Posts by ryantroop

If you look closely at what I suggested in the link, you are not simply hashing the password once with a single salt. In fact, you are hashing 10 times over a composite hash of the salt + pw + pepper, which originates as a salt + pw hash in the first place. All of that hashed with SHA256.

I cant image a rainbow table being of any use against this. Each password will have a global salt applied, followed by a custom pepper, and then hashed against itself.

As I understand it, bCrypt (etc) adds an additional layer of protection with using a guid or something explicit to the system that created it. I could, of course, be wrong on that...

I have enjoyed reading your responses! Thank you for being so open with your knowledge and hard work :)

Three reasons. One, you get an Ajax result that has preformatted html as the response, or a function that does the same. The second reason is laziness. And the third is when it's the right tool for the job.

It's easier to follow what they did in code. They easily could have made the entire anchor tag with innerHTML, but chose to be explicit for the sake of readability.

For a simple PHP example of this in "practice" have a look here:
http://www.daniweb.com/web-development/php/threads/431052/how-to-have-a-password-security#post1847238

It never did get any comments for improvement or correction. It would be interesting to see if this post drums up some new ideas.

Also, I know some languages are pushing for passwords to be hashed using crypt or bCrypt. Do you have any particular opinion on using crypt over manually salt/peppering your passwords?

You may have to look outside the form to figure out what is going on. I can image an on-resize firing, or the phone triggering an orientation change, when the keyboard displays, and whatever gets triggered may be causing you to lose focus on the input field.

Really, you will simply have to debug the old fashioned way and see what is firing when, and figure it out :-/

On line 61 of edit.php you are looking for $_POST["submit"], and I don't think that exists. Try changing it to $_POST["search2"] or just drop the name of the submit button...

It all depends on what your flash obeject is doing.

IE9 flash is not the integrated Pepper flash, which is used in IE10/11. If you are doing something that the integrated "sandbox" doesnt like, you may see unexpected results.

However, after looking, it doesn't seem you are doing anything special. The greater irony is that you are using a flash object to launch a silverlight object... If all that swf does is some artwork with some tweening, it might just be worth your time to remake it with a little more modern look, or even just do it with HTML/CSS to make it more compatable with all browsers.

The other issue- we solve many questions but they never get marked solved. Once the user implements the answer, what motivation do they have to mark it and pay for it?

It all depends on what your actual code looks like (including the HTML).

Printing out [object nodelist] means the value you are passing into the function is an HTML Collection, which tends to be the return from having multiple items that match a get javascript native function (many browsers return collections when you do getElementById("x") where multiple elements have the id "x".

So, it very well could be "right," but without seeing the whole thing or at least the relevant implementation, so we can follow the code directly and see what you are doing.

I do not believe SERVER_NAME includes the protocol (so, no, it should not show http://http://)

this is a crafty way of doing it...
http://stackoverflow.com/questions/1700870/how-do-i-do-outerhtml-in-firefox

function outerHTML(node){
    // if IE, Chrome take the internal method otherwise build one
  return node.outerHTML || (
      function(n){
          var div = document.createElement('div'), h;
          div.appendChild( n.cloneNode(true) );
          h = div.innerHTML;
          div = null;
          return h;
      })(node);
  }

so in your case, you can do:

var acorn = document.getElementById("boxa");
var outputResults = acorn.childNodes;
for (var i=0; i<outputResults.length;i++)
    document.write(outerHTML(outputResults[i]));

I believe you are looking for:
$_SERVER['SERVER_NAME']

DOCUMENT_ROOT will give you a local path on the host machine, which will begin with a drive letter and not a protocol (like http/s).

DOCUMENT_ROOT is more appropriate when doing includes where you will be traversing a file system, not when making calls over a network.

in reality, depending on how you have configured your server, you probably don't need $_SERVER['SERVER_NAME'] and you can probably use a relative path instead.

So...
I would like to work on a program that will work on trilateration using wifi signals (as I understand it, much like Google does for indoor GPS fall-off).

