|
Edit: Nevermind, FileZilla is just being dumb and refusing to overwrite the page. Edit2: Or not, apparently even with the file that adds the calendars it refuses to work. Anyone understand this piece of code? I have very little programming experience. Edit3: Okay apparently google didn't realize it was marked as a public calendar even though that option was checked. Themage fucked around with this message at 21:43 on Feb 20, 2014 |
# ? Feb 20, 2014 20:46 |
|
|
# ? Jun 8, 2024 12:28 |
|
Colonel J posted:It feels secure to me as first you have to know the login page even exists, second even though the login information is in the php files, if I turn error reporting off it seems like there'd be no way for an attacker to even know what variable names he has to POST the protected page, much less what values they have to take. Am I underthinking this? I couldve stored the password as hashes in the DB but it didnt really feel necessary cause only 3 people will be using this. The only way that an attacker could gain access to the authentication credentials in your PHP code would be if they have access to your machine, and at that point all hope is lost anyway. Hashing is still best practice regardless of where you store the passwords.
|
# ? Feb 20, 2014 21:00 |
Colonel J posted:I'm doing a web site for some friends of mine and most of the important data will be stored in an SQL database. I set up a password-protected page so they could enter data in the DB and send files to the server and I'm wondering how secure it has to be and if the authentication scheme I used is a horror; bear in mind this is the first time I try such a thing. Why not just use basic HTTP auth?
|
|
# ? Feb 20, 2014 21:09 |
|
McGlockenshire posted:The only way that an attacker could gain access to the authentication credentials in your PHP code would be if they have access to your machine, and at that point all hope is lost anyway. Hashing is still best practice regardless of where you store the passwords. That's great, thanks for the info. fletcher posted:Why not just use basic HTTP auth? I don't know what it is! I'll read up on it.
|
# ? Feb 20, 2014 21:10 |
Colonel J posted:I don't know what it is! I'll read up on it. Basically you make a .htpasswd file (this stores the usernames and hashed passwords). Store this outside of any directory that is served by your web server. Google how to create this file. Then make an "admin only" directory that is served by apache. Maybe it's a sub-directory of a folder already being served by apache. Inside this folder create a file called .htaccess, the contents of which look something like: code:
|
|
# ? Feb 20, 2014 21:17 |
|
If I have more than one page in the protected folder do the users have to input their credentials every time they navigate from one another? I'm asking because basically there's the protected form but there's also the _post page where all the data gets written to the server, so authenticated users need to access both.
|
# ? Feb 20, 2014 21:27 |
Colonel J posted:If I have more than one page in the protected folder do the users have to input their credentials every time they navigate from one another? I'm asking because basically there's the protected form but there's also the _post page where all the data gets written to the server, so authenticated users need to access both. Nope, just the one time. Your web browser will know to send the Authorization request header field on subsequent requests to that folder (and subfolders).
|
|
# ? Feb 20, 2014 21:34 |
|
Thanks, that's pretty cool to know!
|
# ? Feb 21, 2014 01:31 |
|
If I have class files used by several scripts, is it more efficient to have one set of the class files, or have a directory with copies of the class files for every script? Disk space is of no issue, and there's no difference across the class files whatsover. Just wondering, obviously if there are edits to be made to the class files it would be smarter, however in my year plus tenure at this position we've never had to change them. Any insight is appreciated, thanks.
|
# ? Feb 24, 2014 16:20 |
|
needed to rename .htaccess file inside the kohana directory to make it all work...
DholmbladRU fucked around with this message at 17:07 on Feb 24, 2014 |
# ? Feb 24, 2014 16:25 |
|
silentpenguins posted:If I have class files used by several scripts, is it more efficient to have one set of the class files, or have a directory with copies of the class files for every script? Disk space is of no issue, and there's no difference across the class files whatsover. Just wondering, obviously if there are edits to be made to the class files it would be smarter, however in my year plus tenure at this position we've never had to change them. I'm pretty sure keeping copies of the class files would defeat the point of object-oriented programming. The goal of classes is to (not only) provide abstraction and reusability, which would fly out the window if you started keeping many slightly different copies of your classes. I think anyway, but I don't have much experience with real-life stuff. Iit all depends on what you're looking to do, but if your logic starts bringing you to copy and pasting stuff you should review the logic.
|
# ? Feb 24, 2014 17:48 |
|
Edit: awful app pasting silentpenguins posted:If I have class files used by several scripts, is it more efficient to have one set of the class files, or have a directory with copies of the class files for every script? Disk space is of no issue, and there's no difference across the class files whatsover. Just wondering, obviously if there are edits to be made to the class files it would be smarter, however in my year plus tenure at this position we've never had to change them. If these scripts are all a part of the same application with a shared runtime/bootstrap, then your class files should be a part of an auto loader like Composer. In other words, yes, the class files should be shared for easier testing and deployment.
