Search Results

Search found 1424 results on 57 pages for 'protect'.

Page 46/57 | < Previous Page | 42 43 44 45 46 47 48 49 50 51 52 53  | Next Page >

• Need help troubleshooting why Solr wont start (or why solr admin page wont show)

  - by Camran

  I can't get Solr working. I have Jetty, and my server OS is Ubuntu 9.10. It is a VPS server. So, when I execute the java -jar start.jar everything seems fine. I even do a netstat to check if there are any listeners on the port before the start and after the start, and it seems solr is starting. However, I cant access the admin page. I have even turned off the firewall. Here is some info about my server: I have changed DocumentRoot to var/www/SV/ I have Apache2, PHP5, MySql installed I have "disabled" iptables firewall I have removed the htaccess files (I used them to passw protect my site under develop) I have installed JRE (NOT JDK) on my server. I use the "example" which comes with Solr, so I use Jetty as container on my Server. My Server has 768MB RAM Doing a java -version command shows this: java version "1.6.0_15" Java(TM) SE Runtime Environment (build 1.6.0_15-b03) Java HotSpot(TM) Client VM (build 14.1-b02, mixed mode) And in the terminal the last lines when executing start.jar is: May 29, 2010 1:30:03 PM org.apache.solr.core.SolrCore registerSearcher INFO: [] Registered new searcher Searcher@1dc64a5 main NOTE: Also before this last line, there is a line which makes me suspicious: Started SocketConnector @ 0.0.0.0:8983 // Should this be with leading zeros? Is there any ways you know to troubleshoot this? Memory issue maybe? Thanks

  Read the article

• Worksheet.Unprotect - Office Interop - Difference between 2003 and 2007

  - by sdmcnitt

  I have a .NET winforms app that automates Excel and checks for a worksheet password. The requirements are to be able to detect 1) that the protection is turned off 2) that the password is removed (protected but there is no password) 3) that the password matches the correct password from a database To meet the second requirement the program calls the Worksheet.Unprotect command with a null string, capturing the error. If error as expected, the 3rd check is made. If no error, then the Unprotect worked without a password == password was removed. The code sample below has these checks. The application can do this fine with Office 2003. I have since had my dev machine updated to Office 2007 and it no longer works as it did. When I call the Worksheet.Unprotect, Excel prompts for the password! I need to know how this should be accomplished in the new version of Excel or if there is a way to reference the old PIA. No matter what if I set a reference to Excel 11 it is replaced with the PIA for 12 in the GAC. 'return true if unprotect of worksheet does not generate an error 'all other errors will bubble up 'return false if specific error is "Password is invalid..." Try 'detect unprotected or no password If oWorksheet.ProtectContents Then 'try with no passsword and expect an error 'if no error then raise exception Dim blnRaiseException As Boolean = True Try 'oWorksheet.Unprotect(vbNullString) oWorksheet.Unprotect() Catch ex As Exception blnRaiseException = False End Try If blnRaiseException Then Throw New ExcelSheetNoPasswordException End If oWorksheet.Unprotect(strPwd) 'no error so if we get here -- success fnCheckWorksheetPwd = True 'leave as it was -- this may still cause workbook to think it is changed oWorksheet.Protect(strPwd) Else Throw New ExcelSheetNotProtectedException End If Catch COMex As System.Runtime.InteropServices.COMException 'handle error code -2146827284 If COMex.ErrorCode = -2146827284 Then 'this is the error we're looking for Else Throw End If Catch ex As Exception Throw End Try

