Web Dev Questions That Don't Need Their Own Thread v4 - Developers

div#col2{width:calc(100% - 1em)} (replace 1em with whatever margin you want) you can do this although, it depends on the parent element too, if your body is 100% wide, you can absolutely position the second column parent, give it 70% width or whatever you are doing here - then when you do the 100% calc on col2 it will function correctly.

[QUOTE=Cyberuben;44659459]There are many plugins out there for popular forum software such as MyBB, SMF, Xenforo, IPBoard. Also for content management systems such as Drupal, Joomla etc. I'm sure that you can find a plugin for those on the official websites of these forums. Though, if you don't have a forum but just a regular website coded by someone, you could ask them to make something like this. You can download any PayPal donation script and see how they handle the donations. When I first started using PayPal to accept donations (roughly 2.5 years ago), I downloaded a MyBB plugin called "Buy Credits". This plugin had 2 files where 1 file handled the incoming callbacks from PayPal. I found it very useful to read what they did, and I started writing my own plugin using the knowledge I gathered from the script I downloaded. Right now I use the PayPal REST API to handle donations, mainly because it gives me way more flexibility. If you want I can help you around some time, though, it's not THAT difficult to create a plugin like this if you have some programming skills.[/QUOTE] Well i do have a forum (ModernBB) I think i will do it the same way you did. I just had no idea what to look/search for, since i dont know what such a thing was called. (English is my second language, so i got a bit of trouble some times to exspress what i wanna describe) And i do have much knowledge on programming, however mostly ASPX. So i will most likely return to get a bit of help, to check if what im doing is right. Because im thinking i wanna tie how much a person has donated together with his forum account, and give the person ranks based on how much he has donated (Donater, super donater, and so on) Im guessing that shoudl be fairly easy to incorporate with a bunch of PHP :) Anyways thanks for the help! :)

How do I properly define a cookie? Do I set multiple cookies with different values, or one cookie with i.e. json in it? I have 2 domain names though, .com and .co.uk, do I have to set 2 cookies or can I use some kind of wildcard for the domain? And is there a way to structure it so I have $_COOKIE['login']['username']? [url=http://jaspan.com/improved_persistent_login_cookie_best_practice](I'm trying to work out this method)[/url]

[QUOTE=Cyberuben;44678164]How do I properly define a cookie? Do I set multiple cookies with different values, or one cookie with i.e. json in it? I have 2 domain names though, .com and .co.uk, do I have to set 2 cookies or can I use some kind of wildcard for the domain? And is there a way to structure it so I have $_COOKIE['login']['username']? [url=http://jaspan.com/improved_persistent_login_cookie_best_practice](I'm trying to work out this method)[/url][/QUOTE] You should only be storing one identifier in the cookie (i.e. User ID, username, etc) and looking it up in the database when needed.

[QUOTE=supersnail11;44678451]You should only be storing one identifier in the cookie (i.e. User ID, username, etc) and looking it up in the database when needed.[/QUOTE] I'd generate a unique, random token that is used just for identifying users from cookies instead of using a user id or username.

The problem is cookie theft. That's why I want to store the 3. I just want to do it properly, and not get told "But no one will hack your website's visitors".

[QUOTE=Cyberuben;44678548]The problem is cookie theft. That's why I want to store the 3.[/QUOTE] You can't secure a user from cookie theft, but you can add a few layers to the generated token. Include IP & Browser Agent in the algorithm. This simply adds another layer and can easily be bypassed by the attacker with IP Spoofing and Agent Spoofing, but there's not much more to do. It just makes the life a little bit harder for the attacker. As long as you secure critical actions such as changing password, email or deleting things requires a user to provide their password before the action goes through you have enough security provided.

[QUOTE=Svenskunganka;44678855]You can't secure a user from cookie theft, but you can add a few layers to the generated token. Include IP & Browser Agent in the algorithm. This simply adds another layer and can easily be bypassed by the attacker with IP Spoofing and Agent Spoofing, but there's not much more to do. It just makes the life a little bit harder for the attacker. As long as you secure critical actions such as changing password, email or deleting things requires a user to provide their password before the action goes through you have enough security provided.[/QUOTE] I use sign in through Steam, I have no username or password to authenticate with.

