OJB

I'm not sure about how you were planning on storing the details nor the laws in your country but what you are suggesting I think is illegal in my country. You are not allowed to store credit card details of a customer in a database UNLESS they are encrypted. So what you would have to do is encrypt the credit card details (number, CV2 code, expiry date) with a private key and give a public key to your client and pass the data encrypted to them for them to decrypt. Something similar to this: http://en.wikipedia.org/wiki/Public-key_cryptography I am no security expert nor do I know the laws in and out but I would be careful with storing CC details. When I integrated with SagePay it was to have them process the payment their end, therefore I don't really know what to suggest. Sorry about that.

I just tried downloading from the link you provided in the first post and it seems to be working, forcing a download of your i-appreciate-you.htm file instead. However I noticed that the "I Wonder" track seems to have been uploaded and is downloadable from this site: http://blog.macjams.com/?m=200806&paged=3 Not sure if you are associated with this site in any way but its a heads up. Also 'You're Mysterious' seems to have found its way onto: >http://www.fileden.com/files/2009/6/17/2480511/Youre%20Mysterious.flv.MP3.mp3 Currently fileden seems to be down for me so I can't access the site or the mp3, but it might be worth seeing if you can contact them and get it removed?

Hey Feel free to PM me and I can send you my email address and I will have a look over it for you no problem. OJB

As Bruce says, congratulations if it is legit. Just because you don't see your site as being worth that, other people may. You have what appears to be a strong community going on in your forum. I would put money on betting that any one willing to buy your site is probably 90% or more interested in getting their hands on your member base as opposed to the site itself. Anyone can build a site, not everyone can get an active community of members. Companies pay thousands even millions of dollars to acquire email addresses or people who may be interested in their product. Don't sell yourself short!

You need to look into online payment processors. A few examples of some are: SecPay (paypoint) SagePay (formally Protx who I myself have integrated with successfully in the past) WorldPay What you tend to have to do is send a HTTPS POST to their gateway with the details they require and they process the payment for you and send you back a secure response which you then process your end to update your database records. Some of them even host the payment screens for you, so you don't have to build those yourself.

I still receive a 403. That larger block of rules does the same as the first one (more or less). > RewriteCond %{HTTP_REFERER} !^http://(.+\.)?natalie-brown\.com/ [NC] What that does is tests if the referer to the file being served is from: http://natalie-brown.com http://www.natalie-brown.com and in fact http://ANYTHINGATALLHERE.natalie-brown.com So that covers all your subdomains. The one thing it doesn't do is cover any directories within those subdomains. So I would change it to: > RewriteEngine On RewriteCond %{HTTP_REFERER} !^http://(.+\.)?natalie-brown\.com/.*$ [NC] RewriteCond %{HTTP_REFERER} !^$ RewriteRule .*\.(mp3)$ http://www.natalie-brown.com/i-appreciate-you.html [R,NC] However if you can see your site and I can't then I probably am within your IP block range. No worries hahaha. Edit: Having just said that I now appear to have access to your site. But I can also download direct from that MP3 site you linked to at the top.

I get a 403 forbidden on every page of your site now

Sorry, I should probably have noted that those rules will prevent direct access to your mp3s FROM EVERYWHERE but your site. Meaning if you have links to your own mp3s on any other site these will no longer work.

You could try something like this in a .htaccess file: > RewriteEngine On RewriteCond %{HTTP_REFERER} !^http://(.+\.)?mysite\.com/ [NC] RewriteCond %{HTTP_REFERER} !^$ RewriteRule .*\.(mp3)$ http://www.google.com [L] Replace mysite\.com with whatever your domain name is, make sure you have the \ before the . so for example: yourdomain\.com or yourdomain\.net This will then forward any access to .mp3 files to google if the requests are not originating from your website. or probably a better way: > RewriteEngine On RewriteCond %{HTTP_REFERER} !^http://(.+\.)?mysite\.com/ [NC] RewriteCond %{HTTP_REFERER} !^$ RewriteRule .*\.(mp3)$ - [F] This will send a 403 forbidden header.

Thanks for that, Bruce. Although there is no actual "purchase" directory, unfortunately. The site is built with a custom MVC pattern PHP framework which rewrites urls so "/purchase" actually corresponds to something along the lines of: index.php?controller=purchase&action=buy Not exactly what it is but gives a decent representation of how it is working behind the scenes. I tried initially doing it all in the root .htaccess file, but for some reason HTTPS requests were ignoring my rewrites. So I decided to move them into our Virtualhosts in our httpd.conf file (this should be faster and more secure any way - I think?) and put them in the :80 and :443 vhost definitions themselves.

