Search Results

Search found 43347 results on 1734 pages for 'php security'.

Page 464/1734 | < Previous Page | 460 461 462 463 464 465 466 467 468 469 470 471 | Next Page >

Pagination, next page doesn`t display

- by user1738013

if I click page 2 that`s error: Not Found The requested URL /rank/GetAll/30 was not found on this server. My link is: http://localhost/rank/GetAll/30 Model: Rank_Model <?php Class Rank_Model extends CI_Model { public function __construct() { parent::__construct(); } public function record_count() { return $this->db->count_all("ranking"); } public function fifa_rank($limit, $start) { $this->db->limit($limit, $start); $query = $this->db->get("ranking"); if ($query->num_rows() > 0) { foreach ($query->result() as $row) { $data[] = $row; } return $data; } return false; } } ?> Controller: Rank <?php if ( ! defined('BASEPATH')) exit('No direct script access allowed'); class rank extends CI_Controller { function __construct() { parent::__construct(); $this->load->helper("url"); $this->load->helper(array('form', 'url')); $this->load->model('Rank_Model','',TRUE); $this->load->library("pagination"); } function GetAll() { $config = array(); $config["base_url"] = base_url() . "rank/GetAll"; $config["total_rows"] = $this->Rank_Model->record_count(); $config["per_page"] = 30; $config["uri_segment"] = 3; $this->pagination->initialize($config); $page = ($this->uri->segment(3)) ? $this->uri->segment(3) : 0; $data["results"] = $this->Rank_Model->fifa_rank($config["per_page"], $page); $data['errors_login'] = array(); $data["links"] = $this->pagination->create_links(); $this->load->view('left_column/open_fifa_rank',$data); } } View Open: open_fifa_rank <?php $this->load->view('mains/header'); $this->load->view('login/loggin'); $this->load->view('mains/menu'); $this->load->view('left_column/left_column_before'); $this->load->view('left_column/menu_left'); $this->load->view('left_column/left_column'); $this->load->view('center/center_column_before'); $this->load->view('left_column/fifa_rank'); $this->load->view('center/center_column'); $this->load->view('right_column/right_column_before'); $this->load->view('login/zaloguj'); $this->load->view('right_column/right_column'); $this->load->view('mains/footer'); ?> and View: fifa_rank <table> <thead> <tr> <td>Pozycja</td> <td>Kraj</td> <td>Punkty</td> <td>Zmiana</td> </tr> </thead> <?php foreach($results as $data) {?> <tbody> <tr> <td><?php print $data->pozycja;?></td> <td><?php print $data->kraj;?></td> <td><?php print $data->punkty;?></td> <td><?php print $data->zmiana;?></td> </tr> <?php } ?> </tbody> </table> <p><?php echo $links; ?></p> Maybe you know where is my problem? Now I know where is my problem. In first page I have link: http://localhost/index.php/rank/GetAll But on the next: http://localhost/rank/GetAll/30 In secend link, I don`t have index.php. How can I fix it?

Read the article
files get uploaded just before they get cancelled

- by user1763986

Got a little situation here where I am trying to cancel a file's upload. What I have done is stated that if the user clicks on the "Cancel" button, then it will simply remove the iframe so that it does not go to the page where it uploads the files into the server and inserts data into the database. Now this works fine if the user clicks on the "Cancel" button in quickish time the problem I have realised though is that if the user clicks on the "Cancel" button very late, it sometimes doesn't remove the iframe in time meaning that the file has just been uploaded just before the user has clicked on the "Cancel" button. So my question is that is there a way that if the file does somehow get uploaded before the user clicks on the "Cancel" button, that it deletes the data in the database and removes the file from the server? Below is the image upload form: <form action="imageupload.php" method="post" enctype="multipart/form-data" target="upload_target_image" onsubmit="return imageClickHandler(this);" class="imageuploadform" > <p class="imagef1_upload_process" align="center"> Loading...<br/> <img src="Images/loader.gif" /> </p> <p class="imagef1_upload_form" align="center"> <br/> <span class="imagemsg"></span> <label>Image File: <input name="fileImage" type="file" class="fileImage" /></label><br/> <br/> <label class="imagelbl"><input type="submit" name="submitImageBtn" class="sbtnimage" value="Upload" /></label> </p> <p class="imagef1_cancel" align="center"> <input type="reset" name="imageCancel" class="imageCancel" value="Cancel" /> </p> <iframe class="upload_target_image" name="upload_target_image" src="#" style="width:0px;height:0px;border:0px;solid;#fff;"></iframe> </form> Below is the jquery function which controls the "Cancel" button: $(imageuploadform).find(".imageCancel").on("click", function(event) { $('.upload_target_image').get(0).contentwindow $("iframe[name='upload_target_image']").attr("src", "javascript:'<html></html>'"); return stopImageUpload(2); }); Below is the php code where it uploads the files and inserts the data into the database. The form above posts to this php page "imageupload.php": <body> <?php include('connect.php'); session_start(); $result = 0; //uploads file move_uploaded_file($_FILES["fileImage"]["tmp_name"], "ImageFiles/" . $_FILES["fileImage"]["name"]); $result = 1; //set up the INSERT SQL query command to insert the name of the image file into the "Image" Table $imagesql = "INSERT INTO Image (ImageFile) VALUES (?)"; //prepare the above SQL statement if (!$insert = $mysqli->prepare($imagesql)) { // Handle errors with prepare operation here } //bind the parameters (these are the values that will be inserted) $insert->bind_param("s",$img); //Assign the variable of the name of the file uploaded $img = 'ImageFiles/'.$_FILES['fileImage']['name']; //execute INSERT query $insert->execute(); if ($insert->errno) { // Handle query error here } //close INSERT query $insert->close(); //Retrieve the ImageId of the last uploded file $lastID = $mysqli->insert_id; //Insert into Image_Question Table (be using last retrieved Image id in order to do this) $imagequestionsql = "INSERT INTO Image_Question (ImageId, SessionId, QuestionId) VALUES (?, ?, ?)"; //prepare the above SQL statement if (!$insertimagequestion = $mysqli->prepare($imagequestionsql)) { // Handle errors with prepare operation here echo "Prepare statement err imagequestion"; } //Retrieve the question number $qnum = (int)$_POST['numimage']; //bind the parameters (these are the values that will be inserted) $insertimagequestion->bind_param("isi",$lastID, 'Exam', $qnum); //execute INSERT query $insertimagequestion->execute(); if ($insertimagequestion->errno) { // Handle query error here } //close INSERT query $insertimagequestion->close(); ?>  <script> window.top.stopImageUpload(<?php echo $result; ?>, '<?php echo $_FILES['fileImage']['name'] ?>'); </script> </body> UPDATE: Below is the php code "cancelimage.php" where I want to delete the cancelled file from the server and delete the record from the database. It is set up but not finished, can somebody finish it off so I can retrieve the name of the file and it's id using $_SESSION? <?php // connect to the database include('connect.php'); /* check connection */ if (mysqli_connect_errno()) { printf("Connect failed: %s\n", mysqli_connect_error()); die(); } //remove file from server unlink("ImageFiles/...."); //need to retrieve file name here where the ... line is //DELETE query statement where it will delete cancelled file from both Image and Image Question Table $imagedeletesql = " DELETE img, img_q FROM Image AS img LEFT JOIN Image_Question AS img_q ON img_q.ImageId = img.ImageId WHERE img.ImageFile = ?"; //prepare delete query if (!$delete = $mysqli->prepare($imagedeletesql)) { // Handle errors with prepare operation here } //Dont pass data directly to bind_param store it in a variable $delete->bind_param("s",$img); //execute DELETE query $delete->execute(); if ($delete->errno) { // Handle query error here } //close query $delete->close(); ?> Can you please provide an sample code in your answer to make it easier for me. Thank you

Read the article
Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given in

- by alundra00

hi i am new to php and now i having problem with login Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given in... Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given in.... coding php: <?php include ("config/koneksi.php"); include ("config/library.php"); $pass = md5($_POST['password']); $login = mysql_query("SELECT * FROM user WHERE id_user='$_POST[username]' AND sesi='$pass'"); $found = mysql_num_rows($login); //error $r = mysql_fetch_array($login); //error if ($r){ session_start(); session_register("username"); session_register("sesi"); session_register("role"); $_SESSION[username] = $r[id_user]; $_SESSION[sesi] = $r[sesi]; $_SESSION[role]= $r[role]; header ('location:home.php'); }

Read the article
mysql_query() returns returns true, but mysql_num_rows() and mysql_fetch_array() give "not a valid r

