imgrooot
-
Posts
383 -
Joined
-
Last visited
-
Days Won
1
Posts posted by imgrooot
-
-
I have a script here that lets you upload and submit multiple images. It works. But there are couple things i would like to add.
1. Have 2 mb limit for each image upload. Give an error if any of the image is over 2 mb.
2. Check if the uploaded images are valid types (jpeg, jpg, gift, and png).
Here is the script.
$get_username = 'myusername'; $get_email = '[email protected]'; // we'll begin by assigning the To address and message subject $to = "[email protected]"; $subject = "Subject message here...."; // get the sender's name and email address // we'll just plug them a variable to be used later $from = stripslashes($get_username)."<".stripslashes($get_email).">"; // generate a random string to be used as the boundary marker $mime_boundary="==Multipart_Boundary_x".md5(mt_rand())."x"; // now we'll build the message headers $headers = "From: $from\r\n" . "MIME-Version: 1.0\r\n" . "Content-Type: multipart/mixed;\r\n" . " boundary=\"{$mime_boundary}\""; // here, we'll start the message body. // this is the text that will be displayed // in the e-mail $message = "message text here..."; // next, we'll build the invisible portion of the message body // note that we insert two dashes in front of the MIME boundary // when we use it $message = "This is a multi-part message in MIME format.\n\n" . "--{$mime_boundary}\n" . "Content-Type: text/plain; charset=\"iso-8859-1\"\n" . "Content-Transfer-Encoding: 7bit\n\n" . $message . "\n\n"; // now we'll process our uploaded files foreach($_FILES as $userfile){ // store the file information to variables for easier access $tmp_name = $userfile['tmp_name']; $type = $userfile['type']; $name = $userfile['name']; $size = $userfile['size']; // if the upload succeded, the file will exist if(file_exists($tmp_name)){ // check to make sure that it is an uploaded file and not a system file if(is_uploaded_file($tmp_name)){ // open the file for a binary read $file = fopen($tmp_name,'rb'); // read the file content into a variable $data = fread($file,filesize($tmp_name)); // close the file fclose($file); // now we encode it and split it into acceptable length lines $data = chunk_split(base64_encode($data)); } // now we'll insert a boundary to indicate we're starting the attachment // we have to specify the content type, file name, and disposition as // an attachment, then add the file content. // NOTE: we don't set another boundary to indicate that the end of the // file has been reached here. we only want one boundary between each file // we'll add the final one after the loop finishes. $message .= "--{$mime_boundary}\n" . "Content-Type: {$type};\n" . " name=\"{$name}\"\n" . "Content-Disposition: attachment;\n" . " filename=\"{$fileatt_name}\"\n" . "Content-Transfer-Encoding: base64\n\n" . $data . "\n\n"; } } // here's our closing mime boundary that indicates the last of the message $message.="--{$mime_boundary}--\n"; // now we just send the message if(@mail($to, $subject, $message, $headers)) { echo 'sent'; } else { echo 'There was a problem. Please try again.'; }
One more thing. I notice that some of the images that i take from online(e.g. google images) won't upload, even though they are normal types like jpeg, gift, png. Do you know why that might happen? Are those images somehow encrypted or something?
-
So I have two tables.
Table 1 - Records
Table 2 - Earnings
I basically want to retrieve 6 active records from highest to lowest earnings.
Here are the table setups.
Records Table record_id | record_name | status 1 record_1 1 2 record_2 0 3 record_3 1 4 record_4 1 5 record_5 1 6 record_6 1 7 record_7 1 8 record_8 1 -------------------------------------------- Earnings Table earning_id | record_id | amount 1 1 $100 2 2 $200 3 3 $300 4 4 $400 5 5 $500 6 6 $600 7 7 $700 8 8 $800 9 1 $100 10 1 $100
As you can see I have total of 8 records. Only 7 of them are active. And record_1 has multiple earning rows. This is the tricky part. Normally I can retrieve the records seperatly and the earnings seperatly but I would like to know how can I combine this into a single query to achieve the same result so that I can list 6 active records from highest to lowest earnings?
