Search Results

Search found 31657 results on 1267 pages for 'too much php'.

Page 519/1267 | < Previous Page | 515 516 517 518 519 520 521 522 523 524 525 526  | Next Page >

• Shell script for replacing string in all PHP-files, for each user

  - by Mads Skjern

  Each user has some php-files using a shared database commondb. I want to iterate over all users (in users.csv), and in their home folder (e.g. /home/joe) find all php files recursively, and replace each occurrence of "commondb" with their own databasename, e.g. "joedb" for "joe". I have tried the following: #!/bin/bash # Execute like this: # bash localize.bash users.csv OLDIFS=$IFS IFS="," while read name dummy do echo $name find /home/${name} -name '*.php' -exec sed -i '' 's/commondb/${name}db/g' "{}" \; done < $1 IFS=$OLDIFS for users.csv joe, Joe J george, George G It does not fail, but the files are unchanged. I am quite weak in bash, and I can't figure out how to debug it :/ Can my script be fixed to work?

  Read the article

• Website. AJAX and FIREFOX problems. I dont think Firefox likes ajax..?

  - by DJDonaL3000

  Working on an AJAX website (HTML,CSS,JavaScript, AJAX, PHP, MySQL). I have multiple javascript functions which take rows from mysql, wrap them in html tags, and embed them in the HTML (the usual usage of AJAX). THE PROBLEM: Everything is working perfect, except when I run the site with Firefox (for once its not InternetExplorer causing the trouble). The site is currently in the developmental stage, so its offline, but running on the localhost (WampServer, apache, Windows XP SP3,VISTA,7). All other cross-browser conflicts have been removed, and works perfectly on all major browsers including IE, Chrome, Opera and Safari, but I get absolutely nothing from the HTTPRequest (AJAX) if the browser is Firefox. All browsers have the latest versions. THE CODE: I have a series of javascript functions, all of which are structured as follows: function getDatay(){ var a = document.getElementById( 'item' ).innerHTML; var ajaxRequest; try{//Browser Support Code: // code for IE7+, Firefox, Chrome, Opera, Safari: ajaxRequest = new XMLHttpRequest(); } catch (e){ // code for IE6, IE5: try{ ajaxRequest = new ActiveXObject("Msxml2.XMLHTTP"); } catch (e) { try{ ajaxRequest = new ActiveXObject("Microsoft.XMLHTTP"); } catch (e){ // Something went wrong alert("Your browser is not compatible - Browser Incompatibility Issue."); return false; } } } // Create a function that will receive data sent from the server ajaxRequest.onreadystatechange = function(){ if(ajaxRequest.readyState < 4){ document.getElementById( 'theDiv' ).innerHTML = 'LOADING...'; } if(ajaxRequest.readyState == 4){ document.getElementById( 'theDiv' ).innerHTML = ajaxRequest.responseText; } } //Post vars to PHP Script and wait for response: var url="01_retrieve_data_7.php"; url=url+"?a="+a; ajaxRequest.open("POST", url, false);//must be false here to wait for ajaxRequest to complete. ajaxRequest.send(null); } My money is on the final five lines of code being the cause of the problem. Any suggestions how to get Firefox and AJAX working together are most welcome...

  Read the article

• jQuery pagination without all the rows of data before hand

  - by Aaron Mc Adam

  Hi guys, I'm trying to find a solution for paginating my search results. I have a built the links and everything works without jQuery. I've also got AJAX working for the links, but I just need a way of tidying up the list of links, as some search results return up to 60 pages and the links spread to two rows in my template. I am searching the Amazon API, and can only return 10 results at a time. Upon clicking the pagination links, the next 10 results are returned. I have access to the total results number from the XML, but not all the data at once, so I can't put all the data into a "hiddenResults" div that the jQuery Pagination plugin needs. Here is the jQuery I have for the pagination: var $pagination = $("#pagination ul"); $pagination.delegate('.pagenumbers', 'click', function() { var $$this = $(this); $$this.closest('li').addClass('cached'); $pagination.find("#currentPage").removeAttr('id').wrapInner($('<a>', {'class':'pagenumbers', 'href':'book_data.php?keywords='+keywords})); $$this.closest('li').attr('id','currentPage').html( $$this.text() ); $.ajax({ type : "GET", cache : false, url : "book_data.php", data : { keywords : keywords, page : $$this.text() }, success : show_results }); return false; }); function show_results(res) { $("#searchResults").replaceWith($(res).find('#searchResults')).find('table.sortable tbody tr:odd').addClass('odd'); detailPage(); selectForm(); if ( ! ( $pagination.find('li').hasClass('cached') ) ) { $.get("book_data.php", { keywords : keywords, page : ( $pagination.find("#currentPage").text() + 1 ) } ); } }

