1. PHP + MySQL = ljLog

    Date: 02/10/05 (MySQL Communtiy)    Keywords: php, mysql, browser, database, sql

    [Error: Irreparable invalid markup ('

    ') in entry.  Owner must fix manually.  Raw contents below.]

    I've written little PHP/MySQL script to parse HTTP requests from hidden <img> tags in LJ posts (e.g. <img src="http://ohsonline.no-ip.com/ljview.php?post-id=74765" style="display:none;" />), archiving it all in a MySQL database and providing a little analysis. So far it's basic, and only really provides the IP, post ID, referring user, timestamp, browser, and platform. I still need to add the source to pump out page hits based on post, ip, browser, platform, etc.

    Anyways, somebody's probably come up with a similar/better solution before, but as always, feel free to hack away :)


    @author Michael Bommarito
    @version 20050209-2
    @license GPL
    Keep track of who views your LJ, complete with analysis by post,
    browser, operating system, and referring URL.

    $db = new mysqli('localhost', 'root', 'password', 'ljlog');
    if( mysqli_connect_errno() ) {
    die("Unable to contact database server. Try again later...");

    if( isset($_REQUEST['post-id']) ) {
    $post_id = $db->real_escape_string($_REQUEST['post-id']);
    $user_ip = ip2long($_SERVER['REMOTE_ADDR']);
    $user_agent = $_SERVER['HTTP_USER_AGENT'];
    $user_referer = $_SERVER['HTTP_REFERER'];

    $query = "SELECT SQL_CACHE * FROM `ljview_post` WHERE `ljview_post_id` = $post_id";
    $res = $db->query($query);
    if( $res->num_rows > 0 ) {
    $user_post_id = $res->fetch_object()->ljview_post_id;
    $query = "UPDATE `ljview_post` SET `ljview_post_hits` = `ljview_post_hits` + 1 WHERE `ljview_post_id` = $post_id";
    } else {
    $query = "INSERT INTO `ljview_post` VALUES($post_id, 1)";
    $user_post_id = $db->insert_id;

    if( $user_ip > 0 ) {
    $query = "SELECT SQL_CACHE * FROM `ljview_ip` WHERE `ljview_ip_ip` = $user_ip";
    $res = $db->query($query);
    if( $res->num_rows > 0 ) {
    $user_ip_id = $res->fetch_object()->ljview_ip_id;
    $query = "UPDATE `ljview_ip` SET `ljview_ip_hits` = `ljview_ip_hits` + 1 WHERE `ljview_ip_ip` = $user_ip";
    } else {
    $query = "INSERT INTO `ljview_ip` VALUES(NULL, $user_ip, 1)";
    $user_ip_id = $db->insert_id;

    if( $user_referer != '' ) {
    $query = "SELECT SQL_CACHE * FROM `ljview_referer` WHERE `ljview_referer_string` = '$user_referer'";
    $res = $db->query($query);
    if( $res->num_rows > 0 ) {
    $user_referer_id = $res->fetch_object()->ljview_referer_id;
    $query = "UPDATE `ljview_referer` SET `ljview_referer_hits` = `ljview_referer_hits` + 1 WHERE `ljview_referer_string` = '$user_referer'";
    } else {
    $query = "INSERT INTO `ljview_referer` VALUES(NULL, '$user_referer', 1)";
    $user_referer_id = $db->insert_id;

    $query = "SELECT SQL_CACHE * FROM `ljview_user_agent` WHERE `ljview_user_agent_string` = '$user_agent'";
    $res = $db->query($query);
    if( $res->num_rows > 0 ) {
    $user_user_agent_id = $res->fetch_object()->ljview_user_agent_id;
    $query = "UPDATE `ljview_user_agent` SET `ljview_user_agent_hits` = `ljview_user_agent_hits` + 1 WHERE `ljview_user_agent_string` = '$user_agent'";
    } else {
    $query = "INSERT INTO `ljview_user_agent` VALUES(NULL, '$user_agent', 1)";
    $user_user_agent_id = $db->insert_id;