Sadly, I don't think I have the expertise (yet) for this, and I am looking for some input on where to begin. I also have a pretty serious language deficiency, seeing that the langauges I am proficient in are "script" and not among the strongly typed sort.

I am comfortable with Python, but I know I have a lot to learn. I am more in line with PHP/Javascript/SQL, but I have used C/C++, and I am quite happy (and willing) to learn more.

From the research I have done, which is more on the concept side of things, it looks like my current skillset is inadequate. Python is not suited to working at a hardware level, and I haven't a clue how to begin writing driver level software (or how to tap into a driver that currently exists, if at all possible).

So.. where to start.. I have been thinking an Arduno or Raspberry Pi would be a sufficient hardware source to start the process, but then I began to wonder why not just use a cell phone or a PC to show proof of concept?

Im guessing C/C++ is the way to go, but where do I begin. What is the first step in communicating with a WiFi card in a system, to even begin accessing signal strength or …

according to

http://www.php.net/mysql_query

mysql_query will return false if the connection does not have permission to access the table.

It would seem your user for the database may not have correct privilege.

As the error says, instead of having a mysql resource, it is getting a boolean, which is why you are getting the error.

First, even though this is a student account you should probably get in the habit of not posting your connection data for databases (or any password, really).

The error you are getting is most likely caused by a missing module for PHP/MySQL.

So, the first question is - do you have access to this box? Do you have permissions to install files / software?

If not, you may need to ask your teacher / sysadmin what database connection drivers you have available. Since you're on windows, you may have to use ODBC instead of the MySQL driver, in which case you may have a lot more work ahead of you :-/

If you do have access, and can restart, this may be of help to you:
http://stackoverflow.com/a/17638233

TL;DR:
Download this: http://www.dll-files.com/dllindex/dll-files.shtml?libmysql
Install it here: C:\windows\system32.
Restart Apache

What are the errors you are gettings?

From a cursory glance, it looks like you are getting a cursor error due to not freeing the resource after your initial query...

good catch rtrethewey :)

I guess it really does help to read all the words... :-/

I would assume you are getting a NaN as a result of one or all of your parseInt() calls. A number & NaN is NaN which is a failure in your assertion in the switch.

I may just be ignorant of the syntax, but I am not sure what document.frmMacky is.

I am taking, by the context, that you have only one form on the page, with multiple inputs that accept numbers. In that case, you may want to consider using this syntax (the HTML is psudo code, of course):

<form...>
  <input name="foo" value="" type="text" maxlen="3" />
</form>

document.forms[0].elements["foo"].value;

I would even encourage you to break apart the form portion, and use locals so you can do error checking and non-existent variable checks (which will help to reduce those NaN errors by allowing you to replace NaN with 0 or a default value).

To me, this line is error prone:
textfg = (texttgp*.20)+(texttgm*.20)+(texttgsf*.20)+(texttgf*.40);

You have no checking to see what any of those variables are, and you assume way too much. All of those should be checked individually prior to, or during, the addition of their individual values.

Edit: turns out, since I just tried it, you can call a form by its name. Never tried before... not sure how cross browser it is, but that may be just because I don't use that syntax.

Therefore, I stand by my original guess, that you are getting a NaN value.

You are not understanding the fundamental difference between javascript and php. PHP is run before the page loads, and has all of its output before the page loads. Javascript runs at run-time - that is, as the browser "reads" the script, it attempts to execute it (unless means are taken to prevent this, such as making functions or other closures, which can then be called through DOM events).

What you have above is a mix of script that will run whenever, mingled with a PHP value that doesnt exist once the page is rendered.

Without knowing context, there is not way to help you. Is this generated from the PHP? Is this written on the page and expected to execute? Is this a dynaimcally created script that loads via a src?

There are too many variables to really understand what you are trying to do.

If you think of the screen as a grid, or even a DIV as a grid of pixels, you already have your grid in place. From there, your JS simply has to control an absolutely positioned element within a relatively positioned parent. You can do pretty much anything once you get the offsetTop and offsetLeft of an element on the page. From there it's just math and collision detection.

