mlukac89

No i dont want to delete last login time because i use that to see when user was last online, i update record on login only. So lets say it like this, i have a file with main data ( connection to db, session, classes .. etc. ) now if i made here some function and call it, then every user that access any page and for example to see user profile page there will be like "last login from database < 5 min timeout" ( but here if its logged 7 hour ago will be offline so its not good pff ), so how i can know if any user browsing on page ? So if user was not doing anything on any page then will be shown as offline. But problem is that how to make function like that and implement in main file.

Hi i wonder how i can check if user is online or not, when i login user i put time() in database. This stores ip in other table, but what if user browser crash ? He will still be online. ( BTW i found this tutorial on some page its not mine code. ) So what i need to show me if user is online or not. So if user dont do nothing on any page on website or crash after lets say 5 min show him like offline. Thanks in advance. <?php //server info here $server = "localhost"; $db_user = "root"; $db_pass = ""; $database = "test"; $timeoutseconds = 300; //this is where PHP gets the time $timestamp = time(); $timeout = $timestamp - $timeoutseconds; $mysqli = new mysqli($server, $db_user, $db_pass, $database); //insert the values $insert = "INSERT INTO useronline VALUES (?, ?, ?)"; $stmt = $mysqli->prepare( $insert ); $stmt->bind_param( 'iss', $timestamp, $_SERVER['REMOTE_ADDR'],$_SERVER['PHP_SELF'] ); if(!$stmt->execute()) { print "Useronline Insert Failed > "; } //delete values when they leave $delete = "DELETE FROM useronline WHERE timestamp < ?"; $stmt = $mysqli->prepare( $delete ); $stmt->bind_param( 'i', $timeout ); if(!$stmt->execute()) { print "Useronline Delete Failed > "; } //grab the results $result = "SELECT DISTINCT ip FROM useronline WHERE file = ?"; $stmt = $mysqli->prepare( $result ); $stmt->bind_param( 's', $_SERVER['PHP_SELF'] ); if(!$stmt->execute()) { print "Useronline Select Error > "; } //number of rows = the number of people online $user = $stmt->num_rows; //spit out the results $mysqli->close(); if($user == 1) { print("$user user online\n"); } else { print("$user users online\n"); } ?>

What about Check MIME Check for file extension Check file as string like ( fullimagename.ext ) if extension dont match dont upload Rename image and give random name or number with extension u get from allowed extension array ( like original version replace with random code.jpg )

Try change to this $result=mysqli_query($con,"SELECT item_item_title, item_username FROM items"); if (mysqli_num_rows($result) > 0) { // output data of each row while($row = mysqli_fetch_assoc($result)) { echo $row[item_item_title] . " - " . $row[item_username] . "<br>"; } } else { echo "0 results"; }

What about pure jquery upload ? is it safer ? Btw getimagesize() returns array with data about image ["mime"], why u cant check then ? And 1 more thing can u show me example then how i can make safe upload for jpg, jpeg, gif, png and filesize not more than 50 kb ? array(5) { [0]=> int(159) [1]=> int(91) [2]=> int(13) [3]=> string(23) "width="159" height="91"" ["mime"]=> string(29) "application/x-shockwave-flash" }

I was never worked with upload in php, but if u have function for secure output and input how it can run malicious code ? Btw this is script from w3schools, i know its just working examples without security, but cant i check if filename have any extension before .jpg or other format ? and if have to give error without upload ? I think i can acomplish this with strpos() and stip_tags() funtions.

Hi all Can anyone help me with ajax for upload avatar on user profile, i just need to check if all of this if fine to upload image or throw error if any error exists, and without submit button. <?php $target_dir = "uploads/"; $uploadOk = 1; // $check is array with image data // 0 - width // 1 - height // Check if image file is a actual image or fake image if(isset($_POST["submit"])) { $target_file = $target_dir . basename($_FILES["image"]["name"]); $imageFileType = pathinfo($target_file,PATHINFO_EXTENSION); $check = getimagesize($_FILES["image"]["tmp_name"]); if($check !== false) { // Check if file already exists if (file_exists($target_file)) { $error[] = "Sorry, file already exists."; $uploadOk = 0; } // Check file size if ($_FILES["image"]["size"] > 500000) { // 500 kb $error[] = "Sorry, your file is too large."; $uploadOk = 0; } // Allow certain file formats if($imageFileType != "jpg" && $imageFileType != "png" && $imageFileType != "jpeg" && $imageFileType != "gif" ) { $error[] = "Sorry, only JPG, JPEG, PNG & GIF files are allowed."; $uploadOk = 0; } // check image width and height 150x150px max size if ($check[0] > 150 && $check[1] > 150) { $error[] = "Image too large max upload 150x150 px."; $uploadOk = 0; } // Check if $uploadOk is set to 0 by an error if ($uploadOk == 0) { $error[] = "Sorry, your file was not uploaded."; // if everything is ok, try to upload file } else { //echo print_r($check); if (move_uploaded_file($_FILES["image"]["tmp_name"], $target_file)) { $error[] = "The file ". basename( $_FILES["image"]["name"]). " has been uploaded.<br />"; } else { $error[] = "Sorry, there was an error uploading your file."; } } $uploadOk = 1; } else { $error[] = "File is not an image."; $uploadOk = 0; } } ?> <h1>Image upload test</h1> <?php if (!empty($error)) { echo 'There are folowing errors: <br />'; foreach ($error as $key) { echo '<ul><li>' . $key . '</li></ul>'; } } ?> <form action="" method="post" enctype="multipart/form-data"> Select image to upload: <input type="file" name="image" id="image"> <input type="submit" value="Upload Image" name="submit"> </form> Thanks in advance.