Floydian

Re: [FAQ] Crons Guide Na, cron jobs can be added without reseting the server or restarting apache. Wish I could help more, but they always worked for me after getting the directory/file name right and after making sure the script worked correct, so I'll be looking out for an answer to this as well to file in my lil rolodex. lol

Re: Tables ID That's correct. ;)

Re: Tables ID Sweet!! Just a side note, you could set it to 1 and mysql would then check and see that hm, you've got id's going up to 15 and then correct that for you automatically. So, when I need to do those things, I just set them to 1 and I'm done with it lol.

Re: Tables ID Just to confirm Spudinski's post, you DO NOT NEED TO DELETE THE TABLE Doing what Spudinski says will take your autoincrement back down where it should be. There is a counter stored in the information schema that tells mysql what the next id should be in an auto increment field. It does NOT look at the last ID in the table, but at that counter stored in the information schema.

Re: Enumeration Permutations - Minor Notice Yeah, I noticed you are decrementing the count on that for loop. I think my theory still stands that the for loop expression valuates one time past the length of the array thus causing the notice, even though the code inside the for loop wouldn't execute, hence the offset of -1 ;)   Edit: Oh, and sudoku sounds like fun. I almost added one to me project but alas it was coded by a german guy and the text was all in german. Add to that the fact that I know nothing of sudoku and I wouldn't know if that thing was working right or not lol. And the last problem was that since it was javascript based, it really wouldn't do for building it into the game.

Re: Enumeration Permutations - Minor Notice I've noticed that a for loop always evaluates the first part of the for loop, one last time before stopping. Suppose you have a for loop like this: $array = array (1,2,3,4); for ($i = 0, $i <= 3; $i++) { echo $i . ' '; } echo $i . ' '; It would go through each part of the array. However, the last $i would echo out as 4 not 3 as might be expected. 0 1 2 3 4 That is the output of that script. So, I would think that your for loop is evaluating that array one more time that it should. I'm not exactly sure how to fix it, but I am 100% sure this behavior of PHP for loops is the cause.

Re: merging multiple databases in 1 issue As far as I know, a select requires a table to be selected from. I do not think you can simply select a database entirely With that said, you would of course have to have a user setup that has access to each database, and has the coresponding priviliges needed for the commands used in the sql query. database.table is the proper syntax for selecting a table from a specific database. The tables in two databases can be joined, unioned and all that. So, besides the fact that you need to declare what database you are selecting from, there isn't any thing else involved here that isn't involved in doing the same thing from just one database.

Re: [FAQ] How do I redirect users? (Location Header) I did not know that, thanks for the info ;)

Re: [info] What should I learn first ? Pushing towards xhtml I totally agree with! I wish I had been pushed in that direction as well, but alas I had myself, and front page as a guide when I first started learning html. Then w3 schools came into the picture, and xhtml just seemed like some foreign thing that I might should not click on :D I hope I didn't make it sound like w3 schools is not the treasure trove of information that it is, my main goal was to tell people that if they need basic instruction on HTML syntax, that they need to consult the html portion of w3 schools in conjuction with their studies on xhtml which seems to be geared towards not repeating anything in the html section, but is sort of an addon to it. :D

Re: [FAQ] How do I redirect users? (Location Header) Another method that I use for redirects sidesteps the whole issue of output. There is javascript code that can accomplish this. Of course, it requires that the user have javascript enabled (which if they don't, they're basically surfing the internet like the Flintstones).   // Redirect to new pages using javascript function redirect($webpage){ echo <<<EOT <script language="javascript" type="text/javascript"> <!-- window.location.replace("$webpage"); // --> </script> EOT; exit(); }   This function is nice because you can use it anywhere without worrying about if anything has been output yet. Using the .replace method replaces the web page you just left with the web page you are redirected to in the browser history. This has the effect of allowing the user to use the back button to go back to the page right before the page they were redirected from. Here's a lil illustration of the concept: Example One -- Without .replace You're on Page A You click a link taking you to Page B Page B redirects you to Page C Normally a redirect put pages into your history like this: Page C Page B Page A In descending order starting with the last page accessed. Hitting the back button when on Page C, takes you back to Page B which then attempts to redirect you back to Page C. Example Two -- With .replace You're on Page A You click a link taking you to Page B Page B redirects you to Page C Your browser history now looks like this: Page C Page A Now, if you hit the back button, you aren't taken to Page B which attempts to redirect you back to Page C, but you go to Page A which is what would be the expected behavior. I don't know if the header redirect does example One or Two, but I mention this in case you go with the javascript approach. The default location.window(URL) behavior is that of Example One, so I want to make sure people that go with the javascript approach know the difference. Of course none of this is to say that the header approach isn't good. This is simply a different flavor of coding that some of you may like since you can call it with a simple function: redirect('URL'); without any further thought required. ;) Please note that if you use Databased Sessions (if you don't know, then you are NOT using databased sessions, just trust me on that) then before you do a redirect, you must call the session_write_close() function to force the session to be written to the database or else you're going to get a slew of errors (about 8 if I counted right). Of course, the number of errors I encounter in that situation is probably dependent on how my custom session handler functions are written lol.