    $ts = time();
    $query = "INSERT INTO `ljview` VALUES (NULL, $user_ip_id, $post_id, $user_user_agent_id, $user_referer_id, $ts)";
    } else {
    PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"


    $count = array_pop($db->query("SELECT ljview_id FROM ljview ORDER BY ljview_id DESC LIMIT 1")->fetch_row());
    $limit = isset($_REQUEST['limit']) ? abs($_REQUEST['limit']) : 20;
    $offset = isset($_REQUEST['offset']) ? abs($_REQUEST['offset']) : 0;
    $place = $count - $offset;
    $query = "SELECT SQL_CACHE * FROM ljview WHERE ljview_id <= $place ORDER BY ljview_ts DESC LIMIT $limit";
    $res = $db->query($query);
    $end = $offset + $limit;
    $back = $offset - $limit;
    Viewing $offset - $end out of $count
    if( $offset > 0 ) {
    print("Previous $limit");
    if( $offset < $count ) {
    print("Next $limit

    while( $view = $res->fetch_object() ) {
    print ("");

    $ip_id = $view->ljview_ip_id;
    $res_ip = $db->query("SELECT SQL_CACHE * FROM ljview_ip WHERE ljview_ip_id = $ip_id");
    if( $res_ip ) {
    $ip = $res_ip->fetch_object();
    print ( "" );
    } else {

    $post_id = $view->ljview_post_id;

    if( $view->ljview_ts ) {
    print ( "" );
    } else {

    $user_agent_id = $view->ljview_user_agent_id;
    $res_user_agent = $db->query("SELECT SQL_CACHE * FROM ljview_user_agent WHERE ljview_user_agent_id = $user_agent_id");
    if( $res_user_agent ) {
    $user_agent = $res_user_agent->fetch_object();
    $browser = get_browser($user_agent->ljview_user_agent_string);
    print ( "" );
    print ( "" );
    } else {

    $referer_id = $view->ljview_referer;
    $res_referer = $db->query("SELECT SQL_CACHE * FROM ljview_referer WHERE ljview_referer_id = $referer_id");
    if( $res_referer ) {
    $referer = $res_referer->fetch_object();
    $referer_stack = split('[-./]', $referer->ljview_referer_string);
    if( strcasecmp($referer_stack[2], 'livejournal') == 0 ) {
    $lj_user = $referer_stack[5];
    } else if( strcasecmp($referer_stack[3], 'livejournal') == 0 ) {
    $lj_user = $referer_stack[6];

    } else {

    print ("");
    IP Post ID Timestamp Browser Platform LJ User
    " . long2ip($ip->ljview_ip_ip) . "&nbsp; $post_id " . date("m/d/Y, g:i:s a", $view->ljview_ts) . "&nbsp; " . $browser->parent . "" . $browser->platform . "&nbsp; $lj_user&nbsp;



      `ljview_post_id` int(10) unsigned NOT NULL default '0',
    `ljview_user_agent_id` int(10) unsigned NOT NULL default '0',
    `ljview_referer` int(10) unsigned NOT NULL default '0',
    `ljview_ts` int(10) unsigned NOT NULL default '0',
    PRIMARY KEY (`ljview_id`)

    -- --------------------------------------------------------

    -- Table structure for table `ljview_ip`

    DROP TABLE IF EXISTS `ljview_ip`;
    CREATE TABLE IF NOT EXISTS `ljview_ip` (
    `ljview_ip_id` int(10) unsigned NOT NULL auto_increment,
    `ljview_ip_ip` int(32) NOT NULL default '0',
    `ljview_ip_hits` int(10) unsigned NOT NULL default '0',
    PRIMARY KEY (`ljview_ip_id`)