Sorry that last line should read RewriteRule (.*) http://%{HTTP_HOST}%{REQUEST_URI}

Hey guys I am currently (at work) working on some rewrites. Basically I have a RewriteRule in my Virtualhost (:80 not :443) which checks if "purchase" is in the URL, and if it is it rewrites to our SSL HTTPS layer as so: > RewriteEngine On RewriteCond %{HTTPS} off RewriteRule (/purchase) https://%{HTTP_HOST}%{REQUEST_URI} This seems to work nicely. So http://www.ourdomain.com/purchase gets rewritten to https://www.ourdomain.com/purchase as expected. The problem is I need another rule to go the other way. So if we are currently using https and we are accessing a page that isn't "purchase" I want to rewrite back to http. So in my Virtualhost (this time :443) I do the following: > RewriteEngine On RewriteCond %{HTTPS} on RewriteRule !(/purchase) http://%{HTTP_HOST}%{REQUEST_URI} This doesn't work. I get an infinite redirect loop. I also tried this: > RewriteEngine On RewriteCond %{HTTPS} on RewriteCond %{REQUEST_URI} !purchase RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} Again it doesn't seem to work. Can anyone help me with the rewrite back to http from https as http -> https seems to be working nicely.

I am receiving a 403 forbidden for those images through the www subdomain, but not when accessing glamourouscreations.com without www. I would check the file permissions to ensure they are readable. Try chmodding your image files. If it is not that then I don't know, sorry.

In my opinion and experience, so far, IE8 is a far better browser than IE7. I loathe IE6 and hate IE7 but actually don't mind IE8. I'd still choose Firefox or Chrome over them though. What issues are you experiencing with IE8? If your husband is not experiencing the same IE8 issues as you are on your PC then unfortunately the problem could be your end rather than with the software itself.

I use CutePDF which acts as a virtual printer which you "print" your document to and it creates a PDF for you. Never had any problems with it, think it is quite nifty.

Thanks Andy, that is awesome. Much appreciated. This may well come in handy at work and home..

That's nice work! I am still a relative novice at unix commands etc, could you explain how that works? I know how the crontab configuration works for running it every four hours. Then I guess it finds in the public_html files (designated by -type f) where the modified time is > -240 seconds (-mmin -240) and then you pipe it to something, ls -l creates a list doesn't it in a similar way it creates a directory listing if you use it on the command line? I've not seen or used xargs before, what is it and is -r recursive or is it some other parameter? Sorry, I like upping my unix command game. It comes in handy at work.

You could probably write a PHP script which would run through your directories and finds the last modified date of all the files (using filemtime) and if (for example you are running this via a cron every hour) the last modified time is less than an hour ago (i.e. it has changed since the last time the cron ran) it would put the name of it in an email and send it. I would offer to build this script for you as I am a PHP developer, however I don't have the time to do this at the moment.

Do you have a shared/reseller account or a dedicated box? I don't think you can execute custom shell scripts on shared hosting packages as there is no SSH access to the box, so I believe the only way to do this would be on a dedicated server. As far as the script itself goes, I've never coded a shell script so can't even begin to suggest one.

I installed it today at work and home. I love it. Looks much cleaner and I have experienced exactly the opposite of what Jeren has. Everything seems to be much quicker, except when it was re-synchronising my IMAP folders the first time. That took like 5 hours at work to sync my IMAP account with 24,000+ emails... Thunderbird was very unstable during this and took 5 seconds for a single character I typed in an email to come up but once the initial IMAP sync was done and the message indexing had completed all was dandy and seemed more responsive than 2. On a side note, the Silvermel theme is gorgeous in my opinion!

I can see a simple syntax error, you were missing the dollar sign before 'msg' after the if statement try this code: > <?php if(isset($_POST['sbmt'])) { $to = 'someone@domain.com'; $subject = 'www.**** - Contact Submission'; $email = 'formmail@****'; $message = 'test message'; $headers = 'From: $email'; if(mail($to, $subject, $message, $headers) { $msg = 'Your mail was sent successfully'; } else { $msg = 'We encountered an error sending your mail'; } echo $msg; } ?> I haven't taken a chance to properly check this code but on the face of it it seems ok.

glammrouscreations, providing you are using your own installation on your own server (as you are) then you don't need to do anything with wordpress' site. You can add your own themes to your install as Bruce has explained above. You can, however, from your installation, connect to the wordpress site to download and install new themes and extensions automatically, but if you want nothing to do with the wordpress site itself then you can certainly do that. Go into the theme manager in your installation and see what the options are, I am not very well versed with Wordpress to be honest.

OK. I am no expert with wordpress but you have various options: Keep your current install and redirect your root to your /wordpress directory (.htaccess modrewrite rule for example) or move the files (and modify the wordpress config) to the web root of your account (public_html or www - they are the same) [*]Remove your current installation (backup the database first if you have content you want to keep!!!!) and manually install a fresh version from http://wordpress.org/download/ Follow these steps http://codex.wordpress.org/Installing_WordPress#Famous_5-Minute_Install

Wordpress.org is the community support/downloads/documentation of the standalone wordpress download that you install on your own servers. Wordpress.com hosts the wordpress install on their own servers with limited capability/options. If I were you I would download the latest stable release from wordpress.org and install it on your box here at TCH. Then you can have it in any directory you want, including your root. So you could have mysite.com be your wordpress, or mysite.com/blog (or blog.mysite.com) as your wordpress. The choice is yours as you have the freedom to do as you wish.

Bruce is correct. If you are considering sending thousands of emails, it is probably worth looking at getting a dedicated box and then getting senderscore certified (senderscore.com) which involves having to jump through a load of hoops for them, but it means you can effectively be added to whitelists and hit actual inboxes rather than spam boxes, or getting blacklisted as you seem to have done.