  Read the article

• Creating Signed URLs for Amazon CloudFront

  - by Zack

  Short version: How do I make signed URLs "on-demand" to mimic Nginx's X-Accel-Redirect behavior (i.e. protecting downloads) with Amazon CloudFront/S3 using Python. I've got a Django server up and running with an Nginx front-end. I've been getting hammered with requests to it and recently had to install it as a Tornado WSGI application to prevent it from crashing in FastCGI mode. Now I'm having an issue with my server getting bogged down (i.e. most of its bandwidth is being used up) due to too many requests for media being made to it, I've been looking into CDNs and I believe Amazon CloudFront/S3 would be the proper solution for me. I've been using Nginx's X-Accel-Redirect header to protect the files from unauthorized downloading, but I don't have that ability with CloudFront/S3--however they do offer signed URLs. I'm no Python expert by far and definitely don't know how to create a Signed URL properly, so I was hoping someone would have a link for how to make these URLs "on-demand" or would be willing to explain how to here, it would be greatly appreciated. Also, is this the proper solution, even? I'm not too familiar with CDNs, is there a CDN that would be better suited for this?

  Read the article

• Password Cracking Windows Accounts

  - by Kevin

  At work we have laptops with encrypted harddrives. Most developers here (on occasion I have been guilty of it too) leave their laptops in hibernate mode when they take them home at night. Obviously, Windows (i.e. there is a program running in the background which does it for windows) must have a method to unencrypt the data on the drive, or it wouldn't be able to access it. That being said, I always thought that leaving a windows machine on in hibernate mode in a non-secure place (not at work on a lock) is a security threat, because someone could take the machine, leave it running, hack the windows accounts and use it to encrypt the data and steal the information. When I got to thinking about how I would go about breaking into the windows system without restarting it, I couldn't figure out if it was possible. I know it is possible to write a program to crack windows passwords once you have access to the appropriate file(s). But is it possible to execute a program from a locked Windows system that would do this? I don't know of a way to do it, but I am not a Windows expert. If so, is there a way to prevent it? I don't want to expose security vulnerabilities about how to do it, so I would ask that someone wouldn't post the necessary steps in details, but if someone could say something like "Yes, it's possible the USB drive allows arbitrary execution," that would be great! EDIT: The idea being with the encryption is that you can't reboot the system, because once you do, the disk encryption on the system requires a login before being able to start windows. With the machine being in hibernate, the system owner has already bypassed the encryption for the attacker, leaving windows as the only line of defense to protect the data.

  Read the article

• How to debug browser crash when running Silverlight app

  - by onedozenbagels

  I am on a team of three people who are developing a Silverlight application. On two of our developers' machines the app seems to randomly crash. It never crashes on the third developer's machine. The nature of the crash is that internet explorer just dies with an "Internet Explorer has stopped working" message. The problem details look like this: Problem Event Name: BEX Application Name: IEXPLORE.EXE Application Version: 8.0.6001.18882 Application Timestamp: 4b3ed243 Fault Module Name: StackHash_2cd8 Fault Module Version: 0.0.0.0 Fault Module Timestamp: 00000000 Exception Offset: 0024df00 Exception Code: c0000005 Exception Data: 00000008 OS Version: 6.0.6002.2.2.0.256.6 Locale ID: 1033 Additional Information 1: 2cd8 Additional Information 2: 0c337fa6c2057a9dbce1860c5e2d8315 Additional Information 3: e13b Additional Information 4: 5da012709e52526a1af19795dc4a33fd Then windows displays this message: "To help protect your computer, Data Execution Prevention has closed Internet Explorer." If I am attached to the app with the Visual Studio debugger the only information I get is this line in the output window: "The program '[2140] iexplore.exe: Silverlight' has exited with code -1073741819 (0xc0000005)." How should I go about debugging this problem? I'm not really sure where to start.

  Read the article

• Is a VCS appropriate for usage by a designer?

  - by iconiK

  I know that a VCS is absolutely critical for a developer to increase productivity and protect the code, no doubts about it. But what about a designer, using say, Photoshop (though it's not specific to any tools, just to make my point clearer). VCSs uses delta compression to store different versions of files. This works very well for code, but for images, that's a problem. Raster image files are binary formats, though vector image files are text (SVG comes to my mind) and pose to problem. The problem comes with .psd files (and any other image "source" file) - those can get pretty big and since I'm not familiar with the format, I'll consider them as binary files. How would a VCS work in this condition? The repository could be pretty darned big if the VCS server isn't able to diff the files efficiently (or worse, not at all) and over time this can become a really big pain when someone needs to check out the repository (or clone it if using a DVCS). Have any of you used a VCS for this purpose? How well does it work? I'm mostly interested in Mercurial, though this is a general situation that applies to any VCS.

