PHPFAN10

Hi, Managed to solve it, I changed it to: RewriteRule ^verify/([a-z0-9]+)?$ user-verify.php?key=$1 [NC,L] and did not add the: RewriteCond %{ENV:x} !yes Thanks AyKay47, much appreciated, without your example i could not have sorted it, much appreciated. Thanks phpfan

DELETE PLEASE (SORRY)

Hi, I have a url like: http://www.example.com/user-verify.php?key=(40 alphanumeric characters here) I want to Rewrite it so it displays like this: http://www.example.com/verify/(40 alphanumeric characters here) Could anyone help in making the Rewrite Rule please ? I did look at the cheat sheet in sticky and cannot work it out. Note sure if it makes any difference to the RewriteRule, but i want it so if someone types url in like: http://www.example.com/verify/ (without a 40 char key) it will load the user-verify.php page still, as my php code displays an invalid activation key if one has not been specified. Whilst i am at it, can i ask how i stop links in my posts being automatically linked ? , i'm sure someone said to me use example.com so they don't get parsed as urls but seems to be parsing them for me. Thank you, phpfan

Hi, Thanks for your time and effort, i marked this topic solved as i am getting help somewhere else on it now, dont mean to sound nasty or anything by that. Something on what you posted: activation key is always 40 characters in length as i use sha1, therefore because it will always be the same length you would use CHAR(40) not VARCHAR(150) as your wasting space and although i don't know all the technicalities, it's poor practice/design and to my knowledge can slow down the database. Using $_REQUEST, now i'm no expert but i always learnt to avoid using $_REQUEST as much as possible, i use $_POST, $_GET, $_COOKIE individually when needed. Also i am not using the old mysql, i am using PHP PDO. But thanks, still appreciate all your time and effort. phpfan

What do you mean exactly ? perhaps giving an example, if that is ok of course. As mentioned, this code is how you put PDO into exception mode: $dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); When you do that, then whenever there is an error PDO will throw a PDOException which will then be caught by your try/catch block. Great! Thanks so much for explaining .... So basically because i have PDO in exception mode, i don't need to do if statement on execute() because if it failed it will be caught by the catch block ? and then my function will obviously log it. To my understanding now, use try and catch blocks when i want to catch an error, not nessecary syntax errors because obviously they should be fixed in development with php errors to display all errors and log them, but i guess if i'm thinking rite now that use try and catch blocks when theres a possibility that something may not happen or go as planned and by using a try and catch block we can catch the error and log it. I hope i am thinking rite now after your much appreciated effort in explaining to me. I'm hopeless at explaining and can confuse people so sorry if i have done. Thanks, phpfan

Hi, Thanks for the reply much appreciated. When you say: What do you mean exactly ? perhaps giving an example, if that is ok of course. Basically in the sample code i gave, in the catch block i call a function ExceptionErrorHandler() this basically logs an error to file. Apart from that i have not changed any configuration options so PDO to use exceptions, not sure what you mean exactly by that ? and when you say When you say using exception mode, do you mean ... using try and catch block ? again sorry if i sound dumb. In my sql_con() function i have it set to: $dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); So you know what my ExceptionErrorHandler does, i have provided it below: ( i use the below function in a catch block so i can catch an error and log it to a .txt file and display a friendly message to user and not any valuable details thats could compromise my database for example) <?php #################################### # Exception Handler Error Function # #################################### function ExceptionErrorHandler ($e) { // get pdo error log location to store pdo errors in global $pdo_exception_error; // display user friendly error message echo '<h2>Holy Mother of God </h2>'; echo '<p>Don\'t get angry and don\'t cry. We was unable to fulfill your request at this time. Please try again. '; echo 'If the problem persists please try again later.</p>'; // log all the below errors, do not show to users $e->getMessage(); // get error code, 0, as we didn't pass a code along as second parameter $e->getCode(); // location of file $e->getFile(); // get line error occured on $e->getLine(); // get current date time (server set date/time) and add to error $date = date('d/m/Y H:i:s'); // log error to file // file name and location, can be altered in config.php $FileName = $pdo_exception_error; // open file for writing; a = append to file (keeps any existing date in file and appends to it) $FileHandle = fopen($FileName, 'a'); // write error to file fwrite($FileHandle, "[$date] - ".$e."\n\n"); // close file after finishing with it fclose($FileHandle); } ?> Thanks for your time and help, much apprecaited! phpfan

