Jump to content

mac_gyver

Staff Alumni
  • Content Count

    4,239
  • Joined

  • Last visited

  • Days Won

    108

Everything posted by mac_gyver

  1. mac_gyver

    Use dropdown box to filter data on same page

    the example i posted was just that - did you add the logic needed to do what sKunKbad mentioned in post #2?
  2. code using http_build_query would look like this - // inside your loop that is producing the output grid of products - $ref['expand'] = $wherever_you_are_getting_these_values_from_now; // e.g. Yellow@Tint@(N-P) $ref['first'] = $wherever_you_are_getting_these_values_from_now; // e.g. 10@Hearts@_@Arrows $ref['second'] = $wherever_you_are_getting_these_values_from_now; // e.g. Yellow@Tint@(N-P) $ref['level'] = $wherever_you_are_getting_these_values_from_now; // e.g. 3 $link_text = $wherever_you_are_getting_these_values_from_now; // the text for the link, e.g. Yellow Tint (N-P) $qstring = http_build_query($ref, '', '&'); echo "<a class='topseltxt' href='gem.php5?$qstring'>$link_text</a>";
  3. yes, those settings in your main code, provided some of your code after that point isn't further altering those settings, will show all runtime errors and fatal parse errors in any files being included by your main code. edit: i still see a lot of non-urlencded @, (, ), -, and possibly spaces in links. the values that go into the links for the level= www, expand= xxx, first= yyy, second= zzz, must be urlencoded. i recommend that you use one of php's functions like http_build_query to make the query string. you would have an array of the values, then just call http_build_query (it takes the & or & separator you supply and does the urlencoded of the values for you.)
  4. mac_gyver

    Password Reset Not Working

    i'm wondering why you removed the $salt value from being the 4th parameter to the updateUserPassword() call? if you didn't also move the generation of that value into the updateUserPassword() function itself, your code is not going to work.
  5. mac_gyver

    Email script sending blank email

    your code isn't supplying any data in the .post() method. you need to add $(this).serialize() to get all the form fields/values. untested but should work - $.post($(this).attr('action'),$(this).serialize(), function(data) {
  6. mac_gyver

    Password Reset Not Working

    you need to duplicate, as in copy/paste, the form code from the registration form for the password field, to use in your password reset form for the password field. the processing that is done on the password must be the same, regardless of it being for registration or password reset.
  7. mac_gyver

    Email script sending blank email

    because of your use of the json output, i suspect you are using ajax to submit your form and either the data value aren't being submitted at all or you are submitting it as get data. what is the entire code for your form page?
  8. are you still getting a syntax error in the httpd.conf file? if so, it's possible you copy/pasted the line(s) into that file from somewhere and they actually have something like smart/curly-quotes, which is breaking the syntax. i would retype all the quotes to make sure they are simple/straight ' or "
  9. mac_gyver

    Password Reset Not Working

    you have to determine what your code is doing in the instance of it running when it doesn't work, especially since you made a correction to the code. there's no way the posted code could have updated anything with the $user_id and $salt values reversed. that would mean that you had a row in your members table with an id = a_random_salt_value. the only way that code could have worked is if your code calling the updateUserPassword() function had those two values swapped from what you have shown in the code, but then it's unlike that your checkEmailkey() function call using the $user_id would have worked.
  10. mac_gyver

    Password Reset Not Working

    my post above mentions three different things to check. the point of programming is to get a general purpose computer to do what you want. debugging that programming involves finding where the computer is doing what you want and where it is not. you have to check, starting at the beginning of your current process (updating a stored password/salt and then logging in using that newly updated password/salt), what the data and program execution are doing at each step along that process, until you find the point where they are not doing what you expect. since your salt/user id values were previously reversed, have you deleted the bogus row(s) from your table(s), registered a new user, and started the testing process over knowing that the registered user can log in at all, then tried to change his password? a word about the login script you found. it is just a demonstration of the concepts that someone came up with for their idea for a secure login script. it is lacking things like a verbose debugging mode/logging and complete error checking that a final/finished 3rd party login script would have. there are several conditions in the login function that could cause it to fail, but there's no indication given as to the exact reason why it failed.
  11. mac_gyver

    Password Reset Not Working

    have you done anything to determine what your code and data are doing? are the values being passed to that function what you expect? is the correct row in the database table being updated? when the login function is being called, at what point is the logic in it failing?
  12. mac_gyver

