Search Results

Search found 22998 results on 920 pages for 'supervised users'.

Page 347/920 | < Previous Page | 343 344 345 346 347 348 349 350 351 352 353 354  | Next Page >

• Running unittest with typical test directory structure.

  - by Major Major

  The very common directory structure for even a simple Python module seems to be to separate the unit tests into their own test directory: new_project/ antigravity/ antigravity.py test/ test_antigravity.py setup.py etc. for example see this Python project howto. My question is simply What's the usual way of actually running the tests? I suspect this is obvious to everyone except me, but you can't just run python test_antigravity.py from the test directory as its import antigravity will fail as the module is not on the path. I know I could modify PYTHONPATH and other search path related tricks, but I can't believe that's the simplest way - it's fine if you're the developer but not realistic to expect your users to use if they just want to check the tests are passing. The other alternative is just to copy the test file into the other directory, but it seems a bit dumb and misses the point of having them in a separate directory to start with. So, if you had just downloaded the source to my new project how would you run the unit tests? I'd prefer an answer that would let me say to my users: "To run the unit tests do X."

  Read the article

• getting windows username with javascript

  - by jbkkd

  I have a site which is built in ASP.net and C#. Let's call it webapp. it uses a Form system to log on into it, and cannot be changed easliy. I got a request to change the log in to some kind of windows authentication. I'll explain. Our windows login uses active directory for users to log into their windows account. their login name is sXXXXXXX. X are numbers. in my webapp, I want to take the users numbers from their active directory login, and check if those exist in the webapp database. if it exists, they will automatically log in. If it doesn't, they will be referred to the regular login page for the webapp system which is currently in use. I tried changing my IIS to disable anonymous login and enabling windows authentication, therefore making the user browser to send it's current logged in user name to my webapp. I changed the web config as well from "Forms" to "Windows", which made my whole webapp obsolete as the whole forms system did not work. My question is this - is there a different way for the browser only to send the username to my webapp? I thought maybe javascript, I just don't know how to implement that, if it's even possible. I know it's not very secure, but all this platform and system is built outside the internet, it's on a private network.

  Read the article

• android use local service to refresh map UI

  - by urobo

  I don't need a strict code related answer I just need somebody to tell me what I am missing. My application has to retrieve from a web service (xmlrpc) the positions of some users I know and update their position on a MapView. So I decided to use a Service and an Activity extending MapActivity to show results. I thought about two solutions: I ) start the service and make it ask every minute for these positions and send them to the activity as a bundle via intent. (This didn't work out well, since once shown I couldn't find a method to let the activity continue refresh itself until she stop receiving intents+data from the service) II ) Incorporate a thread within the activity which starts the service via context.startService(...) every minute. And the MapUI refresh itself once the service send back an intent and stop itself. (Maybe I will fall in the same problem category as before I haven't tryied yet). I am also giving directions (via maps.google ws) in this way I'd like to refresh only users positions on the map and save the route. What Am I missing do you have any suggestions? related to activities/services internal mechanics, don't know launch modes, use broadcast receivers or intent filters? Thanks in advance

  Read the article

• Basic user authentication with records in AngularFire

  - by ajkochanowicz

  Having spent literally days trying the different, various recommended ways to do this, I've landed on what I think is the most simple and promising. Also thanks to the kind gents from this SO question: Get the index ID of an item in Firebase AngularFire Curent setup Users can log in with email and social networks, so when they create a record, it saves the userId as a sort of foreign key. Good so far. But I want to create a rule so twitter2934392 cannot read facebook63203497's records. Off to the security panel Match the IDs on the backend Unfortunately, the docs are inconsistent with the method from is firebase user id unique per provider (facebook, twitter, password) which suggest appending the social network to the ID. The docs expect you to create a different rule for each of the login method's ids. Why anyone using 1 login method would want to do that is beyond me. (From: https://www.firebase.com/docs/security/rule-expressions/auth.html) So I'll try to match the concatenated auth.provider with auth.id to the record in userId for the respective registry item. According to the API, this should be as easy as In my case using $registry instead of $user of course. { "rules": { ".read": true, ".write": true, "registry": { "$registry": { ".read": "$registry == auth.id" } } } } But that won't work, because (see the first image above), AngularFire sets each record under an index value. In the image above, it's 0. Here's where things get complicated. Also, I can't test anything in the simulator, as I cannot edit {some: 'json'} To even authenticate. The input box rejects any input. My best guess is the following. { "rules": { ".write": true, "registry": { "$registry": { ".read": "data.child('userId').val() == (auth.provider + auth.id)" } } } } Which both throws authentication errors and simultaneously grants full read access to all users. I'm losing my mind. What am I supposed to do here?