  Read the article

• Jquery unidentified data return when post

  - by Nhat Tuan

  <?php //load.php $myid = $_POST['id']; if($myid == 1){ echo '1'; }else if($myid == 0){ echo '0'; } ?> <html> <input id="id" /> <div id="result"></div> <input type="button" id="submit" /> <script type="text/javascript"> $('#submit').click( function(){ var send = 'id=' + $('#id').val(); $.post('load.php', send, function(data){ if(data == 1){ $('#result').html('Success'); }else if(data == 0){ $('#result').html('Failure'); }else{ $('#result').html('Unknow'); } }); }); </script> </html> I test this script in some free host and it work but in my real host jquery unidentified data return and it alway show 'Unknow'. When i change if(data == '1') it show 'Unknow' too EX: input id = 1 click submit & data return is 'Unknow' Why ?? I think this error from host, because i test it in some free host and it work, but now in my real host i got this error, how i can fix it ?

  Read the article

• Still don't understand file upload-folder permissions

  - by Camran

  I have checked out articles and tutorials. I don't know what to do about the security of my picture upload-folder. It is pictures for classifieds which should be uploaded to the folder. This is what I want: Anybody may upload images to the folder. The images will be moved to another folder, by another php-code later on (automatic). Only I may manually remove them, as well as another php file on the server which automatically empties the folder after x-days. What should I do here? The images are uploaded via a php-upload script. This script checks to see if the extension of the file is actually a valid image-file. When I try this: chmod 755 images the images wont be uploaded. But like this it works: chmod 777 images But 777 is a security risk right? Please give me detailed information... The Q is, what to do to solve this problem, not info about what permissions there are etc etc... Thanks If you need more info let me know...

  Read the article

• htmlspecialchars() - How and when to use and avoid multiple use

  - by naescent

  Hi, I'm building a PHP intranet for my boss. A simple customer, order, quote system. It will be denied access from the Internet and only used by 3 people. I'm not so concerned with security as I am with validation. Javascript is disables on all machines. The problem I have is this: Employee enters valid data into a form containing any of the following :;[]"' etc. Form $_POSTS this data to a validationAndProcessing.php page, and determines whether the employee entered data or not in to the fields. If they didn't they are redirected back to the data input page and the field they missed out is highlighted in red. htmlspecialchars() is applied to all data being re-populated to the form from what they entered earlier. Form is then resubmitted to validationAndProcessing.php page, if successful data is entered into the database and employee is taken to display data page. My question is this: If an employee repeatedly enters no data in step 1, they will keep moving between step 1 and 4 each time having htmlspecialchars() applied to the data. So that:- & becomes:- &amp; becomes:- &amp;amp; becomes:- &amp;amp;amp; etc.. How can I stop htmlspecialchars() being applied multiple times to data that is already cleaned? Thanks, Adam

  Read the article

• POSTmethod and PHP- login verification

  - by Neethusha

  I wrote a code for login verification..I got output with GET. But i need output with POST since it is more secure.pls let me know if there is any error in my code. javascript code: var xml; function verifyusernamepasswd(pass) { //pass is password that will be passed as parameter xml=new XMLHttpRequest(); var url="http://localhost/loginvalidate.php"; var para="q="+username+"&p="+pass;//username is global xml.setRequestHeader("Content-type", "application/x-www-form-urlencoded"); xml.setRequestHeader("Content-length", para.length); xml.setRequestHeader("Connection", "close"); xml.open("POST",url,true); xml.onreadystatechange=statechanged1; xml.send(para); } function statechanged1() { if(xml.readyState==4) alert(xml.responseText); } php code: <?php $username=$_POST["q"]; $password=$_POST["p"]; $con=mysql_connect("localhost","root","blaze"); if(!$con) { die('Could not connect: '.mysql.error()); } mysql_select_db("BLAZE",$con) or die("No such Db"); $result=mysql_query("SELECT Passwword FROM USERTABLE WHERE Userhandle='$username'"); if($result==null) echo "false"; else if($result!=null) { $row=mysql_fetch_array($result); if((strcmp($row['Passwword'],$password)==0)) echo "true"; else echo "false"; } ?> the verification does not return anything, cos my alert is not displayed at all...pls tell me whats wrong....

