Re: [PHP] warning message to hide

[siavash1979]

Quoting Alain Roger <[EMAIL PROTECTED]>:

> Hi,
> 
> Today i discovered that when my host webserver has some issue with
> PostgreSQL database, my code displays the following error message :
> *"Warning*: pg_connect()
> [function.pg-connect]:
> Unable to connect to PostgreSQL server: could not connect to server:
> Connection refused Is the server running on host "pgsql.exohosting.sk" and
> accepting TCP/IP connections on port 5432? in */www/.php* on line yyy."
> 
> I would like instead of that, to display my own error message... in fact, i
> would like to display something like : "We are sorry but temporary we have
> some technical issues. Please try again later".
> how can i do that ?
> 
> i tried to do :
> $conn = pg_connect($conn_string);


try putting an @ sign before this line. something like this:
@$conn = pg_connect($conn_string);

that should do the job for you in this case.

Siavash


> 
> if ($conn) // check if database is online
> {
> // close database connection
> pg_close($conn);
> }
> else
> {
> // impossible to connect to DB
> die('Maintenance in progress... Try later.');
> }
> 
> but it still display the previous warning message.
> thanks for your help.
> 
> 
> -- 
> Alain
> 
> Windows XP SP2
> PostgreSQL 8.1.4
> Apache 2.0.58
> PHP 5
> 

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Posting a variable

[siavash1979]

Quoting Robert Cummings <[EMAIL PROTECTED]>:

> On Wed, 2007-04-11 at 09:59 -0700, [EMAIL PROTECTED] wrote:
> > 1- your mysql query statement is better to have a WHERE part too.
> > 2- I would use mysql_fetch_row instead of mysql_fetch_assoc
> 
> Ummm, why would you want to reduce clarity and maintainability by using
> mysql_fetch_row()?

hmmm, I just remember in my php class a while back, my teacher didn't even
bother teaching us about mysql_fetch_assoc, and when a student asked about it,
he said don't bother using it, just use mysql_fetch_row so I ended up using this
function ever since. I'm guessing he was wrong??


Thanks,
Siavash


> 
> Cheers,
> Rob.
> -- 
> ..
> | InterJinn Application Framework - http://www.interjinn.com |
> ::
> | An application and templating framework for PHP. Boasting  |
> | a powerful, scalable system for accessing system services  |
> | such as forms, properties, sessions, and caches. InterJinn |
> | also provides an extremely flexible architecture for   |
> | creating re-usable components quickly and easily.  |
> `'
> 
> -- 
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
> 
> 

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Posting a variable

[siavash1979]

1- your mysql query statement is better to have a WHERE part too.
2- I would use mysql_fetch_row instead of mysql_fetch_assoc
3- in your form, you're using a single quote. anything in between single 
quotes will be printed as is. you need to close your single quote and print 
username and open another single quote. Like this:

'...' . $username02 . '.'

Or I personally would close my php, print the form in html and use  where you need the username. And then I would start another :

> Hi,
>
>   I am trying to pass a variable into a textfield and then pass the variable
> onto a php page for insertion into a Mysql database.
>
>   However, I want to send the username of the person logging on. But instead
> php is taking the username of the logon information of the database. Which I
> obviously don't want for many obvious reasons.
>
>   Oddly enough it echo's $username02 so it shouldn't be a pass down issue.
> But when the insert.php I also ask it to echo and it doesn't. 
>
>   Any suggestions?
>
>  require("config.php");
>   $sql = "SELECT `username`, `password` FROM `user_system`";
> $result = mysql_query($sql);
>   $check = mysql_fetch_assoc($result);
>   $username_to_check = mysql_real_escape_string($_POST['username']);
> $password_to_check = md5($_POST['password']);
> 
>   $username02 = mysql_real_escape_string($_POST['username']);
>   
> if ($check['username'] != $username_to_check || $check['password'] !=
> $password_to_check) {
> echo "The username or password was wrong!";
> }
> else {
>   
>   echo 'The username and password was correct!
>   
>   
>   cellspacing="0">
>   
>   
>   
>   
>   
>
>Question 1
> 
>  
>  
>   
> Yes I strongly agree
> Yes I agree 
> I disagree
> I strongly disagree
>   
> 
> 
>   
>  
>    
>
>   
> 
>   
> 
>   
> 
> 
> ';
> echo "$username";  
> echo "$username02";
>   
>}
> ?>
> 
>
> -
> The best gets better. See why everyone is raving about the All-new Yahoo!
> Mail.  