    Password Reset Not Working

    the order of your ? parameters in the UPDATE query and the variables being bound must match. in your updateUserPassword function, you are binding the $password variable to the first ?, the $user_id to the second ?, and the $salt to the third ? in the following - if ($stmt = $mysqli->prepare("UPDATE members SET password = ?, salt = ? WHERE id = ?")) { //$password = hash('sha512',trim($password) . $salt); $password = hash('sha512', $password . $salt); $stmt->bind_param('sis',$password, $user_id, $salt);
  13. if you don't have a php.ini file, just create one (note what the faq says, it only affects the folder it is in, so if you have multiple levels of folders, you will need to copy the php.ini to all the folders you want it to affect.) you should only need to do this for the folder where your gem.php file is at. in a header() redirect, the & just needs to be &. in a link that is output to a web page, the & should be & (the & html encoding only has meaning in a html page.) when a link containing a & is submitted, it will be converted by the browser to a literal & and that is what will appear in the address bar.
  14. that you could not find a php.ini file, doesn't mean you cannot use one. have you checked your web host's FAQ section? given that you have web hosting that is using the .php5 extension, it's also likely that any php.ini file is named php5.ini. check out the facts with your web host. i'm only supplying likely/common answers because i don't know who your web host is and there are multiple possibilities.
  15. i'm going guess this person is behind a proxy server or similar that is forwarding http requests and is modifying/correcting the links. the only thing apparent is you have links that have non-url permitted characters in them that are not url encoded (your pages actually have 2000+ html validation errors, and 4000+ validation warnings, mostly due to the non-urlencoded links.) i would start by making sure your pages are all valid and error free html. i was able to trigger mysql errors to be output by altering the link, which altered the columns being selected, which means you are not checking for missing parameters before running queries and allowing the resulting error messages to be output to the visitor.
  16. php syntax errors are only one type of error. that doesn't mean that all the php errors are being reported. unless you know for a fact that error_reporting is set to E_ALL you cannot generalize that because you have seen errors being reported that all of them are being reported. if you know for a fact you cannot use a local php.ini (did you even try) you can put the error_reporting/display_errors settings in your main file(s). short-answer: we cannot tell you the one thing to do to fix your problem because it takes some troubleshooting on your part to narrow down the possibilities. you could also have an error in a .htaccess file that is only being triggered by that one visitor. it would also help if you can reproduce the problem yourself and identify what sort of data value or what about the http request is triggering the problem. is this person having the problem a 'logged' in user, i.e. do you need to be logged in to visit the site and have access to the links that trigger the problem? is this a site you can post the url for so that someone here can try to reproduce the problem?
  17. http 500 errors for php pages are usually due to fatal php parse or runtime errors. you should be able to set php's error_reporting/display_errors in your account's local php.ini file to send php errors to the browser to let you see what if any php errors are occurring.
  18. mac_gyver

    Building query cleanup together

    that refers to the parts of a query that are not data values, i.e. things like table names, column names, sort directions, ... any sort of identifiers or keywords that are being built dynamically by php code/variables. these things are not data values, cannot be bound into a prepared query, and using string escape functions won't prevent sql injection in them because they are not used in a query as string data. they must be validate to insure they contain only expected content in order to prevent sql injection.
  19. mac_gyver

    How do I get a class info into the HTML?

