Search Results

Search found 2967 results on 119 pages for 'accounts'.

Page 106/119 | < Previous Page | 102 103 104 105 106 107 108 109 110 111 112 113  | Next Page >

• Embedding a CMS in an MVC Web App

  - by Mr Snuffle

  I'm working on a website for searching for businesses, then displaying a listing page. We've been toying with the idea of letting the clients manage their listing page using an external CMS. I'm not sure how often this is done, or if it's even best practice. Ideally, we want to be able to setup a listing on our website, then give the clients access to an external CRM when they can manage their listing page. We then want to embed this custom page within our website, possibly using an iframe (which will come along with it's own set of complications). We'd like this integration to be as seamless as possible. I'd personally prefer it if we could directly inject the HTML into our own page and bypass an iframe all together, but I don't know of any CMS hosting services that provide the interface for such a thing. We've experimented a little with Squarespace, and we can get a fairly clean version of someone's page which would be well suited for an iframe. I'm wondering if anyone else has looked and integrating an external hosting CMS into a website (in this case, we're using ASP.NET MVC). We'd also want to automate the creation of accounts on this external CMS, so when a user signed up we could just point them to the website with some login details. I have no idea if anyone offers a service like this, but any recommendations would be greatly appreciated. We could host a service ourself too, but the aim is to have an external system that clients can use to manage their pages. Cheers, James

  Read the article

• [SOLVED]: Delegate OpenID to Google (NOT Google Apps)

  - by Rio

  OK, I searched this question on SO but no good answer. After spent some time I figured out how to do it. I'm going to answer this myself as a way to share it. Not sure if this is the correct way to use SO, but here it goes: Now it is possible delegate OpenID to your Google account (not Google Apps). No, this is not using the demo OpenID provider using App Engine. This is your REAL Google account! First you need to enable your Google Profiles. Try to view your profile and edit it, there should be an option to set your Profile URL. You have two choices there: either use your Gmail account name (without the @gmail.com part) as your profile id, or a random number assigned to you. It's up to you to decide which one to use. Either way, that id is your profile id below. Now add the following HTML code to your delegating page: <link rel="openid2.provider" href="https://www.google.com/accounts/o8/ud?source=profiles" > <link rel="openid2.local_id" href="http://www.google.com/profiles/[YOUR PROFILE ID]" > And it's done. Now try login SO with your custom url!

  Read the article

• Installing Silverstripe on 000webhost.com (free web host)

  - by benwad

  Hi I'm trying to learn how to work Silverstripe so I extracted the tar file to my free hosting account. I then went on install.php and edited the permissions to meet the requirements set out in install.php but I still get two warnings from the 'webserver configuration' section: I can't tell what webserver you are running. Without Apache I can't tell if mod_rewrite is enabled. I can't tell whether mod_rewrite is running. You may need to configure a rewriting rule yourself. I looked in phpinfo() and mod_rewrite appears to be installed. I contacted the web host and they said it was to do with virtual directory paths, and I should add 'RewriteBase /' to the top of my .htaccess file in the public_html directory. However I did this and still had the same problem. The install.php script says that I can install it even with these warnings but when I press 'install' it just refreshes the install.php page. It doesn't even overwrite the .htaccess file. 000webhost.com says they have successfully installed Silverstripe on their user accounts without much configuration but I can't seem to find out how. EDIT: I managed to get to the next page but now there is another warning which is stopping it installing: Friendly URLs are not working. This is most likely because mod_rewrite isn't configuredcorrectly on your site. Please check the following things in your Apache configuration; you may need to get your web host or server administrator to do this for you: * mod_rewrite is enabled * AllowOverride All is set for your directory I also get this error message from the server: Warning: unlink(mysite/_config.php) [function.unlink]: Permission denied in /home/a2716553/public_html/install.php on line 701