- by zlance4012

Here is the code in question: -----From index.php----- require_once('includes/DbConnector.php'); // Create an object (instance) of the DbConnector $connector = new DbConnector(); // Execute the query to retrieve articles $query1 = "SELECT id, title FROM articles ORDER BY id DESC LIMIT 0,5"; $result = $connector-query($query1); echo "vardump1:"; var_dump($result); echo "\n"; /(!line 17!)/ echo "Number of rows in the result of the query:".mysql_num_rows($result)."\n"; // Get an array containing the results. // Loop for each item in that array while ($row = $connector-fetchArray($result)){ echo ' '; echo $row['title']; echo ' '; -----end index.php----- -----included DbConnector.php----- $settings = SystemComponent::getSettings(); // Get the main settings from the array we just loaded $host = $settings['dbhost']; $db = $settings['dbname']; $user = $settings['dbusername']; $pass = $settings['dbpassword']; // Connect to the database $this-link = mysql_connect($host, $user, $pass); mysql_select_db($db); register_shutdown_function(array(&$this, 'close')); } //end constructor //* Function: query, Purpose: Execute a database query * function query($query) { echo "Query Statement: ".$query."\n"; $this-theQuery = $query; return mysql_query($query, $this-link) or die(mysql_error()); } //* Function: fetchArray, Purpose: Get array of query results * function fetchArray($result) { echo "<|"; var_dump($result); echo "| \n"; /(!line 50!)/$res= mysql_fetch_array($result) or die(mysql_error()); echo $res['id']."-".$res['title']."-".$res['imagelink']."-".$res['text']; return $res; } -----end DbConnector.php----- -----Output----- Query Statement: SELECT id, title FROM articles ORDER BY id DESC LIMIT 0,5 vardump1:bool(true) PHP Error Message Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /path to/index.php on line 17 Number of rows in the result of the query: <|bool(true) | PHP Error Message Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /path to/DbConnector.php on line 50

Read the article
Screen Scraping Twitter

- by BRADINO

I got an email today asking for help to scrape Twitter. In particular, to be able to login. So I am going to show everyone, NOT to encourage anyone to violate Twitters terms of use but as an educational blog post about how PHP and cURL can be used to post variables and store cookies. Again, I am using the cScrape class I wrote, which you can download. Step 1 First go to twitter.com and look at the source code of the login to get the form field names and the form post location. You will see that the form posts to https://twitter.com/session and the username and password fields are session[username_or_email] and session[password] respectively. Step 2 Now you are ready to login. So using the fetch function in the Scrape class you create an associative array to contain the form values you want to post. The other thing you will need to do is uncomment the lines for CURLOPT_COOKIEFILE and CURLOPT_COOKIEJAR. Cookies will be required to stay logged in and scrape around. The paths to the cookie files need to be writable by your app. Also you will need to uncomment the line about CURLOPT_FOLLOWLOCATION. $data = array('session[username_or_email]' => "bradino", 'session[password]' => "secret"); $scrape->fetch('https://twitter.com/sessions',$data); Step 1.5 Oops that didn't work. All I got back was 403 Forbidden: The server understood the request, but is refusing to fulfill it. Ahhh I see another variable called authenticity_token I bet Twitter was looking for that. So let's back up and first hit twitter.com to get the authenticity_token variable, and then make the login post request with that variable included in our array of parameters. $scrape->fetch('https://twitter.com'); $data = array('session[username_or_email]' => "bradino", 'session[password]' => "secret"); $data['authenticity_token'] = $scrape->fetchBetween('name="authenticity_token" type="hidden" value="','"',$scrape->result); $scrape->fetch('https://twitter.com/sessions',$data); echo $scrape->result; So that's basically it. Now you are logged in and can scrape around and request other pages as you normally would. Sorry it wasn't a longer post. I really do enjoy this kind of stuff so if anyone has a request, hit me up. Errors? 1) Make sure that you are properly parsing the token variable 2) Make sure that you uncommented the lines about CURLOPT_COOKIEFILE and CURLOPT_COOKIEJAR, those options need to be enabled and be sure the path set is writable by your application 3) Make sure that the path to the cookie file is writable and that it is getting data written to it 4) If you get a message about being redirected you need to uncomment the line about CURLOPT_FOLLOWLOCATION, that option needs to be enabled true

Read the article
how to do loop for array which have different data for each array

- by Suriani Salleh

i have this file XML file.. I need to convert it form XMl to MYSQL. if it have only one array than i know how to do it.. now my question how to extract this two array Each array will have different value of data..for example for first array, pmIntervalTxEthMaxUtilization data : 0,74,0,0,48 and for second array pmIntervalRxPowerLevel data: -79,-68,-52 , pmIntervalTxPowerLevel data: 13,11,-55 . can some one help to guide how write php code to extract this xml file to MY SQL <mi> <mts>20130618020000</mts> <gp>900</gp> <mt>pmIntervalRxUndersizedFrames</mt> [ this is first array] <mt>pmIntervalRxUnicastFrames</mt> <mt>pmIntervalTxUnicastFrames</mt> <mt>pmIntervalRxEthMaxUtilization</mt> <mt>pmIntervalTxEthMaxUtilization</mt> <mv> <moid>port:1:3:23-24</moid> <sf>FALSE</sf> <r>0</r> [the data for 1st array i want to insert in DB] <r>0</r> <r>0</r> <r>5</r> <r>0</r> </mv> </mi> <mi> <mts>20130618020000</mts> <gp>900</gp> <mt>pmIntervalRxSES</mt> [this is second array] <mt>pmIntervalRxPowerLevel</mt> <mt>pmIntervalTxPowerLevel</mt> <mv> <moid>client:1:3:23-24</moid> <sf>FALSE</sf> <r>0</r> [the data for 2nd array i want to insert in DB] <r>-79</r> <r>13</r> </mv> </mi> this is the code for one array that i write..i dont know how to write code for two array because the field appear two times and have different data value for each array // Loop through the specified xpath foreach($xml->mi->mv as $subchild) { $port_no = $subchild->moid; $rx_ses = $subchild->r[0]; $rx_es = $subchild->r[1]; $tx_power = $subchild->r[10]; // dump into database; ........................... i have do a little research on it this is the out come... $i = 0; while( $i < 5) { // Loop through the specified xpath foreach($xml->md->mi->mv as $subchild) { $port_no = $subchild->moid; $rx_uni = $subchild->r[10]; $tx_uni = $subchild->r[11]; $rx_eth = $subchild->r[16]; $tx_eth = $subchild->r[17]; // dump into database; .............................. $i++; if( $i == 5 )break; } } // Loop through the specified xpath foreach($xml->mi->mv as $subchild) { $port_no = $subchild->moid; $rx_ses = $subchild->r[0]; $rx_es = $subchild->r[1]; $tx_power = $subchild->r[10]; // dump into database; .......................

Read the article
How to use DI and DI containers

- by Pinetree

I am building a small PHP mvc framework (yes, yet another one), mostly for learning purposes, and I am trying to do it the right way, so I'd like to use a DI container, but I am not asking which one to use but rather how to use one. Without going into too much detail, the mvc is divided into modules which have controllers which render views for actions. This is how a request is processed: a Main object instantiates a Request object, and a Router, and injects the Request into the Router to figure out which module was called. then it instantiates the Module object and sends the Request to that the Module creates a ModuleRouter and sends the Request to figure out the controller and action it then creates the Controller and the ViewRenderer, and injects the ViewRenderer into the Controller (so that the controller can send data to the view) the ViewRenderer needs to know which module, controller and action were called to figure out the path to the view scripts, so the Module has to figure out this and inject it to the ViewRenderer the Module then calls the action method on the controller and calls the render method on the ViewRenderer For now, I do not have any DI container set up, but what I do have are a bunch of initX() methods that create the required component if it is not already there. For instance, the Module has the initViewRenderer() method. These init methods get called right before that component is needed, not before, and if the component was already set it will not initialize it. This allows for the components to be switched, but it does not require manually setting them if they are not there. Now, I'd like to do this by implementing a DI container, but still keep the manual configuration to a bare minimum, so if the directory structure and naming convention is followed, everything should work, without even touching the config. If I use the DI container, do I then inject it into everything (the container would inject itself when creating a component), so that other components can use it? When do I register components with the DI? Can a component register other components with the DI during run-time? Do I create a 'common' config and use that? How do I then figure out on the fly which components I need and how they need to be set up? If Main uses Router which uses Request, Main then needs to use the container to get Module (or does the module need to be found and set beforehand? How?) Module uses Router but needs to figure out the settings for the ViewRenderer and the Controller on the fly, not in advance, so my DI container can't be setting those on the Module before the module figures out the controller and action... What if the controller needs some other service? Do I inject the container into every controller? If I start doing that, I might just inject it into everything... Basically I am looking for the best practices when dealing with stuff like this. I know what DI is and what DI containers do, but I am looking for guidance to using them in real life, and not some isolated examples on the net. Sorry for the lengthy post and many thanks in advance.

