Posts by ryantroop

Proper HTML markup says anchor tags cannot be children of anchor tags (basically, which one are you clicking?) which is why the commented out block isnt working.

You will have to make a more complex structure to do what you are trying to do, and will likely require some javascript as well to manage the height of an overflow hidden container (otherwise, using max-height will be slow when calculating the height for you and will look delayed).

Logically, dollars is just the floor(total/100) and the cents is total modulo dollars. Of course, you get in trouble when dollars is 0 so just do a check and make it modulo 1 instead. I would also do a check to make sure those ints are unsigned otherwise you get other math errors.

If I understand what you want to do, then you are correct - you have hit the limit of SVG as a free form drawing tool. If you want more fine pixel control, you will have to work with a canvas instead - but that also has some serious drawbacks (such as undo/redo/delete, etc... being obnoxiously difficult).

try stream_get_line instead.

http://stackoverflow.com/questions/16560755/fgetsstdin-automatic-line-break

Well, it very well can be old hardware... but.. anyway...

Things that destroy sessions:

-302 server side (a redirect from code).
-Non relative links.
-session_destroy()
-overriding the $_SESSION superglobal (say, assigning it as a variable, and not just a member of the super global. ex: $_SESSION = NULL instead of $_SESSION["User"] = NULL).
-Pretty much anything that sets a header before session_start() is called (which means, in that fancy dancy session function you have, it may be doing some work that happens twice before session_start() actually get called or completed.)

Lastly.. it is entirely possible that your hardware is so strangely slow that by clicking a link before the script has finished executing the next page that a redirect header is output (you will have to check your network activity), and thus destroying your current session by putting a new on that is set after the header is output.

If it's none of that, it might require a peek at your code to see what's up :-/ Or a server configuration...

Why such a long delay between page navigations? What are those links doing?

Ok.. so how are the pages "not fully loaded" when you navigate? I assume the hrefs are just attached to anchor tags?

are the href's absolute path or relative path urls? If absolute, are they consistent? (http/s, www or no www? Same domain or sub domain?).

You will always have purists and evangelists for one thing or another. Let them howl and cry foul. If you stuff works, it works. Don't let fanboys dictate your life choices unless you want to be a fanboy yourself (which is also ok).

Define "fully loading."

Are we talking about a page built dynamically with AJAX? All server side? Are you doing redirects inside your script when you change to the new page? Just a refresh? Is it with all pages or just specific pages? If specific pages, are you doing something to the session on those pages? Are you sure session_start() is the very first line of every php page?

Your question has so... so many variables. Either give some example code to look at, give an example page to see if we can replicate, or be a bit more specific please.

Side note: nothing wrong with your setup. Who cares that you're using MySQL with a Windows server? ;-) As long as it works, and works for you, the setup is irrelevant.

:-/ I.. really don't know what to say here. The difference between a left join and a right join are... I guess a design choice...

however, I still think the answer above is a bit over complicated.. as seen here:

http://sqlfiddle.com/#!9/8ca784/2/0
(it's slow, I know, but let it load)

And to be quite honest, I feel this is as close to a homework query as you can get... so I didn't feel like answering it outright out of principle. Sorry if my assumption is incorrect, but this is pretty simple stuff for SQL :-/

If I am reading it right, it looks like you just want a left outer join on ItemID...

Well... that's a design consideration... if you want a light weight landing page for quick scripts, then make one. Im not sure what heavy weight stuff you are going to be doing, but if it's a database lookup, or processing data in some way, it should be very fast. If you want to break up your pages into a recieve and process structure, that's fine too - you can use cURL at the end of the recieve script, send it off to a processing page, and be done with it. You can also spawn threads and let them take care of it as time permits, and set up a queue.

Again, depending on what you are doing, and how much work really needs to be done, you may be trying to over-optimize before optimization is a problem :-/

PHP is already pretty fast.. what is it that you are looking to do that you are having this cocern?

As I understand it, the php module sits and listens to ports and creates an instance for each request. Therefore, without some sort of data caching, there should be no appreciable difference between the two methods you describe other than the overhead for traversing a directory.