    -- --------------------------------------------------------

    -- Table structure for table `ljview_post`

    DROP TABLE IF EXISTS `ljview_post`;
    CREATE TABLE IF NOT EXISTS `ljview_post` (
    `ljview_post_id` int(10) unsigned NOT NULL auto_increment,
    `ljview_post_hits` int(10) unsigned NOT NULL default '0',
    PRIMARY KEY (`ljview_post_id`)

    -- --------------------------------------------------------

    -- Table structure for table `ljview_referer`

    DROP TABLE IF EXISTS `ljview_referer`;
    CREATE TABLE IF NOT EXISTS `ljview_referer` (
    `ljview_referer_id` int(10) unsigned NOT NULL auto_increment,
    `ljview_referer_string` text collate utf8_bin,
    `ljview_referer_hits` int(10) unsigned NOT NULL default '0',
    PRIMARY KEY (`ljview_referer_id`)

    -- --------------------------------------------------------

    -- Table structure for table `ljview_user_agent`

    DROP TABLE IF EXISTS `ljview_user_agent`;
    CREATE TABLE IF NOT EXISTS `ljview_user_agent` (
    `ljview_user_agent_id` int(10) unsigned NOT NULL auto_increment,
    `ljview_user_agent_string` text collate utf8_bin,
    `ljview_user_agent_hits` int(10) unsigned NOT NULL default '0',
    PRIMARY KEY (`ljview_user_agent_id`)

    Source: http://www.livejournal.com/community/mysql/47917.html

  2. insert + enum

    Date: 01/09/05 (MySQL Communtiy)    Keywords: php, mysql, sql

    hey everyone, my name is Phil. i started learning PHP in september and about a month ago started learning mysql and how the two work together.

    i have a question regarding the enum data type. any time i try to create a table which has a field which i'd like to specify as enum, i get a syntax error. i've checked the manual and am not sure what i'm doing wrong. here's an example:

    create table records(record_id int auto_increment, user varchar(50) not null, status enum("open","closed"), primary key(record_id));

    what i've ended up having to do is create the first half of the table, then put in each of the enum fields one at a time, then do the rest. could someone tell me what i'm doing wrong?


    Source: http://www.livejournal.com/community/mysql/45246.html

  3. Database Woes, x-posted in php...

    Date: 12/29/04 (MySQL Communtiy)    Keywords: php, mysql, html, database, sql

    Ok, I figured something out.

    When I run the mysql query at a mysql or phpmyadmin prompt I get the proper results...

    SELECT * FROM fff_news WHERE month(date)=month(now()) and year(date)=year(now()) ORDER BY date DESC

    But when I throw this into an array with php's mysql_fetch_array or mysql_fetch_row everything will display except for the top entry which would be the last date entered into the database. If I add a new entry for yesterday, it won't show until I add a second entry for yesterday(and then that one won't show) or a new entry for today(which won't show).

    Why is php mangling my query like this, it's rather simple...

    snip...(and I cut out my html which semagic won't let me display as code anyway...)

    } else {

    $sql = 'SELECT * FROM fff_news WHERE month(date)=month(now()) and year(date)=year(now()) ORDER BY date DESC';
    $result = mysql_query($sql);
    $row = mysql_fetch_array($result);

    if (!$result) {

    Error performing query: " . mysql_error() . "\n");

    while ($row = mysql_fetch_array($result)) {
    echo $row[date];
    echo $row[pagetitle];
    echo $row[content];



    Source: http://www.livejournal.com/community/mysql/45003.html

  4. inserted row ID

    Date: 12/02/04 (MySQL Communtiy)    Keywords: php, mysql, database, sql

    Hi guys, i'm a newbie to MYSQL, so excuse me for stupid questions :)
    I have the following question:
    For instance my database looks like -

    | ID | SOME_VALUE |
    | 10 |  MY_VALUE  |
    |    |            |
    ID - is auto_increment
    I use php and make MYSQL query to insert a new row (INSERT query)
    Is there any way to know inserted row ID?

    PS. If i use

    (1) INSERT INTO ... ... ... VALUES ... ... ...;

    can i be 100% sure that another INSERT query (from another user) won't be inserted between (1) and (2) and the returned ID will be wrong?

