Date: 01/01/70 (Programming)    Keywords: php, spam

More and more Blog Spam seems to be occurring, and this is due to programs like the one by php-soft. I've been trying to find ways to fight this. One idea is since I use Moveable Type is to use...

Source: http://www.coreycollins.com/blog/archives/000046.php

Date: 02/11/05 (Java Web)    Keywords: php, java

Background I started my career with C then move to C++ and finally stuck on with Java ever since late 1995. I learnt other languages like VB, Basic, Fortran, Pascal (I loved it!) and recently php and some smattering of perl, lisp etc. Yes I also dabbled in C#. As you know structurally all modern...

Source: http://feeds.feedburner.com/AngsumansBlogOnJavaAndWebTechnologies?m=142

Date: 12/12/04 (Java Web)    Keywords: php, web

Using php 5.x is not documented in the manual, there are lots of questions with few answers, redundant hints etc. Even php 4.x users will benefit from this as it shows how to enable php only in a single web application, instead of all web applications as all the existing docs state. Enjoy!

Source: http://feeds.feedburner.com/AngsumansBlogOnJavaAndWebTechnologies?m=98

Date: 02/18/05 (PHP Community)    Keywords: php, xml

Hi everyone.

Could anyone suggest some explanation to the following:

---- The code ----
$conn_id = ftp_connect('ftp_server_here');
$login_result = ftp_login($conn_id, 'username', 'password');
ftp_pasv($conn_id, true);
$handle = fopen('local_file', "w");
ftp_size($conn_id, 'remote_file');
ftp_fget($conn_id, $handle, 'remote_file', FTP_BINARY);
fclose($handle);
ftp_close($conn_id);
---- Code end ----

---- Output ----
Connection ID returned by ftp_connect [line 2151]: Resource id #29
Login result returned by ftp_login [line 2156]: 1
Switching on ftp passive mode...
Checking if it is possible to open file: "............" for writing   ... Success!
File: ............" handler: Resource id #30
Remote file size: 566.0 KB
PHP Warning: ftp_fget(): php_connect_nonb() failed: Connection timed out (110) in ...... on line 2205
---- Output end ----

---- Output ----
$ ftp xx.x.xxx.xx
Connected to xx.x.xxx.xx.
220 FTP server Ceske WWW.
530 Please login with USER and PASS.
530 Please login with USER and PASS.
KERBEROS_V4 rejected as an authentication type
Name (xx.x.xxx.xx:xxxxxx): name
331 Please specify the password.
Password:
230 Login successful. Have fun.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> cd Estonia
250 Directory successfully changed.
ftp> pwd
257 "/Estonia"
ftp> get
(remote-file) estonia.xml
(local-file) estonia_downloaded.xml
local: estonia_downloaded.xml remote: estonia.xml
227 Entering Passive Mode (81,0,233,91,65,138)
ftp: connect: Connection timed out
---- Output end ----

Source: http://www.livejournal.com/community/php/262122.html

Date: 02/18/05 (PHP Community)    Keywords: php, mysql, sql

Hey! My first post. Just a brief introduction on me: I've been doing PHP for about a year or so and in about 70% of the projects i've done i used PHP.

Anyway, here's my question:Any suggestions on how i can implement a "network" / "connections" algorithm using PHP/mySQL? something like Friendster?

"To steal ideas from one person is plagiarism, to steal ideas from many is research." - Anon.

Source: http://www.livejournal.com/community/php/261634.html

Date: 02/18/05 (PHP Community)    Keywords: php, mysql, sql

alright first post, mysql ver 4.1 installed, running off of a winxppro operating system.

I have phpmyadmin-2.6.0-pl1 on my home computer, and whenever I try to logon as root using the password I specified it says "Error
#1251 - Client does not support authentication protocol requested by server; consider upgrading MySQL client"

Source: http://www.livejournal.com/community/php/261602.html

Date: 02/17/05 (PHP Community)    Keywords: php, google

I'm in need of a program that will take a number as input and use said input to determine the percentage of time it will return true. Just off the top of my head, without looking at google or even the PHP manual, I'm thinking something simple like generating a random number from 1-100 and subtracting the input number from it. The result would then be tested to if it is equal to or less than 0, at which point it would return false - else, it would return true.