  Read the article

• How to keep form items selected after post request?

  - by Ole Jak

  I have a simple html form. On php page. A simple list is placed on form. I submit this form (selected list items) to this page so it gives me page refresh. I want items which were POSTED to be selected after form was submited. How to do such thing? For my form I use such code: <form action="FormPage.php" method="post"> <select id="Streams" class="multiselect ui-widget-content ui-corner-all" multiple="multiple" name="Streams[]"> <?php $query = " SELECT s.streamId, s.userId, u.username FROM streams AS s JOIN user AS u ON s.userId = u.id LIMIT 0 , 30 "; $streams_set = mysql_query($query, $connection); confirm_query($streams_set); $streams_count = mysql_num_rows($streams_set); while ($row = mysql_fetch_array($streams_set)){ echo '<option value="' , $row['streamId'] , '"> ' , $row['username'] , ' (' , $row['streamId'] ,')' ,'</option> '; } ?> </select> <br/> <input type="submit" class="ui-state-default ui-corner-all" name="submitForm" id="submitForm" value="Play Stream from selected URL's!"/> </fieldset> </form>

  Read the article

• Ajax: strange behaviour while checking a textfield

  - by ilnur777

  I have a registration form with checking the available name for username field through ajax. Inputing a username into username field and pushing the "Check!" button, the script sends value to php script. Then php script replaces the username field with the username field + style like this: <input type="text" name="login" value="'.$_GET["user"].'" style="width:205; height:22; border-width:1; border-color:red; border-style:solid; background-color:rgb(255,232,230);"> So when replacing the username field in the form with its equivalent from php script and then submitting a form, it is then get to script on the page that checks whether the username field is empty or not. And it returns an error that it is empty, though after checking through ajax the username field it has value. I don't understand why it gets to empty field checking script, having the same field name and having value?

  Read the article

• link clickable and wordwrap

  - by newinjs

  hi, i'm using php wordwrap for my comment box. This is my clickable function, function clickable_link($text) { $ret = ' ' . $text; $ret = preg_replace("#(^|[\n ])([\w]+?://[\w\#$%&~/.\-;:=,?@\[\]+]*)#is", "\\1<a class=\"hrefLink\" href=\"\\2\" target=\"_blank\">\\2</a>", $ret); $ret = preg_replace("#(^|[\n ])((www|ftp)\.[\w\#$%&~/.\-;:=,?@\[\]+]*)#is", "\\1<a class=\"hrefLink\" href=\"http://\\2\" target=\"_blank\">\\2</a>", $ret); $ret = preg_replace("#(^|[\n ])([a-z0-9&\-_.]+?)@([\w\-]+\.([\w\-\.]+\.)*[\w]+)#i", "\\1<a href=\"mailto:\\2@\\3\">\\2@\\3</a>", $ret); $ret = substr($ret, 1); return $ret; } and this is my wordwrap for comment $comment = clickable_link($comment); $comment = wordwrap($comment, 25, "\n", false); so, once the word limit for 25 is reached, my comment box break my link http://www.websitetitle.com/showthread.php?t=2000 link become like this http://www.websitetitle.com/showthread.php? <br> t=2000 The link is broken. so is it possible to fix the link or any other workaround? Thank you

  Read the article

• Session variables not getting set but only in Internet Explorer and not on all machines

