Posts by mschroeder

Does all that javascript do is show and hide a DIV?

That is what I get for not testing that code. Glad to see you figured it out.

so let me try to wrap my head around this, you have 200+ domains we'll call them domain1.com, domain2.com etc etc etc

they all point to the same theoretical directory, aka they are domain aliases.
domain1.com -> /home/user/public_html/
domain2.com -> /home/user/public_html/
domain3.com -> /home/user/public_html/
etc

and when i visit domain1.com you are currently setting 200+ cookies for all of your other domains, with the CAKEPHP_COOKIE value, but setting them for domain2.com, domain3.com etc etc etc?

SimpleXML as it will eliminate having to first load the contents with either cURL or file_get_contents and then having to load that data into SimpleXML or the DOM to then parse the XML.

Are there parameters and if so do they need passed via GET or POST requests?

cURL will allow for GET and POST requests, but file_get_contents will only be able to open urls that can accept GET requests.

Since you're parsing XML and 90% of the web services I see work with GET requests I'm going to take a shot in the dark and recommend using SimpleXML to do both at the same time.

Here is a pretty good tutorial on parsing xml retrieved from a url with SimpleXML: http://www.ibm.com/developerworks/library/x-simplexml.html

Depends on the use case.

I always use a database for information that needs to be related together. I couldnt personally say 50/50 or 80/20 etc because my uses of flat files vs databases changes depending on the project i'm working on.

However, writing a text file is not just limited to plain text. You could use them for RSS feeds (XML) that get hit constantly, so you generate them on a regular basis to a physical file. Then the web server can handle many more requests for that file then if it were pulled dynamically.

Basic caching systems often take a page that is generated dynamically or parts of a page that are generated dynamically and write them to files for a period of time, to cut down on the number of database calls. This is a really basic usage of caching of course.

There are an endless amount of uses for flat text files, and knowing how to write to files and more importantly retrieve the pieces and parts you need from them.

It is NOT possible to set a cookie for a different domain then the one that script is currently executing on via php. The closest you can get is specifying .domain.com in the setcookie function and this ONLY pertains to subdomains so that www.domain.com & test.domain.com all have access to the cookie.

Sites that manage multiple domain cookies do it either with redirects, or GET/POST requests which is perfectly legit. This is the simple idea I indicated above.

None the less, if you're using PHP Sessions, then a session is stored as a little text file on the server somewhere depending on your configuration. If the domains are one different physical machines or if they use different locations for storing sessions you will never make it work.

The call to the image was just a quick and dirty was of making a GET request to a different website that passed it the current session ID from the first site and set it up on the second site.

For starters the above code has absolutely nothing to do with troubleshooting a connection to your database server.

gagan22: Is your site throwing any php errors and/or any mysql connection errors?

if you're not getting any errors or are simply getting a blank page, I would create a separate file and try something like the following, to troubleshoot your connection issue.

<?php
error_reporting( E_ALL );

$link = mysql_connect("localhost", "mysql_user", "mysql_password") or die( mysql_error() );

mysql_select_db('foo', $link) or die( mysql_error() );

run that script but replacing the login information with your login details and the database name with your database name. If it works then the problem lies elsewhere. If that returns a php or mysql error then please post it back here and i'm sure everyone will be able to help you out once we see what is actually going on.

While you can't directly set a cookie for a remote site with php, at least not from what I could tell with some quick tests. You can emulate it by calling a script on a foreign site and passing some values to it in the url.

For example.

<?php
//Site1.com/session.php
session_start(); //This line should have created a cookie called PHPSESSID

//We pass the value of that via a GET request to site2 via an image.
//This is just to illustrate the request. The same thing could be done with cURL or a number of other methods.
echo '<img src="http://www.site2.com/setSession.php?w=PHPSESSID&x='.$_COOKIE['PHPSESSID'].'" />';

//Show a link to the page we just called in the image.
echo '<a href="http://www.site2.com/setSession.php">Site 2</a>';

<?php
//site2.com/setSession.php
session_start();
if( !empty($_GET) )
{
     setcookie($_GET['w'], $_GET['x'])
}
else
{
     print_r($_COOKIE);
     print_r($_SESSION);

     //This *SHOULD* now match the session id from the last site.
     echo session_id();
}

I tried numerous attempts with changing the domain and format for the domain string in setcookie() from my localhost trying to set the cookie for one of my domain names but couldn't get it to work. I imagine this is a cross site scripting security measure, but i'm not sure.