Hi, I did put a key in the quotes intentially on this line users_status.user_activation_key = ' ' i put a key in it knowing it exists in database aswell, this part .USER_STATUS_ACTIVE.", that is a constant from the constants.php file and is included and does work. I have asked on another site and i we are getting close to the problem but thanks for helping, much appreciated! Cheers! phpfan. PS: Yeah reading other peoples scripts is a great way to learn web development and then testing yourself is the only real way you will ever get to understand how something works, hence why i love the challenge.

Hi, I will take a look so i can study the code and learn from it but the only way to learn is by doing it yourself i love a challenge, i could use many scripts but love the challenge doing it myself. But thanks for the links will take a good look at them Also will mark this topic solved as know why im getting that error. Thanks phpfan

Well, it was working to some extent but not quite now in my actual php code for some reason, getting an error: [15/04/2012 18:24:34] - exception 'PDOException' with message 'SQLSTATE[23000]: Integrity constraint violation: 1062 Duplicate entry '' for key 'user_activation_key'' in C:\wamp\www\user-verify.php:53 Stack trace: #0 C:\wamp\www\user-verify.php(53): PDOStatement->execute(Array) #1 {main} Not sure why as the user activation key column is unique so not sure what it means Doh! but to answer your question, i did build a fully pledged member system site when i first started to learn PHP, since then i have learnt a ton and decided to do another membership site based on web development, but with better database design, more efficent coding, using PHP PDO etc, not learnt OOP yet and won't be until i feel i have learnt more about PHP PDO first.

YAY! This worked, thank you! I remove the ticks ` and its all dandy now UPDATE users JOIN users_status ON users_status.user_activation_key = '959e1a8dc42fd836a84160a7ec45ad12221fef3c' SET users.user_status = 1, users_status.user_activation_key = NULL WHERE users_status.user_uid = users.user_uid Thank you! phpfan

I dont know what happened then, I tried with the WHERE clause aswell and got same error. [Err] 1054 - Unknown column 'users.user_status' in 'field list' UPDATE `users` JOIN `users_status` ON `users_status.user_activation_key` = '959e1a8dc42fd836a84160a7ec45ad12221fef3c' SET `users.user_status` = 1, `users_status.user_activation_key` = NULL WHERE `users_status.user_uid` = users.user_uid Thanks phpfan

DELETE

Hi, If i remove the LIMIT 1, i get the following error: [Err] 1054 - Unknown column 'users.user_status' in 'field list' Now this table does 100% infact exist on the `users` table. I think it is trying to look in the wrong place maybe in the query Thanks phpfan

Hi, I run the query in Navicat and entered an activation key that i knew existed in database to see if it would work and got the following error: [Err] 1221 - Incorrect usage of UPDATE and LIMIT UPDATE `users` JOIN `users_status` ON `users_status.user_activation_key` = '959e1a8dc42fd836a84160a7ec45ad12221fef3c' SET `users.user_status` = 1, `users_status.user_activation_key` = NULL AND `users_status.user_uid` = `users.user_uid` LIMIT 1 Thank you, phpfan

Hi, This query would not work because there is no ON clause. It can only be allowed to update based on the condition that the `user_activation_key` in the `users_status` can be found based on value from $_GET and also based on the condition that the `user_uid` in the `users_status` table matches the `user_uid` on the `users` table, these condtions need to match. The query you gave has no ON clause. Thanks for your help.