    Source: http://www.livejournal.com/community/mysql/43111.html

  5. Which Wiki

    Date: 02/18/05 (Web Development)    Keywords: php, mysql, rss, xml, sql, java

    I’m thinking about putting together a Wiki for some stuff I am doing. Does anyone have any packages that they like and would recommend? Things I would like:

    1) PHP (V5 would be a good thing)
    2) Data stored in MySQL
    3) User names to edit as an option.
    4) New/changed Pages RSS feed.
    5) Under active development
    6) There is no #6
    7) Page versioning.
    8) Good support for inserting code of various forms (PHP, javascript, xml etc) in pages.



    Source: http://www.livejournal.com/community/webdev/173178.html

  6. Here's the questions

    Date: 02/17/05 (Web Development)    Keywords: php, html, web

    Well, I got the OK, so here goes:

    As someone who's never been an IT insider, I only have knowledge of *how* to do things, not how to get paid to do them. Almost everything I know I've taught myself, from HTML 3 way back in the day to PHP 5 over the past year. My only concept of what it's like to work in this field is based on my experience in my last job. So what's out there? I know that web design and web development are often considered separate fields, but is this always the case? What are the positions like? Should I go back and get a degree? If so, what kind? If not, what do I need to impress potential employers? I'm more interested in design than development at the moment, but I like both and would be happy doing either full-time... really, any information you can provide would be helpful at this point!

    (cross-posted to '[info]'webdesign)

    Source: http://www.livejournal.com/community/webdev/172586.html

  7. Job question.

    Date: 02/08/05 (Web Development)    Keywords: php, programming, mysql, database, asp, sql, jsp, web

    Ok, I've got a question for all the professionals out there. I've been looking for a while now to get into server-side web programming (PHP, ASP, JSP, SQL) for a little while now. While I do have experience working with these things working on personal projects, I have no professional experience. I was wondering if anyone had any suggestions on what I can do to more effectively represent myself in this way.

    In terms of skills, I'm talking a heavy PHP/MySQL background, with a focus on content managers and database served content.

    Just hoping someone might have some pointers. Feel free to ask me any questions.

    Source: http://www.livejournal.com/community/webdev/170943.html

  8. Ubuntu PHP4 Question

    Date: 02/17/05 (Apache)    Keywords: php, apache

    I have successfully installed APache2 with Synaptic on Ubuntu, but the PHP module is not specified in the apache.conf file even though I used Synaptic to install PHP4. Is there a differnt method to activate the module within apache.conf?

    Source: http://www.livejournal.com/community/apache/17050.html

  9. redirectMatch problem

    Date: 02/03/05 (Apache)    Keywords: php, html

    this worked perfectly on one host, but I'm having problems with it on a
    new host.

    redirectMatch 301 ^(.*)bb.html/(.*)$

    The problem is that the ? get's translated to %3f so the url it
    redirects to is.

    How do I fix this?

    Source: http://www.livejournal.com/community/apache/16395.html

  10. Cleaning Up the Server Header

    Date: 01/20/05 (Apache)    Keywords: php, linux, apache

    Currently, my httpd server headers looks like:
    Apache/1.3.33 (Unix) (Gentoo/Linux) mod_perl/1.27 PHP/4.3.10

    How might I clean up the header a bit (so as to not let people know of all the modules I"m running)? Preferably, I'd like it to ONLY say Apache.

    Probably a noob question, heh, sorry.

    Source: http://www.livejournal.com/community/apache/16193.html

  11. Rewrite rule help in apache 2.

    Date: 12/09/04 (Apache)    Keywords: php, web, hosting

    We are using dynamic virtual hosting for a number of domains. The original request was to be able to go to http://somedomain.com/dav and update a webpage. This worked great. But now we would like to do this with dav over ssl. We don't want to buy an ssl certificate for every domain, so I would like to do a redirect from the virtual host to the ssl host. I can not do a Redirect /dav https://sslhost.com/davvhosts/%O as Redirect can not handle the %O.