This method suffers from a big drawback though, unless both sites SHARE the SAME session store then you still wont be able to access the data.

Personally I like to override the default session handlers and generally use a database to store my sessions and values etc.
But …

If the information that you want is available in an rss feed, then i think that is the way to go. If the info you want to scrape is not available to you in the rss feed(s) then you will have to grab the source and extract the parts you want.

I think what you're describing as pages, is better described as pagination, which would follow the general concept of:

On page 1 display the last 10 updates. If the number of updates exceeds 10, then divide the total number of updates by ten and round up (floor()) that number is the total number of pages. You would do some basic math and determine what page the user is on and what records to retrieve in the query, first 10, second 10 etc, using LIMIT. There are lots of great tutorials on how pagination works and its intricacies.

This can be done with php and some logic without the need to automate it to generate static files.

Are you trying to set something up, where as you make changes throughout the day, at a certain point, say once a night the server goes and compiles the source into a nightly build?

If this is more of your intentions and it doesn't need to be absolutely on demand you could setup a cron task that runs at a certain time or on timed intervals that calls the compiler and does the work.

Are they both database driven, and do you have access to both databases?

http://www.swiftmailer.org/wikidocs/v3/sending/bounce_address
http://www.swiftmailer.org/wikidocs/v3/misc/logging

I believe both of those pertain to what you're looking for.

I disagree with CAPTCHA on the login form. If a bot is trying to log into a site via a login form then that makes the assumption that the bot has already registered an accout or is attempting to brute force its way in.

On the login side of things, I favor flood protection (n number of login attempts) and letting the script sleep for a second or two during the login process. Just slowing the login process down for a second can discourage even the most persistent brute force attempts.

I read a good article on how to implement a very functional flood control solution, if I can remember where i'll post the link.

Alright, since you responded with a great example of how to do it with regular expressions, I guess I can provide an xpath example using the DOM as i mentioned previously.

<?php
$sUrl = 'http://www.google.com';

$oDom = new DomDocument();
@$oDom->loadHTMLFile( $sUrl );

$oXpath = new DomXpath($oDom);

//Could also be //@href | //@src i just think the one used gives you more finite control over the result set.
$oRes = $oXpath->query("//a/@href | //img/@src | //script/@src");

$i=0;
foreach($oRes as $h1) {
	echo $h1->nodeValue . '<br>';
	$i++;
}

echo $i.' urls found in page.<br /><br />';

http://images.google.com/imghp?hl=en&tab=wi
http://maps.google.com/maps?hl=en&tab=wl
http://news.google.com/nwshp?hl=en&tab=wn
http://video.google.com/?hl=en&tab=wv
http://mail.google.com/mail/?hl=en&tab=wm
http://www.google.com/intl/en/options/
http://www.google.com/prdhp?hl=en&tab=wf
http://groups.google.com/grphp?hl=en&tab=wg
http://books.google.com/bkshp?hl=en&tab=wp
http://scholar.google.com/schhp?hl=en&tab=ws
http://www.google.com/finance?hl=en&tab=we
http://blogsearch.google.com/?hl=en&tab=wb
http://www.youtube.com/?hl=en&tab=w1
http://www.google.com/calendar/render?hl=en&tab=wc
http://picasaweb.google.com/home?hl=en&tab=wq
http://docs.google.com/?hl=en&tab=wo
http://www.google.com/reader/view/?hl=en&tab=wy
http://sites.google.com/?hl=en&tab=w3
http://www.google.com/intl/en/options/
/url?sa=p&pref=ig&pval=3&q=http://www.google.com/ig%3Fhl%3Den%26source%3Diglk&usg=AFQjCNFA18XPfgb7dKnXfKz7x7g1GDH1tg
https://www.google.com/accounts/Login?continue=http://www.google.com/&hl=en
/intl/en_ALL/images/logo.gif
/advanced_search?hl=en
/preferences?hl=en
/language_tools?hl=en
/intl/en/ads/
/services/
/intl/en/about.html
/intl/en/privacy.html
29 links found in page.

The only thing to be aware of here, is urls that are relative and not full paths. You would need to put some logic in place to add the domain back to them if its not there already.

In Firefox/Windows you would put http://www.abc.com into the address bar, once the site was loaded, press CTRL-U to bring up the source, then CTRL-C/CTRL-V on whatever urls you want. :twisted:

I think the concept you're looking for is a website scraper, there are a lot of different options for doing this from regular expressions, to xpath, which is one of my personal favorites.