Hello, I have an SQL statement that is failing. Basically it needs to UPDATE `user_activation_key` to NULL on the `users_status` table but also UPDATE `user_status` on the `users` table based on the condition that the activation key (which is taken from a $_GET) matches an activation key in the `users_status.user_activation_key` and that the `users_status.user_uid` also matches the user id in the `users.user_uid`. Probably best to just show the SQL statement, i am new to joins so not good yet at knowing how to write the SQL statements properly and correctly. UPDATE users.user_status, users_status.user_activation_key SET user_status = ".USER_STATUS_ACTIVE.", user_activation_key = NULL JOIN users ON users_status.user_activation_key = ? AND users_status.user_uid = users.user_uid LIMIT 1 When i visit the script in my browser the SQL statement fails as i have written it incorrectly and not sure what i am doing wrong, here is the error my catch block and exception error handler logs: [15/04/2012 16:06:30] - exception 'PDOException' with message 'SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'JOIN users ON users_statu' at line 7' in C:\wamp\www\user-verify.php:73 Stack trace: #0 C:\wamp\www\user-verify.php(73): PDOStatement->execute(Array) #1 {main} Thanks for any help!

Hi, Thanks for replying. I already have it set to: $dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); My confusion is in my try block i try to check if a username exists on the users table and user ban list table, it then gets executed using execute(), now my confusion is why would i use an if statement around the execute() as shown in my code ? I thought if the execute() failed it would be caught in the catch block, but seeing examples online i see people wrap the execute() in an if statement as illustrated in my code. and back to my questions: 1) In example code, why is it i would use an if statement on execute() ? (if it failed to execute shouldn't it be caught in the catch block ? ) 2) What could cause the execute to fail ? 3) and why if execute failed it would not be caught by catch block ? I am confusing myself somewhere and am not quite getting it, hence my questions. Basically anything caught in the catch block in example code is written to a log file, in example code in catch block i call my function ExceptionErrorHandler($e);, this function writes any error to file. Hopefully i have explained better. Thanks for any more replied and thanks for replying!

Hi, Below i have some sample code and am confused over execute(), i have the code below in a try and catch block, in the catch block i call a function i created to log any error that is caught in catch block to a .txt file. I then looked online and it seems that i should do an if statement check on execute to ensure it executed the query, the part that confuses me if the execute failed i thought it would be caught in the catch block but it seems that is not the case. To explain better i have commented the code in depth on the area that i am confused about. Any help in making me understand would be great. I have not included all code above try and catch to keep things simple <?php try { // connect to database $dbh = sql_con(); // checke if username exists on users table or users banlist table $stmt = $dbh->prepare(" SELECT users.user_login FROM users WHERE users.user_login = ? UNION ALL SELECT users_banlist.user_banlist FROM users_banlist WHERE users_banlist.user_banlist = ?"); // this is the part i am confused with, why is it i would use an if statement on execute() ? // i thought using a try and catch block any errors would be caught in the catch block. // using an if statement to check if execute() worked, i thought if execute failed it would // be handled by the catch block, i mean in my exmaple code here, what could cause the execute to fail ? // and why if execute failed it would not be caught by catch block ? // i am looing at exmaple online and i am reading different things and its all confusing me // execute query if(!$stmt->execute(array($username, $username))){ echo 'something went wrong .. '; } else { // execute worked } } // if any errors found log them in my ExceptionErrorHandler() function and display friendly message catch (PDOException $e) { // this function catches an error and logs them to file ExceptionErrorHandler($e); require_once($footer_inc); exit; } } ?> Thanks or any help!

Hi, I decided to build my own CMS. It's like a blog but with groups, users etc. Basically i have been developing it for past day and so far everything is working as expected. Currently when adding a new post to the site i have a dynamic category that displays all categories from database and i then select which category i want they post to appear in. The problem i am having is how do i go about making it so i can select more than one category for the post to display in ? I have searched high and low online for a tutorial that could perhaps explain the concept but so far cannot find anything. Here is my database design as it stands, it will be altered slightly and improved as i add new things etc but at the moment this is the design Uploaded with ImageShack.us as you can see i have a categories table and posts aswell as the others tables but wondering if someone could explain the concept on what i would need to do to make it so i can select multiple categories. another concept i don't know how the logic works is, if i delete a category and there are posts in that category what logic would a developer use to keep the post but perhaps place it in another category ? Thanks for any help. PHPFAN

WOW! Thank you AyKay47, This looks much better and easier to deal with! THANKS! PHPFAN

