-
Posts
40 -
Joined
-
Last visited
Everything posted by mlukac89
-
No i dont want to delete last login time because i use that to see when user was last online, i update record on login only. So lets say it like this, i have a file with main data ( connection to db, session, classes .. etc. ) now if i made here some function and call it, then every user that access any page and for example to see user profile page there will be like "last login from database < 5 min timeout" ( but here if its logged 7 hour ago will be offline so its not good pff ), so how i can know if any user browsing on page ? So if user was not doing anything on any page then will be shown as offline. But problem is that how to make function like that and implement in main file.
-
Hi i wonder how i can check if user is online or not, when i login user i put time() in database. This stores ip in other table, but what if user browser crash ? He will still be online. ( BTW i found this tutorial on some page its not mine code. ) So what i need to show me if user is online or not. So if user dont do nothing on any page on website or crash after lets say 5 min show him like offline. Thanks in advance. <?php //server info here $server = "localhost"; $db_user = "root"; $db_pass = ""; $database = "test"; $timeoutseconds = 300; //this is where PHP gets the time $timestamp = time(); $timeout = $timestamp - $timeoutseconds; $mysqli = new mysqli($server, $db_user, $db_pass, $database); //insert the values $insert = "INSERT INTO useronline VALUES (?, ?, ?)"; $stmt = $mysqli->prepare( $insert ); $stmt->bind_param( 'iss', $timestamp, $_SERVER['REMOTE_ADDR'],$_SERVER['PHP_SELF'] ); if(!$stmt->execute()) { print "Useronline Insert Failed > "; } //delete values when they leave $delete = "DELETE FROM useronline WHERE timestamp < ?"; $stmt = $mysqli->prepare( $delete ); $stmt->bind_param( 'i', $timeout ); if(!$stmt->execute()) { print "Useronline Delete Failed > "; } //grab the results $result = "SELECT DISTINCT ip FROM useronline WHERE file = ?"; $stmt = $mysqli->prepare( $result ); $stmt->bind_param( 's', $_SERVER['PHP_SELF'] ); if(!$stmt->execute()) { print "Useronline Select Error > "; } //number of rows = the number of people online $user = $stmt->num_rows; //spit out the results $mysqli->close(); if($user == 1) { print("$user user online\n"); } else { print("$user users online\n"); } ?>
-
Ajax avatar image upload without refreshing page
mlukac89 replied to mlukac89's topic in Javascript Help
What about Check MIME Check for file extension Check file as string like ( fullimagename.ext ) if extension dont match dont upload Rename image and give random name or number with extension u get from allowed extension array ( like original version replace with random code.jpg ) -
Try change to this $result=mysqli_query($con,"SELECT item_item_title, item_username FROM items"); if (mysqli_num_rows($result) > 0) { // output data of each row while($row = mysqli_fetch_assoc($result)) { echo $row[item_item_title] . " - " . $row[item_username] . "<br>"; } } else { echo "0 results"; }
-
Ajax avatar image upload without refreshing page
mlukac89 replied to mlukac89's topic in Javascript Help
What about pure jquery upload ? is it safer ? Btw getimagesize() returns array with data about image ["mime"], why u cant check then ? And 1 more thing can u show me example then how i can make safe upload for jpg, jpeg, gif, png and filesize not more than 50 kb ? array(5) { [0]=> int(159) [1]=> int(91) [2]=> int(13) [3]=> string(23) "width="159" height="91"" ["mime"]=> string(29) "application/x-shockwave-flash" } -
Ajax avatar image upload without refreshing page
mlukac89 replied to mlukac89's topic in Javascript Help
I was never worked with upload in php, but if u have function for secure output and input how it can run malicious code ? Btw this is script from w3schools, i know its just working examples without security, but cant i check if filename have any extension before .jpg or other format ? and if have to give error without upload ? I think i can acomplish this with strpos() and stip_tags() funtions. -
