Jump to content


  • Posts

  • Joined

  • Last visited

Posts posted by LLLLLLL

  1. I have requirements from a client for a code repository, or just a file repository, and I'm not sure that I can find one that matches. Here's what's needed:


    1. A way to upload files directly, either with FTP or via browser. No git commands, etc.
    2. A way to search those files (filenames and text within files) from the browser
    3. A way to compare files (preferably between two folder roots and including all subfolders/files) from the browser

    I think that's it. A bonus would be to upload a zip and be able to unzip it on the server, but that seems like a stretch.


    Does something like this exist?

  2. FWIW: I've found that the easiest way to make the code clean when mixing HTML and PHP is to keep the entire page in PHP and echo the output at the bottom:

    // includes, sessions, etc.
    // some logic here. call functions, db, set variables, etc.
    $a = some text result;
    $b = some other div or something;
    $c = blah blah;
    echo '
      <div>This is the greatest website ever because ' . $a . ' and yada. ' . $b . '</div>
      <div>Some text div</div>
      ' . $c . '

    For me, it makes things much easier to read because there's just one HTML blob. The downside of this of course is inserting all the strings into the blob. The alternative is similar, where you get all the variables at the top and then put raw HTML below the closing PHP, with some <?php echo $a ?> type tags in that. Of course if you're actually using includes as you displayed then using variables isn't as helpful.

  3. Jacques and mac_gyver, as I stated that's the query that WOULD run but the code checks that the $_GET is an int. If it's not, the query doesn't run.


    I guess I just don't know what is trying to be accomplished by this, had it executed...

    WHERE p.id = 139\' and benchmark(20000000,sha1(1))-- 


    ... just an attempt to slowdown the server?


    Jacques, since you didn't read the post that said the query didn't execute, your "I'm smarter than thou" remarks are really, really unwarranted. My gosh, this isn't the first time you've liked to show your arrogance on here. Calm down.


    This application has been PCI-compliant and is tested monthly. It always passes compliance for injection and other hacks. I should have worded the topic better but the question was really... what does someone gain with this type of hack?

  4. (I'm putting this in PHP since it's not a question specific to MySQL or other DB stuff.)


    I have a page that uses the GET id to find a product. GET variables are sanitized, and the SQL string is escaped even though it's expecting a number only. So the code seems safe to me. I'm getting some error_log results that appear to be hack attempts: 


    p.*, t.id as blah
    FROM some_table p
    left outer join some_other_table t
    on p.id = t.product_id
    WHERE p.id = 139\' and benchmark(20000000,sha1(1))-- 
    Should I be worried about something like this? Anything more (or less) that I should be doing?
  5. kicken said:




    Caching them in a file you can include, or into some shared cache would be better as you're then not wasting space storing a separate copy of all the translation strings for each visitor.


    And yes, that was the whole point of the thread. How can I implement a shared cache?


    I think the answer is that there's no good answer in PHP. Not for what I want; things in C# cache easier because of the architecture (services running that hold stuff in memory). I can't use things like MemCache because some of this would be too tricky for an average user to set up on their server. That's why I was hoping there was a way to add to $_SERVER or something like that. Something universal.


    The solutions like "read from a file" really don't apply to what I need. I have objects, arrays, other things that are eventually loaded. I just wish could load them once, not once per user, to reduce some DB calls. That's all.

  6. This post was not about my specific string caching. When asked what's being cached, I replied A bunch of application-specific stuff. There are all sorts of things that are loaded the first time they are needed. Display Preferences, Checkout Preferences, Shipping Preferences, etc. There's little performance problem with the strings (under .4 seconds, it turns out) and I don't know why you're trying to dissect an application that you know nothing about, when his wasn't my question in the first place.


    Basically, I'm trying to reduce some DB calls (with what I mentioned, there are four calls the first time, if all those things are needed on a page) by finding a caching layer.


    My question was about caching arrays of things in $_SERVER or something that's not $_SESSION. "Don't want to get my hands dirty"? Thanks for the insult.

  7. Thousands of strings?  And how do you make sure that they are current?  What happens when visitor A arrives and the current set of the strings is read and stored.  Every body after that sees the same data.  But what about when you must alter some strings - how do the users see that updated info without you destroying the current copy of the settings?


    Really?  "Thousands of strings"?  And you don't have a paid consultant working on this design for you?


    I should clarify that it's hundreds of strings, but with multiple languages. So there are like 600 identifiers, for example "General.Cancel" represents the text "Cancel" in English, and whatever its counterpart in Russian, French, German, Chinese, etc. So it's thousands once all the languages are considered.


    I'm not sure why you're asking about altering strings; you just update the cache as you would with any application, simple stuff. Not sure why I'd need to pay someone to work on something here. This design has been tried and tested in global POS applications for years with no issues.


    I guess the bottom line is that I'll keep loading these and storing them in the session. It's only 600 rows. I was just hoping to load them once.