    So I would like to do a Rewrite on the ssl server based on the HTTP_REFERER variable, but I can't get it to work:

    The Virtual host stuff:

      UseCanonicalName Off
      CustomLog logs/access_log vcommon
      VirtualDocumentRoot /web/vhosts/%0/htdocs
      VirtualScriptAlias /web/vhosts/%0/cgi-bin
        Options FollowSymLinks ExecCGI Multiviews Includes
        AllowOverride All
        ForceType application/x-httpd-php
      Redirect /dav https://www.sightworks.net/davvhosts

    Then in the SSL side I tried a couple things. First just modifying the HTTP_REFERER variable:
    RewriteEngine On
    RewriteMap lowercase int:tolower
    RewriteCond %{HTTP_REFERER} /dav/
    RewriteRule ^http://(.*)/dav/ $1
    RewriteCond %{REQUEST_URI} !^/icons/
    RewriteCond %{REQUEST_URI} !^/cgi-bin/
    RewriteCond %{REQUEST_URI} ^/davvhosts/
    RewriteRule ^/(.*)$ /www/vhosts/${lowercase:%{HTTP_REFERER}}/$1
    RewriteCond %{REQUEST_URI} ^/cgi-bin/
    RewriteRule ^/(.*)$ /www/vhosts/${lowercase:%{HTTP_REFERER}}/cgi-bin/$1 [T=application/x-httpd-cgi]
    RewriteCond %{REQUEST_URI} !^/icons/
    RewriteCond %{REQUEST_URI} !^/cgi-bin/
    RewriteCond %{REQUEST_URI} ^/davhosts/
    RewriteRule ^/(.*)$ /www/hosts/${lowercase:%{HTTP_REFERER}}/$1
    RewriteCond %{REQUEST_URI} ^/cgi-bin/
    I also tried just setting a different variable and using it, but that did not work either:
    RewriteEngine On
    RewriteMap lowercase int:tolower
    RewriteCond %{HTTP_REFERER} /dav/
    RewriteRule ^http://(.*)/dav/ - [E=HTTP_REFERER_HOST:$1]
    RewriteCond %{REQUEST_URI} !^/icons/
    RewriteCond %{REQUEST_URI} !^/cgi-bin/
    RewriteCond %{REQUEST_URI} ^/davvhosts/
    RewriteRule ^/(.*)$ /www/vhosts/${lowercase:%{HTTP_REFERER_HOST}}/$1
    RewriteCond %{REQUEST_URI} ^/cgi-bin/
    RewriteRule ^/(.*)$ /www/vhosts/${lowercase:%{HTTP_REFERER_HOST}}/cgi-bin/$1 [T=application/x-httpd-cgi]
    RewriteCond %{REQUEST_URI} !^/icons/
    RewriteCond %{REQUEST_URI} !^/cgi-bin/
    RewriteCond %{REQUEST_URI} ^/davhosts/
    RewriteRule ^/(.*)$ /www/hosts/${lowercase:%{HTTP_REFERER_HOST}}/$1
    RewriteCond %{REQUEST_URI} ^/cgi-bin/
    In both cases it looks like the variable being set ends up blank.
    Is what I want to do possible? If so, what am I doing wrong?
    CANCEL THAT QUESTION! I figured out the answer:
      RewriteEngine on
      RewriteLog    /web/etc/httpd/logs/rewrite.log
      RewriteCond   %{REQUEST_URI}  ^/dav$  [OR]
      RewriteCond   %{REQUEST_URI}  ^/dav/
      RewriteCond   %{HTTP_HOST}    !^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$
      RewriteRule   ^/dav.*$                https://www.sslhost.net/davvhosts/%{HTTP_HOST}/      [R,L]

    Source: http://www.livejournal.com/community/apache/14489.html

  12. mod_rewrite problem

    Date: 11/07/04 (Apache)    Keywords: php

    I've never used mod_rewrite before and I'm having the hardest time getting it to work. It is installed and running.
    Here is my .htaccess file

    RewriteEngine On
    RewriteRule ^.*a.php$ /t.php [L]

    I've tried every different variation on this that I can think of. Not matter what I get the following in the error log.
    script not found or unable to stat.