Of course, I already see an obvious problem: if looking for say a 99% chance of success, and the random number is anything less than 99 the function would return false and would actually have only a 2% chance of returning true.

Any thoughts a good way to accomplish this?

Source: http://www.livejournal.com/community/php/261246.html

Date: 02/16/05 (PHP Community)    Keywords: php, security

Okay, I wrote a authorization class using cookies to access certain pages based on their category.
Now, not being the security god or anything, I wanted to check it's validity as far as a valid way to grant or deny access.

Basically, it does a DB call on every page request, based off the cookie info, but Im willing to put up with the performance hit just because you can update access permissions on the fly, and not have to worry about page cache's, etc.

But the natural language explination is this:
Get the user permissions from the table field, and put them in an array.
If you cant get an array from the information in the cookie, go to the deny message page.
If the current category ($_GET[cat]) isnt in the permissions array, go to the deny message page.
If the current page isnt in the allowed pages array, go to the deny message page.
If any part of the cookie array isnt set, go to the deny page

Here is the method that I wrote. Any and all criticisms, help, etc is much appreciated...

function authorize($page_cat){

$page_base = basename($_SERVER['PHP_SELF']);
$page = $_SERVER['REQUEST_URI'];
$ip = $_SERVER['REMOTE_ADDR'];
$date = date("m/d/y - h:iA");
$exceptionpages = str_replace(" ", "", $this->ExceptionPages);
$exceptionpages = explode(",", $exceptionpages);

$allowedpages = str_replace(" ", "", $this->AllowedPages);
$allowedpages = explode(",", $allowedpages);


if(isset($_COOKIE[$this->UserIDfield]) && isset($_COOKIE[$this->Usernamefield]) && isset($_COOKIE[$this->Passwordfield]) && isset($_COOKIE[$this->Emailfield])){



$auth = $this->getUserArray();

if (!$auth){

header("Location: $this->LogoutPageRedirect");

}

$permissions = $auth[$this->PermissionsField];

if (($page_base == $this->EntryPage) && ($_GET['action'] !== "logout")){
header("Location: $this->LoginPageRedirect");
}
if ($this->PermissionsType == "category") {

$permissions = explode(", ", $permissions);

if (in_array($this->DisabledMarker, $permissions) && $page_base !== "misc.php"){

if ($this->RecordHacks == 1){

$this->insertHack();

}

header("Location: $this->DisabledPageRedirect");
}
if (isset($page_cat)){



if (!in_array($page_cat, $permissions)) {

if ($this->RecordHacks == 1){

$this->insertHack();

}

header("Location: $this->DeniedPageRedirect");

}
}

}
}

if(!$_COOKIE[$this->UserIDfield] || !$_COOKIE[$this->Usernamefield] || !$_COOKIE[$this->Passwordfield] || !$_COOKIE[$this->Emailfield]) {

if ($page_base !== "$this->EntryPage"){

if ($this->RecordHacks == 1){

$this->insertHack();

}
header("Location: $this->LogoutPageRedirect");
}
}
}


Source: http://www.livejournal.com/community/php/260701.html

Date: 02/14/05 (PHP Community)    Keywords: php, mysql, css, html, sql, web

I've been working with PHP for several years now in a web-based envoronment and have achieved a moderate level of proficiency - I'm still a little green when it comes to PHP and MySQL though.

Additionally, I'm fluent in XHTML and CSS (though a little out of date with my CSS hacks).

Source: http://www.livejournal.com/community/php/259798.html

Date: 02/11/05 (PHP Community)    Keywords: php

hi, my server offers a large list of auto-install scripts, this php gallery one (http://gallery.menalto.com) is what i used to use on another server, and a friend (online, lost info) helped to install and customize it years ago. I still dont know much about php, but enough to customize it now myself, and i would like the new version installed on the new server.

the problem is that there is some weird issue with the login. it tells me with the install that the login is default as admin/admin and yet i put that in and nothing happens. the main site has a troubleshooting answer for this, but i dont have a clue as to what they are telling me to do. I would really appreaciate it if someone would help me out with this.

http://www.jenshumate.com/gallery

Source: http://www.livejournal.com/community/php/258270.html

Date: 02/09/05 (PHP Community)    Keywords: php, mysql, sql, web

I'm working on creating some tools (PHP/MySQL) on one of my websites to help a user tell where things are. Generically, I will probably put this to use in several ways at some point - I just need a bit of help to start with. The budget is $0, so there will be no buying of commercial map data.

