Jump to content


  • Posts

  • Joined

  • Last visited

  • Days Won


Everything posted by Gandalf64

  1. I developed my own calendar and if I am understanding you correctly then you could do something like the following: protected function checkForEntry($calDate, $page = 'index.php') { $this->username = isset($_SESSION['user']) ? $_SESSION['user']->username : \NULL; $this->query = 'SELECT 1 FROM cms WHERE page=:page AND DATE_FORMAT(date_added, "%Y-%m-%d")=:date_added'; $this->stmt = static::pdo()->prepare($this->query); $this->stmt->execute([':page' => $page, ':date_added' => $calDate]); $this->result = $this->stmt->fetch(); /* If result is true there is data in day, otherwise no data */ if ($this->result) { return \TRUE; } else { return \FALSE; } } then simply disable the day though you don't have to use a database table to do this as I was just showing it's pretty simple. That is if I'm understanding correctly?
  2. I found this http://phpenthusiast.com/blog/how-to-autoload-with-composer link explaining Namespace and PSR-4 Autoloader to be pretty informative.
  3. I have a repository (actually a couple of repositories) on creating a calendar in php at https://github.com/Strider64 I basically start of the premise of have 7 rows as the calendar I want to display for it will cover the previous month days (Starting with the first week of the selected month) and continuing to fill in the days as needed which more than likely will cover future month's days.
  4. Here's my version -> <?php function IsPrime($n) { for ($x = 2; $x < $n; $x++) { if ($n % $x == 0) { return 0; } } return 1; } function isStrob($num) { $myNumber = str_split($num); for ($i = 0; $i <= count($myNumber) / 2; $i++) { $c = $myNumber[$i]; $b = $myNumber[count($myNumber) - 1 - $i]; if (!isValid($c, $b)) { return FALSE; } } return TRUE; } function isValid ($c, $b) { switch ($c) { case '1': return $b == '1'; case '6': return $b == '9'; case '9': return $b == '6'; case '8': return $b == '8'; case '0': return $b == '0'; default: return FALSE; } } function get_strobogrammatic_numbers($total = 10000) { for ($i = 0; $i <= $total; $i++) { $status = isStrob($i); if ($status) { $strob_numbers[] = $i; } } return $strob_numbers; } $result = get_strobogrammatic_numbers(1000); //echo "<pre>" . print_r($result, 1) . "</pre>"; ?> <!DOCTYPE html> <html lang="en"> <head> <title>Test Upside Up</title> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> </head> <body> <div>Strobogrammatic Numbers</div> <?php echo "<p>"; for ($x = 0; $x < count($result); $x++) { if ($x === count($result) - 1) { echo $result[$x] . ".<p>"; } else { echo $result[$x] . ", "; } } ?> </body> </html>
  5. Or you could use DateTime() -> <?php $variableDate = "October 8, 2017"; /* * DateTime & DateTimezone are classes built into PHP. */ $myDate = new DateTime($variableDate, new DateTimeZone("America/Detroit")); /* * N is a numeric representation -> 1 (for Monday) through 7 (for Sunday) */ if ( $myDate->format("N") < 6) { $myDate->modify("+3 days"); // modify is a method (function) that does what it says { similar to strtotime } } else { $myDate->modify("+5 days"); } echo $myDate->format("l, F j, Y") . "<br>"; // Display it in the format of your choosing:
