Search Results

Search found 43347 results on 1734 pages for 'php security'.

Page 539/1734 | < Previous Page | 535 536 537 538 539 540 541 542 543 544 545 546 | Next Page >

Consolidate multiple site files into single location

- by seengee

We have a custom PHP/MySQL CMS running on Linux/Apache thats rolled out to multiple sites (20+) on the same server. Each site uses exactly the same CMS files with a few files for each site being customised. The customised files for each site are: /library/mysql_connect.php /public_html/css/* /public_html/ftparea/* /public_html/images/* There's also a couple of other random files inside /public_html/includes/ that are unique to each site. Other than this each site on the server uses the exact same files. Each site sitting within /home/username/. There is obviously a massive amount of replication here as each time we want to deploy a system update we need to update to each user account. Given the common site files are all stored in SVN it would make far more sense if we were able to simply commit to SVN and deploy to a single location direct from there. Unfortunately, making a major architecture change at this stage could be problematic. In my mind the ideal scenario would mean creating an account like /home/commonfiles/ and each site using these common files unless an account specific file exists, for example a request is made to /home/user/public_html/index.php but as this file doesnt exist the request is then redirected to /home/commonfiles/public_html/index.php. I know that generally this approach is possible, similar to how Zend Framework (and probably others) redirect all requests that dont match a specific file to index.php. I'm just not sure about how exactly to go about implementing it and whether its actually advisable. Would really welcome any input/ideas people have got. Thanks.

Read the article
pagination and url encoding help

- by Sufyan

<?php $name=$_POST['name']; ?> <form method="POST" action="<?php echo $_SERVER['PHP_SELF']; ?>"> <input type="text" name="name"> <input type="submit" value="GO" name="submit"> </form> <?php include ('db.php'); if(isset($_POST['submit'])) { mysql_query ("INSERT INTO example (name) VALUES('$name')") or die(mysql_error()); } if (!isset($_GET['startrow']) or !is_numeric($_GET['startrow'])) { $startrow = 0; } else { $startrow = (int)$_GET['startrow']; } $query = "SELECT * FROM example ORDER BY id DESC LIMIT $startrow, 20"; $result = mysql_query($query) or die(mysql_error()); while($row = mysql_fetch_array($result)){ echo "<li>"; echo $row['name'] ." "." <a href= 'like.php?quote=" . urlencode( $row['name'] ) . "'>Click Here</a>"; echo "</li>"; } echo '<a href="'.$_SERVER['PHP_SELF'].'?startrow='.($startrow+10).'">Next</a>'; ?> I want to make my page links hidden , how can i make then hidden so that a user cant edit it. 2nd question, currently i am showing total 10 records on each page and then a next page button , but the next button is keep showing even when there is no more records...! how to remove a next page button when records ended. ?? line number 28 is the link to pages which can be easyily editable by any user, i wnat to make them secure (using ID) and line 35 is n'next' page link , this link should not be appear when number of records ended

Read the article
UK Oracle User Group Event: Trends in Identity Management

- by B Shashikumar

As threat levels rise and new technologies such as cloud and mobile computing gain widespread acceptance, security is occupying more and more mindshare among IT executives. To help prepare for the rapidly changing security landscape, the Oracle UK User Group community and our partners at Enline/SENA have put together an User Group event in London on Apr 19 where you can learn more from your industry peers about upcoming trends in identity management. Here are some of the key trends in identity management and security that we predicted at the beginning of last year and look how they have turned out so far. You have to admit that we have a pretty good track record when it comes to forecasting trends in identity management and security. Threat levels will grow—and there will be more serious breaches: We have since witnessed breaches of high value targets like RSA and Epsilon. Most organizations have not done enough to protect against insider threats. Organizations need to look for security solutions to stop user access to applications based on real-time patterns of fraud and for situations in which employees change roles or employment status within a company. Cloud computing will continue to grow—and require new security solutions: Cloud computing has since exploded into a dominant secular trend in the industry. Cloud computing continues to present many opportunities like low upfront costs, rapid deployment etc. But Cloud computing also increases policy fragmentation and reduces visibility and control. So organizations require solutions that bridge the security gap between the enterprise and cloud applications to reduce fragmentation and increase control. Mobile devices will challenge traditional security solutions: Since that time, we have witnessed proliferation of mobile devices—combined with increasing numbers of employees bringing their own devices to work (BYOD) — these trends continue to dissolve the traditional boundaries of the enterprise. This in turn, requires a holistic approach within an organization that combines strong authentication and fraud protection, externalization of entitlements, and centralized management across multiple applications—and open standards to make all that possible. Security platforms will continue to converge: As organizations move increasingly toward vendor consolidation, security solutions are also evolving. Next-generation identity management platforms have best-of-breed features, and must also remain open and flexible to remain viable. As a result, developers need products such as the Oracle Access Management Suite in order to efficiently and reliably build identity and access management into applications—without requiring security experts. Organizations will increasingly pursue "business-centric compliance.": Privacy and security regulations have continued to increase. So businesses are increasingly look for solutions that combine strong security and compliance management tools with business ready experience for faster, lower-cost implementations. If you'd like to hear more about the top trends in identity management and learn how to empower yourself, then join us for the Oracle UK User Group on Thu Apr 19 in London where Oracle and Enline/SENA product experts will come together to share security trends, best practices, and solutions for your business. Register Here.