  - by gaoshan88

  Logging into a site I'm working on functions as expected on my local machine but fails on the remote server but ONLY in Internet Explorer. The kicker is that it works in IE locally, just not on the remote machine. What in the world could cause this? I have stepped through the code on the remote machine and can see the entered login values being checked in the database, they are found and then a login function is called. This sets two $_SESSION variables and redirects to the main admin page. However, in IE only (and not when run on local machine... this is key) the $_SESSION variables are not present by the time you get to the main admin page. var_dump($_SESSION) gives me what I expect on every browser when I am running this in my local environment and in every browser except IE 6, 7 and 8 when run on the remote server (where I get a null value as if nothing has been set for $_SESSION). This really has me stumped so any advice is appreciated. For an example... in IE, run locally, var_dump gives me: array 'Username' => string 'theusername' length=11 'UserID' => string 'somevalue' length=9 Run on the remote server (IE only... works fine in other browsers) var_dump gives me: array(0){} Code: $User = GetUser($Username, $Password); if ($User->UserID <> "") { // this works so we call Login()... Login($User); // this also works and gives expected results. on to redirect... header("Location: index.php"); // a var_dump at index.php shows that there is no session data at all in IE, remotely. } else { header("Location: login.php"); } function Login($data) { $_SESSION['Username'] = $data->Username; $_SESSION['UserID'] = $data->UserID; // a var dump here gives the expected data in every browser }

  Read the article

• CakePHP: Interaction between different files/classes

  - by Alexx Hardt

  Hey, I'm cloning a commercial student management system. Students use the frontend to apply for lectures, uni staff can modify events (time, room, etc). The core of the app will be the algortihm which distributes the seats to students. I already asked about it here: How to implement a seat distribution algorithm for uni lectures Now, I found a class for that algorithm here: http://www.phpclasses.org/browse/file/10779.html I put the 'class GA' into app/vendors. I need to write a 'class Solution', which represents one object (a child, and later a parent for the evolutionary process). I'll also have to write functions mutate(), crossover() and fitness(). fitness calculates a score of a solution, based on if there are overbooked courses etc; crossover() is the crazy monkey sex function which produces a child from two parents, and mutate() modifies a child after crossover. Now, the fitness()-function needs to access a few related models, and their find()-functions. It evaluates a solution's fitness by checking e.g. if there are overbooked courses, or unfulfilled wishes, and penalizes that. Where would I put the ga.php, solution.php and the three functions? ga.php has to access the functions, but the functions have to access the models. I also don't want to call any App::import()'s from within the fitness()-function, because it gets called many thousand times when the algorithm runs. Hope someone can help me. Thanks in advance =)

  Read the article

• Why NOT use POST method here?

  - by Camran

  I have a classifieds website. In the main page (index) I have several form fields which the user may or may not fill in, in order to specify a detailed search of classifieds. Ex: Category: Cars Price from: 3000 Price to: 10000 Color: Red Area: California The forms' action is set to a php page: <form action='query_sql.php' method='post'> In query_sql.php I fetch the variables like this: category=$_POST['category']; etc etc... Then query MySql: $query="SELECT........WHERE category='$category' etc etc.... $results = mysql_query($query); Then I simply display the results of the query to the user by creating a table which is filled in dynamically depending on the results set. However, according to an answer by Col. Shrapnel in my previous Q I shouldn't use POST here: http://stackoverflow.com/questions/3004754/how-to-hide-url-from-users-when-submitting-this-form The reason I use post is simply to hide the "one-page-word-document" long URL in the browsers adress bar. I am very confused, is it okay to use POST or not? It is working fine both when I use GET or POST now... And it is already on a production server... Btw, in the linked question, I wasn't referring to make URL invisible (or hide it) I just wanted it too look better (which I have accomplished with mod_rewrite). UPDATE: If I use GET, then how should I make the url better looking (beautiful)? Check this previous Q out: http://stackoverflow.com/questions/3000524/how-to-make-this-very-long-url-appear-short

  Read the article

• making clean page via page.tpl.php

  - by user360051

  I have a Drupal module creating a page via hook_menu(). I am trying to make it so the page has no extraneous html output, only what I want. You can view the page here, http://www.thomashansen.me/chat/thomas. If you look at the source, you can see a strange script tag at the end. My page-chat.tpl.php looks like this, <?php // $Id$ ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="<?php print $language->language ?>" lang="<?php print $language->language ?>" dir="<?php print $language->dir ?>"> <head> </head> <body> <?php print $content; ?> </body> </html> Where is that script tag coming from? and how do I get rid of it? If you need more information just ask.

  Read the article

• Forget late static binding, I need late static __FILE__ ...