Here is my way so far.
$find_records = $db->prepare("SELECT record_id, record_name, status FROM records WHERE status = :status"); $find_records->bindValue(':status', 1); $find_records->execute(); $result_find_records = $find_records->fetchAll(PDO::FETCH_ASSOC); if(count($result_find_records) > 0) { foreach($result_find_records as $row) { $record_id = $row['record_id']; $record_name = $row['record_name']; $record_status = $row['record_status']; $get_earnings = $db->prepare("SELECT amount FROM earnings WHERE record_id = :record_id"); $get_earnings->bindParam(':record_id', $record_id); $get_earnings->execute(); $result_earnings = $get_earnings->fetchAll(PDO::FETCH_ASSOC); if(count($result_earnings) > 0) { $ub = 0; foreach($result_earnings as $key=>$row) { $ub+= $row['deposit']; } $record_amount = $ub; } } } -
Doubling the amount of code you are using is not the answer. strtolower is your friend.
Checking just the file extension is also not a good idea. A user can put any file extension they want. Doesn't mean it is a valid file type. You should also be checking the file mime type.
Put the extensions in an array and then use in_array to validate. Same with the mime types.
w3schools is not the best place to learn from.
Copy. I will keep that in mind. Thanks.
-
I found what the issue was.
This code in the script has all lowercase extensions.
if($imageFileType != "jpg" && $imageFileType != "png" && $imageFileType != "jpeg" && $imageFileType != "gif") {}I had to also add all the UPPERCASE extensions as well. And it worked.
if($imageFileType != "jpg" && $imageFileType != "png" && $imageFileType != "jpeg" && $imageFileType != "gif" && $imageFileType != "JPG" && $imageFileType != "PNG" && $imageFileType != "JPEG" && $imageFileType != "GIF") {} -
I am using this script for image uploads.
https://www.w3schools.com/php/php_file_upload.asp
I noticed that with some of the image uploads, I would get the error
"Sorry, only JPG, JPEG, PNG & GIF files are allowed."
The images i upload are one of the file types listed above. So I am wondering why i would get an error for some images but not others despite all them of being the same file types?
Can you tell why judging from the script?
-
Are you executing that same code when you come back? If so, you are writing over your cookie. Based on your error configuration, you should be getting a warning stating something like index sponsor not defined. Use an IF statement to hope over it if $_GET['sponsor'] is not set (and based on your desire, also hope over it if the cookie is already set and you don't want the second link to override the first one).
You are correct. I only have to set the cookie if there is a sponsor parameter. I retrieve the cookie if the parameter is not set. Here is the updated code and it works.
$get_user = $_GET['sponsor']; if(!empty($get_user)) { $number_of_days = 365; $date_of_expiry = time() + 60 * 60 * 24 * $number_of_days; setcookie( "sponsor", $get_user, $date_of_expiry); } else if(empty($get_user)) { if(isset($_COOKIE['sponsor'])) { // find the set cookie $user_cookie = $_COOKIE['sponsor']; } } else {} -
Here's a scenario.
I am setting up a sponsor referral link. If any user signs up on the site through that referral link, they will be matched with the sponsor of that referral link. Normally I can do this using a simple GET method but I want to use cookies so that the referral link will be valid for 30 days. So if a user decides to come back to the site a week later, they will still be matched with that sponsor assuming they haven't deleted their cookies.
For eg.
// referral link mysite.com/signup?sponsor=john
Here is my cookie code. The issue i am having is that if I go to a different page on the site and come back to the signup page, the cookie gets reset or becomes invalid. Can you tell me what i'm doing wrong? Do I have to use the database to store the cookies or what?
$get_user = $_GET['sponsor']; $number_of_days = 30 ; $date_of_expiry = time() + 60 * 60 * 24 * $number_of_days ; setcookie( "sponsor", $get_user, $date_of_expiry); if(isset($_COOKIE['sponsor'])) { echo 'set'; } else { echo 'not set'; } -
You could use
... , SUM( CASE e.type WHEN 1 THEN deposit WHEN 2 THEN -deposit ELSE 0 END ) as net_totalAnd what about the "e.principle = 0" and "e.principle = 1"? How would that fit in the above code?