I disagree that changing the header type of the AJAX call is the ONLY change that needs to be changed. The reality is, as long as a request without headers (or default headers) is being returned as plain text, it is a HUGE security vulnerability.

For my 2 cents, I would encourage you to look MORE into the nginx configuration to see if there is a way to set default headers.

After browsing through this:
https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/

You may also want to make a few other changes, as it seems to be a very straight forward primer for nginx configuration do's and don'ts..

from what I see you are already using try_files, and you should probably use that in the check for the file existence before the redirect as well. It is also possible that since you are not doing a "return" or stopping execution after the redirect, it is continuing to process further down the config file and try_files is actually returning the file you asked for, so behind the scenes you are getting a quick redirect, then a read of the file you just processed.

You may also be interested in this answer: http://serverfault.com/a/329970

Out of curiosity, do you have an extension on your php file?

Secondly, I may wager a guess that this is your problem:

if (!-e $request_filename)
{
    rewrite ^(.*)$ /index.php?page=$1 break;
}

If not that directly, it may be something else in that file. I am more familliar with htaccess than module rewrites, so maybe someone better suited can look and see if anything is glaringly obvious.

These links may also be of interest:
http://stackoverflow.com/questions/15714706/nginx-rewrite-to-php-file-file-is-being-downloaded
http://serverfault.com/questions/465607/nginx-document-rootfastcgi-script-name-vs-request-filename

It is entirely possible that somehow when using ajax, the space is accidentally making it possible to access the file as if it were a directory, and turning it into a valid file, therefore giving it binary headers as opposed to processing through the CGI.

If the initial values when the page is parsed are blank, you can use the .reset() method of the FORM (not the individual inputs), which should revert everything back to what the values were at page render.

If you don't have a form, or are looking for a specific input to reset, (as stated above) you simply have to get the input field and set the value to ""

That's a different discussion, and also a discussion about integration of libraries based on need.

Personally, I am not a big jQuery fan, nor any library that tries to do all things for you. Granted, some of the cross browser solutions they implement help, and are great solutions, but I have a hard time importing a full library for single use cases - however, that's because where I work, and how I personally develop, I do not have need or preference for them. Every library has their strengths and weaknesses, and if you learn more javascript and what you want to do with it, feel free to use these libraries to manage layout. Just keep in mind, jQuery was born out of a time when browsers were vastly different, and stylistic behaviors often varied from IE to Firefox or whatever else was around. Most of this is no longer a problem as standards are becomming more prevalent and behaviors are predictable.

So.. the tl;dr: personal choice. If you want to use them, use them. But learn the fundamentals of javascript so you understand what it is doing, so you can debug their jarbled mess when stuff doesn't work as you expect.

You ever get this figured out? If not, do you have a sample page where this is occuring?

Responsive design, when done "right," is usually 90-100% HTML and CSS. JavaScript is used for accent work and/or for data manipulation/management.

From there you need to learn server side code - PHP would probably be the easiest to pick up and run with, but Python, ASP, Perl, Ruby... whatever server side language you have access to and are willing to learn... are the next step.

Is the data coming in exactly the same? I cant imagine that two finger print readings are completely identical.

I don't know enough about your device or their API (or, really, the whole physical security thing as a whole), but I assume that the proper mechanics of this would be scan->process->save and then scan->process->match where "process" is some sort of algorithm that finds matching unique indicators of finger prints. The actual image itself is fairly worthless, IMO, unless you want to scan the entire database every time someone scans, and then reprocess the image and compare it to the new sample (which seems obnoxiously slow... but hey, it might be a more secure route :-/ )

No problemo! Glad you figured it out.

http://vanilla-js.com/

So you are seeing <?php ... ?> as the responseText of the ajax call? Are you using htaccess for a redirect? Does your rule apply here?

If you have a demo page of this it would help. Otherwise, are you sure youre actually sending and receiving? If so, you may have to send headers making the ajax call use the same enctype as a for post and the php will receive it. Depending on your server configuration, php may ignore incoming requests without a valid enctype or understandable headers.

