Jump to content

QuickOldCar

Staff Alumni
  • Posts

    2,972
  • Joined

  • Last visited

  • Days Won

    28

Everything posted by QuickOldCar

  1. This site is designed to help people who currently have a question or a problem with code they already have. I suggest you start here to learn php. http://php.net/manual/en/tutorial.php
  2. After if(in_array($type, $allowed)) { save them as an array end loop check for not an empty array build your sql query statement using implode() from the array You could also build an array the failed ones and any error messages. I noticed you use die(), if you do that the loop will stop and not do anything else.
  3. Since not everyone does this and optional...I feel screenreaders should be using DOM or alternate methods to locate tags and their id,names,values...such as if no <label> present use it's name or value. On a side note: webaim and most likely others require adobe shockwave player which is an NPAPI plugin NPAPI plugins don't work on Chrome version 42 and higher so need to enable it. https://support.google.com/chrome/answer/6213033
  4. <?php $name = $_REQUEST['name'] ; $email = $_REQUEST['email'] ; $message = $_REQUEST['message'] ; mail( "admin@yoursite.com", "Feedback Form Results", $message, "From: $email" ); header( "Location: http://www.yoursite.com/thankyou.html" ); ?> Look at some mail examples from php.net Posting the code from your form could also help.
  5. Can you post your code here for us?
  6. From their forum they have this sql query. DELETE FROM ossn_messages WHERE(message_from='10' OR message_to='10') The number 10 would be the users guid. That query would delete all messages a certain user, modify to your needs, make any required forms or scripts to do as you require.
  7. If you are getting these values from a database can do something like this. $host = parse_url($src_url_from_database, PHP_URL_HOST); If this script runs each subdomain can use $_SERVER['SERVER_NAME'] Not sure what the uurl function does or how this works in your code without a slash between the host and directory <div id="social"> <a href="http://pinterest.com/pin/create/button/?url=http%3A%2F%2F<?php echo $_SERVER['SERVER_NAME'] . urlencode(uurl('view/stone/' . $this->stone->id, true)); ?>&media=http%3A%2F%2F<?php echo $_SERVER['SERVER_NAME'] . urlencode(url(Stock::image(User::id(true), $this->stone->id, 'originals'), true)) ?>&description=<?php echo urlencode(ucwords(strtolower($this->stone->name)) . ' '.ucwords(strtolower($this->stone->category)).' '.($this->stone->is_remnant ? 'remnant' : 'slab') .' sold by ' . $this->user->business . ' | Size: ' . str_replace('inch', '', str_replace('cm', '', str_replace('inches', '', Stock::dimensions($this->stone->width, $this->stone->height, $this->user->use_imperial)))) . ' x ' . Stock::thickness($this->stone->thickness, $this->user->use_imperial)) ?>" class="pin-it-button" count-layout="horizontal"> <img border="0" src="//assets.pinterest.com/images/PinExt.png" title="Pin It" /> </a> <div class="fb-like" data-href="http://<?php echo $_SERVER['SERVER_NAME'] . uurl('view/stone/' . $this->stone->id, true); ?>" data-send="false" data-layout="button_count" data-width="55" data-show-faces="false" data-font="arial"></div> <a href="https://twitter.com/share" class="twitter-share-button" data-text="<?php echo (ucwords(strtolower($this->stone->name)) . ' ('.ucwords(strtolower($this->stone->category)).') sold by ' . $this->user->business) ?>" data-lang="en" data-url="http://<?php echo $_SERVER['SERVER_NAME'] . uurl('view/stone/' . $this->stone->id, true) ?>" data-count="horizontal" data-via="slabbercms">Tweet</a> <?php if (!$this->small): ?>
  8. You can most likely cause havoc trying js and ajax using the window close event, I wouldn't. Not sure what session handler you use or what else have going on, you have them stored in a database. The session expire time, cache time and garbage collection should be handling this.
  9. You have your domain hard set, so all you need to do is replace those areas using parse_url() from the source url and find the host. parse_url($url, PHP_URL_HOST)
  10. If you want a good headstart your project...look at octobercms cms platform based on laravel.
  11. You want to crawl and scrape a website. Should ask the site owners permission or see if there are better ways to obtain the data, such as an api or feed. Use curl to connect and log in, pass the parameters and values as well with CURLOPT_POSTFIELDS. There are examples at the curl link. The best way is to scrape all href links on a page and store them into a database, from each of those links you scrape more until it can no longer find more. Can use parse_url or some sort of string match to determine if is from their domain. If you are doing one site and know the patterns for pagination or exact links, then it's best to write something that does just that. Store all urls into a database, use a unique constraint and mark them visited. Such as a 1/0 for true/false values. You then fetch the earliest timestamp that was not visited until are no more left. To sum it up you would initially visit a page, every time this script runs it will scrape all links on the page and also data you want from that particular page, then fetch a new url from database. Using a text file is inneficient and also has to remove duplicates. This is called parsing, you can grab the raw html from curl and use various methods, some are better tailored for specific items. As for the scraping data aspect: curl (to me is the best method to connect and can also follow redirects) file_get_contents (fast and easy, can create a stream context but still limited in what you can do, it will fail a lot) preg_match or preg_match_all simplehtmldom dom simplexml You will also have to fix relative urls, determine and convert/replace character,language and document encoding