Hi all Can anyone help me with ajax for upload avatar on user profile, i just need to check if all of this if fine to upload image or throw error if any error exists, and without submit button. <?php $target_dir = "uploads/"; $uploadOk = 1; // $check is array with image data // 0 - width // 1 - height // Check if image file is a actual image or fake image if(isset($_POST["submit"])) { $target_file = $target_dir . basename($_FILES["image"]["name"]); $imageFileType = pathinfo($target_file,PATHINFO_EXTENSION); $check = getimagesize($_FILES["image"]["tmp_name"]); if($check !== false) { // Check if file already exists if (file_exists($target_file)) { $error[] = "Sorry, file already exists."; $uploadOk = 0; } // Check file size if ($_FILES["image"]["size"] > 500000) { // 500 kb $error[] = "Sorry, your file is too large."; $uploadOk = 0; } // Allow certain file formats if($imageFileType != "jpg" && $imageFileType != "png" && $imageFileType != "jpeg" && $imageFileType != "gif" ) { $error[] = "Sorry, only JPG, JPEG, PNG & GIF files are allowed."; $uploadOk = 0; } // check image width and height 150x150px max size if ($check[0] > 150 && $check[1] > 150) { $error[] = "Image too large max upload 150x150 px."; $uploadOk = 0; } // Check if $uploadOk is set to 0 by an error if ($uploadOk == 0) { $error[] = "Sorry, your file was not uploaded."; // if everything is ok, try to upload file } else { //echo print_r($check); if (move_uploaded_file($_FILES["image"]["tmp_name"], $target_file)) { $error[] = "The file ". basename( $_FILES["image"]["name"]). " has been uploaded.<br />"; } else { $error[] = "Sorry, there was an error uploading your file."; } } $uploadOk = 1; } else { $error[] = "File is not an image."; $uploadOk = 0; } } ?> <h1>Image upload test</h1> <?php if (!empty($error)) { echo 'There are folowing errors: <br />'; foreach ($error as $key) { echo '<ul><li>' . $key . '</li></ul>'; } } ?> <form action="" method="post" enctype="multipart/form-data"> Select image to upload: <input type="file" name="image" id="image"> <input type="submit" value="Upload Image" name="submit"> </form> Thanks in advance.
-
<table width="800" border="0" cellpadding="0" cellspacing="0"> <tr> <td><img src="images/BBV_CP_top.jpg" width="800" height="200"></td> </tr> <tr> <td><table width="100%" border="0" cellspacing="0" cellpadding="2"> <tr> <td width="6%" class="menu"><a href="home.php"> Home</a> </td> <?php if (something === true) { echo '<td width="9%" class="menu">Edit Team </a></td>'; } ?> <td width="12%" class="menu">Add Player</td> <td width="63%" class="menu">Edit My Information</a> </td> <td width="10%" class="menu"><a href="logout.php">Log Out </a></td> </tr> </table>
-
[PHP] How to block user after 3 fail of submiting wrong information
mlukac89 replied to mlukac89's topic in PHP Coding Help
Ok i agree with u, after i read all about ip block all make sense. So what u suggest then ? How to protect against that, to users cant abuse my login or any other form.- 10 replies
-
- php
- block user
-
(and 3 more)
Tagged with:
-
[PHP] How to block user after 3 fail of submiting wrong information
mlukac89 replied to mlukac89's topic in PHP Coding Help
But what he have from spoofing ip when that is using only for check login attempts ? And it have 1 table in database just for checking that 3 fields, ip, time, attemps. And it will be locked for 15 mins max. ip and attempts will remove after it- 10 replies
-
- php
- block user
-
(and 3 more)
Tagged with:
-
[PHP] How to block user after 3 fail of submiting wrong information
mlukac89 replied to mlukac89's topic in PHP Coding Help
Look i dont want to lock user_id because its a bit stupid, for example i go and fail 3 time with every username i want and i lock many account, i want to block ip for a certain time so he cant access site again. So system will work like this: u press login button and u get error invalid username or password, or please fill all fields ( its fail so update ip and Attempt + 1 ) u press login button again u get error -> check ip and attempts if ip is same update attempt +1 if not same put ip + add attempt + 1 when u got 3 failed attempts lock script so user from that ip cant try data in login form anymore ( if he press Login script do nothing ) And for captcha i didnt see anyone to put captcha on login script.- 10 replies
-
- php
- block user
-
(and 3 more)
Tagged with:
-