[QUOTE=Cyberuben;44678907]I use sign in through Steam, I have no username or password to authenticate with.[/QUOTE] You can still secure the cookie a bit. To be honest, it all depends on what kind of service you're making. I know GameTracker secures with IP and/or agent since my cookies is shared between my PC and smartphone, and I have to re-log when connecting from the smartphone.

[QUOTE=Svenskunganka;44678969]You can still secure the cookie a bit. To be honest, it all depends on what kind of service you're making. I know GameTracker secures with IP and/or agent since my cookies is shared between my PC and smartphone, and I have to re-log when connecting from the smartphone.[/QUOTE] And that is exactly what I do not want. Therefor I wanted to use the method I provided, but I don't know how to properly do it.

[QUOTE=Cyberuben;44678548]The problem is cookie theft. That's why I want to store the 3. I just want to do it properly, and not get told "But no one will hack your website's visitors".[/QUOTE] If someone can steal one cookie, they will probably be able to steal the others as well.

Alright, this is silly. I'm getting all the files matching a certain filename via Glob, and then I'm running a foreach where, if the filename's string DOESN'T have @2x, it will sum 1 to a counter. [code] $repeated_names = glob("./".$_GET['type']."/".$repeated_name."*.png"); $count=0; foreach($repeated_names as $repeated_value){ if(strpos(strtolower($repeated_value),'@2x') !== true){ $count++;} } [/code] As I understand it, if @2x isn't positioned on the string, count will rise. However, it's counting all the files, ignoring that previous condition. Any ideas what might be causing it? Example of values: [QUOTE] ./misc/comboburst.png ./misc/comboburst@2x.png ./misc/menu-back@2x.png ./misc/menu-background.png ./misc/menu-background@2x.png ./misc/play-skip.png ./misc/play-skip@2x.png[/QUOTE]

[QUOTE=Coment;44679601]Alright, this is silly. I'm getting all the files matching a certain filename via Glob, and then I'm running a foreach where, if the filename's string DOESN'T have @2x, it will sum 1 to a counter. [code] $repeated_names = glob("./".$_GET['type']."/".$repeated_name."*.png"); $count=0; foreach($repeated_names as $repeated_value){ if(strpos(strtolower($repeated_value),'@2x') !== true){ $count++;} } [/code] As I understand it, if @2x isn't positioned on the string, count will rise. However, it's counting all the files, ignoring that previous condition. Any ideas what might be causing it? Example of values:[/QUOTE] strpos doesn't return true when it finds a match, it returns an integer that specifies the character that the searched string starts at, so when you are checking if that !== true, it's always going to be true, because an integer is always not identical to true. Using the extra = means you are checking the type of the two compared values as well, and a boolean and integer do not match. [url]http://www.php.net/manual/en/language.operators.comparison.php[/url] Change it to "strpos(...) === false" instead of "strpos(...) !== true". Using === is important because strpos can return 0 and "0 == false" is true, whereas "0 === false" is not.

[QUOTE=Cyberuben;44678548]The problem is cookie theft. That's why I want to store the 3. I just want to do it properly, and not get told "But no one will hack your website's visitors".[/QUOTE] As KmartSqrl said, if they can steal one cookie, they can steal the others. You should store unique identifiers about the user in the cookie (hashed, of course). [QUOTE=Svenskunganka;44678855]You can't secure a user from cookie theft, but you can add a few layers to the generated token. Include IP & Browser Agent in the algorithm. This simply adds another layer and can easily be bypassed by the attacker with IP Spoofing and Agent Spoofing, but there's not much more to do. It just makes the life a little bit harder for the attacker. As long as you secure critical actions such as changing password, email or deleting things requires a user to provide their password before the action goes through you have enough security provided.[/QUOTE] Spoofing an IP over TCP is not easy, especially since TCP requires a handshake. At that point, the attacker would just eavesdrop on the packets - which is why you should be using TLS.

so hopefully i can make up for my mistake from before. Local bowling alley know we're just starting and is allowing us to remake their site (we're doing it free of course). what do ya'll think about this so far? [url]http://serratedservers.com/portfolio/wip/bowling/index.html[/url] its not nearly finished yet of course, so the contact us doesnt work and i have more things to add.