  6. First simply turning on error reporting (without exemptions) should had help you out or pointing into you into the right direction. Second I would minimize at first what you are trying to insert into database. Here's an example of of a tutorial that I starting on php pdo function createLogin(array $data, $pdo) { /* Secure the Password by hashing the user's password. */ $data['password'] = password_hash($data['password'], PASSWORD_BCRYPT, array("cost" => 15)); try { /* Set the query variable */ $query = 'INSERT INTO myUsers (name, password, email, security, confirmation, date_added) VALUES (:name, :password, :email, :security, :confirmation, NOW())'; /* Prepare the query */ $stmt = $pdo->prepare($query); /* Execute the query with the stored prepared values */ $result = $stmt->execute([ ':name' => $data['name'], ':password' => $data['password'], ':email' => $data['email'], ':security' => $data['security'], ':confirmation' => $data['confirmation'] ]); // End of execution: return TRUE; } catch (PDOException $error) { // Check to see if name is already exists: $errorCode = $error->errorInfo[1]; if ($errorCode == MYSQL_ERROR_DUPLICATE_ENTRY) { error_log("Duplicate Name was Enter", 1, "jrpepp@pepster.com"); } else { throw $error; } } } thirdly I would take a look at your database table structure, for example here's the structure of the above in MySQL: $sql = "CREATE TABLE IF NOT EXISTS myUsers (" . "ID int(11) AUTO_INCREMENT PRIMARY KEY," . "name varchar(60) NOT NULL," . "password varchar(255) NOT NULL," . "email varchar(60) NOT NULL," . "security varchar(25) NOT NULL," . "confirmation varchar(255) NOT NULL," . "date_added datetime NOT NULL DEFAULT '0000-00-00 00:00:00')"; the above is part of a script that I wrote for an install script, but you can get the structure using phpMyAdmin. Looking over the structure should give you an idea where you forgot to cross a t or dot an i. HTH John
  7. That for me was the hardest part in writing clean URLS and I don't know why? I would have this in my .htaccess file RewriteRule ^(index|about|blog|calendar|contact|edit|login|order)$ $1.php [NC,L] RewriteRule ^edit/(\d+)$ edit.php?id=$1 [NC,L] but forget I had to do this echo '<a class="edit" href="edit/' . $this->row->id . '">Edit</a>'; I would spend days trying to get it work and finally a light bulb turned on, but until I did figure it out it was like I was myself.
  8. It just so happens I developed a script that does just that, by that I mean takes images from a particular directory and made a very simple slideshow (actually it rotates). I recently took it down from my website, so I can't show it in action but here's a test script that I made. <style> /* essential styles: these make the slideshow work */ #slides { position: relative; height: 400px; padding: 0px; margin: 0px; list-style-type: none; } .slide { position: absolute; left: 0px; top: 0px; width: 100%; height: 100%; opacity: 0; z-index: 1; -webkit-transition: opacity 1s; -moz-transition: opacity 1s; -o-transition: opacity 1s; transition: opacity 1s; } .showing { opacity: 1; z-index: 2; } </style> <?php $supported_file = [ 'gif', 'jpg', 'jpeg', 'png' ]; $files = glob("assets/uploads/*.*"); echo '<ul id="slides">' . "\n"; for ($i = 0; $i < count($files); $i++) { $image = $files[$i]; // Just making it easier to understand that $files[$i] are the individual image in the loop: $ext = strtolower(pathinfo($image, PATHINFO_EXTENSION)); if (in_array($ext, $supported_file)) { /* * echo basename($image); ### Shows name of image to show full path use just $image: */ if ($i === 0) { echo '<li class="slide showing"><img src="' . htmlspecialchars($image) . '" alt="Slide Show Image"></li>' . "\n"; } else { echo '<li class="slide"><img src="' . htmlspecialchars($image) . '" alt="Slide Show Image"></li>' . "\n"; } } else { continue; } } echo "</ul>\n"; ?> <script> var slides = document.querySelectorAll('#slides .slide'); var currentSlide = 0; var slideInterval = setInterval(nextSlide, 3000); function nextSlide() { slides[currentSlide].className = 'slide'; currentSlide = (currentSlide + 1) % slides.length; slides[currentSlide].className = 'slide showing'; } </script> No Javascript Library needed (I been developing pure javascript lately).