  Read the article

• Jquery AutoComplete Plugin calling

  - by martinezgeovani

  When I use JQuery's autocomplete and hardcode the array values in the page it works wonderful; but what I need to do is obtain the array values from either a web service or from a public function inside a controller. I have tried various way and can't seem to make it work. The farthest I got is pulling the data in to a long string and when the auto complete results are provided it's the long string which matches, which I understand why. $("#TaskEmailNotificationList").autocomplete("http://localhost/BetterTaskList/Accounts/registeredUsersEmailList", { multiple: true, mustMatch: false, multipleSeparator: ";", autoFill: true }); has anyone encountered this? I am using C#. UPDATE: The below code is a step forward I am now getting an array returned but I think I'm processing it wrong on my page. var emailList = "http://localhost/BetterTaskList/Account/RegisteredUsersEmailList"; $("#TaskEmailNotificationList").autocomplete(emailList, { multiple: true, mustMatch: false, multipleSeparator: ";", autoFill: true }); [HttpGet] public ActionResult RegisteredUsersEmailList() { BetterTaskListDataContext db = new BetterTaskListDataContext(); var emailList = from u in db.Users select u.LoweredUserName; return Json(emailList.ToList(), JsonRequestBehavior.AllowGet); }

  Read the article

• registration 0.8 alpha activation problem

  - by craphunter

  Got the following error: Exception Type: TypeError at /accounts/account/activate/success/ Exception Value: activate() takes at least 2 non-keyword arguments (1 given) My view: def activate(request, backend, template_name='registration/activation_complete.html', success_url=None, extra_context=None, **kwargs): backend = get_backend(backend) account = backend.activate(request, **kwargs) if account: if success_url is None: to, args, kwargs = backend.post_activation_redirect(request, account) return redirect(to, *args, **kwargs) else: return redirect(success_url) if extra_context is None: extra_context = {} context = RequestContext(request) for key, value in extra_context.items(): context[key] = callable(value) and value() or value return render_to_response(template_name, kwargs, context_instance=context) My url: urlpatterns = patterns('', url(r'^activate/complete/$', direct_to_template, { 'template': 'registration/activation_complete.html' }, name='registration_activation_complete'), # Activation keys get matched by \w+ instead of the more specific # [a-fA-F0-9]{40} because a bad activation key should still get to the view; # that way it can return a sensible "invalid key" message instead of a # confusing 404. url(r'^activate/(?P<activation_key>\w+)/$', activate, { 'backend': 'registration.backends.default.DefaultBackend' }, name='registration_activate'), url(r'^register/$', register, { 'backend': 'registration.backends.default.DefaultBackend' }, name='registration_register'), url(r'^register/complete/$', direct_to_template, { 'template': 'registration/registration_complete.html' }, name='registration_complete'), url(r'^register/closed/$', direct_to_template, { 'template': 'registration/registration_closed.html' }, name='registration_disallowed'), (r'', include('registration.auth_urls')), url(r'^account/activate/(?P<activation_key>\w+)/$', 'registration.views.activate', {'success_url': 'account/activate/success/'}, name='registration_activate2'), url(r'^account/activate/success/$', direct_to_template, {'template': 'registration/activation_complete.html'}, name='registration_activation_complete'), ) What do I do wrong? Thanks!

  Read the article

• Users in database server or database tables

  - by Batcat

  Hi all, I came across an interesting issue about client server application design. We have this browser based management application where it has many users using the system. So obvisously within that application we have an user management module within it. I have always thought having an user table in the database to keep all the login details was good enough. However, a senior developer said user management should be done in the database server layer if not then is poorly designed. What he meant was, if a user wants to use the application then a user should be created in the user table AND in the database server as a user account as well. So if I have 50 users using my applications, then I should have 50 database server user logins. I personally think having just one user account in the database server for this database was enough. Just grant this user with the allowed privileges to operate all the necessary operation need by the application. The users that are interacting with the application should have their user accounts created and managed within the database table as they are more related to the application layer. I don't see and agree there is need to create a database server user account for every user created for the application in the user table. A single database server user should be enough to handle all the query sent by the application. Really hope to hear some suggestions / opinions and whether I'm missing something? performance or security issues? Thank you very much.

