Posts by Will Gresham

Shouldn't NumOfDogs be $NumOfDogs?

Or are you trying to call a function NumOfDogs()?

My library is about 30GB which is just right for my 30GB iPod, I have recently removed all the stuff I don't listen to anymore (about 11 months since I reinstalled windows and I deleted the ones with 0 play count It was 60GB =O )

But then, 8GB of that is audiobooks...

I have to use Windows when programming.
Both .Net and NuSphere are on there :(

But for everything else, I run openSuse. Only security on there is what came as standard and I have never had any problems :D

If you want to run in once a day, then that would be fine, if you are on a Linux server, a Cron job would be best.

I have roast potatoes with beef and veg (Gravy as well, of course). Simple but tasty :)

Rather than

$message .= "Today's Calendar Events Reminder: $title\r\n";

Just put

$message .= "$title\r\n";

Then before use mail() put:

$message = "Today's Calendar Events Reminder: " . $message;

If you have installed one of the bloated mafia style protection systems then you might find things a bit slow.

I use Vista as a dual boot with openSuse. Not a huge difference between the two. But then I do use a free protection system so the developers aren't sat there thinking of pointless 'features' that don't really do much other than look good and use resources that they can add so that you are more likely to buy it next year..

When you assign a value to $message, use .= rather than just = , this will append the text to the end of the current value. You may also want to put an \r\n onto the end of the string to add a new line at the end of each event.

EDIT: Also, take some of those statements that will not change out of the WHILE statement (i.e. the $from and $subject) otherwise they are having the same values written to them multiple times.

While will loop through all results.

Store it in a session or cookie.

Session example:

<?php
session_start();

foreach($_POST as $key => $value) {
  $_SESSION['post_vars'][$key] = $value;
}
?>

Very basic example, by no means complete.

You can then access the values using $_SESSION['post_vars']['field name']

It should be

$query = "SELECT * FROM pec_mssgs WHERE m=$todaysMonth AND d=$todaysDay AND y=$todaysYear";

Edit: Ezzaral beat me to it :)

Try replacing (!$sqlStr==... with ($sqlStr != ...

I am not sure I understand exactly what you are trying to do here, but surely passing a table name in the URL is a very bad idea.

Isn't the reason that SQL errors should be suppressed in production sites because the developer does not want the table name to be known?

If you can explain a little more what you want to do then I am sure someone will be able to help.

Correct me if I am wrong,
You want a script that will calculate the time taken to query the database and then predict how long it will take to do the same for a larger database?

Also, from what you said it seems you want someone here to provide you with this code for you to pass of as your own work...

Sorry, if that is correct I doubt you will get much help here.

+1 to the Star Trek film rocking! Best film I have seen in a while.

Age ratings are fairly pointless, the context the 'questionable material' is used in is more important, and obviously the young person viewing it. But I guess as a rough guide it serves it's purpose.

Bring on Avatar

So you want a bot/crawler?

It would be better to store the dates in the database as a timestamp, and use these in the query. Take the normal date in PHP, use strtotime to convert it to a timestamp and search this.

Your queries will be faster if using integers rather than full text searching..

Ok, I have an iBook G3.

I was restoring it to factory with the Software Restore disks which came with the unit as I was planning to move on to a new unit.. But there was a power cut in the middle of the process and the unit shut off. Now, it does not recognise a HD when booting holding option.

It also will not boot from any CD/DVD other than the Apple HW Test disk provided with the unit.. All other disks spin up and then get ejected, on the odd occasion it does not eject, it boots to a icon of a floppy diskette with a flashing ? (Saying that, I did manage to get it to load from the restore disk 1 once, but it just saidit could not mount the image file)

The HW test disk returns no problems
I have reset PRAM multiple times, and reset nvram and all in Open Firmware. I have also reset PMU as a last resort, but no luck :(

Any ideas?

Apart from the fact that your HTML is appalling.. as I said earlier, where are you getting the (in this case) POST from?

You appear to be using the values that the fields have, this is incorrect.
You should be using:

$a = $_POST['to'];
    $b = $_POST['from'];
    $c = $_POST['couch'];
    $e = $_POST['550'];

This is not recommended though, the user can modify the data sent to the server through a form, you should look into SQL injection and how to prevent it.