  Read the article

• What is the fastest way to pull a few element values out of XML files in Perl?

  - by Anon Guy

  I have a bunch of XML files that are about 1-2 megabytes in size. Actually, more than a bunch, there are millions. They're all well-formed and many are even validated against their schema (confirmed with libxml2). All were created by the same app, so they're in a consistent format (though this could theoretically change in the future). I want to check the values of one element in each file from within a Perl script. Speed is important (I'd like to take less than a second per file) and as noted I already know the files are well-formed. I am sorely tempted to simply 'open' the files in Perl and scan through until I see the element I am looking for, grab the value (which is near the start of the file), and close the file. On the other hand, I could use an XML parser (which might protect me from future changes to the XML formatting) but I suspect it will be slower than I'd like. Can anyone recommend an appropriate approach and/or parser? Thanks in advance.

  Read the article

• what's the correct way to release a new website?

  - by kk

  so i've been working on a website on and off for about a year now, and i'm finally at a point where it's functional enough to test out in a sort of private beta (not ready for live release). but i never thought about the correct process for doing this and what things i need to take care of. i've never released a public website before. some of the questions/concerns i have in mind: 1) is it against my MSDN license agreement to release a website using the software? 2) how do i protect my "idea"? is it a bad idea to find random people you don't know to test out your site? can you make them digitally sign some sort of NDA? 3) i'm using some open source code - any proper way to release open source code to live production? 4) how much traffic can a place like discountasp.net handle anyway? can hosting sites generally handle large volume of traffic? any comments/suggestions regarding the proper/safe way to release a public website would be appreciated. i've been working on this for a while and never actually sat down to think about the right way to move from a personal side project to a live production website.

  Read the article

• Implementing Struts 2 Interceptors using Struts 1

  - by Andriy Zakharchuk

  Hello all, I have a legacy application written with Struts 1. The only feature I was asked to add is to protect some actions. Currently any user can do whatever he/she wants. The idea is to allows all user see the data, but block modification operation, i.e. to modify data a user should log in. I know Struts2 has interceptors, so I could attach them to required actions and forward users to log in page when needed. But how can I do similar thing in Struts 1 application? My first idea was to create my own abstract Action class: public class AuthenticatedAction { public ActionForward execute( ActionMapping mapping, ActionForm form, HttpServletRequest theRequest, HttpServletResponse theResponse) { if (!logged) { // forward to log in form } else { doExecute(mapping, form, request, response); } } public abstract ActionForward doExecute( ActionMapping mapping, ActionForm form, HttpServletRequest theRequest, HttpServletResponse theResponse); } Then change all actions that require authentication from extends Action to extends AuthenticatedAction then add login form, login action (which performs authentications and puts this status into the session) and change JSP header tile to display authentication block, e.g., "You are (not logged in)/", Login/Logout. As I guess this should solve the problem. If this doesn't solve the problem, please explain me why. Is there any better (more elegant like interceptors are) way to do this? Thank you in advance.

  Read the article

• Google GWT cross-browser support: is it BS ?

