QuickOldCar
Staff Alumni-
Posts
2,972 -
Joined
-
Last visited
-
Days Won
28
Everything posted by QuickOldCar
-
Using that just escaped the variables Because I wrote to only execute the queries if no errors...yes If you wanted to remove them for some reason you can, but then you need something like this instead of if (empty($errors)) { would do if($Genre && $Naam && $Jaar && $Regisseur){ or if(isset($Genre) && isset($Naam) && isset($Jaar) && isset($Regisseur)){ I doubt you want any empty columns in your database. Otherwise you should set a default in your database or the query fails Could be a custom default, NULL
-
Along with what cyberRobot said... For your own good, take a look at mysqli_real_escape_string() and protect those $_POST variables before using them in your query. Furthermore you should check all of those $_POST values are set and not empty. Some changes. <form id="form" name="form" method="post" action="Website2.php"> <p> <label for="Genre">Genre</label> <input type="text" name="Genre" id="Genre" /> </p> <p> <label for="Naam">Naam</label> <input type="text" name="Naam" id="Naam" /> </p> <p> <label for="Jaar">Jaar</label> <input type="text" name="Jaar" id="Jaar" /> </p> <p> <label for="Regisseur">Regisseur</label> <input type="text" name="Regisseur" id="Regisseur" /> </p> <p> <input type="submit" name="Verzenden" id="Verzenden" value="Verzenden" /> </p> </form> <?php if (isset($_POST['Verzenden']){ include("/path/to/database/connection");//<--database connection http://php.net/manual/en/function.mysqli-connect.php $errors = array(); if(isset($_POST['Genre']) && trim($_POST['Genre']) != ''){ $Genre = mysqli_real_escape_string($db, trim($_POST['Genre'])); } else { $errors[] = 'No Genre'; } if(isset($_POST['Naam']) && trim($_POST['Naam']) != ''){ $Naam = mysqli_real_escape_string($db, trim($_POST['Naam'])); } else { $errors[] = 'No Naam'; } if(isset($_POST['Jaar']) && trim($_POST['Jaar']) != ''){ $Genre = mysqli_real_escape_string($db, trim($_POST['Jaar'])); } else { $errors[] = 'No Jaar'; } if(isset($_POST['Regisseur']) && trim($_POST['Regisseur']) != ''){ $Regisseur = mysqli_real_escape_string($db, trim($_POST['Regisseur'])); } else { $errors[] = 'Regisseur'; } /*Hier hoeft geen verbinden meer gemaakt te worden met de database*/ if (empty($errors)) { $sql = "INSERT INTO Movies (Genre, Naam, Jaar, Regisseur) VALUES ('$Genre', '$Naam', '$Jaar', '$Regisseur')"; $resultaat = mysqli_query($db, $sql); if(!$resultaat){ echo 'No query resultaat'; } else { echo "De gegevens van $Naam zijn opgeslagen in de database."; } $verbreken = mysqli_close($db); } else { foreach($errors as $error){ echo "$error <br />"; } } else { echo "Hier kunt u iets toevoegen <br />"; } ?>
-
Need help with database query (I think?) WORDPRESS
QuickOldCar replied to drewhew's topic in Applications
You sure you want to tackle this? Entirely possible if that's what you want to do. Nothing uncommon there, if the data is in the database can be accessed and used. A little more advanced query, still possible. Is your goal to just sort your results in your theme? Is this a plugin that creates a directory? You explained your goal well, now just need to see some code,relevant database tables, current query. Any additional useful information would help. If you posted the sites url here or even in a message to me I would look at it. -
The option would be to host an irc server and load an irc based frontend. Some frontend suggestions. https://kiwiirc.com/ https://qwebirc.org/ http://www.lightirc.com/ I'll be as blunt as I can, to make irc actually be useful and secure it needs some work and also paid mods installed. While some attempted to make a php frontend for irc, I have found none that work well. It's not that easy for the polling/refresh, isn't made for php really.
-
I forgot to mention this. A lot of bots bypass many captcha out there. recaptcha is about the best right now because google changes the code frequently.