  8. I think you're misunderstanding my intention. When visitor A comes to the site, the session for that visitor loads up all the strings from the DB and stores them. No more DB calls for visitor A. When visitor B comes to the site, another DB call and storage in session. Visitor C, so on and so forth.


    But there are thousands of strings, and the load time isn't terribly slow but it could be faster. Why can't I...

    1. When visitor A comes, load the stuff from the DB and then store in $_SERVER or whatever
    2. Visitors B and C will read from that same cache

    It doesn't seem necessary to store things per-session if there's something more global that would cut down that time. But where is that storage?

  9. What's the best way to cache things on the server? I've found some SetEnv things but this all seems to be a single key/value.


    I'd like to cache an array of things that I can access later. Right now it's cached in $_SESSION which is fine, but still there's overhead on every first-time visitor to a site. Is there a way to add something to $_SERVER or elsewhere that ALL visitors to a website will ultimately be able to access?


    I guess I want something like web.config in C#, where the first time a page is visited, the "app starts", as it were, and those things are now in cache on the server.


    What's the best way to do this?

  10. The situation is that I have a large string with some identifiers to say "replace me" with something else. My goal is to replace the values, but if one replacement includes one of the other keys, I don't want to replace it.


    For example:

    $str = 'some blob ~abc~ followed by ~def~';
    $arr_orig = array(
    $arr_new  = array(
    echo str_replace( $arr_orig, $arr_new, $str );

    This will echo:

    some blob valueblah followed by blah


    But that's not what I'm trying to accomplish. Basically, I want ~abc~ to be replaced with the literal: value~def~ and for the ~def~ that happens to be part of that string to NOT be replaced. I hope what I'm asking is clear. Basically, preg_replace/str_replace with arrays seems no different than just doing a FOR loop and replacing ~abc~ and then ~def~. But that's not what I need.


    I'm hoping that if ~abc~ is replaced with text that happens to be another identifier -- ~def~, ~xyz~, whatever -- that this already replaced text is not again replaced. Is there a built-in function to do something like this? If not, should I just parse the whole string and count characters or something? Seems like a pain (and slow!)

  11. First, most of the web requires javascript these days. Anyone trying to use this web app knows JS is required and they cannot do it without JS. So I'm fine leaving the login page as is. (And it's ridiculous to say he's surprised this works in any browser; it works in all browsers; it's simple, lightweight code.)


    As I described initially, I've wrapped the whole thing in a form tag. I've given all the inputs names. I've added a submit button. The form does return false... it doesn't matter. FF does see all these hacks and it recognizes it's a username/password form and prompts. Chrome, Safari, IE... they don't.

  12. No, I was looking for intelligent answers. StackExchange and some others have ideas but those don't work. I go to PHP Freaks to see who has actually used something that worked. Since you're unable to answer that question, your answers here are completely worthless. Please do not reply unless you can actually answer what was being asked

  13. I didn't include the code because I'm looking for what others have done. FWIW, here's the original AJAX-only code. As stated, I can make some alterations to get FF working (form tags, submit input, names on inputs) but other browsers don't work with that.

    		<script type="text/javascript">
    			function do_login() {
    				$( "a" ).text( "Logging in..." );
    				$( "#message" ).hide();
    				$( "a" ).addClass( "disabled_opacity" );
    				// send the request
    				$.post( "handlers/login.php", {
    					username : $( "#username" ).val(),
    					password : $( "#password" ).val()
    					}, function ( data ) {	
    						if ( data == 'true' ) {
    							window.location.href = "index.php";
    						restore_login( "Invalid username or password." );
    				.error( function() { 
    					restore_login( 'Error encountered.' );
    			function restore_login( text ) {
    				$( "a" ).text( "Log In" );
    				$( "#message" ).text( text );
    				$( "#message" ).show();	
    				$( "a" ).removeClass( "disabled_opacity" );
    			<div id="box">
    				<label for="username">Username:</label>
    				<input type="text" id="username">
    				<label for="password">Password:</label>
    				<input type="password" id="password">							
    				<a href="javascript:void(0);" onclick="do_login();">Log In</a>				
    				<div id="message"></div>
  14. I have a basic username/password form that uses AJAX to login:

    1. Submit the two values in an AJAX request
    2. If the values are correct, sets session variable for the user and returns success
    3. Client receives success and redirects to the start page.

    All of this is basic stuff, works fine. But now some customers say they want the form to remember passwords. I've done some basic work:

    • Added FORM tags around these input fields. Returns false
    • Gave the input fields NAME attributes

    This seems to make Firefox prompt to remember the password. But I'm having no luck with Chrome, IE, or Safari.


    I've googled extensively and there are basically two or three solutions, but I can't get anything to work on these other browsers. It's getting to be quite frustrating. I'm thinking of abandoning this AJAX form and just going to crappy old POST.


    What are you using for AJAX login pages? Are passwords remembered by the browser? How are you doing it?

  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.