Jump to content

All Activity

This stream auto-updates     

  1. Past hour
  2. @2020, my long lost twin 😀 It sounds like you're just like me, but quite a bit more advanced than what I know. I learned PHP code back in the late 90's... right after I learned how to fix people's broken Sony Walkmans. I'm still good at both: 90's PHP code, and fixing broken walkmans :-) Debugging code is the fun part. Just make sure you have ALL error reporting turned on, both PHP and mySQL, then start at the top few lines and comment everything out below and keep echoing stuff. When you uncomment the next block of code and you get errors, or a blank page, then that's where your first error is. This is a no-no, by the way: <?php echo $_SERVER['PHP_SELF']; ?>" (injection issues) And for your require('conn.php'), at least keep your conn.php up one level above public_html, like this: require("../conn.php"); And for housekeeping sake, I wouldn't have my form named the same as my button (both named "submit_link"). What the heck is mysqli_stmt_init.... I gotta look that one up. I'll learn something new today.
  3. I'm still waiting for my google links 😀 I'm trying to figure out what the % means in %{HTTP_HOST} and trying to figure out when to use the != 80 vs !https there are a thousand ways to do things, one is always better than the other. Trust me, there are NO tutuorials on how to do htaccess regex. The "documentation" might give a cursory example, and so basically it takes me about a full 8 hour day to learn each symbol. And, things like "redirectpermanent" is written sometimes, and "redirect permanent" is written sometimes. And sometimes it will go like redirect "/" "www.blah.com" and sometimes there will be no quotes... and they both work. That's not fair. Shouldn't have more than one way to do things. There should be a big tutorial, all on one page, with all that stuff on it. And, just because one knows a little regex, that doesn't mean you can suddenly write your own rewrite rules, because there are secrets..... big secrets... I'm getting to old to keep being a "copy-and-paster" where someone's one-page blog with ads all over the page for their stupid out-of-date GitHub page LOL. I need to learn and KNOW this stuff for myself :-)
  4. Oh, I learned something again. I used to do it this way: <?php require("../my_secret_file.php"); ?> (The ../ part tells PHP to go up to the directory just above the viewable public_html directory). But I like Barand's answer: by defining these hidden directories in your php.ini file, it's a bit more secure. Again, if some idiot switches off PHP at your Shared Hosting provider, everyone will be able to see the require("../my_secret_file.php") in plain text. Of course, they still won't see what's in the secret file, but they will know where it's at :-) You know those interviews they do on TV where the interviewee does not want to be seen.... so they have all the lights out. It's totally dark, and his voice is disguised. During the interview, someone accidentally comes in the room and switches on the light hahahaha. THAT can happen with PHP. And, of course, stuff like that happens while you are on a vacation, or in the middle of the night. So when you log into your site, all of a sudden you see your PHP code everywhere. Or.... worse, you go to your "www.my_supposedly_secure_page.com" and it DOWNLOADS to your desktop as a downloaded file.......THATS always fun. 😀
  5. Today
  6. Yesterday
  7. No, benanamen's code will not result in the same error. Try again.
  8. print "<p style='color:red;'>Could not delete the blog entry because :<br/>" .mysqli_error($dbc);
  9. print "<p style='color:red;'>Could not delete the blog entry because :<br/>' .mysqli_error($dbc)";