Scenario:
1) User A inputs location data - say, for SSO, it's a store that sells ShadowRun books. This information includes address, city, state, zip, country, phone, etc.
2) User B is going on a trip to Town Z, and wants to know which of these locations are nearby, so they input address Y and a radius of M miles.
3) The display shows a map of town Z with a radius of M miles centered around addess Y, and a numer N of locations X are indicated with icons on the map. Along with this, there is a table with a list of N locations and a distance between Y and X for each.
*) I would also like to be able to create a state-wide or regional default map to show as a default.

Work In Progress:
What I have been able to do so far, thanks to some links I found, is to use the old US Census Zip data that is floating around to give an approximate distance based on zip code. This is pretty inaccurate at best, but it does at least give some idea.

What I think the next step is would be to find a way to get a more accurate lat/long for each address, and use the zip only as a fallback if that method fails. This would increase the accuracy by a significant amount. Any ideas on where/how to implement such a thing would be welcome.

The big step would be actually mapping into an image. I have looked around quite a bit for information on creating images and maps, but have yet to find anything that I can relate well enough to to work with. I'm looking for an example not too far from this scenario to work from. I magine a basic way to accomplish this task would be to find a state outline map and the lat/long that equate with each corner, then use those as a base to map the icon points... somehow. That would at least be a place to start from, and could probably be done with freely available data. To actually generate M radius maps from address Y would be a bit trickier, I imagine. Any thoughts as to the methods, code, sites, data, or experience in creating such a thing are welcome.

Thanks.

Source: http://www.livejournal.com/community/php/257428.html

Date: 02/09/05 (PHP Community)    Keywords: php, mysql, browser, database, sql

[Error: Irreparable invalid markup ('

') in entry.  Owner must fix manually.  Raw contents below.]


Lately, I've been adding hidden <img> tags to my posts.  The source attribute points to non-existent URLs on my server, each tagged to the post ID - aka: http://ohsonline.no-ip.com/lj74252.  Simple little way to see whenever someone reads your journal, or whenever somebody checks out a friends page you're listed on.  Not the best solution, but hey, it works.

Last night, I got bored, and still a little out of it from being sick, decided to work on a little PHP/MySQL script to actually collect all of that data coming in and provide a little analysis.  So far it's basic, and only really provides the IP, post ID, timestamp, browser, and platform.  I still need to add the source to pump out page hits based on post, ip, browser, platform, etc.  

Anyways, somebody's probably come up with a similar/better solution before, but as always, feel free to hack away :) 

ljLog - Demo



/**

@author Michael Bommarito
@version 20050208-1
@license LGPL
Keep track of who views your LJ, complete with analysis by post, 
browser, operating system, and referring URL.  Or it will.  Some day.
*/

$db = new mysqli('localhost', 'root', 'password', 'ljlog');
if( mysqli_connect_errno() ) {
	die("Unable to contact database server.  Try again later...");
}

if( isset($_REQUEST['post-id']) ) {
	$post_id = $db->real_escape_string($_REQUEST['post-id']);
	$user_ip = ip2long($_SERVER['REMOTE_ADDR']);
	$user_agent = $_SERVER['HTTP_USER_AGENT'];
	$user_referer = $_SERVER['HTTP_REFERER'];
	
	$query = "SELECT * FROM `ljview_post` WHERE `ljview_post_id` = $post_id";
	$res = $db->query($query);
	if( $res->num_rows > 0 ) {
		$user_post_id = $res->fetch_object()->ljview_post_id;
		$query = "UPDATE `ljview_post` SET `ljview_post_hits` = `ljview_post_hits` + 1 WHERE `ljview_post_id` = $post_id";
		$db->query($query);
	} else {
		$query = "INSERT INTO `ljview_post` VALUES($post_id, 1)";
		$db->query($query);
		$user_post_id = $db->insert_id;
	}
	$res->free();
	
