Posts by cwarn23

I wouldn't miss either because i'm infront of a computer most of the day where I can get music via internet+itunes and if I need to make a phone call I can simply make a free sms (I think) message through gmail.

As for my favourite search engines, I use both Google and Yahoo! as just one of the two can never do the job alone. Also because the Yahoo! page takes so long to load up I tend to use google first (unless searching for code) then if I can't find it in google I try the find my answer in Yahoo! which has a better algorithm for my english.

Try the following:

<form action="search.php" method="POST">
Search: <input type="text" name="search" style="width:300px;">
<input type="submit" value="Search">
</form><?
if (@$_POST['search']==""){
echo "What are you doing?";
}
else{

$query = file_get_contents("http://www.google.com/search?q=".urlencode($_POST['search'])."&num=100&hl=en&ie=UTF-8&filter=2");

//needs to be added with more queries
$replace_array = array('/\n/','/<head>(.*)<\/head>/','/(.*)<div id=res>/','/<br clear=all>(.*)/','/(.*)\<h2 class\=hd\>Search Results\<\/h2\>/');
//pregraplacing unneeded parts
$results = preg_replace($replace_array, '', $query);
echo $results;
}
?>

Also you will need to use CSS to solve all of the styling.

I would suggest that if your very experienced in php then it is by far best to write your own starting from a template. The template I would recommend is the Microsoft PHP MSN Messenger Online Open Source Template. With this users can log into your chatroom using their regular msn details. Although the example for this template has a few bugs and it is written in oop, it is well worth it if your experienced enough.

However if you have limited experience in php then I would suggest to google for a fully working template that you can straight away embed into your website and make a few minor changes to.

Perhaps the following:

//get username
$username='Bill Gates';
//validate
$username=mysql_real_escape_string($username);
//set the sql query
$result=mysql_query('SELECT * FROM `table` WHERE `usercolumn`="'.$username.'"');
//check if it exists
if (mysql_num_rows($result)>0) {
    //it exists
    } else {
    //it does not exist
    }

On the right(Under C# FEATURES) I can select C# Code Snippets to get the list of previous posted snippets, but I just don't see where the dropdown menu is.

If you can select the C# Code Snippets from the drop down menu when you go to post a new topic in the C# forum then that means that your ready to post into the C# Code Snippets forum with that selected. And you should notice a code box plus a comment box unlike your regular singular comment box when that is selected.

ok then. But that is just what I read on google news when bing first came out.

Well first open the image file itself while on the server with the problem and it should say what line the bug is in. A possible bug is the imagecreatefromgif() file location being different and another possibility is the gd library not being installed.

The only other thing I can suggest is the following code:

setcookie('user','',0);

Generally to use php on a server you need to download apache and php itself. However if you plan to install apache and php on your local computer then it is by far easier to download wamp. A google search will find you wamp. Also note that there is xampp but the latest version is a bit buggy.

Try this:

setcookie('user','',(time()-(60*60*24)));

Also make sure that code is before any html output.

I just tested your .htaccess file and it works perfectly. All you need to do is just link to the .htm file instead of the .php file.

I say both. This video by family guy tv series shows it right from the big bang.

Try this:

$sql = 'INSERT INTO jow (jokes_id, date_added, date_end)'; 
			$sql .= ' VALUES(';
			$sql .= $jokes_id . ','  ; 
			//$sql .= '1545 ,';
			//$sql .= ', 5, ';
			$sql .=	' now(),'; 
			$sql .=	'"'.$next_monday.'"';
			$sql .=	',)';
			echo $sql . '<BR>';

According to your commented sql columns there was one last column left blank.

The only thing I can suggest is try commenting the two require functions which are directly below the while loop as the array $row might be over-written or something.

I'm not sure but it might be an idea to remove the [nc]
The [nc] stuff is for advanced users mainly. Also yes it does work but both ways will work. So basically if you link to the htm version then it should work just as well as if you link to the php version.

Try just before the while loop each of the following codes but will need to be done separatley:

die(mysql_num_rows($result));

$ddd=mysql_fetch_assoc($result);
echo '<xmp>';
print_r($ddd);
echo '</xmp>';

And let me know of the results of when each of those code are on line 33.