  Read the article

• Insertion sort invariant assertion fails

  - by user1661211

  In the following code at the end of the for loop I use the assert function in order to test that a[i+1] is greater than or equal to a[i] but I get the following error (after the code below). Also in c++ the assert with the following seems to work just fine but in python (the following code) it does not seem to work...anyone know why? import random class Sorting: #Precondition: An array a with values. #Postcondition: Array a[1...n] is sorted. def insertion_sort(self,a): #First loop invariant: Array a[1...i] is sorted. for j in range(1,len(a)): key = a[j] i = j-1 #Second loop invariant: a[i] is the greatest value from a[i...j-1] while i >= 0 and a[i] > key: a[i+1] = a[i] i = i-1 a[i+1] = key assert a[i+1] >= a[i] return a def random_array(self,size): b = [] for i in range(0,size): b.append(random.randint(0,1000)) return b sort = Sorting() print sort.insertion_sort(sort.random_array(10)) The Error: Traceback (most recent call last): File "C:\Users\Albaraa\Desktop\CS253\Programming 1\Insertion_Sort.py", line 27, in <module> print sort.insertion_sort(sort.random_array(10)) File "C:\Users\Albaraa\Desktop\CS253\Programming 1\Insertion_Sort.py", line 16, in insertion_sort assert a[i+1] >= a[i] AssertionError

  Read the article

• load data from grid row into (pop up) form for editing

  - by user1495457

  I read in Ext JS in Action ( by J. Garcia) that if we have an instance of Ext.data.Record, we can use the form's loadRecord method to set the form's values. However, he does not give a working example of this (in the example that he uses data is loaded into a form through a file called data.php). I have searched many forums and found the following entry helpful as it gave me an idea on how to solve my problem by using form's loadRecord method: load data from grid to form Now the code for my store and grid is as follows: var userstore = Ext.create('Ext.data.Store', { storeId: 'viewUsersStore', model: 'Configs', autoLoad: true, proxy: { type: 'ajax', url: '/user/getuserviewdata.castle', reader: { type: 'json', root: 'users' }, listeners: { exception: function (proxy, response, operation, eOpts) { Ext.MessageBox.alert("Error", "Session has timed-out. Please re-login and try again."); } } } }); var grid = Ext.create('Ext.grid.Panel', { id: 'viewUsersGrid', title: 'List of all users', store: Ext.data.StoreManager.lookup('viewUsersStore'), columns: [ { header: 'Username', dataIndex: 'username' }, { header: 'Full Name', dataIndex: 'fullName' }, { header: 'Company', dataIndex: 'companyName' }, { header: 'Latest Time Login', dataIndex: 'lastLogin' }, { header: 'Current Status', dataIndex: 'status' }, { header: 'Edit', menuDisabled: true, sortable: false, xtype: 'actioncolumn', width: 50, items: [{ icon: '../../../Content/ext/img/icons/fam/user_edit.png', tooltip: 'Edit user', handler: function (grid, rowIndex, colIndex) { var rec = userstore.getAt(rowIndex); alert("Edit " + rec.get('username')+ "?"); EditUser(rec.get('id')); } }] }, ] }); function EditUser(id) { //I think I need to have this code here - I don't think it's complete/correct though var formpanel = Ext.getCmp('CreateUserForm'); formpanel.getForm().loadRecord(rec); } 'CreateUserForm' is the ID of a form that already exists and which should appear when user clicks on Edit icon. That pop-up form should then automatically be populated with the correct data from the grid row. However my code is not working. I get an error at the line 'formpanel.getForm().loadRecord(rec)' - it says 'Microsoft JScript runtime error: 'undefined' is null or not an object'. Any tips on how to solve this?