  Read the article

• Deploying .NET COM dll, getting error (0x80070002)

  - by Brett

  I have a .NET COM assembly I am attempting to deploy to a web server (IIS 6 Win 2003). We have successfully deployed this assembly to our test environment, but the production environment is not working. The assembly is being called from a classic ASP page. Every time that page tries to initialize the assembly with “Set LTMRender = CreateObject("LTMRender.Render")”, I get an error “Error Type:, (0x80070002)”. This error seems to indicate a permission denied, or file not found type problem. I created a test app to see if the assembly works outside of the web page. The .exe initializes the assembly, and then makes a call designed to fail which in turn causes the assembly to produce a log file. It works if I run the .exe in the same folder as the assembly, but fails if I run it elsewhere. For some reason, the assembly is not accessible from outside it’s folder. I can’t figure out why this won’t work. Things I have confirmed: The deployment folder has adequate permissions. We have confirmed that the folder the assembly in installed in has the correct permissions for all the necessary user accounts. The Assembly is signed with a strong name, and was registered with regasm.exe C:_WebSites\LTMRender\LTMRender.dll /codebase /tlb:C:_WebSites\LTMRender\LTMRender.tlb. Regasm reported success. The Assembly has the attribute and relevant GUID’s set correctly. Any tips? EDIT We ran filemon against my testapp.exe and it seems to have indicated what the problem is. When testapp.exe runs in D:_websites\DocWebV2\ or D:_websites\DocWebV2\ LTMRender\ folder, it succeeds and filemon is showing D:_websites\DocWebV2\LTMRender\pinPDF.dll SUCCESS If I run my testapp.exe in the D:_websites\DocWebV2\Client – where my asp pages run, it shows D:_websites\DocWebV2\pinPDF.dll NAME NOT FOUND and then D:_websites\DocWebV2\pinPDF\pinPDF.dll FILE NOT FOUND I’m not sure why it is not looking in the correct folder if it’s under this particular folder only.

  Read the article

• How to log in to craigslist using c#

  - by kosikiza

  i m using the following code to log in to craigslist, but haven't succeeded yet. string formParams = string.Format("inputEmailHandle={0}&inputPassword={1}", "[email protected]", "removed"); //string postData = "[email protected]&inputPassword=removed"; string uri = "https://accounts.craigslist.org/"; HttpWebRequest request = (HttpWebRequest)WebRequest.Create(uri); request.KeepAlive = true; request.ProtocolVersion = HttpVersion.Version10; request.Method = "POST"; byte[] postBytes = Encoding.ASCII.GetBytes(formParams); request.ContentType = "application/x-www-form-urlencoded"; request.ContentLength = postBytes.Length; Stream requestStream = request.GetRequestStream(); requestStream.Write(postBytes, 0, postBytes.Length); requestStream.Close(); HttpWebResponse response = (HttpWebResponse)request.GetResponse(); cookyHeader = response.Headers["Set-cookie"]; string pageSource; string getUrl = "https://post.craigslist.org/del"; WebRequest getRequest = WebRequest.Create(getUrl); getRequest.Headers.Add("Cookie", cookyHeader); WebResponse getResponse = getRequest.GetResponse(); using (StreamReader sr = new StreamReader(getResponse.GetResponseStream())) { pageSource = sr.ReadToEnd(); }

  Read the article

• Providing File permissions in Installshield

  - by Pawan Kumar

  I have created an installer in Installshield X. I want to give 'write permissions' to few files when the installation is done in Non-Admin Windows accounts ( by default it will have only 'read' permission). If I select individual file and go to properties (inside Installshield),i have permissions tab where they have provided options like Domain , Readonly, Full Control, Modify etc. I have tested these options but it doesn't effect the msi file.(specific files doesn't have write permission). Is there something wrong I am doing? There is another way of doing this, writing the script Set objShell=CreateObject("WScript.Shell") installDir = Session.Property("INSTALLDIR.5A884667_3CC4_41EC_B0F2_BEEAB457BB8C") supportDir = Session.Property("SUPPORTDIR") length = Len(installDir) lastChar = Right(installDir, 1) if (lastChar = "\") Then installDir = Left(installDir, length - 1) end if 'MsgBox supportDir & "\setacl.exe """ & installDir & """ /dir /set S-1-5-32-545 /full /p:yes /sid /silent" objshell.Run supportDir & "\setacl.exe """ & installDir & """ /dir /set S-1-5-32-545 /full /p:yes /sid /silent",0,true Can someone please explain me what is going on here? those last set s-1-5-32-545. Thanks