Yeah. Don't use z-index. Instead, just do the opacity shift on both elements. The only way to make this work, though, is to make sure they are absolutely positioned, one on top of the other.

also a note on this check (and similar)

            var fn = document.forms["form1"]["firstName"].value;
            if (fn == null || fn == "") {
                alert("First name must be filled out");
                return false;
            }

fn will never be "null." In fact, null is a special type in javascript, in that it it cannot be anything until you explicity initialize something as null. You are looking for "undefined." The proper, "javascriptian", way to do this is:

var form = document.forms["form1"];
if (!form)
    return false;

var fn = form["firstName"];
if (!fn || fn.value == "") {
alert("First name must be filled out");
return false;
}

This way, should your form not exist you will not throw an exception. If the firstName input does not exist, you also will not throw exception by looking for a method of "undefined." This protects you from errors in your code, and page failure from the JS engine just giving up.

Lastly, since you are doing regex for phone numbers and email, you may want to consider doing it for fn/ln as well, or at the very least do a String.replace on all white space in the string. The reason for this is right now " " (just a space) passes your check. Im not sure how worried you are about that, but it's a possibility.

Well.. the way you are doing it is requiring 11 digits exactly. This means you are expecing an area code that is in a "proper" format, being 1 first, then the area code, then the 7 digit number. Not all people do this, and this is doomed to be a frustrating experience for your users.

Since you are using javascript, you have a lot of things available to you to prevent non number entry into a text field. Look into key Events (onkeydown, in particular) and the associated keyCodes. You can simply eat the keystroke if the code does not map to a non-numeric entry. Now, for validation, you still have a few options. If you are insistent on doing regex, then you need to change your exact match of {11} to something more flexible. You can do something like /^\d{10,11}/ which will ask for a number that is 10 or 11 characters in length. Personally, if you're going to do regex like this, I think you should look for all formats (with and without dashes, and + for country code). You can find examples of this exact regex all over the internet.

Now, for a note on security, and a kind reminder to the development community at large - javascript (or client side) validation is not secure. Please remember that no matter what sort of validation checks you do in javascript, you will need to do the exact same ones on the server, or enforce type restrictions on you …

SSL will do a number of things for you, including encrypting any plain text data moving between client and server.

If you simply want to obscure (or have a referential pointer to) data, you can do this very easily - but it's not security (most call it security through obscurity; aka doomed to fail).

As far as the GET/POST parameters are concerned, they will always be plain text to the client. If they need to be encrypted at run time, they have to be parsed on the page in their encrypted state, and your receiving script will have to know how to decrypt the data. Making a caesar ciper (http://practicalcryptography.com/ciphers/caesar-cipher/) is not all that complicated, but it's also easy to crack. If you want true encryption, you will have to read up on PHP's encryption/decryption methods and how to implement them. For what you are using them for, however, seems a bit overkill - but to each their own...

Sounds like you need to learn how to read argvars, open a file handle, read a file handle, parse a string in a buffer, and increment a value.

Good luck!

Then do an if check before the select that checks if its empty. If it is set the value to null.

try

PD.Profile = ifNull(strProfile, PD.Profile)

Any HTML form has all of the values acessable through javascript. In your particular case, you have a form with the name "payment_form" so you can do something like this...

<script>
var Form = document.querySelectorAll("form[name='payment_form']");
var TextArea = document.querySelectorAll("textarea[name='outputtext']");
for (var i = 0; i < Form.elements.length; i++)
  TextArea.value = TextArea.value + Form.elements[i].value + "\n\r";

</script>

Or something similar.. basically iterating through the form object's "elements" or values and adding them to another element on the page. Note, though, you will likely have to move the text area OUT of the form, or do some checking within the for loop to make sure you are not trying to write the contents of the text area to itself, or you will be a sad coder :( -- you can also just not do it through a loop and only put the relevant data into the text area by hand (Form.elements["inputName"].value)

Is this what you are asking?

However, this data will not persist. It will only be around as long as the page is not closed. Also, the data would never reach the server and you would never know it ever existed.