That overflow-y: scroll; on the body in your desktop CSS gives me a scrollbar even when there's nothing to scroll. I removed it and it works as I'd expect (when there's enough content on the screen, it appears automatically).

[QUOTE=Coment;44684735]That overflow-y: scroll; on the body in your desktop CSS gives me a scrollbar even when there's nothing to scroll. I removed it and it works as I'd expect (when there's enough content on the screen, it appears automatically).[/QUOTE] Yes but when it appears it makes the site bounce a bit, really annoying to look at. I've multiple times added a overflow-y: scroll; to my body to avoid this from happening. [editline]30th April 2014[/editline] Also change the "Email me" to "Email us" on the contact formula, when hovering the menu icon it says "us".

[QUOTE=Coment;44684735]That overflow-y: scroll; on the body in your desktop CSS gives me a scrollbar even when there's nothing to scroll. I removed it and it works as I'd expect (when there's enough content on the screen, it appears automatically).[/QUOTE] doesn't hurt having it though.

[QUOTE=FrankPetrov;44684460]so hopefully i can make up for my mistake from before. Local bowling alley know we're just starting and is allowing us to remake their site (we're doing it free of course). what do ya'll think about this so far? [url]http://serratedservers.com/portfolio/wip/bowling/index.html[/url] its not nearly finished yet of course, so the contact us doesnt work and i have more things to add.[/QUOTE] This needs a lot of work. Just using icons for a navigation menu is [I]really[/I] bad UX. I shouldn't have to hover to see where one of those icons goes, and touch screens don't have hover. There is no name or logo in the header. This place does have a logo, right? Make their brand stronger, the whole site doesn't even feel like a bowling alley site to me, it feels like a generic "modern web design" dribbble shot. Literally the only things bowling related are the picture on the home page and the about page. Find a cool shot of some pins to use as the background or something instead. There is no contact information. There should [B]absolutely[/B] be a phone number somewhere in the header. If a business has a phone number for customers, that number should always be prominent on the website. There is no address anywhere on the site. How are customers supposed to find the bowling alley if there is no address listed? I'd put it in the footer or put a google maps link by the phone number that should be in the header. Web design is not just about making a site pretty and flashy. You are building a site to serve a businesses goals, and right now I really don't think it's going to do a very good job at that.

I also noticed that the website is quite slow. There are too many things going on on the screen and the effects don't seem to be smooth. I see you capitalized the first letter of random words, makes it really annoying to read.

I'm not sure if anyone of you are using this already but I found a neat little add-on for Chrome, Firefox and Opera which makes our web dev lifes a little easier. Works on Windows, Linux and OSX. [url]http://chrispederick.com/work/web-developer/[/url]

For Chrome and Firefox at least, isn't most of that included already in the built in web developer tools?

[QUOTE=djjkxbox360;44687834]For Chrome and Firefox at least, isn't most of that included already in the built in web developer tools?[/QUOTE] If you mean the F12 menu on Chrome, it doesn't have half the tools that that tool does have. I installed it immediatly and also forwarded it to my dad.