Do all your columns begin with products_ or is that your table name because you don't use your table name in the $row array.

Don't use Bing! Microsoft has put a word sensor on Bing and made deals with different goverments for what results should come first. That is where Bing got a lot of it's money from for setting up - the goverments decision to sensor what they want where they want.

Well I know there are 4 types of outputs for a function.

Array
Result
Object
String
[B].[/B]

Could you describe more of what your question is exactly because it's very brief.

I actually do understand what you're saying.

Let me give you an example of why you should not rely on the client hashing passwords for you, unless you can verify the integrity of the data transmitted.

Sever has a page, login.php
It has a Login form, and field, "password".
Server also sends some JavaScript that hashes password.

Server sends this to a client via a HTTP response:

An attacker has managed to take over the TCP session between the client, and server. Thus all HTTP requests are being proxied through their machine.

Attacker's machine has a script, that removes the javascript that hashes the password.

Client machine receives form, with no hashing. User does not realize that when they submit the form, they have sent a plain text password.

Attacker receives the plain-text password. Attacker encrypts the password with the algorithm expected by the server. Attacker forwards the HTTP request to the server.

The server does not realize that they have made the users password available to a remote attacker.

The reason TLS is able to keep the data safe, is that it ensures the integrity of the data. So an attacker cannot modify a HTTP request, nor should they be able to read it.

It is only this part of the situation that makes that possible.

Attacker forwards the HTTP request to the server.

If however the attacker enters the password into the webpage, then when javascript and php both encode the password, because javascript has encoded …

xan is right and the code for it is something like the below. First in your form add the following code:

<input type="hidden" value="" name="js" id="js">

Then to update its value in the javascript function use the following javascript:

<script>
document.getElementById("js").innerHTML="new value";
//or
document.getElementById("js").value="new value";
</script>

There is a tutorial on Ajax at the below link and post me the code I will try to do it for you.
http://www.tizag.com/ajaxTutorial/ajaxxmlhttprequest.php

Well if you want the page to refress every 15 seconds then there is nothing php can do about that. However you could use a mixture of Ajax and php for this job but Ajax is just like Javascript. Sorry if this isn't the answer you wanted.

Well the only thing is that the value javascript encodes isn't the value that's stored in the database. Php would have to change that value to something like a hash. Also as for the problem of javascript being disabled - perhaps Java or Flash would be a better language.

Using JavaScript to encrypt passwords is not something I'd recommend.

Well I think you mis-understood exactly what I meant. The process I was refering to was that javascript encodes the data first then php decodes it then php re-encodes the data.

I think you meant below the web root?

No because this way the user cannot access the file when apache is displaying the php code instead of html code. A rare problem but does happen. An example of including the files from above the web root:

include('/home/exampcom/phproot/file.php');

Where in that example the folder phproot is a directory with php files which is not in the web root to prevent any access at all.

In terms of online security, the only way a hacker can get into your site is a lack of proper coding practices. If the security is there, they won't get around it. Pretty much everything is preventable.

That's my final post for this thread. Its getting quite tiresome trying to get my point across.

I guess we do need to think outside the box and I've found that feature wise "Advanced Electron Forum" Forums seems to be able to do alot more than any other php forum. Only thing is that it must have mysql. A list of alternative php forums are as follows:

Advanced Electron Forum
bbPress
BeehiveForum
Elite Bulletin Board
FluxBB
Fudforum
HaveFnuBB
Mercury Board
MetaForum
miniBB
Monkey Boards
MyBB
MyUPB
NextBBS
NuclearBB
OvBB
PapyrusBB
Phorum
phpBB
punBB
Quicksliver Forums
SMF
TairoBB
Unclassified NewsBoard
Vanilla
Viscacha
Vistix
XMB
[B].[/B]

Im working on a project at present where i need to be able to upload a batch of apporx 400 files each week.

I hope it's not a windows server your using because when I attempted to create over 500,000 folders and subfolders with php, it crashed the external hardrive and had to be formatted. I would VERY strongly suggest to use a database instead as it will be faster and may even reduce the load on your server due to the file system lookup.