    The url that I'm using to test this is

    Source: http://www.livejournal.com/community/apache/13468.html

  13. mod_rewrite?

    Date: 09/21/04 (Apache)    Keywords: php, apache

    Hi all, hope someone can give me insight here. I've got an install of phpbb on my site, and I want to use a custom, outside signup page for new users. By default phpbb directs users to /installdir/profile.php?mode=register&agreed=true when they click on the appropriate link. Would mod_rewrite be the answer to redirecting someone who hits that link? A traditional alias or redirect does not seem to work, as apache throws an error about the config, and it's not based on the page itself, but the url parameters being passed. I know I could just as easily hack up the php code for the forum, but I'd prefer this non-invasive method, plus it would catch anyone trying to circumvent a simple redirect within the code. Any hints?

    Oh, here's my current rewrite ruleset:
    RewriteCond %{QUERY_STRING} ^(mode=register&agreed=true.*) [NC]
    RewriteRule ^/forum/profile\.php$1 /account.php [L]

    Source: http://www.livejournal.com/community/apache/11984.html

  14. First post(phpmyadmin not working)

    Date: 02/18/05 (PHP Development)    Keywords: php, mysql, sql

    alright first post, mysql ver 4.1 installed, running off of a winxppro operating system.

    I have phpmyadmin-2.6.0-pl1 on my home computer, and whenever I try to logon as root using the password I specified it says "Error
    #1251 - Client does not support authentication protocol requested by server; consider upgrading MySQL client"

    Source: http://www.livejournal.com/community/php_dev/52920.html

  15. Polling script

    Date: 02/11/05 (PHP Development)    Keywords: php, web

    Hello everyone.. don't really post too much in here, but I thought i'd get some input from everyone. For the past few days, I was interested in how GD works, so I decided to write a script that would put it to use. I decided to write a poll for one of my clients, and it seems to be working pretty well. Heres a quick idea of how it works.

    - Poll module is loaded at the beginning of the script (before output) (will go into modules more in a minute)
    -- Just sets an array containing the very basic config of the poll (which db tables to use and whatnot) and also contains cookie information.

    - $cfg_poll['poll'] is set to tell which poll to load.

    - submodule 'poll_load' is loaded.
    -- DB is queried getting a bit of info on the pull (question being asked, size of poll graph, etc.
    -- DB is also queried to see if an IP matching the remote_addr exists in the answer table
    -- Last but not least, check if cookie exists for answering the poll

    If the last two things are matched, load poll_results, which just gets the answers from a db, and shows a graphical display of the poll.

    If those two aren't matched, display a form for submitting your answer to the poll.

    Anyways, if anyone has some input on this, that'd be great. I'll throw up an example when I get some real webspace. As you can see, this whole thing is done from a DB, and is fully customizable.

    Also, the whole 'module' is because this script runs off of mod_core.php, a script I wrote for making large projects easier. In short, modules are made, sub-modules can be loaded, contains debug info, etc.... Doesn't hurt too much on CPU usage either.

    ~ Fanaticus

    Source: http://www.livejournal.com/community/php_dev/52493.html

  16. Pear::DB vs. ADOdb?

    Date: 02/03/05 (PHP Development)    Keywords: php, mysql, database, sql, java, google

    I'm sure this is going to create a firestorm of debate, but I'm tired of spending countless hours on Google. Before doing PHP, I was a Perl/Java programmer, and was used to doing database stuff with DBI in Perl more than anything else. I'm presently writing a PHP/MySQL app, which will be ported over to Oracle, so I'm looking to start using an abstraction layer (something I admittedly should've been doing the whole time). I've researched ADOdb and Pear::DB, and I can't make up my mind. Would some of you folks mind sharing your personal experiences?


