Jump to content

phreak3r

Members
  • Content count

    68
  • Joined

  • Last visited

Community Reputation

1 Neutral

About phreak3r

  • Rank
    Regular Member

Recent Profile Visitors

103 profile views
  1. phreak3r

    Refactoring this code...

    Can't pass something that is broken, haha. I am having to re-write and fix things.
  2. phreak3r

    Refactoring this code...

    PDO, yes. I was using it before, but as I said, I lost my recent work and have to start with what I have got. My database connection configuration 'stuff' is PDO, I am moving away from mysqli slowly but surely. Thank you.
  3. phreak3r

    Refactoring this code...

    I was working on this project earlier on in the year, I have not posted here much. I would like to get it over with and start something else. I have other files which look like the excerpt of code from a file below. I personally think that my code lacks structure and could be organized in a better fashion. I lost most of my progress and am having to backtrack and restore code. Is there a way to re-write this code and make it more readable? Please and thank you! <?php include('header.php'); require_once('dbcon/dbcon.php'); //include('functions.php'); if ($_SERVER['REQUEST_METHOD'] == 'POST') { // sanitize values before entering them into db, no bad seeds. $username = mysqli_real_escape_string($conn, $_POST['username']); $password = mysqli_real_escape_string($conn, $_POST['password']); $bio = mysqli_real_escape_string($conn, $_POST['bio']); $hashed_password = mysqli_real_escape_string($conn, password_hash($password, PASSWORD_DEFAULT)); $email = mysqli_real_escape_string($conn, $_POST['email_address']); $confirmation_status = 0; /* function sanitizeValues($x, string $postString) { $x = mysqli_real_escape_string($conn, $_POST[$postString]); }*/ $username_query = "SELECT * from profiles001 WHERE username='$username'"; $result = mysqli_query($conn, $username_query); // if username exists do not continue... if (mysqli_num_rows($result) > 0) { header('Location: /soapbox/signup.php'); // let user know that username is taken... } else { // file upload stuff... $file = $_FILES['file']; $fileName = $_FILES['file']['name']; $fileTmpName = $_FILES['file']['tmp_name']; $fileSize = $_FILES['file']['size']; $fileError = $_FILES['file']['error']; $fileType = $_FILES['file']['type']; $fileExt = explode('.', $fileName); $fileActualExt = strtolower(end($fileExt)); $allowed = array('jpg', 'jpeg', 'png'); // avatar file constraints checks... if (in_array($fileActualExt, $allowed)) { if ($fileError === 0) { if ($fileSize < 1000000) { $fileNameNew = uniqid($_SESSION['username'], true) . "." . $fileActualExt; $fileDestination = 'uploads/' . $fileNameNew; move_uploaded_file($fileTmpName, $fileDestination); } else { echo "Your file is too big!"; } } else { echo "There was an error uploading your file" . $fileError . $fileSize; } } else if (!(empty(in_array($fileActualExt, $allowed))) && !($allowed)) { echo "Cannot upload file of this type!"; } mkdir("channel/" . $username); mkdir("channel/" . $username . "/videos"); fopen("channel/" . $username . "/index.php", "w"); $account_open_date = date("Y-m-d h:i:s"); $current_date = date("Y-m-d h:i:s"); //$account_open_date_retrieval_sql_select = "SELECT account_open_date from profile0"; //$account_age = date_diff($row, $current_date); // acct open date - current date = account age //$account_age_result = mysqli_query($conn, $account_open_date_retrieval_sql_select); //$row = mysqli_fetch_assoc($account_age_result); // if-then-else-if statement to get rid of the fileDestination var undefined error when avatar photo is not submitted.... if (!(empty($fileDestination))) { $sqlinsert = "INSERT INTO profiles001 (username, password, email, c_status, doc, avatar, bio) VALUES ('$username', '$hashed_password', '$email', '$confirmation_status', '$account_open_date', '$fileDestination', '$bio')"; } else if (empty($fileDestination)) { $fileDestination = "assets/soap.jpg"; $sqlinsert = "INSERT INTO profiles001 (username, password, email, c_status, doc, avatar, bio) VALUES ('$username', '$hashed_password', '$email', '$confirmation_status', '$account_open_date', '$fileDestination', '$bio')"; } $result = mysqli_query($conn, $sqlinsert); } } ?>
  4. phreak3r

    PDO: Problem with login system

    Nevermind, Kev, I sorted it out.
  5. phreak3r

    PDO: Problem with login system

    Yeah, this is pretty frustrating. I do not like how things are so split up like that. I prefer to have: if ($row && password_verify($password, $row['password'])) {} But that doesn't work either, I went from fixing things to breaking them again.
  6. phreak3r

    PDO: Problem with login system

    I sort of understand, I took away or changed whatever I had as $result in order to get the PDO working, well...sort of working. So, with just if ($row) {} else {} there should be no need for if ($row == 1 && password_verify($password, $row['password'])) {}? At least that is what I am getting from this...
  7. phreak3r

    PDO: Problem with login system

    Nevermind, $row is now printing out the array. But, still not logging in properly.
  8. phreak3r