Read the article
Apache config that uses two document roots based on whether the requested resource exists in the first [closed]

- by mattalexx

Background I have a client site that consists of a CakePHP installation and a Magento installation: /web/example.com/ /web/example.com/app/ <== CakePHP /web/example.com/app/webroot/ <== DocumentRoot /web/example.com/app/webroot/store/ <== Magento /web/example.com/config/ <== Site-wide config /web/example.com/vendors/ <== Site-wide libraries The server runs Apache 2.2.3. The problem The whole company has FTP access and got used to clogging up the /web/example.com/, /web/example.com/app/webroot/, and /web/example.com/app/webroot/store/ directories with their own files. Sometimes these files need HTTP access and sometimes they don't. In any case, this mess makes my job harder when it comes to maintaining the site. Code merges, tarring the live code, etc, is very complicated and usually requires a bunch of filters. Abandoned solution At first, I thought I would set up a new subdomain on the same server, move all of their files there, and change their FTP chroot. But that wouldn't work for these reasons: Firstly, I have no idea (and neither do they remember) what marketing materials they've sent out that contain URLs to certain resources they've uploaded to the server, using the main domain, and also using abstract subdomains that use the main virtual host because it has ServerAlias *.example.com. So suddenly having them only use static.example.com isn't feasible. Secondly, The PHP scripts in their projects are potentially very non-portable. I want their files to stay in as similar an environment as they were built as I can. Also, I do not want to debug their code to make it portable. Half-baked solution After some thought, I decided to find a way to section off the actual website files into another directory that they would not touch. The company's uploaded files would stay where they were. This would ensure that I didn't break any of their projects that needed HTTP access. It would look something like this: /web/example.com/ <== A bunch of their files are in here /web/example.com/app/webroot/ <== 1st DocumentRoot; A bunch of their files are in here /web/example.com/app/webroot/store/ <== Some more are in here /web/example.com/site/ <== New dir; Contains only site files /web/example.com/site/app/ <== CakePHP /web/example.com/site/app/webroot/ <== 2nd DocumentRoot /web/example.com/site/app/webroot/store/ <== Magento /web/example.com/site/config/ <== Site-wide config /web/example.com/site/vendors/ <== Site-wide libraries After I made this change, I would not need to pay attention to anything except for the stuff within /web/example.com/site/ and my job would be a lot easier. I would be the only one changing stuff in there. So here's where the Apache magic would happen: I need an HTTP request to http://www.example.com/ to first use /web/example.com/app/webroot/ as the document root. If nothing is found (no miscellaneous uploaded company projects are found), try finding something within /web/example.com/site/app/webroot/. Another thing to keep in mind is, the site might have some problems if the $_SERVER['DOCUMENT_ROOT'] variable reads /web/example.com/app/webroot/ but the actual files are within /web/example.com/site/app/webroot/. It would be better if the DOCUMENT_ROOT environment variable could be /web/example.com/site/app/webroot/ for anything within the /web/example.com/site/app/webroot/ directory. Conclusion Is my half-baked solution possible with Apache 2.2.3? Is there a better way to solve this problem?

Read the article
why my code still cannot connect with database? [closed]

- by Wen Teng

package com.mems.travis; import java.util.ArrayList; import java.util.List; import org.apache.http.NameValuePair; import org.apache.http.message.BasicNameValuePair; import org.json.JSONObject; import android.app.Activity; import android.app.AlertDialog; import android.content.DialogInterface; import android.content.Intent; import android.os.AsyncTask; import android.os.Bundle; import android.util.Log; import android.view.View; import android.widget.Button; import android.widget.EditText; import android.widget.RadioButton; public class UserRegister extends Activity { JSONParser jsonParser = new JSONParser(); EditText inputName; EditText inputUsername; EditText inputEmail; EditText inputPassword; RadioButton button1; RadioButton button2; Button button3; int success = 0; // url to create new product private static String url_register_user = "http://192.168.1.100/MEMS/add_user.php"; // JSON Node names private static final String TAG_SUCCESS = "success"; @Override public void onCreate(Bundle savedInstanceState) { super.onCreate(savedInstanceState); setContentView(R.layout.activity_user_register); // Edit Text inputName = (EditText) findViewById(R.id.nameTextBox); inputUsername = (EditText) findViewById(R.id.usernameTextBox); inputEmail = (EditText) findViewById(R.id.emailTextBox); inputPassword = (EditText) findViewById(R.id.pwTextBox); // Create button //RadioButton button1 = (RadioButton) findViewById(R.id.studButton); // RadioButton button2 = (RadioButton) findViewById(R.id.shopownerButton); Button button3 = (Button) findViewById(R.id.regSubmitButton); // button click event button3.setOnClickListener(new View.OnClickListener() { public void onClick(View view) { String name = inputName.getText().toString(); String username = inputUsername.getText().toString(); String email = inputEmail.getText().toString(); String password = inputPassword.getText().toString(); if (name.contentEquals("")||username.contentEquals("")||email.contentEquals("")||password.contentEquals("")) { AlertDialog.Builder builder = new AlertDialog.Builder(UserRegister.this); // 2. Chain together various setter methods to set the dialog characteristics builder.setMessage(R.string.nullAlert) .setTitle(R.string.alertTitle); builder.setPositiveButton(R.string.ok, new DialogInterface.OnClickListener() { public void onClick(DialogInterface dialog, int id) { // User clicked OK button } }); // 3. Get the AlertDialog from create() AlertDialog dialog = builder.show(); } else { new RegisterNewUser().execute(); } } }); } class RegisterNewUser extends AsyncTask<String, String, String>{ protected String doInBackground(String... args) { String name = inputName.getText().toString(); String username = inputUsername.getText().toString(); String email = inputEmail.getText().toString(); String password = inputPassword.getText().toString(); // Building Parameters List<NameValuePair> params = new ArrayList<NameValuePair>(); params.add(new BasicNameValuePair("name", name)); params.add(new BasicNameValuePair("username", username)); params.add(new BasicNameValuePair("email", email)); params.add(new BasicNameValuePair("password", password)); // getting JSON Object // Note that create product url accepts POST method JSONObject json = jsonParser.makeHttpRequest(url_register_user, "GET", params); // check log cat for response Log.d("Send Notification", json.toString()); try { int success = json.getInt(TAG_SUCCESS); if (success == 1) { // successfully created product Intent i = new Intent(getApplicationContext(), StudentLogin.class); startActivity(i); finish(); } else { // failed to register } } catch (Exception e) { e.printStackTrace(); } return null; } } }

Read the article
i want to access mysql database table on given conditions in drop down menu [on hold]

- by user3909877

as the code below is accesing the database table directly but i want it to display the table content on giving conditions in drop down menu like when i select islamabad in one drop down menu and lahore in other as given in code and press search buttonn then it display the table flights.but it is displaying it directly <p class="h2">Quick Search</p> <div class="sb2_opts"> <p> </p> <form method="post" action=""> <p>Enter your source and destination.</p> <p> From:</p> <select name="from"> <option value="Islamabad">Islamabad</option> <option value="Lahore">Lahore</option> <option value="murree">Murree</option> <option value="Muzaffarabad">Muzaffarabad</option> </select> <p> To:</p> <select name="To"> <option value="Islamabad">Islamabad</option> <option value="Lahore">Lahore</option> <option value="murree">Murree</option> <option value="Muzaffarabad">Muzaffarabad</option> </select> <input type="submit" value="search" /> </form> </form> </table> <?php $from = isset($_POST['from'])?$_POST['from']:''; $to = isset($_POST['to'])?$_POST['to']:''; if( $from =='Islamabad'){ if($to == 'Lahore'){ $db_host = 'localhost'; $db_user = 'root'; $database = 'homedb'; $table = 'flights'; if (!mysql_connect($db_host, $db_user)) die("Can't connect to database"); if (!mysql_select_db($database)) die("Can't select database"); $result = mysql_query("SELECT * FROM {$table}"); if (!$result) { die("Query to show fields from table failed"); } $result = mysql_query("SELECT * FROM {$table}"); if (!$result) { die("Query to show fields from table failed"); } $fields_num = mysql_num_fields($result); echo "<h1>Table: {$table}</h1>"; echo "<table border='1'><tr>"; while($row = mysql_fetch_row($result)) { echo "<tr>"; // $row is array... foreach( .. ) puts every element // of $row to $cell variable foreach($row as $cell) echo "<td>$cell</td>"; echo "</tr>\n"; } } } mysqli_close($con); ?>

Read the article
How can I change the color of the text in my iFrame? [closed]

- by VinylScratch

I have code here: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html> <head> <title>Frag United Banlist</title> </head> <body> <h1>Tekkit Banlist</h1> <?php // change these things $server = "server-host"; $dbuser = "correct-user"; $dbpass = "correct-password"; $dbname = "correct-database"; mysql_connect($server, $dbuser, $dbpass); mysql_select_db($dbname); $result = mysql_query("SELECT * FROM banlist ORDER BY id DESC"); //This will display the most recent by id edit this query how you see fit. Limit, Order, ect. echo "<table width=100% border=1 cellpadding=3 cellspacing=0>"; echo "<tr style=\"font-weight:bold\"> <td>ID</td> <td>User</td> <td>Reason</td> <td>Admin/Mod</td> <td>Time</td> <td>Ban Length</td> </tr>"; while($row = mysql_fetch_assoc($result)){ if($col == "#eeeeee"){ $col = "#ffffff"; }else{ $col = "#eeeeee"; } echo "<tr bgcolor=$col>"; echo "<td>".$row['id']."</td>"; echo "<td>".$row['user']."</td>"; echo "<td>".$row['reason']."</td>"; echo "<td>".$row['admin']."</td>"; //Convert Epoch Time to Standard format $datetime = date("F j, Y, g:i a", $row['time']); echo "<td>$datetime</td>"; $dateconvert = date("F j, Y, g:i a", $row['length']); if($row['length'] == "0"){ echo "<td>None</td>"; }else{ echo "<td>$dateconvert</td>"; } echo "<td>".$row['id']."</td>"; echo "</tr>"; } echo"</table>" ?> </div> </body></html> And I am trying to make it so that when I put it in this iframe: <iframe src="http://bans.fragunited.net/" width="100%" length="100%"><p>Your browser does not support iframes.</p></iframe> But if you go to this page, fragunited.net/bans, (not bans.fragunited.net) the text is black and I want it to be white so you can actually see it. Sorry for the large amount of code, however I don't know where you have to put the code to change the color.

Read the article
How to access a PHP Web Service from ASP.Net?

