Jump to content

son

Members
  • Content Count

    1,024
  • Joined

  • Last visited

Everything posted by son

  1. I post this here as a database issue/decision... Working on this project where I am also tidying up a lot of data that was placed in many different places (some even offline, mostly contact data for customers). At the moment I am collating all the data in one mySQL table. Afterwards I will create a mini web admin interface to access the data, change details and/or delele as necessary. However, one thing came up: Mailchimp is used to send newsletters which obviously means that there is another place with contact data where some might match the ones in central database. And there might be individuals who initially are only receiving newsletters and then change to become customer or the other way round. As the sending and measuring requires the Mailchimp account am wondering if it is an idea to still match up data from Mailchimp somehow to the central database? It would be fab if one could see all contacts in one place and this would include the newsletter contacts also. However, it would be essential that the data stays up to date and does not involve manual copying/pasting. So, if one person signs up to newsletter there should also be automatically an entry in central db, if one unsubscribes this should be reflected in central db etc.. Not sure what is the best way forward... Does any of you have experience in streamlining things like this? Son - lost
  2. son

    TIMEDIFF returns empty set

    Thanks for new reply. Will leave it as it is as there will never be an instance where the start and end would be on separate days... Son
  3. son

    TIMEDIFF returns empty set

    Actually, had a play around with this and seems I cannot undo the automatical insertion of current timestamp when I make changes made to a row. This is not useful as the timestamp will never be the current one and would only mess up my data, so will leave it in separate fields as it is... Son
  4. son

    TIMEDIFF returns empty set

    Query works now, thanks:-) However, had to change the time fields in query though as otherwise negative difference coming up. I want to add up several time differences to a total of used slots. Query now: "SELECT TIMEDIFF(ender, starter) AS timediff FROM table1"; which works. What you said regarding date: I have a separate field for DATE and then the two TIME columns. But now you got me thinking and I wonder if it was an idea to loose the DATE column and just add DATE bit to the two TIME columns. Would that make sense? Guess it would enable me to loose one column and I could still extract date and time parts separately. Or, are there other reasons to do this? Son
  5. Have table1 to hold date as DATE and a start and end time as TIME as I need to calculate difference between the start and end time for various dates (which all hold varying times). However, using TIMEDIFF on my columns 'starter' and 'ender' which hold the TIME components simply returns an empty set SELECT TIMEDIFF('starter','ender') FROM table1; Do you have any ideas? Have posted below the formatting used in columns just in case the issue lies there... Son 2010-09-09 09:30:00 11:00:00
  6. son

    Security

    Sorry for delay in responding. Caught a nasty bug... Thanks for feedback. Will look into this. Very helpful:-) Son
  7. son

    Security

    I implemented the changes to the area, but just now thought if it might also be an idea to log the IP addresses of users just in case some dodgy entity finds a way in. Would tha be a good idea and if so, should I do this only for the login or any updates entered? Really would like to do all I can to avoid issues with security etc. Son
  8. son

    Security

    Thanks for your feedback Ingolme. Whilst no home address etc will go for your advice and have them enter password to change password and email address. Will also check for https. Might also consider the two email option. Appreciate your input:-) Son
  9. son