  - by Tim

  I developed a browser-deployed full-text search app in FlashBuilder which communicates RESTfully with a remote web-server. The software fits into a tiny niche--it is for use with ancient languages not modern ones, and there's no way I'm going to make any money on it but I did spend a lot of time on it. Now that Apple won't allow Flash on the iPad, I'm looking for a 100% javascript solution and was led to consider GWT. It looked promising, but one of the apps being "showcased" as a stellar example of what can be done with GWT has this disclaimer on their website (names {removed} to protect the potentially innocent) : Your current web browser (Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/532.5 (KHTML, like Gecko) Chrome/4.1.249.1045 Safari/532.5) is not officially supported by {company and product name were here}. If you experience any problems using this site please install either Microsoft Internet Explorer 6+ or Mozilla Firefox 3.5+ before contacting {product name was here} Support. What gives when GWT apps aren't "officially" supported on Chrome? What grade (A, B, C, D, F) would you give to GWT for cross-browser support? For folks who don't get these kinds of letter grades, A is "excellent" and "F" is failure, and "C" is average. Thanks for your opinions.

  Read the article

• Kohana 3, themes outside application.

  - by Marek

  Hi all I read http://forum.kohanaframework.org/comments.php?DiscussionID=5744&page=1#Item_0 and I want to use similar solution, but with db. In my site controller after(): $theme = $page->get_theme_name(); //Orange Kohana::set_module_path('themes', Kohana::get_module_path('themes').'/'.$theme); $this->template = View::factory('layout') I checked with firebug: fire::log(Kohana::get_module_path('themes')); // D:\tools\xampp\htdocs\kohana\themes/Orange I am sure that path exists. I have directly in 'Orange' folder 'views' folder with layout.php file. But I am getting: The requested view layout could not be found Extended Kohana_Core is just: public static function get_module_path($module_key) { return self::$_modules[$module_key]; } public static function set_module_path($module_key, $path) { self::$_modules[$module_key] = $path; } Could anybody help me with solving that issue? Maybe it is a .htaccess problem: # Turn on URL rewriting RewriteEngine On # Put your installation directory here: # If your URL is www.example.com/kohana/, use /kohana/ # If your URL is www.example.com/, use / RewriteBase /kohana/ # Protect application and system files from being viewed RewriteCond $1 ^(application|system|modules) # Rewrite to index.php/access_denied/URL RewriteRule ^(.*)$ / [PT,L] RewriteRule ^(media) - [PT,L] RewriteRule ^(themes) - [PT,L] # Allow these directories and files to be displayed directly: # - index.php (DO NOT FORGET THIS!) # - robots.txt # - favicon.ico # - Any file inside of the images/, js/, or css/ directories RewriteCond $1 ^(index\.php|robots\.txt|favicon\.ico|static) # No rewriting RewriteRule ^(.*)$ - [PT,L] # Rewrite all other URLs to index.php/URL RewriteRule ^(.*)$ index.php/$1 [PT,L] Could somebody help? What I am doing wrong? Regards

  Read the article

• How to implement Session timeout in Web Server Side?

  - by Morgan Cheng

  I beheld a web framework implementing in-memory session in this way. The session object is added to Cache with timeout. When the time is out, the session is removed from Cache automatically. To protect race condition, each request should acquire lock on given session object to proceed. Each request will "touch" the session in Cache to refresh the timeout. Everything looks fine, until this scenario is discovered. Say, one operation takes a long time, longer than timeout. Another request comes and wait on session lock which is currently hold by the long-time request. Finally, the long-time request is over, it releases the lock. But, since it already takes longer time than timeout, the session object is already removed from Cache. This is obvious because the only request holding the lock doesn't have a chance to "touch" the session object in cache. The second request gets the lock but cannot retrieve the expired Session object. Oops... To fix this issue, the second request has to re-create the Session object. But, this is just like digging a buried dead body from tomb and try to bring it back to life. It causes buggy code. I'm wondering what's the best way to implement timeout in session to handle such scenario. I know that current platform must have good session mechanism. I just want to know the under-the-hood how.

  Read the article

• Need Advice on designing ATL inproc Server (dll) that serves as both a soure and a sink of events.