[QUOTE=Cyberuben;44687922]If you mean the F12 menu on Chrome, it doesn't have half the tools that that tool does have. I installed it immediatly and also forwarded it to my dad.[/QUOTE] Fair enough, I just had a quick look at the features section on the website and it says stuff like CSS editing, displaying image file sizes, DOM inspector, clearing session cookies, which are possible already, but there are most likely many other features not mentioned there

[QUOTE=djjkxbox360;44687978]Fair enough, I just had a quick look at the features section on the website and it says stuff like CSS editing, displaying image file sizes, DOM inspector, clearing session cookies, which are possible already, but there are most likely many other features not mentioned there[/QUOTE] How about you try it and see in what ways it benefits you? :smile:

[QUOTE=FrankPetrov;44684460]so hopefully i can make up for my mistake from before. Local bowling alley know we're just starting and is allowing us to remake their site (we're doing it free of course). what do ya'll think about this so far? [url]http://serratedservers.com/portfolio/wip/bowling/index.html[/url] its not nearly finished yet of course, so the contact us doesnt work and i have more things to add.[/QUOTE] If you're doing it for work, you [URL="http://html5up.net/uploads/demos/astral/"]should stop using other people's designs[/URL].

[QUOTE=supersnail11;44688309]If you're doing it for work, you [URL="http://html5up.net/uploads/demos/astral/"]should stop using other people's designs[/URL].[/QUOTE] For fucks sake again? Seriously Frank can't you just do something entirely yourself so we can actually come with proper feedback that might [B]help[/B] you?

[QUOTE=Moofy;44688628]For fucks sake again? Seriously Frank can't you just do something entirely yourself so we can actually come with proper feedback that might [B]help[/B] you?[/QUOTE] The worst part is that the CC-BY3.0 (under which the template is licensed) literally allows him to anything, as long as he had kept the fucking license header, which he stripped out on purpose

MyBB has a structure where on every page it loads information from a certain user into a variable named "$mybb->user". It is basically a copy of the "mybb_user" table, but I've noticed that this is cached. I'm trying to achieve the same with my website. I have a function that is called "$core->load_user($uid)", where I want the information from a certain user to be stored into the "$core->user" array. Though, I don't want this to be a too complex system and neither do I want this to be too intensive for the server. Anyone have a clue how to properly do it? Currently I have the following check on top of every page (index.php): [code]$core = new Core(); if(!isset($_SESSION['user']) && isset($_COOKIE['ff_login'])) { $core->log_in(); }[/code] This logs in a certain user if their cookie is set (and checked for validity in the log_in() function). Here is my log_in() function: [code] public function log_in() { if(isset($_COOKIE['ff_login'])) { $sql = sprintf("SELECT uid FROM ff_cookies WHERE id = '%s'", $_COOKIE['ff_login']); $query = mysql_query($sql) or die("MySQL error: ".mysql_error()); if(mysql_num_rows($query) == 1) { $this->load_user(mysql_result($query, 0, 'uid')); create_user_cookie($this->user['uid']); }else{ return false; } }else{ return false; } } [/code] My load_user() function: [code]public function load_user($uid) { $sql = sprintf("SELECT * FROM ff_users WHERE uid = %d", $uid); $query = mysql_query($sql) or die("MySQL error: ".mysql_error()); if(mysql_num_rows($query) == 1) { $this->user = mysql_fetch_assoc($query); $_SESSION['user'] = $this->user; return true; } return false; }[/code] I am wondering if I am taking the right approach here. I haven't worked with classes in PHP before (even though I have worked with PHP for almost 3 years) but I do work with them in C++ quite often (obviously). Anyone willing to walk me through creating the basics of my system? I think that once I get the hang of it I'll be able to walk this path alone, but since I never wrote a website completely from scratch with a complex system like this, I might need some help. I always used a simple login script and from there only checked if the $_SESSION['login'] variable was set, but nothing complex involving usergroups and multiple fields that have to be used everywhere and nowhere on the website.

[QUOTE=Cyberuben;44690549] [code] public function log_in() { if(isset($_COOKIE['ff_login'])) { $sql = sprintf("SELECT uid FROM ff_cookies WHERE id = '%s'", $_COOKIE['ff_login']); $query = mysql_query($sql) or die("MySQL error: ".mysql_error()); if(mysql_num_rows($query) == 1) { $this->load_user(mysql_result($query, 0, 'uid')); create_user_cookie($this->user['uid']); }else{ return false; } }else{ return false; } } [/code][/QUOTE] You should be escaping this cookie value before you use it in a query.