|
# ? Feb 24, 2014 17:54 |
|
I need a sounding board for this weird form submission process I'm handling: I have an admin panel that will review submitted form data, fetched from a MySQL database. The data is setup as: --Event ---Event Line Items An event has many line items. Line items reference an event via an eventID foreign key. For the form submission, the "given funds" fields will be put into a table that will reference lineItems on a itemID foreign key. How should I handle form submissions to ensure that there is no duplication of submissions (is AJAX viable?) and also ensuring that lineitem IDs are attached to each line item upon submission. Right now I have each table/event as a paginated page, but I may consider doing all events on one page. In that case, how should I handle multiple event/lineItem submission in this case? Here's a visual representation of what the user sees:
|
# ? Feb 26, 2014 17:18 |
You can use AJAX for this, but that's not what will enforce those constraints you mention. That will be handled by your database. To handle submission of multiple event/line items, create them all in a database transaction. To prevent a double submission of the form, disable the "submit" button as soon as they click it (re-enable if there are errors and they need to correct & submit again). For assigning the lineitem IDs (and the event IDs) use an auto-incrementing integer as your primary key in the database.
|
|
# ? Feb 26, 2014 19:03 |
|
fletcher posted:You can use AJAX for this, but that's not what will enforce those constraints you mention. That will be handled by your database. To handle submission of multiple event/line items, create them all in a database transaction. To prevent a double submission of the form, disable the "submit" button as soon as they click it (re-enable if there are errors and they need to correct & submit again). For assigning the lineitem IDs (and the event IDs) use an auto-incrementing integer as your primary key in the database. I was thinking of going with this idea. But my lineItems table is setup like this: lineItem table -itemID primary key -eventID foreign key lineItemApprovals -itemID primary and foreign key (to lineItem) Or should I just be doing updates on the lineItem table? I feel like 2 tables makes it more normalized.
|
# ? Feb 26, 2014 20:08 |
Fluue posted:I was thinking of going with this idea. But my lineItems table is setup like this: Yup that sounds good. Does the transaction part make sense? Something like: 1. open transaction 2. create event, get eventID back 3. create event line item record w/ that eventID 4. create event line item record w/ that eventID 5. commit transaction Both the eventID and the itemIDs come from those auto-increment columns in the database. If something goes wrong in step #4, you can roll back the transaction and you don't end up with some partially submitted event. Regarding the approvals being in a separate table - are there other columns too? It may make sense to just put additional columns on your lineItem table like approval_status, approval_date, approval_user, etc.
|
|
# ? Feb 26, 2014 20:37 |
|
I am trying to get a form to add to a database. the code runs but the does not insert the form information. what am i doing wrongcode:
|
# ? Feb 28, 2014 16:21 |
A few notes: 1. You don't do an IF to only process the DB insert if there is actually valid POST data. 2. Even though you look to be POSTing to a different page, in future you're still safer including the code that calls it because the source variables might be dodgy -- for e.g., mismatched variable names, improper input types, etc. 3. You never actually execute the SQL. $strSQL is just a string that contains the SQL you want the DB to execute, but you never pass it to the DB. 4. You don't validate or sanitise the POST data to ensure it's of the type and pattern you expect. For example, it would be pretty easy to automatically reject any 'salesid' that isn't a positive integer between 1 and 100,000,000 or something. 5. You include the user-inputted value directly in the SQL which should never ever happen. Google 'sql injection'. 6. You're using mysql_connect which is deprecated. Which means that not even PHP wants people to be able to use it. Until you work your way up to frameworks, you should be using PDO or mysqli and binding your parameters to the query. Google 'sql injection' to see why your code is so dangerous. Whichever tutorial you're following, you need to immediately unbookmark it and never go to that site again. Sulla Faex fucked around with this message at 17:55 on Feb 28, 2014 |
|
# ? Feb 28, 2014 17:52 |
I also have a question, however. Does anybody know why my array might be losing its post-0 indices after being assigned to a stdClass object and being foreach'd? code:
code:
The really weird thing is that this format works perfectly well elsewhere. I don't understand why now it's not working. I could work around it and get the array back without a problem but I'm just struggling to understand why it might be losing the indices.
|
|
# ? Feb 28, 2014 18:01 |
|
I straight up copied your code (apart from how errors are generated) here: http://codepad.org/jrM68LW and could not reproduce, but then I totally realised what you're doing wrong. Your browser is seeing your output as: quote:<pre> Don't use > or < when debugging output that goes to a browser, it'll always get picked up as HTML tags and ruin your poo poo. If you're expecting to debug in HTML output or want to see the casting/type of things, use var_dump(). If you're expecting to debug in plain text (view source or JSON, for instance), use print_r(). If you're planning on writing a lot of code (like, you're going to spend more than a day on this), spend half an hour to set up xdebug under your IDE of choice. Here's a quick rundown for how to do it with PhpStorm. If you use xdebug you'll barely ever do print_r, var_dump or die/exit again.