Read the article
Contingent Header Category Label

- by poindexter

Right now the header has a bit of code in it that queries the section name and then uses that section name as the h1 title in the page. It works fine. However, I want to selectively break that operation in certain categories and give myself the ability to manually enter the h1 title for a given section. Here's what I'm struggling with: how can I maintain the automatic query and title selection in most instances, but selectively break it in a given category (the 'blog' category, for starters)? Thanks for taking a look, I appreciate your help! Here's the code that drives the existing function (it's the get_the_section_name part): <?php if(!is_home()){?> <div class="section <?php echo get_the_section_name();?>"> <?php $sectitle = get_the_section_name(); $sectitle = str_ireplace("-"," ",$sectitle); echo '<h1>' . $sectitle . '</h1>';?> <p class="breadcrumbs"> <?php if(function_exists('bcn_display')) { bcn_display(); } ?> </p> </div> <div class="columns"> <?php } ?> Here's a page that shows what it looks like displayed (see the title in the blue graphic underneath the main nav near the top of the page): http://69.20.59.228/category/blog/

Read the article
How can I transfer a logged in user's login data from one server to another?

- by Martin

I have one server "A" where users can login. Login is verified by an LDAP server "L". I have a different server "B" were users can log in, too. Login is verified by the same LDAP server as before. Both servers are standard web servers with PHP. My goal is: If a user is logged in to server "A", and if he clicks a link to log in to server "B", the user should automatically be logged in without re-entering username and password. What is a good and secure way to achieve this? I can't submit username and crypted password to server "B". I can't use the PHP session of server "A", because it does not exit on "B". Cookies won't work either. I think that there is a way, but I just can't see it. Any help is very much appreciated.

Read the article
Comparing numeric strings

- by Kiren Siva

From the question PHP Type-Juggling and (strict) Greater/Lesser Than Comparisons I know PHP interpret strings as numbers whenever it can. "10" < "1a" => 10 less than 1 expecting false "1a" < "2" => 1 less than 2 expecting true "10" > "2" => 10 greater than 2 expecting true But in the case of "10" < "1a" php returns true. I am not understanding the concept please help me to clarify it. Edit: But when I add "10" + "1a" it returns 11 that means php interprets "10" as 10 and "1a" as 1. Is that correct?

Read the article
Loading form values from one IFrame to another

- by Roland

What I want to achieve is the following. A search is made from one IFrame "the form is loaded into this frame via the src atribute of iframe" the search query is then passed to another IFrame that redirects to a url with the query eg. www.test.com/index.php?query=test Is this possible? Currently my code looks as such <iframe src="abc.php" name="iframe1"> </iframe> <iframe name="iframe2"> <?php var_dump($_GET); ?> </iframe> abc.php contains the following <form method="get" action="#" target="iframe2"> <input type="text" name="searchtype" id="searchtype" /> <input type="submit" value="submit"> </form>

Read the article
php5 , how makes templates?