Re: [info] What should I learn first ? I have no disagreement with what mdshare said, however I have one suggestion, or rather a bit of guidance for anyone looking to learn xhtml. Certainly delving right into xhtml is the way to go, but if you go to the w3 schools site, you will need to look at the html section as it contains more basic instructions on how to script html. xhtml is a more strict form of html and they do not re-explain html in the xhtml section. So, while I am all for starting out from the git-go with scripting html in the form of xhtml (remember, xhtml is simply a strict form of html), just remember to refer to the html section for tutorials on how html works while keeping in mind the things that are in the xhtml section so you can keep your html scripts in a valid xhtml format. ################ My own personal opinion is that xhtml is a not 100% necessary. Some people freak if their pages don't validate as valid xhtml. The question really is, can the people you want to use your website, use your website? If you need xhtml to make that happen, that's great, if you don't that's okay too. If you find xhtml hard to understand, don't shy away from learning html thinking that html is inferior, or is somehow not "cool" to be caught using. With that said, I don't want to discourage anyone from learning xhtml either, and I encourage everyone to give it a shot. xhtml being more strict than html makes it more compatible with more things (mobile devices and so on). I'm just saying, if you find it hard, don't hesitate to start out with html ;)

Re: An introduction to security That's what's up. I'd definitely check it out!

Re: Clean up your .html code !!! And that is completely indefensible ;)

Re: SQL Injections To the question of legal culpability by the website if they get hacked I don't think that's so. There are a number of problems inherent in the "customer's" ability to seek legal damages. The first of which is the likely hood of suing someone that is not in the same country the customer is (highly unlikely if the person spent $5 USD). Imagine the costs involved... Second, and most important, they are "donations" with no service implied. You simply donate your money at your own risk. There's absolutely no way anyone can sue a website for something of that nature and expect to win. And last in my mind is the fact that they aren't going to be able to delete your pay pal records and they aren't going to be able to delete your offsite backups. Add to this the fact that the pentagon suffers breaches of security all the time, and supposedly military/govt security is the best money can buy, so there's no way to 100% protect the site. My experience with players is that if a site goes down for a day they will be grateful when it's back up the next day and a very recent backup is used to restore most of what they had. There's always the bad apple and I've put one or two people in "FED" where they've turned around and threatened legal action if they weren't let out. Of course, such a thing hasn't happened yet, as they normally just have pay pal do a charge back lol.

Re: SQL Injections I look at it this way, I could care less if someone wants to try and hack my game. Let em at it, and they can teach me something if they find a security hole, therefore, just because someone submits data in a way that isn't what *should* be submitted I wouldn't ban them from the site. I've seen staff fed people way to soon when if they had let them do their thing for a bit longer, a bigger problem might have been uncovered. With that philosophy in mind, while I see the value in client side validation, I am with Nyna on this one in that it has to be 100% server side validation and I think that if you're going to validate server side 100%, validating client side is merely a redundancy. (Of course, like it's been said, if they bypass the validation then you know you've got someone that has some skillz) Going back to riderdaz, it seems to me that they want someone to do it for them. All this talk of server side and client side crap prolly sounds like hogwash to them. Correct me if I'm wrong please, but could you do it? So, read, study, practice, and practice some more rider!