Come back with some conceptual code and I'll be more than happy to help you work through it.

For starters, Zend Guard is a product for encoding your php in opcode *I believe the term is opcode*, it has nothing to do with securing a form or validating logins.

Second, I'm going to make a big assumption here, and say that you're using javascript validation to verify that 95% of the form submissions *should* be valid prior to them getting to a PHP form processor which then AGAIN should verify the data that was submitted.

The reason this is key, is because i can just as easily create a form that mimics your form fields and posts the submission to your php script without ever passing through the javascript validation. This is the real problem with relying strictly on javascript.

Generally speaking these kinds of validations are best handled by regular expressions. Where when the user submits their username and it should be between 8 and 16 characters in length, and only contain upper and lower case letters and numbers, or whatever your specifications are.

You would use a php function like preg_match and then write a regular expression to match your requirements for example /([a-zA-Z0-9]{8,16})/ -- I didnt test this, but it should be valid.

Now onto the php

if (!preg_match( '/([a-zA-Z0-9]{8,16})/', $sUsername )) {
    echo 'Your username must contain only numbers and letters and be between 8 and 16 characters in length.';
}

Hopefully this gives your the basics of how this works.
There are a ton of different ways …

indeed i believe that was referenced recently on slashdot, but I might be mistaken.

Some how though, I don't think "hacking my school's proxy server" falls into the national interest of science.

btw in case the op is still hanging around this thread, if your proxy is highly monitored, then what makes you think your network admin isn't noticing your 650 failed logins/second on their admin account?

Or 62^8, or 218,340,105,584,896 possibilities...

Actually the math is 8^62 8 positions with 62 possibilities in each, special characters excluded 62 positions where each will only be 1 of 8 options yields significantly less possibilities.

Not to nitpick your math, because ultimately, our points were the same as the one you made, it would take to long to generate them all.

Funny side tangent, I was reading about security somewhere and there was a discussion on how frequently if ever a password should be changed and the usual answers showed up. Then someone pointed the thread to a url regarding where changing passwords originated from.

Turns out in the days of the first "super computers" some mathematicians determined if a "hacker" could have full access of the computer, every 30 days or so, they probability wise would generate a successful login attempt.

Hence they set forward to make users change their passwords every 30 days...

alright back on topic.

php simply isn't meant for this kind of thing, regardless of its intention, albeit yours is a pretty useless one. On the basis of an 8 character password, where each letter can be 1 of 62 possibilities (a-zA-Z0-9) that is 9.807971461541689e+55 possibilities.

Good luck with that.

You could also create a new table for saved form data and then serialize your POST or GET array depending on how you're passing your form data. Then store the serialized data in the table and relate it to your form in a way that makes sense to your code.

Then you can always recover everything the user has entered and clear/cleanup your saved form data without affected submitted form data and you won't end up with partial form submissions etc.

http://us2.php.net/serialize

just did a quick run of these on my local machine:

truehash_a() takes 0.00002598762512207 seconds to execute.
salthash_a() takes 0.000015020370483398 seconds to execute.
salthash_b() takes 0.000015974044799805 seconds to execute.
salthash_c() takes 0.000015974044799805 seconds to execute.
salthash_d() takes 0.000015974044799805 seconds to execute.
salthash_e() takes 0.00002598762512207 seconds to execute. (mschroeder's hasher)

**** These results are from php 5.3.0 the rest of the results will be from 5.2.8 installs

I did have to make one small change though:

function salthash_e($hashzzz) {
$sPossible = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ!@#$%^&*()-+=[]{}|';
$iPossibleCount = strlen( $sPossible );

$sSalt = '';
for( $i=0; $i<10; $i++ )
{
$sSalt .= $sPossible[mt_rand(0, $iPossibleCount)];
}

$sHash = hash('whirlpool', $hashzzz . $sSalt);
}

the for loop wasn't getting a length to check against so i just hardcoded it to 10.
However I get the same results with the speedup when adding static salts. That is very unexpected. I'll post additional test results from other machines tomorrow.

the thing with hashes, is that they SHOULD NOT be able to be reversed. If the intention was to reverse it then it would be encryption.

Generally when i read about weak hashes being cracked its because of a design flaw in the algorithm, which contains math way above my head. Or someone has created a lookup table of common dictionary words, which is where salting the hashed string comes into play because even common words and combinations are no longer common.