Try this:

<?
$string='Sign up for Facebook to connect with Jean Profession';
$word=explode(' ',$string);
$b=(count($word)-1);
$b=mt_rand (0,$b);
echo $word[$b];
?>

The reason why security patches are needed for any forum is because hackers are always finding new ways to get around the security. That is why Virus scanners and even Linix+Microsoft release so many patches for there software yet so many people still use Patched virus scanners and patched operating systems. Because hackers don't just stop at one piece of technology. They invent new technology to pass by newly created defence technology.

As KK states, security may be an issue with some packages,

A package is only as secure as you make it. So you could disable all security features and be hacked or you could download every possible security patch and never have to worry about security.

Wow, big bugs. Try the following:

<?php
//passed values from form
$category_id=$_POST['category_id'];
$make=$_POST['make'];

//Sanitize input values
$category_id=mysql_real_escape_string(stripslashes($_POST['category_id']));
$make=mysql_real_escape_string(stripslashes($_POST['make']));

//$result = mysql_query("SELECT * FROM products WHERE products_make ='$make'") or die(mysql_error());
//or
//$resultb = mysql_query("SELECT * FROM products WHERE products_make ='$make' AND products_category_id ='$category_id'") or die(mysql_error());
require('includes/header.php');// Include header

//setting user host and password values
$username = "**********";
$password = "******";
$hostname = "localhost"; 

//connection to the database
$dbhandle = mysql_connect($hostname, $username, $password)
 or die("Unable to connect to MySQL");
//echo "Connected to MySQL<br>";

//select a database to work with
$selected = mysql_select_db("Streetwise",$dbhandle)
  or die("Could not select Streetwise");

//execute the SQL query and return records
$result = mysql_query("SELECT * FROM products WHERE products_make ='$make'") or die(mysql_error());

//fetch tha data from the database

while ($row = mysql_fetch_assoc($result)) {
   
	require('includes/body.php');
	
	require('includes/vehicle_panel.php');
	// display the database output query
	echo '<div class="font">'.'<h3>'.$row['products_type']." ".$row['products_make']." ".$row['products_model']." ".$row['products_year'].'</h3>'.'</div>';
	echo "<h3>";
	//echo'<br>';
	echo '<div class="price" align="right">'.'<img src="images/odyssey/'.$row['products_Image'].'" alt="Car batteries" height="75" width="75" border="0" align="center">'."&nbsp; &nbsp; &nbsp; ".'</div>'."Price &pound;".$row['products_price']."&nbsp; &nbsp";
	echo "<br>";
	echo '<p>';
	echo '<br>';
	echo "<br>";
	echo "</h3>";
	echo '<form>';
	echo '<fieldset>';
	echo '<legend>Fitting Details </legend>';
	echo '<br>';
	echo '<div class="image" text-align="right">'.'<img src="images/'.$row['products_other1'].'" alt="Car batteries" height="90" width="100" border="0" align="right">'."</div>";
	echo '<br>';
	echo '<ul>';
	echo '<table>';
	echo '<tr>';
	echo '<td width="130">'.'<li>'."Weight".'</td>'.'<td width="100">'.$row['products_weight']."&nbsp;kg".'</li>'.'</td>';
	echo '</tr>';
	echo '<tr>';
	echo '<td width="130">'.'<li>'."Length".'</td>'.'<td width="100">'.$row['products_length']."mm".'</li>'.'</td>';
	echo '</tr>';
	echo '<tr>';
	echo '<td width="150">'.'<li>'."Width".'</td>'.'<td width="100">'.$row['products_width']."mm".'</li>'.'</td>';
	echo '</tr>';
	echo '<tr>';
	echo '<td width="150">'.'<li>'."Height".'</td>'.'<td width="100">'.$row['products_height']."mm".'</li>'.'</td>';
	echo '</tr>';
	echo '<tr>';
	echo '<td width="150">'.'<li>'."ah@20 hr rate".'</td>'.'<td width="100">'.$row['products_ah_20hr']."&nbsp;AMPS".'</li>'.'</td>';
	echo "</tr>";
	echo '<tr>';
	echo '<td width="150">'.'<li>'."S.A.E Cold Start".'</td>'.'<td width="100">'.$row['products_sae_cold_start']."&nbsp;AMPS ".'</li>'.'</td>';
	echo "</tr>";
	echo '<tr>';
	echo …

