phpsane
-
Posts
320 -
Joined
-
Last visited
Posts posted by phpsane
-
-
My Php Buddies,
I have mysql tbl columns these:
id:
date_&_time:
account_activation_code:
account_activation_status:
id_video_verification_status:
id_verification_video_file_url:
username:
password:
primary_domain:
primary_website_email:
sponsor_username:
Now, I want to display their row data by excluded a few columns.
Want to exclude these columns:
date_&_time
account_activation_code
account_activation_status
id_verification_video_file_url
password
So, the User's (eg. your's) homepage inside his account should display labels like these where labels match the column names but the underscores are removed and each words' first chars CAPITALISED:
Id: 1
Id Video Verification Status: 1
Username: requinix
Primary_domain: requinix.majesty
Primary Website Email: [email protected]
Sponsor Username: phpsane
Recruits Number: 2For your convenience only PART 1 works. Need help on Part 2
My attempted code:
PART 1 <?php // Check connection if ($conn->connect_error) { die("Connection failed: " . $conn->connect_error); } // Query to get columns from table $query = $conn->query("SELECT COLUMN_NAME FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_SCHEMA = 'members' AND TABLE_NAME = 'users'"); while($row = $query->fetch_assoc()){ $result[] = $row; } // Array of all column names $columnArr = array_column($result, 'COLUMN_NAME'); foreach ($columnArr as $value) { echo "<b>$value</b>: ";?><br><?php } ?> PART 2 <?php //Display User Account Details echo "<h3>User: <a href=\"user.php?user=$user\">$user</a> Details</h3>";?><br> <?php $excluded_columns = array("date_&_time","account_activation_code","account_activation_status","id_verification_video_file_url","password"); foreach ($excluded_columns as $value2) { echo "Excluded Column: <b>$value2</b><br>"; } foreach ($columnArr as $value) { if($value != "$value2") { $label = str_replace("_"," ","$value"); $label = ucwords("$label"); //echo "<b>$label</b>: "; echo "$_SESSION[$value]";?><br><?php echo "<b>$label</b>: "; echo "${$value}";?><br><?php } } ?>PROBLEM: Columns from the excluded list still get displayed.
-
2 minutes ago, Barand said:
I'd stick with varchar() unless you need 1000's of characters.
Cheers!
Reason why I asked because the link you pointed deals with FullText.
-
Just now, Barand said:
A good place to start would be mysql fulltext searches
Thanks.
Checking it out now.
Bearing in mind that the link description would be limited like you see in searchengine result pages (SERPs), should I choose VARCHAR(255) or TinyText ?
-
My Dear Php Buddies,
Consider a mysql tbl index.tbl that looks like this with entries:
id | Url | Description
0| http://cheapnames.it | Register Domain Names from $1 to $25.
1|http://lownames.usa | Get Domain Names from $1 to $20.
2| http://lowcostnames.uk | Register Domains for as low as $1.
3| http://getdoman.biz | Register Names from between $1 to $25.
Now, imagine you did a search for "register domain names".
Now you can see the keywords matches in bold below:
id | Url | Description
0| http://cheapnames.it | Register Domain Names from $1 to $25.
1|http://lownames.usa | Get Domain Names from $1 to $20.
2| http://lowcostnames.uk | Register Domains for as low as $1.
3| http://getdoman.biz | Register Names from between $1 to $25.
Now, I want the query to rank the rows based on the most matched keywords. So, from our example, the ranking should be like this:
0| http://cheapnames.it | Register Domain Names from $1 to $25.
1|http://lownames.usa | Get Domain Names from $1 to $20.
3| http://getdoman.biz | Register Names from between $1 to $25.
2| http://lowcostnames.uk | Register Domains for as low as $1.
Note that, the id=0 has 3 KWs matches. Hence on top.
Both the id=1 & id=3 have 2 matches. Hence 2nd & 3rd. Amongst these 2, priority of rank is given based on "id" (link submission id).
And ofcourse, the last matched row is at the bottom.
Q1a. How would you write the Sql query be doing the querying & ranking like I described ?
Q1b. Is just the Sql querying enough here to do the ranking display like described or have to get php to do the ranking display aswell ? Or, maybe Sql should not be doing the ranking display atall but php ? In that case, my I see a php sample code ?
This no good which I got so far:
$query = "SELECT * FROM notices WHERE description = register AND Domain AND Names";
-
On 11/9/2018 at 11:20 PM, requinix said:
It also doesn't say so on the documentation for explode() or mysqli_connect().
