Jump to content

seandisanti

Members
  • Posts

    60
  • Joined

  • Last visited

Posts posted by seandisanti

  1. Another $.02 on the named values vs ?'s. If another person is ever going to look at your code (that includes "Future You" who invariably ends up refactoring your stuff just because he thinks he knows better), then it's typically best not to make assumptions about their contextual wherewithal no matter how intuitive your code seems while you're writing it.

  2. a few things...

    1) you're hardcoding 'right' as the div id for each pass through the loop, so using the same id for multiple div's. That's a bad idea, and can result in unpredictable behavior at best

    2) Inline styling, even when automated, should be avoided. That goes exponentially for every duplicated style you're adding

    3) reverse your single and double quote usage habits and you'll save yourself a ton of headaches.  always use double quotes for parameter and attribute values in HTML, and use single quotes for php strings, and concatenate your variables in. That way you avoid using the literal string '$nickname' as the title for example.

    echo '<td><img src="./img/' . $element . '.png' height="20" width="20" title="' . $nickname . '"></td>'; //and seriously move that styling into a stylesheet or <style> block outside of your loop
    
  3. Benanamen beat me to it. I would say to go with pdo http://php.net/pdo https://www.youtube.com/watch?v=dF8hoPj-1bc is a good quick video to help explain it. Once that's done, you should attack your issue in the opposite order. #2 first, and then #1. It will be easiest to code your login bypass if you're able to assume that the user is already logged in, and once that's done and you begin working on the login, you'll know when it's working because it'll send you through via the passthrough  you will already know works.

  4. Ok, here's what I think I'm reading in your request...

     

    You have a list of messages on an admin page and you would like the ability to select some of them, and respond to them all at once from your chosen email client, is that correct?

     

    Before I try to answer that, there are a few things you should do either way.

     

    1) use code tags [ code] and [ /code] (without spaces) around your code to make it easier to read

    2) look into using PDO or mysqli_ instead of deprecated mysql extension.

     

    Assuming you take care of both of those, that still leaves your main problem. One way to kind of achieve that, would be to write an ajax call that returns a delimited list of email addresses based on the checked checkboxes which can be thrown into a 'mailto' link, and a new window opened with that link. Depending on how you have your system configured, specifically regarding default apps and behaviors, that could open a new mail message in outlook with the addresses already entered.

     

    I would consider that approach far less than optimal though as it's not guaranteed to work on every (or any) system you may use. A better approach I think would be to scrap the idea of opening it in a local client to compose the mail, and just write the response functionality yourself. You could do a simple message form in a jquery modal dialog, have the recipients populated based on checked checkboxes, then a text field to type your message in and a button each to send or cancel. Then have the server send the message either with a site email, or whatever email account you configure.

     

     

     

     

  5. in practice website, Insert data into the database is working, so, I copied the code from practice one to my professional website, it is not working.

    That's a perfect moment to learn! Rather than copying the one that seems to be working, compare the two implementations to see what's different. It may add a little more time, but it will give you a better understanding of the output you're receiving and the functions that you're trying to use. If you can't spot the differences or make sense of it yourself, paste the snippets here (minus credentials of course) and there are plenty of people happy to help.

  6. The functions in your code are actually wordpress functions. https://developer.wordpress.org/reference/functions/get_option/ has a listing of the source for get_option if you want to see the other wordpress functions they call behind the scenes so you can repurpose them. There may very well be a wordpress function to do exactly what you're looking for, but finding it will take more than the minute or two I have free right now. I will research further if you're not able to find anything.

  7. You can actually have both a public link and tight access control by using share links. For example, your customer gets this link:

    https://yoursite.com/quotes.php?token=7c043ece6892c4869db68d3e824ef5bc
    

    All tokens are stored in the database together with their status (valid/invalid) and the file they map to. When the script receives a token, it tries to look it up in the database, and if everything is OK, it displays the corresponding file.

     

    This provides maximum convenience for your customers (it's just like a normal file link), but at the same time you can control the file access. You can make the links expire after a while, you can manually disable them in case they're leaked etc.

    That also helps avoid the situation where a user with a valid link tries to manipulate values in their link to find another pdf.

  8. You're closer than you think, but there is still some work to do.

     

    1) mysql_ extension is officially deprecated and actually even removed from php 7. Switch to PDO or at the very least mysqli.

    2) typically you want to pass a GET parameter of 'page' or something to that effect so you can set your $start with $_GET['page'] * $_GET['per_page']

     

    ***edit*** removed quote that I didn't even reference

  9. Hmm, why you guys all are complaining about stuff that I am the one who should worry about! I just wanted to know some specific things yet no one wants to help and instead complaining about what I didn't ask for help for!

     

    1. The users are not entering any passwords or giving any of their personal information to register before logging, instead I am the one who will randomly generate passwords.

    2. I am using this for a specific application where I just want to make sure 1 computer is used to access whatever page after the login page.

    3. There is nothing valuable in that website but I want to make that because I just want to make that!

     

    If someone can tell me how to do what I asked for I will be really thankful.

     

    When someone tells you your house is on fire, don't tell them to mind their own business. Sorry I'm late to the party but I promise I'm trying to help and not just dogpile. You are getting good advice from people with the experience to answer the questions that you don't know to ask, and any case you make for ignoring good advice is a better case against giving you more.

     

    Protecting your users and others that may be sharing your server is far more important than whatever you hope to prevent by tying each user to a specific device.

  10. Excellent. Thank you for getting back to me. I was considering it, but it would mean a whole re-write wouldn't it?

     

    Is there anything I could do to the existing script that could beef up security or even performance?

     

    Personally I'd say to switch to PDO since you're going to be doing a fair bit of rewriting anyway. You don't really even need a wrapper to be honest, but making use of prepared statements and bound parameters, as well as the quote function could definitely help tighten things up a bit. I always suggest that people interested in security improvements take a trip to http://pentesteracademy.com or at least http://securitytube.net Both sites are slightly more geared towards offense than defense, but the best way to learn how to defend your site is to know how to properly attack it.

  11. Not really  sure that the PHP is firing the modul. But yes it is giving the Thanks in the blank page that the PHP generates that I want directed to a modul in the page,instead of the blank page with type on it. Maybe I am not understanding. Could you please show more of a example of what you are suggesting. LIke a working example please?                   

    This is from your code:

     

    if ( isset($_GET["ajax"]) ) {
    echo $success ? "success" : "error";
    } 
    

    that part first checks if the GET parameter 'ajax' is set, and if that returns true, the ternary evaluation of $success happens, and success or error is printed. Any time that 'ajax' isn't set though, which could well be every time because it's not referenced anywhere else in the provided code, this part:

     

    else {
    ?>
    <html>
    <head>
    <title>Thanks!</title>
    </head>
    <body>
    <?php if ( $success ) echo "<p>Thanks for sending your message! We'll get back to you soon.</p>" ?>
    <?php if ( !$success ) echo "<p>There was a problem sending your message. Please try again.</p>" ?>
    <p>Click your browser's Back button to return to the page.</p>
    </body>
    </html>
    <?php
    }
    ?>
    

    duplicates the same logic as the ternary(twice), but creates a page with title "Thanks" either way.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.