• Content count

  • Joined

  • Last visited

Community Reputation

140 Neutral

About Xipe

  • Rank
  1. [web] Inserting blogs

    However, most of the dynamic content in WP is accessed through simple calls.... so just make a design and then integrate the needed WP functionality. You can do the latter part in a few hours (i.e. quite simple).
  2. It looks nice. Don't have a solution for your question, but was rather wondering what happens if the first menu has 5 submenus? As it stands in your example it works well, but I forsee problems if you have like 10 subitems high up in the hierarchy.
  3. SELECT name, column, position FROM mytable ORDER BY position DESC, column DESC; That will get them out in the right order, add PHP checks that writes out & nbsp ; or something if a name is missing in one column and that also advances to the next row if that missing name was for column 2 (if you know your dataset always will have integrity you needn't though).
  4. How about you read my posts and either define your XML or transform it. ;)
  5. Quote:Original post by rileyriley Be sure that you don't think, "well, the password is md5ed before I send it, so no one can find out the password, so the login is secured." If all they need to send is the md5ed password, all an attacker would need would be the md5 hash of the password. That is, who cares what the password is when all you need is the hash of the password? Eventually you are going to have to send a vital piece of information over http. Cookies don't prevent that fact and neither do sessions. If you are really worried about security, you will need to use a different protocol (e.g. https). The MD5 you use is usually generated from several entities (at least one will be random), and using the password in that doesn't matter much since the whole string is then MD5'd or otherwise one-way encrypted. I don't think you understand the concept fully as the session id will be different for _every_ login the _same_ user makes and never leave any clue as to passwords. HTTPS is only useful to protect against sniffers, and that's a legitimate concern in itself, but has _nothing_ to do with the safety of the session id generation. You can hi-jack HTTPS sessions too - what a session id generated like this does is making it near impossible to hi-jack a session by guessing. HTTPS only prevents someone from snapping up your login and password (and later on your session id) by listening to network traffic and using it while you are online. That's why online stores and sites that store important personal or financial data use HTTPS starting at login, and general forums usually don't (not worth the hassle and extra bandwidth). [Edited by - Xipe on November 30, 2005 8:54:33 PM]
  6. Quote:Original post by Dave I suppose if cookies are disabled the password will md5 hashed so even if it does go in the url it's unreadable. Yes, both the value in the stored cookie (or) the appended id to the URL will be gibberish, it's just a random (but unique) value for that session that is then identified with a certain client (i.e. user) that validated in the first place (you'd start the session at a correct login for instance).
  7. Quote:Original post by Dave It seems pretty complicated. How so? The server handles everything, all you have to do is call a function now and then. Before the days of built in session handling you'd have to keep track of all that yourself, now you have pre-built functions doing it for you. I.e. doesn't get much easier. If you wanna do it by hand: 1) Generate unique session id (md5 username+login time+secret passphrase, or somesuch), save to relational database identifying a certain user with the session id - set a cookie or return a URI with the session id to the client browser (propagate the session id to all internal URI's on that page). 2) At every page load, check the cookie or the URI, extract the session id and check against database. Checking is done by doing the MD5 again (you have the username, login time and the secret passphrase in your database) and seeing if it matches what is given by the client. Not overly complicated either, just more work. [Edited by - Xipe on November 30, 2005 6:40:53 PM]
  8. Yes it does if you use a DTD (best solution) or specify your XSL to transform them. Here's an XSL solution, too lazy to look up DTD since it's been ages since I worked with XML transformations. http://www.biglist.com/lists/xsl-list/archives/200209/msg00749.html Edit, apparently I like Googling. Here's how you do the DTD: http://www.thescarms.com/XML/DTDTutorial.asp
  9. Try using "& lt ;em & gt ;" (spaces inserted to prevent HTMLization) instead of <em>, it should work (too lazy to check though). When you insert pure HTML into XML you're making more nodes (I'd think).
  10. Dave: The PHP session stores data in cookies if available, otherwise it reverts to propagating it through the URL. Beandog: Wrong. There is no way to hold a session secure over a stateless protocol like HTTP in any other way, if it only were server side it would have to rely on IP-number or something, good luck to all AOL'ers. http://se.php.net/session
  11. Quote:Original post by BeanDog It seems to me that emailing sensitive data to our sales department would kind of defeat the purpose of using SSL to get their credit card info, etc., right? Isn't email pretty easy to tap into? Especially since our email would have to be sent to another domain than our web server is on. Sorry, didn't think as far as credit cards. :) However if the servers are in house it could work out anyways. Well, if you only need it for a few orders/month I'd probably code up something that is saved to a database and then have a simple admin (not reachable from outside) to check incoming orders - a mail could be sent to one of your adresses so you know an order has been made. Basically all your work would be at making sure you defeat any SQL injection attempts, that's not too hard and lots of info is forthcoming with a simple Google search. Like you said, installing a full feature ordering system is probably overkill and too much work to pay off at this point in time. However, if you feel demand will rise sharply in the future I'd probably start taking some of the ordering systems available for test drives.
  12. Game Story (needs criticism)

    Regarding his dialogue, why doesn't he know why he's fighting? Are there no threats to the values he has at home, or doesn't he have values at home? If an alien race would conquer his homelands and enslave them (whether this is the reality, or a spin by the higher ups) this would be central to his motivation - unless he's a "lifer", someone that's in the military for the sake of the ordered life that the military gives. The dialogue as it stands sounds very cliché with the "we're supposed to die without questioning" bit. Make him real, give him ties to reality - cause if he has no idea he has none.
  13. Both... <div class="content">test</div> and... <table class="content"><tr><td>test</td></tr></table> ...works if you set your CSS to: .content { height:100%; width:50%; border-color:maroon; border-style:solid; border-width:1px; float:left; }
  14. Am I missing something in my preferences, or isn't BB code available? Writing [url]http://test.com[/url] is way simpler than 'a href="http://test.com/"'http://test.com'/a'. Or is there some reason BB code is disabled? Also, automatic linking of web adresses would be nice since so many people around here are lazy and never link the adresses they provide (so you have to copy/paste to see the page they're referring to).