    there's so much wrong with this code, both with the php usage and the OOP usage, it will take writing a book to help with it. and since books have been written that cover the basics, the OP needs to go and learn the basics of php coding, then get up to speed with php OOP, then define and start over with this code. the OOP section of the php.net documentation would be the minimum you need to study to get up to speed using or writing php OOP - http://us2.php.net/oop
  20. for the most part, you are posting to yourself. your threads haven't gotten many replies at all and nothing has been resolved because you are not making it easy for anyone to help you. the information and code you have posted isn't complete and certainly doesn't show any of the information needed to reproduce or debug the stated problems. the reason we cannot directly help you with any of the problems is because there can be many different things your code could be doing that is causing any one symptom. there is not a one to one relationship between any symptom and what is causing it. based on the symptom we cannot tell you what to fix without narrowing down the cause of the problem and it takes knowing what your code is doing to narrow down what in it is causing any symptom. even the above code is the tail end of the problem. that's your code that is producing the content on the page based on the user being logged in via a session variable. that shows nothing that would allow anyone to help you with the log out problem. the only things i can tell from the above posted code are - 1) you are trying to use php to copy/pasting together a site and are inconstant or are just not looking at or understand your code. you have short and full opening php tags. you have include, include_once, and require_once statements. you are sometimes using the () and other times not with the include, include_one, and require_once statements. you are leaving out the closing ; on some statements right before a ?> tag. you are mixing traditional logic syntax with alternate logic syntax. 2) even if the commented out error_reporting() statement was in effect, it is not showing all the php errors and you can be missing out on some error messages that would help pin down the problem. without that statement, php is not help you at all. 3) your member_1.php code should only be accessible if the current member is logged in. why have you commented out the code that would prevent direct access to it? and why then have you defined the 'INCLUDE_CHECK' constant in the member_1.php code? 4) if the member_1.php code can only be accessed by a logged in member via the $_SESSION['usr'] variable check code, why do you have a session_start() statement in the member_1.php code? the only way member_1.php can be included is if the session was already started. also, by having a session_start() statement after you have output html content (after you have output anything) to the browser, it won't work. the session_start() statement must go before any thing at all has been output on the page. some suggestions - you need to have php's error_reporting set to E_ALL and display_errors set to ON so that php will help you by reporting and displaying all the errors it detects. you should set these before most of your php code so that any problems detected in any of your php code will be reported. the preferable place to set these is in your php.ini file so that even php syntax errors will get reported and so that you don't need to remember to put them into your code for debugging and remember to remove them when the code is put onto a live server (you don't want to give hackers the information contained in the php error messages.) you should only have one session_start()/session_regenerate_id(true) statement and they must go before you output anything to the browser. i.e. they would normally be near the start of your main file or be in a file that you include near the start of your main file. you need to prevent direct access to all the included files, either by using the defined constant method or by putting the included files into a folder where direct access is not permitted. back to your logout symptom. there's three main possibilities - 1) the session variable remembering that the current user is logged in is not actually part of a session. this could be caused by a session_start() statement that is failing (there would be php error messages.) the symptom of this would be that you are setting a variable like $_SESSION['usr'], but that variable is only present on the page where it was set. anything you do on that page looks like the log in was successful, but it is not. any action you take after that page has been displayed doesn't have any session variable and it looks like the user was logged out, when in fact the user's log in was never actually remembered by the code. 2) your log in is working, but code on your page is logging the user out so that any action you take next will be met with an indication that the user has been logged out, when in fact they were previously logged out, on the previous page request, and you are only being notified of this because you caused an action to occur, another page request, that notified you that the user wasn't currently logged in. 3) your log in is working, but the url's you are using in navigation/form actions no longer match the url (path or host-name) where the session was first started and the session is not carrying over to the page that is being requested. in order to narrow down which of these three possibilities is causing the problem, it will take seeing your code.
  21. i'm willing to bet LoadModsule should be LoadModule
  22. my last attempt to get you to find the cause of the problem and stop wasting time with javascript as a fix (it's been a week+ since your first thread about logging out when a form is submitted.) based on actual information you have finally shown and that you are just now attempting to tell the server side code which submit button has been used (or more likely which form out of multiple forms has been submitted), i can state with 98% certainty what is wrong with your side code that is causing the problem. you have three things to fix that is causing the logout - 1) your form(s)/submit button(s) are not uniquely identified and/or your current server-side code isn't using anything to control which of the form processing logic is executed. it's likely that any form submission at all, is running your login form processing code and since at that time there isn't any username/password, the login fails and actually logs the current user out. 2) your form processing code isn't validating the submitted data, so an empty username/passowrd causes the login to fail, when in fact you should never try to log someone in if they left the username/password empty. 3) your login form and login form processing code should not be active at all if the current user is already logged in. and here's why this javascript you are trying to add won't fix the problem. let us say that you do manage to get the form submit buttons to be disabled for an amount of time. what will happen when they become enabled and someone submits a form? exactly that same thing that is currently happening. your current form processing logic will run all/or at least for the login logic, there will be no username/password submitted in this case, the login logic will fail to find a matching user and log the current user out.
  23. mac_gyver