  Read the article

• Major JQuery bug on IE not reproducible - What can i do in this situation to solve this bug?

  - by ming yeow

  I am hoping to get some help on this issue. Some users on IE have been reporting this javascript issue, but I have been unable to re-produce it. In essence, for some class of windows IE users, the game doesn't work (or $.ajax() is not working). What I know: I swapped out an ajax call (ajax_init_trainer) and used a standard link with some request parameters to do the initialization and ppl seemed to get passed the problem until they hit the next ajax call. I read somewhere that IE does crazy caching so you need to make the urls unique, which is why i added the _requestno parameter. However, setting the cache:false is said to also do this. This didn't fix it for someone who was complaining. function done(res, status) { var data = JSON.parse(res.responseText); hide_loading(); if (status == "success") { window.location.href="/bamo/battle/?{{ fb_sig}}"; } else { display_alert("Problem!",data.msg,$("#notifications")); } }; $(".monster_select_class").click(function() { $(this).attr("src","{{MEDIA_URL}}/bamo/button_select_click.png"); monster_class = $(this).attr("monster_class"); monster_type = $(this).attr("monster_type"); ajax_init_trainer(monster_class,monster_type); }); function ajax_init_trainer(trainer_class,monster_type) { var data = {trainer_class:trainer_class,monster_type:monster_type}; var d = new Date(); var args = { type:"POST",url:"/bamo/api/init_trainer/?_requestno="+d.getTime(),data:data,contentType:"application/json;", dataType: "json",cache:false,complete:done}; $.ajax(args); return false; };

  Read the article

• Minimizing server load in case of many XMLHttpRequest calls

  - by user1888975

  I am making a website where users are to like some articles. Whenever the like button is clicked I am sending a XMLHttpRequest to the server to run a file called like_clicked.php along with the get data of article id and user id. This file takes article id and user id and updates the sql database and also adds a node in an xml file related to the user. This is the first time I am doing something for mass usage. I am worried about the server load when too many users call the like_clicked.php file. Please help me, if this method is ok. I am also thinking of an alternative in case the above method fails. I am thinking of making many like_clicked files (namely like_clicked1.php, like_clicked2.php ... ) to minimize load on a single i-node. Is there a method to detect that it is better to call the next like_clicked file. Here we would need to detect how many calls per unit time are coming for the particular file. How do we handle this? Thanks in advance.

  Read the article

• Shortest Distance From An Array

  - by notyou61

  I have an ajax function which returns the latitudes and longitudes of locations stored in a database. These are returned and placed in an array. A calculation is performed to return their distance from the users current location based on the latitude/longitude. I would like to return only the record with the shortest calculated distance. My code is as follows: Ajax Success // Success success: function (data) { // Obtain Log/Lat navigator.geolocation.getCurrentPosition(function(position) { // Obtain Current Position Lat/Lon glbVar.latitude = position.coords.latitude; glbVar.longitude = position.coords.longitude; // Console Log //console.log('Lat: ' + glbVar.latitude + ' Lon: ' + glbVar.longitude); // Obtain Location Distances for ( var i = 0; i < data.length; i++ ) { // Location Instances var varLocation = data[i]; // Location Distance varLocation.distance = calculateDistance(glbVar.longitude, glbVar.latitude, varLocation.locationLongitude, varLocation.locationLatitude); } // Sort Locations By Distance var sortedData = data.sort(function(a, b) { // Return Locations return a.distance - b.distance; }); // Output Results $.map(sortedData, function(item) { // Obtain Location Distance varLocationsDistance = calculateDistance(glbVar.longitude, glbVar.latitude, item.locationLongitude, item.locationLatitude); // Obtain Location Radius Assignment if (varLocationsDistance <= varLocationRadius) { // Function Return functionReturn = $({locationID : item.locationID + ', Distance : ' + varLocationsDistance + ' m'}); // Return // Function to get the Min value in Array Array.min = function( sortedData ){ functionReturn = Math.min.apply( Math, sortedData ); // console.log(functionReturn); }; } }); }); } The calculateDistance function returns the distance from the users current location and those from the database. The varLocationsDistance <= varLocationRadius "If" statement returns records within a certain distance radius (100 meters), within that statement I would like to return the shortest distance. I am a self taught amateur web developer and as a result may not have provide enough information for an answer, please let me know. Thanks,

  Read the article

• Finding out the windows group by virtue of which a user is able to access a database in sql server?

