is because some users may be only using the content and ignoring the status codes. I did realize there were PUT and DELETE methods as well, however lots of web apps I've looked at use only GET or only POST, and still claim to be RESTful.

Thanks. I might not use it directly, but I will look at their code for inspiration. It's a very nice website as well haha.