  12. Time to use a database and do searches or fetch only the data you need.
  13. The $_SESSION['token'] always a new random, I added a check.. You also had a typo on $password as $passward <?php require_once 'init.php'; if(!isset($_SESSION['token'])){ $_SESSION['token'] = mcrypt_create_iv(16, MCRYPT_DEV_URANDOM); } if(isset($_POST['register'], $_POST['token'])) { if($_POST['token'] === $_SESSION['token']) { $email = trim($_POST['email']); $password = trim($_POST['password']); if(empty($email)) { $error = 'Email is required!'; } else if(empty($password)) { $error = 'Password is required!'; } else if(strlen($password) < 6) { $error = 'Password must be at least 6 characters long!'; } else { $findUser = $db->prepare("SELECT email FROM users WHERE email = :email"); $findUser->bindParam(':email', $email); $findUser->execute(); $resultFind = $findUser->fetchAll(PDO::FETCH_ASSOC); if(count($resultFind) > 0) { $error = 'The email already exists! Please try a different email!'; } else { //Hash the password as we do NOT want to store our passwords in plain text. $passwordHash = password_hash($password, PASSWORD_BCRYPT, array("cost" => 12)); $insertUser = $db->prepare("INSERT INTO users(email, password) VALUES(:email, :password)"); $insertUser->bindParam(':email', $email); $insertUser->bindParam(':password', $passwordHash); $resultInsert = $insertUser->execute(); if($resultInsert == false) { $error = 'There was a problem creating your account. Please try again later!'; } else { $success = 'Your account has been created.'; unset($_SESSION['token']); } } } } else { $error = 'The tokens do not match!'; } } ?> <h1>Sign up</h1> <form action="" method="post"> <fieldset> <input type="email" name="email" value="<?php echo $email; ?>" placeholder="Email" /> </fieldset> <fieldset> <input type="password" name="password" placeholder="Password" /> </fieldset> <fieldset> <input type="hidden" name="token" value="<?php echo $_SESSION['token']; ?>" /> <input type="submit" name="register" value="Sign up" /> </fieldset> </form>
  14. They make some really good bots these days, is obviously bypassing the mailchimp check. You can try your own ways before or during the signup form. Here is using stopforumspam and for known bad ip's, it will decrease the spam a lot. $remote_ip = $_SERVER['REMOTE_ADDR']; if (strstr($remote_ip, ', ')) { $ips = explode(', ', $remote_ip); $remote_ip = $ips[0]; } $spam_ip = "http://api.stopforumspam.org/api?ip=".$remote_ip; $spamdata = @simplexml_load_file($spam_ip); if ($spamdata) { $spamarray = array(); $spamarray = json_decode(json_encode($spamdata), TRUE); if($spamarray['appears'] == "yes" ){ die('spammer'); } }
  15. Since you already have a mysql database I would assume you know how to connect to that database and perform a select query. If not here is 2 links that can help you. http://php.net/manual/en/mysqli.query.php http://php.net/manual/en/pdo.query.php Once you have a loop of results you can echo the row value within an <a> tag and use the download attribute echo "<a href='".$row['link']."' download='".$row['link']."'>".$row['link']."</a><br />";
  16. Sure I can see a few reasons why not to. Can't get them back for one. Also doing a specific check for post or get may not always work here if a post form was submitted for a url with a get variable in it. I suppose using $_REQUEST isn't bad to do since holds all the values and have the whitelist. If was any concerns can make more checks and rules for it. <?php $request = $_REQUEST; $whitelist = array( "about", "category", "id", "page" ); if (isset($request['page']) && ctype_digit($request['page'])) { $page = $request['page']; unset($request['page']); } else { $page = 1; } if ($page <= 1) { $page = 1; } foreach ($request as $key => $value) { if (!in_array(strtolower($key), $whitelist)) { unset($request[$key]); } } if (empty($request)) { $amp = ""; } else { $amp = "&"; } $previous = $page - 1; $next = $page + 1; $query_string = "?" . http_build_query($request, '', '&') . $amp . "page="; if ($previous >= 1) { echo "<a href='" . $query_string . $previous . "'>Previous</a> "; } echo "<a href='" . $query_string . $page . "'><b>$page</b></a> "; echo "<a href='" . $query_string . $next . "'>Next</a> "; ?>
  17. Hello Jon welcome to the forum. Don't need a framework if can and don't mind writing all your own and it works. In a group work environment or required by a job may be good to know it. If ask me oop is no better than procedural and procedural is no better than oop, just a different way of thinking. I've seen good and bad coding in both. In the end that's what matters the most.
  18. $user_query= "INSERT INTO u992092914_trial( host, class, ttl, type, ip address, rname, mname, refresh, retry, expire, min ttl, txt), VALUES('$target', '$class', '$ttl', '$type', '$pri', '$target')"; There is 12 column names and only 6 values, you would have to set any to NULL values in the database if wanted to insert with a blank value These also have to match the data in their same orders. You are better off to insert only what has actual values. You may also want to browse the reserved words for mysql on this page so do not use them, or must `backtick` them https://dev.mysql.com/doc/refman/5.7/en/keywords.html host,type,expire are for sure reserved words Also suggest not using spaces for column names and use an underscore instead. Prepending them could work, such as my_columnname
