Jump to content


  • Posts

  • Joined

  • Last visited

Everything posted by surefire

  1. Sounds like a cool script.
  2. I believe that you are getting no error messages because after TCH upgraded to the latest version of PHP, they temporarily suppressed most error messages. What I would do, to debug your code, would be to turn off the bottom two thirds of the script. Right here exit; } I would put print ("testing"); and then /* To start to comment out the bottom part of the script. Then at the bottom of the script put */ ?> So the script would look like Upload it, see if it prints 'testing'. If so, then move the print statement further down until you get a spot that doesn't work. Then you know where your probelm is.
  3. Yes. I would suggest that you look in www.hotscripts.com if you haven't already just to make sure that someone else hasn't created this script or something very similar. From other posts that I have read from you, I know you are quite skilled at javascript but are still learning php. PHP is easy to learn, but there is a learning curve. If you don't have a book on php, then I would check out fopen and fwrite at www.php.net It seems like you really want to save it to a cvs... but I'd stongly recommend a database if cvs isn't critical.
  4. I've done some very extensive PHP programming but none of it has ventured into file uploading... yet. The way that I would attack the problem would be to find a free PHP script that you like, and then do some surgery on the script so that it tries to upload several files. I know that doesn't give you a whole lot of detail... but it really depends on the code in the script. I'd take a look at the url where the file upload goes on, open it up in an editor, see where it's posting the data. You should be able to add more fields to the form without too much effort. Be careful what you are naming the fields. Then open up the script that recieves the post data and see if you can follow the logic (it's not very hard) and just add in the extra variables for your other files. Also, I'd attempt to add one extra field at first, so your development time is shorter with the script and you can start testing it asap. Once you get two working, it's just a matter of adding more until you either reach ten or the threshold of what is allowed. I have a feeling you'll be able to do it... just don't know for sure. Sorry I can't be more detailed, but I thought providing you with a basic methodology would help a little.
  5. First, I totally agree with Critical Mass. If I were writing this code, I'd do it all server side. PHP would be my weapon of choice. But I'm biased. Here's what is going on in the script you have written so far. You have several Java functions. The first function calls the other two. Your second function does the writing to the file. You have chosen to iterate through an array of variables that is created by your third function. This is important, because you will need to choose to either create your array more proactively and leave some variables out of the array, or you'll need to ditch the array concept altogether and rewrite the second function to write the variables one by one. The third function creates your array. It isn't doing a proactive, selective job... it's grabbing everything. Including some stuff you apparently don't want. On top of that, the third function is redundant given that you are compiling your post data selectively with PHP. So basically, the php stuff you've added works, your javascript just isn't using the data. The big question is, do you want to change the php, or the javascript? Will the javascript be rewritten to accomodate the php variables, or will you rewrite the php to create a better array for the javascript. From looking at it, I would guess that the easiest thing to do would be to 1- eliminate out the third function 2- modify the php like so and so on... You are using some javascript that doesn't look familiar to me... so I can't be 100% that the code I wrote will work as-is. But you will find that my dissection of your script to be dead-on. Another reason why I would write this with server side code... will this script work if the user has javascript turned off? I don't think it will. Having said this, I'm referring to maybe 1% or 2% of the world.
  6. I don't know how many fields you are dealing with, put, regardless, this is how I, personally do it. For each field name, I set up a variable in the php script receiving the posted data. $name = $_POST['name']; $price = $_POST['price']; and so on. There are some forms for wich all of the fields can be wrapped up in an array. These are generally forms that I generate on the fly from a database and just assign array values to the field names, like c[0] c[1] and so on. Then, the script that receives the post data can be taken care of like $c = $_POST['c']; foreach($c as $d) { print("$d is the variable<br>"); } This is ugly code... but it gets the point across. What you are attempting to do is to send all of the post variables, some of them unwanted. I don't see of a simple way to strip out the data you don't want... but I'd love to see it done.
  7. On Cerealkeeler's recommendation, I just installed Moveable Type on a personal site for my sister, and I like it a lot so far. It took some tinkering to make it work in a subfolder. In the admin area, under "Webblog config" there's an option that says: Enter the URL of your public website. But instead of www.mysite.com/ I was supposed to put in www.mysite.com/subdir/ since that's the location of the blog. Not exactly intuitive, but otherwise, an awesome script. This modifications are not neccessary if your blog is going in your main directory.
  8. This part will best be done by a php, cgi, or some other server side script and then set up to run automatically using cron job. As to the rest of your question, I'm not sure I understand. I have a huge database with many tables running a ten thousand page site at TCH... phpAdmin seems to work just fine.
  9. Leezard, If you are in the states, then it helps if part of your company is minority owned. That's what Critical Mass meant about his wife having a better chance. Also, I would make friends with a good loan officer at a small local bank. They can help you get the loan.
  10. karlfranz, $date = date("H:I:S - D.M.Y", $timestamp); The first part of the date function determines the formatting. To modify it to your needs, go here: http://us2.php.net/manual/en/function.date.php
  11. Pam, I would suggest using an FTP client (I use FTP Surfer) to change the permissions for the file. I don't know why the cpanel wouldn't work, but I'd try the ftp approach. If you want to delete a guestbook... completely... then delete the folder and then delete the tables in your database. You can use PHP myadmin or the Cpanel to do this. Cpanel would probably be faster if you were willing to delete the entire database. Just make sure that the only thing in the database are tables from the forum. As to the correct way to set permissions, I'd be willing to be that there is some information on that in the readme.txt or docs folder of the script that you are using. It depends on the folder and which script you are using. Both invision and phpBB will have comprehensive instructions on this.