  - by bobthecow

  I'm looking for the get_called_class() equivalent for __FILE__ ... Maybe something like get_included_file()? I have a set of classes which would like to know what directory they exist in. Something like this: <?php class A { protected $baseDir; public function __construct() { $this->baseDir = dirname(__FILE__); } public function getBaseDir() { return $this->baseDir; } } ?> And in some other file, in some other folder... <?php class B extends A { // ... } class C extends B { // ... } $a = new A; echo $a->getBaseDir(); $b = new B; echo $b->getBaseDir(); $c = new C; echo $c->getBaseDir(); // Annnd... all three return the same base directory. ?> Now, I could do something ghetto, like adding $this->baseDir = dirname(__FILE__) to each and every extending class, but that seems a bit... ghetto. After all, we're talking about PHP 5.3, right? Isn't this supposed to be the future? Is there another way to get the path to the file where a class was declared?

  Read the article

• Variable not implementing correctly from if statement

  - by swiftsly

  I have an if statement that is supposed to set the variable $pc162v to a link specified in the MySQL table if content exists in the $vid column of the row. The problem is, the PHP is detecting that there's a link in the MySQL, but isn't setting the $pc162v variable correctly. Here's the variable declarations: $pc162v = ""; $vid162 = '<embed width="420" height="236" src="'.$pc162v.'" type="application/x-shockwave-flash"></embed>'; Here's the section of the if statement: if (empty($row[7])) { $vid162 = ''; } else { $pc162v = $row[7]; } In my web browsers, the part of the code where the variable $vid162 is used, shows up as the following: <embed width="420" height="236" src="" type="application/x-shockwave-flash"> I have also tried setting $vid162 to: <embed width="420" height="236" src="<?php echo $pc162v; ?>" type="application/x-shockwave-flash"></embed> and that just makes the code in my web browser: <embed width="420" height="236" src="<?php echo $pc162v; ?>" type="application/x-shockwave-flash"> Hope someone has a solution! Thanks in advance.

  Read the article

• Can one connection get details of another? Or, how can I get the most detailed pending transaction

  - by bob-the-destroyer

  Is there a Mysql statement which provides full details of any other open connection or user? For this particular case, on myisam tables specifically. Looking at Mysql's SHOW TABLE STATUS documentation, it's missing some very important information for my purpose. For example: remote odbc connection one is inserting several thousand records, which due to a slow connection speed can take up to an hour. Tcp connection two, using PHP on the server's localhost, is running select queries with aggregate functions on that data. Before allowing connection two to run those queries, I'd like connection two to first check to make sure there's no pending inserts on any other connection on those specific tables so it can instead wait until all data is available. If the table is currently being written to, I'd like to spit back to the user of connection two an approximation of how much longer to wait based on the number of pending inserts. Ideally by table, I'd like to get back using a query the timestamp when connection one began the write, total inserts left to be done, and total inserts already completed. Instead of insert counts, even knowing number of bytes written and left to write would work just fine here. Obviously since connection two is a tcp connection via a PHP script, all I can really use in that script is some sort of query. I suppose if I have to, since it is on localhost, I can exec() it if the only way is by a mysql command line option that outputs this info, but I'd rather not. I suppose I could simply update a custom-made transaction log before and after this massive insert task which the PHP script can check, but hopefully there's already a built-in Mysql feature I can take advantage of.

  Read the article

• Remove this URL string when login fails and simply show div error

  - by Anagio

  My developer built our registration page to display a div when logins failed based on a string in the URL. When logins fail this is added to the URL /login?msg=invalid The PHP in my login.phtml which displays the error messages based on the msg= parameter is <?php $msg = ""; $msg = $_GET['msg']; if($msg==""){ $showMsg = ""; } elseif($msg=="invalid"){ $showMsg = ' <div class="alert alert-error"> <a class="close" data-dismiss="alert">×</a> <strong>Error!</strong> Login or password is incorrect! </div>'; } elseif($msg=="disabled"){ $showMsg = "Your account has been disabled."; } elseif($msg==2){ $showMsg = "Your account is not activated. Please check your email."; } ?> In the controller the redirect to that URL is else //email id does not exist in our database { //redirecting back with invalid email(invalid) msg=invalid. $this->_redirect($url."?msg=invalid"); } I know there are a few other validation types for disabled accounts etc. I'm in the process of redesigning the entire interface and would like to get rid of this kind of validation so that the div tags display when logins fail but not show the URL strings. If it matters the new div I want to display is <div class="alert alert-error alert-login"> Email or password incorrect </div> I'd like to replace the php my self in my login.phtml and controller but not a good programmer. What can I replace $this->_redirect($url."?msg=invalid"); with so that no strings are added to the URL and display the appropriate div tags? Thanks

  Read the article

• Accents in uploaded file being replaced with '?'