  - by Raghu Dodda

  There is a SQL Server 2005 database with mixed-mode authentication. Among others, we have the following logins on the server: our-domain\developers-group-1, and our-domain\developers-group-2 which are AD groups. The our-domain\developer-group-2 is added to the sysadmin role on the server, by virture of which all domain users of that group can access any database as SQL Server implictly maps the sysadmin role to the dbo user in each database. There are two users our-domain\good-user and our-domain\bad-user The issue is the following: Both the good-user and the bad-user have the exact same AD group memberships. They are both members of our-domain\developers-group-1 and our-domain\developers-group-2. The good-user is able to access all the databases, and the bad-user is not. The bad-user is able to login, but he is unable access any databases. By the way, I am the good-user. How do I go about finding out why? Here's what I tried so far: When I do print current_user, I get dbo When I do print system_user, I get my-domain\good-user When I do select * from fn_my_permissions(NULL, 'SERVER'), I see permissions. But if do execute as user='my-domain\good-user'; select * from fn_my_permissions(NULL, 'SERVER'), I dont see any permisisons. And When I do, execute as user='my-domain\bad-user'; select * from fn_my_permissions(NULL, 'SERVER'), I dont see any permisisons. Also, I was wondering if there is a sql command that will tell me, "hey! the current database user is able to access this database because he is a member such-and-such ad-group, which is a login that is mapped to such-and-such user in this database".

  Read the article

• Authentication and Security in my website - need advice please.

  - by Ichirichi

  Hi, I am using database with a list of username/passwords, and a simple web form that allows for users to enter their username/password. When they submit the page, I simply do a stored procedure check to authenticate. If they are authorised, then their user details (e.g. username, dob, address, company address, other important info) are stored in a custom User object and then in a session. This custom User object that I created is used throughout the web application, and also in a sub-site (session sharing). My question/problems are: Is my method of authentication the correct way to do things? I find users complaining that their session have expired although they "were not idle", possibly due the app pool recycling? They type large amounts of text and find that their session had expired and thus lose all the text typed in. I am uncertain whether the session does really reset sporadically but will Forms Authentication using cookies/cookiless resolve the issue? Alternatively should I build and store the User Object in a session, cookie or something else instead in order to be more "correct" and avoid cases like in point #2. If I go down the Forms Authentication route, I believe I cannot store my custom User object in a Forms Authentication cookie so does it mean I would store the UserID and then recreate the user object on every page? Would this not be a huge increase on the server load? Advice and answers much appreciated. L

  Read the article

• Having troubles inheriting base class

  - by Nick

  When I inherit the base class, it's telling me there is no such class This is enhanced.h: class enhanced: public changeDispenser // <--------where error is occuring { public: void changeStatus(); // Function: Lets the user know how much of each coin is in the machine enhanced(int); // Constructor // Sets the Dollar amount to what the User wants void changeLoad(int); // Function: Loads what change the user requests into the Coin Machine int dispenseChange(int); // Function: Takes the users amount of cents requests and dispenses it to the user private: int dollar; }; This is enhanced.cpp: #include "enhanced.h" #include <iostream> using namespace std; enhanced::enhanced(int dol) { dollar = dol; } void enhanced::changeStatus() { cout << dollar << " dollars, "; changeDispenser::changeStatus(); } void enhanced::changeLoad(int d) { dollar = dollar + d; //changeDispenser::changeLoad; } This is changeDispenser.h: class changeDispenser { public: void changeStatus(); // Function: Lets the user know how much of each coin is in the machine changeDispenser(int, int, int, int); // Constructor // Sets the Quarters, Dimes, Nickels, and Pennies to what the User wants void changeLoad(int, int, int, int); // Function: Loads what change the user requests into the Coin Machine int dispenseChange(int); // Function: Takes the users amount of cents requests and dispenses it to the user private: int quarter; int dime; int nickel; int penny; }; I didn't include the driver file or the changeDispenser imp file, but in the driver, these are included #include "changeDispenser.h" #include "enhanced.h"

  Read the article

• Limiting a search to records from last_request_at...

