mlukac89

No i dont want to delete last login time because i use that to see when user was last online, i update record on login only. So lets say it like this, i have a file with main data ( connection to db, session, classes .. etc. ) now if i made here some function and call it, then every user that access any page and for example to see user profile page there will be like "last login from database < 5 min timeout" ( but here if its logged 7 hour ago will be offline so its not good pff ), so how i can know if any user browsing on page ? So if user was not doing anything on any page then will be shown as offline. But problem is that how to make function like that and implement in main file.

Hi i wonder how i can check if user is online or not, when i login user i put time() in database. This stores ip in other table, but what if user browser crash ? He will still be online. ( BTW i found this tutorial on some page its not mine code. ) So what i need to show me if user is online or not. So if user dont do nothing on any page on website or crash after lets say 5 min show him like offline. Thanks in advance. <?php //server info here $server = "localhost"; $db_user = "root"; $db_pass = ""; $database = "test"; $timeoutseconds = 300; //this is where PHP gets the time $timestamp = time(); $timeout = $timestamp - $timeoutseconds; $mysqli = new mysqli($server, $db_user, $db_pass, $database); //insert the values $insert = "INSERT INTO useronline VALUES (?, ?, ?)"; $stmt = $mysqli->prepare( $insert ); $stmt->bind_param( 'iss', $timestamp, $_SERVER['REMOTE_ADDR'],$_SERVER['PHP_SELF'] ); if(!$stmt->execute()) { print "Useronline Insert Failed > "; } //delete values when they leave $delete = "DELETE FROM useronline WHERE timestamp < ?"; $stmt = $mysqli->prepare( $delete ); $stmt->bind_param( 'i', $timeout ); if(!$stmt->execute()) { print "Useronline Delete Failed > "; } //grab the results $result = "SELECT DISTINCT ip FROM useronline WHERE file = ?"; $stmt = $mysqli->prepare( $result ); $stmt->bind_param( 's', $_SERVER['PHP_SELF'] ); if(!$stmt->execute()) { print "Useronline Select Error > "; } //number of rows = the number of people online $user = $stmt->num_rows; //spit out the results $mysqli->close(); if($user == 1) { print("$user user online\n"); } else { print("$user users online\n"); } ?>

What about Check MIME Check for file extension Check file as string like ( fullimagename.ext ) if extension dont match dont upload Rename image and give random name or number with extension u get from allowed extension array ( like original version replace with random code.jpg )

Try change to this $result=mysqli_query($con,"SELECT item_item_title, item_username FROM items"); if (mysqli_num_rows($result) > 0) { // output data of each row while($row = mysqli_fetch_assoc($result)) { echo $row[item_item_title] . " - " . $row[item_username] . "<br>"; } } else { echo "0 results"; }

What about pure jquery upload ? is it safer ? Btw getimagesize() returns array with data about image ["mime"], why u cant check then ? And 1 more thing can u show me example then how i can make safe upload for jpg, jpeg, gif, png and filesize not more than 50 kb ? array(5) { [0]=> int(159) [1]=> int(91) [2]=> int(13) [3]=> string(23) "width="159" height="91"" ["mime"]=> string(29) "application/x-shockwave-flash" }

I was never worked with upload in php, but if u have function for secure output and input how it can run malicious code ? Btw this is script from w3schools, i know its just working examples without security, but cant i check if filename have any extension before .jpg or other format ? and if have to give error without upload ? I think i can acomplish this with strpos() and stip_tags() funtions.

Hi all Can anyone help me with ajax for upload avatar on user profile, i just need to check if all of this if fine to upload image or throw error if any error exists, and without submit button. <?php $target_dir = "uploads/"; $uploadOk = 1; // $check is array with image data // 0 - width // 1 - height // Check if image file is a actual image or fake image if(isset($_POST["submit"])) { $target_file = $target_dir . basename($_FILES["image"]["name"]); $imageFileType = pathinfo($target_file,PATHINFO_EXTENSION); $check = getimagesize($_FILES["image"]["tmp_name"]); if($check !== false) { // Check if file already exists if (file_exists($target_file)) { $error[] = "Sorry, file already exists."; $uploadOk = 0; } // Check file size if ($_FILES["image"]["size"] > 500000) { // 500 kb $error[] = "Sorry, your file is too large."; $uploadOk = 0; } // Allow certain file formats if($imageFileType != "jpg" && $imageFileType != "png" && $imageFileType != "jpeg" && $imageFileType != "gif" ) { $error[] = "Sorry, only JPG, JPEG, PNG & GIF files are allowed."; $uploadOk = 0; } // check image width and height 150x150px max size if ($check[0] > 150 && $check[1] > 150) { $error[] = "Image too large max upload 150x150 px."; $uploadOk = 0; } // Check if $uploadOk is set to 0 by an error if ($uploadOk == 0) { $error[] = "Sorry, your file was not uploaded."; // if everything is ok, try to upload file } else { //echo print_r($check); if (move_uploaded_file($_FILES["image"]["tmp_name"], $target_file)) { $error[] = "The file ". basename( $_FILES["image"]["name"]). " has been uploaded.<br />"; } else { $error[] = "Sorry, there was an error uploading your file."; } } $uploadOk = 1; } else { $error[] = "File is not an image."; $uploadOk = 0; } } ?> <h1>Image upload test</h1> <?php if (!empty($error)) { echo 'There are folowing errors: <br />'; foreach ($error as $key) { echo '<ul><li>' . $key . '</li></ul>'; } } ?> <form action="" method="post" enctype="multipart/form-data"> Select image to upload: <input type="file" name="image" id="image"> <input type="submit" value="Upload Image" name="submit"> </form> Thanks in advance.

