rwwd
-
Posts
385 -
Joined
-
Last visited
Never
Posts posted by rwwd
-
-
You would be much better off using arrays instead of variable variables, allot more efficient.
I never got on with, nor understood the point of variable vars. IS there a point to them, can they be used in the correct context, are they beneficial?
Yes, arrays ARE invaluable. Just adding my 10p there.
Rw
-
$_SESSION['username'] = $username; $result = mysql_query("SELECT total FROM usersystem WHERE username = '$username'") or die( mysql_error() ); $row=mysql_fetch_assoc($result); $total = $row['total']; setcookie("username", "$username", time()+3600); setcookie("total", "$total", time()+3600); header( "Location: play.php" );//this should be here!!!! exit;Now everything above the header gets called & set provided the information is correct & assigned correctly from the query..
When the header is called, your effectively pointing the script to run elsewhere, and to the best of my knowledge, anything that is under this call doesn't get actioned; or is possibly ignored, I don't think that php parses anything post header call, as it is treated as an exit, this is why it is good practise to place the exit DIRECTLY after a header call.
I may not solve this, but at least I can offer some tit-bits of experience and benefit of knowledge; well at least, while I am not so tired that the screen is seeming to blur quite a bit. Bed time!
Rw
-
try this:-
db.php
<?php session_start(); $conn = mysql_connect("localhost", "dbuser", "dbpassword"); mysql_select_db("myDB", $conn); if (isset($_POST['username']) && isset($_POST['pword'])){ $username = mysql_real_escape_string(strip_tags($_POST['username'])); $password = md5(mysql_real_escape_string(strip_tags($_POST['pword']))); //I assume at this point that your checking that the md5 value matches what's in the DB, check that the varchar //limit exceeds 32 chars, else it WILL not function $sql = mysql_query("SELECT * FROM `usersystem` WHERE `username` = '".$username."' AND `password` = '".$password."' LIMIT 1"); if (mysql_num_rows($sql) == 0){ echo "&serverResponse=Incorrect username/password"; } else{ $_SESSION['username'] = $username; $result = mysql_query("SELECT `total` FROM `usersystem` WHERE username` = '".$username."' LIMIT 1") or die( mysql_error() ); $row=mysql_fetch_assoc($result); $total = $row['total']; setcookie("username", $username, time()+3600); setcookie("total", $total, time()+3600); header( "Location: play.php" ); } } ?>play.php
<?php include("db.php"); if((isset($_COOKIE["username"])) && (isset($_COOKIE["total"]))) { echo "username:".$_COOKIE['username']; echo "total:".$_COOKIE['total']; } else{ header('Location: nogo.php'); exit; }Ok, I have done that lot a little better, but I have only formatted what was there a little better, and changed the logic a little, I'm not saying that it will be better, but at least things are in the right order now.
Rw
-
surely you need to have the database connection there instead of floating, pop the connection handle into the first mysql_ function, then the queries will inherit the connections from the first one.
That may not be the issue, but always good practice to instantiate a connection handle.
You need to set a limiter to the sql too so that you only get 1 row returned, that's usually a good place to start, and do a print_r to see what is actually available when you have run the checks on the cookie:-
<?php include("db.php"); if ((isset($_COOKIE["username"]) && !empty($_COOKIE["username"])) && (isset ($_COOKIE["total"]) && !empty($_COOKIE["total"]))) { print_r($_COOKIE); echo "username: ".$_COOKIE['username']; echo "total:".$_COOKIE['total']; } else { header('Location: nogo.php'); exit;//good practice to have an exit after the header call too }Try that, and see what's returned.
Rw
-
Some code that you have would help, show us what you have first, then we can help..
Rw
-
isset() to see if it's set, then !empty() to see that it has a value and isn't someone pretending to be a cookie.
See how you get on now.
Rw
-
[EDIT] I really need to type quicker, it is on my to do list, where ever that is nowadays...
$_POST['username'] = stripslashes($_POST['username']); $hour = time() + 3600; setcookie(ID_my_site, $_POST['username'], $hour); setcookie(Key_my_site, $_POST['pass'], $hour); //then redirect them to the members area header("Location: http://example.com/"); die();Seriously this is a bad way of doing this, firstly, if you had error reporting on you would get an error saying something like: presumed constant. Reason being, the name your assigning to your cookie hasn't been quoted and therefore is acting like a constant !ACTING! php will treat this as missing/not defined and throw the error.
Also, your not specifying a the time limit correctly, though, not wrong, just un-necessary use of memory to assign the time to a var, this should be done within the function.
Lastly, specify the domain that you want the cookie active on, using the "/" method will save a lot of time.
so do something like this:-
setcookie("ID_my_site", stripslashes($_POST['username']), time()+60*60*24*30, "/"); setcookie("Key_my_site", stripslashes($_POST['pass']), time()+60*60*24*30, "/"); //then redirect them to the members area header("Location: http://example.com/"); exit;Ok, they are defined better now, cookies are set for 30 days throughout your domain!
Simple.
Rw
-
There are loads of freebies out there, just depends of the level of security that your wanting; search for "php class repository" on google, sign up (it's free) and have a look in there, I quite often go in there and then take a few, and cobble the best bits together.
BUT, if your wanting to learn, there is nothing like starting with a new document and writing a login class from scratch. Then at least you can track what happens and add new methods as you find you need them.
Rw
-
well firstly you need to define the absolute file path, and have that done in the root file, something like this:-
define('ABSOLUTE_PATH', dirname(__FILE__). "/");
This will give you the complete server path for you to work with defined within a constant - and a trailing slash, then you can refer to this in the xml function - this should help you out with this issue, but seriously, always use absolute paths, then you can avoid the toothpick syndrome, and this will make your code easier to maintain.