And jquery isnt the end all be all of javascript. Its bloated for specialized use. Potentially, one could argue, it's not at all suitable for game development as it solves many of its problems using pure script instead of using CSS to allow for hardware and browser acceleration.

As I understand it, the ECMAScript that is the backbone of JavaScript is pretty standard among most major browsers. The type of scoping youre talking about should be pretty consistent from IE8+ (probably IE6 and 7), as well as all other flavors you will encounter.

The only way you will know for sure if you are having issues is to come across them. For the most part, Mozilla has been good about providing shims to "fix" broken code in older browsers, so when you come across something "broken" just google it and you will most likely find your solution.

I believe, since you did mysqli_fetch_array() you are getting a 0 index result. If you want to use the column name, use mysqli_fetch_assoc() instead, or change this line:

$xml+='<zip>' . $row['zip'] . '</zip>';

to

$xml+='<zip>' . $row[0] . '</zip>';

and that should work.

Try this..

function seo_title(cIncoming)
{
  var cNew = "";
  cNew = cIncoming.replace(/[!@#$%^&*()_+=,\.<>\/\\\[\]\{\}]/g , ""); //build a regex for unwanted chars add whatever else you need...
  cNew = cNew.replace(/ /g, "-");
  return cNew;
}

the above is not tested. The Regex is probably off due to escaping issues, but see what you get :-P

Try bracket syntax instead.

processorStock[i]['vendor'] === processorStock[i].vendor;

You can then do really wonky and crazy stuff like....

var myVar = "vendor";

processorStock[i][myVar] === processorStock[i]['vendor'] === processorStock[i].vendor;

Im gonna toss my 2cents out, and with fair warning Im not 100% sure, as I don't tend to handle the triggers for our DB, but as any good soldier, Im aware of them and my understand of how they work. :-/

I believe you should set the trigger on the field you are "snooping" as follows:

USE TRY
GO
CREATE TRIGGER cust_update
ON
TRY.custno
FOR UPDATE
AS
RAISEERROR('CUST NO CANNOT BE UPDATED',10,1)
GO

I believe that this should short circuit the update on custno, raise the error, and prevent the update. The trigger for rollback would require that a transaction actually be created explicitly... However, my knowledge and experience in that regard is limited (in fact, it's non-existent, as I have never used a trigger in this fashion).

If the above doesn't work, I appologize. However, I believe it will do what you are attempting to do.

Good luck,

Ryan

First, your notation seems a bit.. off? If that is supposed to be a JSON object to be parse into javascript, it's broken the moment you put = in there.

You also don't actually have a cat 1 anywhere, but you have doubled on cat 3

It seems you have a problem parsing in part due to bad notation, and in part too much complexity.

Whatever you are getting your output from, you need to clean that up first.

JSON notation is always a key:value pair and you can start with an empty object.. the structure should be more like the following, I believe...

var myArrayOfObjects = [{"cat":1, "attr":{"attr1":"val1", 
                                          "attr2":"val2",
                                          "attr3":"val3"
                                         }
                        },
                        {"cat":2, "attr":{"attr1":"val1",
                                          "attr2":"val2"
                                         }
                        ];

and so on and so forth...

Obviously, this can get very messy, long, and difficult to read. Especially since you are making duplicate values, and its all in an array... I question the need for such deep object creation, but I have done it in the past for ease of access to data types, so who am I to really question (right)?

That said, since you are doing an array of objects, your iteration is going to get a little messy, but it's totally doable since you know the structure and what you are expecting.

Since the whole thing is encapsulated in an array...

var Object;
var Category;
var Attributes;
var Attribute, Key, Value;
for (var i=0;i < myArrayOfObjects.length;i++)
{
  //do stuff for each object
  Object = myArrayOfObjects[i];
  //from …

Im not sure I totally followed you, but Im assuming you are wrapping this all with an anchor tag, and using the href as "javascript:void...."