  - by Andrew

  Hi, I need to design an ATL inproc server that besides exposing methods and properties, also can fire events (source) and serve as a sink for a third party COM control that fires events. I would assume that this is a fairly common requirement. I can also foresee several "gotchas" that I would like to read up on before commencing the design. My questions/concerns are: Can someone point me to an example? Which threading model to use? Should I have a seperate COM object for the sink? Should I, and how do I, protect certain memory. For example, my server will receive data from the third party control. It will save this, and in some cases, fire an event to interested clients. The interested clients will request the data through a standard method or property. I did try to research this myself. I can find many examples of COM servers that are soures, and some that are sinks, but never both. The only post I did find was this: http://www.generation-nt.com/us/atl-control-an-event-source-sink-help-9098542.html Which strongly advocates putting the sink on a seperate COM object. Any leads, tutorials or ideas would be much appreciated. Thanks, Andrew

  Read the article

• My Website was hacked using Statcounter! Does Statcounter keep a record of cookies?

  - by Cyril Gupta

  I had a rather interesting case of hacking on my ASP.Net MVC website. For this website I had implemented a rather uncomplicated authentication system for my admin area -- an encrypted cookie which had an identifying signature for the member. Whenever the admin visits the website the cookie would be decrypted and signature verified. If matching he wouldn't have to sign in. Couple of days ago a visitor on my site told me that he was able to sign into my website simply by clicking no a referral link on his Statcounter console which pointed to my admin area (I had visited his site from a link inside my admin view). He just clicked on a link in statcounter and he was signed in as the admin! The only way this could have happened was if statcounter somehow recorded my cookies and used those when he clicked on the link pointing to my admin! Is that logical or fathomable? I don't understand what's going on. Do you have any suggestions as to how I can protect my website against things like this?

  Read the article

• Nonetype object has no attribute '__getitem__'

  - by adohertyd

  I am trying to use an API wrapper downloaded from the net to get results from the new azure Bing API. I'm trying to implement it as per the instructions but getting the runtime error: Traceback (most recent call last): File "bingwrapper.py", line 4, in <module> bingsearch.request("affirmative action") File "/usr/local/lib/python2.7/dist-packages/bingsearch-0.1-py2.7.egg/bingsearch.py", line 8, in request return r.json['d']['results'] TypeError: 'NoneType' object has no attribute '__getitem__' This is the wrapper code: import requests URL = 'https://api.datamarket.azure.com/Data.ashx/Bing/SearchWeb/Web?Query=%(query)s&$top=50&$format=json' API_KEY = 'SECRET_API_KEY' def request(query, **params): r = requests.get(URL % {'query': query}, auth=('', API_KEY)) return r.json['d']['results'] The instructions are: >>> import bingsearch >>> bingsearch.API_KEY='Your-Api-Key-Here' >>> r = bingsearch.request("Python Software Foundation") >>> r.status_code 200 >>> r[0]['Description'] u'Python Software Foundation Home Page. The mission of the Python Software Foundation is to promote, protect, and advance the Python programming language, and to ...' >>> r[0]['Url'] u'http://www.python.org/psf/ This is my code that uses the wrapper (as per the instructions): import bingsearch bingsearch.API_KEY='abcdefghijklmnopqrstuv' r = bingsearch.request("affirmative+action")

  Read the article

• GET params in ruby-on-rails project - best practices?

  - by Lynn C

  I've inherited a little rails app and I need to extend it slightly. It's actually quite simple, but I want to make sure I'm doing it the right way... If I visit myapp:3000/api/persons it gives me a full list of people in XML format. I want to pass param in the URL so that I can return users that match the login or the email e.g. yapp:3000/api/persons?login=jsmith would give me the person with the corresponding login. Here's the code: def index if params.size > 2 # We have 'action' & 'controller' by default if params['login'] @person = [Person.find(:first, :conditions => { :login => params['login'] })] elsif params['email'] @persons = [Person.find(:first, :conditions => { :email => params['email'] })] end else @persons = Person.find(:all) end end Two questions... Is it safe? Does ActiveRecord protect me from SQL injection attacks (notice I'm trusting the params that are coming in)? Is this the best way to do it, or is there some automagical rails feature I'm not familiar with?