  Read the article

• Using Active Directory to authenticate users in a WWW facing website

  - by Basiclife

  Hi, I'm looking at starting a new web app which needs to be secure (if for no other reason than that we'll need PCI accreditation at some point). From previous experience working with PCI (on a domain), the preferred method is to use integrated windows authentication which is then passed all the way through the app to the database. This allows for better auditing as well as object-level permissions (ie an end user can't read the credit card table). There are advantages in that even if someone compromises the webserver, they won't be able to glean any additional information from the database. Also, the webserver isn't storing any database credentials (beyond perhaps a simple anonymous user with very few permissions) So, now I'm looking at the new web app which will be on the public internet. One suggestion is to have a Active Directory server and create windows accounts on the AD for each user of the site. These users will then be placed into the appropriate NT groups to decide which DB permissions they should have (and which pages they can access). ASP already provides the AD membership provider and role provider so this should be fairly simple to implement. There are a number of questions around this - Scalability, reliability, etc... and I was wondering if there is anyone out there with experience of this approach or, even better, some good reasons why to do it / not to do it. Any input appreciated Regards Basiclife

  Read the article

• Delegate OpenID to Google (NOT Google Apps)

  - by Rio

  OK, I searched this question on SO but no good answer. After spent some time I figured out how to do it. I'm going to answer this myself as a way to share it. Not sure if this is the correct way to use SO, but here it goes: Now it is possible delegate OpenID to your Google account (not Google Apps). No, this is not using the demo OpenID provider using App Engine. This is your REAL Google account! First you need to enable your Google Profiles. Try to view your profile and edit it, there should be an option to set your Profile URL. You have two choices there: either use your Gmail account name (without the @gmail.com part) as your profile id, or a random number assigned to you. It's up to you to decide which one to use. Either way, that id is your profile id below. Now add the following HTML code to your delegating page: <link rel="openid2.provider" href="https://www.google.com/accounts/o8/ud?source=profiles" > <link rel="openid2.local_id" href="http://www.google.com/profiles/[YOUR PROFILE ID]" > And it's done. Now try login SO with your custom url!

  Read the article

• nhibernate error recovery

  - by Berryl

  I downloaded Rhino Security today and started going through some of the tests. Several that run perfectly in isolation start getting errors after one that purposely raises an exception runs though. Here is that test: [Test] public void EntitesGroup_CanCreate() { var group = _authorizationRepository.CreateEntitiesGroup("Accounts"); _session.Flush(); _session.Evict(group); var fromDb = _session.Get<EntitiesGroup>(group.Id); Assert.NotNull(fromDb); Assert.That(fromDb.Name, Is.EqualTo(group.Name)); } And here are the tests and error messages that fail: [Test] public void User_CanSave() { var ayende = new User {Name = "ayende"}; _session.Save(ayende); _session.Flush(); _session.Evict(ayende); var fromDb = _session.Get<User>(ayende.Id); Assert.That(fromDb, Is.Not.Null); Assert.That(ayende.Name, Is.EqualTo(fromDb.Name)); } ----> System.Data.SQLite.SQLiteException : Abort due to constraint violation column Name is not unique [Test] public void UsersGroup_CanCreate() { var group = _authorizationRepository.CreateUsersGroup("Admininstrators"); _session.Flush(); _session.Evict(group); var fromDb = _session.Get<UsersGroup>(group.Id); Assert.NotNull(fromDb); Assert.That(fromDb.Name, Is.EqualTo(group.Name)); } failed: NHibernate.AssertionFailure : null id in Rhino.Security.Tests.User entry (don't flush the Session after an exception occurs) Does anyone see how I can reset the state of the in memory SQLite db after the first test? I changed the code to use nunit instead of xunit so maybe that is part of the problem here as well. Cheers, Berryl

  Read the article

• Remove undesired indexed keywords from Sql Server FTS Index

  - by Scott

  Could anyone tell me if SQL Server 2008 has a way to prevent keywords from being indexed that aren't really relevant to the types of searches that will be performed? For example, we have the IFilters for PDF and Word hooked in and our documents are being indexed properly as far as I can tell. These documents, however, have lots of numeric values in them that people won't really be searching for or bring back meaningful results. These are still being indexed and creating lots of entries in the full text catalog. Basically we are trying to optimize our search engine in any way we can and assumed all these unnecessary entries couldn't be helping performance. I want my catalog to consist of alphabetic keywords only. The current iFilters work better than I would be able to write in the time I have but it just has more than I need. This is an example of some of the terms from sys.dm_fts_index_keywords_by_document that I want out: $1,000, $100, $250, 100, 101, 102, 103, 104, 105, 106, 107, 108, 109, 110, 111, 112, 113, 114, 129, 13.1, 14, 14.12, 145, 15, 16.2, 16.4, 18, 18.1, 18.2, 18.3, 18.4, 18.5 These are some examples from the same management view that I think are desirable for keeping and searching on: above, accordingly, accounts, add, addition, additional, additive Any help would be greatly appreciated!