  - by bgadoci

  I am trying to figure out how to display a count for records that have been created in a table since the last_request_at of a user. In my view I am counting the notes of a question with the following code: <% unless @questions.empty? %> <% @questions.each do |question| %> <%= h(question.notes.count) %> end end This is happening in the /views/users/show.html.erb file. Instead of counting all the notes for the question, I would only like to count the notes that have been created since the users last_request_at datetime. I don't neccessarily want to scope notes to display this 'new notes' count application wide, just simply in this one instance. To accomplish I am assuming I need to create a variable in the User#show action and call it in the view but not really sure how to do that. Other information you may need: class Note < ActiveRecord::Base belongs_to :user belongs_to :question end class Question < ActiveRecord::Base has_many :notes, :dependent => :destroy belongs_to :user end

  Read the article

• Are reads and (transactional) writes faster for entities of the same group than otherwise?

  - by indiehacker

  What advantage is there to designing child-parent relationships, which allow us to do writes in transactions, when there is never a real concern for consistency and contention and those sort of more complex issues? Does it make writes and reads faster? Consider my situation where there are many .png images that are referenced to one mosaic layer, and these .png images are written just once by a single user. The user can design many mosaic layers and her mosaic layers and referenced image entities are never changed/updated, they are just deleted some time in the future. Other users can come to the web project site and interactively view the mosaic layer as different layouts/configurations of the images as they play (query) with different criteria. So reads should be very fast. So there is no real worry of contention, or users conflicting with one another with writing new image entities. And because of that I am assuming there is no "requirement" for the .png image entities to be grouped by their same mosaic layer in child-parent relationship. However, perhaps, since the documentation says they are stored close to one another, if the many image entities were grouped as children to a single mosaic layer parent than this has the advantage that the writing (in transaction) and reading will happen much faster?

  Read the article

• Ruby on Rails How do I access variables of a model inside itself like in this example?

  - by banditKing

  I have a Model like so: # == Schema Information # # Table name: s3_files # # id :integer not null, primary key # owner :string(255) # notes :text # created_at :datetime not null # updated_at :datetime not null # last_accessed_by_user :string(255) # last_accessed_time_stamp :datetime # upload_file_name :string(255) # upload_content_type :string(255) # upload_file_size :integer # upload_updated_at :datetime # class S3File < ActiveRecord::Base #PaperClip methods attr_accessible :upload attr_accessor :owner Paperclip.interpolates :prefix do |attachment, style| I WOULD LIKE TO ACCESS VARIABLE= owner HERE- HOW TO DO THAT? end has_attached_file( :upload, :path => ":prefix/:basename.:extension", :storage => :s3, :s3_credentials => {:access_key_id => "ZXXX", :secret_access_key => "XXX"}, :bucket => "XXX" ) #Used to connect to users through the join table has_many :user_resource_relationships has_many :users, :through => :user_resource_relationships end Im setting this variable in the controller like so: # POST /s3_files # POST /s3_files.json def create @s3_file = S3File.new(params[:s3_file]) @s3_file.owner = current_user.email respond_to do |format| if @s3_file.save format.html { redirect_to @s3_file, notice: 'S3 file was successfully created.' } format.json { render json: @s3_file, status: :created, location: @s3_file } else format.html { render action: "new" } format.json { render json: @s3_file.errors, status: :unprocessable_entity } end end end Thanks, any help would be appreciated.