  Read the article

• What's the purpose of "import package"?

  - by codethief

  As I just found out import package does not make the package's modules available through package.module. The same obviously holds true for from package import subpackage as well as from package import * What's the purpose of importing a package at all then if I can't access its submodules but only the objects defined in __init__.py? It makes sense to me that from package import * would bloat the namespace, which, however, doesn't apply in case of the other two ways! I also understand that loading all submodules might take a long time. But I don't know what these unwanted side-effects, "that should only happen when the sub-module is explicitly imported", are which the author of the previous link mentions. To me it looks like doing an import package[.subpackage] (or from package import subpackage) makes absolutely no sense if I don't exactly want to access objects provided in __init__.py. Are those unwanted side effects really that serious that the language actually has to protect the programmer from causing them? Actually, I thought that Python was a little bit more about "If the programmer wants to do it, let him do it." In my case, I really do want to import all submodules with the single statement from package import subpackage, because I need all of them! Telling Python in the init.py file which submodules I'm exactly talking about (all of them!) is quite cumbersome from my point of view. Please enlighten me. :)

  Read the article

• Multithreading and Interrupts

  - by Nicholas Flynt

  I'm doing some work on the input buffers for my kernel, and I had some questions. On Dual Core machines, I know that more than one "process" can be running simultaneously. What I don't know is how the OS and the individual programs work to protect collisions in data. There are two things I'd like to know on this topic: (1) Where do interrupts occur? Are they guaranteed to occur on one core and not the other, and could this be used to make sure that real-time operations on one core were not interrupted by, say, file IO which could be handled on the other core? (I'd logically assume that the interrupts would happen on the 1st core, but is that always true, and how would you tell? Or perhaps does each core have its own settings for interrupts? Wouldn't that lead to a scenario where each core could react simultaneously to the same interrupt, possibly in different ways?) (2) How does the dual core processor handle opcode memory collision? If one core is reading an address in memory at exactly the same time that another core is writing to that same address in memory, what happens? Is an exception thrown, or is a value read? (I'd assume the write would work either way.) If a value is read, is it guaranteed to be either the old or new value at the time of the collision? I understand that programs should ideally be written to avoid these kinds of complications, but the OS certainly can't expect that, and will need to be able to handle such events without choking on itself.

  Read the article

• How to make Facebook Authentication from Silverlight secure?

  - by SondreB

  I have the following scenario I want to complete: Website running some HTTP(S) services that returns data for a user. Same website is additionally hosting a Silverlight 4 app which calls these services. The Silverlight app is integrating with Facebook using the Facebook Developer Toolkit (http://facebooktoolkit.codeplex.com/). I have not fully decided whether I want Facebook-integration to be a "opt-in" option such as Spotify, or if I want to "lock" down my service with Facebook-only authentication. That's another discussion. How do I protect my API Key and Secret that I receive from Facebook in a Silverlight app? To me it's obvious that this is impossible as the code is running on the client, but is there a way I can make it harder or should I just live with the fact that third parties could potentially "act" as my own app? Using the Facebook Developer Toolkit, there is a following C# method in Silverlight that is executed from the JavaScript when the user has fully authenticated with Facebook using the Facebook Connect APIs. [ScriptableMember] public void LoggedIn(string sessionKey, string secret, int expires, long userId) { this.SessionKey = sessionKey; this.UserId = userId; Obvious the problem here is the fact that JavaScript is injection the userId, which is nothing but a simple number. This means anyone could potentially inject a different userId in JavaScript and have my app think it's someone else. This means someone could hijack the data within the services running on my website. The alternative that comes to mind is authenticating the users on my website, this way I'm never exposing any secrets and I can return an auth-cookie to the users after the initial authentication. Though this scenario doesn't work very well in an out-of-browser scenario where the user is running the Silverlight app locally and not from my website.

