justsomeguy

I just want to expand on what Nakor said. Instead of storing the password itself in the database, you want to store an encrypted version of it that can't be decrypted. Here are some functions to encrypt a string:http://us2.php.net/manual/en/function.crypt.phphttp://us2.php.net/manual/en/function.md5.phphttp://us2.php.net/manual/en/function.sha1.phpThese produce a one-way hash, which means that it is a constant-size value that you can't decrypt. MD5 produces a 128-bit (32-byte) string, and SHA-1 produces a 160-bit (40-byte) string. So a string produced by sha1() is 40 characters long. You can look up on the web for differences between md5 or sha1, but you can really use either one you want, or maybe both md5(sha1($password)); But the bottom line is that both of them are generally considered safe, you won't run into problems from someone cracking an encrypted password unless the password is already unsafe (like the password 'password').To do this, you encrypt the password however you want to produce your hash, then you store the hash in the database. When the user tries to log in again, you encrypt the password they type in the same way, and see if the hash for what they typed matches the hash you saved in the database. So instead of comparing password to password, you compare password hash to password hash. There is a reasonable guarantee that two different strings won't produce the same hash, but obviously it's not true for all strings. With a 160-bit string, there are 1.461*(10^48) values, so obviously with infinite strings there would be a collision at some point. But in practice it's not something you have to worry about.If you want to play around with these functions, look here: http://choice.server.tracorp.com/vartest.php (link may go away). You can type something into the box and select one of the PHP functions to execute. If you type something in you can select md5, crypt, or sha1 and see what happens.

Also, I am not sure if it is a browser issue, but it only seems to happen when I use ASP, when a database driven page is updated it sometimes does not 'refresh' and the refresh button has to be manually pushed...I have never had that problem with ASP.Net or PHP.

I've seen that too with ASP, I'm not sure what's going on there. I get around it by using a meta tag to make sure the page never caches.

I've been looking over the wikipedia page, and it looks like the Islamic Calendar is pretty similar to the Gregorian. I guess the question is how do you convert between the two?I guess what I see is that this is a difficult problem, because the months in the Islamic Calendar start whenever the council says they start, so there's no algorithm to predict when that will happen. I guess the best thing that can be used is something like this:http://en.wikipedia.org/wiki/Tabular_Islamic_calendarThere is also this converter:http://www.phys.uu.nl/~vgent/islam/islam_tabcal.htmSo, here is the javascript date object:http://www.w3schools.com/jsref/jsref_obj_date.asphttp://devguru.com/technologies/javascript/10585.aspYou will need to use that object to help you out. So here is how you get the current date:

var now = new Date();var cur_year = now.getFullYear();var cur_month = now.getMonth(); //jan = 0, dec = 11var cur_date = now.getDate(); //day of month

The first thing we need to do is calculate the date in terms of how many days have passed. So we need to set up some date arrays, for the number of days in each Gregorian month:

var months_g = new Array();months_g[0] = 31;months_g[1] = 28;months_g[2] = 31;months_g[3] = 30;months_g[4] = 31;months_g[5] = 30;months_g[6] = 31;months_g[7] = 31;months_g[8] = 30;months_g[9] = 31;months_g[10] = 30;months_g[11] = 31;

And also for the leap years in the Islamic 30-year cycle:

var leap_years = new Array();for (i = 0; i <= 31; i++)  leap_years[i] = false;leap_years[2] = true;leap_years[5] = true;leap_years[7] = true;leap_years[10] = true;leap_years[13] = true;leap_years[16] = true;leap_years[18] = true;leap_years[21] = true;leap_years[24] = true;leap_years[26] = true;leap_years[29] = true;

Now we calculate how many days have passed since 1/1/0:

var total_days_g = Math.floor(cur_year * 365.25);for (i = 0; i < cur_month; i++)  total_days_g += months_g[i];total_days_g += cur_date;

Since the Islamic calendar started in 622, we have to subtract 622 years worth of days.

total_days_g -= Math.floor(622 * 365.25);

OK, I'm running into problems with how this is working out, I don't think I'm doing it right and I don't have the knowledge about the different calendars. I found that online converter I linked to above though, so I was looking at that code. To calculate the 'Kuwaiti algorithm' version of the date, I have taken out the code and modified it a little bit. Whoever programmed it was apparently trying to obfuscate the code, because it's not easy to follow with all the single letter variable names. If you can make sense of it that's cool, but I don't know the calendars well enough to understand what the calculations mean.