	if( $user_ip > 0 ) {
		$query = "SELECT * FROM `ljview_ip` WHERE `ljview_ip_ip` = $user_ip";
		$res = $db->query($query);
		if( $res->num_rows > 0 ) {
			$user_ip_id = $res->fetch_object()->ljview_ip_id;
			$query = "UPDATE `ljview_ip` SET `ljview_ip_hits` = `ljview_ip_hits` + 1 WHERE `ljview_ip_ip` = $user_ip";
			$db->query($query);
		} else {
			$query = "INSERT INTO `ljview_ip` VALUES(NULL, $user_ip, 1)";
			$db->query($query);
			$user_ip_id = $db->insert_id;
		}
		$res->free();
	}
	
	if( $user_referer != '' ) {
		$query = "SELECT * FROM `ljview_referer` WHERE `ljview_referer_string` = '$user_referer'";
		$res = $db->query($query);
		if( $res->num_rows > 0 ) {
			$user_referer_id = $res->fetch_object()->ljview_referer_id;
			$query = "UPDATE `ljview_referer` SET `ljview_referer_hits` = `ljview_referer_hits` + 1 WHERE `ljview_referer_string` = '$user_referer'";
			$db->query($query);
		} else {
			$query = "INSERT INTO `ljview_referer` VALUES(NULL, '$user_referer', 1)";
			$db->query($query);
			$user_referer_id = $db->insert_id;
		}
		$res->free();
	}
	
	$query = "SELECT * FROM `ljview_user_agent` WHERE `ljview_user_agent_string` = '$user_agent'";
	$res = $db->query($query);
	if( $res->num_rows > 0 ) {
		$user_user_agent_id = $res->fetch_object()->ljview_user_agent_id;
		$query = "UPDATE `ljview_user_agent` SET `ljview_user_agent_hits` = `ljview_user_agent_hits` + 1 WHERE `ljview_user_agent_string` = '$user_agent'";
		$db->query($query);
	} else {
		$query = "INSERT INTO `ljview_user_agent` VALUES(NULL, '$user_agent', 1)";
		$db->query($query);
		$user_user_agent_id = $db->insert_id;
	}
	$res->free();
	
	$ts = time();
	$query = "INSERT INTO `ljview` VALUES (NULL, $user_ip_id, $post_id, $user_user_agent_id, $user_referer_id, $ts)";
	$db->query($query);
} else {
?>
     PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
     "DTD/xhtml1-transitional.dtd">

	
		
		
	
	
		







	$res = $db->query("SELECT * FROM ljview ORDER BY ljview_id DESC");
	while( $view = $res->fetch_object() ) {
		print ("");

		$ip_id = $view->ljview_ip_id;
		$res_ip = $db->query("SELECT * FROM ljview_ip WHERE ljview_ip_id = $ip_id");
		if( $res_ip ) {
			$ip = $res_ip->fetch_object();
			$res_ip->free();
			print ( "" );
		} else {
			print("");
		}

		$post_id = $view->ljview_post_id;
		print("");

		if( $view->ljview_ts ) {
			print ( "" );
		} else {
			print("");
		}

		$user_agent_id = $view->ljview_user_agent_id;
		$res_user_agent = $db->query("SELECT * FROM ljview_user_agent WHERE ljview_user_agent_id = $user_agent_id");
		if( $res_user_agent ) {
			$user_agent = $res_user_agent->fetch_object();
			$res_user_agent->free();
			$browser = get_browser($user_agent->ljview_user_agent_string);
			print ( "" );
			print ( "" );
		} else {
			print("");
		}

		print ("");
	}
?>
			
				
IP
				
Post ID
				
Timestamp
				
Browser
				
Platform
			
		
" . long2ip($ip->ljview_ip_ip) . "
 
		
$post_id
		
" . date("m/d/Y, g:i:s a", $view->ljview_ts) . "
 
		
" . $browser->parent . "
" . $browser->platform . "
 
		
		

		

			
			
		

	


}
$db->close();
?>




  `ljview_post_id` int(10) unsigned NOT NULL default '0',
  `ljview_user_agent_id` int(10) unsigned NOT NULL default '0',
  `ljview_referer` int(10) unsigned NOT NULL default '0',
  `ljview_ts` int(10) unsigned NOT NULL default '0',
  PRIMARY KEY  (`ljview_id`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_bin;