- by Steve Johnson

I am trying use a web service in a C# ASP.Net Web Application. The service is built in php and is located on some remote server not under my control so i cant modify it to add meta data or something else into it. When i use the "Add Web Reference" option in Visual Studio 2008, I receive the following error: The HTML document does not contain Web service discovery information. while trying to add the following web service. https://subreg.forpsi.com/robot2/subreg_command.php?wsdl The web service functions are exposed and displayed in Visual Studio 2008. however i could not add the reference to it for use in ASP.Net Application. t3Service" Description Methods __construct ( ) create_contact ( ) get_contact ( ) get_domain_info ( ) get_last_error_code ( ) get_last_error_msg ( ) get_NSSET ( ) get_owner_mail ( ) login ( ) register_domain ( ) register_domain_with_admin_contacts ( ) renew_domain ( ) request_sendmail ( ) send_auth_info ( ) transfer_domain ( ) I also tried the wsdl.exe method by retrieving the xml and copying it to a wsdl file and generating a proxy class. But the wsdl output contains warnings and the proxy class generated skips the exposed fucntions and generates something like this: // CODEGEN: The operation binding 'create_contact' from namespace 'urn:t3' was ignored. Each message part in an use=encoded message must specify a type. // CODEGEN: The operation binding 'get_contact' from namespace 'urn:t3' was ignored. Each message part in an use=encoded message must specify a type. // CODEGEN: The operation binding 'get_domain_info' from namespace 'urn:t3' was ignored. Each message part in an use=encoded message must specify a type. // CODEGEN: The operation binding 'get_last_error_code' from namespace 'urn:t3' was ignored. Each message part in an use=encoded message must specify a type. // CODEGEN: The operation binding 'get_last_error_msg' from namespace 'urn:t3' was ignored. Each message part in an use=encoded message must specify a type. // CODEGEN: The operation binding 'get_NSSET' from namespace 'urn:t3' was ignored. Each message part in an use=encoded message must specify a type. // CODEGEN: The operation binding 'get_owner_mail' from namespace 'urn:t3' was ignored. Each message part in an use=encoded message must specify a type. // CODEGEN: The operation binding 'send_auth_info' from namespace 'urn:t3' was ignored. Each message part in an use=encoded message must specify a type. // CODEGEN: The operation binding 'transfer_domain' from namespace 'urn:t3' was ignored. Each message part in an use=encoded message must specify a type. // CODEGEN: The operation binding 'request_sendmail' from namespace 'urn:t3' was ignored. Each message part in an use=encoded message must specify a type. // CODEGEN: The operation binding 'login' from namespace 'urn:t3' was ignored. Each message part in an use=encoded message must specify a type. // CODEGEN: The operation binding 'register_domain' from namespace 'urn:t3' was ignored. Each message part in an use=encoded message must specify a type. // CODEGEN: The operation binding 'register_domain_with_admin_contacts' from namespace 'urn:t3' was ignored. Each message part in an use=encoded message must specify a type. // CODEGEN: The operation binding 'renew_domain' from namespace 'urn:t3' was ignored. Each message part in an use=encoded message must specify a type. Any help in this regard will be highly appreciated. Regards

Read the article
sending a $_SESSION array to my class and attempting to get the value fro it in a for loop .php

- by eoin

i have a class which in which iam using a method to get information from a session array via a for loop the 2 for loops in each method are used 1.to count total amount of items , and 2. to add up the total price but neither seem to be returning anything. im using the total amount to check it against the mc_gross posted value from an IPN and if the values are equal i plan to commit the sale to a database as it has been verified. for the method where im looking to get the total price im getting 0.00 returned to me. i think ive got the syntax wrong here somehow here is my class for purchase the two methods iam having trouble with are the gettotalcost() and gettotalitems() shown below is my class. <?php class purchase { private $itemnames; // from session array private $amountofitems; // from session array private $itemcost; //session array private $saleid; //posted transaction id value to be used in sale and sale item tables private $orderdate; //get current date time to be entered as datetime in sale table private $lastname; //posted from ipn private $firstname; //posted from ipn private $emailadd; //uses sessionarray value public function __construct($saleid,$firstname,$lastname) { $this->itemnames = $_SESSION['itemnames']; $this->amountofitems =$_SESSION['quantity']; $this->itemcost =$_SESSION['price']; $this->saleid = $saleid; $this->firstname = $firstname; $this->lastname = $lastname; $this->emailadd = $SESSION['username']; mail($myemail, "session vardump ", echo var_dump($_SESSION), "From: [email protected]" ); mail($myemail, "session vardump ",count($_SESSION['itemnames']) , "From: [email protected]" ); } public function commit() { $databaseinst = database::getinstance(); $databaseinst->connect(); $numrows = $databaseinst->querydb($query); //to be completed } public function gettotalitems() { $numitems; $i; for($i=0; $i < count($this->amountofitems);$i++) { $numitems += (int) $this->amountofitems[$i]; } return $numitems; } public function gettotalcost() { $totalcost; $i; for($i=0; $i < count($this->amountofitems);$i++) { $numitems = (int) $this->amountofitems[$i]; $costofitem =doubleval($this->itemcost [$i]); $totalcost += $numitems * $costofitem; } return $totalcost; } } ?> and here is where i create an instance of the class and attempt to use it. include("purchase.php"); $purchase = new purchase($_POST['txn_id'],$_POST['first_name'],$_POST['last_name']); $fullamount = $purchase->gettotalcost(); $fullAmount = number_format($fullAmount, 2); $grossAmount = $_POST['mc_gross']; if ($fullAmount != $grossAmount) { $message = "Possible Price Jack attempt! the amount the customer payed is : " . $grossAmount . " which is not equal to the full amount. the price of the products combined is " . $fullAmount. " the transaction number for which is " . $_POST['txn_id'] . "\n\n\n$req"; mail("XXXXXXXXXXXX", "Price Jack attempt ", $message, "From: [email protected]" ); exit(); // exit } thanks for the help in advance! ive also added these lines to my constructor. the mail returns that there is nothing in the vardump uh oh! mail($myemailaddress, "session vardump ", var_dump($_SESSION), "From: [email protected]" ); also added session_start(); at the top of the constructor and it dont work! help

Read the article
PHP Image resize - Why is the image uploaded but not resized?

- by Hans

BACKGROUND I have a script to upload an image. One to keep the original image and one to resize the image. 1. If the image dimensions (width & height) are within max dimensions I use a simple "copy" direct to folder UserPics. 2. If the original dimensions are bigger than max dimensions I want to resize the width and height to be within max. Both of them are uploading the image to the folder, but in case 2, the image will not be resized. QUESTION Is there something wrong with the script? Is there something wrong with the settings? SETTINGS Server: WAMP 2.0 PHP: 5.3.0 PHP.ini: GD2 enabled, Memory=128M (have tried 1000M) Tried imagetypes uploaded: jpg, jpeg, gif, and png (same result for all of them) SCRIPT //Uploaded image $filename = stripslashes($_FILES['file']['name']); //Read filetype $i = strrpos($filename,"."); if (!$i) { return ""; } $l = strlen($filename) - $i; $extension = substr($filename,$i+1,$l); $extension = strtolower($extension); //New picture name = maxid+1 (from database) $query = mysql_query("SELECT MAX(PicId) AS number FROM userpictures"); $row = mysql_fetch_array($query); $imagenumber = $row['number']+1; //New name of image (including path) $image_name=$imagenumber.'.'.$extension; $newname = "UserPics/".$image_name; //Check width and height of uploaded image list($width,$height)=getimagesize($uploadedfile); //Check memory to hold this image (added only as checkup) $imageInfo = getimagesize($uploadedfile); $requiredMemoryMB = ( $imageInfo[0] * $imageInfo[1] * ($imageInfo['bits'] / 8) * $imageInfo['channels'] * 2.5 ) / 1024; echo $requiredMemoryMB."<br>"; //Max dimensions that can be uploaded $maxwidth = 20; $maxheight = 20; // Check if dimensions shall be original if ($width > $maxwidth || $height > $maxheight) { //Make jpeg from uploaded image if ($extension=="jpg" || $extension=="jpeg" || $extension=="pjpeg" ) { $modifiedimage = imagecreatefromjpeg($uploadedfile); } elseif ($extension=="png") { $modifiedimage = imagecreatefrompng($uploadedfile); } elseif ($extension=="gif") { $modifiedimage = imagecreatefromgif($uploadedfile); } //Change dimensions if ($width > $height) { $newwidth = $maxwidth; $newheight = ($height/$width)*$newwidth; } else { $newheight = $maxheight; $newwidth = ($width/$height)*$newheight; } //Create new image with new dimensions $newdim = imagecreatetruecolor($newwidth,$newheight); imagecopyresized($newdim,$modifiedimage,0,0,0,0,$newwidth,$newheight,$width,$height); imagejpeg($modifiedimage,$newname,60); // Remove temp images imagedestroy($modifiedimage); imagedestroy($newdim); } else { // Just add picture to folder without resize (if org dim < max dim) $newwidth = $width; $newheight = $height; $copied = copy($_FILES['file']['tmp_name'], $newname); } //Add image information to the MySQL database mysql_query("SET character_set_connection=utf8", $dbh); mysql_query("INSERT INTO userpictures (PicId, Picext, UserId, Width, Height, Size) VALUES('$imagenumber', '$extension', '$_SESSION[userid]', '$newwidth', '$newheight', $size)")

Read the article
Faulty to use memcache together with a php web-browser-game in this way?