now = new Date();day = now.getDate();month = now.getMonth();year = now.getFullYear();jgc = 0;m = month + 1;y = year;if(m < 3){  m = m + 12;  y = y - 1;}c = Math.floor(y / 100.);if (y == 1582 && m > 10)  jgc = 10;if (y > 1582)  jgc = 2 - c + Math.floor(c/4.);jd = Math.floor(365.25*(y+4716)) + Math.floor(30.6001*(m+1)) + day + jgc - 1524;jgc = 0;if (jd > 2299160){  c = Math.floor((jd - 1867216.25) / 36524.25);  jgc =- (1 + c-Math.floor(c/4.));}b = jd - jgc + 1524;cc = Math.floor((b-122.1)/365.25);d = Math.floor(365.25*cc);month = Math.floor((b-d)/30.6001);day = (b-d) - Math.floor(30.6001*month);if (month > 13){  cc = cc + 1;  month = month - 12;}year = cc - 4716;month = month - 1;wd = Math.floor((Math.floor((jd+1.)%7.)+7.)%7.)+1;iyear = 10631./30.;epochastro = 1948084;epochcivil = 1948085;shift1 = 8.01/60.;z = jd - epochastro;cyc = Math.floor(z/10631.);z = z - 10631 * cyc;j = Math.floor((z-shift1)/iyear);iy = 30 * cyc + j;z = z - Math.floor(j*iyear+shift1);im = Math.floor((z+28.5001)/29.5);if (im == 13)   im=12;id = z - Math.floor(29.5001*im-29);day_islam = id;month_islam = im; //muharram = 1, zil hijjah = 12year_islam = iy;

You can't set and retrieve a cookie on the same page, this won't work for any browser. What a cookie actually is is an http header. The headers come before the actual page and tell the browser what character encoding, or mime type, or other properties of the page. One of the headers can be a cookie asking the browser to save some information. But the key point is that headers are delivered along with the page, but come before. So when you have the code to set the value in the cookie, it creates a header for that cookie to send to the browser, but it hasn't actually sent it yet. The rest of the script needs to finish executing, so the cookie only gets sent when the script ends and the page gets sent to the browser. And by the time the script ends, you have already done your check to see if the cookie is there, and obviously it's not because it's still waiting to be sent.So you need to create one page that sets the cookie, and give yourself a link to a second page that checks the cookie. If you are doing this for a login, you will want to have the login page submit to some in-between page ("thank you for logging in, you will be redirected") that sets the cookie and then redirects the user to the menu or whatever.

If you want to do something like that, you need to either store the customer's cart information in the database, or you need to store it in a temporary file. You would also want some cleanup mechanism to empty out all the old ones where people just close the window and leave.

First, in form.asp you don't need the hidden ID field. You haven't created the ID yet, so there's no ID to pass.Why are you doing this?

rs.open "select * from tablename where 0=1",3,3

con.open("Select Max(id) as myid from tablename");new_id = con.fields.item("id").value

The name from item (here "id") needs to be the same name that you are getting from the database. You called the item from the database "myid", so you need to use con.fields.item("myid").value to read it.

response.redirect("resultpage.asp?id=" + new_id);...CID = Request.querystring("CID")

These two names also need to be the same. You are redirecting to resultpage.asp and passing a variable called id to it, but then you check for a variable called CID. Either do this:response.redirect("resultpage.asp?cid=" + new_id);or this:cid = request.querystring("id");But they both need the same name.

This looks to be a Windows server, Windows doesn't have chmod.

Here's an example game

When you set width to a percentage, you are setting it as a percentage of the parent container. So if you have this:<body> <div></div> <div></div></body>Then the parent of the div is the body. So setting the width of the div to 100% makes the div 100% of the width of the body. If you set the widths of both of those divs to 100%, then the page will actually be twice the width of the screen. Since in your page you have a div on the left set to 253, and then another one set to 100%, the actual page is 100% + 253 pixels wide, so it's always 253 pixels larger than the screen size. Maybe someone else can give you an idea on how to make your div fill the rest of the screen, but a short term fix is to make the div on the right 600px instead of 100% or something, give it a fixed size. Then at least you know how big it is.

Wondering this time if anyone knows much about widths in IE and how the way IE interprets widths differs from the way FF does and why this would make a table jump out of its div???

Yeah, I think the algorithm that IE uses for determining an element's dimensions goes something like this:

element_width = generate_random(1, requested_width);

In this case there's no alternative. I've tried doing that myself, specificying a class for an object based on the value of some attribute (in this case "type"), but with CSS that's not possible. The only 2 attributes that matter as far as I can tell are "id" and "class".

Directly after you insert everything into the database (as in the statement right after the SQL query), you need to get the highest ID number:

sqlcon.open("SELECT MAX(id) AS id FROM table");new_id = sqlcon.fields.item("id").value;...response.redirect("processpage.asp?id=" + new_id);processpage.asp:id = request.querystring("id");

Right, you can't stop it, and it's not harmful, so don't worry about it.

