Web Development Questions That Don't Need Their Own Thread v2 - Developers

[QUOTE=TerabyteS_;32912939]Can anybody answer this? [B][url]http://serverfault.com/questions/323910/trying-to-play-with-apache-virtual-hosts-getting-access-forbidden-errors/323915#323915[/url][/B] It's driving me crazy (P.S.: first answer did not work)[/QUOTE] it seems like apache doesn't have permissions to view it itself- maybe if you granted apache permissions to read/write?

[QUOTE=Known Havok;32893995]I decided to practice CSS some more but I've come across problem with my footer element not being at the bottom at all times. I want the red footer to be at the bottom always or below the content if you need to scroll. [url]http://dl.dropbox.com/u/18280917/vortexo/index.html[/url] Help is appreciated[/QUOTE] this might be helpful! [url]http://ryanfait.com/sticky-footer/[/url]

[QUOTE=kingzl3y;32914211]this might be helpful! [url]http://ryanfait.com/sticky-footer/[/url][/QUOTE] Holy shit yes

I know PHP can make images. But can php pull an image from another site and present that image? I'll work on altering those images later, I just need a pointer to how this can be done. Like, what is even the function name?

[QUOTE=Sprite;32917797]I know PHP can make images. But can php pull an image from another site and present that image? I'll work on altering those images later, I just need a pointer to how this can be done. Like, what is even the function name?[/QUOTE] you could just use a cron job to file_get_contents and save the image every hour or whatever

[QUOTE=Sprite;32917797]I know PHP can make images. But can php pull an image from another site and present that image? I'll work on altering those images later, I just need a pointer to how this can be done. Like, what is even the function name?[/QUOTE]Uh, are you sure you can't just use [html]<img src="http://www.example.com/pathto/image.png" />[/html]

I think he wants the image to be displayed through PHP so the browser doesn't cache it

[QUOTE=Fleamonji;32918545]I think he wants the image to be displayed through PHP so the browser doesn't cache it[/QUOTE] [QUOTE=Octave;32918116]Uh, are you sure you can't just use [html]<img src="http://www.example.com/pathto/image.png" />[/html][/QUOTE] "...I'll work on altering those images later" (via php)

How do you make a specific web page appear only to specific people? (that have logged in and have specific access.) I have login page on my website, and got post news. I want only people that have speicifc access set in mysql database to be able to post news. I heard cookies will help but how?

[QUOTE=arleitiss;32927642]How do you make a specific web page appear only to specific people? (that have logged in and have specific access.) I have login page on my website, and got post news. I want only people that have speicifc access set in mysql database to be able to post news. I heard cookies will help but how?[/QUOTE] Different user types in your table.

Check their usergroup in the database every time a page loads.

[QUOTE=Octave;32928006]Check their usergroup in the database every time a page loads.[/QUOTE] No, use sessions.

[QUOTE=mobrockers2;32928237]No, use sessions.[/QUOTE]Storing their usergroup in a session is insecure, for one because if the admin decides to change it while that person has a session still, they would remain in the privileged usergroup until they deleted their session cookie and logged in again. Store their userid in the session, and use that on each page load to look up their privileges and other information.

[QUOTE=mobrockers2;32928237]No, use sessions.[/QUOTE] And when you change a usergroup and it's still in the session, what do you do?

Guys any chance of giving me some good link explaning these "sessions" ?

[url]http://www.tizag.com/phpT/phpsessions.php[/url]

[url]http://www.php.net/manual/en/features.sessions.php[/url] Once you understand those, you might want to read up on cross site request forgeries and other session security topics.

[QUOTE=Octave;32928407]Storing their usergroup in a session is insecure, for one because if the admin decides to change it while that person has a session still, they would remain in the privileged usergroup until they deleted their session cookie and logged in again. Store their userid in the session, and use that on each page load to look up their privileges and other information.[/QUOTE] That's... Right. I didn't think of that.

[QUOTE=Octave;32928407]Storing their usergroup in a session is insecure, for one because if the admin decides to change it while that person has a session still, they would remain in the privileged usergroup until they deleted their session cookie and logged in again. Store their userid in the session, and use that on each page load to look up their privileges and other information.[/QUOTE] what about updating the session information?

I think that's what vB does, it just seems unnecessary to store more than you have to on the users computer.

[QUOTE=Octave;32928641]I think that's what vB does, it just seems unnecessary to store more than you have to on the users computer.[/QUOTE] Sessions aren't stored on the users computer.

[QUOTE=mobrockers2;32928710]Sessions aren't stored on the users computer.[/QUOTE] [url]http://www.php.net/manual/en/intro.session.php[/url] "A visitor accessing your web site is assigned a unique id, the so-called session id. This is either stored in a cookie on the user side or is propagated in the URL." Basically, the id is stored on the server as well as the user's computer. They're checked with each other to make sure the user is who he says he is.

[QUOTE=Octave;32928803][url]http://www.php.net/manual/en/intro.session.php[/url] "A visitor accessing your web site is assigned a unique id, the so-called session id. This is either stored in a cookie on the user side or is propagated in the URL." Basically, the id is stored on the server as well as the user's computer. They're checked with each other to make sure the user is who he says he is.[/QUOTE] The session is cleared when the browser is closed. When I say that they are not stored I mean not stored as in the same way as cookies.

[QUOTE=mobrockers2;32928912]The session is cleared when the browser is closed. When I say that they are not stored I mean not stored as in the same way as cookies.[/QUOTE]Yeah, I'm just saying it's unnecessary to store usergroup when you're already going to query the database on each load to get the usergroup.

[QUOTE=Octave;32928803][url]http://www.php.net/manual/en/intro.session.php[/url] "A visitor accessing your web site is assigned a unique id, the so-called session id. This is either stored in a cookie on the user side or is propagated in the URL." Basically, the id is stored on the server as well as the user's computer. They're checked with each other to make sure the user is who he says he is.[/QUOTE] no, that's not what it means. It means the SESSIONID is stored on the user's computer as a cookie (or put in the URL), not the contents of the session. The contents of the session is stored on the server. [editline]23rd October 2011[/editline] [QUOTE=Octave;32928942]Yeah, I'm just saying it's unnecessary to store usergroup when you're already going to query the database on each load to get the usergroup.[/QUOTE] save time and only update it once in a while? [editline]23rd October 2011[/editline] like, every three page loads or every 5 minutes

Is it possible to force a session to update only when the usergroup (or something else) is changed in the database?

[QUOTE=mobrockers2;32929047]Is it possible to force a session to update only when the usergroup (or something else) is changed in the database?[/QUOTE] you'd still need to do the query to check, but yeah.

You save user data with the session (username, level, e-mail, whatever), and refresh it (in other words, re-query the database) for sensitive operations. There's no need to make it more complicated than it is. Computers are fast, stop worrying so much about saving up on a query or two, it's not going to make a difference.

[QUOTE=StinkyJoe;32929088]You save user data with the session (username, level, e-mail, whatever), and refresh it (in other words, re-query the database) for sensitive operations.[/QUOTE] Ehhhh I just don't like the idea of storing more than what's needed to link a user to a session. It's not a cache, if you want to cache that stuff put it in a key-value store which you can purge easily from an application.

[QUOTE=TheWho;32929210]Ehhhh I just don't like the idea of storing more than what's needed to link a user to a session. It's not a cache, if you want to cache that stuff put it in a key-value store which you can purge easily from an application.[/QUOTE] The line between both is blurry, particularly if you already have a good setup with something like Redis handling your sessions. There's nothing wrong with storing a sizable(within reason) amount of data in a user session, just remember to refresh that data appropriately.