    Security

    Hi there, Have coded a simply members login area where members can change their email address, password (to logon to area), phone number and upload some text info. Nothing fancy really (no file upload etc). Now am concerned to make the area as secure as I can and whilst you need to be logged in to access any of the pages within the area I wonder what else I can do. I have three main questions. 1. On lots of large websites you have to enter your password to change details. Would it be good advice to do this for all four update pages (email address, password, phone, information)? Or would that be overkill? 2. Shall I request that the whole area is under https rather than just http? 3. What else is good practice to safeguard the area and/or what tools can you use to test security issues? In addition, I decided to go only for one email field rather than add the customary confirmation email field. My browers always fill in the details anyway, so in a way there is no point to this. What is your take on this? Any comments appreciated:-) Son
  10. Thanks for all the feedback. Very helpful. The external scripts are sitting in admin folder, web root and there is a folder created in web root with two files inside... Son
  11. Thanks Ingolme. You might have just pointed me in the right direction. However, not sure how they managed to login into password protected area where this files sits. All files have test right at the top to check if user is logged in... In addition, the site security scan did not pick up on any of the dodgy scripts and host says that this is because file sat there for years apparently. However, I can for once not see how it sat there for all this time not doing anything till recently and why a security scan would not pick up dodgy scripts just because they were for a while on the site. Does this make any sense to you? Son
  12. Thanks for your feedback. Will check the access logs. However, unfortunately we are not entirely sure when it happened. Seems to have gone on unnoticed for some time. There is a security service installed which was offered by host when we discovered a number of strange things happening and were able to correct some that were obvious. However, the scans come back each day saying that the files are all okay which sort of confuses me as they are obviously not. In addition when you say scripts often lack 'security validation and checking and allow attackers to replace or upload files' can you point me in the right direction of what to google to find some more info on this. Am still puzzled how those placed .php files come to the web server in the first place. I understand once one script is there how it can create the other files and folders, but am lost as in how they got in first... Son
  13. Is it possible that a hacker can place phycial files and create new folders on a web server without ftp access? If so, how can I find out if the hack came via ftp or via a weak script? Son
  14. Thanks for this. Could only think in vague PHP-terms to solve this and it is great to have the confirmation that I am not missing a more direct way of achieving this. Will have a go now:-) Son
  15. Thanks for pointing this out. Have setup a new table now with three fields: combination ID, item ID, category ID. As I have lots of data sitting in the item table wondered if there is a good way to extract the info to the new table? It would need to transfer each itemID/categoryID combination to the new table. For example 'itemID (1), categoryIDS (1,2,3)' would become 'itemID (1), categoryIDS (1)', 'itemID (1), categoryIDS (2)' and 'itemID (1), categoryIDS (3)'. The category ids are in field as a comma-separated list without spaces... Son
  16. Hi there, I have created one table that holds category names (catTable) and one table (itemTable) that has a field with comma separated list of category ids that are relevant for individual item (setup as VARCHAR). I tried 'SELECT catName FROM catTable WHERE catId IN (SELECT itemCatId from itemTable WHERE itemID = $itemID)' in WHILE loop that displays the individual items which should also show all names of relevant category names. It does not work and shows only first category rather than whole list. I suppose the WHERE IN function is probably incorrect, but am not sure if I need to change the cell type and/or the query. Any pointers appreciated. Son
  17. Apparently cookies are enabled and this is should not be the issue. What about iPhone? Are there any current issues known with iPhone Safari? This is the device where the issue occurs. Whilst before it apparently worked sometimes and then not, it looks now like it might be a permanent issue with the device/browser. Thanks, Son
  18. Hi there, I have build a website that relies on sessions to keep a language variable alive, so users can navigate through one language. I was told that on one day last week this did not work. Each time the user clicked onto different link in navigation it reverted back to default language. I just tested session variable and it works fine. What could be a reason that this does temporarily not work? Does not really make sense to me... Son
  19. son

    Fatal error: Out of memory

    Thanks for info. Very helpful:-) Son
  20. What do you mean by "prepared statements". Am not sure what this is... Son
  21. son

    Fatal error: Out of memory

    Thanks Ingolme. Unfortunately, it is a hosted site with no access to php.ini or is there another way to implement this (locally in script not possible, is it?)... Son
  22. Have a form that is used to update, create or delete entries in db. All form fields sticky, but instead of echoing post data I echo values from variables. If update/delete form displays current db values in form field, if new entry they are empty to start off with, but will be sticky for those submissions where the field entries are filled out okay whilst others are not. My issue now is that upon db submission I use: $idesc = escape_data($_POST['idesc']); which now causes the text to be escaped when there is an issue with another form field which is not what I want. What would be best? To move all escape_data bits till after the check that all form fields are filled out okay? Or is there a better alternative? Son
  23. son