Re: Clean up your .html code !!! In defense of all the people you spoke of, windows is not bug and error free... It never has been, and I'm willing to bet it never will be. Obviously that isn't an excuse for there to be lots of bugs/errors, but that's the way life is. Not everyone can be part of the 'cool' valid Strict XHTML crowd ya know ;)

Re: LEARNING TO CODE! you should start by specifying exactly what languages you want to learn. I've assuming you're at least going to learn some php, so here's some links: W3 schools is the best organized list of tutorials you'll find on the net. Follow through the PHP tuts one by one and you'll soon be able to do a few things with php. http://w3schools.com/ The PHP site has documentation on everything in PHP. It can take some time to get used to how the information is presented, but in time it will make more and more sense to you. http://www.php.net/

Re: Free 2 - Gym I would have charged for that one Nyna hehehehehe Perhaps even easier would be swapping out that fetch single with mysql_fetch_row as you have elegantly done in that function which by the way does look to be dummy resistent. :mrgreen:

Re: An introduction to security If I were running a "Tutorial" post, I'd sticky this lol Nicely written, very informative, and written by a hot Brit! What more could you ask for? um... Is there going to be a follow up to the introduction as well?

Re: Optimize generation When you are speaking of "keys" you are speaking of encryption which is different that a hash. A hash is a message digest and no matter what data you hash, you always get the same message digest every time you hash the same data. Encryption on the other hand does not have that problem. Using a key, you change the encrypted string from what it would be with a different key to what it is with the key your using. Encryption differs from hashing also, in that when data is encrypted it's possible to use the key to unlock that information as opposed to a message digest which there is no key for and no *simple* method of decoding it. For any message digest that is generated, there would be more than one data set that the generated hash could have been generated from. Therefore a collision is when more than one data set can produce the same hash. And since there is an infinite amount of data combinations possible, and only a finite number of message digests for any hash method known, any genuine method of breaking a hash would allow you to find an infinite number of data sets that would fit the hash ;) Collisions occur in hashes, but not in encryption. At least, if they do occur with encryption, it would be far far more rare and that just doesn't seem possible because unlocking the encryption would result in more than one unlocked set of data. The thing about encryption is that for any encrypted string, there would be more than one possible data set that that encrypted string could have resulted from. However, the introduction of the key dramatically increases the number of possible combinations of data set and keys. The key is not limited in size and therefore makes collisions in encrypted strings theoretically impossible. It should be noted that for any encrypted string, there would be more than one key that could unlock the data, however the resulting data set would be different depending upon what key you used. That means that the data that is encrypted would only be obtained by having the key ;) Otherwise, you would end of with meaningless data! For this reason, hashes are used a lot for passwords because you hash the pass and compare the stored hash with the hash produced from the submitted pass. You could just as well use encryption and compare encrypted strings stored in a database with submitted passwords that are encrypted, but collisions would occur there because you aren't attempting to decrypt the encrypted string, but merely comparing encrypted strings and there are only a finite number of encrypted strings when the encrypted string is of a known length.

Re: Optimize generation spudinski, spudinski, ALL hashing methods suffer from collisions... Whether or not we have found ways to cause them is of now importance. I don't care if your hash produces a 1 million character string, there will still be collisions.

Re: Quick help please Nice function Nyna ;) killah, I see what you mean, but unfortunately it isn't going to work that way. Consider Nyna's function, it tests to see if a name is a staff members name (in generic terms of course) or a regular player, and if they are a regular player it checks to see if they are a donor. In order to do that, you have to have a name (or userid or some other data linked to the user such as donor_days). When $h->startheaders() is called, you won't have any of that data. Well, I'm not sure if I can explain it 100% perfect, but hopefully that gets the point across.

Re: help with php Iso forgot to mention the two years you're going to need to familiarize yourself with your "codes"....

Re: Help please [me=Floydian]bows to the php goddess that is Nyna[/me]

Re: Help please Wouldn't php operate the same on any system, being platform independent? I realize some php extensions are only available for windows or linux, but it seems to me that barring those, php extensions should operate reliably anywhere :S And that email deal, um, I'll have bad dreams about that one...