  19. Along with http_build_query() as mac_gyver said...you can access the $_GET array and unset any do not want, or even do a whitelist array and use in_array() to exclude to only allow those. Always grab the page value and do w/e pagination do on it, like a +1 or -1. Simple example <?php $whitelist = array( "about", "category", "id", "page" ); if (isset($_GET['page']) && ctype_digit($_GET['page'])) { $page = $_GET['page']; unset($_GET['page']); } else { $page = 1; } if ($page <= 1) { $page = 1; } foreach ($_GET as $key => $value) { if (!in_array(strtolower($key), $whitelist)) { unset($_GET[$key]); } } if (empty($_GET)) { $amp = ""; } else { $amp = "&"; } $previous = $page - 1; $next = $page + 1; $query_string = "?" . http_build_query($_GET, '', '&') . $amp . "page="; if ($previous >= 1) { echo "<a href='" . $query_string . $previous . "'>Previous</a> "; } echo "<a href='" . $query_string . $page . "'><b>$page</b></a> "; echo "<a href='" . $query_string . $next . "'>Next</a> "; ?>
  20. Yes I see have to define those before the check if (isset($_POST['submit'])) { if want them displayed in the form at first.
  21. Change all $_SESSION['user_id'] to $_SESSION['user'] in your code
  22. The code is outdated and also not protected plus questionable multiple queries as to what are checking user with mysql versus a session value. Try this out, let me know if works or what doesn't work. I added a few comments. <?php session_start(); if (!isset($_SESSION['user_id'])) { header("Location: index.php"); exit; //use exit() so the script does not continue to run } include_once 'dbconnect.php'; //use mysqli or pdo, mysql is deprecated $customers = mysql_query("SELECT * FROM admin where user_id='" . $_SESSION['user_id'] . "'"); $customer = mysql_num_rows($customers); if ($customer == 1) { $row = mysql_fetch_assoc($customers); if (isset($_POST['submit'])) { //you should check if values exist and data you expect //you can check each one of these else make an error or keep values from database if (isset($_POST['new_realname']) && trim($_POST['new_realname']) != '') { $realname = $_POST['new_realname']; } else { $realname = $row['realname']; } if (isset($_POST['new_username']) && trim($_POST['new_username']) != '') { $username = $_POST['new_username']; } else { $username = $row['username']; } if (isset($_POST['new_email']) && !filter_var($_POST['new_email'], FILTER_VALIDATE_EMAIL) === false) { $email = $_POST['new_email']; } else { $email = $row['email']; } if (isset($_POST['new_password']) && trim($_POST['new_password']) != '') { $password = md5($_POST['new_password']); //use password_hash() and password_verify() } else { $password = $row['password']; //can't reverse hashed passwords to show in form } if (isset($_POST['new_address']) && trim($_POST['new_address']) != '') { $address = $_POST['new_address']; } else { $address = $row['address']; } //escape values before inserting with mysql_real_escape_string, mysqli_real_escape_string or pdo and prepared statements if (mysql_query("UPDATE admin SET realname='" . mysql_real_escape_string($realname) . "', username='" . mysql_real_escape_string($username) . "', email='" . mysql_real_escape_string($email) . "', password='$password', address='" . mysql_real_escape_string($address) . "' WHERE user_id='" . $_SESSION['user_id'] . "'")) { header("Location: ADeditprofile.php"); exit; } else { ?> <script>alert('error while updating you...');</script> <?php } } } else { echo "No user with that id"; } ?> <form method="POST"> <table border="0"> <tr> <td><input type="text" name="new_realname" value="<?php echo $realname ?>" /></td> </tr> <tr> <td><input type="text" name="new_username" value="<?php echo $username ?>" /></td> </tr> <tr> <td><input type="email" name="new_email" value="<?php echo $email ?>" /></td> </tr> <tr> <td><input type="password" name="new_password" value="" placeholder="Type if want new password" /></td> </tr> <tr> <td><input type="text" name="new_address" value="<?php echo $address ?>" /></td> </tr> <tr> <td><button type="submit" name="submit" value="submit">Update</button></td> </tr> </table> </form>
  23. Still need to fix your form. Are you asking how to create a more advanced form and then retrieve the post values into your create statement? Create the table(which you should check if table exists or not first) perform a query using INSERT in a statement to add them perform a query with a SELECT to fetch them.
  24. Besides your missing semicolon on line 3 that requinix pointed out... The values are not coming from a form, only the url value is. That url value would be used to connect to the url with something like curl to obtain this data If you expect multiple values in a field, you should have an additional table and linking to that columns id. Forget php_self even exists, is insecure. You can leave the action empty if is going to the same script. Plus you forgot a double quote originally. <form action="" method="post"> Another error this line. <input type="text" name="url">
  25. window.location.href='rfi-files.php?id=<?php echo $no;?>';
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.