As title says i need to block user for 30 minutes after he enter invalid data 3 times in a row. I know i need to enter ip and time in database, but how to stop form to be submited. i have this code for count failed attempts, he increment value in session every time submit is pressed // postavi ili povecaj broj u sessiji ako je Login button aktiviran if (empty($_SESSION['failed_login'])) { $_SESSION['failed_login'] = 1; } elseif (isset($_POST['login'])) { $_SESSION['failed_login']++; } // if login fail 3 times if ($_SESSION['failed_login'] > 3) { $error[] = 'U failed to login 3 times ' . $_SESSION['failed_login']; } This is whole login.php <?php // protect page from direct access if (!defined('AUTH')) { die('You are not authorized to see this page !'); } if ($general->is_logged() === true) { header('Location: index.php'); exit(); } $last_login_date = time(); $ip = $general->get_ip(); // postavi ili povecaj broj u sessiji ako je Login button aktiviran if (empty($_SESSION['failed_login'])) { $_SESSION['failed_login'] = 1; } elseif (isset($_POST['login'])) { $_SESSION['failed_login']++; } // if login fail 3 times if ($_SESSION['failed_login'] > 3) { $error[] = 'U failed to login 3 times ' . $_SESSION['failed_login']; } // login form if (isset($_POST['login'])) { $username = trim($_POST['username']); $password = trim($general->safepass($_POST['password'])); // if user entered username and password if (empty($username) || empty($password)) { $error[] = 'Please enter username and password'; } else { // login query $login = $users->login($username, $password); // cookie login if (isset($_POST['stay_logged'])) { // check if username and password is valid if ($login) { $user_id = $login['id']; // expire time for cookie 1 month $expire = time()+60*60*24*30; // make random code for token $rand = hash('sha512', mt_rand()); // set cookies setcookie('token', $rand, $expire); setcookie('username', $login['username'], $expire); setcookie('id', $login['id'], $expire); // update user last_login, ip, token code $update_login_data = $users->update_cookie_login($last_login_date, $ip, $rand, $user_id); // redirect user to index.php and exit script header('Location: index.php'); exit(); } else { // if username or password is not valid $error[] = 'Invalid username or password'; } } // session login else { // check if username and password is valid if ($login) { // make sessions with user_id and username $_SESSION['id'] = $login['id']; $_SESSION['username'] = $login['username']; $user_id = (int)$_SESSION['id']; // update user last_login, ip $update_login = $users->update_user_ip_login($last_login_date, $ip, $user_id); // redirect user to index.php and exit script header('Location: index.php'); exit(); } else { // if username or password is not valid $error[] = 'Invalid username or password'; } } } } ?> <h3>Log in</h3> <?php if (!empty($error)) { echo '<div class="big-error-msg"><ul style="margin:0 0 0 20px;">'; foreach ($error as $error) { echo '<li>'.$error. '</li>'; } echo '</ul></div>'; } ?> <form action="" method="POST" class="login-form"> <input type="text" name="username" placeholder="Username" required> <input type="password" name="password" placeholder="Password" required><br><br> <input type="checkbox" name="stay_logged"><label style="padding:0 0 0 10px;">Remember me ?</label><br> <input type="submit" name="login" value="Log in" class="small-button"> <label> <p><a href="index.php?page=forgotten_pass" title="Forgotten password ?">Forgotten password ?</a></p> <p>Don't have an account ? <a href="index.php?page=register" title="Register">Register</a></p> </label> </form>
- 10 replies
-
- php
- block user
-
(and 3 more)
Tagged with:
-
[PHP] need help with form editing over Inspect element tool
mlukac89 replied to mlukac89's topic in PHP Coding Help
Thanks for reply, i made it now like that nad now all works, But i was trying to put Country and key in one try because i have on user profile and on team profile 1 field where is country nad alpha_2 key and i use that alpha_2 key to get country flag picture like this $country = explode(',', $USERDATA['country']); echo $country['0'] . ' ' . '<span style="display: inline-block; vertical-align: text-top;"><img src="images/flags/'.$country['1'].'.png"></span>'; but nevermind i can make 1 more extra query to get Country name later for user profile. Here is not working version of form validation // check if country is valid if (!empty($cntry)) { if ($teams->get_only_country($cntry) === false) { $error[] = 'Invalid country.'; } } And query public function get_only_country($alpha_2) { $query = $this->db->prepare("SELECT alpha_2 FROM countries WHERE alpha_2 = ?"); $query->bindValue(1, $alpha_2); $query->execute(); $row = $query->rowCount(); if ($row == 1) { return true; } else { return false; } } -