-- --------------------------------------------------------

-- 
-- Table structure for table `ljview_ip`
-- 

DROP TABLE IF EXISTS `ljview_ip`;
CREATE TABLE IF NOT EXISTS `ljview_ip` (
  `ljview_ip_id` int(10) unsigned NOT NULL auto_increment,
  `ljview_ip_ip` int(32) NOT NULL default '0',
  `ljview_ip_hits` int(10) unsigned NOT NULL default '0',
  PRIMARY KEY  (`ljview_ip_id`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_bin;

-- --------------------------------------------------------

-- 
-- Table structure for table `ljview_post`
-- 

DROP TABLE IF EXISTS `ljview_post`;
CREATE TABLE IF NOT EXISTS `ljview_post` (
  `ljview_post_id` int(10) unsigned NOT NULL auto_increment,
  `ljview_post_hits` int(10) unsigned NOT NULL default '0',
  PRIMARY KEY  (`ljview_post_id`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_bin;

-- --------------------------------------------------------

-- 
-- Table structure for table `ljview_referer`
-- 

DROP TABLE IF EXISTS `ljview_referer`;
CREATE TABLE IF NOT EXISTS `ljview_referer` (
  `ljview_referer_id` int(10) unsigned NOT NULL auto_increment,
  `ljview_referer_string` text collate utf8_bin,
  `ljview_referer_hits` int(10) unsigned NOT NULL default '0',
  PRIMARY KEY  (`ljview_referer_id`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_bin;

-- --------------------------------------------------------

-- 
-- Table structure for table `ljview_user_agent`
-- 

DROP TABLE IF EXISTS `ljview_user_agent`;
CREATE TABLE IF NOT EXISTS `ljview_user_agent` (
  `ljview_user_agent_id` int(10) unsigned NOT NULL auto_increment,
  `ljview_user_agent_string` text collate utf8_bin,
  `ljview_user_agent_hits` int(10) unsigned NOT NULL default '0',
  PRIMARY KEY  (`ljview_user_agent_id`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_bin;


Source: http://www.livejournal.com/community/php/257133.html
	

Date: 02/08/05 (PHP Community)    Keywords: php, html

Hi all,
I have saved my images into a table as binary data. I can get it out again with the method that I found at phpbuilder. Here is the test code.

Header( "Content-type: image/jpeg");
echo $data;

The problem is that my real program pulls the images and text for the record and then displays it in an HTML page with tables and a bunch of other stuff. As soon as I added the Header line only the first image shows and thats it. I am assuming this has to do with HTTP headers and so forth which I am not entirely sure of. So if you could tell me how to display my binary image data or point to me some resources when I can learn how I would appreciate it.

Source: http://www.livejournal.com/community/php/256415.html

Date: 02/07/05 (PHP Community)    Keywords: php, html, database, web

I'm doing something of a small content management system for a project I'm working on, and had a quick question about stripping html tags from database held text.

I plan on having a "news" section, updated via a web form or phpMyAdmin or something, but I would like the full news entries safe for HTML tags (bolding, italics, email links, etc). Additionally, I would like to display small 100-character or so blurbs of the "news" entries on other pages - my concern is that if a tag is opened before the 100-character cut-off and not closed, this will mess with the following code.

I've dabbled in solving this problem with little effort, and equally little success. Is there an easy way of stripping out HTML tags for a preview such as this? Am I better off not allowing HTML and providing my own tags, such as ::BOLD::here's some bold text::BOLD:: ? If this is the case, how do I prevent HTML tags at all?

Source: http://www.livejournal.com/community/php/256244.html

Date: 02/18/05 (PHP Community)    Keywords: php, html

It's a common practice when implementing a system requiring content submission that might include html tags, to strip the input fields of all html and get the users to use psuedo-tags instead, such as [ b ] instead of < strong > which will be replaced by the content-view script. This serves it's purpose by removing any mallicious code from the input text. It also limits the extent to which a user can alter the appearence of their submission, eg unable to post IFRAME or MARQUEE tags.

The downside to this method is that it needs the user to adapt to a modified and often custom tag system. It is also cumbersome code as you are having to do a lot more work than necessary, coding a set of tags and ways to parse them etc.

Enter PHP's strip_tags function. It is likely you will already be using this library function to remove unwanted html (possibly along with htmlspecialchars). But you might not know strip_tags has an optional argument of allowed html tags. Using this function with an array passed in of "safe" html tags you can easily save yourself a lot of hassle and allow the user to operate within the realm of proper-html instead of some new tag set!