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] foreach question

[siavash1979]

Quoting Lori Lay <[EMAIL PROTECTED]>:

> [EMAIL PROTECTED] wrote:
> > Sorry this is the full script...
> >
> > whois.php
> >
> > 
> > 
> > 
> >
> > Enter Domain Names (one per line)
> >  > style="font-size:13;font-family:Arial,Verdana;">
> 
> Gotcha!  A textarea does not produce an array.  Even though the user 
> should be separating the lines with a line break, this turns into one 
> long string with line breaks in it, not separate array elements.  You 
> will have to do this manually.  Actually, you could probably use nl2br 
> to insert BR's before the line breaks (it doesn't replace them, but 
> that's usually good enough).
> 
> Lori


much better, it all makes sense now. This is what I would do:

";
}
?>


Siavash


> >
> > 
> > 
> > Whois Results:
> >
> >  >
> > foreach( $_POST as $key ) {
> >echo "$key";
> > }
> > ?>
> >
> > 
> > 
> >
> > - Original Message - From: "Lori Lay" <[EMAIL PROTECTED]>
> > To: <[EMAIL PROTECTED]>
> > Cc: 
> > Sent: Monday, April 09, 2007 5:20 AM
> > Subject: Re: [PHP] foreach question
> >
> >
> >> [EMAIL PROTECTED] wrote:
> >>> "both examples do the same thing.."
> >>>
> >>> no, ex1 only has 1 
> >>>
> >>> so outputs like..
> >>> item1item2item3item4item5
> >>>
> >>> Where as I want this..
> >>>
> >>> item1
> >>> item2
> >>> item3
> >>> item4
> >>> item5
> >>>
> >>> ie a line break after every item.
> >>>
> >> Silly question, perhaps, but are you sure $_POST is an array (with 5 
> >> elements)?  What you have written should produce a break after each 
> >> item if POST is a 5 element array.  However if POST is a single 
> >> element with the five items concatenated together, then they would be 
> >> printed the way you have it listed above...
> >>
> >> It might be better to post the full script to the list.
> >>
> >> Lori
> >>>
> >>> - Original Message - From: "Sebe" <[EMAIL PROTECTED]>
> >>> To: <[EMAIL PROTECTED]>
> >>> Cc: 
> >>> Sent: Monday, April 09, 2007 1:22 AM
> >>> Subject: Re: [PHP] foreach question
> >>>
> >>>
>  [EMAIL PROTECTED] wrote:
> > I have ..
> >
> > foreach( $_POST as $key ) {echo "$key";
> > }
> >
> > and that gives me
> >
> > item1
> > item2
> > item3
> > item4
> > item5
> >
> > how do I write it to give me
> >
> > item1
> > item2
> > item3
> > item4
> > item5
> >
> > Thanks
> >
>  both examples do the same thing..
> 
>  -- 
>  PHP General Mailing List (http://www.php.net/)
>  To unsubscribe, visit: http://www.php.net/unsub.php
> 
> 
> 
> >>>
> >>
> >> -- 
> >> PHP General Mailing List (http://www.php.net/)
> >> To unsubscribe, visit: http://www.php.net/unsub.php
> >>
> >>
> >>
> >
> 
> -- 
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
> 
> 

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] keeping credit card info in session

[siavash1979]

Thanks a lot every one. These are great replies.