    Source: http://www.livejournal.com/community/php_dev/52325.html

  17. POSTing and redirecting

    Date: 02/02/05 (PHP Development)    Keywords: php, browser, database, java

    I'm in a situation where I want to create a page that redirects to another site and posts as it does so, as if it were a form (the page needs to record acceptance in a database before the site-user hares off into the unknown, possibly not to return). Is there a way of manually setting these post values in php? header() just seems to apply to the page you're in. I can't rely on Javascript, and somehow sending the post variables to the other site and mirroring the result of the first page on my site would be commercially problematic. Help!

    Thinking about this, there just doesn't seem to be a solution. Header sets HTTP header variables in the document that goes back to the user's browser, not the second server. POST variables would usually be provided by the user's browser to the second server, not by the first server. I just don't think that there's a way of doing this kind of redirection, but I may be wrong, it's not really my area.

    Fascinating problem, would anybody like to comment?

    Source: http://www.livejournal.com/community/php_dev/52088.html

  18. OOP Question

    Date: 01/04/05 (PHP Development)    Keywords: php

    Ok, so it appears that in PHP5, when declaring variables within a class, "var" is being depricated, and "public, private, protected" are the preferred descriptors for a variable type. I see that using "var $varname" is still allowed, and PHP5 just makes it a public variable by default. Is there a way to keep a variable private or protected within a class in PHP4? And have it work in PHP5?

    BTW, has anyone else made the switch from v4 to v5 and encountered any gotchas along the way?

    [X-posted to PHP]

    Source: http://www.livejournal.com/community/php_dev/51280.html

  19. Security in websites, part deux....

    Date: 01/02/05 (PHP Development)    Keywords: php, html, database, sql, java, security, web

    alright, so, i finally got around to designing my 'security system' for my family's website. here's how it'll work:

    1. user enters their username and password into an html form. a javascript function will confirm that both are between 6 and 16 characters long
    2. if they, are, they'll be passed to login.php which will double check the lenghts of the two strings, and then confirm that neither one contains anything but letters and numbers. if they don't pass muster, the user gets rerouted to the html login form.
    3. if the above two criteria evaluate to true, then a SQL query will run to see if there's a matching username and password row in a database.
    4. IF SO, the script calls session_start() and $_SESSION['UsrIsLogdIn']=true;. the script then redirects them to the rest of the site.

    now, each page on the rest of the site will do a check like this:
    if ($_SESSION['UsrIsLogdIn']!==true) {

    do you all think that this is good security? do you see any problems, loopholes, other ways in or ways to emulate the session variable being set to true? is there anything else i should add or make the pages check for?

    thanks for your help :)

    [Edit: oh, and what do you think is the best way to handle the user logging out? just setting $_SESSION['UsrIsLogdIn'] to false?]
  20. Source: http://www.livejournal.com/community/php_dev/51178.html

  21. URL Handling...

    Date: 12/31/04 (PHP Development)    Keywords: php, apache

    I hate mod_rewrite. There, I said it.

    I've noticed that LiveJournal uses its own form of URL handling in Perl, by the use of the PerlRequire directive. What I presume that it does, is pass the URL to the specified script, allows processing for special cases (i.e. /users/, /community/, etc) but then passes the URL back to Apache for all unhandled URLs.

    Does PHP allow this kind of processing?
    Can I combine Perl and PHP in this manner?

    Source: http://www.livejournal.com/community/php_dev/50880.html

Previous page  ||  Next page

antivirus | apache | asp | blogging | browser | bugtracking | cms | crm | css | database | ebay | ecommerce | google | hosting | html | java | jsp | linux | microsoft | mysql | offshore | offshoring | oscommerce | php | postgresql | programming | rss | security | seo | shopping | software | spam | spyware | sql | technology | templates | tracker | virus | web | xml | yahoo | home