  Read the article

• OO Design / Patterns - Fat Model Vs Transaction Script?

  - by ben

  Ok, 'Fat' Model and Transaction Script both solve design problems associated with where to keep business logic. I've done some research and popular thought says having all business logic encapsulated within the model is the way to go (mainly since Transaction Script can become really complex and often results in code duplication). However, how does this work if I want to use the TDG of a second Model in my business logic? Surely Transaction Script presents a neater, less coupled solution than using one Model inside the business logic of another? A practical example... I have two classes: User & Alert. When pushing User instances to the database (eg, creating new user accounts), there is a business rule that requires inserting some default Alerts records too (eg, a default 'welcome to the system' message etc). I see two options here: 1) Add this rule as a User method, and in the process create a dependency between User and Alert (or, at least, Alert's Table Data Gateway). 2) Use a Transaction Script, which avoids the dependency between models. (Also, means the business logic is kept in a 'neutral' class & easily accessible by Alert. That probably isn't too important here, though). User takes responsibility for it's own validation etc, however, but because we're talking about a business rule involving two Models, Transaction Script seems like a better choice to me. Anyone spot flaws with this approach?

  Read the article

• C# WinForms. Multiple Forms in separate threads

  - by Calum Murray

  I'm trying to run an ATM Simulation in C# with Windows Forms that can have more than one instance of an ATM machine transacting with a bank account simultaneously. The idea is to use semaphores/locking to block critical code that may lead to race conditions. My question is this: How can I run two Forms simultaneously on separate threads? In particular, how does all of this fit in with the Application.Run() that's already there? Here's my main class: public class Bank { private Account[] ac = new Account[3]; private ATM atm; public Bank() { ac[0] = new Account(300, 1111, 111111); ac[1] = new Account(750, 2222, 222222); ac[2] = new Account(3000, 3333, 333333); Application.Run(new ATM(ac)); } static void Main(string[] args) { new Bank(); } } ...that I want to run two of these forms on separate threads... public partial class ATM : Form { //local reference to the array of accounts private Account[] ac; //this is a reference to the account that is being used private Account activeAccount = null; private static int stepCount = 0; private string buffer = ""; // the ATM constructor takes an array of account objects as a reference public ATM(Account[] ac) { InitializeComponent(); //Sets up Form ATM GUI in ATM.Designer.cs this.ac = ac; } ... I've tried using Thread ATM2 = new Thread(new ThreadStart(/*What goes in here?*/)); But what method do I put in the ThreadStart constructor, since the ATM form is event-driven and there's no one method controlling it? Thanks, Calum

  Read the article

• How to verify the SSL connection when calling an URI?

  - by robertokl

  Hello, I am developing an web application that is authenticated using CAS (A single-sign-on solution: http://www.ja-sig.org/wiki/display/CAS/Home). For security reasons, I need two things to work: The communication between CAS and my application needs to be secure My application needs to accept the certification coming with CAS, so that I can guarantee that the CAS responding is the real CAS Server. This is what I got so far: uri = URI.parse("https://www.google.com/accounts") https = Net::HTTP.new(uri.host, uri.port) https.use_ssl = (uri.scheme == 'https') https.verify_mode = (OpenSSL::SSL::VERIFY_PEER) raw_res = https.start do |conn| conn.get("#{uri.path}?#{uri.query}") end This works just great in my Mac OSX. When I try to reach an insecure uri, it raises an exception, and when I try to reach a secure uri, it allow me normally, just like expected. The problem starts when I deploy my application on my Linux server. I tried in both Ubuntu and Red Hat. Independing of what uri I try to reach, it always raises me this exception: OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed from /usr/local/lib/ruby/1.8/net/http.rb:586:in `connect' from /usr/local/lib/ruby/1.8/net/http.rb:586:in `connect' from /usr/local/lib/ruby/1.8/net/http.rb:553:in `do_start' from /usr/local/lib/ruby/1.8/net/http.rb:542:in `start' from (irb):7 I think this have something to do with my installed OpenSSL package, but I can't be sure. This are my installed OpenSSL packages: openssl.x86_64 0.9.8e-12.el5 installed openssl-devel.x86_64 0.9.8e-12.el5 installed I tried using HTTParty as well, but it just ignores the SSL certificated. I hope someone can help me, either by telling me a gem that works the way I need. Thanks.