That function is part of the GeoIP package, which has a whole section dedicated to setting it up.
Thanks!
-
6 minutes ago, Barand said:
Why would you think that when the manual clearly tells you otherwise. (Read last sentence of the function description)
RTFM!
Oops! I skipped the description! That is why I missed it. Went straight to the example code. Lol!
However, this one does not say such in it's description:
http://php.net/manual/en/function.geoip-country-name-by-name.php
-
On 11/7/2018 at 12:21 AM, gizmola said:
I can't imagine a scenario where the gobbledy-gook of a system you apparently are trying to create would be justified, or possible within your demonstrated engineering capabilities. You are talking about trying to create a system that requires a user to only use one workstation and browser to access your system. I don't know what your system would be doing, but it better be providing literally life saving services, because short of that, nobody is going to put up with the restrictions you have in mind. They are anti-user, and when you make things difficult for users, they stop using your system, or never even stay long enough to pass the entry point. It is damn difficult to get anyone to sign up to use legitimately valuable services, which is why you see so many systems that integrate with facebook, google and twitter, so that you can create your account and trust authentication from those systems to allow access.
Furthermore some of your plans reflect an apparent lack of understanding of Internet basics like NAT. In your system, if we were to follow along with your plans, for a large company with perhaps 1000 employees at a particular site, you plan to only allow 1 employee there to use your system. Ditto universities, or even an average household: "Hey there roommate, I just made an account at this site, you should too!" "WTF, the system says I'm banned!"
Since you are focused on investigating a client IP, I will say this about IP addresses -- they are reliable at least to the degree that they reflect the tcp socket connection from the client to the server. That information bubbles up to PHP from the IP layer, to the server, and finally to PHP's $_SERVER superglob. The problem is, that a client could have bounced through a variety of gateways, proxy servers or VPN prior to the point that you are finally connected.
In many sophisticated hosting environments there are things like load balancers or reverse proxy servers that sit between the client connection and the server which interfere with $_SERVER['REMOTE_ADDR']. Rather than see the client IP, you instead see the IP of the proxy server. If you have that sort of environment, then you can examine $_SERVER['X-Forwarded-For'] or $_SERVER['HTTP_X_FORWARDED_FOR'] variables. These may be arrays with a series of addresses. Again you have the issue that these are provided by the "client" so if it is a proxy server you can depend on at least the most recent address to have been the one that made the TCP socket connection to YOUR proxy server. Other legitimate proxy servers will provide the same data.
However, someone who is taking steps to hide their origin is not going to be prevented from obscuring their IP and there is absolutely nothing you can do about it. Almost everyone uses NAT in some form, so the actual person IP address of a workstation on a network is never going to be visible (and would also be useless if it was, since these will be non-routable IP addresses that are shared by hundreds of millions of users).
Solutions to the issue of certification and authentication, when people have real and legitimate reasons to solve them, involve cryptography. What you are trying to do can be accomplished using X.509 certificates which have support built into browsers.
In a nutshell, at account creation time you would generate an client certificate for that user, installing that into your server, and then providing the signed cert back to them in a specific header (application/x-x509-user-cert ). This will cause the browser to prompt the user to install the cert into their browser. If they accept you know have a reliable way of identifying a specific user. At that point, whenever they connect (must be under SSL) you'll be able to authenticate them back to your system via that particular certificate. Those without a client certificate will be unable to connect. You can think of this as white listing.
It is highly effective but is typically used only in environments where the system knows in advance who their allowed users are. Trying to use it in a public facing website with an unknown user base is something you just don't see because the benefits of trying to do this far outweigh the tolerance that people have for a system that has that degree of odious overhead and invasion of their privacy.
In conclusion:
The types of things you are obses sed with are all edge case items. No quality system begins with the premise that the #1 goal is to try and catch and outsmart an imaginary horde of people attacking your site for reasons unknown.
This started as a specific thread about the contents of $_SERVER variables and then escalated into fairly delusional territory, with a dash of your personal Devshed drama thrown in. And let's just be clear about one thing: If you ever bring up your personal issues regarding your Devshed access again, which are irrelevant to this community, then your access to this community will end as well. It's off topic, it's a waste of people's time and efforts here, and it's rude. I just want to be clear that I won't tolerate it again.