  10. Which of those 34 lines is line 97?
  11. Fatal error: Uncaught Error: Object of class mysqli could not be converted to string in C:\xampp\htdocs\php\delete_entry.php:97 Stack trace: #0 {main} thrown in C:\xampp\htdocs\ogani\delete_entry.php on line 97 <?php $dbc = mysqli_connect('localhost', 'root', ''); mysqli_select_db($dbc,'product'); if(isset($_GET['pname'])){ $query = "SELECT * FROM myproduct WHERE ProductName='{$_GET['pname']}'"; if($result = mysqli_query($dbc,$query)){ $row = mysqli_fetch_assoc($result); print '<form action ="delete_entry.php" method = "post"> <p>Are you sure you want to delete this entry?</p> <p><h3>' .$row["ProductName"]. ' </h3> </br> <input type ="hidden" name="pname" value="' .$_GET['pname'] . '"/> <input type ="submit" name="submit" value ="Delete this entry!"/></p> </form>'; }else{ print '<p style="color:red;">Could not retrieve the blog entry because :<br/> '.mysqli_error($dbc) .''; } } else if(isset($_POST['pname'])){ $query = "DELETE FROM entries WHERE ProductName= '{$_POST['pname']}'"; $result = mysqli_query($dbc,$query); if(mysqli_affected_rows($dbc) == 1){ print "<p> The blog entry has been delete.</p>"; }else{ print "<p style='color:red;'>Could not delete the blog entry because :<br/>' .mysqli_error($dbc)"; } } mysqli_close($dbc); ?>
  12. ...Yes. You know how you have your RewriteRule that sends a particular URL pattern to index.php? You do not have one for the new URL pattern. That means it won't go to index.php. And PHP cannot do anything if it doesn't get the request. You don't need any PHP for this. All you need is a new RewriteRule for the new URL, and it can still use your index.php with controller and action and id by simply specifying a default value for the one that's missing.
  13. so back to the question: location.href has solved my problem. My page scrolls to the named anchor when it is loaded. Excellent. Thank you.
  14. The best thing to do in my opinion is to just have a way to switch the active user of your session, and expose this functionality to administrators only. For example in my systems when an administrator looks up a user in the user listing there is a link called 'Impersonate' available to them. When clicked, this modifies the $_SESSION['UserId'] (where I happen to store my login info) value to that of the selected user and as a result the person is now "logged in" as that user. I also store the ID of the administrator in a separate session variable so when they "log out" it just returns them to their session rather than actually logging them out of the system. With this method there's no need to know your users password. There's no master password that could accidentally leak. You can control better who can use this functionally via permissions (we only let a small group of 'Super Administrators' do this).
  15. See how you have data-id='".$r['id']."' for your $r['id'] variable? Do the same thing with your direction variable. data-direction='".$r['direction']."' Then in your javascript code you can access these values via the dataset property on the element. onclick="newTransactionLine(this.dataset.id, this.dataset.direction)"
  16. Why can't your "High security" pages be just like your "Low security" pages, but with the extra checks? Doesn't make sense to me why you have to send them through some post request to the index page first.
  17. Hello @gw1500se Thank you for your post. If it helps I'm using https://github.com/apollonzinos/php-login-advanced, but quite modified version by my team, but that is the base. By Super Password you mean a Secondary Password that is Used for the User so the User will have his Normal Password he Entered and a Second Column in the DB for the Super Password so the Admin can Login or I'm understanding you wrong? Thanks
  18. I have a function in JS that i would like to pass 2 variables to. One is an int and one is a string. I am struggling to get the string part right as it needs to be wrapped in quotes. My code is : $out.="<div onclick='newTransactionLine(".$r['id'].",".$r['direction'].")' class='transactionItem btn $class d-block mb-2' data-id='".$r['id']."' >".$r['item']."<br/>£".$r['price']."</div>"; which outputs: <div onclick="newTransactionLine(1,OUT)" class="transactionItem btn btn-primary d-block mb-2" data-id="1">Adult Membership (£85)<br>£85.00</div> When i click the button that gets made, i get a reference error on the word out. I have no doubt it is very simple but i just cannot get this to work for me.
  19. Hard to say without knowing how you are managing your logins. However, you could change your login script to check for the user's password or a superuser password. You have to be careful how you do the latter and what you us as a superuser password to minimize the risk of being hacked.