Hi, Basically i will look into that further as i got the regex online somewhere. Basically i wanted the file name to be no longer than 100 chars in length, and that the extension part of the file like .jpg only contains the . (dot) and alphabetical characters and that only alphanumeric and - _ are allowed in file name. The SiteErrorMessages(); function is used globally on my localsite and it basically styles the errors in a red error box that also displays an X image to the left of errors. This is just for the purpose of styling all errors using a global function instead of having to use the same code over and over in each web page. Thanks for the comment. Was good to see you say it looks well organized and with good logic. I will see if anyone else replies incase there is something i have overlooked/forgotton but thanks for taking the time to reply. Cheers! PHPFAN

Hi, I am playing around with file uploads, not really done anything in terms of file uploads before with php. I created the following script and wanted to know if it is secure enough ? It could be improved like with resize image if over allowed size and check to ensure an image name does not already exist in image directory but want to keep it simple but most importantly secure, this is only just for learning purposes so i can learn more about php file uploads. could someone tell me if it's secure enough or has any vulnerabilities ? I have tested myself in FireFox with LiveHTTPHeaders and i manually altered the headers and it seems to be secure but being no pro i don't want to think i have it secure or overlooked something. <?php // check if form has been submitted if (isset($_FILES['image'])) { // initialize errors array $errors = array(); // allowed extensions array $allowed_ext = array('jpg', 'jpeg', 'png', 'gif'); // allowed extensions mime type array // a malicious user can tamper with headers so checking header is useless but is here // as an additional security check although it cannot be relied upon $allowed_ext_mime_type = array('image/jpg', 'image/jpeg', 'image/png', 'image/gif'); // maximum file size (bytes) => 2MB = 2097152 $maximum_file_size = 2097152; // maximum width and height of image $max_image_height = 500; $max_image_width = 500; // file upload directory $file_upload_dir = '../images/upload/'; // file information $file_name = $_FILES['image']['name']; $file_type = $_FILES['image']['type']; $file_ext = strtolower(end(explode('.', "$file_name"))); $file_size = $_FILES['image']['size']; $file_tmp = $_FILES['image']['tmp_name']; if ($_FILES['image']['name'] == "") { $errors[] = 'Please select an image file to upload'; } if ($_FILES['image']['error'] == UPLOAD_ERR_FORM_SIZE) { $errors[] = 'File size is to large. Maximum file size is 2MB'; } if ($_FILES['image']['name'] != "" && !in_array($file_ext, $allowed_ext) && !in_array($file_type, $allowed_ext_mime_type)) { $errors[] = 'Only jpg, png and gif image formats are allowed'; } if ($file_size > 2097152) { $errors[] = 'File size is to large. Maximum file size is 2MB'; } if ($_FILES['image']['name'] != "" && !preg_match('/^([a-zA-Z0-9_-])*.([a-zA-Z]){2,100}$/i', $_FILES['image']['name'])) { $errors[] = 'File name must be alphanumeric but may also contain <strong>- _</strong>'; } // if no validation errors found safe to continue if (empty($errors)) { // check if file is uploaded via http post if (is_uploaded_file($file_tmp)) { // give file a new name $file_new_name = sha1(uniqid(time(), true)); // get image dimensions $image_dimensions = list($width, $height) = getimagesize($file_tmp); // check image width and height are not to large if (($width > $max_image_width) or ($height > $max_image_height)) { echo 'Image dimensions must not exceed ' . $max_image_width . 'px x ' . $max_image_height . 'px'; exit; } // file directory and new filename $file = $file_upload_dir . $file_new_name . '.' . $file_ext; // if uploaded via http post move uploaded file to directory if (move_uploaded_file($file_tmp, $file)) { $image_display = '<img class="profileimgright profileimgframe" src="' . $file . '" width="' . $width . '" height="' . $height . '" alt="profile image" />'; $success_text = '<p><b>' . htmlentities($file_name) . '</b> was uploaded successfully</p>'; // else if file could not be moved display an error } else { echo 'A problem occured during file upload. Please try again'; } // file was not uploded via http post, possibly malicious so display an error } else { echo 'A problem occured during file upload. Please try again'; } } else { // errors found, display them foreach ($errors as $error) { $SiteErrorMessages .= "$error <br />"; } } } ?> <h1>Image Upload</h1> <?php // if errors found display them here if( isset( $SiteErrorMessages ) ) { echo SiteErrorMessages(); } // if image uploaded successfully display image and success text if( isset( $image_display, $success_text ) ) { echo $image_display; echo $success_text; } ?> <form action="<?php echo basename(__FILE__); ?>" method="post" enctype="multipart/form-data" id="frmcontact"> <fieldset> <input type="file" name="image" class="textboxcontact" /> <input type="submit" value="Upload" class="submitcontact" /> <input type="hidden" name="MAX_FILE_SIZE" value="2097152" /> </fieldset> </form> Thanks PHPFAN