Well. I liked your in-depth feedback (apart from the final paragraph but I understand why you reacted the way you did, though. So, no offense taken).
I am now gonna take your advice and quit trying to tie an account holder to a single machine. Quite frankly, I don't know what came over me to attempt that. (Scratching my head). Maybe, I read some article somewhere about servers getting hacked.
Anyway, let's try keeping this thread on-topic. I am playing around with these 2 codes and am wondering why they fail.
1. Code from:
http://php.net/manual/en/function.geoip-isp-by-name.php
<?php $isp = geoip_isp_by_name('www.example.com'); if ($isp) { echo 'This host IP is from ISP: ' . $isp; } ?>Fatal error: Uncaught Error: Call to undefined function geoip_isp_by_name() in C:\xampp\htdocs\test\test.php:130 Stack trace: #0 {main} thrown in
2. Same result on this too:
Code from:
http://php.net/manual/en/function.geoip-country-name-by-name.php
<?php $country = geoip_country_name_by_name('www.example.com'); if ($country) { echo 'This host is located in: ' . $country; } ?>Fatal error: Uncaught Error: Call to undefined function geoip_country_name_by_name() in C:\xampp\htdocs\test\test.php:130 Stack trace: #0 {main} thrown in
I thought these 2 functions are defined by default. Definition of these 2 are built-into php.
-
Php Gurus,
Someone showed me to check if session is set or not like this:
<?php //login_check() FUNCTION File. /* Check if User is logged-in or not by checking if the session names "user" is set (isset) or not. Return "TRUE" if it is; Else "FALSE". */ //Have to initiate the "session_start" global variable, regardless of whether User is logged-in or not, in order to deal with session stuffs in php. if(!session_start()) { session_start(); } //Function for checking if User is logged-in or not. function login_check() { if(isset($_SESSION["user"]) && !empty($_SESSION["user"])) { //If Session "user" is set and not empty then return TRUE. return TRUE; } else { //If Session "user" is NOT set or if session is empty then return FALSE. return FALSE; } } ?>Been using that all this time and it worked. But, another pro tells me that is not how I should do it.
He does not like this:
if(!session_start()) { session_start(); }And suggests this instead:
if( session_status() != PHP_SESSION_ACTIVE ) session_start();
What is your opinion on this ? Was my code alright or do you reckon I should listen to the other pro and change my code to this:
<?php //login_check() FUNCTION File. /* Check if User is logged-in or not by checking if the session names "user" is set (isset) or not. Return "TRUE" if it is; Else "FALSE". */ //Have to initiate the "session_start" global variable, regardless of whether User is logged-in or not, in order to deal with session stuffs in php. /* Replacing following chunk: if(!session_start()) { session_start(); } */ //Replacing to this insstead: if( session_status() != PHP_SESSION_ACTIVE ) session_start(); //Function for checking if User is logged-in or not. function login_check() { if(isset($_SESSION["user"]) && !empty($_SESSION["user"])) { //If Session "user" is set and not empty then return TRUE. return TRUE; } else { //If Session "user" is NOT set or if session is empty then return FALSE. return FALSE; } } ?>Requinix, Barand, Ginerjm, Benanamen. Anyone! What you say on this ?
Note:
All pages such as home.php, settings.php, etc. (pages inside member account) have the following line at the top:
//Check if User is already logged-in or not. Get the login_check() FUNCTION to check. if (login_check() === FALSE) { //Redirect User to Log-in Page immediately. //header("refresh:0; url=home.php"); header("location:login.php"); exit(); } -
Folks,
I need to grab the visitor's isp. So, how to do it with php ?
I found this:
https://stackoverflow.com/questions/855967/how-do-i-retrieve-the-visitors-isp-through-php
But the tos forbids us using their resources:
http://whatismyipaddress.com/terms-of-useHence, need to fetch the isp details without using the third party whatismyipaddress.com.
How do they fetch it ? -
Thanks Gizmolo and Barand for your snippets! I did learn something from your valuable comments!
-
20 hours ago, requinix said:
Because you don't know what a query string is.
That's exactly what it's doing. lern2ipv6.
I wouldn't. What do you need the browser information for?
The problem is your total lack of understanding about what those values are. All the HTTP_* entries in there are request headers sent by the browser, if they were sent.
1. Oh! I get it now! This:
$url = $_SERVER['QUERY_STRING'];
only outputs the url if the url is a dynamic url with a query "?". Eg. http://requinix.com/female/?user=01
In this case, that code would only grab and display: "user=01".