    PDO: Problem with login system

    Welp, $row is not printing anything out at all.
  9. I have been converting parts of my codebase over from procedural MySQLi to PDO. I have had trouble at the moment, I am being hit with an 'incorrect password or username" error, when I know that I am for a face using the correct username and password. Anything funny looking here? <?php include('header.php'); require('dbcon/dbcon.php'); // if fields in form are set and submitted, check if user exists and is logged in or not if ($_SERVER['REQUEST_METHOD'] == 'POST') { $databaseClass = new Database; $dbconnect = $databaseClass->connectToDatabase(); $username = $_POST['username']; $password = $_POST['password']; $stmt = $dbconnect->prepare("SELECT * FROM profile0 WHERE username = :username"); $stmt->bindParam(':username', $username); $stmt->execute(); $count = $stmt->fetchColumn(); $row = $stmt->fetch(PDO::FETCH_ASSOC); //$row = $stmt->fetch(PDO::FETCH_ASSOC); // if username and password match, init session and redirect to another page. if ($row == 1 && password_verify($password, $row['password'])) { $_SESSION['logged_in_user'] = $username; // set to IDnum later on... $_SESSION['username'] = $username; // check if the user is logged in // if so, redirect to main page for logged-in users. if (isset($_SESSION['logged_in_user'])) { $_SESSION['logged_in_user'] = TRUE; header('Location: main.php'); } else { // not logged in, keep on same page... session_destroy(); exit(); } } else if ($username != $row['username'] || $password != $row['password']) { echo "Incorrect username or password."; } } // test var_dump($username); var_dump($password); ?>
  10. phreak3r

    Call to a member function query() on null

    Okay, thank you!
  11. phreak3r

    Call to a member function query() on null

    Ah, well, I am still new to this. But, okay, I guess I will just start using and learning PDO. The answer isn't much help to me, but thanks?
  12. The code is a bit of a mess. I am trying to convert this procedural code to OO style. I have already done so in the dbcon/dbcon.php class, however, I am trying to get the database connected and working to retrieve information from the database. I am being given an "Call to a member function query() on null" error. Any help? I have sort of started converting the channel/channel.php class over to OO style. I am new to doing things in the object-oriented format, I have preferred procedural, but it will only make things easier in the future to start re-writing the codebase in an object oriented format. Thanks for the assistance! Code for dbcon.php: <?php define('HOST', 'localhost'); define('USERNAME', 'root'); define('PASSWORD', '1234'); define('DATABASE_NAME', 'soapbox'); class databaseAccess { //mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT); public $conn; function __construct() { $this->connectToDatabase(); } // connection to database function connectToDatabase() { //mysqli::select_db(DATABASE_NAME); $this->conn = new mysqli(HOST, USERNAME, PASSWORD, DATABASE_NAME); } /*if (!$conn) { die("Connection failed: " . mysqli_connect_error()); } else { echo "Connection successful!"; } if (!mysqli_select_db($conn, $database)) { echo " Database not selected!"; } else { echo " Database selected!"; }*/ } ?> Code for channel.php: <!-- TODO: - Move elements to separate stylesheet --> <?php include('../header.php'); require('../dbcon/dbcon.php'); include('../functions.php'); isLoggedIn(); $dbcon = new databaseAccess(); $conn = $dbcon->connectToDatabase(); $sql = "SELECT avatar, bio, account_open_date, user_id from profile0 WHERE username = '". $_SESSION['username'] . "' "; $result = $conn->query($sql); $row = mysqli_fetch_assoc($result); $userID = $row['user_id']; $url = "/soapbox/"; $avatar = $row['avatar']; $bio = $row['bio']; $join_date = date('F j, Y', strtotime($row['account_open_date'])); $username = $_SESSION['username']; $sql = "SELECT video_id, thumbnail, video_title from videos0 WHERE uploader='$username'"; $result = mysqli_query($conn, $sql); $num = mysqli_num_rows($result); ?>
  13. phreak3r

    Any problems with this code?

    Sorry, ran out of time to edit the first post... if (is_uploaded_file($fileName) && is_uploaded_file($thumbnailImageName) && !empty($videoTitle)) { $sql = "INSERT into videos0 (uploader, video, thumbnail, video_title, video_desc) VALUES ('$username', '$fileDestination', '$thumbnailImageDestination', '$videoTitle', '$videoDesc')"; $result = mysqli_query($conn, $sql); header('Location: /soapbox/upload.php?success'); } else { echo "Empty fields!"; var_dump($file); var_dump($thumbnailImageFile); var_dump($videoTitle); }
  14. phreak3r

    Any problems with this code?

    -It was just a size that I guessed, it was bigger and allowed me to upload some test thumbnails during the time. -Yeah, I am working on a system for that. But, in what context do you mean clean up the thumbnails? -I will put separators back into the thumbnail file name. -That particular function only accepts strings as parameters, not arrays. I tried with the array, did not work. -I do not quite understand this one. So, even if errors are given out, you can still upload a video if you have a video, thumbnail, and title? -Overwriting the video file? I did not know I did that.. - Yeah, it is just a test for now, but will be fixed in a matter of time. Erm...Thank You!?
×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.