  Read the article

• Can I create a Google calendar for a user in a hosted domain using the admin credentials

  - by user351013

  I use the admin credentials for all of my interactions with the google api and I can retrieve\create\update\delete events from and for all of my hosted domain users. However, when I go to create a calendar for a hosted domain user, the calendar is created in the admins space. In the example below the GoogleUserName does NOT match the GoogleAccount. The postUri would look similar to : http://www.google.com/calendar/feeds/[email protected]/owncalendars/full and the GoogleUserName is [email protected]. The api creates a calendar but it is in the admins space. CalendarService service = new CalendarService("Test"); service.setUserCredentials(GoogleUserName, GooglePassword); CalendarEntry calendar = new CalendarEntry(); calendar.TimeZone = "America/Chicago"; calendar.Title.Text = Title; calendar.Summary.Text = Description; calendar.Color = Color; calendar.Selected = true; calendar.Hidden = false; Uri postUri = new Uri(String.Format("http://www.google.com/calendar/feeds/{0}/owncalendars/full", GoogleAccount)); CalendarEntry createdCalendar = (CalendarEntry)service.Insert(postUri, calendar); The documentation does specify to use the users credentials however the documentation is not specific to hosted domains a great deal of the time and as such I am always attempting trial and error when trying interactions. That I can use all of the CRUD on the user's events themselves using the admin credentials leaves me to believe that it might be possible.

  Read the article

• HTTP 401.3 when PUT, DELETE to ADO.NET Data Service (.svc)

  - by Nate

  I have an ADO.NET Data Service (we'll call it service.svc). When I deploy it to an IIS 6 site with Integrated Windows Authentication turned on, all requests (GET, POST, PUT, and DELETE) work fine for me, because I am an administrator on the box. However, when a non-admin user hits the service, only GET and POST requests work. When they try a PUT or DELETE request, they get an HTTP 401.3 "Access is Denied" error: "Error message 401.3: You do not have permission to view this directory or page using the credentials you supplied (access denied due to Access Control Lists). Ask the web server's administrator to give you access to '...\service.svc'." If I give the "Authenticated Users" local group write access to the .svc file, everything works as it should, but I really don't want to do this (and don't think I should have to do this to get this to work). In fact, I'm confused as to why changing the file permissions would affect this at all, but it definitely seems to be the problem. I've found a couple of different suggestions to fix somewhat similar problems in the Microsoft forums (Here, and I would post more links, but am being told that new users can only post one link in a post), but none of the solutions help. Any help is much appreciated. I am certainly no IIS expert, and this one has got me stumped.

  Read the article

• Django Save Incomplete Progress on Form

  - by jimbob

  I have a django webapp with multiple users logging in and fill in a form. Some users may start filling in a form and lack some required data (e.g., a grant #) needed to validate the form (and before we can start working on it). I want them to be able to fill out the form and have an option to save the partial info (so another day they can log back in and complete it) or submit the full info undergoing validation. Currently I'm using ModelForm for all the forms I use, and the Model has constraints to ensure valid data (e.g., the grant # has to be unique). However, I want them to be able to save this intermediary data without undergoing any validation. The solution I've thought of seems rather inelegant and un-django-ey: create a "Save Partial Form" button that saves the POST dictionary converts it to a shelf file and create a "SavedPartialForm" model connecting the user to partial forms saved in the shelf. Does this seem sensible? Is there a better way to save the POST dict directly into the db? Or is an add-on module that does this partial-save of a form (which seems to be a fairly common activity with webforms)? My biggest concern with my method is I want to eventually be able to do this form-autosave automatically (say every 10 minutes) in some ajax/jquery method without actually pressing a button and sending the POST request (e.g., so the user isn't redirected off the page when autosave is triggered). I'm not that familiar with jquery and am wondering if it would be possible to do this.

  Read the article

• Is it possible to send back a json array along with seperate variables

  - by Scarface

  Hey guys I have an ajax jquery function that receives data from a php script. I want to return an array with all the online users which is retrieved from a mysql statement, and I want to send other separate variables I need for other purposes along with it. If anyone has any ideas, I would greatly appreciate it. NOTE: the example below is to illustrate what I want to do, I understand that json-encoding the array with other variables is dysfunctional. JQUERY $.ajax({ type: "POST", data: "parameters", url: "retrieval.php", dataType: 'json', success: function(json) { $('#div1').html(json.array); $('#div2').html(json.variable1); $('#div3').html(json.variable2); } }) PHP $qryuserscount1="SELECT * FROM active_users"; $userscount1=mysql_query($qryuserscount1); while ($row = mysql_fetch_array($userscount1)) { $onlineuser= $row['username']; $id=$row['id']; $data[]=$onlineuser.$id; //for example there are 3 users, should send 3 entries back } $data['variable1']='something'; $data['variable2']='something else'; $out = json_encode($data); print $out;