- by oussama17

I am currently developing a social network using PHP5 without any framework , I create the template by this method , every time I put the header -content -footer but I found that the previous template still there , how can I make templates with this method and show me the path to the best method to play with templates in PHP5.public function affiche($afficheTPL){ $this->registry->getObject('template')->addTemplateBit('hello', 'hellop.tpl.php'); $this->registry -> getObject('template') -> buildFromTemplates($afficheTPL.'/header.tpl.php', $afficheTPL.'/main.tpl.php', $afficheTPL.'/footer.tpl.php'); $this->registry -> getObject('template') -> parseOutput(); print $this -> registry -> getObject('template') -> getPage() -> getContentToPrint(); }

Read the article
How to disable back button in browser using javascript or any script

- by user225269

Im using wamp server for my php scripts. And Im having difficulties on the logout code. Every time I click on the logout link and then click on the back button on web browser it still shows the page which can only be access by the user who is logged in. I have this code at the beginning of the index.php which is called by the log out link to destroy the session: <?php session_start(); session_destroy(); ?> And I have this at the beginning of the user page: <? session_start(); if(!session_is_registered(myusername)){ header("location:login.php"); } ?> I don't know why the userpage can still be access after the user has logged out. So I'm thinking of disabling the back button when the user has logged out. Please help.

Read the article
SQL2005 reporting server: intense security activity

- by David Wimbush

On my reporting server the Security log shows large numbers of Logon/Logoff events, often 10 or more, when you run pretty much any report in the Report Manager. Is this normal or is it a classic sign of having the wrong setup? Some system details: Windows Server 2003 R2 SP2, virtual server running under VMWare). SQL Server 2005 SP3 Standard Edition, running databases, Report Manager, and Ananlysis Services cubes. No other major services on the machine (i.e. it's not a domain controller, Exchange server or anything like that). Any ideas, please, guys?

Read the article
how to send value to the from action page from database

- by Mayank swami

I am creating a faq panel for there can be multiple answers for question and i want to take the answer id .because i am storing comment by answer id the problem is that how to sent the $answer_id to the comment_submit_process.php and how to recognize the answer ? $selected_ques= mysql_prep($_GET['ques']); $query = "SELECT * FROM formanswer where question_id = {$selected_ques}"; $ans= mysql_query($query); if($ans){ while($answer = mysql_fetch_array($ans)) //here is the form <form id="add-comment" action="comment_submit_process.php" > <textarea class="comment-submit-textarea" cols="78" name="comment" style="height: 64px;"></textarea> <input type="submit" name="submitbutton" value="Add Comment" class="comment-submit-button" > <br> <?php $ans_id= $answer['id']; echo $ans_id; ?> <input type="hidden" name="ques" value="<?php echo $_GET['$ans_id'] ?>" /> <span class="counter ">enter at least 15 characters</span> <span class="form-error"></span> </form> <?php }} ?>

Read the article
XP Missing AD in secuirity location

- by Rodent43

I have a few Window XP clients that are part of a domain, when trying to set the permissions on the security tab and pressing location to search the AD for users it only presents the local machine... So I follow this path Right click folder Properties Security Add in the locations field where I would normally see the windows domain, I am only seeing the local machine name??? So only users that have a local account can be added to the folders permissions... Any tips would be appreciated

Read the article
Loading Ajax within a Google Maps InfoWindow

- by McCrum

I have put together a 5 star rating system using PHP and Ajax which will write the rating into a database. (See link below) http://andrewmccrum.com/maps/rate/5star.php I want this rating system to work within a Google Maps InfoWindow but at the minute I can only get the InfoWindow to read and display the rating. It will not let the user vote like the top link. And I have no idea why www.andrewmccrum.com/maps/database/index.php

Read the article
how to get rid of certificate error: navigation blocked in ie8

- by Radek

when I access our intranet via https I get this "certificate error: navigation blocked" error in IE8 on Windows XP SP3. I can click Continue to this website (not recommended). but I use IE for automation testing so I have to avoid these extra clicks. Any idea? I tried setting “Turn off the Security Settings Check feature” to enabled. setting "Display Mixed Content" to enabled lowering security levels to minimum adding the web server address to trusted zone

Read the article
Website including pages/pages to my site

- by Azzyh

Hello.. I have my site on index.html made in html+css., at my index.html i have this div id "content", where you put in main content to the page, and there's a link at the menubar that src to page2.php. When you press on the link it goes to the page2.php, but i want it to display inside the < div "content". In page2 i have Hello this is a test, in a echo.. I dont want to use frames.. should i split up my design on index.php, and then on page2.php include top & footer? or is there another way

Read the article
erro during page redirection

- by pamela

when I redirect my page to another page header("location:popup.php"); it gives following error - Cannot modify header information - headers already sent by (output started at C:\xampp\htdocs\303\levelupdate.php:289) in C:\xampp\htdocs\303\levelupdate.php on line 320

Read the article
What Am I Doing Wrong on this HTACCESS file!

