Jump to content

phreak3r

Members
  • Content Count

    105
  • Joined

  • Last visited

Everything posted by phreak3r

  1. How would you sanitize input without changing or mangling it?
  2. Never sanitize input, correct? I had asked the folks over at #php@freenode about that and they suggested I not sanitize input data.
  3. How can I go about validating a form in PHP? I am trying to do so, but I am clueless as to how to structure it.
  4. Do I only have to use Dependency Injection and pass in the instance of the helper class when the function I want to call contains a parameter? I did something similar, but the other function did not contain a parameter. Yet, the call to the function without the parameter went through and the function with the parameter gives me an error. Just trying to make sense of this.
  5. I am having an error here with my code/script. I try and call sanitizeData($data) from functions.php class in createUser.php class. I end up with an expected 'new' T_NEW error. createUser.php file <?php require('dbcon/dbcon.php'); include('fileUpload.php'); include('functions.php'); class createUser { public $functionsClassInstance = new helperFunctions(); public $avatar; public $bio; public $video_count; public $c_status; public $usernameI; public $username; public $password; public $email; public $doc; public $last_logged_in; public function addUser(PDO $pdo) { // add user info to db $avatar = "/soapbox/assets/soap.jpg"; $usernameI = $_POST['username']; $username = $functionsClassInstance->sanitizeData($usernameI); //$username = strip_tags(trim($_POST['username'];)) $password = password_hash($_POST['password'], PASSWORD_DEFAULT); $bio = $_POST['bio']; $email = $_POST['email']; $c_status = 0; date_default_timezone_set('UTC'); $doc = date("Y-m-d h:i:s"); // account date last seen/logged in // add account age $query = $pdo->prepare("INSERT into profiles001 (username, password, email, c_status, bio, doc, avatar) VALUES (:username, :password, :email, :cstat, :bio, :doc, :avatar)"); $query->bindValue(':username', $username); $query->bindValue(':password', $password); $query->bindValue(':email', $email); $query->bindValue(':doc', $doc); $query->bindValue(':bio', $bio); $query->bindValue(':cstat', $c_status); $query->bindValue(':avatar', $avatar); // if user uploads file, add path and file to database and server, if not revert to default. if ($_FILES["avatar"]["error"] == 4) { $query->execute(); } elseif ($_FILES["avatar"]["error"] != 4) { $file = new fileUpload(); $file->processFile(); $avatar = "/soapbox/uploads/" . $_FILES["avatar"]["name"]; $query = $pdo->prepare("INSERT into profiles001 (username, password, email, c_status, bio, doc, avatar) VALUES (:username, :password, :email, :cstat, :bio, :doc, :avatar)"); $query->bindValue(':username', $username); $query->bindValue(':password', $password); $query->bindValue(':email', $email); $query->bindValue(':doc', $doc); $query->bindValue(':bio', $bio); $query->bindValue(':cstat', $c_status); $query->bindValue(':avatar', $avatar); $query->execute(); } // create variables // initialize variables // bind values of variables being entered into database } } // this file is responsible for creating the users ?> functions.php class <?php // Functions are stored here // Any code that is repeated more than once is put into a function to make my life easier // The start of going from procedural to OOP // checks if user is logged in or not, limits access to certain pages in/on site. class helperFunctions { function sanitizeData($data) { strip_tags($data); trim($data); return $data; } } ?>
  6. Yeah, it is loading the /etc/php.ini file.
  7. kicken, sqlite and odbc only show up for the enabled drivers. Well, I can take back my earlier claim of being sure that the extensions were enabled. I do have them installed to my knowledge when taking a look at /etc/php.ini, I see among the many extensions: mysql.so, mysqli.so, pdo.so, pdo_mysql.so, pdo_sqlite.so and pdo_odbc.so
  8. I chose this category as I thought my topic would best fit here. I am running 14.2 Slackware Linux with the latest version of PHP. In the error log, I receive the error: Uncaught PDOException: could not find driver in 'x file path'. I am positive that I have the required extensions and modules installed and enabled. Here is my code for the user.php class where I take the user information and add it to the database: <?php require('dbcon/dbcon.php'); class User { public $avatar; public $bio; public $video_count; public $c_status; public $username; public $password; public $email; public $doc; public $last_logged_in; //if ($_SERVER['REQUEST_METHOD'] == 'POST') { public function addUser(PDO $pdo) { // add user info to db $username = $_POST['username']; $password = password_hash($_POST['password'], PASSWORD_DEFAULT); $bio = $_POST['bio']; $email = $_POST['email']; $c_status = 0; $doc = date("Y-m-d h:i:s"); // account date last seen/logged in // add account age $query = $pdo->prepare("INSERT into profiles001 (username, password, email, c_status, bio, doc) VALUES (:username, :password, :email, :cstat, :bio, :doc)"); $query->bindValue(':username', $username); $query->bindValue(':password', $password); $query->bindValue(':email', $email_address); $query->bindValue(':doc', $doc); $query->bindValue(':bio', $bio); $query->bindValue(':cstat', $c_status); $query->execute(); // create variables // initialize variables // bind values of variables being entered into database } // addUser($pdo); //} // isLoggedIn - checks if user is logged in or not // getUser - returns/gets user??? // avatar // bio // registration date // video count // last logged in // username // email address } ?> Here is my code for the dbcon.php class where the database connection is made: <?php $host = "localhost"; $database = "soapbox"; $username = "drb"; $password = "m1n3craft"; // Create connection try { $pdo = new PDO('mysql:host=localhost;dbname=soapbox;', $username, $password); } catch (PDOExcpetion $e) { print "Error!: " . $e.getMessage() . "<br/>"; die(); } /* Print error message and or code to the screen if there is an error. */ ?> and the code for the confirmation.php class where the data is displayed temporarily: <?php include('header.php'); include('user.php'); require('dbcon/dbcon.php'); //include('functions.php'); if ($_SERVER['REQUEST_METHOD'] == 'POST') { $user = new User(); $user->addUser(); // if username exists do not continue... } ?> <!DOCTYPE html> <html> <head> <title>soapbox - confirmation</title> </head> <br> <?php $username = $_POST['username']; $email = $_POST['email']; $format = "The data provided has been sent to the server and is being inserted into the database. In order to complete the process, %s, we need you to confirm your account. If not confirmed, your account will be deleted a month from the marked registration date. We have sent you an email at %s, the provided email upon registration. Thank you and cheers! - The Staff at Soapbox"; echo sprintf($format, $username, $email); session_destroy(); ?> </body> </html>
  9. An example? Please and thank you!
  10. Sarcastic and cynical. Mmmm...my favorite flavor! What is the difference between my canned messages and using an array to 'save' generated messages? I am the kind of person that needs things further simplified sometimes.
  11. So it is not the same as my array holding defined error messages? I might have an idea of what you mean, but for the most part I do not. How would this help? In my mind, PHP is a language where you are simply manipulating arrays, that's all. At least that is how I interpret it.
  12. mac_gyver, that worked, I am still getting an error, but at least there isn't any of the null business.
  13. The Loaded Configuration File is /etc/php/7.2/apache2/php.ini. Both master and local are 8M. I modified the drb@z10n:/etc/php/7.2/cli path. 😕
  14. ginerjm, I think the form is valid. I will scour the Internet for some similar problems.
  15. Yes, it does. I made a simple mistake and added a semicolon after the variable. For example : echo $a; "<br>";
  16. Okay, well I tried using "." but that did not really seem to work. Thank you for your contribution. I know many of my previous posts may display the behavior "IT'S BROKEN! HELP!", but I am genuinely trying to understand this all.
  17. Apparently there is nothing in the array. Array ( ) And why is a comma used instead of a period in reference to the echo "<pre>",print_r($_POST, true),"</pre>"; line?
  18. If you really want to see the whole code, here it goes. I could do with some better erm...organization/structure? It is such a big script, so I tried to refrain from including it. <?php include('header.php'); require('dbcon/dbcon.php'); include('functions.php'); isLoggedIn(); if ($_SERVER['REQUEST_METHOD'] == 'POST') { // Error declaration $error = ["Your file is too big!", "There was an error uploading your file!", "Cannot upload file of this type!", "Empty fields!"]; // Process POST variables $videoTitle = $_POST['video_title']; $videoDesc = $_POST['textarea-videoDesc']; // Process session variable $username = $_SESSION['username']; // file upload stuff... $file = $_FILES['videoFile']; $fileName = $file['name']; $fileTmpName = $file['tmp_name']; $fileSize = $file['size']; $fileError = $file['error']; $fileType = $file['type']; $fileExt = explode('.', $fileName); $fileActualExt = strtolower(end($fileExt)); $allowed = array('mp4', 'mov', 'mkv'); if (in_array($fileActualExt, $allowed)) { if ($fileError === 0) { if ($fileSize < 2000000) { $fileNameNew = $username . "." . $fileActualExt; $fileDestination = "channel/" . $username . "/videos/" . $fileNameNew; move_uploaded_file($fileTmpName, $fileDestination); } else { echo $error[0]; } } else { echo $error[1]; } } else if (!