Chips

Many thanks, just remember seeing it somewhere that it was, but cannot find any information about it. All done in https (forms located there as well) - so thanks for the response :)

no closing bracket on the else statement, no semi colon line termination after the second alert, and only short php tag used to return to php? Dunno if those are "bugs" per say, my javascript is shaky...

Is the data secure if you submit a form from http://myurl.com/form.php, with the action of the form submitting to https://myurl.com/validate.php? Just wondering if it's encrypted being sent to the https, or whether it needs to be [i]at[/i] https with the form.php page already (ie https://myurl.com/form.php) to make it secure. Any help would be much appreciated!

Is that secure? What i mean is that the form is located at http://url.com/form.html If it's submitted to, say, https://url.com/check.php - is the data sent encrypted from the form? Or would that form require being on a https:// server first? edited because I added lots of extra rubbish that was not necessary :D

[quote author=phil88 link=topic=102152.msg405480#msg405480 date=1154177295] Yes, I was going to use Sessions, but I have a question, how easily can they be modified by the user? I mean, would I need to run some sort of validation on them or could I just do a simple if(isset($_SESSION['logged_in']) to check if the user is logged in? (Assuming I set $_SESSION['logged_in'] when they log in) [/quote] I am also interested in this piece of information as well. Apart from "other people on a shared server could see your sessions" type issues, is there any other security risk? No session id's are passed in my urls ever... I just use a $_SESSION['level'] (holds their access leve) to reveal certain parts of a site (ie special downloads, special news, admin functions etc). Is that secure or can a user some way manipulate it. As usual, session_start() on each page, and then a check to see if they have the required level to see it. No cookies set afaik, just session variables. When browser closed, they are "logged out". Also, I didn't see a way to set a time limit on sessions like this - is there one? Or is it a php.ini alteration only? As far as I know to date it's secure, but with this topic tackling sessions and their security just now, I thought it would be a good idea to ask about it as well :)

[quote][code]if ($sold_for = "all") { $sold_for = $user_logged_in; [/code][/quote] The sold_for = that's assignment, NOT equality checking. Use a double == [code] ($sold_for == "all") [/code]

I am wondering if there is a way to register whether a download has been completed or not when done by using headers. For example, I don't want to register the click of a "download" button - but to register if the download has been completed successfully. Just wondering if this is at all possible or not? If it is, does anyone have an idea as to where I should start looking? Download script is the standard type as found on www.php.net: http://uk2.php.net/manual/en/function.header.php Hope someone can help me out here :)

Is it something to do with padding and spacing/margins? In one browser padding or spacing is included in the overall width (ie, you say padding=20 and width=800, then your width = 800 with 20 padding inside of it. In the other browser, you say padding=20 and width=800, then you actually have 820 - 20 padding on the outside). Not sure which is what, but essentially i'd say one of your divs is too wide for the overall width. It has also happened to me when two divs add up to their containing divs width too.. ie if a pair of divs are (for arguements sake) width 120 and width 380 - and your overall width is 500 with those two divs nested inside, then you may see one [i]above[/i] the other instead of floating side by side. narrow down a few divs or so, and see if it fixes itself (or similiar). I am pretty sure that's your problem, I'm just bad at explaining things, and haven't got time to trawl through it carefully enough to try and spot it :D

This part: [quote author=maziagha link=topic=101742.msg402891#msg402891 date=1153778936][code] <form method="post">[/code] [/quote] Why not make it have the action in there as usual? action="filename.php" [code] <form method="post" action="filename.php"> [/code] [quote author=maziagha link=topic=101742.msg402891#msg402891 date=1153778936] [code]<input type="submit" name="btnAddToCart" value="Add To Cart &gt;" onClick="window.location.href='<?php echo $cart_url; ?>';" class="addToCartButton"> </form> [/code] [/quote] I'd go with the action="value.php" instead, and you can add variables to this too: [code] <form name="formyform" method="post" action="index.php?id=<?php echo $cart_id?>"> [/code]

[quote author=craygo link=topic=101715.msg402763#msg402763 date=1153765151] also this line [code]if(filesize($datafil) > 0){[/code] should be this [code]if(filesize($datafil > 0)){[/code] [/quote] I disagree there, you're asking if the filesize is greater than zero - you have it right - so dont' change it. I'd personally look here first: [code]if($pass == $passr){       $date = "$month$day$year"; [/code] Should this not be: [code] $date = $month . $day . $year; [/code] It looks like string concatenation to me, at which point - you should concatenate them (my spelling is bad, i know). This [code] $location = "http://www.closertohim.co.uk/folder/folder/" .$date;[/code] looks fine to me again, concatenating the date to the end of that url and storing it in teh variable $location. Does it exist though? If you stick the date on, does that file exist? a file by the name of: http://www.closertohim.co.uk/folder/folder/05062006 or something - where is the extension to this file? I would look at these two places first, and then see how you get on from there.