|
# ? Mar 2, 2014 13:15 |
Oh man you're right. I also didn't know that about the difference between var_dump and print_r, thanks. It's just one of those habits I picked up ages ago and I never considered what it was actually doing or what the differences was between them. Output is coming as expected now.
|
|
# ? Mar 4, 2014 10:11 |
|
Do you have any recommendations on how to start implementing some kind of automated testing in a very traditional ad-hoc LAMP environment (meaning no frameworks ever, every wheel has been reinvented)? Books, frameworks, anything? Books meaning books about this kind of situation in general, or PHP specifically. Anyway, we have a mess of legacy code that should be refactored in the future, but needs to have some kind of testing in place before that. Also something that deals with testing the interaction between Database and PHP, and on the other hand PHP (through Ajax/JSON) and JavaScript?
|
# ? Mar 5, 2014 13:52 |
|
Personally I'd develop a robust front-end test suite with Selenium and use that to verify whatever refactoring you'll need to do in order to get unit-testable code. Build test suite, start separating out app components into their own classes, and then add unit tests.
|
# ? Mar 5, 2014 20:52 |
|
Wheany posted:Do you have any recommendations on how to start implementing some kind of automated testing in a very traditional ad-hoc LAMP environment (meaning no frameworks ever, every wheel has been reinvented)? You might want to check out this book: https://leanpub.com/grumpy-testing I haven't read it, but I follow him on Twitter and he seems to know his stuff.
|
# ? Mar 5, 2014 21:05 |
|
Can someone help me understand installation of Frameworks? I'd like to start to expand my skills beyond basic PHP. I looked at Zend and Laravel, but both installations look to require server installation, and not an in-website installation. I'm on a shared hosting environment, and while I have no problem setting up a VM for all of this, I'm mostly thinking about deployment. I'm used to something like ASP.NET MVC, where you can just include the dll in your lib directory and it sorta works even if the server doesn't have the package installed. It just seems like it's not at all geared toward shared hosting, which might make it problematic for my work environment, so it feels like I'm missing something - though I see there's hacky ways of getting them working in such an environment, it doesn't seem intended to be done that way.
|
# ? Mar 6, 2014 06:31 |
|
You really shouldn't have problems installing any PHP framework on shared hosting, be it CakePHP, Laravel or Zend Framework 2. The thing that makes these look kind of a bitch and is intimidating to newbies is the liberal use of Composer, and in Laravel's case, the PHP webserver feature. From a learning perspective it's like introducing someone to jQuery and making them download it using Bower via NPM on NodeJS. That said, going through Laravel's quickstart docs is a really good place to start, if you can wrap your head around the entry requirements. For your shared hosting concerns, there's really no reason you can't just FTP up whatever site you develop. Frameworks in PHP are all scripts, so there's no pre-compiled code or server modules or any crap like that unless you're getting really specialist. Just FTP, change the configs, copy the DB, done. For PHP it's really worth getting to grips with Composer - it's the PHP package manager right now and is intended to take care of dependencies and updates for various 3rd party pieces of crap that you don't want to maintain/keep in your repo/remember to update yourself. If you don't want to use Composer, there's nothing stopping you from grabbing Laravel right off GitHub (https://github.com/laravel/laravel) and extracting it into a XAMPP (or similar) installation. Point the vhost of apache to the /public directory of laravel and you should be able to start developing right away. This is basically the same procedure as the other frameworks such as CakePHP and ZF2, though they have a couple of their own quirks. Now, a VM isn't a bad idea if you want to develop in the same kind-of environment as production. For instance if you're developing on Windows and don't want to get caught out by windows/linux differences when you go to push your code to hosting, but as I said before, you could just thrown down XAMPP and point apache's vhosts to the right place and you'll be up and running in no time. Give it a shot, and if you get stuck we can always point you in the right direction when you've some direct questions.
|
# ? Mar 6, 2014 13:09 |
|
v1nce posted:Frameworks in PHP are all scripts, so there's no pre-compiled code or server modules *except for phalcon (but yeah, what v1nce said)
|
# ? Mar 6, 2014 19:42 |
|
You do not need to use the PHP webserver for Laravel, for the record.
|
# ? Mar 6, 2014 20:03 |
|
Hey guys and gals, Im looking for something pretty simple. I have a website that Im running for a basketball league. On the front page I'd like to include a php news script so the basketball league manager can login and post news. All it needs is a simple wysiwyg editor(or just a button for links), password login, editing/deleting, that's really about it. I'd be open to other languages as well, whatever is easiest. Im more comfortable with python than PHP. Or even just point me in the correct direction. Thanks!
