Web Development Questions That Don't Need Their Own Thread v2
3,079 replies, posted
header('Location: ' . $_REQUEST['gb']);
[QUOTE=TehWhale;30292513]header('Location: ' . $_REQUEST['gb']);[/QUOTE]
the idea was busted anyway, I forgot how I made it for a short span of time and put that in there and never took it out.
[QUOTE=zzlawlzz;30291078]I think I get how cookies work, but it's session that is really confusing me.
Either I'm thinking too hard for something that isn't there but I think is there, or I'm just really bad at understand this.
[editline]6th June 2011[/editline]
would cookie be an easy way out if I don't get how to use session? or is there a bad side of cookies.[/QUOTE]
Just to put this out there, cookies are [noparse][b]not[/b][/noparse] a reliable source of data. For example, you would not want to use,
[php]
<?php
if (empty($_COOKIE['auth'])) {
// Not an admin, leave
die();
}
// Super secret admin stuff;
[/php]
Any user could easily alter their cookies to include the auth cookie. For example, (in Javascript), document.cookie = "auth=1";
[QUOTE=deadeye536;30295303]Just to put this out there, cookies are [b]not[/b] a reliable source of data. For example, you would not want to use,
[php]
<?php
if (empty($_COOKIE['auth'])) {
// Not an admin, leave
die();
}
// Super secret admin stuff;
[/php]
Any user could easily alter their cookies to include the auth cookie. For example, (in Javascript), document.cookie = "auth=1";[/QUOTE]
for cookie, I would add user id and some randomly generated code that links to the account and use $_cookie to verify that person. I won't be efficient, but I really do not understand any of this.
[QUOTE=zzlawlzz;30296910]for cookie, I would add user id and some randomly generated code that links to the account and use $_cookie to verify that person. I won't be efficient, but I really do not understand any of this.[/QUOTE]
See, when you use sessions with php, it will send the user a cookie with the session id, and keeps all the $_SESSION[...] on the server for that id. Maybe I'm doing authentication wrong, too, but to me, it's not a good idea to store the 'admin=1' directly with cookies, and should be done with sessions, so that someone can't just open up the developer console and change the cookie's value.
What I used for one of my old projects is a system like this:
Cookie
ID (user id): 2
Hash: askhas5h5jha985ajhs5kas5has5ljkhas
The hash would be made up of something like this:
sha1($UserID . $salt . $Username . md5($salt))
So therefore when the user logged in with a cookie, you'd query the database to check if the user is who they say they are. They can change their ID but that'll just log them out because the hash won't verify.
[QUOTE=TehWhale;30297245]What I used for one of my old projects is a system like this:
Cookie
ID (user id): 2
Hash: askhas5h5jha985ajhs5kas5has5ljkhas
The hash would be made up of something like this:
sha1($UserID . $salt . $Username . md5($salt))
So therefore when the user logged in with a cookie, you'd query the database to check if the user is who they say they are. They can change their ID but that'll just log them out because the hash won't verify.[/QUOTE]
I'm pretty sure askhas5h5jha985ajhs5kas5has5ljkhas isn't hexadecimal
[QUOTE=Ac!dL3ak;30297451]I'm pretty sure askhas5h5jha985ajhs5kas5has5ljkhas isn't hexadecimal[/QUOTE]it was a bunch of random shit on my keyboard
[QUOTE=TehWhale;30297475]it was a bunch of random shit on my keyboard[/QUOTE]
I can tell, the over-use of a, s, j, k, and h kinda gives it away.
[QUOTE=Ac!dL3ak;30297517]I can tell, the over-use of a, s, j, k, and h kinda gives it away.[/QUOTE]then your comment was needed, why?
[QUOTE=Ac!dL3ak;30297517]I can tell, the over-use of a, s, j, k, and h kinda gives it away.[/QUOTE]
you should be a profiler.
[QUOTE=zzlawlzz;30297717]you should be a profiler.[/QUOTE]
yes because everyone in the world doesn't have at least a tiny bit of common sense.
so like I'm working on my summative and I need help on getting this banner to stay in the text box regardless of the zoom/size of the browser.