  20. Hello, I have a PHP Login MySQL System which works perfect, however I would like to add a Functionality so that me as Admin can Login to Users Accounts. How can this be done, can you please help me? Many Thanks
  21. Tried this, again got an empty array and error code 126, 'command not executable', i'm suspecting this is some rights issue. <?php $path = realpath('swetest'); exec($path . ' -h', $out, $res); var_dump($out); echo $res; ?>
  22. Dear members, I have a self-inflicted problem but i do not know of a proper solution. My site is a subscription based members only website. Some pages are protected pages while others are low security accessible pages. This means that low-security pages only check the session for login. An example of low-security is a news article or press release. PHP on low-security pages just checks the session to see if the user is a logged in member. The low-security pages are accessed via standard hyperlinks with a constant address (e.g., place.ext/News). Protected pages, on the other hand, are hidden behind a post form which utilizes prg to send the request to the index page (place.ext). The requests are analyzed for tokens, timestamps, referrer, ip address etc. the user is checked in the database and the session data is compared to verify user login status etc. Such a design prevents me from using anchor names to jump to specific places in the page (place.ext#jumplink). I am trying to figure out a way to still use named anchors. I think that a session variable can be used to store the anchor name for jumping. Then i wonder if i could use javascript to actually make the jump? (document.location perhaps?) is there someway to use php for this task besides a session variable? has anyone done this before? i cannot think of a simple solution. Thabk you and Best Wishes.
  23. Thank you for your reply. For some invalid URLs i have created a class in php class Bootstrap{ private $controller; private $action; private $request; public function __construct($request){ $this->request = $request; if($this->request['controller'] == ""){ $this->controller = 'home'; } else { $this->controller = $this->request['controller']; } if($this->request['action'] == ""){ $this->action = 'index'; } else { $this->action = $this->request['action']; } } public function createController(){ // Check Class if(class_exists($this->controller)){ $parents = class_parents($this->controller); // Check Extend if(in_array("Controller", $parents)){ if(method_exists($this->controller, $this->action)){ return new $this->controller($this->action, $this->request); } else { // Method Does Not Exist echo '<h1>Method does not exist</h1>'; // This line can be changed, redirect to a method that exists return; } } else { // Base Controller Does Not Exist echo '<h1>Base controller not found</h1>'; // This line can be changed, redirect to a base controller that exists return; } } else { // Controller Class Does Not Exist echo '<h1>Controller class does not exist</h1>'; // This line can be changed, redirect to a controller class that exists return; } } } For the rest of invalid URLs an error message "Not found is thrown". I am thinking of handling this via htaccess because i am failed to find a solution for handling this via php.
  24. Last week
  25. Hi I use bootstrat treeview which is build upon a databse query. I have no idea how many nodes will apear at the treeview. I limit its size by using min-height and overflow-y:scroll in the css file it all looks good when the nodes are folded. but when i open a node it exceed the limit i declared. Does anyone has an idea how can i limit the height of the treeview no matter if nodes are expanded? Thank you
  26. I prefer using pdf-puppeteer for this job. It requires NodeJS but otherwise is fairly easy to setup. I uses a headless chrome instance to render the HTML into PDF so it supports fairly modern CSS (but not necessarily bleeding-edge). Render your template out to a temp file then pass that to the script to generate the PDF. Use a short JS script like this to handle the PDF generation const fs = require('fs'); const pdf = require('pdf-puppeteer'); const args = process.argv.slice(2); if (args.length < 2){ console.log('Usage: html2pdf source destination [options]'); process.exit(20); } const source = args[0]; const options = args.length === 2?JSON.parse(args[1]):{}; fs.readFile(source, 'UTF-8', function fileReadSuccess(err, data){ if (err){ throw err; } pdf(data, callback, options); function callback(pdfData){ console.log('PDF Data length: ' + pdfData.length); } }); Kick off the process with PHP using exec(). $cmd = $this->createCommandLine($source, $destinationPdf); exec($cmd, $output, $ret); if ($ret !== 0){ throw new \RuntimeException('Failed to generate PDF with command [' . $cmd . ']'); } $pdf = file_get_contents($destinationPdf);
  1. Load more activity
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.