<table width="800" border="0" cellpadding="0" cellspacing="0"> <tr> <td><img src="images/BBV_CP_top.jpg" width="800" height="200"></td> </tr> <tr> <td><table width="100%" border="0" cellspacing="0" cellpadding="2"> <tr> <td width="6%" class="menu"><a href="home.php"> Home</a> </td> <?php if (something === true) { echo '<td width="9%" class="menu">Edit Team </a></td>'; } ?> <td width="12%" class="menu">Add Player</td> <td width="63%" class="menu">Edit My Information</a> </td> <td width="10%" class="menu"><a href="logout.php">Log Out </a></td> </tr> </table>

Ok i agree with u, after i read all about ip block all make sense. So what u suggest then ? How to protect against that, to users cant abuse my login or any other form.

But what he have from spoofing ip when that is using only for check login attempts ? And it have 1 table in database just for checking that 3 fields, ip, time, attemps. And it will be locked for 15 mins max. ip and attempts will remove after it

Look i dont want to lock user_id because its a bit stupid, for example i go and fail 3 time with every username i want and i lock many account, i want to block ip for a certain time so he cant access site again. So system will work like this: u press login button and u get error invalid username or password, or please fill all fields ( its fail so update ip and Attempt + 1 ) u press login button again u get error -> check ip and attempts if ip is same update attempt +1 if not same put ip + add attempt + 1 when u got 3 failed attempts lock script so user from that ip cant try data in login form anymore ( if he press Login script do nothing ) And for captcha i didnt see anyone to put captcha on login script.

As title says i need to block user for 30 minutes after he enter invalid data 3 times in a row. I know i need to enter ip and time in database, but how to stop form to be submited. i have this code for count failed attempts, he increment value in session every time submit is pressed // postavi ili povecaj broj u sessiji ako je Login button aktiviran if (empty($_SESSION['failed_login'])) { $_SESSION['failed_login'] = 1; } elseif (isset($_POST['login'])) { $_SESSION['failed_login']++; } // if login fail 3 times if ($_SESSION['failed_login'] > 3) { $error[] = 'U failed to login 3 times ' . $_SESSION['failed_login']; } This is whole login.php <?php // protect page from direct access if (!defined('AUTH')) { die('You are not authorized to see this page !'); } if ($general->is_logged() === true) { header('Location: index.php'); exit(); } $last_login_date = time(); $ip = $general->get_ip(); // postavi ili povecaj broj u sessiji ako je Login button aktiviran if (empty($_SESSION['failed_login'])) { $_SESSION['failed_login'] = 1; } elseif (isset($_POST['login'])) { $_SESSION['failed_login']++; } // if login fail 3 times if ($_SESSION['failed_login'] > 3) { $error[] = 'U failed to login 3 times ' . $_SESSION['failed_login']; } // login form if (isset($_POST['login'])) { $username = trim($_POST['username']); $password = trim($general->safepass($_POST['password'])); // if user entered username and password if (empty($username) || empty($password)) { $error[] = 'Please enter username and password'; } else { // login query $login = $users->login($username, $password); // cookie login if (isset($_POST['stay_logged'])) { // check if username and password is valid if ($login) { $user_id = $login['id']; // expire time for cookie 1 month $expire = time()+60*60*24*30; // make random code for token $rand = hash('sha512', mt_rand()); // set cookies setcookie('token', $rand, $expire); setcookie('username', $login['username'], $expire); setcookie('id', $login['id'], $expire); // update user last_login, ip, token code $update_login_data = $users->update_cookie_login($last_login_date, $ip, $rand, $user_id); // redirect user to index.php and exit script header('Location: index.php'); exit(); } else { // if username or password is not valid $error[] = 'Invalid username or password'; } } // session login else { // check if username and password is valid if ($login) { // make sessions with user_id and username $_SESSION['id'] = $login['id']; $_SESSION['username'] = $login['username']; $user_id = (int)$_SESSION['id']; // update user last_login, ip $update_login = $users->update_user_ip_login($last_login_date, $ip, $user_id); // redirect user to index.php and exit script header('Location: index.php'); exit(); } else { // if username or password is not valid $error[] = 'Invalid username or password'; } } } } ?> <h3>Log in</h3> <?php if (!empty($error)) { echo '<div class="big-error-msg"><ul style="margin:0 0 0 20px;">'; foreach ($error as $error) { echo '<li>'.$error. '</li>'; } echo '</ul></div>'; } ?> <form action="" method="POST" class="login-form"> <input type="text" name="username" placeholder="Username" required> <input type="password" name="password" placeholder="Password" required><br><br> <input type="checkbox" name="stay_logged"><label style="padding:0 0 0 10px;">Remember me ?</label><br> <input type="submit" name="login" value="Log in" class="small-button"> <label> <p><a href="index.php?page=forgotten_pass" title="Forgotten password ?">Forgotten password ?</a></p> <p>Don't have an account ? <a href="index.php?page=register" title="Register">Register</a></p> </label> </form>

