Posts by Will Gresham

This should work, but I have not tested it, just call deleteDir with the directory you want to remove.

<? 
function deleteDir($dir) { 
  if(is_dir($dir)) { 
    $dir_handle = opendir($dir);
    while($entry = readdir($dir)) { 
      if ($entry!= "." && $entry!= "..") { 
        unlink($entry); 
      } 
    }
  } 
  closedir($dir); 
  rmdir($dir);
}
?>

Cron jobs :)

http://www.adminschoice.com/docs/crontab.htm

seperate views from the actual code. -->Please explain here what you mean

Basically, when you code, you cannot do this:

<?php
// php code here
?>
<html tag="something">
<?php
// More php code
?>

You would need to have your logic (PHP) in a file when then returns values which you display in a separate file which also handles the layout/visual stull (HTML)

A template system like Smarty will help you do this as it makes it much harder to just add in random PHP.

2nd - Use a database class [Done]
, an application class, and a main class.--> Explain a little, please!

class user would handle ass user functions.
class database would handle database transactions.
You get the idea?

Hm, I think more alcohol is the last thing he needs :)

Yep, im a nighthawk. Sleep in the afternoon instead of the night so i can be up when guys over the pound are coming back from work.

Same here.. I spend most of the night on here :)

But then I work graveyard shift in a very quiet callcenter so I have plenty of time to be bored :)

I also have done some photography, although not recently.. some of it is still up at http://stuff.elvenblade.com/camera if anyone is interested.

the best solution is session..
because after a specified time the use automatically logged out so session is best option for security.

I am going to disagree with your reasons for using sessions over cookies, although Sessions are more secure in themselves:

This can also be done with Cookies, you can set the time they expire.
I assume you meant that they expire when the browser closes, but an auto timeout is not really required in most situations so can't really be used as the main point for using sessions..

The main advantage of sessions is that the session data is stored on the server, not on the client PC (Cookies store the data on the Client).
The only thing that is stored on the client is the session ID.

A database would be more secure.

If your PHP compiler stopped working for any reason, your PHP code yould be displayed as plain text, meaning that your password would be visible.

However, if you have it in a database and the compiler stops working, then the user will not see the Admin password. Although they would see the database connection information.

The best way would be in a database, and setup access hosts in your database to prevent anyone other than Localhost making a connection (Also, make sure your database user password is not the same as any other password you use, a string or random numbers/letters/symbols for example)

Post an example of the code you have already.

$q= "select * from supplier_report where report_value='" .$_SESSION['reportTotal']."'" "order by report_value desc";

Why do you have " " after the value?

This should be:

$q= "select * from supplier_report where report_value='" .$_SESSION['reportTotal']."' order by report_value desc";

Do you mean double as in it echos 1.15 or it displays 0.575 twice?

Why thanks :) I'll be getting this camera soon [link], I can't wait. Those pictures were taken with my awful Samsung S570, it will be nice to use a real camera for once.

That is an expensive camera :-O

Pics do look really good though :)

You only need one = on your mysql_connect statement.

URL Rewriting is what you want.

Your PHP script can stay the same, it can still get passed the Query String, all rewriting does is change how the user sees the URL in this case.

A Google of URL Rewrite will give you a multitude of guides :)

Rather than using

$date = date("d-m-Y");

Save the date as a timestamp in an int(11) field, do not save dates as DATETIME, DATE or any other date specific SQL type..
Since this will be a number, you can then sort by the date column in descending order to get newest to oldest :)

Simply use your $date = date("d-m-Y"); on the timestamp when you display the information.

Take a look at http://uk.php.net/manual/en/function.exec.php

Yes I'm with xan. If i read for leisure i like paper because my eyes are strained by 7 pm.

The weird thing is that i keep my laptop next to me so i can look up and reference topics of interest in the paper book. I keep a checklist of topics that interest me or need further explanation, which i go through the following morning. Ironically, I usually read more hours online, going through these topics, than i do the actual paper book. But in the end I absorb alot more material because of it.

then again i think i'm kinda unique because all i read for leisure is history or economic theory books. i love biographies of economists.
yeah, I know it sounds nerdy :^)

I prefer to read with a desk lamp :)
Then again, the books I read are generally fiction of the Horror or Thriller variety :D

I find biographies boring. If I want to know something about a person, I have Google!

Edit:
Does anyone else find it odd the : D smiley looks like this :D?

