someguy321

If I have a parameter that has a default value, how do I pass nothing such that it uses the default value? Passing NULL does not work. function test($to = "[email protected]", $from) { echo $to . "<BR>" . $from; } //This will NOT show "[email protected]" but instead an empty line test( NULL, "[email protected]" );

Yep, sorry about that! For anyone facing this issue: In any block, DECLARE must precede all other code.

I want to use PEAR if it's installed and the regular "mail()" function if not. But to check for PEAR being installed, I can't check for the class PEAR existing because I have to include "Mail.php" first. The problem is that even though this statement works perfectly: include_once "Mail.php"; This will ALWAYS be false: if ( file_exists( "Mail.php" ) ) ... So how do I check for PEAR? If I just include the file, it throws a warning error that I can't seem to catch in a try..catch.

I've got PHP setup on Ubuntu with MySQL. I've got sendmail installed but for some reason I can't get mail() to work. Does anyone have good guidelines for getting this setup properly?

I'm able to use PHP-ODBC to read the tables in an MDB file, as well as the column names on the tables. But when I try to read data from a particular table, it fails (I don't get an error, instead the browser pops up a message asking if I want to save the file "mdbtest.php" which is 0 bytes in size)! Any idea what's wrong? //THIS WORKS $conn = odbc_connect( 'TestDB', '', '' ); if ( !$conn) exit("Connection Failed: " . $conn); //STILL FINE HERE $sql = 'SELECT * FROM Customers'; //INCLUDING THIS LINE OF CODE CAUSES THE PROBLEM $rs = odbc_exec( $conn, $sql );

Well if it's bots, there is a limit on 5 attempts within a 15 minute period so I'd assume that would stop bots from constantly reattempting. But are you sure that even if it redirects to https (was started at http) that there's still a risk?

Right, but as I stated, I am using https. So are you saying it's ok then?

When users register for the site, it posts the form to an https version of the site. If there's any errors, it'll stay on the https and I show the form with the fields prefilled in with their inputs and the errors shown. My question is: is it safe to also refill the password field? Anyone here know the answer for sure?

Anyone have any suggestions?

I'm using MySQL 5.1.41-3 (with phpMyAdmin) and the below stored procedure throws a syntax error about the "DECLARE EXIT HANDLER" line. If I remove that, it goes through fine. (NOTE: I know this is a bad proc, it's just for testing) (I set the delimiter to //) DROP PROCEDURE `spTest`// CREATE DEFINER=`root`@`localhost` PROCEDURE `spTest` ( IN _name varchar(255), IN _age int ) BEGIN DECLARE statusCode int; DECLARE statusMessage varchar(255); SET statusCode = 0; SET statusMessage = 'OK'; #THIS THROWS SYNTAX ERROR! DECLARE EXIT HANDLER FOR SQLEXCEPTION BEGIN ROLLBACK; SELECT status as -1, statusMessage as "Unknown Error Occurred."; call cleanup( "exception handler called in spTest"); END; IF (SELECT name FROM Test WHERE name = _name) IS NOT NULL THEN SET statusMessage = "name already exists"; SET statusCode = 1; ELSEIF (SELECT age FROM Test WHERE age = _age) IS NOT NULL THEN SET statusMessage = "age already exists"; SET statusCode = 2; ELSE INSERT INTO Test (name, age) VALUES(_name, _age); END IF; SELECT statusCode as "status", statusMessage as "message"; END //

Sure, I understand, but my question is what makes an attempt? Simply a username? Or a username from a specific ip? For example, consider the following two cases: 1. Person at ip 192.168.1.100 tried to login to "fakeuser" 2. Person at ip 192.168.1.100 tried to login to "fakeuser" 3. Person at ip 192.168.1.95 tried to login to "fakeuser" Is this 3 attempts on "fakeuser"? Or is it two attempts by the first ip, and only 1 attempt by the second ip?

I want to limit the number of incorrect login attempts within a specified time period (e.g. 15 minutes). I'm wondering what I should tie those attempts to. e.g. If too many attempts from one ip address for a specific username, lock them out for 15 minutes? Or too many attempts from any ip address for a specific username? Or too many attempts for an ip address matched loosely (i.e. 255.255.255.0 matching) with a specific username? What's the best choice? Just too many attempts for a username? Or also use the ip address? And should I store the attempts in the session, or the DB?

Thank you very much for the great thoughts! That helps clarify things. I guess what I meant was, can ajax in http (and not https) ever be as secure as over https. I'm leaning towards "no," but I'm open to hearing ways it could be done. My fear is of the man in the middle attack.

I have a class "Login" that handles login, registration, checking if someone's logged in and authorization stuff. I would prefer to be able to instantiate this just once per session and then reuse that. however, I don't know if there's drawbacks to storing this object in the session. For example, will this lead to too much memory usage of the session object? Is it slow to keep retrieving an object from session? Would it be faster and better on the server to just re-instantiate and then destroy the object every page request?

That statement makes little sense. Can you explain that a little better? I don't see how it doesn't make sense. What I'm asking is: - Is this login method (with all the steps they suggest) truly secure? And I was remarking on how their method is over http, not over https but to me it still seems secure, but perhaps I'm missing something. If so, what am I missing?