Thanks for reply, i made it now like that nad now all works, But i was trying to put Country and key in one try because i have on user profile and on team profile 1 field where is country nad alpha_2 key and i use that alpha_2 key to get country flag picture like this $country = explode(',', $USERDATA['country']); echo $country['0'] . ' ' . '<span style="display: inline-block; vertical-align: text-top;"><img src="images/flags/'.$country['1'].'.png"></span>'; but nevermind i can make 1 more extra query to get Country name later for user profile. Here is not working version of form validation // check if country is valid if (!empty($cntry)) { if ($teams->get_only_country($cntry) === false) { $error[] = 'Invalid country.'; } } And query public function get_only_country($alpha_2) { $query = $this->db->prepare("SELECT alpha_2 FROM countries WHERE alpha_2 = ?"); $query->bindValue(1, $alpha_2); $query->execute(); $row = $query->rowCount(); if ($row == 1) { return true; } else { return false; } }

Hi, i have problem with editing register form over Inspect element or when u press F12 in mozilla or chrome. When u select country u can edit form on F12 and change country value so form save it like that in database. Problem is because its in foreach loop and i cant get a check if country in post variable is valid, and compare it with that in database. In my $_POST variable country is stored like ' Croatia, hr ' and in database its like 'id, name, alpha_2, alpha_3'. So can i find value i need for example Albania and al wihout any loop ? // if user is logged in redirect him to index page if ($general->is_logged() === true) { header('Location: index.php'); exit(); } // get list of countries $country = $teams->get_country(); require_once 'core/classes/recaptchalib.php'; $publickey = "***********************"; $privatekey = "***********************"; // process form if (isset($_POST['register'])) { if (isset($_POST['username']) && isset($_POST['nickname']) && isset($_POST['password']) && isset($_POST['repeat_password']) && isset($_POST['email']) && isset($_POST['repeat_email']) && isset($_POST['gender']) && isset($_POST['country']) && isset($_POST['recaptcha_challenge_field']) && isset($_POST['recaptcha_challenge_field'])) { $username = trim($general->safe_input($_POST['username'])); $nickname = trim($general->safe_input($_POST['nickname'])); $password = trim($general->safe_input($_POST['password'])); $rpassword = trim($general->safe_input($_POST['repeat_password'])); $email = trim($general->safe_input($_POST['email'])); $remail = trim($general->safe_input($_POST['repeat_email'])); $gender = trim($general->safe_input($_POST['gender'])); $cntry = $general->safe_input($_POST['country']); $date_registered = time(); $password_hash = $general->safepass($password); // captcha $resp = recaptcha_check_answer ($privatekey, $_SERVER["REMOTE_ADDR"], $_POST["recaptcha_challenge_field"], $_POST["recaptcha_response_field"]); // if username is empty if (empty($username)) { $error[] = 'Username is empty.'; // if username already exists } elseif ($users->user_exists($username) === true) { $error[] = 'Username in use, please choose another.'; // username must be between 3 and 20 characters long } elseif (strlen($username) < 3 || strlen($username) > 20) { $error[] = 'Username must be between 3 and 20 charaters long.'; } // if nickname is empty if (empty($nickname)) { $error[] = 'Nickname is empty.'; // if nickname in use } elseif ($users->nick_exists($nickname) === true) { $error[] = 'Nickname in use, please choose another.'; // nickname must be between 3 and 20 characters long } elseif (strlen($nickname) < 3 || strlen($nickname) > 20) { $error[] = 'Nickname must be between 3 and 20 characters long.'; } // if passowrd field is empty if (empty($password)) { $error[] = 'Password filed is empty.'; } // if password repeat field is empty if (empty($rpassword)) { $error[] = 'Repeat password filed is empty'; } // if password and repeat password is not empty if (!empty($password) && !empty($rpassword)) { // passwords match ? if not throw error message if ($password != $rpassword) { $error[] = 'Passwords don\'t match.'; // password must be between 6 and 30 