I'd also be curious to see some comparative benchmarks regarding hashing a string once using a randomly generated salt as i provided, where the cpu intensity will be in the salt generation vs using a static salt(s) and then double hashing the string or any of the other methods cwarn provided.

If someone posts their test code and results, i'd be happy to run them on a handful of drastically different servers and post those results as well.

the registered number of algorithms will vary by system, although in my experience most of them are commonly available. As far as execution time, that would vary drastically depending on the type of hardware your site/system is hosted on.

I would suggest running a quick benchmark on the hash_algos() output.

<?php

$aAlgos = hash_algos();
$sStringToHash = 'This is a test string';
$sSaltString = 'This is the salt';

foreach( $aAlgos as $sAlgoName)
{
	echo 'Algorithm: ' . $sAlgoName . '<br />';
	
	$iStart = microtime(true); //Only valid with PHP5
	$sHashed = hash( $sAlgoName, $sStringToHash . $sSaltString );
	$iEnd = microtime(true);
	
	
	echo 'String Length: ' . strlen( $sHashed ) . '<br />';
	echo 'Hash: ' . $sHashed . '<br />';
	echo 'Total Hashing Time: ' . number_format( ($iEnd - $iStart), 8) . ' seconds';
	echo '<hr />';

}

It is crude but should give you a fairly accurate idea of how long its taking your system to run a single hash. I'm not certain if there are other factors that would skew this benchmark or not as I'm not familiar with the internals behind the hash() function.

They're two different things that both have different purposes. as I indicated in my first post and as ShawnC again emphasized, encryption and hashing are two different things. You can't compare them on a security level.

The hash function is a function that allows you to utilize numerous kinds of algorithms. if you run print_r(hash_algos()); it will give you an array of the hash algorithms available on your system. Whirlpool is just one type of hash, like MD5, SHA1 and CRN32

A salt is basically adding a random string(s) to whatever you are encrypting or hashing:

<?php

$sSalt = '8*S&AsEc4qUs';
$sHash = hash( 'whirlpool', $sString . $sSalt );

echo $sHash;

so if the user decided to make their password "password" the hashed password would actually be for the value of "password8*S&AsEc4qUs" which would prevent someone from using a hash lookup database as it ensures that the users password has some form of complexity to it. This is assuming that someone was looking at the actual hash stored in the database and not trying to forge logins from a from.

I *believe* phpBB3 uses the random salt for every password option i mentioned in my previous post. It would be something like this:

<?php

function getSalt( $iLength = 10 )
{
	$sPossible = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ!@#$%^&*()-+=[]{}|';
	$iPossibleCount = strlen( $sPossible );
	
	$sSalt = '';
	for( $i=0; $i<$iLength; $i++ )
	{
		$sSalt .= $sPossible[mt_rand(0, $iPossibleCount)];
	}
	
	return $sSalt;
}

$sPassword  = 'password';
$sSalt = getSalt();

$sHash = hash('whirlpool', $sPassword . $sSalt );

//Store  $sHash and $sSalt in the database.

Although I imagine when you get into generating random salts, you are going to be just as comparable to double hashing the same string, in terms of cpu usage …

hashing and encryption are two different things.
hashes like MD5, SHA1, Whirlpool etc. are one way. There *should* NOT be a way to reverse them.

Encryption however is two way. you can encrypt a string and when decrypted returns the same string.

For hashes I agree with cwarn in the use of whirlpool, but i would have to argue that salting the string to be hashed prior to running it through whirlpool, would be just as strong as double hashing the string, but would require less cpu work. You could also make it infinitely harder by generating a random salt for every password and then storing the salt along with the hashed string in the database.

If the op is interested in encryption I would suggest taking a look at this post in the php documentation using the mcrypt library. http://us2.php.net/manual/en/function.mcrypt-encrypt.php

There are also a few different mysql methods for dealing with encryption:
aes_encrypt/aes_decrypt
encode/decode
des_decrypt/des_encrypt

I've worked on projects where for example, passwords needed to be hashed to prevent their snooping by people with access to the database, and also where passwords needed to be encrypted so that support staff could view the password if the user had forgotten it, without having to reset it to a random string or a default password.