-
Warning: mktime() [function.mktime]: It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected 'America/New_York' for 'EST/-5.0/no DST' instead in /home/echoic5/public_html/captcha.php on line 6 That warning is displaying on captcha.php, so set your date_default_timezone_set(). While are at it might as well turn off error reporting on a production site. The header warning will go away as well. Also added at the end to destroy that temporary image that will consume your memory. <?php //Start the session so we can store what the code actually is. session_start(); error_reporting(0);//disable error reporting date_default_timezone_set("America/New_York");//set timezone //Now lets use md5 to generate a totally random string $md5 = md5(microtime() * mktime()); /* We dont need a 32 character long string so we trim it down to 5 */ $string = substr($md5,0,5); /* Now for the GD stuff, for ease of use lets create the image from a background image. */ $captcha = imagecreatefromjpeg("http://echoing.org/captcha.jpg"); /* Lets set the colours, the colour $line is used to generate lines. Using a blue misty colours. The colour codes are in RGB */ $black = imagecolorallocate($captcha, 0, 0, 0); $line = imagecolorallocate($captcha,233,239,239); /* Now to make it a little bit harder for any bots to break, assuming they can break it so far. Lets add some lines in (static lines) to attempt to make the bots life a little harder */ imageline($captcha,0,0,39,29,$line); imageline($captcha,40,0,64,29,$line); /* Now for the all important writing of the randomly generated string to the image. */ imagestring($captcha, 5, 20, 10, $string, $black); /* Encrypt and store the key inside of a session */ $_SESSION['key'] = md5($string); /* Output the image */ header("Content-type: image/jpeg"); imagejpeg($captcha); imagedestroy($captcha);//destroy the image and out of memory ?>
-
Good point Barand.
-
Newbie question about single quotes, double quotes, and {}
QuickOldCar replied to LazerOrca's topic in PHP Coding Help
Within single quotes php does not get parsed. Within double quotes php does get parsed, but if you try to insert a single quoted argument such as $_POST['value']...then you have to concatenate (escape it). While curly braces/brackets are used to escape variable expressions, it can also be used to concatenate. (only within double quotes) -
You can tackle this the way you are if ($diff == 0 || $diff == 1 || $diff == 2 || $diff == 3 || $diff == 4 || $diff == 5) { $point = 6; } elseif ($diff == 6 || $diff == 7 || $diff == 8 || $diff == 9 || $diff == 10) { $point = 4; } else { $point = 1; } echo $point; Make a switch switch ($diff) { case 0: $point = 6; break; case 1: $point = 6; break; case 2: $point = 6; break; case 3: $point = 6; break; case 4: $point = 6; break; case 5: $point = 6; break; case 6: $point = 4; break; case 7: $point = 4; break; case 8: $point = 4; break; case 9: $point = 4; break; case 10: $point = 4; break; default: $point = 1; } echo $point; Do a double array checking with in_array() $six_array = range(0, 5); $four_array = range(6, 10); if (in_array($diff, $six_array)) { $point = 6; } elseif (in_array($diff, $four_array)) { $point = 4; } else { $point = 1; } echo $point;
-
As mac_gyver stated, but a different approach. $numbers = range(1, 30); shuffle($numbers); $i = 0; while ($row= mysql_fetch_array($result)) { $lastname = $row["lastname"]; $firstname = $row["firstname"]; echo "<tr> <td class='results'>$numbers[$i]</td> <td class='results'>$firstname $lastname</td> </tr>"; $i++; }
-
Detecting Android tablets vs phones with User Agent
QuickOldCar replied to techman41973's topic in PHP Coding Help
I assume you are parsing from the user agent which does not determine which one it is. Instead you have to discover the devices screen size and judge for yourself by sizes which of your layouts you want to use. context.getResources().getDisplayMetrics(); http://bit.ly/1y9XIP9 -