  - by Katfish

  I am building a data import tool for the admin section of a website I am working on. The data is in both French and English, and contains many accented characters. Whenever I attempt to upload a file, parse the data, and store it in my MySQL database, the accents are replaced with '?'. I have text files containing data (charset is iso-8859-1) which I upload to my server using CodeIgniter's file upload library. I then read the file in PHP. My code is similar to this: $this->upload->do_upload() $data = array('upload_data' => $this->upload->data()); $fileHandle = fopen($data['upload_data']['full_path'], "r"); while (($line = fgets($fileHandle)) !== false) { echo $line; } This produces lines with accents replaced with '?'. Everything else is correct. If I download my uploaded file from my server over FTP, the charset is still iso-8850-1, but a diff reveals that the file has changed. However, if I open the file in TextEdit, it displays properly. I attempted to use PHP's stream_encoding method to explicitly set my file stream to iso-8859-1, but my build of PHP does not have the method. After running out of ideas, I tried wrapping my strings in both utf8_encode and utf8_decode. Neither worked. If anyone has any suggestions about things I could try, I would be extremely grateful.

  Read the article

• Website. VoteUp or VoteDown Videos. How to restrict users voting multiple times?

  - by DJDonaL3000

  Im working on a website (html,css,javascript, ajax, php,mysql), and I want to restrict the number of times a particular user votes for a particular video. Its similar to the YouTube system where you can voteUp or voteDown a particular video. Each vote involves adding a row to the video.votes table, which logs the time, vote direction(up or down), the client IPaddress( using PHP: $ip = $_SERVER['REMOTE_ADDR']; ), and of course the ID of the video in question. Adding votes is as simple as; (pseudocode): Javascript:onClick( vote( a,b,c,d ) ), which passes variables to PHP insertion script via ajax, and finally we replace the voteing buttons with a "Thank You For Voting" message. THE PROBLEM: If you reload/refresh the page after voting, you can vote again, and again, and again, you get the point. MY QUESTION: How do you limit the amount of times a particular user votes for a particular video?? MY THOUGHTS: Do you use cookies, and add a new cookie with the id of the video. And check for a cookie before you insert a new vote.? OR Before you insert the vote, do you use the IPaddress and the videoID to see if this same user(IP) has voted for this same video(vidID) in the past 24hrs(mktime), and either allow or dissallow the voteInsertion based on this query? OR Do you just not care? Take the assumption that most users are sane, and have better things to do than refresh pages and vote repeatedly.?? Any suggestions or ideas welcome.

  Read the article

• Accettend letter and other graphic simbols PHP->JS

  - by Kreker

  I have to read a txt via file php. This file contains some normal so may contains this kind of symbols : € é ò à ° % etc I read the content in php with file_get_contents and transform these for inserenting in SQL database. $contFile = file_get_contents($pathFile); $testoCommento = htmlspecialchars($contFile,ENT_QUOTES); $testoCommento = addslashes($testoCommento); Now if I have this text for example : "l'attesa ?é cruciale fino a quando il topo non viene morso dall'?€" in the database I have this: l&#039;attesa è cruciale fino a quando il topo non veniene morso dall&#039;€ When I was GETTING the data from the database I use the php function for decode html entites $descrizione = htmlspecialchars_decode($risultato['descrizione'],ENT_QUOTES); $descrizione = addslashes($descrizione); Now I use jasvascript and AJAX for getting the table content and display to an HTML page In the browser instead of getting the correct text (€,è) I have square symbol. I think there is some mess with charset code/decode but never figured out. The SQL' table is in "utf8_unicode_ci" format and the column in "utf8_general_ci". The content-type of the page is <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> Thanks for help me!