- by Ronnie Chester Lynwood

Someone please tell me what is wrong with this htaccess rules? RewriteCond %{QUERY_STRING} ^q=(.*)&type=downway1$ [NC] RewriteRule ^search\.php$ /search\/%1\/1\/? [R=301,NC,L] RewriteCond %{QUERY_STRING} ^q=(.*)&type=(.*)$ [NC] RewriteRule ^search\.php$ /search\/%1\/%2\/1\/? [R=301,NC,L] RewriteRule search/(.*)/(.*)/$ /search.php?q=$1&page=$2 [L] <-- this and RewriteRule search/(.*)/(.*)/(.*)/$ /search.php?q=$1&type=$2&page=$3 [L] <-- this are not working in same time. for example TYPE = app Q = windows if I search type by downway1 it works powerfully but if I search in app type Q becomes windows/app not only windows. help me please!

Read the article
PHP -- automatic SQL injection protection?

- by ashgromnies

I took over maintenance of a PHP app recently and I'm not super familiar with PHP but some of the things I've been seeing on the site are making me nervous that it could be vulnerable to a SQL injection attack. For example, see how this code for logging into the administrative section works: $password = md5(HASH_SALT . $_POST['loginPass']); $query = "SELECT * FROM `administrators` WHERE `active`='1' AND `email`='{$_POST['loginEmail']}' AND `password`='{$password}'"; $userInfo = db_fetch_array(db_query($query)); if($userInfo['id']) { $_SESSION['adminLoggedIn'] = true; // user is logged in, other junk happens here, not important The creators of the site made a special db_query method and db_fetch_array method, shown here: function db_query($qstring,$print=0) { return @mysql(DB_NAME,$qstring); } function db_fetch_array($qhandle) { return @mysql_fetch_array($qhandle); } Now, this makes me think I should be able to do some sort of SQL injection attack with an email address like: ' OR 'x'='x' LIMIT 1; and some random password. When I use that on the command line, I get an administrative user back, but when I try it in the application, I get an invalid username/password error, like I should. Could there be some sort of global PHP configuration they have enabled to block these attacks? Where would that be configured? Here is the PHP --version information: # php --version PHP 5.2.12 (cli) (built: Feb 28 2010 15:59:21) Copyright (c) 1997-2009 The PHP Group Zend Engine v2.2.0, Copyright (c) 1998-2009 Zend Technologies with the ionCube PHP Loader v3.3.14, Copyright (c) 2002-2010, by ionCube Ltd., and with Zend Optimizer v3.3.9, Copyright (c) 1998-2009, by Zend Technologies

Read the article
Apache gettext windows does not work/translate

- by Prashant Kandathil

I am new to gettext. Here is my setup: /Apache 2.2 PHP 5.3.6 Windows 7/ I have following code in the Apache/htdocs/test/index.php <?php $language = 'de_DE'; $translatefile = 'messages'; setlocale(LC_ALL, $language); putenv("LANG=".$language); bindtextdomain($translatefile, 'C:/locale'); textdomain($translatefile); echo gettext("Hello World!"); ?> I used PoEdit to generate the necessary translations under locale/de_DE/LC_MESSAGES/messsages.po & messages.mo The charset I used was UTF-8 When I visit http://localhost/test, the result is Hello World! when it should be Hall Welt! As a test, I opened command prompt and navigated to the test folder. Then I typed in php index.php The result that appeared in the console was Hall Welt! I am not sure why it is not working with Apache.

Read the article
load balancing two web servers each on two different isp's?

- by Scott

I have two ISP's that provide me hosting via apache / php / mysql. I am running drupal on them. On occasion the mysql server will go away (crash), so I was hoping to find a reasonable way to have a fail over, if server A SQL is down, all traffic is sent to server B. I know traditionally this is handled in DNS where a second alternate ip is given if there is a problem - or similar. But I do not have control over the isp, other than I can run php, perl and the usual apache stuff. Also, I have static ip's on each isp, and I can create dns entries (A/CNAME/TXT). So, I was hoping there might be a way for me to have a script that checks if drupal has a problem, and if so, somehow alter dns, or ? Or, any other ideas? (other than spending lots more $ on a better isp)