$tData is replaced with $noStormMessage along with your style. Is a pile of ways you can go about this, here is just one of them. I have no idea what the value of $noStormMessage is, but you can add any style you wish or any tr,td //Set initial output to false $tData = false; $entries = simplexml_load_file($data); if(count($entries)): //Registering NameSpace $entries->registerXPathNamespace('prefix', 'http://www.w3.org/2005/Atom'); $result = $entries->xpath("//prefix:entry"); if(!$result){ $error = true; } foreach ($result as $entry): $updated = $entry->updated; if($updated == ''){ $error = true; } $Updated = date("D, M d, g:i a", strtotime($updated)); $summary = $entry->summary; if($summary == ''){ $error = true; } // Replaces all triple periods with single periods $summary = trim(str_replace('...', '.', $summary), '.') . '.'; //now capitalize every letter after a . ? and ! followed by space $Summary = preg_replace_callback('/([.!?*])\s*(\w)/', function ($matches) { return strtoupper($matches[1] . ' ' . $matches[2]); }, ucfirst(strtolower($summary))); $event = $entry->children("cap", true)->event; if($event == ''){ $error = true; } $effective = $entry->children("cap", true)->effective; $expires = $entry->children("cap", true)->expires; $updated = $entry->children("cap", true)->updated; $updateDate = date("D, M d, g:i a", strtotime($updated)); $effectiveDate = date("D, M d, g:i a", strtotime($effective)); $expiresDate = date("D, M d, g:i a", strtotime($expires)); $status = $entry->children("cap", true)->status; $severity = $entry->children("cap", true)->severity; $urgency = $entry->children("cap", true)->urgency; $area = $entry->children("cap", true)->areaDesc; include ('inc-alert-colors.php');// Let's assign the table some styles $tableStyle = "width: 100%; margin:0px auto; background-color:{$bkgColor};"; $td1Style = "{$tbrdr};{$sbrdr}; padding:2px 0px 2px 6px; background-image:url({$imagesDir}headerbgd2.gif); color:{$dtColor};"; $td2Style = "{$sbrdr}; padding:6px 0px 0px 6px; background-color:{$alertColor};"; $td3Style = "{$sbrdr}; line-height:5px; background-color:{$alertColor};"; $td4Style = "{$sbrdr}; {$bbrdr}; padding: 2px 6px 6px 6px; background-color:{$alertColor};";// construct data for table display $tData .= "<table style='{$tableStyle}' cellpadding='0' cellspacing='0'>\n"; $tData .= "<tbody>\n"; //If no storms were in the source, set no storm message if($error) { $tData .= $noStormMessage; } else { $tData .= " <tr><td style='{$td1Style}'><b>{$event}</b> <div style='float:right'><b>Updated: {$Updated}</b></div></td></tr>\n"; $tData .= " <tr>\n"; $tData .= " <td style='{$td2Style}'>Effective: <b>{$effectiveDate}</b> - Expires: <b>{$expiresDate}</b> - Status: <b>{$status}</b> - Severity: <b>{$severity}</b> - Urgency: <b>{$urgency}</b></td>\n"; $tData .= " </tr>\n"; $tData .= " <tr><td style='{$td3Style}'> </td></tr>\n"; $tData .= " <tr><td style='{$td4Style}'>Issued For: <b>{$area}</b></td></tr>\n"; $tData .= " <tr><td style='{$td4Style}'><strong>Summary:</strong> {$Summary}</td></tr>\n"; } $tData .= "</tbody>\n"; $tData .= "</table>\n"; $tData .= $afterTable; endforeach; endif; echo $tData;
-
Place this the top of your script to see if any errors. error_reporting(E_ALL | E_NOTICE); ini_set('display_errors', '1'); Try to echo items out or create a new errors array to see what's going on each step. Troubleshooting email issues is hard, can try phpmailer I use the api from http://www.stopforumspam.com/ which greatly reduces signups and email spammers. To block ip's $remote_ip = $_SERVER['REMOTE_ADDR']; if (strstr($remote_ip, ', ')) { $ips = explode(', ', $remote_ip); $remote_ip = $ips[0]; } $spam_ip = "http://api.stopforumspam.org/api?ip=".$remote_ip; $spamdata = @simplexml_load_file($spam_ip); if ($spamdata) { $spamarray = array(); $spamarray = json_decode(json_encode($spamdata), TRUE); if($spamarray['appears'] == "yes" ){ die('spammer'); } } To block emails $spam_ip = "http://api.stopforumspam.org/api?email=".$email; //use your email value $spamdata = @simplexml_load_file($spam_ip); if ($spamdata) { $spamarray = array(); $spamarray = json_decode(json_encode($spamdata), TRUE); if($spamarray['appears'] == "yes" ){ die('spammer'); } } There can be no output displayed to the broiwser before using a header redirect. You could try a meta refresh. echo "<meta http-equiv='refresh' content='0;http://www.immigrationsolicitorsmanchesteruk.co.uk/thankyou.php' />"; exit();
-
Add some style back around your $noStormMessage.
-
help for php download system. how can i make it?
QuickOldCar replied to novarahman001's topic in PHP Coding Help
Instead of using $_SERVER['REMOTE_ADDR'] I would use... $remote_ip = $_SERVER['REMOTE_ADDR']; if (strstr($remote_ip, ', ')) { $ips = explode(', ', $remote_ip); $remote_ip = $ips[0]; } -
help for php download system. how can i make it?