  Read the article

• Will these security functions be enough? (PHP)

  - by ggfan

  I am trying to secure my site so I don't have sql injections and xss scripting. Here's my code. //here's the from, for brevity, i just show a field for users to put firstname <form> <label for="first_name" class="styled">First Name:</label> <input type="text" id="first_name" name="first_name" value="<?php if (!empty($first_name)) echo $first_name; ?>" /><br /> //submit button etc </form> if (isset($_POST['submit'])) { //gets rid of extra whitesapce and escapes $first_name = mysqli_real_escape_string($dbc, trim($_POST['first_name'])); //check if $first_name is a string if(!is_string($first_name) { echo "not string"; } //then insert into the database. ....... } mysqli_real_espace_string: I know that this func escapes certain letters like \n \r, so when the data gets inputted into the dbc, it would have '\' next to all the escaped letters? --Will this script be enough to prevent most sql injections? just escaping and checking if the data is a string. For integers values(like users putting in prices), i just: is_numeric(). --How should I use htmlspecialchars? Should I use it only when echoing and displaying user data? Or should I also use this too when inputting data to a dbc? --When should I use strip_tags() or htmlspecialchars? SOO with all these function... if (isset($_POST['submit'])) { //gets rid of extra whitesapce and escapes $first_name = mysqli_real_escape_string($dbc, trim($_POST['first_name'])); //check if $first_name is a string if(!is_string($first_name) { echo "not string"; } //gets rid of any <,>,& htmlspecialchars($first_name); //strips any tags with the first name strip_tags($first_name) //then insert into the database. ....... } Which funcs should I use for sql injections and which ones should I use for xss?

  Read the article

• mysql to codeigniter active record help

  - by JoeM05

  Active record is a neet concept but sometimes I find it difficult to get more complicated queries to work. I find this is at least one place the CI docs are lacking. Anyway, This is the sql I wrote. It returns the expected results of quests not yet completed by the user that are unlocked and within the users level requirements: SELECT writing_quests . * FROM `writing_quests` LEFT OUTER JOIN members_quests_completed ON members_quests_completed.quest_id = writing_quests.id LEFT OUTER JOIN members ON members.id = $user_id WHERE writing_quests.unlocked =1 AND writing_quests.level_required <= $userlevel AND members_quests_completed.user_id IS NULL This is the codeigniter active record query, it returns all quests that are unlocked and within the users level requirement: $this->db->select('writing_quests.*'); $this->db->from('writing_quests'); $this->db->join('members_quests_completed', 'members_quests_completed.quest_id = writing_quests.id', 'left outer'); $this->db->join('members', "members.id = $user_id", 'left outer'); $this->db->where('writing_quests.unlock', 1); $this->db->where('writing_quests.level_required <=', $userlevel); $this->db->where('members_quests_completed.user_id is null', null, true); I'm guessing there is something wrong with the way I am asking for Nulls. To be thorough, I figured I'd include everything.

  Read the article

• Change post form data function into curl

  - by QLiu

  Hello Guys, In the old way in our website, when users clicks “logout” button. It runs a post form function; which will pass parameters (logout, sn) to external sites to execute “logout” function. Like: I do not want the users jump to the external site, therefore, i use curl to post data. (because we are in different domain, i guess Ajax request doesnot work ) Post the same data to execute logout function in external site. // create cURL resource $URL = "http://bswi.development.intra.local/"; //Initl curl $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $URL); // Load in the destination URL curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC); //Normal HTTP request, not SSL curl_setopt($ch, CURLOPT_POSTFIELDS, "logout=1"); // receive server response ... curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_exec ($ch); echo $content; curl_close ($ch); Do u think i am going in the right direction?