  Read the article

• django url user id versus userprofile id problem

  - by dana

  hello there, i have a mini comunity where each user can search and find another user profile. Userprofile is a class model, indexed differently compared to user model class (user id is not equal to userprofile id) But i cannot see a user profile by typing in the url the corresponding id. I only see the profile of the currently logged in user. Why is that? I'd also want to have in my url the username (a primary key of the user table also) and NOT the id (a number). The guilty part of the code is: what can i replace that request.user with so that it wil actually display the user i searched for, and not the currently logged in? def profile_view(request, id): u = UserProfile.objects.get(pk=id) cv = UserProfile.objects.filter(created_by = request.user) blog = New.objects.filter(created_by = request.user) return render_to_response('profile/publicProfile.html', { 'u':u, 'cv':cv, 'blog':blog, }, context_instance=RequestContext(request)) in urls (of the accounts app): url(r'^profile_view/(?P<id>\d+)/$', profile_view, name='profile_view'), and in template: <h3>Recent Entries:</h3> {% load pagination_tags %} {% autopaginate list 10 %} {% paginate %} {% for object in list %} <li>{{ object.post }} <br /> Voted: {{ vote.count }} times.<br /> {% for reply in object.reply_set.all %} {{ reply.reply }} <br /> {% endfor %} <a href=''> {{ object.created_by }}</a> <br /> {{object.date}} <br /> <a href = "/vote/save_vote/{{object.id}}/">Vote this</a> <a href="/replies/save_reply/{{object.id}}/">Comment</a> </li> {% endfor %} thanks in advance!

  Read the article

• Fatal error: Uncaught exception 'Zend_Gdata_App_HttpException' with message 'Expected response code 200, got 401'

  - by Peak Reconstruction Wavelength

  I am using a php-script that has been working for years, but suddenly it aborts with Fatal error: Uncaught exception 'Zend_Gdata_App_HttpException' with message 'Expected response code 200, got 401' NoLinkedYouTubeAccount Error 401 It starts like this <?php function anmelden_yt($name,$passwort) { $yt_source = 'known'; $yt_api_key = 'key'; $yt = null; $authenticationURL= 'https://www.google.com/accounts/ClientLogin'; $httpClient = Zend_Gdata_ClientLogin::getHttpClient( $username = $name, $password = $passwort, $service = 'youtube', $client = null, $source = $yt_source, // a short string identifying your application $loginToken = null, $loginCaptcha = null, $authenticationURL); abschnitt("Login"); return new Zend_Gdata_YouTube($httpClient, $yt_source, NULL, $yt_api_key); } require_once("Zend/Gdata/ClientLogin.php"); require_once("Zend/Gdata/HttpClient.php"); require_once("Zend/Gdata/YouTube.php"); require_once("Zend/Gdata/App/MediaFileSource.php"); require_once("Zend/Gdata/App/HttpException.php"); require_once('Zend/Uri/Http.php'); require_once 'Zend/Loader.php'; Zend_Loader::loadClass('Zend_Gdata_YouTube'); Zend_Loader::loadClass('Zend_Gdata_AuthSub'); Zend_Loader::loadClass('Zend_Gdata_ClientLogin'); $yt = anmelden_yt($name,$pass); $videoFeed = $yt->getUserUploads('Google'); sleep(0.5); @ob_flush(); @flush(); ?> What could be the reason for this? ..................................................................................................

  Read the article

• Using a class within a class?