If that is the case, anchors with an href will always try to navigate to a page with the url given. So, you basically are saying "open the javascript link to a blank page" and then the javascript says "open a new page with this url"

The correct way to do this is to change the anchor tag to a div and make the onlick as follows:

<div class="mimicAnchorClass" onclick="window.open(http://url.com,'pageName','myoptions');">
Click me
</div>

alternatively, if you insist on anchor tags, you can simply make the href="#" or even "", and add the onclick to the anchor tag.

I would encourage you to not use the anchor as you will just be fighting with the browser.

Hope that helps!

Good luck,

Ryan

Not after a reply has been made. You can flag it as a bad post, and an admin can change what you need changed.

What URL are you using to access this page?

There are some other system files they keep. To make sure you get rid of it all, I would recommend you use the disk cleaner utility... but, to each their own :-/

Erm.. Yep! I did it, too. It goes by faster than you think. The real kicker is gonna be running disk cleanup on all the archived win7 stuff. :) Enjoy that. If you're a drinker, grab something tasty.

Are you getting an error?

How are you calling settdelete(trankey)?

Also, you may want to check support for .ico as a valid image type in firefox...

Also, in javascript:

var String1 = "a" + " string";

is the same as 

var String2 = "a".concat(" string");

That says, I believe, that in the database jstudent0, the table BOOK doesn't exist.

Are you sure that's the table name? Is it BOOKS?

if you have an internet connection all you have to do is instantiate a connection as normal, then check to see if the resource is available.

If it's not available, try the other one...

Im not quite sure I follow what your plan of attack is...

I tried it in IE, and the select list updated... what did you expect to happen?

I see you got it working :)

Good luck :-D

d'oh!

It also may be a scoping issue.

Try this instead:

<script language="javascript">
var xmlhttp = null;  //make it global
if (window.XMLHttpRequest)
  {// code for IE7+, Firefox, Chrome, Opera, Safari
  xmlhttp=new XMLHttpRequest();
  }
else
  {// code for IE6, IE5
  xmlhttp=new ActiveXObject("Microsoft.XMLHTTP");
  };

if (xmlhttp)
{
  xmlhttp.onreadystatechange=function()
  {
  if (xmlhttp.readyState==4 && xmlhttp.status==200)
    {
      document.getElementById("teh").innerHTML=xmlhttp.responseText;
    }
  }
};

function showTeh(str)
{
  if (xmlhttp)
  {
    xmlhttp.abort();
    xmlhttp.open("POST","inc/getTeh.php?q="+str,true); //this still looks like a GET not a POST
    xmlhttp.send(); //because POST params are sent here
  };
}
</script>

Of course, at this point you may want to just clean up the whole instantiation of an xmlhttp object and make it a pseudo-class or a singleton of sorts, but that's for another lesson :-P

See if the above helps.

Ryan

What is the code on the php side?
can you paste the contents of getTeh.php so we can see what the server is expecting?

If not, do you have this code available somewhere so someone can debug it?

So what you are asking is, is there a way to check a networked SQL connection for status without having a network connection?

Perhaps reword your question a little?

You seem to be doing a post, but sending a get.

Line 19 and 20, try:

xmlhttp.open("POST", "inc/getTeh.php", true);
xmlhttp.send("q="+str);

unless you are in fact doing a get, in which case, change line 19 to:

xmlhttp.open("GET", "inc/getTeh.php?q="+str, true);

good luck!

Ryan

ahhh you want the individual counts output from each table...

so if I understand the result you want is:
playerid,
count references to player in t1
count references to player in t2,
count references to player in t3,
count references to player in player table?

ex:

3 'PlayerID',
21 'Count T1',
55 'Count T2',
66 'Count T3',
7 'Count Player Table'?

The only "good" way of doing what you are saying is to use header redirects.

the database connection will only fire if your logic tells it to. There is nothing wrong with keeping those processes separated, and in general that is good practice (the db connection is created by a function call from an included file that is in a private directory).

however, the "PHP" way of doing things is what I did above. It is by no means the only way, and certainly may not be the right way for tour particular application.

if you are expecting high volume and you are worried about random hits to the db, you will need to code defensively to protect against that. You apparently know your stuff. Go with what you know works :)

:-/ what is the problem you are facing?