Both would be queries from your database - for member list: [code] <table width="800" border="0" cellpadding="1" cellspacing="1"> <tr><th>Username</th><th>Other heading</th><th>Another one</th> </tr> <?php $query = mysql_query("SELECT * from USERDATABASE"); // of course can do order by etc here, limit - whatever. while($rows = mysql_fetch_array($query, MYSQL_ASSOC)){ echo "<tr><td>" . $rows['username'] . "</td><td> " . $rows['fieldhere'] . "</td><td>" . $rows['fieldname'] ."</td></tr>"; } ?> </table> [/code] That would list out all the members in the database via your query, outputting a row in a table for every row returned by the query. It could, of course, get rather long... so you could do a limit in the query, to only return say results 0 - 20. A link at the bottom of the page (if there were more than 20 results) could include the values of your limit for the next results - 21 - 40, self propogating through pages, using the same code as above - but just with different limit values. As for editing the users profile, that would require checking whom they are. You have a login method, so obviously you set cookies or sessions - by which I guess you can ID whom they are. Using that method of ID, you could set up a page which gets their ID from their session/cookie (for instance, when they login you store their unique ID from the database perhaps in a session variable) which can be used to get their details. [code] $query = mysql_query("SELECT * from USERDATABASE where userId = " . $_SESSION['userId']); if(mysql_num_rows($query) > 0){ //match found displayForm($query); } else { //some form of redirect of disallowed message } function displayForm($query){ $array = mysql_fetch_array($query, MYSQL_ASSOC); //now put in your form details ?> <table width="800" cellpadding="1" cellspacing="0"> <form name="updateform" method="post" action="whatever.php"> <tr><td> Name: <input type="text" value="<?php echo $array['name']; ?>" name="name" /> </td></tr> <tr><td> Email: <input type="text" value="<?php echo $array['email']; ?>" name="email" /> </td></tr> <tr><td> <input type="hidden" value="<?php echo $_SESSION['userId']; ?>" name="id" /> <input type="submit" value="submit" name="submit" /> </td></tr> </form> </table> <?php } [/code] Obviously you can submit to where-ever, where you can check their variables have been entered and then update them into the database (escaping them for characters with mysql_real_escape_string i think it is). I am sure some will point out flaws/issues with my code, but that's because I am fairly new to all this and not aware of all the security details that I probabily should be. I hope that they can elaborate where needed, and also comment on better practices :) Hope this helps in the mean time ;)

Then you'll have to use an absolute path to the images instead: [code] <img src="http://www.servername.com/path/to/images/image.jpg" /> [/code]

location of top.php = root/ location of body.php = root/nextfolder/ Then your include is right: include '../top.php'; So i'd look at your top.php code, and find out where it's pointing to the images! If you direct your browser to top.php, does it display all images correctly? If so, then that maybe your problem! It is the image path relative to the body.php path, and NOT the top.php path ;)

Fixed, appears to be an issue with a password protected directory. Running this script to download a file that is not located inside the directory works. I am having an issue, that I cannot seem to resolve! Essentially, click on the downloads link and it all comes up with the open/save prompt. If you download any of the files, though, it says it's corrupted? My max filesize in php.ini IS big enough to cope by far (test files range from 25kb to 655kb, and the max size is 2Mb!), and I am using firefox. [code]$array = mysql_fetch_array($query, MYSQL_ASSOC);                   $file = $_SERVER['DOCUMENT_ROOT'] . '/newsite/' . $array['download'];                   header('Cache-Control: no-store, no-cache, must-revalidate');   header('Cache-Control: post-check=0, pre-check=0', FALSE);       header('Pragma: no-cache');                   header('Content-Description: File Transfer');   header('Content-Type: octet-stream');                   header('Content-Type: application/force-download');                   header('Content-Length: ' . filesize($file));                   header('Content-Disposition: attachment; filename=' . basename($file));   header("Content-Transfer-Encoding: binary");                   readfile($file); [/code] Now the document root isn't an issue, if i comment out the headers and just do [code] echo $file; [/code] then it shows the correct root path for the server to the file. When you download, it does prompt with the right filename etc, and when downloaded - it's the right size too. Error messages are (zip file being used, contents are 5 php files). [quote] The archive is either in unknown format, or damaged[/quote] or if you double click instead of using "extract here", it will open the extract window and say: [quote]Unexpected end of archive[/quote], but shows the files and their sizes okay. Anyone have any ideas as to what I am doing wrong/spot the bug that I am having? Help would be much appreciated, downloads are integral to the site i have created, and everything else is working just fine :( Supposed to present either later today, or tomorrow - and would really like to remove the last few bugs. If I use a pdf file to download instead, i get the following message: "... could not open the file because it is either not supported file type or because the file has been damaged (for example it was sent as an email attachment and wasn't correctly decoded)" That is when trying to open the acrobat pdf file with the reader :(

Tis weird how your first two posts are only in this thread, and only criticising those who have attempted to help as well as anyone else. Remember that no-one gets paid to help here, it's all people volunteering up their free time to try and solve others issues, just because they are nice enough to care/bother. I try my best with my very limited knowledge, but no-one can read every single topic and comment/help out - there isn't time in the day, and they all have jobs to work at too (bit like myself). They pick topics by the title/name I would imagine, and then may attempt to help. I only read a few threads per day, ones where I feel i may know what is being talked about - others may target threads that get no replies... As it is, I would imagine the lack of response to the thread is due to the actual thread creator not updating/informing anyone about progress or further issues. For all you know, he may have posted this elsewhere as well, where they solved it. Anyone trying to sort this now could be wasting their time unless the original poster comes back and asks for further help as problems still exist. However, all that is by the by - I just really wanted to say that your attitude is pretty appalling, and wouldn't endeer me to help anyone who behaves like that. Is that really how you intended to get this guy help?