NOTE: if the \n does not make a newline, you can always use the HTMLEntities version instead (&#10; and &#13;)

Then you need him to support his code. And not use awful error suppressing for no reason. If that code is producing errors, you got a lot of other things to worry about :-/

in:
.thumbnail .info

with the negative margin, also add "position: relative"

https://jsfiddle.net/6jbgqz0g/

<div class="parent">
  <div class="bottom"></div>
</div>

.parent
{
  position: relative;
  display: block;
  width: 300px;
  height: 200px;
  background-color: #25f;
}

.bottom
{
  position: absolute;
  width: 50px;
  height: 10px;
  left: 50%;
  margin-left: -25px;
  bottom: 0;
  background-color: #4ff;
}

So at this point I'm gathering that you did not initially write this, nor do you understand how the static keyword works in php functions. In order to explain some of this, I will have to explain some other things so I can get my point across clearly.

First - $pdo outside the function...
If you are not familliar with scope, you're going to get a crash course. In a blank <?php ?> block, any variable declared is considered in the "global" scope. This means any declared function, any sub function, any include, any whatever, can access the value of that variable without explicitly being passed into the function.

When functions run, they do something, and then the memory to said function gets released and "garbage collected." If inside of the function's scope you add the "static" keyword to a declared variable, it gets put in a psudo global state - basically, you tell PHP to NOT garbage collect it. This does a few things... one, it prevents the function from being "garbage collected," and second, it gives access to the variable outside of the function. In this programmer's opinion, this is bad design - if you want a global variable, make a global variable - making one on the fly from within a function is asking for trouble when debugging.

Now, the why - whoever wrote this for you had the intention of $pdo of being reused - and also to save trips to the database every time …

Some social media APIs (twitter) actually encourage this. Facebook is not one, however. But he may be data mining or using it for whatever reason..

So... solved? I don't think phpmyadmin shows blob text as text by default. You will need to figure out how to configure the query to show the blob as actual text.

turn your array into a string, make your column a blob. On the retrieve, you will have to unstringify your array.

The php methods you are looking for implode() and explode()

You will need to communicate more clearly what you are trying to accomplish.

The height of the inner boxes is irrelvant. I could have done 50% and given the container box a height, which in turn could be relative in height to another container.

Also, you clearly modified the code I provided as

.container .Box:first-of-type { height: 250px; }

is most definitely not in the fiddle I provided.

I would encourage you to play with the fiddle a bit, and learn some CSS. There are many many ways to do what you are (likely) asking using pure CSS without any javascript hackery.

If you REALLY need fluid layout and you want size indepenence, you may want to look into flex-box layouts, but they are still currently difficult to use due to cross browser compatability (and vendor prefixing).

Edit:

here is the same thing, using the container element to provide height for the inner elements:
https://jsfiddle.net/08c1g4cm/1/

The .Circle class can also be modified to take height from the parent using % but I did not know if that is what you want/need. Also, if you are going to have text, you will need some way to scale that as well (such as using em instead of px).

Personally, I don't think you should be using the sesson variable like this. It is likely the root of your problem as well.

If you need a "stateful" system, that's what the database is for - even for temporary things. It's ok to delete from the database.

All I see there is a container div and 3 child divs. Two relative positioned divs are block with height and width, one is absolutely positioned with appropriate margins / positions set (either with calc() on margin or top/left) - it also has a border radius of 50%

I am unsure if I understand your question correctly.. as this seems pretty straight forward.

Is this what you are talking about?
https://jsfiddle.net/08c1g4cm/

So I assume you know why this happens, but if not (and for future readers), I will state it:

Any text output from PHP will also send along headers. Once this is done, headers cannot be modified or resent. This is just the way the PHP world works.

Now, to diagnose your problem...

I do not know what connection.php is doing, but that may have your problem in there if it outputs an error message. You also don't exit after your header redirect (which is, in my opinion, a bad thing), so something later on down the line may be triggering the output.