- by Crowye

Background We are currently working on a strategy web-browser game based on php, html and javascript. The plan is to have 10,000+ users playing within the same world. Currently we are using memcached to: store json static data, language files store changeable serialized php class objects (such as armies, inventorys, unit-containers, buildings, etc) In the back we have a mysql server running and holding all the game data aswell. When a object is loaded through our ObjectLoader it loads in this order: checks a static hashmap in the script for the object checks memcache if it has already been loaded into it otherwise loads from database, and saves it into memcache and the static temp hashmap We have built the whole game using a class-object-oriented approach where functionality is always made between objects. Beause of this we think we have managed to get a nice structure, and with the help of memcached we have received good request times from client-server when interacting with the game. I'm aware that memcache is not synchronized, and also is not commonly used for holding a full game in memory. In the beginning after a server's startup the load times when loading objects into memcache for the first time will be high, but after the server's been online for a while and most loads are from memcache, the loads will be well reduced. Currently we are saving changed objects into memcache and database at the same time. Earlier we had an idea to save objects into db only after a certain time or at intervals, but due to risk inconsistency if the memcache/server went down, we skipped it for now. Client requests to server often return object's status simple json-format without changing the object, which in turn is represented in the browser visually with images and javascript. But from time to time depending on when an object was last updated, it updates them with new information (e.g. a build-queue holding planned buildings time-progress is increased, and/or planned-queue-items-array has changed). Questions: Do you see how this could work or are we walking in blindness here? Do you expect us to have a lot of inconsistency issues if someone loads and updates the a memcache objects while someone else does the same? Is it even doable to do it in the way he have done it? Seems to be working fine atm, but so far we have only been 4 people online at the same time.. Is some other cache program more fit for this class-object approach than memcached? Is there any other tips you have for this situation? UPDATE Since it is simply a "normal webpage" (no applet, flash, etc), we are implementing the game so that the server is the only one holding a "real game-state".. the state of the different javascript-objects on the client is more like a approximative version of the server's game state. From time to time and before you do certain things important things, the client's visual state is updated to the server's state (e.g. the client things he can afford a barracks, asks the server to build a barracks, server updates current resources according to income-data on server and then tries to build a barracks or casts an error-message, and then sends the current server-state on resources, buildings back to the client).. It is not a fast-paced game lika real strategy game. More like a quite slow 3-4 months playtime game, where buildings can take +1 minute up to several days to complete.

Read the article
How can I return an object into PHP userspace from my extension?

- by John Factorial

I have a C++ object, Graph, which contains a property named cat of type Category. I'm exposing the Graph object to PHP in an extension I'm writing in C++. As long as the Graph's methods return primitives like boolean or long, I can use the Zend RETURN_*() macros (e.g. RETURN_TRUE(); or RETURN_LONG(123);. But how can I make Graph-getCategory(); return a Category object for the PHP code to manipulate? I'm following the tutorial over at http://devzone.zend.com/article/4486, and here's the Graph code I have so far: #include "php_getgraph.h" zend_object_handlers graph_object_handlers; struct graph_object { zend_object std; Graph *graph; }; zend_class_entry *graph_ce; #define PHP_CLASSNAME "WFGraph" ZEND_BEGIN_ARG_INFO_EX(php_graph_one_arg, 0, 0, 1) ZEND_END_ARG_INFO() ZEND_BEGIN_ARG_INFO_EX(php_graph_two_args, 0, 0, 2) ZEND_END_ARG_INFO() void graph_free_storage(void *object TSRMLS_DC) { graph_object *obj = (graph_object*)object; delete obj-graph; zend_hash_destroy(obj-std.properties); FREE_HASHTABLE(obj-std.properties); efree(obj); } zend_object_value graph_create_handler(zend_class_entry *type TSRMLS_DC) { zval *tmp; zend_object_value retval; graph_object *obj = (graph_object*)emalloc(sizeof(graph_object)); memset(obj, 0, sizeof(graph_object)); obj-std.ce = type; ALLOC_HASHTABLE(obj-std.properties); zend_hash_init(obj-std.properties, 0, NULL, ZVAL_PTR_DTOR, 0); zend_hash_copy(obj-std.properties, &type-default_properties, (copy_ctor_func_t)zval_add_ref, (void*)&tmp, sizeof(zval*)); retval.handle = zend_objects_store_put(obj, NULL, graph_free_storage, NULL TSRMLS_CC); retval.handlers = &graph_object_handlers; return retval; } PHP_METHOD(Graph, __construct) { char *perspectives; int perspectives_len; Graph *graph = NULL; zval *object = getThis(); if(zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s", &perspectives, &perspectives_len) == FAILURE) { RETURN_NULL(); } graph = new Graph(perspectives); graph_object *obj = (graph_object*)zend_object_store_get_object(object TSRMLS_CC); obj-graph = graph; } PHP_METHOD(Graph, hasCategory) { long perspectiveId; Graph *graph; graph_object *obj = (graph_object*)zend_object_store_get_object(getThis() TSRMLS_CC); graph = obj-graph; if (graph == NULL) { RETURN_NULL(); } if(zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "l", &perspectiveId) == FAILURE) { RETURN_NULL(); } RETURN_BOOL(graph-hasCategory(perspectiveId)); } PHP_METHOD(Graph, getCategory) { // what to do here? RETURN_TRUE; } function_entry php_getgraph_functions[] = { PHP_ME(Graph,__construct,NULL,ZEND_ACC_PUBLIC|ZEND_ACC_CTOR) PHP_ME(Graph,hasCategory,php_graph_one_arg,ZEND_ACC_PUBLIC) PHP_ME(Graph,getCategory,php_graph_one_arg,ZEND_ACC_PUBLIC) { NULL, NULL, NULL } }; PHP_MINIT_FUNCTION(getgraph) { zend_class_entry ce; INIT_CLASS_ENTRY(ce, PHP_CLASSNAME, php_getgraph_functions); graph_ce = zend_register_internal_class(&ce TSRMLS_CC); graph_ce-create_object = graph_create_handler; memcpy(&graph_object_handlers, zend_get_std_object_handlers(), sizeof(zend_object_handlers)); graph_object_handlers.clone_obj = NULL; return SUCCESS; } zend_module_entry getgraph_module_entry = { #if ZEND_MODULE_API_NO = 20010901 STANDARD_MODULE_HEADER, #endif PHP_GETGRAPH_EXTNAME, NULL, /* Functions */ PHP_MINIT(getgraph), NULL, /* MSHUTDOWN */ NULL, /* RINIT */ NULL, /* RSHUTDOWN */ NULL, /* MINFO */ #if ZEND_MODULE_API_NO = 20010901 PHP_GETGRAPH_EXTVER, #endif STANDARD_MODULE_PROPERTIES }; #ifdef COMPILE_DL_GETGRAPH extern "C" { ZEND_GET_MODULE(getgraph) } #endif

Read the article
how to validate all but not single pair of input box in jQuery

- by I Like PHP

i have a form which have 45 input boxes, i applied jquery validation for all input boxes , but there is two pair of input boxes which have either oneof them should be filled up, not both. so how do i change jquery so that if anyone fill up first pair then jquery does not check second pair of input box and if any one is fill up second pair then not check for fisrt one's and also i have used radio box for showing one pair at a time i show code below: jQuery Code <script type="text/javascript"> $j=jQuery.noConflict(); $j(document).ready(function() { function validate() { return $j("input:text,textarea,select,radio").removeClass('rdb').filter(function() { return !/\S+/.test($j(this).val()); }).addClass('rdb').size() == 0; } $j('#myForm').submit(validate); $j(":input:text,textarea,select").blur(function() { if(this.value.length > 0) { $j(this).removeClass('rdb'); } }); $j("input:radio").click(function(){ if($j(this).val()=='o'){ $j("#rcpt").css("display","none"); $j("#notRcpt").css("display","inline"); } if($j(this).val()=='r'){ $j("#notRcpt").css("display","none"); $j("#rcpt").css("display","inline"); } }); }); </script> PHP Code <form name="myForm" action="somepage.php" method="post" id="myForm"> <table width="100%" border="0" cellspacing="4" cellpadding="0"> <tr> <td class="boxtitle">Delivery Pick up Station/Place</td> <tr> <td style="font:bold 11px verdana;"> <input type="radio" name="receipt" value="r" >Receipt <input type="radio" name="receipt" value="o" >Other </td> </tr> <tr> <td> <table width="100%" border="0" cellspacing="3" cellpadding="0"> <tr id="rcpt" style="display:none"> <td width="12%" align="left">Receipt:</td> <td width="30%" align="left"<input type="text" name="deliveryNo" id="deliveryNo" /></td> <td width="25%" align="right">Pick up Date:</td> <td width="35%" align="left"><input name="deliveryDate" type="text" id="deliveryDate" /></td> </tr> <tr id="notRcpt" style="display:none"> <td>Other:</td> <td><input name="deliveryNo" type="text" id="deliveryNo" /></td> <td align="right">Pick up Date:</td> <td><input name="otherDeliveryDate" type="text" id="otherDeliveryDate" /></td> </tr> </table> </td> </tr> </table> </form>

Read the article
MCV PHP Am I doing the Model right? [closed]