I guess I should have explained a bit more about what I'm doing.

first of all, this is not my site, it's for a client of mine.

second, I did suggest using a paypal API or a paid site to take care of this, 
but my client said no. She has a credit card processing account and how she 
works with it right now, is that interested users email her, she calls them, 
gets their credit card info and charges their card manually without the card 
present.

so, this is not really my problem, it's what she's been doing before and wants 
to continue doing. All she asked me to do is that as part of the form that 
people send their requests through, now she wants their credit card info as 
well. So that she doesn't have to call them.

And the reason I'm keeping cc info in the session for a few steps, is to take 
them to confirmation page, and then the reciept page. and after wards, I want 
to keep it in there untill the client logs in to the admin page and sees new 
requests, charges them and then deletes them for ever.

So now I've got two different responses, some people say do it, but use 
encryption/decryption methods, and some people say don't do it. But if I don't 
do it, that means I tell my client that I can't do it and I lose the job.



Thanks again,
Siavash




Quoting Travis Doherty <[EMAIL PROTECTED]>:

> Jochem Maas wrote:
> 
> >unless you are a payment gateway or a bank don't touch credit card numbers.
> >there are plenty of threads in the archive of this list that give good
> reasons
> >not to e.g. being sued out of existence.
> >  
> >
> 100% agreed.  Never touch credit card numbers.  You can't just take
> credit card numbers and manually process them in 'card not present'
> transactions (or MOTO in more archaic terms.)  You need a merchant
> account that allows for this -- usually at a higher discount rate. 
> Check the merchant agreement.
> 
> Your client should get an account like this, or better yet, provide you
> with the instructions on how to integrate his site with the payment
> providers so that you never have to worry about credit cards.
> 
> As an additional note... Maybe your SSL cert secures the numbers from
> the client to the server, and just maybe your PHP scripts have no
> security flaws in them, but you must remember the server itself and
> everything else outside of PHP.  What if someone found a flaw in the FTP
> server for example, or the mail server even, and used that to get the CC
> info.   I would hate to be explaining to a list of 1000 clients that I
> was responsible for their card numbers being stolen.
> 
> Travis Doherty
> 

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] foreach question

[siavash1979]

Your code is fine and it should work.

but in any case, try:

foreach ($_POST as $key){
echo $key . '';
}

Also, what php version, and what browser are you using?

good luck,
Siavash



> [EMAIL PROTECTED] wrote:
> > "both examples do the same thing.."
> >
> > no, ex1 only has 1 
> >
> > so outputs like..
> > item1item2item3item4item5
> >
> > Where as I want this..
> >
> > item1
> > item2
> > item3
> > item4
> > item5
> >
> > ie a line break after every item.
> >
> 
> hmm, if you're getting 5 results from the loop each should already have 
> a 
> so i dont understand what is wrong but the code it's set to put out a 
> line break after each item. maybe i'm blind but the code is fine (with 
> the exception that i don't use double quotes).
> >
> > - Original Message - From: "Sebe" <[EMAIL PROTECTED]>
> > To: <[EMAIL PROTECTED]>
> > Cc: 
> > Sent: Monday, April 09, 2007 1:22 AM
> > Subject: Re: [PHP] foreach question
> >
> >
> >> [EMAIL PROTECTED] wrote:
> >>> I have ..
> >>>
> >>> foreach( $_POST as $key ) {echo "$key";
> >>> }
> >>>
> >>> and that gives me
> >>>
> >>> item1
> >>> item2
> >>> item3
> >>> item4
> >>> item5
> >>>
> >>> how do I write it to give me
> >>>
> >>> item1
> >>> item2
> >>> item3
> >>> item4
> >>> item5
> >>>
> >>> Thanks
> >>>
> >> both examples do the same thing..
> >>
> >> -- 
> >> PHP General Mailing List (http://www.php.net/)
> >> To unsubscribe, visit: http://www.php.net/unsub.php
> >>
> >>
> >>
> >
> 
> -- 
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
> 
> 

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] keeping credit card info in session

[siavash1979]

Hi All,
 
I've got quite a bit or php experience, but I've never had to deal with credit 
card info before. Now for a property rental site, I'm adding a way for users to 
be able to fill out a form which also has some credit card info in it.
 