  Read the article

• Pthread Queue System

  - by Wallace

  Hi. I'm working on my assignment on pthreads. I'm new and never touched on pthreads before. Is there any sample codes or resources out there that anyone of you have, that might aid me in my assignment? Here are my assignment details. A pthread program about queue system: Write a C/C++ Pthread program for a Dental clinic’s queuing system that declares an array of integers of size N, where N is the maximum number of queue for the day. The pthread program uses two threads. Whenever there is a new dental appointment, the first thread (the creator) puts the queue numbers in the array, one after the other. The second thread (the remover) removes the queue numbers from the array whenever the dentist has seen the patient. This is done in a FIFO fashion (First In First Out). The algorithm of the creator is as follows: • If the array is not full then put a new number in it (the numbers start at 1 and are incremented by one each time, so the creator create queue number 1, 2, 3 etc.) • sleep for 1 to 10 seconds, randomly • repeat The algorithm of the remover is as follows: • If the array is not empty then remove its smallest queue number • sleep for 1 to 10 seconds, randomly • repeat You should use mutex locks to protect things that must be protected. Each thread should print on the screen what it is doing (eg: "number 13 is added into the queue", "number 7 is removed from the queue", etc.). The program should run forever. Any help will be appreciated. Thanks.

  Read the article

• PHP mySQL Error

  - by happyCoding25

  Hello, Im new to php so I decided to follow this tutorial for a simple login screen. I got the code setup but when I try login I get this error: Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in (a long file path to the script) on line 27 The code I got from the tutorial is: <?php ob_start(); $host="thehost"; // Host name $username="myusername"; // Mysql username $password="mypass"; // Mysql password $db_name="test"; // Database name $tbl_name="members"; // Table name // Connect to server and select databse. mysql_connect("$host", "$username", "$password")or die("cannot connect"); mysql_select_db("$db_name")or die("cannot select DB"); // Define $myusername and $mypassword $myusername=$_POST['myusername']; $mypassword=$_POST['mypassword']; // To protect MySQL injection (more detail about MySQL injection) $myusername = stripslashes($myusername); $mypassword = stripslashes($mypassword); $myusername = mysql_real_escape_string($myusername); $mypassword = mysql_real_escape_string($mypassword); $sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'"; $result=mysql_query($sql); // Mysql_num_row is counting table row $count=mysql_num_rows($result); // If result matched $myusername and $mypassword, table row must be 1 row if($count==1){ // Register $myusername, $mypassword and redirect to file "login_success.php" session_register("myusername"); session_register("mypassword"); header("location:login_success.php"); } else { echo "Wrong Username or Password"; } ob_end_flush(); ?> (Note: All of the mySQL database info is filled in on my version) Aslo, the author gives a php5 version and a normal php version. I have tried both and gotten the same error. If anyone knows why this is happening help is really appreciated.

  Read the article

• jquery .submit live click runs more than once

  - by fxuser

  I use the following code to run my form ajax requests but when i use the live selector on a button i can see the ajax response fire 1 time, then if i re-try it 2 times, 3 times, 4 times and so on... I use .live because i also have a feature to add a post and that appears instantly so the user can remove it without refreshing the page... Then this leads to the above problem... using .click could solve this but it's not the ideal solution i'm looking for... jQuery.fn.postAjax = function(success_callback, show_confirm) { this.submit(function(e) { e.preventDefault(); if (show_confirm == true) { if (confirm('Are you sure you want to delete this item? You can\'t undo this.')) { $.post(this.action, $(this).serialize(), $.proxy(success_callback, this)); } } else { $.post(this.action, $(this).serialize(), $.proxy(success_callback, this)); } return false; }) return this; }; $(document).ready(function() { $(".delete_button").live('click', function() { $(this).parent().postAjax(function(data) { if (data.error == true) { } else { } }, true); }); });? EDIT: temporary solution is to change this.submit(function(e) { to this.unbind('submit').bind('submit',function(e) { the problem is how can i protect it for real because people who know how to use Firebug or the same tool on other browsers can easily alter my Javascript code and re-create the problem