- by Kosmo

I'm trying to create a basic website using MVC in PHP to learn MVC. Its eventually going to be some sort of social networking website but right now I am trying to create a object that can create, delete, update members. What I've done so far for the Model is in the code below, I figure my Controller will take user input and build the array of data that are then passed to this Model. Am I designing this correctly? Should the Controller be the one building the Arrays? <?php class Connection { private $server; private $database; private $user; private $password; private $conn; function __construct($server, $database, $user, $password) { $this->server = $server; $this->database = $database; $this->user = $user; $this->password = $password; } function connect() { $this->conn = mysql_connect($this->server, $this->user, $this->password) or die(mysql_error()); if (!(mysql_select_db($this->database))) { throw new Exception("Could not connect to database!"); } } function deleteMember($memberId) { $queryString = "DELETE FROM Members WHERE MemberId=" . $memberId . ';'; if (!mysql_query($queryString)) { throw new Exception("Failed Deleting Member!"); } } function insertMember($columns) { $queryString = 'INSERT INTO Members'; $keys = '('; $values = '('; $count = 0; foreach($columns as $key => $value) { $keys .= $key; $values .= $value; if (!(++$count == count($columns))) { $keys .= ','; $values .= ','; } } $queryString .= $keys . ')' . ' VALUES ' . $values . ');'; if (!mysql_query($queryString, $this->conn)) { throw new Exception('Failed Inserting Member!'); } else { return mysql_insert_id(); } } function updateMember($memberId, $columns) { $queryString = 'UPDATE Members SET '; $count = 0; foreach($columns as $key => $value) { $queryString .= $key . '=' . $value; if (!(++$count == count($columns))) { $queryString .= ', '; } } $queryString .= ' WHERE MemberId=' . $memberId . ';'; if (!mysql_query($queryString)) { throw new Exception('Failed Updating Member'); } } function getMembers() { $queryString = "SELECT * FROM Members;"; $result = mysql_query($queryString); $memberArray = array(); $count = 0; while ($row = mysql_fetch_array($result)) { $memberArray[$count++] = "Member ID: " . $row['MemberId'] . " Name: " . $row['MemberName'] . " Email: " . $row['MemberEmail']; } return $memberArray; } function disconnect() { mysql_close($this->conn); } }

Read the article
Security in shared hosting vs VPS 'virtual appliances'

- by Pedro Loureiro

I have to change my hosting provider. Right now I have a shared hosting account but I'm considering trying the LAMP stack appliance from turnkeylinux.org. I'm very comfortable with using linux, I've been using it for a long time. I have no problem ssh'ing into remote machines and do whatever I have to do (coding, reading logs, moving files, deploying, etc). The problem is that none of those tasks have involved securing the server/firewall. My experience has been as a desktop user or developer deploying apps/files in remote servers. Ignoring the security in the application logic (read: any scripts, frameworks, websites I might have created or installed) - I'm worried about things like base configuration of deamons, firewall, ports, executable scripts being readable from the outside and whatnot. My question is: how do you compare the (expected) out of the box security of the LAMP stack from turnkey and the (expected) security of a "regular" shared hosting provider? I was hoping to find some guides with a list of steps to do to protect my server but the only documentation I found was simply referring to ubuntu's documentation.

Read the article
Win 2008 R2 terminal server and redirected printer queue security

- by Ian

I have a case where I need a non-priv account to be able to make a modification to the redirected printer. I know, its not advisable but we're not giving them access - changes will be made in code. So, following the docs (http://technet.microsoft.com/en-us/library/ee524015(WS.10).aspx) I modified the default security for new printer queues. This doesnt work though as windows doesn't seem to assign the privs you configure in the printer admin tool to redirected printer queues. As I test I added a non-priv test user to the default security tab in the printer admin tool (control panel - admin tools - printer admin. I assigned it all privs (its a test) and logged the user into the terminal server. The redirected printers duely appeared as usual. However if I open the printer properties - security tab, the user appears in the list of accounts/groups but the options I selected (all privs) are not set. Instead the user special privs box is marked and when I click on 'advanced options' and view them, there is nothing marked. So, something is clearing these options.... the question is, why and how can I convince it not to? Ian

Read the article
(Some) security perms in WinXP corrupted (shows GUID instead of username)

- by Andy

I've been using my Win XP machine (part of a domain) over the holiday period, so until yesterday it hadn't rebooted for about five days. I used it yesterday perfectly fine and shut it down. When I switched it on this morning the majority (but not all) of my shortcut links in the Quick Launch toolbar showed as generic file icons. If you open the folder and get properties on one of the failing shortcuts it says ''Target type: This is not a valid shortcut''. Then in Outlook I noticed my signature wasn't showing (I checked my sent folder and the sig was ok yesterday). Checking the signature folder, I can't see the security tab on any of the sig files, and I have an access denied message on trying to open them. I can see the security tab on the signature folder itself, just none of the contents. If I try and use the parent folder's security tab and ''Replace permission entries on all child objects with entries shown here that apply to child objects'' it appears to work fine, but makes no actual difference. I logged in as administrator and saw that the owner of the files showed up as a GUID (clearly should've been my account in its place). Any ideas what might have made that happen? So far I haven't heard any similar complaints from anyone else at the office...

Read the article
Using Oracle Proxy Authentication with JPA (eclipselink-Style)