-
Sorry, there was a
GROUP BY user_ID
before the HAVING. It must've got lost when I edited.Ah yes that does the trick. Below is the updated code. Now my next question is, what if I want to subtract another form of deposit from the current deposit in the same table?
For e.g.
The deposit in the original query has e_type as 1 and e.principle as 1, but in the line below it's different. So what I am essentially trying to do is find the sum of deposit type#1 and also find a sum of deposit type#2. Then I want to get a balance from them after I subtract type#2 from type#1. And then I compare that balance price to level_amount.
partner_earnings as e ON u.user_id = e.sent_to AND e.status = 1 AND e.e_type = 2 AND e.principle = 0
Since I already have type#1 deposit below, how do I add type#2 as shown above and subtract them to get a new balance?
$level_amount = 200; $find_user = $db->prepare("SELECT * FROM ( SELECT u.user_id , SUM(deposit) as totdeposit FROM users as u INNER JOIN partner_earnings as e ON u.user_id = e.sent_to AND e.status = 1 AND e.e_type = 1 AND e.principle = 1 WHERE u.active = 1 GROUP BY user_id HAVING totdeposit > :listedamount ) as totals ORDER BY RAND() LIMIT 1 "); $find_user->bindParam(':listedamount', $level_amount); $find_user->execute(); $result_user = $find_user->fetchAll(PDO::FETCH_ASSOC); if(count($result_user) > 0) { foreach($result_user as $row) { $user_id = trim($row['user_id']); $deposit = trim($row['totdeposit']); } ?> <div class="result-single"> <div class="col-full"> <div class="n1"><span><?php echo $user_id; ?></span></div> <div class="n1"><span><?php echo $deposit; ?></span></div> </div> </div> <?php } -
try
SELECT * FROM ( SELECT u.user_id , SUM(deposit) as totdeposit FROM users as u INNER JOIN earnings as e ON u.user_id = ee.sent_to AND e.status = 1 WHERE u.active = 1 HAVING totdeposit > :listedamount ) as totals ORDER BY RAND() LIMIT 1Here is your method with my full query. Doesn't seem to give me the correct result. The sum of the deposit seems to be greater than what it should be for that user when i echo "totdeposit". I'll keep trying but in the mean time can you see what i am doing wrong below?
$level_amount = 200; $find_user = $db->prepare("SELECT * FROM ( SELECT u.user_id , SUM(deposit) as totdeposit FROM users as u INNER JOIN partner_earnings as e ON u.user_id = e.sent_to AND e.status = 1 AND e.e_type = 1 AND e.principle = 1 WHERE u.active = 1 HAVING totdeposit > :listedamount ) as totals ORDER BY RAND() LIMIT 1 "); $find_user->bindParam(':listedamount', $level_amount); $find_user->execute(); $result_user = $find_user->fetchAll(PDO::FETCH_ASSOC); if(count($result_user) > 0) { foreach($result_user as $row) { $user_id = $row['user_id']; $totdeposit = $row['totdeposit']; } echo $user_id; echo $totdeposit; } -
This is what I am trying to accomplish.
1. I have two tables. T1: Users and T2: Earnings.
2. I want to find a single random user whose deposit amount is greater than the listed amount.
Below is my foreach loop within foreach loop trying to do the above. I was wondering if there is a more simple way to do this task? Is there a way to combine these two queries together?