Hi King Phillip, That looks quite alrite i must say. Did not think of that. Thanks!

Hello, Thanks for the reply, i will take a look at Twig, sounds great and the sort of thing i am after Thanks. anyone else have any other examples or alternatives to Twig? , no disprespect to poster above obviously, just want to see what's out there. Thanks PHPFAN

Hi, Hope this is the correct board to post this in. Currently when building websites (projects of my own) i tend to do develop around a site template as shown below, i was taught this by a friend and don't really no of any better way. Take this example: <?php // Include config.php require_once("".$_SERVER['DOCUMENT_ROOT']."/lib/config.php"); // top.inc.php require_once($top_inc); ?> <!-- Meta start --> <title>PAGE TITLE HERE</title> <meta name="description" content="PAGE DESCRIPTION HERE" /> <meta name="keywords" content="PAGE KEYWORDS HERE" /> <!-- Meta end --> <?php // main.inc.php require_once($sidebar_inc); ?> <!-- CONTENT HERE --> my php and html code for particular page here <!-- CONTENT FINISH --> <?php // footer.inc.php require_once($footer_inc); ?> Problem with this type of site template for me is i hate it really really hate it. Why? For example if i wanted to created a sign up page i would simply start by adding my form between the <!-- content here --> and <!-- content finish --> and above the html i would place my php code to process the sign up webpage. To show you what i mean take a look: <?php // Include config.php require_once("".$_SERVER['DOCUMENT_ROOT']."/lib/config.php"); // top.inc.php require_once($top_inc); ?> <!-- Meta start --> <title>PAGE TITLE HERE</title> <meta name="description" content="PAGE DESCRIPTION HERE" /> <meta name="keywords" content="PAGE KEYWORDS HERE" /> <!-- Meta end --> <?php // main.inc.php require_once($sidebar_inc); ?> <!-- CONTENT HERE --> <?php // check if form been submitted if(isset($_POST['submit'])){ // validate, sanitize date etc $name = $_POST['name']; $email = $_POST['email']; $password = $_POST['password']; // blah blah blah and the rest etc } ?> <h1>Signup to <?php echo $websitename; ?></h1> <form method="post" action="<?php echo basename(__file__); ?>" id="signup-form"> <label for="name">Name</label> <input type="text" name="name" id="name" value="<?php if(isset($name)) { echo $name; } ?>" /> <label for="email">Email</label> <input type="text" name="email" id="email" value="<?php if(isset($email)) { echo $email; } ?>" /> <label for="name">Password</label> <input type="text" name="password" id="password" value="<?php if(isset($password)) { echo $password; } ?>" /> </form> <!-- CONTENT FINISH --> <?php // footer.inc.php require_once($footer_inc); ?> Problem is i am despising the way i currently do things. Reason is i am mixing php with html and vice versa and although it looks pretty clean in example above when you have several hundred lines of code mixed php, html it is a nightmare to read through, ok for a small site but i like to build upon existing projects so something like the above is just a no no for me. In my examples above my config.php file contains $variables like for site name, website address, email addresses etc and has some includes() in the config.php file that includes() some other files like db.inc.php (function), paths.inc.php file, functions.inc.php file and so on and so on. I would like to ask all developers out there how do you do it? i really need to change the way i do things, i don't know OOP so that's out of the window for now as i am still learning the non OOP stuff and don't want to over do it. I am just finding this type of layout/template (what ever you would like to call it) very frustrating. I know there are things like smarty out there but have already looked at smarty, codeignitor etc and find them to be overwhelming and feels like a a programming language of there own that i would need to learn. Thanks for any advice, tips etc. PHPFAN