  9. I personally would use an addEventListener instead of inline javascript like this example: selectBtn.addEventListener("change", function (event) { event.preventDefault(); selectCompany(); // Ajax or what have you function. }, false); // End of addEventListener Function: the Ajax would be something that you will have to figure out. However, doing it this way it would be easier to daisy chain or do whatever you are trying to do. For example I generate blog postings based on the person selected and the following is the ajax portion based on what the visitor of the website chooses. Me bad, The following is the callback portion of the Ajax. function displayBlog(url, formData, callback) { var xhr = new XMLHttpRequest(); xhr.onreadystatechange = function () { if (xhr.readyState === 2) { //console.log(xhr.status); } if (xhr.readyState == 4 && xhr.status == 200) { //console.log(xhr.readyState); callback(xhr.responseText); } }; // End of Ready State: xhr.open('POST', url, true); xhr.setRequestHeader('Content-type', 'application/x-www-form-urlencoded'); xhr.setRequestHeader('X-Requested-With', 'XMLHttpRequest'); xhr.send(formData); } Here's the Ajax CALL of the javascript. /* * Display Blog that user selects */ function selectUser() { removeElementsByClass('cms'); var url = 'select_user.php'; var form_data = serializeFormById('selectBlog'); displayBlog(url, form_data, function (result) { //console.log(result); var json = JSON.parse(result); generateHTML(json) }); } This is the function that the addEventListener function is calling. I use a callback function though I could had easily just created another selection element or called another selection element. (maybe even using a callback function?)
  10. I have a repository at Github of my website that I think incorporates a nice secure login system -> https://github.com/Strider64/Slice-of-Technology You might be able to modify it to your liking? The only thing it won't really stop is a brute force attack, but from what I read about brute force attacks is that it takes a long time to crack a user who uses a strong password. That's is why it's important for users to have strong passwords and brute force attacks are almost impossible to defend against (at least I haven't found a real good solution).
  11. Someone awhile back told me that I should do something like the following (Just an example): <?php require_once '../private/initialize.php'; use Library\Display\Display; $status = FALSE; $display = new Display(); if (is_logged_in()) { $status = TRUE; } /* Makes it so we don't have to decode the json coming from Javascript */ header('Content-type: application/json'); /* Start of your php routine(s) */ $submit = filter_input(INPUT_POST, 'submit', FILTER_SANITIZE_FULL_SPECIAL_CHARS); if (isset($submit)) { $user_id = filter_input(INPUT_POST, 'user_id', FILTER_SANITIZE_FULL_SPECIAL_CHARS); $data = $display->readBlog("blog.php", $user_id); if ( (isset($_SESSION['user']) && $_SESSION['user']->id === (int)$user_id) || (isset($_SESSION['user']) && $_SESSION['user']->security_level === 'sysop') ) { $temp = true; } else { $temp = false; } array_unshift($data, $temp); output($data); } /* End of your php routine(s) */ /* * If you know you have a control error, for example an end-of-file then simply output it to the errorOutput() function */ function errorOutput($output, $code = 500) { http_response_code($code); echo json_encode($output); } /* * If everything validates OK then send success message to Ajax / JavaScript */ function output($output) { http_response_code(200); echo json_encode($output); } And so far it was work out like a charm for me, it forces you to be structure and it's also pretty easy to debug doing it this way.
  12. It's bad practice to send a password over a url. Though I don't know what you're after, but why not have them login at the redirect?
  13. Another way to go about doing this is when you display the record(s). For example on my website I have a CMS for my web page(s) and I do this -> if (isset($_SESSION['user']) && ($_SESSION['user']->security_level === 'sysop' || $_SESSION['user']->id === $this->row->user_id)) { echo '<div class="system">' . "\n"; echo '<a class="edit" href="edit/' . urlencode($this->row->id) . '">Edit</a>' . "\n"; echo '<a class="delete" href="delete_page.php?id=' . urlencode($this->row->id) . '">Delete</a>' . "\n"; echo "</div>\n"; } then on top of my edit page (edit.php) I have the following <?php require_once '../private/initialize.php'; use Library\CMS\CMS; protected_page(); $cms = new CMS(); if (isset($_GET['id']) && filter_var($_GET['id'], FILTER_VALIDATE_INT)) { $id = filter_var($_GET['id']); $result = $cms->readId($id); } elseif (isset($_GET['id'])) { header("Location: members_page.php"); exit(); } like I said this is just one way of doing it.