Assuming the server is running Apache, specific rewrite questions would be best posted in the Apache forum: http://www.daniweb.com/forums/forum33.html

But take a look at this: http://corz.org/serv/tricks/htaccess2.php

Yes, I sit in front of a monitor all day a work. Very nice not to have light glaring at you :)

Books > The computer

This should work...

mysql_query("CREATE TABLE IF NOT EXISTS `table_name` (
`field_name` int(11) NOT NULL AUTO_INCREMENT,
`field_name` varchar(65),
...,
...,
...,
PRIMARY KEY (`field_name`)
)");

Use a while statement, like:

$query = mysql_query(query here...);

while($result = mysql_fetch_assoc( $query )) {
  echo "<tr><td>{$result['column_title']}</td></tr>"
}

That will output one line for each record retreived. Adjust the echo to your needs obviously

Try this:

$q6 = "SELECT * FROM banners WHERE lang='{$_SESSION['lang']}' AND section='top' ORDER BY RAND() LIMIT 1";

function mapRefresh(timeoutPeriod) {
	setTimeout(load(),timeoutPeriod);
}

Then add mapRefresh(10000) to the Onload event.

Again, off topic, but I think he is trying to get help for this still :P

You have no ; at the end of the $body statement.

Use sessions, when a user signs in, create a session:

// Put this at the top of the page
session_start();

// Process the login then do this:
$_SESSION['logged_in'] = 1;

Then only allow access to the page to users who have an active session:

if(isset($_SESSION['logged_in'])) {
  // Continue with the page code
} else {
  echo "Please log in";
}

Pardon?

Can you explain what you are looking for, or provide an example?

Cant edit the post above any more.. but if you need clarification on the script, just ask :)

I voted other since there is no PHP option...

I know enough C++ to get me by, but PHP is the language I prefer and there is always something new to learn :)

Couple of issues, your script does not provide a response for if the username or password is blank, also there are redundant lines of code.

Another thing, you should be hashing the passwords (MD5 at a minimum)

I will rework the code for you and post up a possible solution.

EDIT:
This should work for the actual logic... although there is no security added, you will still need to protect it from injection and other nasties.

// Put together a query to see if the username exists
$query = "SELECT COUNT(username) FROM `users` WHERE `username` = '$username'";
$result = mysql_fetch_array( mysql_query( $query ) )or die(mysql_error());
if($result[0] != 0) {
  echo "<tr><td>Username already exists</td></tr><br />";
} else {
  if(isset($username) && isset($password) {
    if(strlen($username) > 20) {
      echo "<tr><td>Username is too long.(3-20)</td></tr><br />";
    } elseif (strlen($username) < 3) {
      echo "<tr><td>Username is too short.(4-20)</td></tr><br />";
    }
    if (strlen($password) > 20) {
      echo "<tr><td>Password is too long.(6-20)</td></tr>";
    } elseif (strlen($password) < 5) {
      echo "<tr><td>Password is too short.(6-20)</td></tr>";
    }
    // Add the user to the database here
  } else {
    if(!isset($username) {
      echo "<tr><td>Username not supplied.</td></tr>";
    } 
    if(!isset($password) {
      echo "<tr><td>Password not supplied.</td></tr>";
    }
  }
}

You have an extra , right before the WHERE

Good point, missed that one :$

Hum, quote killed the context - what I said was that there wasn't any exploits on the IPhone, and then that exploits were fixed quickly, which is of course why there aren't any exploits.

Xan thinks that the fact that there have been exploits means I'm full of bovine by-product.

You could take it either way, but I prefer my take (of course).

Yes, the quote was out of context, but had you said there were not any known issues, I would have agreed with you.

Yes, Apple plug the problems quickly, but the fact that some have been found show that there are faults and it is entirely possible that more will be found in the future. So saying 'There aren't any exploits that affect the IPhone's security' is incorrect. You have not seen the operating system source so you cannot say that there are not any problems.

$result

Assuming the fields are called email and username, use the following:
$result
$result

Its not needed there, there are a couple of uses for the braces, such as variable variables, but I believe the most common use is to include array vars in a string.

For example:

echo "My name is {$_GET['name']}<br />";

instead of this:

echo "My name is " . $_GET['name'] . "<br />";

Many problems with your code there...

There appears to be no protection on your query at all...
Try replacing this:

$id = $_GET['id'];

with this:

if (is_int($_GET['id'])) {
  $id = $_GET['id'];
  // Add the rest of the script here.
} else {
  // Display an error message, also stop processing.
  echo "Error message here";
}

Also, this line $sql="SELECT * FROM users"; is redundant, it does nothing...

Instead of this:

$result = mysql_query("SELECT * FROM users WHERE id=$id");

Try this I added a limit as I assume you will only be expecting one result:

$query = mysql_query("SELECT * FROM users WHERE id=$id LIMIT 1");
$result = mysql_fetch_assoc( $query );

You can then call the values from the DB using $result.