A couple of questions..
1. Where are you getting those GET names from? Can't see any reference to them in your code..
2. Why are you putting GET data directly into the database.. That's just asking for trouble. Any and all input from a user should be seen cleaned before database entry.
3. What is so important about line 147/148, I see no problems there.

2nd result on the link I posted above describes what you want.
http://zenofshen.com/posts/ajax-sortable-lists-tutorial

Click

Plenty of guides (and ready made open source code) online if you actually search for it.

Wait.... How do you complete an infinite loop at all?

Infinite means no end last time I checked ....

Why is this in the PHP forum?

Fairly simple, limit the number of results that SQL returns, and have a start point for the query. A google search brings up what you want.
Click me.

Hello all. Quick question.

I have a table in my database with 'feedback' items which are assigned to pages/items in another database. I have a inner join to list all of the items on the feedback table and which items they are listed on.

I have used a DISTINCT on the ref# field of the feedback query to stop it showing duplicate feedback entries on the page, then I have a foreach on the items returned. In the foreach I run a query for the ref# of the feedback item to generate a list of all pages/items that it is listed on.

Can't find anything of use on the interweb, but I know there has to be something somewhere, i'm probably searching for the wrong thing.
Can anyone suggest a more efficient way of doing this?

Thanks.

Just looked at that, the filtered actually outputs reasonable HTML!

One more question now:
Can I get VB to open a document, save it as filtered HTML (say in the applications path) and then get the contents of the filtered document (To be sent as POST data to the server) as the people who will be updating the site know very little, they just type up the files and 'can't' learn new things (I do hate working with people who say can't before making any attempt).

So basically,
1. Open a .doc
2. Save as filtered .html
3. Get the .html
4. (Processing)
5. Delete the .html file

I remember reading about a component on the Microsoft MSDN site which handled Word files, but I can't remember the name of it :(

Well, that would be an interesting test of my failed german GCSE;)

Can you confirm PHP is installed in C:\php5, and that the file php5apache2.dll is actually there (These are sometimes in a subfolder and need to be moved to the main directory)

Maybe for you, but I think you have confused everyone (Or was that the intention?)

Someone needs to explain their intentions better

Upload the PDF files to a directory and have the PHP script check the directory and list any PDF files in there.

+1 to not using an IDE to learn PHP, there are plenty of applications that support syntax highlighting and line numbering (Textpad2 comes to mind).

I have found the best IDE to be the NuSphere phpED, pricy, but very nice :)

I find that FPS games bore me, I can't stick them very long at all.

But I'd agree with the overall assessment of the article, I am more aggressive in driving games (i.e. NFS Underground) than shooting games (i.e. GTA:SA) I actually play GTA to relax, whereas I play a racing game to get a challenge :)

I am building a program that will 'integrate' with a website I have built, the user wants a client based app that can be used to upload text from a .doc file to the website.

The website uses a database to store the text in HTML format.
The HTML produced by word is bloated and pretty useless to any program other than word (But then you already know that)

What I want, is to take the HTML output from Word, strip it of all the unneeded tags and send it to the DB (that last bit I can do)

Or even better, take the text and formatting straight from a .doc, and strip all formatting other than the basic ones (bold, italics, underlines, tables etc...)

Apart from a short look at VB.net in college, I haven't really used it, no idea if this is feasible, but Google doesn't bring up much useful information.

Any ideas?

TMF on TV, another 3.5 hours till I finish work :)

I use javascript for client side hashing before the data is posted because I read somewhere that the postback or something could be hacked. I don't have the link on me but I might find it

Things may be hacked, but you are basically giving the user the key to a door.. Rather than having to work out what you are doing to a string, they know exactly what is happening.

Also, some people have javascript off, meaning that the string will not be hashed.

You can do the same thing in PHP, much more secure to do it that way as the end user should then never find out what you are doing.

My guess would be that 'lal' is a directory, and the query string is for the default file in there.

So 'www.some.com/lal?some=some&somemore=somemore' would actually go to 'www.some.com/lal/index.php?some=some&somemore=somemore.'

Just a guess, I can't think of a site off the top of my head that uses this though, could possibly be a mod_rewrite, but I doubt it, possibly just sloppy coding.