After they submit the form, there are a couple of more steps and to pass credit 
card info to the last page, I'm storing all the info in my session. Now, I did 
go and bought an SSL certificate, so the booking section of the site is on SSL 
(https). I'm just wondering if this is secure enough. as far as I know, SSL 
means connection to server is secured, so session variables should be secured 
too. no?
 
Also after I get credit card info, I'm storing them in a mysql table until an 
admin would log in to the site, see new reservations, charge them manually and 
contact the customer, and then that entry will be removed from my database for 
ever. Is this ok? or is it a really bad idea? originally the plan was to send 
an email to the admin with credit card info, but then I realized that emails 
are very unsecure. so I decided to keep the info on the SSL section of the site.
 
just because I'm dealing with credit cards, I'm so afraid of doing anything 
now. Any suggestions? or perhaps any links to how to make it all more secure?
 
Thanks a lot in advance,
Siavash

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Firefox Extension (Firefox 2.x.x.x)

[siavash1979]

Quoting Tijnema ! <[EMAIL PROTECTED]>:

> On 3/28/07, Daniel Brown <[EMAIL PROTECTED]> wrote:
> >If you're like me, you spend your fair share of time going to the PHP
> > website to check specs, changes, or even to refresh your brain with PHP's
> > functions.  So today I threw together a simple plugin for Firefox 2 that
> > will let you type in the name of the function and be brought right to the
> > function page.  Or, if you mistype it, it will provide suggestions.
> >
> >How does it work so awesome?  Because it uses the PHP search engine and
> > Mozilla's OSD.  All I did was whip it together as a plugin.
> >
> >Download and installation instructions:
> http://isawit.com/php_search.php
> >
> >Hope it saves everyone a microsecond or two.  We now return you to your
> > regularly-scheduled, SPAM-filled inbox.
> 
> Hmm, i just keep using my regular way, going to www.php.net/
> misspelled items are corrected, suggestions are provided :)
> 


Thanks for the extention. It does save a few seconds. I appreciate it.

Siavash Miri
Computer Programmer
Simon Fraser University


> Tijnema
> >
> > --
> > Daniel P. Brown
> > [office] (570-) 587-7080 Ext. 272
> > [mobile] (570-) 766-8107
> >
> 
> -- 
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
> 
> 

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] google video like site

[siavash1979]

Quoting Robert Cummings <[EMAIL PROTECTED]>:

> On Fri, 2006-12-15 at 09:30 +0100, Jochem Maas wrote:
> > Robert Cummings wrote:
> > > On Thu, 2006-12-14 at 23:40 +0100, Jochem Maas wrote:
> > > > I doubt they were stupid enough to shell out that kind of cash to on a
> php-nuke install,
> > > 
> > > Why not? It's not the code they want, it's the traffic. You can have the
> > > best code in the world and if 0 people visit it, it's pretty worthless
> > > to anyone but you.
> > 
> > you are right - I was implicitly thinking along the lines that there is no
> > way in hell a php-nuke install could stand up to amount of
> requests/processing
> > youtube must cope with.
> 
> Definitely not on one computer, but if you offload to say 30 servers,
> you can probably process 100 million hits per day. Servers are probably
> cheap compared to their bandwidth costs.
> 
> > there is a good reason that properties like Yahoo (which uses php of
> course) stick all
> > the heavy lifting code in php extensions written in C.
> 
> True, but nothing stopping a site like youtube from taking a shoddy app
> and moving some of the heavy lifting into extensions themselves.
> 
> > then there is the issue of differentiation - would *you* settle for some
> generic POS
> > piece of software if you had billions of dollar to invest in build a
> custom, killer app?
> 
> Probably not, but I know that millions of people everyday settle for
> Microsoft ;) Some of these people probably have a few spare billion
> dollars... not me though :|
> 
> > okay, sure, everything in software land is eventually comoditized and
> available as
> > open source eventually, but right now there are no google-video type
> applications out
> > there that can handle the amount of traffic the mentioned sites handle.
> 
> Id on't think the code is the bottleneck, I think the bottle neck is the
> 200 to  400 terabytes of data youtube transfers everyday.
> 
> > there is also the premise that youtube wouldn't be youtube if it were
> running on php-nuke,
> > for the simple fact it would have been hacked to death. no?
> 
> Well, that's definitely a valid point, no argument from me there heheh.
> 
> Cheers,
> Rob.
> -- 
> ..
> | InterJinn Application Framework - http://www.interjinn.com |
> ::
> | An application and templating framework for PHP. Boasting  |
> | a powerful, scalable system for accessing system services  |
> | such as forms, properties, sessions, and caches. InterJinn |
> | also provides an extremely flexible architecture for   |
> | creating re-usable components quickly and easily.  |
> `'
> 
> -- 
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
> 
> 