    Fatal error: Out of memory

    I use image_destroy(), so not sure if that is the issue. Paste code below... function resize_image($opts){ $src = isset($opts['source']) ? $opts['source'] : ''; $dest = isset($opts['dest']) ? $opts['dest'] : ''; $w = isset($opts['w']) ? intval($opts['w']) : 0; $h = isset($opts['h']) ? intval($opts['h']) : 0; if ($src == '') { return; } if ($w == 0 && $h == 0) { return; } if ($dest == '') $dest = $src; // resize in place // open the image$extVar = explode('.',$src);$ext = strtolower(array_pop($extVar)); switch ($ext) { case 'jpg': case 'jpeg': $i = imagecreatefromjpeg($src); break; case 'gif': $i = imagecreatefromgif($src); break; case 'png': $i = imagecreatefrompng($src); break; default: return; } $new_w = imagesx($i); $new_h = imagesy($i); if (($w != 0 && $new_w <= $w && $h == 0) || ($w == 0 && $h != 0 && $new_h <= $h) || ($w != 0 && $new_w <= $w && $h != 0 && $new_h <= $h)) { // image is small enough if ($dest != $src) copy($src, $dest); return; } // determine new size if ($w != 0 && $new_w > $w) { $new_h = ($w / $new_w) * $new_h; $new_w = $w; } if ($h != 0 && $new_h > $h) { $new_w = ($h / $new_h) * $new_w; $new_h = $h; } // resize $new = imagecreatetruecolor($new_w, $new_h); if ($ext == 'png' || $ext == 'gif') { $trnprt_indx = imagecolortransparent($i); // If we have a specific transparent color if ($trnprt_indx >= 0) { // Get the original image's transparent color's RGB values $trnprt_color = imagecolorsforindex($i, $trnprt_indx); // Allocate the same color in the new image resource $trnprt_indx = imagecolorallocate($new, $trnprt_color['red'], $trnprt_color['green'], $trnprt_color['blue']); // Completely fill the background of the new image with allocated color. imagefill($new, 0, 0, $trnprt_indx); // Set the background color for new image to transparent imagecolortransparent($new, $trnprt_indx); } // Always make a transparent background color for PNGs that don't have one allocated already elseif ($ext == 'png') { // Turn off transparency blending (temporarily) imagealphablending($new, false); // Create a new transparent color for image $color = imagecolorallocatealpha($new, 0, 0, 0, 127); // Completely fill the background of the new image with allocated color. imagefill($new, 0, 0, $color); // Restore transparency blending imagesavealpha($new, true); } } imagecopyresampled($new, $i, 0, 0, 0, 0, $new_w, $new_h, imagesx($i), imagesy($i)); imagedestroy($i); // save the image switch ($ext) { case 'jpg': case 'jpeg': imagejpeg($new, $dest); break; case 'gif': imagegif($new, $dest); break; case 'png': imagepng($new, $dest); break; } imagedestroy($new);} This script is working well on other sites. In fact it has been generally employed and it is not written by me... This is the first time I encounter an issue with it. Can you see any issue. I cannot see what would be wrong with this piece of code... Son
  24. Have issue with image upload script. The error is as follows: Fatal error: Out of memory (allocated 56360960) (tried to allocate 19712 bytes) and image file that caused this is 514KB. The entry in db is okay. I checked with local settings on hosted server: max_file_uploads -> 20upload_max_filesize -> 40Mmemory_limit -> 90Mpost_max_size -> 8M As lowest value post_max_size is 8M which is 1024 KB am confused. The image is only half as big. My script runs through the creation of three sizes when uploading an image (thumbnail, medium and large version). The large version sits okay on webserver, it is only the medium and small version that does not run okay. I run the problematic file through a Photoshop resize and uploaded the 529KB file and it created a 42KB large version, 12KB medium version and 2KB thumb. It worked well. Only then did I notice that the original file was actually smaller in size than 529KB. Not only that it is very weird that the save for web in Photoshop has actually increased file size, but the original file should definitely upload okay. It does not. Is there any sense in this? Thanks, Son
×
×
  • Create New...