Aside from the comments in the previous post, you ahave a lot of redundant code there.

Rather than coding HTML like:

echo "<html>";
echo "&nbsp;";
echo "&nbsp;";
echo "&nbsp;";
echo "&nbsp;";
echo "&nbsp;";
echo "&nbsp;";
echo "&nbsp;";
echo "&nbsp;";
echo "&nbsp;";
echo "<table align=center border=1 cellpadding=0 cellspacing=0  bordercolor=#FF6600 bgcolor=#C0C0C0 width=50% height=10>";
echo "<tr> <td align=center><p font color=black span style=font-size:11pt;><b>Minimum length values for Username or Password or Pincode or Mobile is missing. Please try again with correct values.</b></span></font></p></td> </tr> </table> </html>";

This would be better:

?>
<html>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
<table align=center border=1 cellpadding=0 cellspacing=0  bordercolor=#FF6600 bgcolor=#C0C0C0 width=50% height=10>
<tr>
<td align=center>
<p font color=black>
<span style=font-size:11pt;>
<b>Minimum length values for Username or Password or Pincode or Mobile is missing. Please try again with correct values</b>
</span>
</font>
</p>
</td>
</tr>
</table>
</html>
<?php

You also had missing brackets (> and <) between the P and the Span elements.

Also, since you are using the same styles for each table, it would be better to use CSS to save duplication of code.

Finally, there is no validation of POST data, very bad idea, you might want to look at sorting that.

i sort of misread the title and thought that you were going to tell us about your erotic fantasies.

+1

Really, some people need to take their minds out of the gutter ;)

>Fullmetal Alchemist
I'm more curious how the licensing will go. The last thing I want is another Utawarerumono where I get really into it and then after ten or so episodes it gets licensed.

Wait...
Didn't this finish after the 52 episode and 1 film :-/
Don't see what they can do to the series from the point they left off at at the end of the film..

All you need to do is specify the location in the function, change:

imagejpeg($img, "", 90);

to

imagejpeg($img, "/flashimages/filename.jpg", 90);

Or, generate a name for the image and store it in a variable:

//Generate the image name
$image_dir = "/flashimages/";
$image_name = "something.jpg";
imagejpeg($img, $image_dir . $image_name, 90);

I don't mean to sound rude, but I just want this question answered about blocking session ID stealing.

The code I posted earlier would help prevent this. It will changed the session ID every single time the user clicks on a new link, so even if the malicious user somehow gets the session ID, it will likely have changed by the time they try to do something.

Here is the code again:

<?php
session_start();
// We need to copy the old session data
$previousSession = $_SESSION;

// Then re-create a new session
session_destroy();
session_start();

// And finally, reassign the session data
$_SESSION = $previousSession;
?>

You could use a meta redirect to redirect the page after a period.

This would go to a page which unsets the session

<meta http-equiv="Refresh" content="300; url=http://www.site.com/logout_page.php" />

^That goes in the head of the document.

The problem is that you have mixed double and single quotes, it should be:

<a href="delete.php?id=' . $row['autoid'] . '">

But your coding style needs alot of work, suggestions posted above are good ones.

Seeing as all the session values are stored on the server, unlike cookies which are stored on the clients computer, they are much more secure anyway.

In theory if the malicious user got the session key they may be able to do some things, but this will be prevented to a certain extent by using the script above to change the session key every page load.

Also, make sure your logout button/link is easy to see, as by clicking this the session data should be deleted by the script meaning that it can no longer be accessed.

You will not make it 100% secure, no matter what you do.

But you can take some steps to secure your application further. Sessions are much more secure than cookies and are probably the best way to go for this, you can look at making it harder to 'hack':

Check the User Agent for each visit, while the user agent reported can be masked or changed by the user, checking it for each page load will stop some attempts, so if the user agent suddenly changes mid session, this will stop it:

<?php
if(!isset($_SESSION['user_agent'])) {
    // Set the session value as the hash of the UA
    $_SESSION['user_agent'] = md5($_SERVER['HTTP_USER_AGENT']);
} else {
    // Check that the session value matches the hash of the UA
    if($_SESSION['user_agent'] != md5($_SERVER['HTTP_USER_AGENT'])) {
        // Alert the user they have been logged out due to a UA change
        echo "The user agent data sent by your browser has changed unexpectedly, please login again.";
        session_destroy();
        exit(0);
    }
}
?>

The same (or similar) could be done for other values such as the IP address, but since some users will be behind proxies, and the IP can change mid session, this may not be such a good idea.