<?php

$xYahooXML = '
<ysearchresponse responsecode="200">
	<prevpage> /ysearch/web/v1/sunflower%20seeds?appid=e4j0dGfIkY0.VnPaj_m8JivWDmAdWAV50uTRuIaqvA--&amp;format=xml&amp;count=1&amp;start=0 </prevpage>
	<nextpage> /ysearch/web/v1/sunflower%20seeds?appid=e4j0dGfIkY0.VnPaj_m8JivWDmAdWAV50uTRuIaqvA--&amp;format=xml&amp;count=1&amp;start=2 </nextpage>
	<resultset_web count="1" start="1" totalhits="376055" deephits="11600000">
		<result>
			<abstract> Home to the <b>seed</b> brand featuring products, nutrition facts, and more. </abstract>
			<clickurl> http://lrd.yahooapis.com/_ylc=X3oDMTRrYzhoc210BF9TAzIwMjMxNTI3MDIEYXBwaWQDZTRqMGRHZklrWTAuVm5QYWpfbThKaXZXRG1BZFdBVjUwdVRSdUlhcXZBLS0EcG9zAzEEc2VydmljZQNZU2VhcmNoV2ViBHNsawN0aXRsZQRzcmNwdmlkA2ZIUnh2RVBEQjJHQjIxOF9zZjhLc3dsa1RNTzJsa21qWS5FQUE2WkI-/SIG=10v00dabm/**http%3A//www.davidseeds.com/ </clickurl>
			<date>2008/12/12</date>
			<dispurl>www.<b>davidseeds.com</b></dispurl>
			<size>7122</size>
			<title>David <b>Sunflower</b> <b>Seeds</b></title>
			<url>http://www.davidseeds.com/</url>
		</result>
	</resultset_web>
</ysearchresponse>';

$oSimpleXML = new SimpleXMLElement( $xYahooXML );
echo $oSimpleXML->resultset_web->attributes()->totalhits;

First, I used SimpleXML as it is generally easier to parse this kind of xml with.

Second, I don't know if the DOM will complain about this, but to my knowledge for XML to be valid a node can not contain an html entity that is not in entity format aka & => & Also, besides 5 entities quot, amp, apos, lt, gt any other element has to be numerically defined. http://en.wikipedia.org/wiki/List_of_XML_and_HTML_character_entity_references
I had to change the &'s to & in the url's in your code to get SimpleXML to not complain about it being invalid xml etc.

Let me know if you have any additional questions.

This almost looks like you're trying to work with a java or javascript object instead of php.

In PHP it would be something like:

$rs = $sql->Execute('SELECT ... ');
if( $rs->rowCount > 0 )
{
     return true;
}
else
{
    header('Location: expired.php');
    exit;
}

Are you getting any errors if you add error_reporting( E_ALL ); to the top of your php code?

This is one of the weaknesses of php. You can not use php to check the file size until AFTER the file/image has been SUCCESSFULLY uploaded to the server.

You also can not use javascript to access the client side file system. This is an area where i see Adobe Flash upload scripts really fill the gap. As they tend to be able to check the size of the file prior to the upload occurring.

I'd suggest looking into some of the many flash upload scripts that exist and how to tie them into php, unless someone else has a more controlled solution.

Can i ask what your implementation of this is? Hoe are you using it, and why do you need to display a floating div in front of the page to tell the user it is loading?

I'm not criticizing or anything, I just don't think i've ever seen something like this done before and would love to be enlightened.

I would like a double cheese burger and a large shake, and yes, I do want fries with that...

I will trade that for some code, do you take code?

for($i=1; $i>0; $i++)
{
alert( 'Here is some code');
}

Alright since you didn't make any effort to understand how this works, i'm going to only briefly explain what you SHOULD be looking for.

search for "Javascript Timer" that is the obvious one.

Now what this does is when the timer expires they turn the visibility of some html element on so you can now click a link to download.

OR

what i imagine is a more controllable method would be to make a quick ajax call for a uniquely generated url, so you couldn't bypass the timer.

Come back with some code or an example of what you cant get to work and i think everyone around here will be a lot more willing to help you.

btw: I haven't tested the code above, so it may or MAY NOT do what you want it to do...... :twisted:

indeed, that was going to be the suggestion I made if you didn't find my previous solution suitable.

I saw a lot of issues regarding that while searching for any workarounds or ways to deal with it.

Glad you found something that works

Manipulating the user's screen in anyway is something that should be avoided at all costs. Imagine you were to visit a site, that has a layout designed for 640 x 480, but instead of showing you the whitespace they hijacked your browser window and shrunk the display down to a little box in the middle of your great big monitor...

My suggestion would be to review your site statistics, i mean you do have a good understanding of what your users are actually using right? In case you don't, here is a great example (http://www.w3schools.com/browsers/browsers_display.asp) Based off of those results cater to the greatest percentage of your users. Only after you have satisfied your largest user base should you explore the options to display your site to a smaller audience. If they have to scroll on your site there is a good chance they have to scroll on lots of others too.