Hi, i have problem with editing register form over Inspect element or when u press F12 in mozilla or chrome. When u select country u can edit form on F12 and change country value so form save it like that in database. Problem is because its in foreach loop and i cant get a check if country in post variable is valid, and compare it with that in database. In my $_POST variable country is stored like ' Croatia, hr ' and in database its like 'id, name, alpha_2, alpha_3'. So can i find value i need for example Albania and al wihout any loop ? // if user is logged in redirect him to index page if ($general->is_logged() === true) { header('Location: index.php'); exit(); } // get list of countries $country = $teams->get_country(); require_once 'core/classes/recaptchalib.php'; $publickey = "***********************"; $privatekey = "***********************"; // process form if (isset($_POST['register'])) { if (isset($_POST['username']) && isset($_POST['nickname']) && isset($_POST['password']) && isset($_POST['repeat_password']) && isset($_POST['email']) && isset($_POST['repeat_email']) && isset($_POST['gender']) && isset($_POST['country']) && isset($_POST['recaptcha_challenge_field']) && isset($_POST['recaptcha_challenge_field'])) { $username = trim($general->safe_input($_POST['username'])); $nickname = trim($general->safe_input($_POST['nickname'])); $password = trim($general->safe_input($_POST['password'])); $rpassword = trim($general->safe_input($_POST['repeat_password'])); $email = trim($general->safe_input($_POST['email'])); $remail = trim($general->safe_input($_POST['repeat_email'])); $gender = trim($general->safe_input($_POST['gender'])); $cntry = $general->safe_input($_POST['country']); $date_registered = time(); $password_hash = $general->safepass($password); // captcha $resp = recaptcha_check_answer ($privatekey, $_SERVER["REMOTE_ADDR"], $_POST["recaptcha_challenge_field"], $_POST["recaptcha_response_field"]); // if username is empty if (empty($username)) { $error[] = 'Username is empty.'; // if username already exists } elseif ($users->user_exists($username) === true) { $error[] = 'Username in use, please choose another.'; // username must be between 3 and 20 characters long } elseif (strlen($username) < 3 || strlen($username) > 20) { $error[] = 'Username must be between 3 and 20 charaters long.'; } // if nickname is empty if (empty($nickname)) { $error[] = 'Nickname is empty.'; // if nickname in use } elseif ($users->nick_exists($nickname) === true) { $error[] = 'Nickname in use, please choose another.'; // nickname must be between 3 and 20 characters long } elseif (strlen($nickname) < 3 || strlen($nickname) > 20) { $error[] = 'Nickname must be between 3 and 20 characters long.'; } // if passowrd field is empty if (empty($password)) { $error[] = 'Password filed is empty.'; } // if password repeat field is empty if (empty($rpassword)) { $error[] = 'Repeat password filed is empty'; } // if password and repeat password is not empty if (!empty($password) && !empty($rpassword)) { // passwords match ? if not throw error message if ($password != $rpassword) { $error[] = 'Passwords don\'t match.'; // password must be between 6 and 30 characters long } elseif (strlen($password) < 6 || strlen($password) > 30) { $error[] = 'Password must be between 6 and 30 characters long.'; } } // is email empty if (empty($email)) { $error[] = 'Email filed is empty.'; } // is repeat email is empty if (empty($remail)) { $error[] = 'Repeat email filed is empty.'; } // if email and repeat email is not empty if (!empty($email) && !empty($remail)) { // if emails are not same if ($email != $remail) { $error[] = 'Emails don\'t match.'; // if email and repeat email is same } elseif ($email == $remail) { // is email valid if (!filter_var($email, FILTER_VALIDATE_EMAIL)) { $error[] = 'Invalid email format.'; // is email in use } elseif ($users->email_exists($email) === true) { $error[] = 'Email in use, please choose another.'; // email must be between 10 and 30 characters long } elseif (strlen($email) < 10 || strlen($email) > 30) { $error[] = 'Email must be between 10 and 30 characters long.'; } } } // if gender is empty if (empty($gender)) { $error[] = 'Please select gender.'; } // if gender is not empty if (!empty($gender)) { // if gender is Male or Female if ($gender == 'Male') { $gender = 'Male'; } elseif ($gender == 'Female') { $gender = 'Female'; } else { $error[] = 'Invalid gender.'; } } // if country is empty if (empty($cntry)) { $error[] = 'Please select country.'; } // check if country is valid if (!empty($cntry)) { // $newCountry['0'] is name key // $newCountry['1'] is alpha_2 key $newCountry = explode(',', $cntry); if (in_array($newCountry['0'], $country['name'])) { $error[] = 'VALID.'; } else { $error[] = 'Invalid country.'; } } // check if capthha is valid if (!