Correct, Requinix ?
2.
echo 'User IP - '.$_SERVER['REMOTE_ADDR'];
Look what I found:
http://forums.devshed.com/php-development/968306-real-help-_server-post2953927.html
Re-instate me back on devshed.com. I don't know why you banned me there. If it was you that banned there, that is.
This way, I won't have to depend on this forum where users are much more impatient than the users over there. No offense. But the truth.
By grabbing the User's browser details during reg, I can make sure the login checks if the user is logging in from his same machine that he signed-up with. If it's a different browser then most likely he is logging-in with a different machine.
Unless ofcourse Requinix, you can show me a line of code that checks the user's mach address. Say, can php do that ? Grab the computer's mach address ? And better, change a user's mach address so websites cannot grab the user's real mach address. Yet again, I reckon webservers cannot detect a user's mach address. Right ?
Thanks!
-
Php Experts,
I know Md5 has been cracked and nowadays considered outdated. Otherwise, that was used for encrypting passwords.
Now, they use the hash. But from what I learn about the hash, you cannot decrypt it.
What I mean is, the Admin can never know what your real password is once it is saved in hashed format because the password cannot be de-hashed or decrypted.
I know all that stuff and so don't bother yourself explaining about it.What I now want to do is create a Messenger where 2 members can communicate via encryption.
To do that, I need my system to decrypt each end user's messages. And so, which one to use ?
Md5 is crap nowadays and has been cracked.
If you were in my position then which encryptor (php) would you use to build your encrypted messenger with php ? -
I am playing with these:
<?php echo $_SERVER['GATEWAY_INTERFACE'];?> <br> <?php echo $_SERVER['SERVER_NAME'];?> <br> <?php echo $_SERVER['SERVER_ADDR'];?> <br> <?php echo $_SERVER['SERVER_SOFTWARE'];?> <br> <?php echo $_SERVER['SERVER_PROTOCOL'];?> <br> <?php echo $_SERVER['REQUEST_METHOD'];?> <br> <?php echo $_SERVER['REQUEST_TIME'];?> <br> <?php echo $_SERVER['REQUEST_TIME_FLOAT'];?> <br> <?php echo $_SERVER['QUERY_STRING'];?> <br> <?php echo $_SERVER['DOCUMENT_ROOT'];?> <br> <?php echo $_SERVER['HTTP_ACCEPT'];?> <br> <?php echo $_SERVER['HTTP_ACCEPT_CHARSET'];?> <br> <?php echo $_SERVER['HTTP_ACCEPT_ENCODING'];?> <br> <?php echo $_SERVER['HTTP_ACCEPT_LANGUAGE'];?> <br> <?php echo $_SERVER['HTTP_CONNECTION'];?> <br> <?php echo $_SERVER['HTTP_HOST'];?> <br> <?php echo $_SERVER['HTTP_REFERER'];?> <br> <?php echo $_SERVER['HTTP_USER_AGENT'];?> <br> <?php echo $_SERVER['HTTPS'];?> <br>
Found them here:
http://php.net/manual/en/reserved.variables.server.phpI get error:
Notice: Undefined index: HTTP_ACCEPT_CHARSET in C:\xampp\htdocs\test\user_and_server_details.php on line ..What is wrong with this line:
<?php echo $_SERVER['HTTP_ACCEPT_CHARSET'];?>
-
Php mates,
I am going through this page to learn how to grab the User's browser details:
http://php.net/manual/en/function.get-browser.php
I see the manual showing 2 samples. Which one would you go for to get the User's browser details ?
Seems like the 1st code had some problems and so someone gave us the 2nd code. I just want your opinion on the 2nd code before I note it as valid to learn from.