- by olaf.heimburger

Security is a very intriguing topic. You will find it everywhere and you need to implement it everywhere. Yes, you need. Unfortunately, one can easily forget it while implementing the last mile. The Last Mile In a multi-tier application it is a common practice to use connection pools between the business layer and the database layer. Connection pools are quite useful to speed database connection creation and to split the load. Another very common practice is to use a specific, often called technical, user to connect to the database. This user has authentication and authorization rules that apply to all application users. Imagine you've put every effort to define roles for different types of users that use your application. These roles are necessary to differentiate between normal users, premium users, and administrators (I bet you will find or already have more roles in your application). While these user roles are pretty well used within your application, once the flow of execution enters the database everything is gone. Each and every user just has one role and is the same database user. Issues? What Issues? As long as things go well, this is not a real issue. However, things do not go well all the time. Once your application becomes famous performance decreases in certain situations or, more importantly, current and upcoming regulations and laws require that your application must be able to apply different security measures on a per user role basis at every stage of your application. If you only have a bunch of users with the same name and role you are not able to find the application usage profile that causes the performance issue, or which user has accessed data that he/she is not allowed to. Another thread to your role concept is that databases tend to be used by different applications and tools. These tools can be developer tools like SQL*Plus, SQL Developer, etc. or end user applications like BI Publisher, Oracle Forms and so on. These tools have no idea of your applications role concept and access the database the way they think is appropriate. A big oversight for your perfect role model and a big nightmare for your Chief Security Officer. Speaking of the CSO, brings up another issue: Password management. Once your technical user account is compromised, every user is able to do things that he/she is not expected to do from the design of your application. Counter Measures In the Oracle world a common counter measure is to use Virtual Private Database (VPD). This restricts the values a database user can see to the allowed minimum. However, it doesn't help in regard of a connection pool user, because this one is still not the real user. Oracle Proxy Authentication Another feature of the Oracle database is Proxy Authentication. First introduced with version 9i it is a quite useful feature for nearly every situation. The main idea behind Proxy Authentication is, to create a crippled database user who has only connect rights. Even if this user is compromised the risks are well understood and fairly limited. This user can be used in every situation in which you need to connect to the database, no matter which tool or application (see above) you use.The proxy user is perfect for multi-tier connection pools. CREATE USER app_user IDENTIFIED BY abcd1234; GRANT CREATE SESSION TO app_user; But what if you need to access real data? Well, this is the primary use case, isn't it? Now is the time to bring the application's role concept into play. You define database roles that define the grants for your identified user groups. Once you have these groups you grant access through the proxy user with the application role to the specific user. CREATE ROLE app_role_a; GRANT app_role_a TO scott; ALTER USER scott GRANT CONNECT THROUGH app_user WITH ROLE app_role_a; Now, hr has permission to connect to the database through the proxy user. Through the role you can restrict the hr's rights the are needed for the application only. If hr connects to the database directly all assigned role and permissions apply. Testing the Setup To test the setup you can use SQL*Plus and connect to your database: $ sqlplus app_user[hr]/abcd1234 Java Persistence API The Java Persistence API (JPA) is a fairly easy means to build applications that retrieve data from the database and put it into Java objects. You use plain old Java objects (POJOs) and mixin some Java annotations that define how the attributes of the object are used for storing data from the database into the Java object. Here is a sample for objects from the HR sample schema EMPLOYEES table. When using Java annotations you only specify what can not be deduced from the code. If your Java class name is Employee but the table name is EMPLOYEES, you need to specify the table name, otherwise it will fail. package demo.proxy.ejb; import java.io.Serializable; import java.sql.Timestamp; import java.util.List; import javax.persistence.Column; import javax.persistence.Entity; import javax.persistence.Id; import javax.persistence.JoinColumn; import javax.persistence.ManyToOne; import javax.persistence.NamedQueries; import javax.persistence.NamedQuery; import javax.persistence.OneToMany; import javax.persistence.Table; @Entity @NamedQueries({ @NamedQuery(name = "Employee.findAll", query = "select o from Employee o") }) @Table(name = "EMPLOYEES") public class Employee implements Serializable { @Column(name="COMMISSION_PCT") private Double commissionPct; @Column(name="DEPARTMENT_ID") private Long departmentId; @Column(nullable = false, unique = true, length = 25) private String email; @Id @Column(name="EMPLOYEE_ID", nullable = false) private Long employeeId; @Column(name="FIRST_NAME", length = 20) private String firstName; @Column(name="HIRE_DATE", nullable = false) private Timestamp hireDate; @Column(name="JOB_ID", nullable = false, length = 10) private String jobId; @Column(name="LAST_NAME", nullable = false, length = 25) private String lastName; @Column(name="PHONE_NUMBER", length = 20) private String phoneNumber; private Double salary; @ManyToOne @JoinColumn(name = "MANAGER_ID") private Employee employee; @OneToMany(mappedBy = "employee") private List employeeList; public Employee() { } public Employee(Double commissionPct, Long departmentId, String email, Long employeeId, String firstName, Timestamp hireDate, String jobId, String lastName, Employee employee, String phoneNumber, Double salary) { this.commissionPct = commissionPct; this.departmentId = departmentId; this.email = email; this.employeeId = employeeId; this.firstName = firstName; this.hireDate = hireDate; this.jobId = jobId; this.lastName = lastName; this.employee = employee; this.phoneNumber = phoneNumber; this.salary = salary; } public Double getCommissionPct() { return commissionPct; } public void setCommissionPct(Double commissionPct) { this.commissionPct = commissionPct; } public Long getDepartmentId() { return departmentId; } public void setDepartmentId(Long departmentId) { this.departmentId = departmentId; } public String getEmail() { return email; } public void setEmail(String email) { this.email = email; } public Long getEmployeeId() { return employeeId; } public void setEmployeeId(Long employeeId) { this.employeeId = employeeId; } public String getFirstName() { return firstName; } public void setFirstName(String firstName) { this.firstName = firstName; } public Timestamp getHireDate() { return hireDate; } public void setHireDate(Timestamp hireDate) { this.hireDate = hireDate; } public String getJobId() { return jobId; } public void setJobId(String jobId) { this.jobId = jobId; } public String getLastName() { return lastName; } public void setLastName(String lastName) { this.lastName = lastName; } public String getPhoneNumber() { return phoneNumber; } public void setPhoneNumber(String phoneNumber) { this.phoneNumber = phoneNumber; } public Double getSalary() { return salary; } public void setSalary(Double salary) { this.salary = salary; } public Employee getEmployee() { return employee; } public void setEmployee(Employee employee) { this.employee = employee; } public List getEmployeeList() { return employeeList; } public void setEmployeeList(List employeeList) { this.employeeList = employeeList; } public Employee addEmployee(Employee employee) { getEmployeeList().add(employee); employee.setEmployee(this); return employee; } public Employee removeEmployee(Employee employee) { getEmployeeList().remove(employee); employee.setEmployee(null); return employee; } } JPA could be used in standalone applications and Java EE containers. In both worlds you normally create a Facade to retrieve or store the values of the Entities to or from the database. The Facade does this via an EntityManager which will be injected by the Java EE container. Here is sample Facade Session Bean for a Java EE container. package demo.proxy.ejb; import java.util.HashMap; import java.util.List; import javax.ejb.Local; import javax.ejb.Remote; import javax.ejb.Stateless; import javax.persistence.EntityManager; import javax.persistence.PersistenceContext; import javax.persistence.Query; import javax.interceptor.AroundInvoke; import javax.interceptor.InvocationContext; import oracle.jdbc.driver.OracleConnection; import org.eclipse.persistence.config.EntityManagerProperties; import org.eclipse.persistence.internal.jpa.EntityManagerImpl; @Stateless(name = "DataFacade", mappedName = "ProxyUser-TestEJB-DataFacade") @Remote @Local public class DataFacadeBean implements DataFacade, DataFacadeLocal { @PersistenceContext(unitName = "TestEJB") private EntityManager em; private String username; public Object queryByRange(String jpqlStmt, int firstResult, int maxResults) { // setSessionUser(); Query query = em.createQuery(jpqlStmt); if (firstResult 0) { query = query.setFirstResult(firstResult); } if (maxResults 0) { query = query.setMaxResults(maxResults); } return query.getResultList(); } public Employee persistEmployee(Employee employee) { // setSessionUser(); em.persist(employee); return employee; } public Employee mergeEmployee(Employee employee) { // setSessionUser(); return em.merge(employee); } public void removeEmployee(Employee employee) { // setSessionUser(); employee = em.find(Employee.class, employee.getEmployeeId()); em.remove(employee); } /** select o from Employee o */ public List getEmployeeFindAll() { Query q = em.createNamedQuery("Employee.findAll"); return q.getResultList(); } Putting Both Together To use Proxy Authentication with JPA and within a Java EE container you have to take care of the additional requirements: Use an OCI JDBC driver Provide the user name that connects through the proxy user Use an OCI JDBC driver To use the OCI JDBC driver you need to set up your JDBC data source file to use the correct JDBC URL. hr jdbc:oracle:oci8:@(DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=localhost)(PORT=1521))(CONNECT_DATA=(SID=XE))) oracle.jdbc.OracleDriver user app_user 62C32F70E98297522AD97E15439FAC0E SQL SELECT 1 FROM DUAL jdbc/hrDS Application Additionally you need to make sure that the version of the shared libraries of the OCI driver match the version of the JDBC driver in your Java EE container or Java application and are within your PATH (on Windows) or LD_LIBRARY_PATH (on most Unix-based systems). Installing the Oracle Database Instance Client software works perfectly. Provide the user name that connects through the proxy user This part needs some modification of your application software and session facade. Session Facade Changes In the Session Facade we must ensure that every call that goes through the EntityManager must be prepared correctly and uniquely assigned to this session. The second is really important, as the EntityManager works with a connection pool and can not guarantee that we set the proxy user on the connection that will be used for the database activities. To avoid changing every method call of the Session Facade we provide a method to set the username of the user that connects through the proxy user. This method needs to be called by the Facade client bfore doing anything else. public void setUsername(String name) { username = name; } Next we provide a means to instruct the TopLink EntityManager Delegate to use Oracle Proxy Authentication. (I love small helper methods to hide the nitty-gritty details and avoid repeating myself.) private void setSessionUser() { setSessionUser(username); } private void setSessionUser(String user) { if (user != null && !user.isEmpty()) { EntityManagerImpl emDelegate = ((EntityManagerImpl)em.getDelegate()); emDelegate.setProperty(EntityManagerProperties.ORACLE_PROXY_TYPE, OracleConnection.PROXYTYPE_USER_NAME); emDelegate.setProperty(OracleConnection.PROXY_USER_NAME, user); emDelegate.setProperty(EntityManagerProperties.EXCLUSIVE_CONNECTION_MODE, "Always"); } } The final step is use the EJB 3.0 AroundInvoke interceptor. This interceptor will be called around every method invocation. We therefore check whether the Facade methods will be called or not. If so, we set the user for proxy authentication and the normal method flow continues. @AroundInvoke public Object proxyInterceptor(InvocationContext invocationCtx) throws Exception { if (invocationCtx.getTarget() instanceof DataFacadeBean) { setSessionUser(); } return invocationCtx.proceed(); } Benefits Using Oracle Proxy Authentification has a number of additional benefits appart from implementing the role model of your application: Fine grained access control for temporary users of the account, without compromising the original password. Enabling database auditing and logging. Better identification of performance bottlenecks. References Effective Oracle Database 10g Security by Design, David Knox TopLink Developer's Guide, Chapter 98