That may be true, but everything is built-in to Opera, you don't need to run around the web downloading and installing a legion of extensions to do what you need to be able to do. Not only is everything built-in, but they managed to also make the Opera installer 1.2MB smaller than the Firefox installer. And it's also faster. So there!

Make sure the IUSR account has full access to the folder. If your computer is called "server", then the account will be called IUSR_SERVER, it is the anonymous internet guest account. Make sure to give that account full access, both through IIS and Windows.

First of all he was talking about ASP when he mentioned 7 chars, not ASP.Net.

In that case, the issue is not ASP, but VBScript or JScript syntax. I hate everything about VB, and JScript is c-style, so I don't really have a problem with that.

ASP.Net does have some long names but that does make it very obvious as to what the function is used for as opposed to md5()

If the programmer knows what he is doing, and knows that he needs to hash a string, and the choices could be MD5, or SHA-1, or CRC32, then you make a choice on which one to use and look it up. The function HashPasswordForStoringInConfigFile might be a good name if you are hashing a password and storing it in a config file, but what if you just want to hash some arbitrary string, maybe file data to compare against, and store it in a database? Are you going to know to use the HashPasswordForStoringInConfigFile function? Where is the HashFileStringForCheckingMD5Signature function? You know what I'm getting at? The function doesn't hash a password, it runs the MD5 or SHA-1 algorithm over a string, but that's not what the name of the function says it does. Of course, all of this assumes that the programmer knows what he is doing. The languages that Microsoft comes out with seem to put an emphasis on how easy it is to use, as if someone with no programming background can go in and figure it out. Someone with no programming background should not be working on applications. If you're going to be designing or implementing software, you need to know the issues that you should be concerned with and how to deal with them, or at least know where to find that information.Also, you can't get any more obvious than md5(). The function md5 performs an md5 hash. That's why they called the function md5. It's not the language's fault if the programmer doesn't know what md5 is or what it's used for.Personally, I got started out of school doing ASP and Flash Actionscript, but once I found PHP I've never looked back. Requirements still demand that some things be done in ASP, but I always prefer PHP. I had a project where the client demanded ASP.NET, and all I really needed it for was to control a small content management system to handle the page content, but it took on the order of 3 or 4 months and much reading of books and tutorials before I finished that up. If I had been allowed to use PHP, it probably would have taken me all of 1 or 2 weeks, but that's only because I already have most of it built for everything else I do.

Web-based scripting languages are generally event-driven, where an action has to take place in order for work to be done. The program responds to user input. If you want to schedule things to happen in the future at some point, you will probably need to send calls to the operating system scheduler, and devise some scheme for the OS to call back the program at the specified time and perform what needs to be done.The only time I've run into this myself is for a project where I needed a task to happen once a day at a certain time. In order to do that, I wrote an ASP script to do the task, and set up the Windows task scheduler on the server to launch Firefox, go to that page, and close Firefox again after 5 minutes. It's cheesy, but it works.

That's what I use it for, but I generally do the opposite, I try to determine if the user is a human instead of a bot. If I can determine that the user is a human, I hide the marketing stuff, or else I show it. If I can't tell what the user is, I assume it's a bot.

If your website is only accessible on your local network then it's not a problem. But if you are running a publicly-accessible server, you will get login attempts and hack attempts from all over the world (usually China) looking for ways into your server. Also if you host you will either need a static IP address (generally fairly expensive) or a dynamic DNS account, plus the bandwidth to actually run the site. If you want your site to do any emailing, you will need to install a configure a mail server, but it seems that most home ISPs block the outgoing mail ports, so that's another reason why it's better to have a static IP if you are hosting. But if you want to go through the trouble of hosting your own server, you will need to read up on security procedures on how to secure the operating system.

Well, here's the function to use:http://us2.php.net/manual/en/function.strstr.phpSo I guess it would be something like this:

$uagent = strtolower($_SERVER['HTTP_USER_AGENT']);if (strstr($uagent, 'google') === false &&     strstr($uagent, 'bot') === false &&     strstr($uagent, 'yahoo') === false &&      (strstr($uagent, 'mozilla') !== false ||       strstr($uagent, 'msie') !== false ||       strstr($uagent, 'opera') !== false ||       strstr($uagent, 'gecko') !== false ||       strstr($uagent, 'firefox') !== false) &&      (strstr($uagent, 'win') !== false ||       strstr($uagent, 'linux') !== false ||       strstr($uagent, 'mac') !== false ||       strstr($uagent, 'sunos') !== false ||       strstr($uagent, 'hp-ux') !== false ||       strstr($uagent, 'irix') !== false ||       strstr($uagent, 'beos') !== false))   $human = true;else   $human = false;

Not exactly the prettiest thing, but it should generally work..