$resp->is_valid) { $error[] = 'Invalid captcha code.'; } // if no errors register user if (empty($error) === true) { //$add_user = $users->register_user($username, $password_hash, $email, $gender, $date_registered, $cntry, $nickname); unset($_POST); // clean $_post variable echo 'REGISTER USER !'; } /* if ($DBH->lastInsertId()) { header('Location: index.php?page=register_success'); exit(); } else { $error = '<p class="error-msg">There was a problem, please try again.</p>'; }*/ } } ?> <script type="text/javascript"> var RecaptchaOptions = { theme : 'clean' }; </script> <h3>Register</h3> <?php if (!empty($error)) { echo '<div style="padding:10px;margin:0 10px;border:1px solid #f3f3f3;background:#E35454;color:#fff;"><ul style="margin:0 0 0 20px;">'; foreach ($error as $error) { echo '<li>'.$error. '</li>'; } echo '</ul></div>'; } ?> <form action="" method="POST" class="register-form"> <input type="text" name="username" size="40" maxlength="20" placeholder="Username" value="<?php if (isset($_POST['username'])) { echo htmlentities($_POST['username'], ENT_QUOTES, "UTF-8"); } ?>" required> <input type="text" name="nickname" size="40" maxlength="20" placeholder="Nickname" value="<?php if (isset($_POST['nickname'])) { echo htmlentities($_POST['nickname'], ENT_QUOTES, "UTF-8"); } ?>" required><br /><br /> <input type="password" name="password" size="40" maxlength="30" placeholder="Password" required> <input type="password" name="repeat_password" size="40" maxlength="30" placeholder="Repeat password" required><br /><br /> <input type="text" name="email" size="40" maxlength="30" placeholder="Email" value="<?php if (isset($_POST['email'])) { echo htmlentities($_POST['email'], ENT_QUOTES, "UTF-8"); } ?>" required> <input type="text" name="repeat_email" size="40" maxlength="30" placeholder="Repeat email" value="<?php if (isset($_POST['repeat_email'])) { echo htmlentities($_POST['repeat_email'], ENT_QUOTES, "UTF-8"); } ?>" required><br /><br /> <select name="gender" required> <option value="">Select gender</option> <option value="Male">Male</option> <option value="Female">Female</option> </select> <select name="country" style="width: 215px;" required> <option value="">Select country</option> <?php foreach ($country as $key) { echo '<option value="'.$key['name'].','.$key['alpha_2'].'">'.$key['name'].'</option>'; } ?> </select> <br><br> <center><?php echo recaptcha_get_html($publickey); ?></center> <br> <center><input type="submit" name="register" value="Register" class="small-button"></center> </form>
-
Help to prevent re-sending data in comment script
mlukac89 replied to mlukac89's topic in PHP Coding Help
Thx alot problem solved -
Hey all, I have some problems with this script when i post a comment and try to refresh page in Firefox it re-send data, but in Chrome and Opera is not re-send this is all in comments.php and i include it in other file <h4 class="h3-title">Comments</h4><small><?php if (!isset($_SESSION['username'])) { echo 'You must be looged in to post comments'; } ?></small> <hr /> <?php // list all comments if (isset($_GET['id'])) { $id = (int)$_GET['id']; $list_all_comments = $comments->list_comments($id); foreach ($list_all_comments as $comm) { echo '<i>' . $comm['comment_author'] . ' - <small>' . date('m F Y h.m.s', $comm['comment_date']) . '</small></i><br />'; echo '<p>' . $comm['comment_body'] . '</p><hr />'; } } // show comment form only for logged in users if (isset($_SESSION['username'])) { // process form data if (isset($_POST['comment'])) { if (isset($_GET['id'])) { $news_id = (int)$_GET['id']; $author = $_SESSION['username']; $body = trim(htmlentities($_POST['body'])); $date = time(); if (!empty($body)) { // add_comment($author, $body, $date, $news_id) $insert_comment = $comments->add_comment($author, $body, $date, $news_id); // refresh page after adding data echo '<meta http-equiv="refresh" content="0">'; } } } ?> <form action="" method="POST"> <textarea name="body" cols="75" rows="6" autofocus required></textarea><br /> <input type="submit" name="comment" value="Submit"> </form> <?php } ?>