jlhaslip

AJAX is a scripting language that uses javascript and other stuff to be able to provide your site with automatic and (nearly) instant updates of information.PHP and ASP are 'Server-side' scripting languages. Javascript is 'Client-side'. In the past, javascript could do things like local error-checking before a page was submitted to the server for refreshing the information. Now, javascript in the Browser can work with php at the Server to send your page information from the server without requiring a page refresh or reload. AJAX is what you use to do this.

Looks good to me. Try it on a test database and let us know if it works.What it is saying is to Insert into this table, the list of fields listed inside the first round brackets, the list of values found in the second set of round brackets. The list of fields and their values should be in the same order.The 'password' will be an encrypted value of the concatenated literal password and a 'salt'. This is more secure than simply encrypting the password by itself, but the same 'salt' should be used when you compare any passwords they use on log-in, so it needs to be stored someplace.

One possible solution would be to record the purchase and include a randomly generated 'key' value which is added to the order form, and to a valid key list, too. Send the 'key' to them via email. They require the key to download and the key is deleted from a list of valid keys once the download is completed successfully.After that, if they attempt a download with the key, or without, the php script will error out on them and no download occurs.

My visit didn't show any Pron ads, either. Do you know if you can take advantage of the Ad selectors on the provider's service as suggested above? I would think that there should be something you can do in co-operation with the Ad service.

Okay, now you should 'Park" the doman onto your Xisto sub-domain. Allow 48 to 72 hours for the new name-server information to propagate and then people can begin finding your site using the domain name. Parked domains do not require any content moves at all. Parked Domains go straight to the Root Directory of your account.Add-on Domains go to a sub-folder of your account. Creating an add-on account will also create a sub-folder with the same name, and an ftp user of the same name, too.

Unfoortunately, that is all that can be done at the moment until the Admins come around. They are busy with stuff and should be around soonest.

And was everyone aware that there is a new Acid Test out? The new test is here: http://acid3.acidtests.org/ XP sp2 And here is a link to a page listing the results people are getting on different browsers. Looks like no-one is passing, but the WebKit Browser seems to be doing the best. http://www.web-graphics.com/

We aren't THAT {EVIL} around here, but generally, a couple of lines is considered adequate.If you cannot reply with a couple of lines to a typical topic, then please reconsider posting to the Topic at all.

Apparently it isn't helping. Please do not continue doing that.Admins have been advised, and they will review the situation. In the past, this error typically is a result of Members being impatient with their account set-up and not letting it finish properly. Once the Account fails like this, Admin intervention is required. Please do not acerbate the problem by continuing to attempt to create your account. Thank you.

Welcome to the Xisto.I doubt that you will be disappointed in the Service or the Hosting Plans available here. Lots of Features, nothing is hidden, good, secure servers. Be sure to read the Xisto Readme and everything you need to know is either in there, or accessible from there.Enjoy yourself.

Okay, first of all, you won't get banned. The script has been known to behave this way in the past. It will take an Admin to intervene and adjust things. Patience is required. In the meantime, work on your site on your Local machine for now. I don't know if the 'adjustment' will retain your account information and files, so if you do anything on your account, make certain to keep a backup copy on your local Hard Drive, just to be sure.

Go to the Forum main page here to see your accumulated credits. And good quality posts earn credits. Spam reduces your credits. One liners are considered Spam and will be deleted.

I don't know Joomla well enough to be able to answer that.

Post the register script you are using and the log-in script, too. It will be easier to modify your script than explain the whole workings of mine, but basically, after you have the password on the register script, as you insert it into the database, use the SHA1() function to encrypt it. And when you retrieve the password on log-in, also encrypt it using the SHA1() function before you compare the two.Attach your scripts and I will Mod them for you as best I can.*edit*Oops! I added the method into the posting two up from here.

Pretty large for a sig. Nice, all the same, indeed.Good job!

Place a copy of the website config file in the /forum sub-directory and change the information required in the website pages to find it there. The file needs to be opened by both softwares, right? so it needs to be in the lowest folder of the bunch. Any further questions, post back here.