Read the article
Out Of Memory Error - Magento

- by robobobobo

Ok normally I understand when my server is giving me out of memory errors, but this one has me stumped! I'm running a magento based site, with one or two plugins in it and the rest is pretty basic. The site runs and loads fine wiht no issues. However in the backend - Configuration - Payment Methods it gives me the following out of memory error Fatal error: Out of memory (allocated 39059456) (tried to allocate 85 bytes) in ########/Varien/Simplexml/Element.php on line 84 Now this is where I'm confused..it's allocated more than it tried to allocate? Am I correct there? So how is it running out of memory? My server has 6Gb ram, an SSD and 2 CPU's running WHM with a few other low traffic sites on it. I set my php memory limit to 100mb, 1000mb and finally unlimited but all to no avail! I'm completely lost here, would really appreciate some expertise on this Cheers

Read the article
Why i get everytime the error-message that i've already sent the headers

- by mikep

Hey, i've another question about web-programming. I programmed a login script, but everytime when i try to login it says that i've send the header informations already. Here are the 2 files: <?php if($_GET['logout'] == 1) { setcookie('authorized', 1, time()-3600); } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>Login - photoAdminSite</title> </head> <style type="text/css"> body { text-align: center; font-family: helvetica; } #loginForm { padding: 1em; background: #e3e3e3; width: 260px; margin: 3em auto 0; text-align: left; } </style> <body> <div id="loginForm"> <form method="post" action="confirm_login_credentials.php"> <h2>LOGIN</h2> <p>Username: <input type="text" name="username" /></p> <p>Password: <input type="password" name="password" /></p> <p><input type="submit" value="Login" name="submit" /></p> </form> </div> </body> </html> <?php $username = $_POST['username']; $password = $_POST['password']; require 'database.php'; $q = "SELECT id FROM users_photoadminsite WHERE user_name = '$username' AND password = '$password'"; $result = $mysqli->query($q) or die(mysqli_error()); if (mysqli_num_rows($result) == 1) { setcookie('authorized', 1, 0); header("Location: index.php"); } else { header("Location: login.php"); } ?> i would be really happy about some helpful answers.

Read the article
Using a function found in a different file in a loop

- by Anders

This question is related to BuddyPress, and a follow-up question from this question I have a .csv-file with 790 rows and 3 columns where the first column is the group name, second is the group description and last (third) the slug. As far as I've been told I can use this code: <?php $groups = array(); if (($handle = fopen("groupData.csv", "r")) !== FALSE) { while (($data = fgetcsv($handle, 1000, ",")) !== FALSE) { $group = array('group_id' = 'SOME ID', 'name' = $data[0], 'description' = $data[1], 'slug' = groups_check_slug(sanitize_title(esc_attr($data[2]))), 'date_created' = gmdate( "Y-m-d H:i:s" ), 'status' = 'public' ); $groups[] = $group; } fclose($handle); } foreach ($groups as $group) { groups_create_group($group); } With http://www.nomorepasting.com/getpaste.php?pasteid=35217 which is called bp-groups.php. The thing is that I can't make it work. I've created a new file with the code written above called groupgenerator.php uploaded the .csv file to the same folder and opened groupgenerator.php in my browser. But, i get this error: Fatal error: Call to undefined function groups_check_slug() in What am I doing wrong?

Read the article
Blocking IP's Nginx behind proxy

- by FunkyChicken

I'm running a Nginx 1.2.4 webserver here, and I'm behind a proxy of my hoster to prevent ddos attacks. The downside of being behind this proxy is that I need to get the REAL IP information from an extra header. In PHP it works great by doing $_SERVER[HTTP_X_REAL_IP] for example. Now before I was behind this proxy of my hoster I had a very effective way of blocking certain IP's by doing this: include /etc/nginx/block.conf and to allow/deny IP's there. But now due to the proxy, Nginx sees all traffic coming from 1 IP. Is there a way I can get Nginx to read the IP's like how PHP does, with the X-REAL-IP header?

Read the article
Redirect question using mod_rewrite (no extensions - root of site)

- by alex

Hi, I'm having a small problem with mod_rewrite I have the following in my .htacces: Options +FollowSymlinks RewriteEngine on RewriteRule ^(.+)\.htm$ index.php?name=$1 [NC] This is my index.php file: <?php echo $_GET['name]; ?> This works great for the following url: www.mySite.com/this is an example.htm this would display "this is an example" What i'm trying to do however, is get it to do the same, without the .htm extension: for example: www.mySite.com/this is an example Any ideas? (dont think it's relevant but i'm using xampp to test this)

Read the article

< Previous Page | 535 536 537 538 539 540 541 542 543 544 545 546 | Next Page >