$listed_amount = 1000; // find a random user $find_user = $db->prepare("SELECT user_id FROM users WHERE user = :user AND active = :active ORDER BY RAND() LIMIT 1"); $find_user->bindValue(':user', 1); $find_user->bindValue(':active', 1); $find_user->execute(); $result_user = $find_user->fetchAll(PDO::FETCH_ASSOC); if(count($result_user) > 0) { foreach($result_user as $row) { $user_id = $row['user_id']; // find that random user's deposit amount $get_deposits = $db->prepare("SELECT deposit FROM earnings WHERE sent_to = :sent_to AND status = :status"); $get_deposits->bindParam(':sent_to', $user_id); $get_deposits->bindValue(':status', 1); $get_deposits->execute(); $result_deposits = $get_deposits->fetchAll(PDO::FETCH_ASSOC); if(count($result_deposits) > 0) { $ub = 0; foreach($result_deposits as $key=>$row) { $ub+= $row['deposit']; } $total_deposits = $ub; } if($total_deposits > $listed_amount) { // show the user } else { // hide the user } } } -
Hopefully you learned a valuable technique from Benanamen's code.
With that said, assuming you wanted to stay with the technique you were using, I think you were looking for the rand() function. You need to specify in this instance, a min and max to constrain the range of the random number returned. You have a zero based array so you want 0.. count -1;
$find_user = $db->prepare("SELECT user_id FROM users ORDER BY user_id ASC"); $find_user->execute(); $result_user = $find_user->fetchAll(PDO::FETCH_ASSOC); //$result_user is an array of all the rows! $row_count = count($result_user); if ($row_count > 0) { echo $result_user[rand(0, $row_count -1)]['user_id']; }Looks interesting. Will give it a shot. Thanks.
-
If you only want ONE random record then just ask for it. No need for code gymnastics.
SELECT user_id FROM users ORDER BY RAND() LIMIT 1
FYI: Your data should have been trimmed on input.
No you dont.
Ah yes the RAND() does the trick.
Yes my data is trimmed on the input. I guess I don't need to trim it on the output as well.
-
I have a foreach loop that returns 5 users. I basically want to show only 1 of the 5 users. Every time that loop is run, it should show a random user of the 5, as oppose to the same user every single time.
How can that be done? This is my query so far.
$find_user = $db->prepare("SELECT user_id FROM users ORDER BY user_id ASC"); $find_user->execute(); $result_user = $find_user->fetchAll(PDO::FETCH_ASSOC); if(count($result_user) > 0) { foreach($result_user as $row) { $user_id = trim($row['user_id']); var_dump($user_id); } } -
Say I have the following.
record_id | record_name ----------------------------------- 1 one 2 two 3 three 3 three 3 three 4 four 5 five 5 five
I want to search through through the table and find all the records. If there are multiple records with same id, I want to combine them into 1 variable and use that. So in the above example, I have 3 threes and 2 fives. I want to combine them so that I only get 1 three and 1 five. How can that be done?
A normal query looks like this.
$get_records = $db->prepare("SELECT * FROM records"); $get_records->execute(); $result_records = $get_records->fetchAll(PDO::FETCH_ASSOC); if(count($result_records) > 0) { foreach($result_records as $row) { $record_id = $row['record_id']; $record_name = $row['record_name']; } } -
You should check with whatever service provider you are using to send the money to see if the support capturing the information on their end then giving you a token. Most payment processors can do this for credit card data so that you can let them worry about storing it and dealing with PCI and you just need to keep the token/your account secure.
That is one of the methods I am looking into.
-
I, for one, am more familiar with ways to receive money, not send it...
PayPal is an easy answer.
PayPal is terrible from what i've heard. Also PayPal doesn't accept the type of business I'm trying to do.
-
What exactly is this process? Why are (were) people going to give you bank info and why were you going to send them money? Are you basically looking for a way to send people money?
I can't go into details about the whole process. But in short, yes I am looking to send people the money, not only in North America but internationally. I would like to know what the best option would be for that.
-
Judging from what you all said, I should avoid collecting users' bank info on my own. Fair point. And I have looked at Stripe and it's not the exact solution I am looking for.
The I guess I have two other ways to do this. Western Union and E-wallet. Do you have suggestions to a reputable international e-wallet? By e-wallet, I don't mean a bitcoin wallet.
-
I have been doing some research and I found out that it's a really really bad idea to store users' sensitive information in a database.
Here's what I am trying to do.