Here is the 1st code:
Got it from here:
http://php.net/manual/vote-note.php?id=119332&page=function.get-browser&vote=down
<?php function get_browser_name($user_agent) { if (strpos($user_agent, 'Opera') || strpos($user_agent, 'OPR/')) return 'Opera'; elseif (strpos($user_agent, 'Edge')) return 'Edge'; elseif (strpos($user_agent, 'Chrome')) return 'Chrome'; elseif (strpos($user_agent, 'Safari')) return 'Safari'; elseif (strpos($user_agent, 'Firefox')) return 'Firefox'; elseif (strpos($user_agent, 'MSIE') || strpos($user_agent, 'Trident/7')) return 'Internet Explorer'; return 'Other'; } // Usage: echo get_browser_name($_SERVER['HTTP_USER_AGENT']); ?>Here is the 2nd:
Got it from here:
http://php.net/manual/en/function.get-browser.php#101125
<?php function getBrowser() { $u_agent = $_SERVER['HTTP_USER_AGENT']; $bname = 'Unknown'; $platform = 'Unknown'; $version= ""; //First get the platform? if (preg_match('/linux/i', $u_agent)) { $platform = 'linux'; } elseif (preg_match('/macintosh|mac os x/i', $u_agent)) { $platform = 'mac'; } elseif (preg_match('/windows|win32/i', $u_agent)) { $platform = 'windows'; } // Next get the name of the useragent yes seperately and for good reason if(preg_match('/MSIE/i',$u_agent) && !preg_match('/Opera/i',$u_agent)) { $bname = 'Internet Explorer'; $ub = "MSIE"; } elseif(preg_match('/Firefox/i',$u_agent)) { $bname = 'Mozilla Firefox'; $ub = "Firefox"; } elseif(preg_match('/Chrome/i',$u_agent)) { $bname = 'Google Chrome'; $ub = "Chrome"; } elseif(preg_match('/Safari/i',$u_agent)) { $bname = 'Apple Safari'; $ub = "Safari"; } elseif(preg_match('/Opera/i',$u_agent)) { $bname = 'Opera'; $ub = "Opera"; } elseif(preg_match('/Netscape/i',$u_agent)) { $bname = 'Netscape'; $ub = "Netscape"; } // finally get the correct version number $known = array('Version', $ub, 'other'); $pattern = '#(?<browser>' . join('|', $known) . ')[/ ]+(?<version>[0-9.|a-zA-Z.]*)#'; if (!preg_match_all($pattern, $u_agent, $matches)) { // we have no matching number just continue } // see how many we have $i = count($matches['browser']); if ($i != 1) { //we will have two since we are not using 'other' argument yet //see if version is before or after the name if (strripos($u_agent,"Version") < strripos($u_agent,$ub)){ $version= $matches['version'][0]; } else { $version= $matches['version'][1]; } } else { $version= $matches['version'][0]; } // check if we have a number if ($version==null || $version=="") {$version="?";} return array( 'userAgent' => $u_agent, 'name' => $bname, 'version' => $version, 'platform' => $platform, 'pattern' => $pattern ); } // now try it $ua=getBrowser(); $yourbrowser= "Your browser: " . $ua['name'] . " " . $ua['version'] . " on " .$ua['platform'] . " reports: <br >" . $ua['userAgent']; print_r($yourbrowser); ?>Do checkout the links before giving your professional opinions.
Thanks!
-
Php Buddies,
Q1. Why does not this following php code grab the url and echo it ?
$url = $_SERVER['QUERY_STRING']; echo "$url";
Q2. And why does this only echo "User IP - ::1" instead of the user's ip ?
echo 'User IP - '.$_SERVER['REMOTE_ADDR'];
-
Folks,
Why code not grab $GET data if it exists ?
Valid Url Format: domain.com/register.php?sponsor_username=barand
Invalid Url Format as Sponsor Username does not exist in url:
domain.com/register.php
$url = "$_SERVER["QUERY_STRING"]"; echo "$_SERVER["QUERY_STRING"]"; echo "$url"; echo htmlspecialchars($_GET["sponsor_username"]); if(strpos($url,'sponsor_username=') !== false) { $sponsor_username = $_GET["sponsor_username"]; } elseif ($sponsor_username == "") { echo "Signups only through invitations only. <br> Therefore, you need to be invited by a registered person who knows you!"; exit(); } -
On 10/16/2018 at 1:28 AM, Barand said:
As for your original question (had you forgotten about that one?) -
- You have a query which returns one record
- You fetch that record
- You then try to fetch another and wonder why it fails
Sorry! don't understand your hint.Both record do get fetched when I remove the 2 lines mentioned in my original post. Why they prevent the fetching of the 1st record ?
-
On 10/16/2018 at 1:11 AM, gizmola said:
What do you want to set a cookie for and why?
So, you don't have to type your username & password while cookie sitll exsts.
