Fork me on GitHub
Get XOOPS XOOPSXOOPS FAQFAQ ForumsForums NewsNews ThemesThemes ModulesModules
New Posts New Topics All Posts All Forums Index General Modules Themes Development International XOOPS.org

Search

Donat-O-Meter

Make donations with PayPal!
Stats
Goal: $100.00
Due Date: Apr 30
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00

Learn XOOPS Core

Local Support

Advertisement

XOOPS Code hosted on SourceForge

Cumulus Tag Cloud

- 2 2.5 2.6 4 6 adslight Android AntiHarvesting AntiMalUser AntiSpam API Apple Battlefield billige Blocks Bootstrap Captcha cell cent chronolabs Clicks content CĂN demo docek download Dresses evden eve facebook Fat floor Food for free Gateway Google Guide herre Home Honeypot HP html5 Human HỘ IP iPhone jQuery List log Loss module modules Monster new newbb news NHÀ online PARK phone PHP Prevention profile project Protector publisher Rapid RESIDENCE responsive review Rights rmcommon Room security Sentry site Smartphone Smarty Smoking Spam stem Studio support tag tdmcreate template The Theme themes User userlog weight xoops Xortify XPayment ZendFramework

New Users

Registering user

# 137306

Brendon64

Welcome to XOOPS!

Forum Index


Board index » All Posts

Bottom   Previous Topic   Next Topic

(1) 2 3 4 ... 29667 »


#1 Posted on: Today 13:16 Re: Inserting multiple rows in database table
It's true what you say about security.

In any case, the module in question works only locally, at least from what I see and I do.

This module would have no meaning for the time to install it on a remote server.

In a local server you can make any changes you want.

I Sending files, that mentioned earlier, in svn

if you want to take a look at the code.

Top

timgno
Module Developer
Module Developer
Joined:
2007/6/21 13:54
From Italy
Group:
Registered Users
Posts: 1195
(Show More) (Show Less)
Topic | Forum


#2 Posted on: Today 12:46 Re: Inserting multiple rows in database table
Ok, About variables...

Get/Post are sent within the page. With a GET being installed in the URL and being limited to length and POST being displayed in the HTML text.

Cookies are kept within the browser and can be stored for just the current session or for longer depending on how it is setup.

These methods require the information to be stored on the client computer and can be modified or created by a user with or without malicious intent.

A global variable that is accessed through a GET or POST has to be sent every time a page is refreshed and a cookie can be disallowed if the users browser is set to do so.

REQUEST is a lazy way of accessing variables. It will grab the variable from GET, POST or COOKIE and if there are more than one place the variable is located it will prioritize which one to use. This is considered an INSECURE variable and should not be used in a production site. A malicious user could over write an intended value by setting a value in a higher priority location which would over write the valid data.

All of the above mentioned methods should always be checked for malicious content since they can be spoofed by a malicious user.

SESSION data is server side and the user never has direct access to this information. It stays with a specific session and you have to insure you use the session_start() function to access the data when your page starts. The information stored within the SESSION data will remain through out the session so you have to insure you remove it after you are done with it. From what I know session data should be considered to be secure since it is stored on the server and the client has no access to it.

So yes, for a variety of reasons using session data would be a good idea. I was converting the install pages to using session data when I was working on it and it was also much faster. I have not run across any reason NOT to use session data but have for the reasons mentioned above for the other global data types. They each have their place.

Rodney


Top

redheadedrod
Home away from home
Home away from home
Joined:
2008/2/26 10:05
From Grand Rapids, MI
Group:
Registered Users
Posts: 1252
(Show More) (Show Less)
Topic | Forum


#3 Posted on: Today 11:16 Re: Inserting multiple rows in database table
As you say is right, but I think some tests, there are no data in global variables.

I think have not been gone from the data file tables.php, to file fields.php and then the same data compiled in the form class/fields.php are not loaded, however, in the same file admin/fields.php

Other tests conducted with the NetBeans IDE, some variables are empty.
The only solution, I think is to integrate a class session, to ensure that these data can not be erased in the global variables GET/POST/REQUEST.

In older versions of the module are the same for both cycles in class/file and admin/file, the only difference is that the data is passed from one file to another, compared to the old one that used only the file tables.php

If you noticed, the publisher module uses its own class session to store the data and then save them in the database.