echo "<form action=http://www.romancart.com/cart.asp method=post>\n";
echo"<input type=\"hidden\" name=\"itemname\" value=\"$m_id\">";
echo'<input type= hidden name=returnurl value="http://217.146.126.103/passenger.php">';
echo"<input type=\"hidden\" name=\"price\" value=\"$p_id\">";
echo"<input type=\"hidden\" name=\"storeid\" value=\"45983\">";

The above quote should turn into the below code:

echo '<form action="http://www.romancart.com/cart.asp" method="post">'."\n";
echo '<input type="hidden" name="itemname" value="'.$m_id.'">';
echo '<input type="hidden" name="returnurl" value="http://217.146.126.103/passenger.php">';
echo '<input type="hidden" name="price" value="'.$p_id.'">';
echo '<input type="hidden" name="storeid" value="45983">';

You mentioned my previous post which is not resolved, any ideas for a solution.

What's the problem or is this solved?

In future please use code tags as this is not your first post. Also the following code should do the trick:

$category_id=mysql_real_escape_string(stripslashes($_POST['category_id']));
$make=mysql_real_escape_string(stripslashes($_POST['make']));
$result = mysql_query("SELECT * FROM products WHERE products_make ='$make'") or die(mysql_error());
//or
$resultb = mysql_query("SELECT * FROM products WHERE products_make ='$make' AND id ='$category_id'") or die(mysql_error());

In Ubuntu. ok. I found this problem when I first got a Virtual Private Server. The server had a different file structure than what my Ubuntu did. So try to browse around your server to make sure those are the locations for your servers Operating System. There seems to be two mains sorts of systems of sorting files from my experience.

bumpedy bump bump

So other than using the store procedure, what is your aim or your planned result your trying to achieve? Perhaps theres an easier way using php &/or mysql.

is it ok to put the stored procedure in the mysql_query()? i thought it will be put on the phpmyadmin,,execpt for the Call productpricing

I think it can be done both ways as they both do basically the same thing except phpmyadmin uses mutiple lines.

No error. That's because you didn't echo the exec function. Line 18 should be as follows:

echo exec($createBackup);

its ok darkagn,,im just confuse,,This thing drives me crazy..I tried to put this stored procedure on the phpmyadmin on the information schema/Routines but it cause error.

Could you say what the error message said. Also if you want to put it into the mysql_query() function you will need it as one long line like the following:

mysql_query('CREATE PROCEDURE productpricing() BEGIN SELECT Avg(columnname) AS priceaverage FROM tablename; END;');

Although I myself am new to this feature too that is how I interperate it.
PS. Although the above code may stretch to two lines to meant to be on one.

I based that on what I have seen in their code and what my job allows us to use. There are holes in the code that no configuration option can fix. Recently they have patched a lot of them, but if it was that flawed from the start, I wouldn't trust it. MyBB recently recoded their entire system to address these problems.

Pretty much use what you like, just do your research before installing something on your server.

By any chance did you download the beta version because sometime between a few months ago and a year ago version 3 was in beta. That could by the reason for the holes. Also other forums too including vBulletin have their own holes and why did you think the community has reported so many bugs with this new daniweb forum upgrade. Because no matter what you get it will still be bugged. And since phpBB is open source with plenty of documentation, it is one of the easiest to use and fix. There is no perfect forum script unless you write your own then other people will find bugs in your own code that you didn't even know about. So my advice is to stick to something easy and well documented and that describes phpbb.

Also, make sure that you never send unencrypted passwords via GET as they will be visible in the URL. There are also hacking tools which allow the retrieval of POST data, so watch out for that too.

Even better yet, use javascript to encrypt the passwords before sending it over $_POST. This way if the post data is hacked the data is still encrypted. This sort of hack attack can happen when a hacker attaches a device to a fiberoptic cable to scan data running past. Also as a security question, is there any security difference between the following two codes because a tutorial years ago told me there was but find hard to believe.

mysql_connect('localhost','root','password111');

//or

$host='localhost';
$user='root';
$pass='password111';
mysql_connect($host,$user,$pass);

Those are the two scripts but the tutorial (I forget where) says the second script should be more secure although I don't see how. And it was also said in the tutorial that it would be even more secure to place the variables in an include() file. Is that true or just a myth?