QuickOldCar replied to novarahman001's topic in PHP Coding Help
Can use mod_auth_token apache module https://code.google.com/p/mod-auth-token/ This is very old, but has what you are looking for. For your own good don't just use this exact code and run it. Use it as a guide of how to go about it. http://ardamis.com/2008/06/11/protecting-a-download-using-a-unique-url/ -
These may be useful as well. is_writable() chmod()
-
<?php $my_file = "/config.php"; if (file_exists($my_file)) { /* //adds a new line $write = fopen($my_file, 'a+'); //rewind($write);//append to top $message = "Mickey Mouse\r\n"; fputs($write, $message); fclose($write); */ //note the w, this will overwrite the entire contents $write = fopen($my_file, 'w'); $message = "Mickey Mouse\r\n"; fputs($write, $message); fclose($write); } else { echo "$my_file doesn't exist"; } ?>
-
You can add an error if anything was blank to show your default message. Since you populated $tdata with html it always has values. Just add an $error variable to anything missing, then check for $error to determine your custom message. //Set initial output to false $tData = false; $entries = simplexml_load_file($data); if(count($entries)): //Registering NameSpace $entries->registerXPathNamespace('prefix', 'http://www.w3.org/2005/Atom'); $result = $entries->xpath("//prefix:entry"); if(!$result){ $error = true; } foreach ($result as $entry): $updated = $entry->updated; if($updated == ''){ $error = true; } $Updated = date("D, M d, g:i a", strtotime($updated)); $summary = $entry->summary; if($summary == ''){ $error = true; } // Replaces all triple periods with single periods $summary = trim(str_replace('...', '.', $summary), '.') . '.'; //now capitalize every letter after a . ? and ! followed by space $Summary = preg_replace_callback('/([.!?*])\s*(\w)/', function ($matches) { return strtoupper($matches[1] . ' ' . $matches[2]); }, ucfirst(strtolower($summary))); $event = $entry->children("cap", true)->event; if($event == ''){ $error = true; } $effective = $entry->children("cap", true)->effective; $expires = $entry->children("cap", true)->expires; $updated = $entry->children("cap", true)->updated; $updateDate = date("D, M d, g:i a", strtotime($updated)); $effectiveDate = date("D, M d, g:i a", strtotime($effective)); $expiresDate = date("D, M d, g:i a", strtotime($expires)); $status = $entry->children("cap", true)->status; $severity = $entry->children("cap", true)->severity; $urgency = $entry->children("cap", true)->urgency; $area = $entry->children("cap", true)->areaDesc; include ('inc-alert-colors.php');// Let's assign the table some styles $tableStyle = "width: 100%; margin:0px auto; background-color:{$bkgColor};"; $td1Style = "{$tbrdr};{$sbrdr}; padding:2px 0px 2px 6px; background-image:url({$imagesDir}headerbgd2.gif); color:{$dtColor};"; $td2Style = "{$sbrdr}; padding:6px 0px 0px 6px; background-color:{$alertColor};"; $td3Style = "{$sbrdr}; line-height:5px; background-color:{$alertColor};"; $td4Style = "{$sbrdr}; {$bbrdr}; padding: 2px 6px 6px 6px; background-color:{$alertColor};";// construct data for table display $tData .= "<table style='{$tableStyle}' cellpadding='0' cellspacing='0'>\n"; $tData .= "<tbody>\n"; $tData .= " <tr><td style='{$td1Style}'><b>{$event}</b> <div style='float:right'><b>Updated: {$Updated}</b></div></td></tr>\n"; $tData .= " <tr>\n"; $tData .= " <td style='{$td2Style}'>Effective: <b>{$effectiveDate}</b> - Expires: <b>{$expiresDate}</b> - Status: <b>{$status}</b> - Severity: <b>{$severity}</b> - Urgency: <b>{$urgency}</b></td>\n"; $tData .= " </tr>\n"; $tData .= " <tr><td style='{$td3Style}'> </td></tr>\n"; $tData .= " <tr><td style='{$td4Style}'>Issued For: <b>{$area}</b></td></tr>\n"; $tData .= " <tr><td style='{$td4Style}'><strong>Summary:</strong> {$Summary}</td></tr>\n"; $tData .= "</tbody>\n"; $tData .= "</table>\n"; $tData .= $afterTable; endforeach; endif; //If no storms were in the source, set no storm message if($error) { $tData = $noStormMessage; } echo $tData;
-
Using PHP and MySQL to navigate a database
QuickOldCar replied to boomtree's topic in PHP Coding Help
Hard to explain how to build an entire site with a search and also pagination. First lets link you to the php tutorial so you can look it over, get familiar with some syntax and functions. http://php.net/manual/en/tutorial.php Instead of having just a single page with a table.... Can use a simple php template system or something like twig or smarty A framework like laravel or symphony for the more complex cms items. If the entire making a cms is too much, you can still produce a simple single page of any design you like with a search that could fetch data. All depends if you want users, single pages, be found in search engines and so on. You know...like a real website. You want to use mysqli_* or pdo for making connections and fetching data from your database Use phpmyadmin to aid in setting your tables up. Personally I would use MyISAM as the storage engine and fulltext in boolean mode to make the search process a lot simpler. Set the id column as primary and autoincrement, the rest of the columns name and select what type of data expect. For pagination there is an older tutorial at phpfreaks using the mysql_* functions which is the same idea. http://www.phpfreaks.com/tutorial/basic-pagination As for the search, the inserted search terms would become dynamic values in the query coming from the form and/or address bar. Depends if you use POST or GET in your form. Once you got something going feel free to ask particular questions on the forum. It's a lot easier to get help when ask a specific question and an example of code to go along with it. I can help you out with integrating the search aspect when get to that point. -
Not sure what is needed. The hidden values could be required, which the value of lt changes each visit. Or they could even be bot traps, no idea. It seems to me they make efforts to prevent what you are attempting.