Can you give us information above the structure of these Application installations so that we might be able to assist you further? Where is the 'problem' file located now, for example. What is the Directory structure of the Applications? Is there a configuration file where you specify the structure or URLs? We need to know more than what you have supplied so far.Thanks.

The most common method is to 'encrypt' the user_password before you store it into the file or Database. Then you need to encrypt the input before you compare the entry to the stored value. If they encrypted input is the same as the encrypted stored value (using the same encryption method, then the user is validated. *EDIT* In register.php, this is the insert command I use: $query = "INSERT INTO users ( first_name, last_name, email, password, registration_date, phone, cell, level, years, note) VALUES ( '$fn', '$ln', '$e', SHA1('$p'), NOW(), '$p', '$c', '$dl', '$y', '$n' )"; $result = @mysql_query ($query); // Run the query. if ($result) { // If it ran OK.And in the Login.php, here is the code for checking the password you get at log-in with the encryted one in the Database: SELECT user_id, first_name, level FROM users WHERE email='$e' AND password=SHA1('$p') The password is selected based on the encrypted value, so in the Log-in script, handle the results based on the number of records returned. If zero, no member has that email and password. If one, the person should be allowed into the page/site.

The string parsing from bbcde to html is one thing, security is another and they should be separate functions in your code, depending on the 'threat', the level of security you desire, and the importance of the transaction . I think we both agree that the security of data is important and the first rule of site security is to "Never Trust User Input". Let me say that one more time: "Never Trust User Input". The input should be 'sanitized' before the code is placed through the parser. And thanks Alex for reminding us of this important point. There are many methods that can be used to sanitize code. For example, you could use the following snippet (or similar) to sanitize User Input before processing the code, and there are other methods to make user input more secure. This is only one example: $allowedtags = "<strong><em><ul><li><pre><hr><blockquote><span>";$cstring = strip_tags($val, $allowedtags);$cstring = nl2br($cstring);There are other functions you can arrange for the 'cleansing of data. This is merely an example of one method. For Cross site scripting threats, there is a good one to be found at http://www.quickwired.com/ . I think it would eliminate the threat you proposed as an example. Not tested.

Change these lines : echo "<p><input type='submit' value='Submit'/>";echo "</form>";to read as so : echo "<p><input type='submit' value='Submit'/>";echo "<p><input type='reset' value='Reset'/>";echo "</form>"; Not tested. Should work fine.

well, search:bbcode parser and you just might hit one. First Result looks promising: http://elouai.com/bbcode-sample.php

1. MySql and PostGre are both Open Source - Relational Database Management Systems. I don't think the Trap continues to support PostGre, but I might be wrong. The Cpanel includes all that junk regardless of whether they are installed or not.2. For a Beginner's Tutorial on php and/or mysql, check over at w3schools.com or tizag.com. After you master a few things, use google to find a few more sites that are different or more challenging.

Author: Larry Ullman writes some very good books on Php and MySql. The beginning book is called "PHP: Visual QuickStart Guide (2nd Ed.)", and the next one is titled "PHP and MySQL: Visual QuickPro Guide (2nd Ed.)". There is another one that is for intermediate/advanced users named "PHP 5 Advanced: Visual QuickPro Guide (2nd Ed.)". He also has a series of books about MySql programming. Very clearly written. Easy to follow. I have several of them and they are the ones I keep going back to reference when I have a problem. Information about these books can be found at his web site located at http://www.larryullman.com/ . Awesome teaching methods and uses real examples. Check with your library, or look them up at a book store near you...

Indeed, hacking is not to be discussed here on the Xisto.Cpanel uses a secure connection, which means everything is encrypted, and other junk, for security, so I doubt that you would be very successful on a Hacking attempt. Best thing to do is to try the password again, checking that your CAPS LOCK is off, and type a single letter at a time. If you continue to be denied access, ask the Admin to issue a new password to you.

The correct name for the mysql server is "localhost" and the above post by sonesay is correct in that you will not be able to connect to the Xisto Mysql Server from your own Desktop Command Prompt or from your school. The Mysql server is only available via your Xisto Hosting Account Cpanel, or a script in one of your files on your account.