Also, to make it harder for a malicious user, you can change the session key every page load:

<?php
session_start();
// We need to copy the old session data
$previousSession = $_SESSION;

// Then re-create a new session
session_destroy();
session_start();

// And finally, reassign the session data …

CSRF: Cross-site request forgery
XXS: Cross-site Scripting

As mentioned by Designer_101, I would suggest not using POST values directly into SQL queries (Or for anything really) They should be cleaned first. Use a preg_match on any values (such as usernames) where you know they will only contain certain characters, at a minimum you should have addslashes in there.

Is this possible?

Yes.

It wouldn't take much research either. There are plenty of tutorials online for how to write to a file using PHP, including a good example on php.net.

<?php
$filename = 'test.txt';
$somecontent = "Add this to the file\n";

// Let's make sure the file exists and is writable first.
if (is_writable($filename)) {

    // In our example we're opening $filename in append mode.
    // The file pointer is at the bottom of the file hence
    // that's where $somecontent will go when we fwrite() it.
    if (!$handle = fopen($filename, 'a')) {
         echo "Cannot open file ($filename)";
         exit;
    }

    // Write $somecontent to our opened file.
    if (fwrite($handle, $somecontent) === FALSE) {
        echo "Cannot write to file ($filename)";
        exit;
    }

    echo "Success, wrote ($somecontent) to file ($filename)";

    fclose($handle);

} else {
    echo "The file $filename is not writable";
}
?>

If you are having problems, post up your code for us to look at.

I think I see the problem:

You have this at the top of the script:

// images
$thumb ='/photos/'.$info['date'].'/thumbs/'.$info['thumb'];
$url ='/photos/'.$info['date'].'/'.$info['url'];

But at that point $info has not been declared/defined, you can confirm this by looking at your source on the actual page, it is missing the values so you end up with the image src being '/photos//thumbs/' for every image.

This should be within the while statement after the SQL query, so change:

// 	Displaying each image with this code.
	echo '<a href="' . $url. '"><img src="' . $thumb. '" /></a>';

To

// Image Declarations
	$thumb ="/photos/" . $row['date'] . "/thumbs/" . $row['thumb'];
	$url ="/photos/" . $row['date'] . "/" . $row['url'];
// 	Displaying each image with this code.
	echo '<a href="' . $url. '"><img src="' . $thumb. '" /></a>';

That should work.

Can you post the rest of your script?

I have setup a table on my database and a slightly modified script on the server and it works for me.

Here's the edited code

<?php
// Connects to your Database  
mysql_connect("***", "***", "***")or die(mysql_error());  
mysql_select_db("***")or die ("Unable to connect to MySQL");

// How many pictures to display on each page.
$picsperpage = 12;

// How many pictures to display per row.
$picsperrow = 4;

// images
$thumb ='/photos/'.$info['date'].'/thumbs/'.$info['thumb'];
$url ='/photos/'.$info['date'].'/'.$info['url'];

// If the page number is set...
if(isset($_GET['p'])) {
	// $page is now the page number.
	$page = $_GET['p'];
} else {
	// Otherwise the page is 1.
	$page = 1;
}

// What the starting number will be for the query.
$start = ($page - 1) * $picsperpage;

// Counts all of the rows in the table.
$res= @mysql_query("SELECT COUNT(id) AS numrows FROM photos")or die("Sorry, but there was an error retrieving the gallery.");

// Gets the number of rows from the array.
$fetchres = @mysql_fetch_array($res, MYSQL_ASSOC)or die("Sorry, but there was an error retrieving the 
gallery.");
$numrows = $fetchres['numrows'];

// How many pages there will be (total pictures / # of pictures per page).
$totalpages = ceil($numrows/$picsperpage);
echo '<ul>';

// Echos our page numbers so that we can navigate.
for($i=1; $i <= $totalpages; $i++) {
	if($i == $page) {
		// If it's the current page, don't make a link since we are already there.
		echo '<li>' . $i . '</i>';
	} else {
		// Make all other pages links. …