-
help for php download system. how can i make it?
QuickOldCar replied to novarahman001's topic in PHP Coding Help
I see filehorse generating a link to a direct download with no expire. http://www.filehorse.com/download-avast-antivirus/download/ There are other sites that do that though, basically setting a token in a url that can be used once or expire in a certain amount of time. http://en.wikipedia.org/wiki/Tokenization_%28data_security%29 Sometimes their links are just their own custom versions of the hashed file locations or is an associated random token. The download locations and hash values could be saved in a database. Other methods such as sessions or cookies can be used as well with expires. When a user clicks the link they are directed to a script which uses the hash or by using the token id will know the files location. As well as the hash can also add timestamps for expiration times. -
I do see some hidden values their form as well <input type="hidden" name="lt" value="LT-124551-2fwqfTISmFTdVpZurniEq1EZD5bVqO" /> <input type="hidden" name="execution" value="e1s1" /> Try this. <?php $username = 'xxxxxxx'; $password = 'xxxxxxx'; $postinfo = array( "username" => $username, "password" => $password ); //now an array $fields = http_build_query($postinfo); //builds the query $cookie = "cookie.txt"; $ch = curl_init(); // extra headers $headers[] = "Accept: */*"; $headers[] = "Connection: Keep-Alive"; curl_setopt($ch, CURLOPT_HTTPHEADER, $headers); curl_setopt($ch, CURLOPT_HEADER, 0); curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "POST"); curl_setopt($ch, CURLOPT_URL, 'https://weblogin.asu.edu/cas/login'); curl_setopt($ch, CURLOPT_POST, count($postinfo)); //counts the array values curl_setopt($ch, CURLOPT_POSTFIELDS, $fields); //fields added curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)"); curl_setopt($ch, CURLOPT_COOKIESESSION, true); curl_setopt($ch, CURLOPT_COOKIEJAR, $cookie); $data = curl_exec($ch); if (curl_error($ch)) { echo curl_error($ch); } echo $data; curl_close($ch); //page with the content I want to grab after logging in (test after login works) /* curl_setopt($ch, CURLOPT_URL, "https://webapp4.asu.edu/myasu/"); curl_setopt($ch, CURLOPT_POST, false); $data = curl_exec($ch); if (curl_error($ch)) { echo curl_error($ch); } */ ?>
-
I made some changes $sql = "SELECT * FROM $tbl_name WHERE username = '$username' AND password='$password'"; $result = mysql_query($sql); $count = mysql_num_rows($result); $row = mysql_fetch_assoc($result); $user_level = $row['user_level']; if ($count == 1) { $_SESSION['loggedIn'] = true; if ($row['user_level'] == 1) { $_SESSION['user_level'] = 1; header("Location: admin.php"); exit(); } else if ($row['user_level'] == -1) { $_SESSION['user_level'] = -1; header("Location: banned.php"); exit(); } //default user //setting them a user level? header("Location: index.php"); exit(); } else { header("Location: login.php"); exit(); } Then the checking session <?php session_start(); if (!isset($_SESSION['loggedIn'])) { echo "You are not currently logged in and to view this page you must be logged in to have access. <a href='login.php'> You can login here </a>"; die(); } if ($_SESSION['user_level'] == -1) { //banned die("You are banned"); } if ($_SESSION['user_level'] == 1) { //admin //DO NOTHING } else { //not admin echo "Your not an administrator so you are denied access to this page."; die(); } ?>
-
When you are creating the sessions for being logged in also create a user_level one $_SESSION['user_level'] = 1;