Read the article
Can't Install php5-msql

- by user210445

Hello friends I'm finishing the process of installing Apache/Php/mysql installations but this shows up: # sudo apt-get install mysql-server php5-msql Reading package lists... Done Building dependency tree Reading state information... Done E: Unable to locate package php5-msql After some adjustments this happened: angel@Voix:~$ sudo apt-get install mysql-server php5-mysql Reading package lists... Done Building dependency tree Reading state information... Done mysql-server is already the newest version. php5-mysql is already the newest version. The following packages were automatically installed and are no longer required: gir1.2-ubuntuoneui-3.0 libubuntuoneui-3.0-1 thunderbird-globalmenu Use 'apt-get autoremove' to remove them. The following extra packages will be installed: mysql-server-5.5 Suggested packages: tinyca mailx The following packages will be upgraded: mysql-server-5.5 1 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 4 not fully installed or removed. Need to get 0 B/8,827 kB of archives. After this operation, 32.7 MB of additional disk space will be used. Do you want to continue [Y/n]? debconf: DbDriver "config": /var/cache/debconf/config.dat is locked by another process: Resource temporarily unavailable (Reading database ... dpkg: warning: files list file for package `mysql-server-5.5' missing, assuming package has no files currently installed. (Reading database ... 172971 files and directories currently installed.) Preparing to replace mysql-server-5.5 5.5.34-0ubuntu0.12.04.1 (using .../mysql-server-5.5_5.5.34-0ubuntu0.12.04.1_amd64.deb) ... debconf: DbDriver "config": /var/cache/debconf/config.dat is locked by another process: Resource temporarily unavailable dpkg: error processing /var/cache/apt/archives/mysql-server-5.5_5.5.34-0ubuntu0.12.04.1_amd64.deb (--unpack): subprocess new pre-installation script returned error exit status 1 debconf: DbDriver "config": /var/cache/debconf/config.dat is locked by another process: Resource temporarily unavailable dpkg: error while cleaning up: subprocess new post-removal script returned error exit status 1 Errors were encountered while processing: /var/cache/apt/archives/mysql-server-5.5_5.5.34-0ubuntu0.12.04.1_amd64.deb E: Sub-process /usr/bin/dpkg returned an error code (1) angel@Voix:~$ sudo apt-get install mysql-server-5.5 Reading package lists... Done Building dependency tree Reading state information... Done The following packages were automatically installed and are no longer required: gir1.2-ubuntuoneui-3.0 libubuntuoneui-3.0-1 thunderbird-globalmenu Use 'apt-get autoremove' to remove them. Suggested packages: tinyca mailx The following packages will be upgraded: mysql-server-5.5 1 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 4 not fully installed or removed. Need to get 0 B/8,827 kB of archives. After this operation, 32.7 MB of additional disk space will be used. debconf: DbDriver "config": /var/cache/debconf/config.dat is locked by another process: Resource temporarily unavailable (Reading database ... dpkg: warning: files list file for package `mysql-server-5.5' missing, assuming package has no files currently installed. (Reading database ... 172971 files and directories currently installed.) Preparing to replace mysql-server-5.5 5.5.34-0ubuntu0.12.04.1 (using .../mysql-server-5.5_5.5.34-0ubuntu0.12.04.1_amd64.deb) ... debconf: DbDriver "config": /var/cache/debconf/config.dat is locked by another process: Resource temporarily unavailable dpkg: error processing /var/cache/apt/archives/mysql-server-5.5_5.5.34-0ubuntu0.12.04.1_amd64.deb (--unpack): subprocess new pre-installation script returned error exit status 1 debconf: DbDriver "config": /var/cache/debconf/config.dat is locked by another process: Resource temporarily unavailable dpkg: error while cleaning up: subprocess new post-removal script returned error exit status 1 Errors were encountered while processing: /var/cache/apt/archives/mysql-server-5.5_5.5.34-0ubuntu0.12.04.1_amd64.deb E: Sub-process /usr/bin/dpkg returned an error code (1) angel@Voix:~$ sudo apt-get install mysql-server php5-mysql Reading package lists... Done Building dependency tree Reading state information... Done mysql-server is already the newest version. php5-mysql is already the newest version. The following packages were automatically installed and are no longer required: gir1.2-ubuntuoneui-3.0 libubuntuoneui-3.0-1 thunderbird-globalmenu Use 'apt-get autoremove' to remove them. The following extra packages will be installed: mysql-server-5.5 Suggested packages: tinyca mailx The following packages will be upgraded: mysql-server-5.5 1 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 4 not fully installed or removed. Need to get 0 B/8,827 kB of archives. After this operation, 32.7 MB of additional disk space will be used. Do you want to continue [Y/n]? y debconf: DbDriver "config": /var/cache/debconf/config.dat is locked by another process: Resource temporarily unavailable (Reading database ... dpkg: warning: files list file for package `mysql-server-5.5' missing, assuming package has no files currently installed. (Reading database ... 172971 files and directories currently installed.) Preparing to replace mysql-server-5.5 5.5.34-0ubuntu0.12.04.1 (using .../mysql-server-5.5_5.5.34-0ubuntu0.12.04.1_amd64.deb) ... debconf: DbDriver "config": /var/cache/debconf/config.dat is locked by another process: Resource temporarily unavailable dpkg: error processing /var/cache/apt/archives/mysql-server-5.5_5.5.34-0ubuntu0.12.04.1_amd64.deb (--unpack): subprocess new pre-installation script returned error exit status 1 debconf: DbDriver "config": /var/cache/debconf/config.dat is locked by another process: Resource temporarily unavailable dpkg: error while cleaning up: subprocess new post-removal script returned error exit status 1 Errors were encountered while processing: /var/cache/apt/archives/mysql-server-5.5_5.5.34-0ubuntu0.12.04.1_amd64.deb E: Sub-process /usr/bin/dpkg returned an error code (1)

Read the article
The design of a generic data synchronizer, or, an [object] that does [actions] with the aid of [helpers]

- by acheong87

I'd like to create a generic data-source "synchronizer," where data-source "types" may include MySQL databases, Google Spreadsheets documents, CSV files, among others. I've been trying to figure out how to structure this in terms of classes and interfaces, keeping in mind (what I've read about) composition vs. inheritance and is-a vs. has-a, but each route I go down seems to violate some principle. For simplicity, assume that all data-sources have a header-row-plus-data-rows format. For example, assume that the first rows of Google Spreadsheets documents and CSV files will have column headers, a.k.a. "fields" (to parallel database fields). Also, eventually, I would like to implement this in PHP, but avoiding language-specific discussion would probably be more productive. Here's an overview of what I've tried. Part 1/4: ISyncable class CMySQL implements ISyncable GetFields() // sql query, pdo statement, whatever AddFields() RemFields() ... _dbh class CGoogleSpreadsheets implements ISyncable GetFields() // zend gdata api AddFields() RemFields() ... _spreadsheetKey _worksheetId class CCsvFile implements ISyncable GetFields() // read from buffer AddFields() RemFields() ... _buffer interface ISyncable GetFields() AddFields($field1, $field2, ...) RemFields($field1, $field2, ...) ... CanAddFields() // maybe the spreadsheet is locked for write, or CanRemFields() // maybe no permission to alter a database table ... AddRow() ModRow() RemRow() ... Open() Close() ... First Question: Does it make sense to use an interface, as above? Part 2/4: CSyncer Next, the thing that does the syncing. class CSyncer __construct(ISyncable $A, ISyncable $B) Push() // sync A to B Pull() // sync B to A Sync() // Push() and Pull() only differ in direction; factor. // Sync()'s job is to make sure that the fields on each side // match, to add fields where appropriate and possible, to // account for different column-orderings, etc., and of // course, to add and remove rows as necessary to sync. ... _A _B Second Question: Does it make sense to define such a class, or am I treading dangerously close to the "Kingdom of Nouns"? Part 3/4: CTranslator? ITranslator? Now, here's where I actually get lost, assuming the above is passable. Sometimes, two ISyncables speak different "dialects." For example, believe it or not, Google Spreadsheets (accessed through the Google Data API "list feed") returns column headers lower-cased and stripped of all spaces and symbols! That is, sys_TIMESTAMP is systimestamp, as far as my code can tell. (Yes, I am aware that the "cell feed" does not strip the name so; however cell-by-cell manipulation is too slow for what I'm doing.) One can imagine other hypothetical examples. Perhaps even the data itself can be in different "dialects." But let's take it as given for now, and not argue this if possible. Third Question: How would you implement "translation"? Note: Taking all this as an exercise, I'm more interested in the "idealized" design, rather than the practical one. (God knows that shipped sailed when I began this project.) Part 4/4: Further Thought Here's my train of thought to demonstrate I've thunk, albeit unfruitfully: First, I thought, primitively, "I'll just modify CMySQL::GetFields() to lower-case and strip field names so they're compatible with Google Spreadsheets." But of course, then my class should really be called, CMySQLForGoogleSpreadsheets, and that can't be right. So, the thing which translates must exist outside of an ISyncable implementor. And surely it can't be right to make each translation a method in CSyncer. If it exists outside of both ISyncable and CSyncer, then what is it? (Is it even an "it"?) Is it an abstract class, i.e. abstract CTranslator? Is it an interface, since a translator only does, not has, i.e. interface ITranslator? Does it even require instantiation? e.g. If it's an ITranslator, then should its translation methods be static? (I learned what "late static binding" meant, today.) And, dear God, whatever it is, how should a CSyncer use it? Does it "have" it? Is it, "it"? Who am I? ...am I, "I"? I've attempted to break up the question into sub-questions, but essentially my question is singular: How does one implement an object A that conceptually "links" (has) two objects b1 and b2 that share a common interface B, where certain pairs of b1 and b2 require a helper, e.g. a translator, to be handled by A? Something tells me that I've overcomplicated this design, or violated a principle much higher up. Thank you all very much for your time and any advice you can provide.

Read the article
Which PHP framework is closest to Ruby on Rails? CakePHP? CodeIgniter?

- by Mike Duncan

I'm going to be switching back and forth between Ruby on Rails projects and some as-of-yet undecided PHP MVC framework projects. Which of the PHP MVC frameworks out there (CakePHP, CodeIgniter?, others?) is most similar to Ruby on Rails in that the most conventions, locations, workflows, etc are preserved? I'm looking for the similarity in the way things are done such as directory structures, conventions, etc, not a pros vs cons in speed, extra features, etc.

Read the article

Search Results

Search found 43347 results on 1734 pages for 'php security'.

Page 464/1734 | < Previous Page | 460 461 462 463 464 465 466 467 468 469 470 471 | Next Page >

- by user1738013

- by user1763986

- by alundra00

- by zlance4012

- by BRADINO

- by Suriani Salleh

- by Pinetree

- by mattalexx

- by Wen Teng

- by user3909877

- by VinylScratch

- by Steve Johnson

- by eoin

- by Hans

- by Crowye

- by John Factorial

- by I Like PHP

- by Kosmo

- by Pedro Loureiro

- by Ian

- by Andy

- by olaf.heimburger

- by user210445

- by acheong87

- by Mike Duncan

< Previous Page | 460 461 462 463 464 465 466 467 468 469 470 471 | Next Page >