Hate

This. Also, this. http://www.userplane.com/docs/start Yeah, a friend is wanting this made for him so I'm trying to do this. userplan is javascript based for creating an actual IM program around it believe. I'm looking for something more php based. I noticed aim doesn't have their public api that you can register for anymore. Would it be possible to use some api from another chat client for aim? Pidgin, Trillian, Meebo?

Hello, I've recently embarked on a mission to create a php script that will be able to login to my aol instant messenger account and retrieve the list of my currently online friends. I've found a few outdated classes, but none of them are appearing to work. I was told to look into the dbus extension for php and use the pidgin interface, but this requires compiling and installing, which on a shared hosting package I cannot do. Is there any other ways that I could connect to aim and access this information without having to install extensions?

I wrote my current code. I tried swapping what ChristianF gave me, but it's not working.

I'm still confused. Could you explain a bit better? I learn from example.

I'm trying to parse html and get the usernames of people registered. I'm able to get most of the usernames, however there are a few usernames that have stars beside their names inside of the a tag which is throwing my expression off. Here's an example of what I mean: <a href="user.php?i=252341">Marssz3<img src="/images/i67.gif"></a> Here's my current code: preg_match_all('/<a href=\"user\.php\?i=.*">(.*?)<\/a>/ism', $row, $title How could I change my expression to ignore the "<img src="/images/i67.gif">" if it is present (not always present) and in this particular case grab the username "Marssz3" (though thats not static)

How is that going to help? The user can ascertain the encrypted key the same way they can get the unencrypted key and you have no way to determine on the server-side if that encrypted key was sent by the application or not. So, it doesn't matter if the user knows what the actual key is as long as they are sending the same information that the the desktop app would send. I can think of some alternative approaches that would make it somewhat more difficult, but none of them are foolproof and would only add more complexity (i.e. bugs) that really adds no value. Again, I really don't understand what you are trying to prevent. The statistics should be logged on the server based upon the requests from the client. And, as I stated previously, the services shouldn't care what or how the requests are sent only if the requests are valid or not. There are some $_SERVER vars that would identify the client-side app, but those can be easily be spoofed by someone who has gone to the trouble to find the key anyway. Could you share some of these alternative approaches that would make it a bit more difficult?

OK, let's recap. You do not want any user to be able to use any feature as often as they wish. There will be no manner of authenticating/identifying the user. You desktop app is using a "key", but from what it sounds like, you are only using that key to identify that the request is coming from the desktop app so you can prevent requests from being submitted in an alternative method. And your "problem" is that you don't want someone to identify that key and make submissions outside your windows app. So, my question to you is - what do you care how someone makes a request? You should already have the necessary validations/sanitizations in place to prevent problems. Many web-based apps are built such that anyone can build a custom front-end interface. You do say that you are worried about people "filling up your database". Couldn't they do that using the desktop app anyway? It is just as easy to create an automated script for the desktop app (if not easier) than it would be to create custom scripts for generating the requests independent of the desktop app. So, if your real concern is about someone sending too many requests you should still consider some way to limit the rate/number of requests per user within a given time frame - e.g. no more than 20 requests per minute or whatever you determine would be. You're following along correct. Basically, the user doesn't control the information stored in the database. It's statistics logging to better my application (which they completely agree to during the install), but I'm worried that someone will sniff the key and flood my database. There really can't be a limit enforced as there are requests coming every 1 to 50 seconds. Is it possible to encrypt my get requests from the application and have a special way to decrypt them from the php script? I know that's a confusing concept, but I hope you understand what I mean.

I want to access my php files within my windows application using web requests and I want the php files to store information inside of my database. The script should add anything I want to the database without a limit. There isn't any usernames or passwords or anything like that. It is simply a means to add content into the database. I planned on making it so the php script only access from a special user-agent and needs to have the correct key(password), but all of that could easily be sniffed and spoofed to make it seem like it was coming from my application.

I probably should of elaborated more. Within my application I want to be able to access remote php files on my web server and add content that way. To the normal user this would be secure and safe to do with simple web requests, but if an advanced user did any kind of sniffing they would be able to figure out my secret key since I'm doing basic GET requests. Here's an example url of what I mean: http://mysite.com/put.php?key=NSDF83NDSF35MDF&title=Hello If I were to use that inside of my win32 application it would be fine to the normal user since they don't know the key to access the script, but if an advanced user sniffed that url they could get the key and spam the link and flood my databases. Is there any way to prevent this?

Hello, I'm writing an application that will have to interact with my webserver and it will be using php to input data into the database and retrieve from as well. However, I'm not sure what is the best approach on securing my database from people sniffing while using my application. The only thing that I can do that is coming to mind is try to use a unique key as a password and have one of my GET vars be that password, but that is easily sniff-able. What can I do to secure my database and prevent people from filling up my databases if they sniff out my password key? Is there any kind of encryption I can use that will defeat this?

Hello, I'm trying to capture the red part of the url. The blue part of the URL I would like to be optional. Case should not matter. Should I have the "http://" part a second optional as well? Or should I put it with "www."? Ideally, I just need to ensure that it pulls the video title from that domain regardless of how they accessed the website. What would be the best possible way to achieve this with regex? Summarized: I just need whatever is after /videos/ but would ideally like to ensure that the domain is correct as well. http://www.cooltools.org/videos/how-to-style-menu/ Thanks.

I'm using the built in mysqli class. Yes, I've tested all of my variables before attempting to do the update. That's why I'm clueless. I know that not all of the values change when doing the update.. so I'm not sure if it's having trouble replacing one value with the same value. For example -- Let's say that the views and uploader change, but the comments doesn't change.. just the same value is passed back in to be updated. Would that be a problem?

Hello, I've never really used the update command before for mysql and I'm attempting to use it and struggling a little bit. I'm trying to use mysqli prepared statements.. here's the code that I have thus far: if($query = $database->connection->prepare("UPDATE videos SET comments=?, views=?, uploader=? WHERE title = ?")) { $query->bind_param('iiss', $comments, $views, $uploader, $title); $query->execute(); $result = $query->affected_rows; $query->close(); } For some reason I cannot get this working. I have created a modification page for the administrators to be able change any of the values and wanting to update the database to reflect the changes. When using the MySQL UPDATE command do all of the values have to get changed or modified, or am I able to pass back some of the same values? Like with the above code.. if I only wanted to update the views, would I still be able to just pass in the same values for comments and uploader and it would just replace the values?

hello?

Hi, I'm extremely new to using sockets, but I think I have pretty straight-forward questions. What exactly is a "buffer"? I see people use a buffer and set a number for it (assuming size of the buffer... I guess?), but what's a good number to set it at then?