paddy_fields

I'm about to start making a login system for my site. I've created one before but it was a simple SESSION system using session_start() and storing the username in SESSION['username']. My new system has to be secure as secure as possible as the clients data is sensitive, so i don't think this old method will suffice. I've found this tutorial for secure session login on wikiHow.... http://www.wikihow.com/Create-a-Secure-Login-Script-in-PHP-and-MySQL Could anyone give me their opinion on this before I start making it? If it's not a good method then I'd rather not waste the time trying to implement it. Any advice would be great

<?php if( !$sock ){ //Do this if it is closed echo( "offline" ); $image = 'offline.png'; } if( $sock ){ //Do this if it is open echo( "online" ); fclose($sock); $image = 'online.png'; } ?> <img class="img-circle" src="ico/<?php echo $image; ?>" alt="Server status">

With all due respect, you need to employ a programmer to do your project. You clearly have no experience with PHP so you need to either find someone to do it for you, or find an online tutorial on PHP/MySQL and start from the beginning.

You need to start the session at the beginning of the code. session_start();

I can find the extension via... $ext = pathinfo($filename, PATHINFO_EXTENSION); ...but only once the file has been copied to my server. The path extension for $_FILES['cv']['tmp_name'] doesn't seem to have an extension associated so how can I check this before using move_uploaded_file ? echo $_FILES['cv']['tmp_name']; This produces /private/var/tmp/phpp4oORT , so I assume I can't check this way?

Why would you want it to display only once? Surely you need the link to be unique for each company, and hence allow you to view more information for that particular company...

Hi. I've used a white list approach to only allow certain file types to be uploaded, but I would like to know if this is enough protection.. I've been reading about editing the htaccess to allow certain file types, if that would be useful as extra protection? I'd like this to be as safe as possible! error_reporting(E_ALL); ini_set('display_errors', 1); $filename = $_FILES['cv']['tmp_name']; $finfo = finfo_open(FILEINFO_MIME_TYPE); $mime = finfo_file($finfo, $filename); finfo_close($finfo); switch ($mime) { //.pdf case 'application/pdf': $ok = true; break; //.doc case 'application/msword': $ok = true; break; //.docx case 'application/vnd.openxmlformats-officedocument.wordprocessingml.document': $ok = true; break; default: $ok = false; break; } if($ok){ $target = "CV/"; $target = $target . basename( $_FILES['cv']['name']) ; if(move_uploaded_file($_FILES['cv']['tmp_name'], $target)) { echo "The file ". basename( $_FILES['cv']['name']). " has been uploaded <br><br>"; } else { echo "Sorry, there was a problem uploading your file."; } } else { echo "<p>Oh no, you've chosen the wrong file type!</p>"; }

echo $_GET['company'];

$sql="SELECT complain FROM complaint c WHERE c.d_name = '$comp' ";; This is your first reference to $comp, which is why you are getting an undefined variable error. You need to pull this info from your URL via GET and store it as $comp... $comp = $_GET['comp']; And then appropriately escape $comp to avoid SQL injection

That's great, thank you both.

I'm going to use finfo to check the MIME of the document, but for now I still can't seem to stop getting 'Undefined Index' errors? cvupload.php <form action="uploader.php" method="post"> <p>File Upload<p> <p>Select file <input name="cv" type="file" size="50" /></p> <input type="submit" value="Upload" /> uploader.php <?php error_reporting(E_ALL); ini_set('display_errors', 1); $target = "CV/"; $target = $target . basename( $_FILES['cv']['name']) ; if(move_uploaded_file($_FILES['cv']['tmp_name'], $target)) { echo "Your CV named ". basename( $_FILES['uploadedfile']['name']). " has been uploaded"; } else { echo "Sorry, your CV could not be uploaded."; } ?> I can't see why?

In that case I'll just read up on finfo. There's no point in me using the current method if it is unsafe. Thank you.

Hi, I'm trying to create an upload script for just .doc, .docx, and .pdf files I'm getting an Notice: Undefined index: file in /Users/pat/Sites/recruitment/RecruitSmart/upload/uploader.php on line 7 for each time I use $_FILES ? $path = "CV/".$_FILES['file']['name']; $allowedExts = array("pdf", "doc", "docx"); $extension = end(explode(".", $_FILES["file"]["name"])); if (($_FILES["file"]["type"] == "application/pdf") || ($_FILES["file"]["type"] == "application/msword") || ($_FILES["file"]["type"] == "application/vnd.openxmlformats-officedocument.wordprocessingml.document") && ($_FILES["file"]["size"] < 20000000) && in_array($extension, $allowedExts)) { if ($_FILES["file"]["error"] > 0) { echo "Error"; } else { copy($_FILES['file']['tmp_name'], $path); echo "Success"; } } else { echo "Wrong file type"; }

Just to understand this... the array_fill_keys is creating an array of 12 keys (1-12) each with a value of 0. Then the while loop updates keys in the array if the key is the same as $row['month'] value?