  12. And to quote you again for number (4)... which I think is as important as anything else... You and I have debated this in the past. You definitely are much more knowledgeable than I when it comes to security as it pertains to Linux. I wouldn't be surprised if there were other subjects you were more knowledgeable on than I. I am very happy to see you balance out your dire warnings with some realistic points that put the whole topic in perspective. If there are folks that can hack the Pentagon and NSA, then security can only be seen in the context of what you're willing to do to approach 100% security. I don't believe that there is such thing as 100% security. You make some valid points. I honestly have no idea whether cgi is more secure than PHP... but I'll take your word for it. But my reality is that 1- I program best in PHP 2- PHP has many advantages over cgi that might outweigh security 3- I am not going to move from TCH to my own server With that in mind, I started this thread as a way to give other PHP coders an idea of how to improve security. As you have pointed out, if the risk comes only from those at TCH with the skill, malicious intent, skill, and the ability to root out or guess the location of my scripts... then the risk is much smaller than many other common scripting security gaps (like mysql injection attack). You have also pointed out, that secure information shouldn't be held in a mysql database accessed by php. To a point, I would agree. I would say that anyone looking to put personal data (social security numbers, private info) online should rethink their concept. Secure, private, and vital info doesn't belong on the web. All attempts to protect it are attempts at approaching 100% protection... but there will always be loopholes to be exploited by those with the desire, skill, and time. A lot of my sites are business sites that generate revenue. The risk reward equation is balanced FAR in the direction of going forward with the database site rather than sitting on the sidelines because someone at TCH might target me. Change passwords often. Don't use easy to guess passwords. Don't make it easy to hack your scripts. Backup your database and site often. And don't put vital secrets online. Any home owner with an alarm systme on their house, lights in the yard, a dog at the door, and a gun under the bed is safer than the neighbor that leaves the windows open at night and the doors unlocked.... but nothing is 100%.
  13. What you are asking for would be a custom modification. I would have to know what you wanted the end result to look like... and quite honestly, this isn't the type of thing that's going to get done anytime soon. I say that because this doesn't sound (at least on the surface) like the type of thing that others would want... but maybe I'm wrong. I'm just really busy right now and this is a tall order so I don't want to promise anything. You're welcome to send me an email or pm with more details on your specific project and I'll give you a better idea of when and if I can help.
  14. Idallen, Would you consider this scenario safer... ? PHP scripts are the heart of the site, and when they need to access the database, they run a CGI script that grabs the passwords from a file in the root of the site. Or are you saying that if you were going to build a site, that you would build the entire thing with cgi scripts? What I am interested in... is if you can point me in the direction of a safer way to have a php site on a shared server...? Truthfully, I'm not that concerned, given the steps that I've already taken. But if all I have to do is use a tiny cgi script to grab the passwords... then what the heck, I'll write one.
  15. It works. I don't know what else to say... except that it's not necessary. You can use includes any way you want... or ignore it. All I suggest is, try it... use it if you like it.
  16. It comes down to more than that. When you have several dozen, or several hundred, or several thousand pages... there is no easier way that to use server side (php, cgi, ssi, asp, etc.) includes to make updates. That's the real time saver... and I only repeat it because I don't think (from reading your posts) that you see the tremendous time saving advantages that others have pointed out. I have a ten thousand plus page site. I can update the entire thing in less than sixty seconds and change the entire layout and design of the site. I'm on a dial up. The reason I'm able to do this is because I only change two files. Templates in Dreamweaver is nice... but it's not the same. And the time for the includes to load is nothing. Right now, you are weighing the positives and negatives in your mind. This is the type of thing you can't really decide until you give it a try. there will be a learning curve, but it's not steep.
  17. And before you go and write a link exchange script, you should check out what's already available and free at www.hotscripts.com
  18. A little more advance trick... in case you like for your pages to end with .htm or .html... is to do a mod rewrite in .htacess to tell the server to parse the pages as php regardless of the extension. But, for what you are asking, I'd just leave my site with php endings (I do) and folks don't need to type in an index.php file... just your homepage... from that point on, no one really looks at the url, they just follow links.
  19. I haven't downloaded Abyss, but I will. Even without Abyss, I find using PHP includes to be easy and time saving. In order for me to be able to see what's going on in Dreamweaver, I have a regular html file that represents my layout. When I'm happy with the layout, I copy the top part of the html file into my php header and the bottom part into my php footer file. I upload the two files and I'm done. Since my site is over 10k pages, this saves me an incredible amount of time that no other solution could provide. But honestly, it's become so easy, that I use this same process on twenty and thirty page sites that I build for clients. In my experience, when someone is just learning php includes, usually they don't put enough of the html into the header and footer files. I put everything except the actual content. And then there's always some neat behind-the-scenes php stuff going on in my header files. So php is critical to my webdesign process.
  20. I believe what has happened, is that there is an error created from the 'script surgery' you did on phpBB... that error has also created a cascade of other errors. It might seem like I'm stating the obvious, but the error messages should give you an idea of which lines and in which files there is a problem. The first error message seems to indicate that it was trying to run a function called copy on line 227 of usercp_avatar.php It couldn't find the right file. it appears that it's putting a period in front of the file where it shouldn't be. This is just a guess. I am using a different version than you, so this is about the extent of the help I can provide.
  21. Okay... making more sense. But my follow up question would be whether we can do this for our scripts? Or is the best/only way to change permissions through chmod? Thanks.
  22. Best joke. I guess we'd have to keep it relatively clean... which would definitely increase the degree of difficulty.
  23. Every so often, I see a script with directions such as "You must chown the directory this script resides in to the same user or group your webserver runs in" Can someone shed some light on this for me?
  24. If I understand the concept, then I'd suggest a game that I have a chance at winning... something to do with scripting. Best script???
  • Create New...