Some of the options would be using javascript to detect the resolution and then send them to a url with a parameter that PHP/ASP etc would pickup and then serve a template to the user that better satisfies their demand. The site could also be designed that it recognizes mobile browsers and instead serves up a mobile template etc. This is where template engines shine, when there is a need to show the same content in an infinite number of configurations.

Lately I have seen 960px fixed width layouts popping up like crazy. …

Download the attached file and try it. All i did was copy the code from your posting into it and I noticed a weird unicode glitch i've seen before. When I saved the file correcting for it, the glitch went away, it might be the problem you're having.

Why does the page value need to be passed in the url?
Will it always be the same as the hidden field view?

I ask because i see $_GET & $_POST being set to the same value.

Here is a quick example of moving the value of "page" to a hidden field and setting it and view to the value:

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>

<script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js"></script>
<script type="text/javascript">
$(document).ready(function() {
	$('#go').submit( function() {
		var page = $('#where').val();
		alert(page);
		//Set view to value of where
		$('#view').val(page);
		//Set page to value of where
		$('#page').val(page);
	});
});
</script>
</head>
<body>
<!-- Added ID to the form for easier reference -->
<form name="go" id="go" action="post.php" method="post">
    <input type="hidden" name="action" value="view" />
    <input type="hidden" name="view" id="view" value="" />
    <input type="hidden" name="page" id="page" value="" />
    
    
    <!-- Added input field for illustrative purposes -->
    <input type="text" name="where" id="where" value="" />
    <!-- Added submit button for illustrative purposes -->
    <input name="submit" type="submit" value="Go!" />
</form>
</body>
</html>

I added a where field and a submit button to illustrate how the change happens and post.php in the action of the form, was simply print_r($_POST) Does this kind of workaround work?
BTW, this uses jQuery for the javscript library.

The problem is not in the check_login.php file. The error is in your config.php file.

You can NOT have ANY output from php prior to calling the header function. I assume you have something like the following in your config.php file:

<?php
//Ignore the next line, it just reproduces your error.
header('location: http://www.google.com');

notice that there is a space before the <?php tag.
This is the error message it produces:

Warning: Cannot modify header information - headers already sent by (output started at ****\headerCheck.php:1) in ****\headerCheck.php on line 2

What server side language are you working with (PHP/ASP/other)?
What type of database are you working with ( MySQL/MSSQL/SQLite)?

Now i personally prefer to work with jQuery so i'm going to link you to the very first result i get when i run the search i provided: http://nodstrum.com/2007/09/19/autocompleter/, i'm not a big fan of the styling but look at the code that is provided.

The general concept of this functionality, is an input box with a keyup event and a hidden div with its position set relative to the input box.

When the user types in the text box, it actually makes a request via ajax to a server-side page, where it takes the value and does a query against your database. In the examples case it formats the results and returns the result back to the ajax handler. From there, the ajax handler, takes the results and puts them into the hidden div and makes it display.

It's pretty simple once you wrap your head around the concept.

I believe you're talking about a "popup" that is more of a modal window then a true popup. This would mean creating a div that is positioned above the page and floats over everything else.

Here's a quick example of how you could do this with jQuery and CSS.
The fixed positioning is solved thanks to an example by stu nicholls at CSS Play. This should leave the div fixed so that it doesnt scroll with the page even on IE 6. IT fades in when the page loads and it fades out when its clicked.

Please don't hesitate to ask any questions if it doesn't make sense.

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>

<script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js"></script>
<script type="text/javascript">
$(document).ready(function() {
        //Make the notice DIV display on page load
	$('#notice').fadeIn(1500);
        //Register a click event on the DIV[id=notice] and make it fade out.
	$('#notice').click( function() {
		$(this).fadeOut(1500);
	});
});
</script>
<style>

#notice {display:block; top:200px; left:200px; height:110px; width:276px; position:fixed; border:2px solid black; padding:10px; z-index:1000; background-color:white; display:none;}
* html #notice {position:absolute;}

</style>
<!--[if lte IE 6]>
   <style type="text/css">
   /*<![CDATA[*/ 
html {overflow-x:auto; overflow-y:hidden;}
   /*]]>*/
   </style>
<![endif]-->
</head>
<body>
<div id="notice">
<img src="http://www.google.com/intl/en_ALL/images/logo.gif" />
</div>