1. Request a member's bank account info.
2. Make a direct deposit into their bank account from my bank account. This is done online through my bank's website.
My question is, if I can't store the member's bank account info in the database, can I at least request them to send it through an email? From there I can put it in excel sheet offline for storage and use that to make direct bank deposits to their account(s). Or is that illegal? If it is, then what's the best way to do this?
-
Actually no. You're using a 302 redirect, which is temporary. Using R=301 (a permanent redirect) is more appropriate.
The HTTP_HOST you had earlier is fine, but will limit the redirects to requests for your site. If someone got to your site with a different domain name, perhaps the IP address itself, then the redirect wouldn't happen, but that isn't really a case you need to worry about.
So in fact the original version and this new version are more or less the same.
I see. I have updated it to "[R=301,L]" and it still works. So that's good.
-
There are so much generalization in your question that it is almost impossible to answer with any certainty. But, I will respond:
As I understand it:
1. Users have a 'balance' that you somehow manage.
2. Users can request a 'withdrawal" that will allow funds from their balance to be transferred to their bank
3. User can purchase items through a 3rd party processor which is paid from their bank account
The goal is for users to pay for items directly through their 'balance'
I have no idea how secure #1 and #2 currently are or if there are any checks and balances. For example, does a person review and approve payments to a bank account to ensure users aren't using malicious means to inflate their account? You could already have holes in the security that you are not aware of.
The bottom line (from my perspective) is that a payment processor is in the business of processing payments. That is their #1 point of being in business. And, assuming they have many sites that they support, the probability that any exploits have been found (and fixed) is very high. If you want to build your own custom process for accepting "payments" from the user's balance you will not (I assume) be starting from the same deep knowledge of processing transactions that a 3rd party dedicated to that process will have. It is also more likely that potential exploits could go much longer without being found and fixed.
Can it be done. Yes. There is no inherent "security flaw" in doing that - it is the implementation that will dictate what flaws, if any, will exist.
To be honest, your whole process seems kind of clunky, but I don't have a clue on your business model.
Good luck with whatever path you take.
Yes I am worried about a user finding a way to inflate their account earnings on the site. But how likely will that be if I am using an SSL certificate and PDO with parameters for code?
-
I apologize if it's the wrong section, I don't know which other section this question would belong in and it is the most popular section on the forum.
Say I have a site where users are can purchase "packages" and to do so, they are sending payments directly to the company using a payment processor. The company tracks all the payments in the back-end. The users are also able to see their earnings, balance and withdrawals.
Normally a user can make a withdrawal request and the company will send that user his earning balance. After the user receives his earnings in his bank account, he can go back to the site and purchase a new package.
That's all great. But what if I want to give an option to the users where they can use the earnings in their account on the site to purchase a new package, instead of going through a payment processor?
For e.g. I have $100 as my earning balance in my site's account. And the package I want to purchase is $50. I can simply purchase that package using the $100 I have in my account, instead of making a withdrawal request and wait for the $100 to show up in my bank account and then I go back to the site and purchase that package using a payment processor, as I did originally.
I am wondering, if I give users that option, do I need to worry about anything security wise? Is that a wise option to give or should I just stick to payment processor for all user payments?
*note I am not asking how to code it.
-
So I have FINALLY solved this problem. Someone helped me out. Instead of the original code I posted, this is the correct code to redirecting to https succesfully.
RewriteEngine On RewriteCond %{SERVER_PORT} 80 RewriteRule ^(.*)$ https://www.yoursite.com [R,L]
How would you join two columns in the same table?
in PHP Coding Help
Posted · Edited by imgrooot
Basically i want to match 2 columns from table1 to 1 column in table2.
Here's my code. How do I do the joins properly?
$get_earnings = $db->prepare("SELECT users.*, member_earnings.* FROM member_earnings LEFT JOIN users ON member_earnings.sent_by = users.user_id LEFT JOIN users ON member_earnings.guest_id = users.user_id WHERE record_id = :record_id AND status = :status ORDER BY earning_id DESC LIMIT 20"); $get_earnings->bindParam(':record_id', $url_id); $get_earnings->bindValue(':status', 1); $get_earnings->execute();