wjohn

Hi, I have no problem to wait, I have loads of other stuff to do!

Hmm, I guess it need more edit.. Now: http://localhost/test/index.php/hej What I think is decent would be to get rid of index.php and when it's the default controller let's say index.php i don't think index would be needed, don't you agree? I mean http://localhost/test/hej = http://localhost/test/index/hej

This seem nice I've tried this, but it doesn't really work RewriteEngine On RewriteRule ^$2$ $1?action=$2 [NC,L] What I',m trying to achive is that i dynamically get it to look like http://localhost/hello http://localhost/wtf is http://localhost/index.php?action=hello http://localhost/index.php?action=wtf The $1 is that I simply want to have more controllers and if it doesnt exists it will just show index.php. But I guess I did something wrong. http://localhost/baby is http://localhost/admin.php?action=baby To avoid problems RewriteEngine On RewriteRule ^$1/$2$ $1?action=$2 [NC,L] Could be solid - but it doesnt work!!

Hello I'm looking to change my urls and generally I just want to have a going on how to do it. First url http://localhost/index.php?action=login I would like that to simply be http://localhost/login But is it then possible to make like http://localhost/admin/adduser And the real link would be http://localhost/admin.php?action=adduser And finally http://localhost/map/x/y would be http://localhost/map.php?x=&y= I'm not asking code for all urls, just a snippet for one of them, and hopefully a link to a good resource. But if someone feel like saving me some time, it's appreciated! (I do not ask for it tho)

Kraxzy can you give an example of how to secure basedirs and basepaths?

The only thing, I consider right now is to use htmlentities() on the outputs at the ban data, as if some "admin" would freak out and try to XSS inject.

function login(&$msg) { //Database injection fix $_POST = $this->db_escape($_POST); $username = $_POST['username']; $password = sha1($_POST['password']); $query = "SELECT id, username, userlevel FROM users " . "WHERE username = '" . $username . "' AND password = '" . $password . "'"; $result = mysql_query($query); if(mysql_num_rows($result) == 0) { $msg = 'Fel användarnamn eller lösenord!'; return false; } $user_data = mysql_fetch_assoc( $result ); if ($this->IsUserBanned($user_data["id"])) { $query = "SELECT * FROM bans WHERE uid = '" . $user_data['id'] . "'"; $result = mysql_query($query); $ban_data = mysql_fetch_assoc( $result ); $msg = '<strong>AVSTÄNGD</strong><br /> ANLEDNING: ' . $ban_data["reason"] . '<br /> BEVIS: ' . $ban_data["evidence"] . '<br /> TID: ' . $ban_data["time"] . '<br /> AV: ' . $ban_data["administrator"]; return false; } return true; } I came up with this, anything I can improve, security such. This is the db_escape function: function db_escape ($post) { if (is_string($post)) { if (get_magic_quotes_gpc()) { $post = stripslashes($post); } return mysql_real_escape_string($post); } foreach ($post as $key => $val) { $post[$key] = $this->db_escape($val); } return $post; }

Would you like it to stand like 2007-2011? And next year 2007-2012? <?php echo "2007-" . date("Y"); ?> Would display like above.

I don't really use MVC model, but I guess I could put away the CONSTRUCTOR and put it in just a plain login file, and then call if the data is valid. <?php if (isset($_POST['submit'])) { //validate data then call login() } ?>

What would you recommend? Is my method of login class even good? I want to optimise as much as I can, and by the way thanks a lot for the help! It's very appreciated.

Well, What about there was 2 options, you can get logged in, but what if you're banned, that is a second check, before Im going to set the sessions. As I clearly want to state if they login was fail because of username and password or banned.

Hi I'm working on a login method to my class and so far it look like this function login() { //Database injection fix $_POST = db_escape($_POST); $username = $_POST['username']; $password = sha1($_POST['password'] . $this->salt); $query = "SELECT id, username, userlevel FROM users " . "WHERE username = '" . $username . "' AND password = '" . $password . "')"; $result = mysql_query( $query ); $user_data = mysql_fetch_assoc( $result ); if( mysql_num_rows( $result ) == 1 ) { } The login method is triggered from my constructor function Auth() { if (isset($_POST['username']) && isset($_POST['password'])) { $this->login(); } else if (isset($_GET['logout'])) { $this->logout(); } } Now I wonder how I should return the data, Let's say Im on the login.php and the users doesn't exists or is banned, Something like this: function login() { //Database injection fix $_POST = db_escape($_POST); $username = $_POST['username']; $password = sha1($_POST['password'] . $this->salt); $query = "SELECT id, username, userlevel FROM users " . "WHERE username = '" . $username . "' AND password = '" . $password . "')"; $result = mysql_query( $query ); $user_data = mysql_fetch_assoc( $result ); if( mysql_num_rows( $result ) == 0 ) { //Oh noes the user doesn't exists I want to print this out to the user, What should I return ? and how I print it out? } Thanks in advance.

Hi I refer to my old topic http://www.killersites.com/community/index.php?/topic/4265-mysql-database-design/page__p__21707__fromsearch__1#entry21707 which was about my mysql database design. Now, I wonder how I am going to trigger an EVENT for a certain time, For example, let's say I want to add a new building, it's going to take about 20 minutes until it's "builded". If i want to upgrade it to "level 2" it will take a certain time, before it's updated, For example another 20 minutes. And when you upgrade, let's say you lose som resources like 200, 300, and so on. How do I trigger actions after a few time?

Thanks for the rather informative post :] I will look more at google.

I've been hearing about stealing seasions and stuff like that, How do I prevent session and make it safe?