Thanks everyone. By the way I wasn't implying that any of these sites are being
run on php-nuke, I was wondering if they're however running on something similar
to php-nuke.

Just because you tube, google video, break.com and a few other sites all
basically look the same and function the same way, so I thought they might be
using the same backend code. I'm making a small site for a community that wants
the same idea, I was wondering if it's as easy as installing a software, or that
I have to write it all from scratch.

Thanks again for all your responses.

Siavash

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] google video like site

[siavash1979]

Hi,

I applogize if this isn't really related to php-programming, but it's related to
php.

I'm wondering if anyone knows what program sites like google video or break.com
use? is it a software like php-nuke, or phpBB or drupal? They all look pretty
much the same, so I'm guessing it's a package they use. Anyone know what it is?
or are they all really writing everything from scratch?

thanks,
Siavash

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] pop-up window in php???

[siavash1979]

Quoting Lester Caine <[EMAIL PROTECTED]>:

> [EMAIL PROTECTED] wrote:
> 
> > ok, maybe I didn't make my question too clear. I was mostly wondering if
> there
> > is a way to do it in PHP rather than Javascript. I would prefer only using
> php.
> > 
> > and from the answers I got, I take it that there is no way of doing it in
> PHP.
> 
> All that PHP can do is generate the text for the page that goes to the 
> browser. It is the browser that does any displaying, and it is browser 
> end tools you need to use to get a pop-up window.
> 
> -- 
> Lester Caine - G8HFL
> -
> L.S.Caine Electronic Services - http://home.lsces.co.uk
> Model Engineers Digital Workshop - 
> http://home.lsces.co.uk/ModelEngineersDigitalWorkshop/
> Treasurer - Firebird Foundation Inc. - http://www.firebirdsql.org/index.php
> 
> -- 
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
> 
> 


Thank you all very much.


Siavash

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] pop-up window in php???

[siavash1979]

ok, maybe I didn't make my question too clear. I was mostly wondering if there
is a way to do it in PHP rather than Javascript. I would prefer only using php.

and from the answers I got, I take it that there is no way of doing it in PHP.

thanks,
Siavash



Quoting Andrei <[EMAIL PROTECTED]>:

> 
>   Not related to PHP, but u hava javascript confirm function or prompt 
> (if you need input also).
> 
>   Andy
> 
> [EMAIL PROTECTED] wrote:
> > Hi all,
> > 
> > Is there anyway to have a pop-up window to ask "are you sure? yes / no" in
> php?
> > I know you can do it in Javascript, but I'm not sure what's the best way
> to
> > implement it in php. I want the page to do nothing if "no" is pressed.
> > 
> > any help would be appreciated.
> > 
> > thanks,
> > Siavash
> > 
> 
> -- 
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
> 
> 

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] pop-up window in php???