<!-- write out 10 paragraphs to keep code short -->
<!-- there is no other reason to do it this way -->
<script type="text/javascript">
	for( i=0; i<10; i++)
	{
		document.write('<p> Lorem ipsum dolor sit …

Here is a quick jQuery example, the alert shows the top and left position of the image. It also gives you a chance to actually see the javascript set the new position. Let me know if you need any more explanation. You can also check out the documentation for .position() and .css() in the jQuery documentation

<html>
<head>
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js"></script>
<script type="text/javascript">
$(document).ready(function(){
	var img = $('#myPic');
	var pos = img.position();
	alert( 'Image Top: ' + pos.top + ' Left: ' + pos.left );
	$('#floatdiv').css({'top' : pos.top + 25 + 'px', 'left' : pos.left + 25 + 'px'});
});
</script>
</head>
<body>
<img id="myPic" src="web.gif" width="50" height="50" style="top:100px;left:100px;position:absolute;"/>
<div id="floatdiv" style="position:absolute;width:200px;height:50px;padding:16px;background:#FFFFFF;  border:2px solid #2266AA">  
This is a floating DIV  
</div>
</body>
</html>

I see three options that you could pursue but since you posted this in the Javascript forum I'll assume you are not looking for a serverside solution using php etc., correct me if I'm wrong.

With javascript you have two options, you could load the content for both pages into two div's and then hide one and show the other and vice versa when the heading is checked.

The other options would be to load the content with AJAX, but that is probably way to complicated for what you're looking to do.

I personally really like working with jQuery so this example is done using jQuery.

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>

<script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js"></script>
<script type="text/javascript">
$(document).ready(function() {
	$('#about').toggle();

	$('#imgAbout').click( function() {
		$('#about').toggle();
		$('#staff').toggle();
	});
	$('#imgStaff').click( function() {
		$('#about').toggle();
		$('#staff').toggle();
	});
	
});
</script>
</head>
<body>
<ul>
    <li id="imgAbout">Show About</li>
    <li id="imgStaff">Show Staff</li>
</ul>

<div id="about" style="display:none;">
<h1>ABOUT</h1>
</div>
<div id="staff" style="display:none;">
<h1>STAFF</h1>
</div>

</body>
</html>

Hopefully the HTML makes sense, and here is a brief focus on how the javascript works. Notice that i'm loading jQuery via the google CDN, this is so you can copy and paste the entire example and it will work on your computer. You could choose to put the actual jquery download locally if you choose to use this method.

<script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js"></script>
<script type="text/javascript">
$(document).ready(function() {
	$('#about').toggle();

	$('#imgAbout').click( …

<script type="text/javascript">
document.write('Clock');
</script>

But, seriously, how about you do some searching, try to put something together and when you have problems you post what you have so far and we provide you with some assistance.

That would be an AJAX auto complete/auto suggest feature. Have you even tried looking for examples?

Well, if you can execute commands against the server, you could try this:

GRANT ALL PRIVILEGES ON {database}.* TO '{username}'@'{ip address}' IDENTIFIED BY '{password}' WITH GRANT OPTION;

The options are pretty straight forward but just in case:

{database} = db name
{username} = login
{ip address} = YOUR ip address (http;//www.whatismyip.com) (Can use a % to indicate a wildcard aka 192.168.1.%)
{password} = the password

If that doesn't work it can also be achieved by using an INSERT if the user you are connecting to the server with has the appropriate permissions. Its all in the mysql docs with examples and such. Its a long shot but it might get you somewhere.

If the server is configured to allow access from the outside world, then just use the ip of the machine to connect to it.

At least in terms of cPanel you need to add external hosts to the permissions for connections outside of localhost.
I *believe* DirectAdmin was/is the same way.

After taking a quick look at their javascript it looks like they're simply overlaying a transparent image over the base map image when you hover a particular link.

here is the link to the file that seems to be handling the overlay of the images.
http://www.findaproperty.com/fapmaps/js/0/0_1.js

rag:

This example uses jQuery to check all the checkboxes on page load.