Ah ha! That's the question. I have a web site set up to display SE-friendly keywords and terms if I can detect Googlebot or Yahoo or MSN or whatever, and leave that information off for normal users. Google hasn't delisted the site yet, so it seems to be working. Here's the code that I use (excuse the VBScript):

if InStr(1, uagent, "google", VBTextCompare) = 0 and InStr(1, uagent, "bot", VBTextCompare) = 0 and InStr(1, uagent, "yahoo", VBTextCompare) = 0 and ((InStr(1, uagent, "mozilla", VBTextCompare) > 0 or InStr(1, uagent, "msie", VBTextCompare) > 0 or InStr(1, uagent, "opera", VBTextCompare) > 0) and ((InStr(1, uagent, "win", VBTextCompare) > 0 or InStr(1, uagent, "linux", VBTextCompare) > 0 or InStr(1, uagent, "mac", VBTextCompare) > 0 or InStr(1, uagent, "sunos", VBTextCompare) > 0 or InStr(1, uagent, "hp-ux", VBTextCompare) > 0 or InStr(1, uagent, "irix", VBTextCompare) > 0 or InStr(1, uagent, "beos", VBTextCompare) > 0) or (InStr(1, uagent, "gecko", VBTextCompare) > 0 or InStr(1, uagent, "firefox", VBTextCompare) > 0))) then  show_footer = falseend if

So let's see.. I check if the user agent string:

  -does not contain 'google'  and  -does not contain 'bot'  and  -does not contain 'yahoo'  and    -contains 'mozilla'    or    -contains 'msie'    or    -contains 'opera'    and      -contains 'win'      or      -contains 'linux'      or      -contains 'mac'      or      -contains 'sunos'      or      -contains 'hp-ux'      or      -contains 'irix'      or      -contains 'beos'      or      -contains 'gecko'      or      -contains 'firefox'

If that is true, then it does not show the footer (it assumes human user), or else the default action is to show the footer for the search engines.

At the end. Here is my uber-detailed schematic of process.asp:

<get responses from POST> username = request.form("username")<validate responses> user entered a string for a number? bad user! smack them to the ground!<insert into database><get id for new data>response.redirect("thanks.asp?id=" + new_id)

Since you will probably want to validate the variables, it might be a good idea to have the form page do all the processing also. So, the form page would show the form, and would also do the above, get all the data, validate it, insert into the database, and redirect. You can go one step further, and also have the form page redirect back to itself. That way you only use 1 page (although the code might be a little confusing). It doesn't matter which page you redirect to, as long as a redirect happens. That way they refresh the redirected page (which didn't do any processing) instead of the page that inserted into the db.

That's kind of weird... I can't see some spider just randomly trying an address like "/MSOffice/cltreq.asp?UL=1&ACT=4&BUILD=6551&STRMVER=4&CAPREQ=0" without a link. If you took this site over, could it possible that those links were present in the past? One thing you could try doing is searching Google (or Yahoo) for that address, and see what pops up.OK, I did some searching, and I think I've figured it out. As you can see, the url is "/MSOffice/cltreq.asp". Something to do with MS Office. You may also see requests for owssvr.dll. At first I thought it might be a hack attempt, someone trying to exploit a FrontPage extension or something like that, so they ping the site to see if you have the extension installed (the NIMDA worm did something similar). What I think now (c.f. here) is that this is an IE toolbar, and if someone has the Office discussion toolbar installed, IE will send a request to the server looking for these files to see if your server supports the discussion. I've seen people with the toolbar installed, where it says the website doesn't support discussions, and I wonder how it knew that. This is how, it sends a request for the specific build and version of the software it has installed and see if it gets anything back. IE phishing for discussions.

It sounds like you have links pointing to things that aren't there. The best way to clean that up is to find the links that point there and change them. If you aren't already, log the referrer and track down where the links are.

Well, if you are saving your data in a file, then ultimately you do have to write the file. The variables thing is to save you the headache of reading everything back in. You can also create your own little data management class to help you write the file automatically, but yeah, you will have to write the data to the file, you just write PHP code instead of the raw data. So, using my example from post 7, the code would be something like this:

$str = "<" . "?php\n";$str .= "\$users = array();\n\n";for_each_user{  $str .= "\$newuser = array();\n";  $str .= "\$newuser['username'] = \"" . $username . "\";\n";  $str .= "\$newuser['password'] = \"" . $password . "\";\n";  $str .= "\$newuser['first'] = \"" . $first . "\";\n";  $str .= "\$newuser['last'] = \"" . $last . "\";\n";  $str .= "\$newuser['email'] = \"" . $email . "\";\n";  $str .= "\$users[] = \$newuser;\n\n";}$str .= "?" . ">";//write $str to the file

So, yeah, if you are storing your data in a file there's really no way to get around actually writing the file, you have to do that regardless. But if you do it this way, you don't have to do any extra work to read all the data in.