    Use dropdown box to filter data on same page

    example (untested) showing some of the suggestions - <?php require ('../edb.php'); if (!$con) { die("MySQL could not connect!"); } // any input filtering validation would go here... // get data for Adviser drop-down $result= mysql_query("SELECT id, LastName, FirstName, UserType FROM `eusers` WHERE UserType='ADV' or UserType='STF' ORDER by LastName ASC"); $adviser_data = array(); while ($row = mysql_fetch_assoc($result)){ $adviser_data[] = $row; } // get data for main content (if current can have more values then y or n, this query needs a where clause added back in to just return y or n values) $data=mysql_query("SELECT * FROM `adocs_fsg_profile` INNER JOIN `eusers` ON eusers.id = adocs_fsg_profile.AdviserCode ORDER BY LastName ASC, FirstName ASC, DocName ASC, DateUploaded DESC"); $main_data['y'] = array(); $main_data['n'] = array(); while($row = mysql_fetch_assoc($data)){ $main_data[strtolower($row['current'])][] = $row; // this will make arrays of arrays with y or n as the main index } // end of the business logic // you could close the database connection here or let php close it when the script ends // the logic and mark-up needed to produce the page follows - // template/function to produce the output for the main content on this page function main_output($title, $data){ ?><p class="Text_SubHeading"><?php echo $title; ?> </p> <table width="650" border="0" align="center" cellpadding="4" cellspacing="0"> <tr class="text-sectionheading"> <td width="100">Date </td> <td width="150">Adviser</td> <td width="200">Document</td> <td width="100">Version</td> <td width="50">Current</td> <td width="50">View</td> </tr> <?php foreach($data as $test) { $id = $test['id']; echo"<tr>"; echo"<td class='text-questions'>".$test['DateUploaded']."</td>"; echo"<td class='text-questions'>".$test['LastName'].", ".$test['FirstName']."</td>"; echo"<td class='text-questions'>".$test['DocName']."</td>"; echo"<td class='text-questions'>".$test['Version']."</td>"; echo"<td class='text-questions'>".$test['Current']."</td>"; echo"<td><a class='".$test['cssclass']."'href =".$test['URL'].">".$test['ImageType']."</a>"; echo "</tr>"; } ?> </table> <?php } // the html document - ?> <!DOCTYPE HTML> <html> <head> <meta charset="utf-8" /> <title>your title</title> </head> <body> <table width="680" border="0" align="center" cellpadding="4" cellspacing="0"> <tr> <td> </td> </tr> <tr><td class="text-heading"><p>Financial Services Guides and Adviser Profiles</p><p class="Text_Heading_Black1">PAGE STILL IN DEVELOPMENT</p> <form id="form1" name="form1" method="get" action=""> <span class="text-questions">Adviser: </span> <select name="advselect" id="advselect"> <option value=" " selected="selected"> </option> <?php foreach($adviser_data as $row){ // if you need to dynamically select an option based on an existing choice, you would have logic here to do so echo '<option value="'. $row['id'] .'">'. $row['LastName'] .', '. $row['FirstName'] .'</option>'; } ?> </select> <input type="submit" name="advselect" id="advselect" value="Filter / View" /> </form></td> </tr> <tr><td> <?php main_output('Current Version',$main_data['y']); // you might want to add some logic so that if there is no corresponding data, you don't display an empty table, but display a meaningful message main_output('Previous Versions',$main_data['n']); ?> </td> </tr> </table> </body> </html>
  24. mac_gyver

    Use dropdown box to filter data on same page

    i have some suggestions concerning your code - 1) you need to separate your 'business logic' (the php logic that is determining what to do on the page and producing the content that will be displayed) from your 'presentation logic' (minimal php code and the html/javascript/css making up the output you are sending to the browser.) basically, a majority of the php code will be first on the page, following at the end by essentially a html template that is just echoing php variables or at most looping over arrays of data producing the html output from that data. this business logic would be where you test for and validate the filter values that are received by the page, that are then used to determine what to query for. 2) you need to make one database connection. you are currently including/requiring the connection code multiple times and since you are testing if the connection worked in you main code, i can only assume you are not selecting a database, resulting in queries that are failing with errors. you are also closing the connection at several points. this opening/closing of the database connection takes a significant amount of time, to the point that you will probably notice a difference in the page generation time if you just open one connection at the start and close that one connection at the end (or just let php close it automatically when the script ends.) 3) you need to ALWAYS have error checking logic for your sql queries. the suggestion in a previous thread was not just for debugging when things don't work. when a query error does occur, you need to display that when developing code and log it when on a live server. 4) your filtering determines that the page will display. your html forms should use method='get' as you are determining what will be gotten and output on the page. this will also simplify the logic of persisting those filters between page requests as they will already be present in the url/$_GET array. 5) lastly, the mysql (no i on the end) functions are depreciated. all new code needs to be written using the mysqli or pdo database libraries so that you don't need to rewrite your code in the near future. edit: 6) i just noticed you are referencing both a $con and a $conn database connection variable.
  25. mac_gyver

    PHP/MYSQL Does not save long data

    i'll assume you are getting your "Something went Wrong" message? you are not escaping your string data before putting it into the query statement, so all the characters like - ', ", \t, \r, \n that are in the data are breaking the sql syntax. you need to use mysql_real_escape_string() on all string data being put into a query statement that can contain any characters that have meaning in the sql query or you need to use prepared query statements. you also need to switch to the mysqli or pdo database library functions. the msyql functions are depreciated in php5.5 and you don't want to have to rewrite your code later when the mysql functions are removed.
×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.