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
<script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js"></script>
<script type="text/javascript">
$(document).ready(function() {
	
	$('input:checkbox').each( function() {
		$(this).attr('checked', true);
	});
});
</script>
</head>
<body>
Something <input name="anything" type="checkbox" value="1" /><br/>
Something <input name="anything" type="checkbox" value="1" /><br/>
Something <input name="anything" type="checkbox" value="1" /><br/>
Something <input name="anything" type="checkbox" value="1" /><br/>
Something <input name="anything" type="checkbox" value="1" /><br/>
Something <input name="anything" type="checkbox" value="1" /><br/>
Something <input name="anything" type="checkbox" value="1" /><br/>
Something <input name="anything" type="checkbox" value="1" /><br/>
Something <input name="anything" type="checkbox" value="1" /><br/>
Something <input name="anything" type="checkbox" value="1" /><br/>
Something <input name="anything" type="checkbox" value="1" /><br/>
Something <input name="anything" type="checkbox" value="1" /><br/>
Something <input name="anything" type="checkbox" value="1" /><br/>
Something <input name="anything" type="checkbox" value="1" /><br/>
Something <input name="anything" type="checkbox" value="1" /><br/>
Something <input name="anything" type="checkbox" value="1" /><br/>
Something <input name="anything" type="checkbox" value="1" /><br/>
Something <input name="anything" type="checkbox" value="1" /><br/>
Something <input name="anything" type="checkbox" value="1" /><br/>
Something <input name="anything" type="checkbox" value="1" /><br/>
Something <input name="anything" type="checkbox" value="1" /><br/>
Something <input name="anything" type="checkbox" value="1" /><br/>
Something <input name="anything" type="checkbox" value="1" /><br/>
Something <input name="anything" type="checkbox" value="1" /><br/>
Something <input name="anything" type="checkbox" value="1" /><br/>
Something <input name="anything" type="checkbox" value="1" /><br/>
Something <input name="anything" type="checkbox" value="1" /><br/>
Something <input name="anything" type="checkbox" value="1" /><br/>

</body>
</html>

if you wanted to have a single checkbox that when checked or unchecked toggled every other checkbox we can easily do that too.
…

Hi,

Does anyone have a better idea of the ajax based login code, the one that does error checking etc, and also the member registration authentication. so far i have got an idea of the following!!!

function doLoginAction() {
    $filter = new Zend_Filter_Input($_POST);
    if (!($login = $filter->testAlnum('login'))) {
        echo "Login field should contains only alphanumeric characters.\n";
    } else if (!($password = $filter->testAlnum('password'))) {
        echo "Password field should contains only alphanumeric characters.\n";
    } else if (!('joe' == $login && 'secret' == $password)) {
        echo 'Wrong login/password.';
    } else {
        echo 'url:/Login/Success/';

If you have better ones i will really appreciate

The code you posted is PHP not javascript. Where is the AJAX?

I built this on the jQuery library, its a very simple example with a lot of duplicated code that could be turned into a function or two. Hopefully some people with some older browsers can verify that it works, but it works in FF3, Opera 9.6, IE7 and Safari 3.2.1 without a problem.

I also changed the regex to support #FFF and #FFFFFF
Full source is provided below.

<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js"></script>
<script>
$(document).ready(function() {
	var regex = '^[\#]{1}(?:[0-9a-fA-F]{3}|[0-9a-fA-F]{6})$';

	$('#colour0').bind("keyup", function() {
		//Changes the text color of row 1
		var val = $(this).val();
		if( val.match(regex) )
		{
			$('#row0').css('color', $(this).val());
		}
	});
	$('#colour1').bind("keyup", function() {
		//Changes the text color of row 2
		var val = $(this).val();
		if( val.match(regex) )
		{
			$('#row1').css('color', $(this).val());
		}
	});
	$('#bgcolour0').bind("keyup", function() {
		//Changes the background color of row 1
		var val = $(this).val();
		if( val.match(regex) )
		{
			$('#row0').css('background-color', $(this).val());
		}
	});
	$('#bgcolour1').bind("keyup", function() {
		//Changes the background color of row 2
		var val = $(this).val();
		if( val.match(regex) )
		{
			$('#row1').css('background-color', $(this).val());
		}
	});
	
});
</script>

FULL SOURCE

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js"></script>
<script>
$(document).ready(function() {
	var regex = '^[\#]{1}(?:[0-9a-fA-F]{3}|[0-9a-fA-F]{6})$';

	$('#colour0').bind("keyup", function() {
		//Changes the text color of row 1
		var val = $(this).val();
		if( val.match(regex) )
		{
			$('#row0').css('color', $(this).val());
		}
	});
	$('#colour1').bind("keyup", function() {
		//Changes the text color of row 2
		var val = $(this).val();
		if( val.match(regex) )
		{ …

are you trying to toggle every check box on the page on and off? or just one checkbox?