  - by Josh

  I built myself a MySQL class which I use in all my projects. I'm about to start a project that is heavily based on user accounts and I plan on building my own class for this aswell. The thing is, a lot of the methods in the user class will be MySQL queries and methods from the MySQL class. For example, I have a method in my user class to update someone's password: class user() { function updatePassword($usrName, $newPass) { $con = mysql_connect('db_host', 'db_user', 'db_pass'); $sql = "UPDATE users SET password = '$newPass' WHERE username = '$userName'"; $res = mysql_query($sql, $con); if($res) return true; mysql_close($con); } } (I kind of rushed this so excuse any syntax errors :) ) As you can see that would use MySQL to update a users password, but without using my MySQL class, is this correct? I see no way in which I can use my MySQL class within my users class without it seeming dirty. Do I just use it the normal way like $DB = new DB();? That would mean including my mysql.class.php somewhere too... I'm quite confused about this, so any help would be appreciated, thanks.

  Read the article

• If attacker has original data and encrypted data, can they determine the passphrase?

  - by Brad Cupit

  If an attacker has several distinct items (for example: e-mail addresses) and knows the encrypted value of each item, can the attacker more easily determine the secret passphrase used to encrypt those items? Meaning, can they determine the passphrase without resorting to brute force? This question may sound strange, so let me provide a use-case: User signs up to a site with their e-mail address Server sends that e-mail address a confirmation URL (for example: https://my.app.com/confirmEmailAddress/bill%40yahoo.com) Attacker can guess the confirmation URL and therefore can sign up with someone else's e-mail address, and 'confirm' it without ever having to sign in to that person's e-mail account and see the confirmation URL. This is a problem. Instead of sending the e-mail address plain text in the URL, we'll send it encrypted by a secret passphrase. (I know the attacker could still intercept the e-mail sent by the server, since e-mail are plain text, but bear with me here.) If an attacker then signs up with multiple free e-mail accounts and sees multiple URLs, each with the corresponding encrypted e-mail address, could the attacker more easily determine the passphrase used for encryption? Alternative Solution I could instead send a random number or one-way hash of their e-mail address (plus random salt). This eliminates storing the secret passphrase, but it means I need to store that random number/hash in the database. The original approach above does not require storage in the database. I'm leaning towards the the one-way-hash-stored-in-the-db, but I still would like to know the answer: does having multiple unencrypted e-mail addresses and their encrypted counterparts make it easier to determine the passphrase used?

  Read the article

• iPhone - Memory Management - Using Leaks tool and getting some bizarre readings.

  - by Robert

  Hey all, putting the finishing touches on a project of mine so I figured I would run through it and see if and where I had any memory leaks. Found and fixed most of them but there are a couple of things regarding the memory leaks and object alloc that I am confused about. 1) There are 2 memory leaks that do not show me as responsible. There are 8 leaks attributed to AudioToolbox with the function being RegisterEmbeddedAudioCodecs(). This accounts for about 1.5 kb of leaks. The other one is detected immediately when the app begins. Core Graphics is responsible with the extra info being open_handle_to_dylib_path. For the audio leak I have looked over my audio code and to me it seems ok. self.musicPlayer = [[AVAudioPlayer alloc] initWithContentsOfURL:[NSURL fileURLWithPath:songFilePath] error:NULL]; [musicPlayer prepareToPlay]; [musicPlayer play] is called later on in a function. 2) Is it normal for there to be a spike in Object Allocation whenever a new view or controller is presented? My total memory usage is very, very low except for whenever I present a view controller. It spikes then immediately goes back down. I am guessing that this is just the phone handling all the information for switching or something. Blegh. Wall of text. Thanks in advance to anyone who helps! =)

  Read the article

• How to record different authentication types (username / password vs token based) in audit log

  - by RM

  I have two types of users for my system, normal human users with a username / password, and delegation authorized accounts through OAuth (i.e. using a token identifier). The information that is stored for each is quite different, and are managed by different subsytems. They do however interact with the same tables / data within the system, so I need to maintain the audit trail regardless of whether human user, or token-based user modified the data. My solution at the moment is to have a table called something like AuditableIdentity, and then have the two types inheriting off that table (either in the single table, or as two seperate tables with 1 to 1 PK with AuditableIdentity. All operations would use the common AuditableIdentity PK for CreatedBy, ModifiedBy etc columns. There isn't any FK constraint on the audit columns, so any text can go in there, but I want an easy way to easily determine whether it was a human or system that made the change, and joining to the one AuditableIdentity table seems like a clean way to do that? Is there a best practice for this scenario? Is this an appropriate way of approaching the problem - or would you not bother with the common table and just rely on joins (to the two seperate un-related user / token tables) later to determine which user type matches which audit records?