-
Ok. Working:
//Check if User made any inputs or not. if ((($_POST["one"]) == "" || ($_POST["one"]) == " ") && (($_POST["two"]) == "" || ($_POST["two"]) == " ") && (($_POST["three"]) == "" || ($_POST["three"]) == " ") && (($_POST["four"]) == "" || ($_POST["four"])== " ") && (($_POST["five"]) == "" || ($_POST["five"]) == " ")) {But, trying to use trim instead. Need help:
if (trim($_POST["one"]) == "" && trim($_POST["two"]) == "" && trim($_POST["three"]) == "" && trim($_POST["four"]) == "" && trim($_POST["five"]) == "") {Get error:
Parse error: syntax error, unexpected 'echo' (T_ECHO) in C:\xampp\htdocs\test\settings_v1.php on line 32
Is ok:
if (trim($_POST["one"]) == "" && trim($_POST["two"]) == "" && trim($_POST["three"]) == "" && trim($_POST["four"]) == "" && trim($_POST["five"]) == "") {Seems to be working.
-
Guys,
Looking at my login.php, on my previous post, can someone be kind enough to add the cookie code so I can learn from your way of coding ? Your style.
Thanks!
-
Sorry.
Here, full code again:
<?php //Required PHP Files. include 'config.php'; //Required on all webpages of the site. //Check if User is already logged-in or not. Get the login_check() FUNCTION to check. if (login_check() === TRUE) { //Redirect User to Log-in Page immediately. //header("refresh:0; url=home.php"); header("location:home.php?user=$user"); exit(); } if (isset($_POST["login_username_or_email_or_domain"]) && isset($_POST["login_password"])) { $login_username_or_email_or_domain = trim($_POST["login_username_or_email_or_domain"]); $login_password = $_POST["login_password"]; //Check if User inputted Username/Email exist in db. Registered or not. //Select Username or Email to check against Mysql DB if they are already registered or not. if(strpos("login_username_or_email_or_domain", "@")) { $querying_column = "primary_website_email"; } elseif(strpos("login_username_or_email_or_domain", ".")) { $querying_column = "primary_website_domain"; } else { $querying_column = "username"; } //Make sure the users table has atleast these 3 columns: username,primary_website_domain and primary_website_email due to the $querying_column variable which could hold any of these 3 values. $query_1 = "SELECT id,account_activation_status,id_video_verification_status,sponsor_username,username,password,primary_website_domain,primary_website_email,first_name,middle_name,surname,gender,age_range,country FROM users WHERE $querying_column = ?"; $stmt_1 = mysqli_prepare($conn, $query_1); mysqli_stmt_bind_param($stmt_1, 's', $login_username_or_email_or_domain); mysqli_stmt_execute($stmt_1); $result_1 = mysqli_stmt_bind_result($stmt_1,$db_id,$db_account_activation_status,$db_id_video_verification_status,$db_sponsor_username,$db_username,$db_password,$db_primary_website_domain,$db_primary_website_email,$db_first_name,$db_middle_name,$db_surname,$db_gender,$db_age_range,$db_country); mysqli_stmt_fetch($stmt_1); if (!mysqli_stmt_fetch($stmt_1)) { echo "Incorrect log-in details1!<br>"; mysqli_stmt_close($stmt_1); exit(); } mysqli_stmt_close($stmt_1); //Free Result_1 Set mysqli_stmt_free_result($stmt_1); $query_2 = "SELECT blog,personal_email,personal_mobile,home_zip,home_town,home_borough,home_city,home_county,home_region,home_state,home_country,business_name,business_email,business_phone,business_zip,business_town,business_borough,business_city,business_county,business_region,business_state,business_country FROM contact_details WHERE id = ?"; $stmt_2 = mysqli_prepare($conn, $query_2); mysqli_stmt_bind_param($stmt_2, 's', $db_id); mysqli_stmt_execute($stmt_2); $result_2 = mysqli_stmt_bind_result($stmt_2,$db_blog,$db_personal_email,$db_personal_mobile,$db_home_zip,$db_home_town,$db_home_borough,$db_home_city,$db_home_county,$db_home_region,$db_home_state,$db_home_country,$db_business_name,$db_business_email,$db_business_phone,$db_business_zip,$db_business_town,$db_business_borough,$db_business_city,$db_business_county,$db_business_region,$db_business_state,$db_business_country); mysqli_stmt_fetch($stmt_2); if (!mysqli_stmt_fetch($stmt_2)) { echo "Incorrect log-in details2!