The only way to know is to put "exit();" at various points in the script above, and see if anything appears on the page. Start at the top (after the include), and then move it down one if check at a time. Please note: lets say you start at line 4 with exit(); and nothing appears, you will have to remove that exit() and then put another one further down. exit() essentially kills your script in place so if you forget to remove it, you will be a sad panda :(

The whole point of the private key is that it is stored only on the desitination server (or, in oAUTH's case, it is also stored on the Provider's box who acts as the authenticator, so it's in 2 places) - i.e., it is private. If the user in question got a hold of the private key, you likely have other security breeches to worry about (like, the fact that they have user access to your destination machine, or the machine of the Provider).

It sounds like you are fishing for flaws in security systems. There is a reason we rely on standards, and what everyone is telling you is current best practices and standards - that's because they are, for the most part, vetted and proven safe. Regardless if we are talking about MITM attacks or not, the method of securing the transmitted data remains the same. Somehow, some way, you encrypt the data you want to send, and it is unencrypted on the other end. If it doesn't match up or is somehow broken, it's considered insecure. End of story.

In regards to your "hypothetical," it is impossible to know how the individual in question did what they did without some form of forensics to back up the claim, or some sort of proofing that duplicates his actions. It's really just that simple - there is no way, short of a mental exercise in futility, that anyone here will stumble upon the exact way someone cracked one single stream …

Of course... I was a bit tired when I wrote the above and re-reading it, I meant "when you try to insert a username already in the table it will return an error," and "email address" should be "username."

Sorry for the morning stupids.

Your second question is probably easiest to address:

You said something that is of interest to me: "allow multiple admins with the same username". I actually do not want to allow multiple admins with the same username. Please, how do I correct that?

You said something that is of interest to me: "allow multiple admins with the same username". I actually do not want to allow multiple admins with the same username. Please, how do I correct that?

You do this in two ways - one at the database level and one in your code. At the database level, you put a unique index on the table, which means everything in the column indexed must be unique (tada!) And it will raise an error whenever you try to insert a non-unique value. That said, you should probably get into the habbit of uppercasing or lowercasing all the email addresses when they are sent to your table, thus preventing oddities like "ryan" and "Ryan" being identified as 2 distinctly different strings.

Then, in your code, before you insert a new admin, you would do a select against your admin table to see if that username/email/whatever already exists. If it does, don't do the insert, return some sort of kind error message to your user.

Now for your first issue:

your "query()" function appears to not be returning an associative array as you believe. var_dump very clearly shows it instead returned the PDO object. Therefore, your logical check of if …

Ok, simple answer for you - they use TCP. By design and specification, TCP is required to reach the target in the specified order it was sent. In contrast, UDP does not, and therefore is not "guaranteed." For added security, they "sign" their data (much like a real-time checksum).

Does that answer your question?

Likely because his personal private key did not match the key on the server, and the server did not originally care to authenticate. With a patch, they suddenly care, and then were able to block users due to malformed or incorrectly encrypted data.

Or, the encryption type used was not very good (such as MD5), and was easily cracked by modern standards. If they updated their encryption method, they could simply look at the resulting login string to know which hashing algorithm was used and ban/deny any that came from MD5... without knowing their code, and their specific setup, it's impossible to know what method of intrusion detection they have, or how they were able to figure out where a bad request was coming from.

Disclaimer: This is my understanding of how all this works - if I am mistaken, or uninformed, I would love to be better educated on the topic.

So the way you as a programmer defensively do this is to use a method similar to oAUTH 2.

You have a package (your data), which is encrypted with a key. The bundled package is sent along with the unencrypted state (or you can encode it or whatever you like (base64 is popular)), as well as the PUBLIC key for the recipient machine to decode your data, and the encryption method (which you can ommit if you know the method since it's your application, but obscurity will only get you so far).

Over HTTPS, this will go a step further and do a handshake to verify the machine that it is receiving data from is consistent. As far as Man in the Middle attacks, you will forever be vulnerable because you do not set up direct connections between machines when communicating over the internet. There are routers, load balancers, and every other type of machine out there. It will happen. It does happen. Move on with your day and code defensively to expect it to happen.

Now, lets look at what your little data package is gonna do. Since it is encrypted and encoded, the man in the middle would have to be able to do a number of things quickly. Intercepting the data is one thing - since you have to send …