  Read the article

• Database design for a media server containing movies, music, tv and everything in between?

  - by user364114

  In the near future I am attempting to design a media server as a personal project. MY first consideration to get the project underway is architecture, it will certainly be web based but more specifically than that I am looking for suggestions on the database design. So far I am considering something like the following, where I am using [] to represent a table, the first text is the table name to give an idea of purpose and the items within {} would be fields of the table. Also not, fid is functional id referencing some other table. [Item {id, value/name, description, link, type}] - this could be any entity, single song or whole music album, game, movie - almost see this as a recursive relation, ie. a song is an item but an album that song is part of is also an item or for example a tv season is an item, with multiple items being tv episodes [Type {id, fid, mime type, etc}] - file type specific information - could identify how code handles streaming/sending this item to a user [Location {id, fid, path to file?}] [Users {id, username, email, password, ...? }] - user account information [UAC {id, fid, acess level}] - i almost feel its more flexible to seperate access control permissions form the user accounts themselves [ItemLog {id, fid, fid2, timestamp}] - fid for user id, and fid2 for item id - this way we know what user access what when [UserLog {id, fid, timestamp}] -both are logs for access, whether login or last item access [Quota {id, fid, cap}] - some sort of way to throttle users from queing up the entire site and letting it download ... Suggestions or comments are welcome as the hope is that this project will be a open source project once some code is laid out.

  Read the article

• An unusual type signature

  - by Travis Brown

  In Monads for natural language semantics, Chung-Chieh Shan shows how monads can be used to give a nicely uniform restatement of the standard accounts of some different kinds of natural language phenomena (interrogatives, focus, intensionality, and quantification). He defines two composition operations, A_M and A'_M, that are useful for this purpose. The first is simply ap. In the powerset monad ap is non-deterministic function application, which is useful for handling the semantics of interrogatives; in the reader monad it corresponds to the usual analysis of extensional composition; etc. This makes sense. The secondary composition operation, however, has a type signature that just looks bizarre to me: (<?>) :: (Monad m) => m (m a -> b) -> m a -> m b (Shan calls it A'_M, but I'll call it <?> here.) The definition is what you'd expect from the types; it corresponds pretty closely to ap: g <?> x = g >>= \h -> return $ h x I think I can understand how this does what it's supposed to in the context of the paper (handle question-taking verbs for interrogatives, serve as intensional composition, etc.). What it does isn't terribly complicated, but it's a bit odd to see it play such a central role here, since it's not an idiom I've seen in Haskell before. Nothing useful comes up on Hoogle for either m (m a -> b) -> m a -> m b or m (a -> b) -> a -> m b. Does this look familiar to anyone from other contexts? Have you ever written this function?

  Read the article

• How best to implement "favourites" feature? (like favourite products on a data driven website)

  - by ClarkeyBoy

  Hi, I have written a dynamic database driven, object oriented website with an administration frontend etc etc. I would like to add a feature where customers can save items as "favourites", without having to create an account and login, to come back to them later, but I dont know how exactly to go about doing this... I see three options: Log favourites based on IP address and then change these to be logged against an account if the customer then creates an account; Force customers to create an account to be able to use this functionality; Log favourites based on IP address but give users the option to save their favourites under a name they specify. The problem with option 1 is that I dont know much about IP addresses - my Dad thinks they are unique, but I know people have had problems with systems like this. The problem with 1 and 2 is that accounts have not been opened up to customers yet - only administrators can log in at the moment. It should be easy to alter this (no more than a morning or afternoons work) but I would also have to implement usergroups too. The problem with option 3 is that if user A saves a favourites list called "My Favourites", and then user B tries to save a list under this name and it is refused, user B will then be able to access the list saved by user A because they now know it already exists. A solution to this is to password protect lists, but to go to all this effort I may as well implement option 2. Of course I could always use option 4; use an alternative if anyone can suggest a better solution than any of the above options. So has anyone ever done something like this before? If so how did you go about it? What do you recommend (or not recommend)? Many thanks in advance, Regards, Richard

  Read the article

< Previous Page | 102 103 104 105 106 107 108 109 110 111 112 113  | Next Page >