If you mean you want to store data in mysql/phpmyadmin then you will need to first open phpmyadmin. Then create a new database. In that new database create a new table. Then bingo php should be able to write into that table.

I would go with phpBB3. It's v. well supported by a massive community with many plug-ins/customizations and themes.
vBulletin isn't free as far as I know.

I agree and phpBB is only as secure as you make it. I mean there are tons of security options but if you disable too many for better convenience then that is when you have security issues. But why setup a forum when you can join an existing one - because you can. Moderating forums is no easy job for one person and lot's of bad things can happen in the few hours you don't watch. I know that because I tried setting up phpbb once with all security disabled and it was totally hacked with porn. Just a thing to be aware of.

Well first of all, welcome to daniweb. And on future posts can you please use code tags (I know its your first time so I undertand). As for the problem, you will need a second php file just for deleting the mysql entries. First your while loop would look something like this:

while($row = mysql_fetch_array($result))


{
echo "<div class='qwe'>";
echo $row['yazi'];
echo '<br>'
echo '<a href="delete.php?q='.$row['id'].'">Delete</a>'
//$row['id'] is your id field that makes each row unique
//and id may need to be change to the real name
echo "</div>";
}

Then delete.php

<?
mysql_query('DELETE * FROM `table` WHERE `id` = "'.mysql_real_escape_string($_GET['delete']).'"') or die(mysql_error());
//now redirect back
header('Location: http://www.yoursite.com/folder/index.php');
?>

But in that second code box, remember the replace `table` and `id` with the table name and the real column name.

I never said that get_browser was the best option. I would suggest using ajax and below is a sample code.

<? if ($_GET['js']!==1 && $_GET['js']!=='1') {
/*include javascript in these headers.
  however do not place any more after the body
  tag in this section. Contents of the body tag
  go after the php if statement below this text.*/
echo '
<html><head><title>Webpage Title</title></head>
<body id="bodyid" name="bodyid">
<script language="javascript" type="text/javascript">
<!-- 
var ajaxRequest;
try{
    ajaxRequest = new XMLHttpRequest();
} catch (e){
    try{
        ajaxRequest = new ActiveXObject("Msxml2.XMLHTTP");
    } catch (e) {
        try{
            ajaxRequest = new ActiveXObject("Microsoft.XMLHTTP");
        } catch (e){
        //do nothing
        }
    }
}
ajaxRequest.onreadystatechange = function(){
    if(ajaxRequest.readyState == 4){
        document.getElementById("bodyid").innerHTML = ajaxRequest.responseText;
        }
    }
ajaxRequest.open("GET", "test.php?js=1", true);
ajaxRequest.send(null); 
//-->
</script>
'; }
//above: initial header before body tag.

if ($_GET['js']==1 || $_GET['js']=='1') {
    echo 'this is the body of the page with javascript enabled.';
    } else {
    echo 'this is the body of the page with javascript disabled.';
    }
?>

But in that javascript be sure to replace the string test.php with the name of the file you saved as.

Well yes when receiving emails for what happened or output during a cron job via email, it is expected that html code will be displayed as plain text in the email. Also if you received an email about the cron job at the time you wish the success your complete. If however you did not receive an email there is a possibility that you needed to fill in the email field in simple mode of cron jobs section of the cpanel which by the looks of it you've already done.

Well $_GET is basically a url variable. So those variables you see in the url after the question mark can the retrieved with $_GET and are treated like regular variables. I hope that explained it. Perhaps a google search will help too.

Well first lets keep in mind the following command:

php /home/[B]????????[/B]/public_html/ad/view.php

Now where the question marks are you need to place in your cpanel username. So if for example to log into your admin you go to www.yoursite.com/cpanel then the username you place in that login box is what goes into the place of those question marks.

Those weard bolded symbols between the slashes is your cpanel login username. For example exampcom