<br>"; mysqli_stmt_close($stmt_2); exit(); } mysqli_stmt_close($stmt_2); //Free Result_2 Set mysqli_stmt_free_result($stmt_2); if (!password_verify($login_password, $db_password)) { echo "Incorrect log-in details3<br>"; exit(); } else { $user = $db_username; $_SESSION["user"] = $user; $_SESSION["id"] = $db_id; $_SESSION["account_activation_status"] = $db_account_activation_status; $_SESSION["id_video_verification_status"] = $db_id_video_verification_status; $_SESSION["id_video_verification_url"] = $db_id_video_verification_url; $_SESSION["sponsor_username"] = $db_sponsor_username; $_SESSION["recruits_number"] = $db_recruits_number; $_SESSION["primary_website_domain"] = $db_primary_website_domain; $_SESSION["primary_website_email"] = $db_primary_website_email; $_SESSION["username"] = $db_username; $_SESSION["first_name"] = $db_first_name; $_SESSION["middle_name"] = $db_middle_name; $_SESSION["surname"] = $db_surname; $_SESSION["gender"] = $db_gender; $_SESSION["date_of_birth"] = $db_date_of_birth; $_SESSION["age_range"] = $db_age_range; $_SESSION["religion"] = $db_religion; $_SESSION["education"] = $db_education; $_SESSION["profession"] = $db_profession; $_SESSION["marital_status"] = $db_marital_status; $_SESSION["working_status"] = $db_working_status; $_SESSION["home_town"] = $db_home_town; $_SESSION["home_borough"] = $db_home_borough; $_SESSION["home_city"] = $db_home_city; $_SESSION["home_county"] = $db_home_county; $_SESSION["home_region"] = $db_home_region; $_SESSION["home_state"] = $db_home_state; $_SESSION["home_country"] = $db_home_country; include 'sessions.php'; header("location:home.php?user=$user"); } } ?> <!DOCTYPE html> <html> <head> <title><?php $site_name ?> Member Login Page</title> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> </head> <body> <form name = "login_form" method = "post" action="" enctype = "multipart/form-data"> <h3><?php echo "$site_name";?> Member Login Form</h3> <fieldset> <label for="login_name">Username/Email:</label> <input type="text" name="login_username_or_email_or_domain" id="login_name" required [A-Za-z0-9] autocorrect=off value=""><br> <label for="login_pass">Password:</label> <input type="password" name="login_password" id="login_pass" required [A-Za-z0-9] autocorrect=off value=""> </fieldset> <div class="SubmitsAndHiddens"> <label for="login_remember">Remember Log-in Details:</label> <input type="checkbox" name="login_remember" id="login_remember" /> <br> <p align="left"><input type="submit" class="btn btn-default" name="submit" value="Log-in!"></p> <br> <a href="login_password_reset.php">Forgot your password ? Reset it here!</a> <br> <a href="register.php">Don't yet have an account ? Register here!</a> </div> </form> </body> </html> -
Folks,
Look at this login.php.
It works if I remove the following:if (!mysqli_stmt_fetch($stmt_1)) { echo "Incorrect log-in details1!<br>"; mysqli_stmt_close($stmt_1); exit(); }And remove the following:
if (!mysqli_stmt_fetch($stmt_2)) { echo "Incorrect log-in details2!<br>"; mysqli_stmt_close($stmt_2); exit(); }Else, I get following error, even if login inputs are correct:
Incorrect log-in details1!Why is that ?
Full code:(removed since it's in the next post)
-
On 10/14/2018 at 3:28 AM, Barand said:
How about checking if $_POST['five'] == "" also?
And what happens if the user enters a space into each of the fields?
So, you suggest I do this ? :
if (($_POST["one"]) == "" || == " " && ($_POST["two"]) == "" || == " " && ($_POST["three"]) == "" || == " " && ($_POST["four"]) == "" || == " " && ($_POST["five"] == "" || == " " && ))
Yes or no ?
Shall I remove the spaces ?
if (($_POST["one"])==""||==" "&& ($_POST["two"])==""||==" "&& ($_POST["three"])==""||==" "&& ($_POST["four"])==""||==" "&& ($_POST["five"]==""||==" "&&))
-
4 minutes ago, Barand said:
Then you testing procedures are definitely suspect.