So to review, your code should look similar to this:

<?php

$host="localhost"; // Host name
$username="root"; // Mysql username
$password=""; // Mysql password
$db_name="login4"; // Database name

// Connect to server and select database.
mysql_connect("$host", "$username", "$password")or die(mysql_error());
mysql_select_db("$db_name")or die(mysql_error());
if (is_int($_GET['id'])) {
  $id = $_GET['id'];
  $query = mysql_query("SELECT * FROM users WHERE id=$id LIMIT 1");
  $result = mysql_fetch_assoc( $query );
  echo $id;
} else {
  // Display an error message, also stop processing.
  echo "Error message here";
}
?>

Also, as ardav said, you will need to add some logic to make sure that the user viewing this page actually has permission to do so, such as creating a session when they login, and check that a session exists when they access this page

Your problem will be this line:

<form action='manager_employee_select.php?proc_employee_id=<?php echo $_POST['proc_employee_id']; ?>' method="POST">

This will put the proc_employee_id from the previous form as in the URL for this forms action.

Couple of things.

1. Why are you sending unchecked POST values to the database? That is just asking for trouble. Look at SQL injection.
Make sure that the values you receive are the ones you expected, that numbers are numbers etc...

2. Try running the query without single quotes on the numeric value.

So basically you are talking crap, like we thought for 99% of this thread.

Are they? There aren't any exploits that affect the IPhone's security, just as there aren't any exploits that affect Linux's security. In fact the IPhone is one of the most secure platforms around.

But Apple keeps plugging them, and pretty quickly.

Slight contradiction of yourself there.

Surely having a Masters Degree at all is a worthy achievement...

There aren't any exploits that affect the IPhone's security

There are exploits, although they tend to be patched fairly quickly.

Look at this: http://www.forbes.com/2009/07/28/hackers-iphone-apple-technology-security-hackers.html

Apple did resolve this issue, although there have been others before this and there are, no doubt, undiscovered problems.

Add this code to the head of your document (Or in an external file if you use one)

<script type="text/JavaScript">
function checkValue() {
  if(document.getElementById('my_field').value == "default_value") {
    document.getElementById('my_field').value = "";
  }
}
</script>

Change my_field and default_value to the relevant values for your script.

Then add an onkeypress event to your input field for the function.

We can see the HTML source of your page, but we cannot see any PHP code....

Can you post the actual query to be reviewed.

My bad, missed the first line of your post, oops :)

In that case, post your actual query (The one(s) providing $result and $result2) and any related code, as the error is caused by an omission or problem with the query.

Take a look at the FAQ here:
http://www.daniweb.com/forums/thread191031.html

Make a seperate page (profile.php perhaps) and use the unique field in the database (Usually an ID of some sort) in the query string, for example, profile.php?user=usersID.

In the profile.php page, pull the required data from the database and display it as required.

Youtube videos maximum 10 minutes. WHAT!!! Can't they be any longer. Looks like I might need to host these videos myself. Does anybody know if that is 100% true that youtube videos cannot exceed 10 minutes as I am waiting for youtube to process my video although when trying to play it is says can't display due to the length.

Don't think so....

Search it for Longest Video or something, there is a 4+ hour video of some guy recording random crap from his day.

I think the limit is 100MB, which probably works out to be about 10 minutes at a decent quality, but since you will only be using text/voice I would have thought you can compress it a little :)

The only problem I really have with Vista is the annoying, consistent 'do you really want to do X activity' messages and the fact that it hogs my RAM (which isn't a problem on my 4GB computer I now have). All I use is ad-aware and I have never had any problems with malware.

I don't know about most of your points, but it seems that you don't know the definition of an opinion. In any case, I have spoken with a number of IT professionals, and they all have claimed that windows' security problems are more due to its popularity than its inherent flaws.

From what I have seen, Vista will just take a chunk of your RAM and sit on it, regardless of whether or not it needs it, and it appears it will take more RAM if you have more available...

Personally, I disable UAC straight away, I have a decent firewall which alerts me to any untrusted programs trying to access system files/registry keys/whatever :)

On topic, I have used multiple flavours of Linux. I find that if you go out and get your own hardware Linux is ok, but if you have a unit with OEM hardware (especially some Broadcom wireless chips) then drivers become somewhat of a nightmare.

Comparing the latest Ubuntu and OpenSuse distros to Vista, yes, installing the OS is faster than Vista, but Vista picks up the drivers in both my PC and Laptop no problem, but i …

What parse error?

It will usually give you something to go by, e.g. 'expecting x' or 'unexpected x'

Let this be a warning to any loud mouth drunk yobs...

The next person you start on may not be as easy as you think :D

http://www.mirror.co.uk/news/top-stories/2009/10/07/we-re-very-cross-cross-dressers-115875-21728860/

Good to see someone stand up to the violent youths :)

Nice article, good for a laugh :P

In delete.php do you actually have a mysql_connect statement?

From your code it would seem not...