Rw
-
There may not be errors occurring, there may be an unhandled if/else clause some where that you are invoking, but not handling, this is why having an if/else handled correctly will pay huge dividends in the long run whilst you develop your code.
If only we had step into/step over eh!
Rw
-
function convert(String $str){ $txt = simplexml_load_string($str); return $myvalue = $txt->value; } $data = convert($abcd); echo $data;Oop's I used the wrong var name in there, should have been $txt not $xml.
Doh!
Rw
-
You could do this:-
//Tell the function to reject anything that ISNT a string, that way you don't need to typecast within the function.
function convert(String $str){
$xml = simplexml_load_string($str);
return $myvalue = $txt->value;
}
$data = convert($abcd);
echo $data;
But you need to make sure that the xml function returns data as expected, some basic debugging is needed.
Rw
-
@PFMaBiSmAd cheers for the explanation. I knew I was correct with what I had said.
Rw
-
missing the curlies from the else there, try to keep to one standard, don't mix and match - bad practise.
use isset() then !empty() this proves as it's there and has state...
Ideally, you need to post more of the code so we can see what else is going on in there.
Rw
-
mysql_query("SELECT * FROM `table` WHERE `id` = " .$id. " AND `hash` = '".$hash."' ");If id is a numerical value, don't put the quotes around it, else this will cause issues, only quote chars. Also it's worth building the sql outside the function so that debugging it as a string is an easier task to to!
Rw
-
error_reporting(E_ALL); would have alerted you to a 'presumed constant' error and given an example, from there you would have found this error in 2 mins flat!!
Rw
-
That is a java/C++/C# instruction, though I haven't yet seen it in use within the context of a php class. Typically the __construct() method is just defined on it's own (except when a class is extended I believe (though I am most likely wrong there - don't use that too much myself))
__construct(args...)
That is used to pass things into the class at runtime - that's how I have always understood it to be anyway, then within that method, you would use it to setup controller or error array's, at least that's normally how I do it ;-p
Rw
-
Well if your trying to access sesssion data, don't use the $_REQUEST global, access them directly with $_SESSION['a_name_here'] so your example would be best done like this:-
if (isset($_SESSION['yourSessionVar]) && !empty($_SESSION['yourSessionVar])){ echo "session exists, here is your secret page"; } else{ echo "No hacking"; header(back to login page url here); exit; }Something along that line would be a better way of validating a session... Everything else sounds fine though ;p
Rw
-
And please try not to use $_REQUEST global as it has known security issues that could potentially open your site to hackers..
Your code should look like this:-
idName: <?php echo $idName; ?><br> Firstname: <?php echo $_POST["firstname"]; ?><br> Surname: <?php echo $_POST["surname"]; ?><br> Address: <?php echo $_POST["address"]; ?><br> Email: <?php echo $_POST["email"]; ?><br> Phone no: <?php echo $_POST["phone"]; ?><br> Your fitness level: <?php echo $_POST["fitness"]; ?><br> How often do you go to the gym: <?php echo $_POST["goGym"]; ?><br> Why do you go to the Gym: <?php echo $_POST["whyGym"]; ?><br>
Of course you are 'presuming' that these values are set, and that the form is being filled out by a human; pop a captcha in to sort that issue out, and as you are using $_POST data directly into an email, please sanitise the data before using it.
I just noticed that this entire form is being created within a function; all good, but functions are best used when they are RETURNing data, then at least you can include error handlers, and use boolean values to their full potentials, it's all well and good programming something to work and send an email etc, etc, but it's even better to include error handlers in there so that you can inform yourself (during development) of any erroneous eventualities so that you can 1) keep traffic on your site 2) not revel anything about your site to the end user.
Hope that makes sense.
Rw
-
remove double quotes if you aim fast
Is that really something that's true? I always use double quotes and concatenate vars into the string rather than {} them, I know that's slightly faster, but quoting style shouldn't compromise speed unless your talking about uS of difference.
Rw
-
$ourDirList = @opendir($ourDir);
Seriously: @ <-- why use the error suppressor, you want to know what's wrong, php only recommend that you use the @ on certain xml functions.
Rw
-
Seriously, I wouldn't use $_SERVER['PHP_SELF']; security issues, exactly what are you trying to achieve, and how are you doing it?
Rw
-
Thanks a lot RW!
Works like a charm One quesiton though: why do i have to check if ti is set and if it is empty?
Shouldn't one of them be enough to check if the user submitted something or not?
Right, glad that got you started. Now you need to 'catch' the form being submitted the correct way:-
<?php //check that the form has been submitted via the submit button if(isset($_POST['submit']) && !empty($_POST['submit'])){ //success, now you can clean and assign the $_POST data for use in your script echo $_POST['cost']; } else{ //this is the error handler, usually best to have a header() call so that you can redirect back to the form echo "Please Enter Cost"; exit; } ?>But yes, check that the var exists/has state, then check to see if contains anything, you can go more in depth than that, but for this excerpt, this will do the task.
Rw
-
<?php if(isset($_POST['cost']) && !empty($_POST['cost'])){ echo $_POST['cost']; } else{ echo "Please Enter Cost"; exit; } ?>Try that, don't use $_REQUEST all sorts of issues there. And ensure that the file name you refer to in the action matches the file your editing, and that it is in the same directory.
Rw
Redirect Issue
in PHP Coding Help
Posted
All this is based on the assumption that all these files are in the same directory, then again, if the header couldn't find the file you would get the generic error message of: page could not be found.
I'll check tomorrow to see if there has been a resolution to this, all the best!
[EDIT]: My graphics skill's would shame a 3 year old, code behind my site's I consider Ok, but my graphics are poor!! Thankfully I can pass that stuff to another dept, I really wish I knew how to operate PS to create simple buttons with some PAZAZZ!!
Rw