[siavash1979]

Hi all,

Is there anyway to have a pop-up window to ask "are you sure? yes / no" in php?
I know you can do it in Javascript, but I'm not sure what's the best way to
implement it in php. I want the page to do nothing if "no" is pressed.

any help would be appreciated.

thanks,
Siavash

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Escaping double quotes

[siavash1979]

> So I'm writing this page (PHP Newbie here) and it checks to see if a var
> is set, if it isn't it spits out the form info like so: echo " action="myform.php" method="post">";
> Now is there a way to 'wrap' that so I don't have to escape quotes?
> Something like perls 'qq' function is what I'm looking for. 
> I tried a few different functions from the website, magic_quotes,
> addslashes, htmlspecial etc etc but none did what I was looking for
> 
> Jeremy Pavleck
> Network Engineer  - Systems Management
> IT Networks and Infrastructure 
>   
> Direct Line: 612-977-5881
> Toll Free: 1-888-CAPELLA ext. 5881
> Fax: 612-977-5053
> E-mail: [EMAIL PROTECTED]
>   
> Capella University
> 225 South 6th Street, 9th Floor
> Minneapolis, MN 55402
> 
> www.capella.edu


I believe you can just use single qiote for this example of yours.

echo '';

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] credit card purchase and downloads

[siavash1979]

Thank you very much Stut,

great points.

I didn't even think about wanting to display a list of files they have access
to. I guess I'll go with the simpler way and save myself a lot of overhead.

As I said, I've never made a site that had anything to do with money before,
this is the first time. I just wasn't sure what kinda security I need. I guess
as long as the credit card transactions are secured, I should be fine.


thanks again,
Siavash



 thinkQuoting Stut <[EMAIL PROTECTED]>:

> [EMAIL PROTECTED] wrote:
> > is that really secure?
> > 
> > I just thought if for any reason, someone can get into my database,
> > they can't just add usernames and file ids to my table and have
> > access.
> > 
> > I thought if I md5 it, then it'll be more secured.
> > 
> > would 1 table for username-fileid really be fine?
> 
> If they get that level of access to you database then most bets are off.
> However, you are correct to a certain extent. If you one-way encrypt (if
> MD5 can be called encryption) all your data then yes it will be more
> secure, but to me that security comes at too high a cost from a
> functionality point of view. You can't, for example, get a list of the
> files a particular user has purchased.
> 
> But, as always, it's up to you and what you need for the particular
> project. If you feel you need that extra security then go for it, but be
> aware of the side-effects.
> 
> -Stut
> 
> -- 
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
> 
> 

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] credit card purchase and downloads

[siavash1979]

is that really secure?

I just thought if for any reason, someone can get into my database, they can't
just add usernames and file ids to my table and have access.

I thought if I md5 it, then it'll be more secured.

would 1 table for username-fileid really be fine?

thanks,
Sia





Quoting Stut <[EMAIL PROTECTED]>:

> [EMAIL PROTECTED] wrote:
> 
> > Any idea if this is a good way to do this or not? any better suggestions?
> is
> > this secured?
> 
> I'm confused. What's wrong with having a table containing a row per 
> file, then having another table containing the users. Add a third table 
> containing two fields, username and fileid, which contains one row per 
> user per file they've purchased. When they try to download a file you 
> check against that table.
> 
> Maybe I'm missing the point of all the md5 crap. If so, please enlighten me.
> 
> -Stut
> 

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] credit card purchase and downloads

[siavash1979]

hi guys,

I'm planning to add paid downloads of some speech files on one of my customers
website. Basically I want people to be able to pay for a speech and then be able
to download it.

it's the first time I wanna do anything like this, so I was thinking to myself
to do it this way:



when they pay for a file, I generate a session, that includes file name and
username and is in md5 format. then I store this session to a mysql database.

anytime the customer wants to click on a file to download it, I'll make the same
session again and check the mysql table to see if it exists. if it does, then he
can download it.



the problem that I can think might happen is that the file names are not
changable. you can't rename a file, and if you delete it, and add another file
with the same name later, it'll give access to everyone.

Any idea if this is a good way to do this or not? any better suggestions? is
this secured?


thanks a lot,
Siavash Miri

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php