|
# ? Mar 12, 2014 19:26 |
It sounds like wordpress is the perfect fit, just make sure you keep it updated because older versions and lovely plugins are bulk-exploited like crazy.
|
|
# ? Mar 12, 2014 19:37 |
|
Wordpress is waaaaay overblown for what I'm looking for. The manager would find it complicated. I'm looking for barebones simple. I'll most likely wind up rolling my own. Guess I'll have to catch up on my php. edit: also yeah, wordpress security is a joke that i'd rather avoid. I've dealt with wordpress enough in the past to know I'd rather avoid it.
|
# ? Mar 12, 2014 20:39 |
I don't think rolling your own is a good idea. User authentication and wysiwyg editors are not trivial to get right, I think you would be much better off using Wordpress. Plus it sets you up to easily do all kinds of other things if he wants more functionality down the road.
|
|
# ? Mar 12, 2014 20:57 |
I also agree that rolling your own is a bad idea, that's why I suggested Wordpress. I'm pretty sure you can easily strip it down to just the bare minimum if you spend a little bit of time fiddling with the theme and removing features you don't want, which will be far less time than that spent developing a reasonable blog from scratch.
|
|
# ? Mar 12, 2014 21:05 |
|
Sulla-Marius 88 posted:rolling your own is a bad idea This is pretty much an universal truth when it comes to coding. And especially when it comes to security.
|
# ? Mar 12, 2014 21:26 |
I'm sure we've all had a bunch of "oh no I could do that way better, I only need to write a small thing, how complex could it be?" projects that rapidly turned into "well okay I'll just get it working for now then I'll iron out all the bugs and security holes later" and then fell apart into "oh god my shower broke and the ceiling in my apartment fell off, I'll put it on hold and come back to it later". Then forty years later spammers have infested your buggy half-finished project with so many worms that it has become quasi-sentient and won't shut up about how much better the early Star Wars books were before they became too farmed out. And all you wanted was a blogging system with an in-built carousel. There's a feature for that
|
|
# ? Mar 13, 2014 10:57 |
|
So I've been trying to help a friend with his psychology thesis. He wants to use the cyberball (v 4.0) web application to conduct it: https://cyberball.wikispaces.com/ . <-- you can download and view all the relevant files/scripts from that website. The official documentation (the manual included with the files you download) says that all you need to do is install the program on a PHP enabled server and it should run. So we went ahead and uploaded all the files to a free PHP enabled webhost: http://cyberballproj.webatu.com/ . Of course, it's never that easy, and the program isn't running properly. When the program is working as it should, little dudes appear next to pictures of Steve Jobs and Mark Zuckerberg, as well as your own name. You can then click on the pictures of various players to see an animation of you little dude throwing the ball to the dude next to the picture you clicked on. I managed to get the program running locally on my windows machine by installing XAMPP (out of box Apache PHP-enabled server) and copying everything into the htdocs folder, so I know installation should be super simple. Nonetheless, it's not working on the server I uploaded to. Any ideas where to start?
|
# ? Mar 13, 2014 19:45 |
|
Chomskyan posted:So I've been trying to help a friend with his psychology thesis. He wants to use the cyberball (v 4.0) web application to conduct it: https://cyberball.wikispaces.com/ . <-- you can download and view all the relevant files/scripts from that website. Do you any type of log access to the remote server to see error messages?
|
# ? Mar 13, 2014 21:21 |
|
substitute posted:Do you any type of log access to the remote server to see error messages? Not that I can find. This is the free web host I'm using: http://www.000webhost.com/ . On XAMPP there is a php_error_log file, but there's nothing on the online server resembling that. I can't find anything in the online control panel the host provides either. I should mention that while I'm not hopelessly computer illiterate like my friend, this is my first time trying to get a php file up and running on a web server. I don't really know where to look for a server's PHP error log.
|
# ? Mar 13, 2014 22:00 |
|
Chomskyan posted:Not that I can find. This is the free web host I'm using: http://www.000webhost.com/ . On XAMPP there is a php_error_log file, but there's nothing on the online server resembling that. I can't find anything in the online control panel the host provides either. There's only two php files for game logging / saving. This cyberball thing is actually just JS using JQuery and HTML. You can run it on your desktop. But it throws this error: code:
I tried hard-coding the settingsFile to one of the other settings files in the script and same error about the split function. Someone with more JS experience would help.
|
# ? Mar 14, 2014 01:25 |
|
|
# ? Jun 8, 2024 12:28 |
Are you sure you uploaded all the files and their permissions are set correctly? The web server needs to be able to read the files. Try deleting them all and re-uploading them, but re-upload them through whatever service they provide if you're not certain. I tried it in Chrome and Firefox and I'm getting weird errors about not being able to open certain files during page load. I'd try a fresh delete and reupload, checking file/folder permissions.
|
|
# ? Mar 14, 2014 10:11 |