  14. A good way to practice HTML/CSS and Javascript is using jsfiddle -> https://jsfiddle.net/Strider64/o0tqd538/12/ A great way to test out small designs and javascript code.
  15. I personally like this website to generate the ModRewrite rule - http://www.generateit.net/mod-rewrite/index.php I find it easier to visualize what the php portion should be after I generate the rule.
  16. Have a configuration file at the very top of each page called something like config.php, utilize.inc.php or something that is logical. Mine is require_once '../private/initialize.php'; have session_start() in that configuration file/page.
  17. Just want to add after you accomplish what Jacques1 and gizmola said then regenerate the session id after the user has successfully has login. That way even if a person by chance hijacked that account the login would still be invalid. For example -> // Regenerate session ID to invalidate the old one. // Super important to prevent session hijacking/fixation. session_regenerate_id(); $_SESSION['logged_in'] = true;
  18. Here's how I basically check my dates in my calendar that I developed for my website (I know shameless plug ). This hasn't been tested, for I don't use it this way. Which means there might be some modifications that has to be done to the script. <?php $myDate = "1964-08-28"; /* Check date is actually a date */ function checkIsAValidDate($myDate) { return (bool) strtotime($myDate); } $valid = checkIsAValidDate($myDate); // Call the Function: /* Check to see if date is set, is ten characters in length for a format of 0000-00-00 and is truly a valid date. */ if (isset($myDate) && strlen($myDate) === 10 && $valid) { echo "Date is Valid!<br>\n"; }
  19. I could be wrong, for I only did a quick search on the internet but it looks like PHP Manager is obsolete or not being supported? (Someone correct me if I'm wrong) To me from your standpoint I think your problem is more of an update issue than a coding issue (again I could be wrong). All I know is if I had your job I would be looking into updating the applications on the server than trying to correct the issue rather than splicing in a code fix, for I think it doing it that way would solve your problem(s) and satisfy the auditor(s). This is especially truly if you are just an IT administrator with no programming skills?
  20. I'll help you with what I thought was the tricky part of Google ReCaptcha (How I resolved it was not only going to Google, but searching the internet. You'll be surprised how many before you have had the same issue), for I think you can get the rest by going to Google themselves. When the user clicks on the I'm human checkbox this is how I would set up the response. if (isset($submit) && $submit === 'submit') { /* The Following to get response back from Google Recaptha */ $url = "https://www.google.com/recaptcha/api/siteverify"; $remoteServer = filter_input(INPUT_SERVER, 'REMOTE_ADDR', FILTER_SANITIZE_URL); $response = file_get_contents($url . "?secret=" . PRIVATE_KEY . "&response=" . \htmlspecialchars($_POST['g-recaptcha-response']) . "&remoteip=" . $remoteServer); $recaptcha_data = json_decode($response); /* The actual check of the recaptcha */ if (isset($recaptcha_data->success) && $recaptcha_data->success === TRUE) { /* Example data gather from the form (actually my contact form) */ $data['name'] = filter_input(INPUT_POST, 'name', FILTER_SANITIZE_FULL_SPECIAL_CHARS); $data['email'] = filter_input(INPUT_POST, 'email', FILTER_SANITIZE_FULL_SPECIAL_CHARS); $data['phone'] = filter_input(INPUT_POST, 'phone', FILTER_SANITIZE_FULL_SPECIAL_CHARS); $data['website'] = filter_input(INPUT_POST, 'website', FILTER_SANITIZE_FULL_SPECIAL_CHARS); $data['reason'] = filter_input(INPUT_POST, 'reason', FILTER_SANITIZE_FULL_SPECIAL_CHARS); $data['comments'] = filter_input(INPUT_POST, 'comments', FILTER_SANITIZE_FULL_SPECIAL_CHARS); /* The following would be your way of sending the email */ $send = new Email($data); // This is my way, by sending it to a class: } else { $errMessage = "You're not a human!"; } }
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.