  Read the article

• Reasons for & against a Database

  - by dbemerlin

  Hi, i had a discussion with a coworker about the architecture of a program i'm writing and i'd like some more opinions. The Situation: The Program should update at near-realtime (+/- 1 Minute). It involves the movement of objects on a coordinate system. There are some events that occur at regular intervals (i.e. creation of the objects). Movements can change at any time through user input. My solution was: Build a server that runs continously and stores the data internally. The server dumps a state-of-the-program at regular intervals to protect against powerfailures and/or crashes. He argued that the program requires a Database and i should use cronjobs to update the data. I can store movement information by storing startpoint, endpoint and speed and update the position in the cronjob (and calculate collisions with other objects there) by calculating direction and speed. His reasons: Requires more CPU & Memory because it runs constantly. Powerfailures/Crashes might destroy data. Databases are faster. My reasons against this are mostly: Not very precise as events can only occur at full minutes (wouldn't be that bad though). Requires (possibly costly) transformation of data on every run from relational data to objects. RDBMS are a general solution for a specialized problem so a specialized solution should be more efficient. Powerfailures (or other crashes) can leave the Data in an undefined state with only partially updated data unless (possibly costly) precautions (like transactions) are taken. What are your opinions about that? Which arguments can you add for any side?

  Read the article

• protecting grails melody with grails filter

  - by batmannavneet

  I have an application where I am using spring security along with grails melody. I am planning to run grails melody in production environment, but don't want visitors to have access to it. How should I achieve that ? I tried creating a filter in grails (just showing the sample of what I am trying, not the actual code)- def filters = { allURIs(uri:'/**') { before = { //... if(request.forwardURI.indexOf("admin") != -1 || request.forwardURI.indexOf("monitoring") != -1) { response.sendError 404 return false } } } } But this doesnt work as the request for "monitoring" doesnt hit this filter. I dont even want the user to know that such a URL exists, so I want to check in the filter that if "monitoring" is the URL, I show the 404 error page. Thats also the reason why I dont want to protect this URL with spring security as it will show "access denied" page. Basically I want the URL to exist but they should be invisible to users. I want the access to be open to only certain IP addresses for these special URLs. On another note, Is it possible to write a grails filter that "acts" before the spring security filter is hit ? I want to be able to do some filtering before I forward requests to spring security. Writing a grails filter like above doesnt help. Spring security filter gets hit first if I access a protected resource and this filter doesn't get called. Thanks

  Read the article

• How best to implement "favourites" feature? (like favourite products on a data driven website)

  - by ClarkeyBoy

  Hi, I have written a dynamic database driven, object oriented website with an administration frontend etc etc. I would like to add a feature where customers can save items as "favourites", without having to create an account and login, to come back to them later, but I dont know how exactly to go about doing this... I see three options: Log favourites based on IP address and then change these to be logged against an account if the customer then creates an account; Force customers to create an account to be able to use this functionality; Log favourites based on IP address but give users the option to save their favourites under a name they specify. The problem with option 1 is that I dont know much about IP addresses - my Dad thinks they are unique, but I know people have had problems with systems like this. The problem with 1 and 2 is that accounts have not been opened up to customers yet - only administrators can log in at the moment. It should be easy to alter this (no more than a morning or afternoons work) but I would also have to implement usergroups too. The problem with option 3 is that if user A saves a favourites list called "My Favourites", and then user B tries to save a list under this name and it is refused, user B will then be able to access the list saved by user A because they now know it already exists. A solution to this is to password protect lists, but to go to all this effort I may as well implement option 2. Of course I could always use option 4; use an alternative if anyone can suggest a better solution than any of the above options. So has anyone ever done something like this before? If so how did you go about it? What do you recommend (or not recommend)? Many thanks in advance, Regards, Richard

  Read the article

< Previous Page | 42 43 44 45 46 47 48 49 50 51 52 53  | Next Page >