benanamen

You have a handle of $row but are using $_row.

You mentioned security.php. start with that file.

We are not going to download a zip file. Post your code in the code tags.

DERP! Your right, second way won't even work. Thanks. (And no, no plaintext passwords. I know better)

Does it matter which way? SELECT username, password FROM users WHERE username=:username (Now compare password if valid username) OR SELECT username, password FROM users WHERE username=:username AND password = :password

Thanks for your feedback. This is only used in DB backend applications requiring logging in so SEO is of no concern.

I would like feedback on this basic single site entry procedural code. Any issues, improvements or comments? (included in index.php) <?php /* * This file: display_pages.php * Acts as a Router to display pages * Restricts access to certain files * */ //------------------------------------------------------------------------ // Restrict access to these files //------------------------------------------------------------------------ // Specify some disallowed paths $restricted_files = array( 'header', 'footer', 'navbar', 'menu', ); //---------------------------------------------------------------------------------------- // Display Pages //---------------------------------------------------------------------------------------- if (isset($_GET['p'])) { $page = basename($_GET['p']); // If it's not a disallowed path, and if the file exists if (!in_array($page, $restricted_files) && file_exists("./includes/$page.php")) { $include = "./includes/$page.php"; } else { $include = './includes/404.php'; } } else { $include = './includes/default.php'; } ?>

Storing passwords in plaintext is very bad. You need to use password_hash and password_verify. You never ever insert user supplied data directly to the database. You need to use prepared statements. Overall, it looks like you are using some rather old code.

You are using obsolete Mysql code and are vulnerable to an SQL Injection Attack. Update to PDO. https://phpdelusions.net/pdo

Probably because you are mixing PDO with obsolete Mysql code. Start at this tutorial and learn what is there before you try to move on. https://phpdelusions.net/pdo

Is the manual example a bad usage? Question was regarding the autoloader. I want to know it inside and out before I go on the the next item.

RE: spl_autoload_register I am using the example code from the manual and it works. spl_autoload_register(function ($class) { include 'classes/' . $class . '.class.php'; }); $valid_login = new LoginAttemptsLog($pdo); $valid_login->logSuccessfulAttempt('new_goodusername'); Through testing I see that it somehow reads new LoginAttemptsLog into $class and thinks it is a filename to look for in the classes directory. Do I need to understand anything more than this? What else is there to know about this?

I will just say, you have at least fifty percent more code than you need.

You are missing a where clause. Your query is selecting all of the usernames and passwords in the whole database. Your whole code is flawed. I'm sure others will give you more feedback.

Works for me.

Just making a suggestion as this is what this forum is for. Not looking to get into an argument about it. Probably because there is no specific forum for it. Now you're getting ridiculous. This site has NUMEROUS SPECIFIC forums that are not php. Javascript Help, Html Help, CSS Help,........... And if I was already at the rails forum I probably would if there were knowledgeable people there. benanamen, on 07 Oct 2016 - 11:29 AM, said: Reductio ad absurdum Whatever your trying to say here, the rails forum you link to is exactly that. Rails and other. This is not a pure php site like the rails site is pure rails.

<?php if ($_SERVER['REQUEST_METHOD'] == 'POST'){ // process form } ?> <!DOCTYPE html> <html> <head> <title></title> </head> <body> <form action="<?= $_SERVER['SCRIPT_NAME'] ?>" method="post"> <!-- FORM HERE --> </form> </body> </html>

Umm, could it be your trying to run PHP as Javascript?

"Other" is pretty generic and does not group the topic types. This site may as well just have a php forum and other forum only then. It takes a couple seconds for a mod to add a specific forum so what will it hurt to add it, popular or not? I currently leave this site to other forums for the "other" technology stuff. The first top two priorities for a site owner is to get people to their site and to keep them there. IMO, phpfreaks has the most knowledgeable experts than any other forums I am on.

You have my vote as well as for other technologies. I posted to Comments https://forums.phpfreaks.com/topic/302292-new-forums/

I would like to propose that new specific forums are added to this site for Ruby/Rails, Python and Java and perhaps others. (Yeah, I know it's "PHP Freaks"). It would be beneficial to this site and its users. It is also common on other coding sites to cover all the various technologies.

Am I better off heading straight to ruby first? Does ruby knowledge transfer over to Php OOP? Are you on any ruby help forums?

When extending the class, does it matter if you do classname::method or if you do parent::method? Is there a best practice on this?

That answers an upcoming question I had. With all these classes in an app, how do you know how to use them. That is the problem I am going to run into until I get this down. I wouldnt know bad OOP staring me in the face. Any OOP tutorial recommendations? This is worth it's weight in gold! When you explain things the way you just did I can get a good grasp of it. All the tutorials I have seen don't really explain in detail. They just say do this, do that. So, if I understand correctly I don't want to do protected $username =""; right?

So now this tutorial I am studying uses another example and the same type of line previously asked about equals an empty string public $username = "";. I tried it without the empty string like public $username; and it still works. What is there to know about this? Any recommendations that give detailed explanations of the code? * Edit, now elsewhere I am also seeing var $some_variable; for the same type of line. So there is Public, Private, Protected and Var? OOP is making my head hurt. <?php class Member { public $username = ""; } $member = new Member(); $member->username = "Fred"; echo $member->username; ?>