Not sure if this will help anyone but I found it very useful in my own projects... enjoy!

Source: http://www.livejournal.com/community/php/262371.html

Date: 02/19/05 (PHP Community)    Keywords: php, mysql, database, sql

I'm attempting to see if I can connect to a database using IIS on a XP Pro machine.



when I go to the document that has that code I get the following error messsage

Warning: mysql_connect(): Client does not support authentication protocol

requested by server; consider upgrading MySQL client in c:\inetpub\wwwroot\PHP\dbconnect.php on line 10
could not connect to database

Source: http://www.livejournal.com/community/php/262496.html

Date: 02/20/05 (PHP Community)    Keywords: php, java, web

Hi there. I think this may be a bigger question than really admits of an answer in this forum, but I'll give it a shot anyway.

I'm working on a website in which I'd like to include the option to vote on pages, or leave comments. Thus far I've figured out that this involves forms and cookies, but I'm having all kinds of trouble. It's been months since I've done any sort of coding, and my PHP skills were never good anyway.

So say we have some text links that point to a javascript function, that updates a hidden form with the value input (say, a vote from 1 to 10) and submits the form. can the form submit itself to the same script? -- could a form on view.php have a form action that points to view.php?

how do I set up cookies that won't expire and thus have values overwritten the next time a given user comes and wants to vote, but that will also not allow multiple votes on the same things from the same user?

lots of questions. I've looked around online and gotten swamped. Maybe someone could just recommend a good book on PHP...

thanks-
Damon

Source: http://www.livejournal.com/community/php/263326.html

Date: 02/20/05 (PHP Community)    Keywords: php

Does anyone know if there is a GOOD unit test framework for PHP5? And no PHPUnit2 is not good in my book.

By good I mean the following:
1) When a test runs it tells me it ran OK.
2) When a test fails it tells me which test it was.
3) It has actually documentation, that does not require me to read the source code. What is on the PHPUnit page does not even go so far as to list all of the various assert clauses that you can call.

PHPUnit2 fails all 3 of these tests.

Source: http://www.livejournal.com/community/php/264174.html

Date: 02/20/05 (PHP Community)    Keywords: php

I'm writing a sort of Interactive Fiction game in PHP and would like to get some thoughts from other people about it.

There is a link from the game itself that leads to a form you can use to comment on it and some questions I have for people who have fooled with it some. Feel free, of course, to reply to this thread if you prefer.

The game can be found at the following URL:
http://www.contemptible.org/smack/game/

Cross posted to:
cpwb if_developer int_fiction php

Source: http://www.livejournal.com/community/php/264617.html

Date: 02/20/05 (PHP Community)    Keywords: php, database, java, security

In building my nice little blog system, I'm running into the following two problems:

Problem 1:
Currently I cannot run image magick as my wonderous site admin has not installed it.  This is - apparently - preventing me from using Text_CAPTCHA from PEAR.  I need a captcha solution that does not require said image manipulation libraries.  Alternatively, if someone knows of a way I can install image magick into my userspace, and NOT have to convince my admin to recompile php, please let me know.

Problem 2:

Additionally, my authentication for administration interface is currently being done via plaintext passwords.  This is - for obvious reasons - insecure.  I was attempting to find a solution using a client-side javascript that would create an md5 hash of the password and a randomly generated "key", send same to php processing form via post, and then the php form processor would use the same randomly generated "key" (I'm currently using "mt_rand()") and the user's password (retreived from the database), combine/hash and compare.  I ran into problems with transmitting the "key" to client side, and maintaining the SAME key (without sending it back, in the clear) on the server side.
The major problems I'm running into, though is the transmission of the key, no matter how I find a way to do it, it still shows up clearly in going to the client side ($rnd = mt_rand() will still show the number client-side when echo $rnd, and therefore it is being clearly transmitted).  Hmm, perhaps I could hash it server side, and then reverse the hash?  But md5 hashes are one-way, yes?  I'd need a crypt for that, and despite my best tries haven't located a good one. ARRGH.
Security is a bitch when you're not using pre-written. ...ESPECIALLY when you're a beginner.

Source: http://www.livejournal.com/community/php/264266.html