I also added two class files, request.php and helper.php to pass global variables, but still does not always work as well as the functions modulename__CleanVars ($ _REQUEST , 'id ' ) ;

In short there is to study well first and then work

Top

timgno
Module Developer
Module Developer
Joined:
2007/6/21 13:54
From Italy
Group:
Registered Users
Posts: 1195
(Show More) (Show Less)
Topic | Forum


#4 Posted on: Yesterday 11:22 Re: Inserting multiple rows in database table
Be aware that the coding error I pointed out is still in place and you need to address the use of $datas[]...

Should just need to remove the []'s.

Otherwise when you get to the foreach loop you will go through every instance of $datas that is currently in memory. So the first time you will iterate through just one value of $datas but the second time you will have the same value as you had the first time as well as the new second value and the third time through will have the first two and an additional. Plus when you send your array to setVars you will have the whole array you just setup sent to it instead of each item.

Removing the []'s should get the foreach loop to work as intended.

Should step through the contents of $datas and send each entry to setVars.

Rodney

Top

redheadedrod
Home away from home
Home away from home
Joined:
2008/2/26 10:05
From Grand Rapids, MI
Group:
Registered Users
Posts: 1252
(Show More) (Show Less)
Topic | Forum


#5 Posted on: Yesterday 9:18 xTransam - New Chronolabs API to be Implemented
Notabily something I have found is the length of time it takes to poll translation api's, my solution to this was to build : https://translator.labs.coop/ - The Chronolabs Translation API.

This stores translations and can be passed a storage token which for a module would be something like for xtransam as a module as md5('xoops-module-xtransam') - so that if someone else has ran for the translation your after; it will retrieve it from the cache for upto 24 months from the initial translations rather than having to wait to poll google, bing or mymemory.

This uses a file storage method not a database with similar classes to the cache class that comes with XOOPS - this is cause flat files are always much quicker than using a Database store and more manageable on mass.

In the next few weeks I will update xTransam, to this API for it provider methods this is so we eventually have fast and quick translations stored in the cache on this API. I will then after making a new Major Version of xTransam, looks too see if the language files have been finalised for XOOPS 2.6 and make a version for this as well.

I will post a thread here when both are complete!

Thanks

Simon - wishcraft/mynamesnot

Top

wishcraft
Module Developer
Module Developer
Joined:
2007/5/18 15:56
From Dulwich Hill, Sydney, Australia
Group:
Registered Users
Posts: 2110
(Show More) (Show Less)
Topic | Forum


#6 Posted on: Yesterday 7:52 Re: text lines
Sorry, but where can I find that

Top

fla-ts
Friend of XOOPS
Friend of XOOPS
Joined:
2005/1/4 11:03
From Belgium
Group:
Registered Users
Posts: 120
(Show More) (Show Less)
Topic | Forum


#7 Posted on: Yesterday 7:38 Re: text lines
in your style.css and/or styleNN.css find
.itemBody{
and add line
text-align: justify;

Top

Bleekk
Theme Designer
Theme Designer
Joined:
2002/12/14 9:13
From Vienna
Group:
Registered Users
Designer Group
Posts: 393
(Show More) (Show Less)
Topic | Forum


#8 Posted on: Yesterday 4:05 Re: text lines
Tiny content
for the moment nothing special or urgent to change tekst but it's a good thing to know how to format the space between lines.
My url : fla-ts.com



Top

fla-ts
Friend of XOOPS
Friend of XOOPS
Joined:
2005/1/4 11:03
From Belgium
Group:
Registered Users
Posts: 120
(Show More) (Show Less)
Topic | Forum


#9 Posted on: Yesterday 3:58 Re: text lines
what theme are you using? what text should be formatted?
do you have a link to your website?
it works with all languages

Top

Bleekk
Theme Designer
Theme Designer
Joined:
2002/12/14 9:13
From Vienna
Group:
Registered Users
Designer Group
Posts: 393
(Show More) (Show Less)
Topic | Forum


#10 Posted on: Yesterday 2:32 Re: text lines
In the html file !!
Don't think it will work in my language

Top

fla-ts
Friend of XOOPS
Friend of XOOPS
Joined:
2005/1/4 11:03
From Belgium
Group:
Registered Users
Posts: 120
(Show More) (Show Less)
Topic | Forum



Top
(1) 2 3 4 ... 29667 »



[Advanced Search]