  Read the article

• protect form hijacking hack

  - by Karem

  Yes hello today I discovered a hack for my site. When you write a msg on a users wall (in my communitysite) it runs a ajax call, to insert the msg to the db and will then on success slide down and show it. Works fine with no problem. So I was rethinking alittle, I am using POST methods for this and if it was GET method you could easily do ?msg=haxmsg&usr=12345679. But what could you do to come around the POST method? I made a new html document, made a form and on action i set "site.com/insertwall.php" (the file that normally are being used in ajax), i made some input fields with names exactly like i am doing with the ajaxcall (msg, uID (userid), BuID (by userid) ) and made a submit button. I know I have a page_protect() function on which requires you to login and if you arent you will be header to index.php. So i logged in (started session on my site.com) and then I pressed on this submit button. And then wops I saw on my site that it has made a new message. I was like wow, was it so easy to hijack POST method i thought maybe it was little more secure or something. I would like to know what could I do to prevent this hijacking? As i wouldnt even want to know what real hackers could do with this "hole". The page_protect secures that the sessions are from the same http user agent and so, and this works fine (tried to run the form without logging in, and it just headers me to startpage) but yea wouldnt take long time to figure out to log in first and then run it. Any advices are appreciated alot. I would like to keep my ajax calls most secure as possible and all of them are running on the POST method. What could I do to the insertwall.php, to check that it comes from the server or something.. Thank you

  Read the article

• Extending / changing how Zend_Search_Lucene searches

  - by Grant Collins

  Hi, I am currently using Zend_Search_Lucene to index and search a number of documents currently at around a 1000 or so. What I would like to do is change how the engine scores hits on a document, from the current default. Zend_Search_Lucene scores on the frequency of number of hits within a document, so a document that has 10 matches of the word PHP will score higher than a document with only 3 matches of PHP. What I am trying to do is pass a number of key words and score depending on the hits of those keywords. e.g. I pass 5 key words say,PHP, MySQL, Javascript, HTML and CSS that I search against the index. One document has 3 matches to those key words and one document has all 4 matches, the 4 matches scores the highest. The number of instances of those words in the document do not concern me. Now I've had a quick look at Zend_Search_Lucene_Search_Similarity however I have to confess that I am not sure (or that bright) to know how to use this to achieve what I am after. Is what I want to do possible using Lucene or is there a better solution out there?

  Read the article

• Can I attach data gathered by a form to a file that is being uploaded?

  - by Jacob

  I need customers to upload files to my website and I want to gather their name or company name and attach it to the file name or create a folder on the server with that as the name so we can keep the files organized. Using PHP to upload file PHP: if(isset($_POST['submit'])){ $target = "upload/"; $file_name = $_FILES['file']['name']; $tmp_dir = $_FILES ['file']['tmp_name']; try{ if(!preg_match('/(jpe?g|psd|ai|eps|zip|rar|tif?f|pdf)$/i', $file_name)) { throw new Exception("Wrong File Type"); exit; } move_uploaded_file($tmp_dir, $target . $file_name); $status = true; } catch (Exception $e) { $fail = true; } } Other PHPw/form: <form enctype="multipart/form-data" action="" method="post"> input type="hidden" name="MAX_FILE_SIZE" value="1073741824" /> label for="file">Choose File to Upload </label> <br />input name="file" type="file" id="file" size="50" maxlength="50" /><br /> input type="submit" name="submit" value="Upload" /> php if(isset($status)) { $yay = "alert-success"; echo "<div class=\"$yay\"> <br/> <h2>Thank You!</h2> <p>File Upload Successful!</p></div>"; } if(isset($fail)) { $boo = "alert-error"; echo "<div class=\"$boo\"> <br/> <h2>Sorry...</h2> <p>There was a problem uploading the file.</p><br/><p>Please make sure that you are trying to upload a file that is less than 50mb and an acceptable file type.</p></div>"; }

  Read the article

• Using $.post for simple ajax test, what am I missing?

  - by Cortopasta

  Playing with jquery for the first time, and I'm trying to get a simple AJAX set up working so I can better understand how things work. Unfortunately, I don't know a whole lot. Here's the HTML with the script: <html> <head> <title>AJAX attempt with jQuery</title> <script type="text/javascript" src="jquery.js"></script> <script type="text/javascript"> function ajax(str){ $("document").ready(function(){ $.post("ajaxjquerytest.php",str,function(){ $("p").html(response); }); }); </script> </head> <body> <input type="text" onchange="ajax(this.value)"></input> <p>Age?</p> </body> </html> And here is the PHP it's talking to: <?php $age = $_POST['age']; if ($age < 30) { echo "Young"; } else if ($age > 30) { echo "Old"; } else { echo "you're 30"; } ?>

  Read the article

< Previous Page | 515 516 517 518 519 520 521 522 523 524 525 526  | Next Page >