I assume home/search/1 is mod_rewite for a php page?

You can have PHP and HTML intermingle, so the form can post to the page that it is resident on, then simply re-render..

<?php
//input.php
if (isset($_POST['formdata']))
{
  //do some input cleaning/error checking/sql stuff here
};
?>
<html>
<head>
<title>My page and form!</title>
</head>
<body>
<form action="input.php" method="post">
<input type="text" name="formdata" /> <!--you can do some error checking stuff with php and have elements display if there is an errror defined in the script... -->
<input type="submit" value="Submit" />
</form>
</body>
</html>

The 302 was redirected to:
http://www.daniweb.com/members/lost_password

Disclaimer: you made this into a mental exercise for me.. I think that all three below will give you the desired result. Anyone is welcome to correct me, especially on the last one...

If I understand your rule (Im grasping here), you want the number of records from all the tables where the playername is given.

so.. using subqueries, I would do it like this:

SELECT
  (SELECT COUNT(*) FROM table1 where playername = 'playername') +
  (SELECT COUNT(*) FROM table2 where playername = 'playername') +
  (SELECT COUNT(*) FROM table3 where playername = 'playername') +
  (SELECT COUNT(*) FROM players where playername = 'playername');

Alternatively...

I dont often do straight SQL with variables (I use stored procedures for all that good stuff...) so someone may have to fix this for me.

iCount int = 0;
SET iCount = COUNT(*) FROM table1 where playername = 'playername';
SET iCount = iCount + (SELCT COUNT(*) FROM table2 where playername = 'playername');
SET iCount = iCount + (SELECT COUNT(*) FROM table3 where playername = 'playername');
SET iCount = iCount + (SELECT COUNT(*) FROM players where playername = 'playername');

select iCount;

Lastly, and probably the most interesting...

SELECT
  p1.playerID,
  p2.playerID,
  p3.playerID,
  p.playername
from
  players as p
    left outer join table1 as p1 on p.playername = p1.playername
    left outer join table2 as p2 on p.playername = p2.playername
    left outer join table3 as p3 on p.playername = p2.playername
where
  p.playername = 'playername';

select FOUND_ROWS(); --total of all rows found from previous query.

EDIT: This …

I also think that MSoft has done a great job in protecting its OS/systems as of late, and people have also become more aware of what they shouldnt be opening or downloading, or clicking... Also, everyone who gets viruses generally has a nerd friend who they lean on for help. I know I fix my fair share of computers all over the place for family and friends.

Hardware will make a comeback when PC gaming becomes popular again, or when custom projects (like arduno / raspberry pi) become more mainstream. Personally, I would love to learn more about robotics or home automation. However, I am stacked up with web based technologies for work and learning C++ instead of being made fun of for "relying" on scripting languages...

I still love PHP and Python, though :-/ </soapbox>

Tried fudging the clock settings again. I got a 302 this time. So.. either what you did worked, or I cannot replicate it any longer since I "fixed" the problem on the OS, and it is now more aware of itself...

I don't know if you had a buffer overflow... it depends on what you are doing with the data... it looks like you are making a hash of a few things, but what data you are tracking using the session is not for me to know (or, quite frankly, care about).

Sorry for raising a red-herring of sorts... at least now if anyone else has trouble you can see from your logs what caused it. Im guessing as more people start upgrading you may get a few more.

Thanks for looking into it :)

Prior to figuring out the clock was out of sync, I was just using the clear cache of the browser.

Post, I cleared and deleted everything.

Im guessing what happened is your session was getting very out of date ranges, and with whatever hashing you are using, or possibly an expected result from a DB call, you were getting a null or zero where one was not expected.

If you would like, I can try to futz up the system clock again and try to replicate the issue. However, without logging on your end I doubt it will be any good to you.

However you would like me to help, I am always open to solving an interesting problem :)