characters long } elseif (strlen($password) < 6 || strlen($password) > 30) { $error[] = 'Password must be between 6 and 30 characters long.'; } } // is email empty if (empty($email)) { $error[] = 'Email filed is empty.'; } // is repeat email is empty if (empty($remail)) { $error[] = 'Repeat email filed is empty.'; } // if email and repeat email is not empty if (!empty($email) && !empty($remail)) { // if emails are not same if ($email != $remail) { $error[] = 'Emails don\'t match.'; // if email and repeat email is same } elseif ($email == $remail) { // is email valid if (!filter_var($email, FILTER_VALIDATE_EMAIL)) { $error[] = 'Invalid email format.'; // is email in use } elseif ($users->email_exists($email) === true) { $error[] = 'Email in use, please choose another.'; // email must be between 10 and 30 characters long } elseif (strlen($email) < 10 || strlen($email) > 30) { $error[] = 'Email must be between 10 and 30 characters long.'; } } } // if gender is empty if (empty($gender)) { $error[] = 'Please select gender.'; } // if gender is not empty if (!empty($gender)) { // if gender is Male or Female if ($gender == 'Male') { $gender = 'Male'; } elseif ($gender == 'Female') { $gender = 'Female'; } else { $error[] = 'Invalid gender.'; } } // if country is empty if (empty($cntry)) { $error[] = 'Please select country.'; } // check if country is valid if (!empty($cntry)) { // $newCountry['0'] is name key // $newCountry['1'] is alpha_2 key $newCountry = explode(',', $cntry); if (in_array($newCountry['0'], $country['name'])) { $error[] = 'VALID.'; } else { $error[] = 'Invalid country.'; } } // check if capthha is valid if (!$resp->is_valid) { $error[] = 'Invalid captcha code.'; } // if no errors register user if (empty($error) === true) { //$add_user = $users->register_user($username, $password_hash, $email, $gender, $date_registered, $cntry, $nickname); unset($_POST); // clean $_post variable echo 'REGISTER USER !'; } /* if ($DBH->lastInsertId()) { header('Location: index.php?page=register_success'); exit(); } else { $error = '<p class="error-msg">There was a problem, please try again.</p>'; }*/ } } ?> <script type="text/javascript"> var RecaptchaOptions = { theme : 'clean' }; </script> <h3>Register</h3> <?php if (!empty($error)) { echo '<div style="padding:10px;margin:0 10px;border:1px solid #f3f3f3;background:#E35454;color:#fff;"><ul style="margin:0 0 0 20px;">'; foreach ($error as $error) { echo '<li>'.$error. '</li>'; } echo '</ul></div>'; } ?> <form action="" method="POST" class="register-form"> <input type="text" name="username" size="40" maxlength="20" placeholder="Username" value="<?php if (isset($_POST['username'])) { echo htmlentities($_POST['username'], ENT_QUOTES, "UTF-8"); } ?>" required> <input type="text" name="nickname" size="40" maxlength="20" placeholder="Nickname" value="<?php if (isset($_POST['nickname'])) { echo htmlentities($_POST['nickname'], ENT_QUOTES, "UTF-8"); } ?>" required><br /><br /> <input type="password" name="password" size="40" maxlength="30" placeholder="Password" required> <input type="password" name="repeat_password" size="40" maxlength="30" placeholder="Repeat password" required><br /><br /> <input type="text" name="email" size="40" maxlength="30" placeholder="Email" value="<?php if (isset($_POST['email'])) { echo htmlentities($_POST['email'], ENT_QUOTES, "UTF-8"); } ?>" required> <input type="text" name="repeat_email" size="40" maxlength="30" placeholder="Repeat email" value="<?php if (isset($_POST['repeat_email'])) { echo htmlentities($_POST['repeat_email'], ENT_QUOTES, "UTF-8"); } ?>" required><br /><br /> <select name="gender" required> <option value="">Select gender</option> <option value="Male">Male</option> <option value="Female">Female</option> </select> <select name="country" style="width: 215px;" required> <option value="">Select country</option> <?php foreach ($country as $key) { echo '<option value="'.$key['name'].','.$key['alpha_2'].'">'.$key['name'].'</option>'; } ?> </select> <br><br> <center><?php echo recaptcha_get_html($publickey); ?></center> <br> <center><input type="submit" name="register" value="Register" class="small-button"></center> </form>

Thx alot problem solved