Jump to content

perky416

Members
  • Posts

    177
  • Joined

  • Last visited

About perky416

  • Birthday 02/14/1988

Profile Information

  • Gender
    Male
  • Location
    West Midlands

perky416's Achievements

Regular Member

Regular Member (3/5)

0

Reputation

  1. Mistake? What if I am interested in all of them? Mistake? Sounds more like advice to me. Mistake? Nope...more advice. Mistake? Again....advice. Like I said...not finished. How do you know im not going to resolve the security problems? How do you know I didn't throw together the code for test purposes? You know absolutely nothing about what I am doing with my application. All you know is I had an issue with what I was trying to achieve with the sessions. The rest of the code is irrelevant for the sake of this thread. You gave me some "advice" about coding...how about I give you some advice on human decency...when somebody comes asking for help how about you actually help them instead of displaying overwhelming arrogance? Problem solved by the way....thanks for not helping me. Dont worry I wont be back...this clearly isnt the place for people to get help with problems. Its seems like just another forum where the geek with a few thousand posts thinks hes gods gift.
  2. What mistakes are you referring to? Your post seems more like advice rather than actually pointing out errors in the code? The script is still in development...it is no where near finished yet...the question in point was about session security...this is why i left out the irrelevant code in the first post.
  3. This is the code that echos the $_SESSION['username'] without the session_set_cookie_params and session_regenerate_id, but with these lines added it keeps re-directing me to my home page. Remove the re-direct and it still takes me to the members area but does not echo anything: session_set_cookie_params(time()+3600,'/','example.com',false,true); session_start(); session_regenerate_id(true); include('connect.php'); $error = array(); //validate login form if ($_POST['submit']){ !$_POST['username'] ? $error['error'] = "<div class='error'>Enter a username & password!</div>" : ""; !$_POST['password'] ? $error['error'] = "<div class='error'>Enter a username & password!</div>" : ""; $sql = "SELECT * FROM users WHERE username = '$_POST[username]'"; $query = mysqli_query($conn, $sql); $row = mysqli_fetch_assoc($query); if ($_POST['username'] && $_POST['password']){ $_POST['username'] != $row['username'] || md5($_POST['password']) != $row['password'] ? $error['error'] = "<div class='error'>Username or password incorrect!</div>" : ""; } $error = array_filter($error); if (empty($error)){ $_SESSION['username'] = $_POST['username']; echo "<script type='text/javascript'>document.location.href='members.php';</script>"; } } //if logged in re-direct to members area, otherwise re-riect to home page if (!isset($_SESSION['username']) && basename($_SERVER["SCRIPT_FILENAME"]) != "index.php"){ echo "<script type='text/javascript'>document.location.href='http://www.example.com';</script>"; } echo $_SESSION['username']; Using the following I am getting no errors: In script: error_reporting(E_ALL); ini_set('display_errors', 1); In php.ini: display_errors = On Yes I read ALL of it.
  4. I tried several things. Initially i had my script set up to redirect me to the home page if a user tries to access the members area without logging in. As soon as i added session_set_cookie_params and session_regenerate_id the script it was continually returning me to the home page. I then removed the redirect and echoed $_SESSION['username'] whiched displayed the value ok but stopped displaying it with session_set_cookie_params and session_regenerate_id. Thinking it may be some conflict with the login form i created a $_SESSION['test'] as soon as the page loads and again this displayed the value ok but with session_set_cookie_params and session_regenerate_id nothing.
  5. The $_POST['username']; is the username input from the login form and $error is defined in the error handling for the form. I didnt include them because that part of the code works fine.
  6. Hi Guys, I have a simple user login form that creates a session. It works perfectly however I am trying to make the session more secure by using session_set_cookie_params and session_regenerate_id. The code I am using is as follows: session_set_cookie_params(time()+3600,'/','example.com',false,true); session_start(); session_regenerate_id(true); if ($_POST['submit']){ //form validation and error handling go here but removed for the purpose of this post if (empty($error)){ $_SESSION['username'] = $_POST['username']; echo "<script type='text/javascript'>document.location.href='members.php';</script>"; } } With the session_set_cookie_params and session_regenerate_id the session is just does not appear to get created. Does anybody have any idea as to why this isnt working? Thanks
  7. Hi, Im not quite sure i understand how you are trying to organise your results. Is is like this.... [flidIconMedium][fldTitle][fldLink] As incubi1 says you will need a html table. If you show me how you want them displayed i dont mind nocking you up a table if your unsure. Thanks
  8. Hi mate, Take a look at this: http://www.youtube.com/watch?v=wC0uc_TkdR0 A very good tutorial on pagination. I know it covers the prev and next buttons, im not too sure if it can help with your other 2 problems though. You should check it out. Hope it helps.
  9. $dir_path = "/full/directory/path/"; $count = count(glob($dir_path . "*")); I believe you can replace the * with your file extensions if you only want to search for particular files.
  10. Hi everyone, Sorry i have posted a very similar question before however i believe it was a little difficult to understand so hopefully this is easier to get. Please could anybody tell me if it is possible to update table_1 if a field in table_2='whatever value'? EXAMPLE: mysql_query (UPDATE table_1 SET field_1='whatever' WHERE id='$id' IF field_from_table_2='whatever'); If the above is possible please could somebody point me in the right direction of how to word it correctly? Iv done extensive searches on google however i cant find anything that helps me. Many thanks.
  11. Hi Cflax, I had the same problem as you, i didnt want to use a cron job so I created a piece of code similar to the following, and i use include() to include it in every page, that way every time a page is loaded it checks the database to see if a listing has expired, then deletes it as required. $query = mysql_query("SELECT * FROM ob_listings"); while ($row = mysql_fetch_assoc($query)) { mysql_query("DELETE FROM ob_listings WHERE NOW() > expiry_date"); } expiry_date is the table field that contains the expiry date. Hope it helps
  12. Hi guys, I originally posted this in the regex section but as another member kindly showed me the problem is not to do with regex. I use the code bellow to validate that a domain name has a valid tld before submitting it to my site, however i have come across a problem, you can add domains such as "test.com.net" and "test.com.mobi.net.org". $tld_list = array('com','net','org','co.uk', etc..........); $label = '[\\w][\\w\\.\\-]{0,61}[\\w]'; $tld = '[\\w]{1,3}'; foreach($lines as $line) { if(preg_match( "/^($label)\\.($tld)$/", $line, $match ) && in_array($match[2], $tld_list )) { } else { $error[] = $line . " is not a valid domain!<br />"; } } Would anybody know how i can make it so that only 1 tld from the array is aloud? So if a user tried to add "test.com" or "test.co.uk" it would let them, however if they tried to add "test.com.net" it would throw up the error. Another member kindly gave me the following however i still cant get it to work, i have been on the php manual but cant seem to get my head around the preg_match with the $match value included. f(preg_match( "/^($label)\\.($tld)$/", $line, $match ) && (!in_array(substr($match[1], -3), $tld_list)) && in_array($match[2], $tld_list )) All help is greatly appreciated. Many thanks.
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.