[IMG]http://i.imgur.com/tRwZC.png[/IMG]
Anyone ever had a problem with centering a div... It's fine but when the content stretches the page, the width of the page [i]appears[/i] to be changing because the centered div shifts to the left left about 10 pixels, it seems to be messing with the "margin: 0 auto;" setting. It wouldn't be a problem but I'm using ajax to reload only the main content div and the changing of the centering messes with the smoothness look...
[QUOTE=TehWhale;30297245]What I used for one of my old projects is a system like this:
Cookie
ID (user id): 2
Hash: askhas5h5jha985ajhs5kas5has5ljkhas
The hash would be made up of something like this:
sha1($UserID . $salt . $Username . md5($salt))
So therefore when the user logged in with a cookie, you'd query the database to check if the user is who they say they are. They can change their ID but that'll just log them out because the hash won't verify.[/QUOTE]
...Or you could just have used PHP sessions instead of reimplementing them.
[QUOTE=vepa;30310302]...Or you could just have used PHP sessions instead of reimplementing them.[/QUOTE]yeah i found that out afterwards
What's the best way to create a subscription based content site?
Are there any CMS solutions that will work, or do I need to actually start learning php?
[QUOTE=Vietnow;30312117]What's the best way to create a subscription based content site?
Are there any CMS solutions that will work, or do I need to actually start learning php?[/QUOTE]
I have no doubt any of the major php CMS have support for that - drupal, joomla, even wordpress. There's no need to roll your own, and it's certainly not something I'd recommend as a first project.
Should I use PHP or RoR?
This is what should happen;
User enters link into form [B]>[/B] puts it into a database (Sorted by the time, the oldest links first) [B]>[/B] content of the link is displayed [B]>[/B] moves onto the next link once the other one has finished displaying. This is repeated..
[php]$stmt = $dbh->prepare("INSERT INTO person (username,password,random,activated,regdate,email,ip,realname,location,steam,twitter,about,youtube,banned,bannedreason,activationkey) VALUES(:username,:password,:random,:activated,:regdate,:email,:ip,:realname,:location,:steam,:twitter,:about,:youtube,:banned,:bannedreason,:activationkey)");
//username,password,random,activated,regdate,email,ip,realname,location,steam,twitter,about,youtube,banned,bannedreason,activationkey
$stmt->bindParam(':username', $user);
$stmt->bindParam(':password', $pass);
$stmt->bindParam(':random', $random);
$stmt->bindParam(':activated', $zero);
$stmt->bindParam(':regdate', $today);
$stmt->bindParam(':email', $mail);
$stmt->bindParam(':ip', $ip);
$stmt->bindParam(':realname', $nap);
$stmt->bindParam(':location', $nap);
$stmt->bindParam(':steam', $nap);
$stmt->bindParam(':twitter', $nap);
$stmt->bindParam(':about', $nap);
$stmt->bindParam(':youtube', $nap);
$stmt->bindParam(':banned', $zero);
$stmt->bindParam(':bannedreason', $nap);
$stmt->bindParam(':acticationkey', $activate);
$user = $_POST['user'];
$pass = $_POST['pass'];
//$pass = hash('sha512',$_POST['pass']);
$random = $codegen1;
$today = date("m/d/y");
$mail = $_POST['mail'];
$ip = $_SERVER['REMOTE_ADDR'];
$nap = "n/a";
$activate = $codegen;
$zero = "0";
$stmt->execute();[/php]
What am I doing wrong?
[code]
Warning: PDOStatement::execute() [pdostatement.execute]: SQLSTATE[HY093]: Invalid parameter number: parameter was not defined in /home/zzlawlzz/public_html/testing/register.php on line 65[/code]
Declare everything before you prepare and bind it.
Should fix it, but I dunno.
what's on line 65
[QUOTE=Ac!dL3ak;30316429]what's on line 65[/QUOTE]
PDOStatement::execute(), so in this case, $stmt->execute (line 32).
Here's your bug:
[code]
$stmt->bindParam(':acticationkey', $activate);
[/code]
[b]acticationkey[/b] --> [b]activationkey[/b]
actication v:v:v
[QUOTE=StinkyJoe;30316575]PDOStatement::execute(), so in this case, $stmt->execute (line 32).
Here's your bug:
[code]
$stmt->bindParam(':acticationkey', $activate);
[/code]
[b]acticationkey[/b] --> [b]activationkey[/b][/QUOTE]
:eng99:
thanks.
Sorry, you need to Log In to post a reply to this thread.