  Read the article

• Security benefits from a second opinion, are there flaws in my plan to hash & salt user passwords vi

  - by Tchalvak

  Here is my plan, and goals: Overall Goals: Security with a certain amount of simplicity & database-to-database transferrability, 'cause I'm no expert and could mess it up and I don't want to have to ask a lot of users to reset their passwords. Easy to wipe the passwords for publishing a "wiped" databased of test data. (e.g. I'd like to be able to use a postgresql statement to simply reset all passwords to something simple so that testers can use that testing data for themselves). Plan: Hashing the passwords Account creation records the original email that an account is created with, forever. A global salt is used, e.g. "90fb16b6901dfceb73781ba4d8585f0503ac9391". An account specific salt, the original email the account was created with, is used, e.g. "[email protected]". The users's password is used, e.g. "password123" (I'll be warning against weak passwords in the signup form) The combination of the global salt, account specific salt, and password is hashed via some hashing method in postgresql (haven't been able to find documentation for hashing functions in postgresql, but being able to use sha-2 or something like that would be nice if I could find it). The hash gets stored in the database. Recovering an account To change their password, they have to go through standard password reset (and that reset email gets sent to the original email as well as the most recent account email that they have set). Flaws? Are there any flaws with this that I need to address? And are there best practices to doing hashing fully within postgresql?

  Read the article

• Using Read-Only Fields in a C# WebBrowser

  - by TheDramaLlama

  I'm currently using a WebBrowser control in a C# WinForms application, and attempting to control some variability presented with this control. Basically, my users log in to a separate UI provided by my application, which then displays the WebBrowser control, navigates to a predetermined log-in URL, and then auto-fills the username and password fields on that page. However, in order to prevent unpredictable behavior in this WebBrowser control, I want to make these username and password text boxes read-only after they are auto-populated. Essentially, I want the user to see a browser page that has been filled out for them, and that cannot be edited. (This is so that any authentication errors can be handled by my application as opposed to the browser.) The code I'm currently using to populate the text fields and make them read only is as follows: webBrowser1.Document.GetElementById("username").InnerText = username; webBrowser1.Document.GetElementById("password").InnerText = password; webBrowser1.Document.GetElementById("username").Enabled = false; webBrowser1.Document.GetElementById("password").Enabled = false; Unfortunately, when I try to make the fields read-only, the authentication server acts like the password field was not filled out, and prompts the user to fill it out again after the "Submit" button is clicked. Is this expected behavior, and if so, what other methods can I try to prevent users from changing the credentials that the browser was auto-populated with?

  Read the article

• Setting the type of a field in a superclass from a subclass (Java)

  - by Ibolit

  Hi. I am writing a project on Google App Engine, within it I have a number of abstract classes that I hope I will be able to use in my future projects, and a number of concrete classes inheriting from them. Among other abstract classes I have an abstract servlet that does user management, and I hava an abstract user. The AbstractUser has all the necessary fields and methods for storing it in the datastore and telling whether the user is registered with my service or not. It does not implement any project specific functionality. The abstract servlet that manages users, refers only to the methods declared in the AbstractUser class, which allows it to generate links for logging in, logging out and registering (for unregistered users). In order to implement the project-specific user functionality I need to subclass the Abstract user. The servlets I use in my project are all indirect descendants from that abstract user management servlet, and the user is a protected field in it, so the descendant servlets can use it as their own field. However, whenever i want to access any project specific method of the concrete user, i need to cast it to that type. i.e. (abstract user managing servlet) ... AbstractUser user = getUser(); ... abstract protected AbstractUser getUser(); (project-specific abstract servlet) @Override protected AbstractUser getUser() { return MyUserFactory.getUser(); } any other project specific servlet: int a = ((ConcreteUser) user).getA(); Well, what i'd like to do is to somehow make the type of “user” in the superclass depend on something in the project-specific abstract class. Is it at all possible? And i don't want to move all the user-management stuff into a project-specific layer, for i would like to have it for my future projects already written :) Thank you for your help.

  Read the article

< Previous Page | 343 344 345 346 347 348 349 350 351 352 353 354  | Next Page >