You sir, are a magician. Works perfectly.

Great, thank you. I really appreciate your help. It's interesting to see how you've solved this so I can hopefully see more of the logic for myself in the future

Yes, thank you it was the 'm' that was causing the problem - I should have noticed that. The query is now running, but for some reason if there are 'no views' on a certain month then the count is 1 instead of 0? In my test data I only have views for January - April. The counts on these are correct (they're not 1 too many), but the rest should say 0 $sql = "CREATE TEMPORARY TABLE months (month int)"; $db->query($sql); $sql = "INSERT INTO months VALUES (1),(2),(3),(4),(5),(6),(7),(,(9),(10),(11),(12)"; $db->query($sql); $query = "SELECT month , COUNT(*) AS `month_count` FROM months LEFT JOIN jobViews ON month = MONTH(viewDate) GROUP BY month"; $result = $db->query($query); while($row = $result->fetch_assoc()){ echo $row['month']." - ".$row['month_count']."<br>"; } Output: 1 - 5 2 - 3 3 - 3 4 - 1 5 - 1 6 - 1 7 - 1 8 - 1 9 - 1 10 - 1 11 - 1 12 - 1 I understand how the code works but can't see why 5-12 would have a count of 1??

Thank you very much, that's such a great idea of how to do it. I've tried to implement your code I'm getting no output when I print_r the $row? Am I handling this wrong? I'll read up more and play about with the code tomorrow night when I've actually slept, but for now this is my attempt! $sql = "CREATE TEMPORARY TABLE months (month int)"; $db->query($sql); $sql = "INSERT INTO months VALUES (1),(2),(3),(4),(5),(6),(7),(,(9),(10),(11),(12)"; $db->query($sql); $query = "SELECT m.month , COUNT(*) AS `month_count` FROM months LEFT JOIN jobViews ON m.month = MONTH(viewDate) GROUP BY month"; if($result = $db->query($query)){ $row = $result->fetch_assoc(); } print_r($row); I'm getting a notice saying $row is an undefined variable

Hi, I'm trying to make a bar chart that shows how many views a job has per month. For the chart i need 12 seperate variables with the count for each stored... like $countJanuary, $countFebruary etc. I've managed to work this out so far, $query = "SELECT COUNT(*) AS `month_count`, DATE_FORMAT(viewDate, '%m') AS `month` FROM jobViews GROUP BY `month` ORDER BY `month` ASC"; $result = $db->query($query); while($row = $result->fetch_assoc()) { echo $row['month']." - ".$row['month_count']; echo "</br>"; } This produces the following (for testing purposes) but it obviously misses out months that have no matches... 01 - 3 03 - 1 05 - 1 12 - 7I need the query to assign 0 to months with no matching results, so for February '02 = 0' Does any have any advice on the logic of how I can get to the stage where I have (as in the example above) $countJanuary = 3, $countMarch = 1 etc.. Any help would be great

<input type="text" size = "10" value="<?php echo $playdate; ?>"/> <input type="text" size = "10" value="<?php echo $time; ?>"/>

I'm sorry but I don't really understand your grammar, but do you mean you have two pages... the first with the form, and the second with the script which communicates with the database? If so then you need to put the address of the second page in the 'action' part of the form. <form action='page2.php' method='POST' name='loginForm'>

Actually, what am I saying... you can have an IF statement without a conditon. As long as $success is true, then that will work. So... you need to make sure you set $success after the form has been sent... $success = true; debug by printing the contents of $success at the end of your current code and see what is actuall in there

<?php include('header.php'); include('config.php'); if (isset($_POST['submit'])) { $username = ($_POST['username']); $password = ($_POST['password']); $query = "SELECT * FROM login WHERE user_name='$username' AND pass_word='$password' LIMIT 1"; $result = mysql_query($query) or die(mysql_error()); if(mysql_num_rows($result)) { header('location:home.php'); exit; } else { ?> <form action='#' method='POST' name='loginForm'> <input type="textbox" name="username" value="<?php echo $_POST['username'];?>"/> <input type="textbox" name="password" value="<?php echo $_POST['password'];?>"/> <input type="submit"/> </form> <?php } } ?>

You have no condition in the IF statement. $success needs to have a value, so for your example when the form is submitted by the user sucessfully set $success to be 'YES'. And then include that in the IF statement. <?php if ($success=='YES') { $message = "Message sent succesfully! Thank you."; } else { $message = "Oops! Try again!"; } echo '<div id="message">'.$message.'<div id="close-button"></div></div>'; ?>