This code is incorrect:
if (($_POST["one"]) == "" && ($_POST["two"]) == "" & ($_POST["three"]) == "" && ($_POST["four"]) == "" && ($_POST["five"])) { echo "All fields are empty!"; } else { echo "Atleast one field has been filled"; } Ok. It should be without the typo:
if (($_POST["one"]) == "" && ($_POST["two"]) == "" && ($_POST["three"]) == "" && ($_POST["four"]) == "" && ($_POST["five"])) {But, should I rid the spaces ?
if (($_POST["one"])=="" && ($_POST["two"])=="" && ($_POST["three"])=="" && ($_POST["four"])=="" && ($_POST["five"])) {
Why My Php Fail To Detect File Type Or File Extension ?
in PHP Coding Help
Posted
Folks,
I am building a membership script for 21 months now!!! That long!!!
Anyway, I need members to say infront of their cams a few things and then upload the vid file to the site (from the confirm_id.php page) where the member's sponsor (recruiter) will get the video copy to check if it's the real person with the real personal details or not. If true details, then sponsor verifies the member account. Else, unverifies it.
Now, I been testing my code. I uploaded an mp4 file. That should be ok but I get echoed:
"There was a problem uploading your video file $file_name! Make sure your file is an MP4 or a WAV file. You may try again now."
Why ?
Not pasting the whole script as really long. Would do your head in.
Only pasting relevant part:
if($_SERVER["REQUEST_METHOD"] == "POST") { if(!isset($_FILES["id_verification_video_file"])) //REtype { echo "no isset"; } else { $id_verification_video_file = $_FILES['id_verification_video_file']; //REtype //Feed Id Video Verification File Upload Directory Path. $directory_path = "uploads/videos/id_verifications/"; //Make Directory under $user in 'uploads/videos/id_verifications' Folder. if(!is_dir("$directory_path" . "$user")) { $mode = "0777"; mkdir("$directory_path" . "$user", "$mode", TRUE); //Thanks Requinix for my "$mode" typo hint. } //Grab Uploading File details. $Errors = Array(); //SHOULD I KEEP THIS LINE OR NOT ? $file_name = $_FILES["id_verification_video_file"]["name"]; $file_tmp = $_FILES["id_verification_video_file"]["tmp_name"]; $file_type = $_FILES["id_verification_video_file"]["type"]; $file_size = $_FILES["id_verification_video_file"]["size"]; $file_error = $_FILES['id_verification_video_file']['error']; //Grab File Extension details. $file_extension = pathinfo($file_name, PATHINFO_EXTENSION); if(file_exists('$directory_path' . '$user/' . '$file_name')) { $Errors[] = "Error: You have already uploaded a video file to verify your ID!"; exit(); } else { //Feed allowed File Extension(s). $allowed_file_extensions = array("mp4" => "video/mp4","wmv" => "video/wmv"); //Feed allowed file size. $max_file_size_allowed_in_bytes = 1024*1024*100; //Allowed limit: 100MB. $max_file_size_allowed_in_kilobytes = 1024*100; $max_file_size_allowed_in_megabytes = 100; $max_file_size_allowed = "$max_file_size_allowed_in_bytes"; //RETYPE //Verify File Extension. if(!array_key_exists($file_extension,$allowed_file_extensions)) die("Error: Select a valid video file format. Select an MP4 or WAV file."); //Verify MIME Type of the file. elseif(!in_array($file_type,$allowed_file_extensions)) { echo "Error:<font size ='5' font color ='red'><b>There was a problem uploading your video file $file_name! Make sure your file is an MP4 or a WAV file. You may try again now.</b></color></size>"; //THANKS TO REQUINIX FOR BRINNGING IT TO MY ATTENTION I AM STILL PROCESSING THE SCRIPT AFTER THIS LINE WHEN I SHOULD NOT. exit(); } //Verify File Size. Allowed Max Limit: 100MB. elseif($file_size>$max_file_size_allowed) die("Error: Your Video File Size is larger than the allowed limit of: $max_file_size_allowed_in_megabytes."); //Fixed variable name typo. Thanks to Requinix & Simon JM. //Move uploaded File to newly created directory on the server. move_uploaded_file("file_tmp","$directory_path" . "$user/" . "$file_name"); //Notify user their File was uploaded successfully. echo "<font size ='5' font color ='red'><b>Your Video File \"$file_name\" has been uploaded successfully! You will get notified once your Id has been verified successfully.</b></color></size>";Can you spot my coding error ?
Any other errors ?
How-about you show me code sample how you'd do it better and simpler with as much less lines of codes as possible ?