$allowed) { echo $error[2]; } //////////////////////////////////////////////////////////////////// $thumbnailImageFile = $_FILES['thumbnailImage']; $thumbnailImageName = $_FILES['thumbnailImage']['name']; $thumbnailImageTmpName = $_FILES['thumbnailImage']['tmp_name']; $thumbnailImageSize = $_FILES['thumbnailImage']['size']; $thumbnailImageError = $_FILES['thumbnailImage']['error']; $thumbnailImageType = $_FILES['thumbnailImage']['type']; $thumbnailImageExt = explode('.', $thumbnailImageName); $thumbnailImageActualExt = strtolower(end($thumbnailImageExt)); $allowedThumbnailFileExts = array('png', 'jpg', 'jpeg'); if (in_array($thumbnailImageActualExt, $allowedThumbnailFileExts)) { if ($thumbnailImageError === 0) { if ($thumbnailImageSize < 200000000) { $thumbnailImageNameNew = $username . "thumbnailImage" . uniqid('', true). "." . $thumbnailImageActualExt; $thumbnailImageDestination = 'uploads/thumbnails/' . $thumbnailImageNameNew; move_uploaded_file($thumbnailImageTmpName, $thumbnailImageDestination); } else { echo $error[0]; } } else { echo $error[1]; } } else if (!$allowed) { echo $error[2]; } if (isset($file) && $fileSize != 0 /*&& $thumbnailImageSize != 0*/ && !empty($videoTitle)) { $sql = $pdo->prepare("INSERT into videos001 (uploader, video, thumbnail, video_title, video_desc) VALUES (:username, :fileDestination, :thumbnailImageDestination, :videoTitle, :videoDesc)"); $sql->bindValue(':username', $username); $sql->bindValue(':fileDestination', $fileDestination); $sql->bindValue(':thumbnailImageDestination', $thumbnailImageDestination); $sql->bindValue(':videoTitle', $videoTitle); $sql->bindValue(':videoDesc', $videoDesc); $sql->execute(); header('Location: /soapbox/upload.php?success'); } else { echo $error[3]; var_dump($file, $videoTitle, $videoDesc); } } // end of if server method... // TODO: if there's no thumbnail, do not upload video, let user know to put in a thumbnail ?> <!DOCTYPE html> <html> <head> <title>soapbox - upload</title> </head> <body> <form action="upload.php" method="POST" enctype="multipart/form-data" multiple><br> <p>Video File:</p><input type="file" name="videoFile" id="fileToUpload"><br> <p>Thumbnail Image File: </p><input type="file" name="thumbnailImage"><br> <p>Video Title: </p><input type="text" name="video_title" id="videoTitle" placeholder="Video title"><br> <p>Video Description</p><textarea name="textarea-videoDesc" placeholder="Video description..." rows="7" style="resize: none;"></textarea><br> <br><input type="submit" name="uploadBtn" value="Upload"> </form> </body> </html>
  19. I restarted the Apache2 service. Oh! I am so sorry, I forgot to add in the script, here you go. if (isset($file) && $fileSize != 0 /*&& $thumbnailImageSize != 0*/ && !empty($videoTitle)) { $sql = $pdo->prepare("INSERT into videos001 (uploader, video, thumbnail, video_title, video_desc) VALUES (:username, :fileDestination, :thumbnailImageDestination, :videoTitle, :videoDesc)"); $sql->bindValue(':username', $username); $sql->bindValue(':fileDestination', $fileDestination); $sql->bindValue(':thumbnailImageDestination', $thumbnailImageDestination); $sql->bindValue(':videoTitle', $videoTitle); $sql->bindValue(':videoDesc', $videoDesc); $sql->execute(); header('Location: /soapbox/upload.php?success'); } else { echo $error[3]; var_dump($file, $videoTitle, $videoDesc); }
  20. I am working on a video-hosting site, something akin to YouTube. I converted whatever MySQLi I had to PDO. This piece of particular code is responsible for checking if the fields are filled in; then proceeds to upload the files and inserts data into the database. The code jumps straight to the error I created which is "empty fields". The var_dump prints out as null all the way. I cannot seem to figure out where the problem lies. I would say it could be that the file is not set? I am not quite sure. Here is what the log gives me: [Sat Feb 16 00:19:35.575770 2019] [php7:warn] [pid 16239] [client 127.0.0.1:42504] PHP Warning: POST Content-Length of 12263648 bytes exceeds the limit of 8388608 bytes in Unknown on line 0, referer: http://localhost/soapbox/upload.php [Sat Feb 16 00:19:35.576769 2019] [php7:notice] [pid 16239] [client 127.0.0.1:42504] PHP Notice: Undefined index: video_title in /var/www/html/soapbox/upload.php on line 15, referer: http://localhost/soapbox/upload.php [Sat Feb 16 00:19:35.576805 2019] [php7:notice] [pid 16239] [client 127.0.0.1:42504] PHP Notice: Undefined index: textarea-videoDesc in /var/www/html/soapbox/upload.php on line 16, referer: http://localhost/soapbox/upload.php [Sat Feb 16 00:19:35.576811 2019] [php7:notice] [pid 16239] [client 127.0.0.1:42504] PHP Notice: Undefined index: videoFile in /var/www/html/soapbox/upload.php on line 22, referer: http://localhost/soapbox/upload.php [Sat Feb 16 00:19:35.576829 2019] [php7:notice] [pid 16239] [client 127.0.0.1:42504] PHP Notice: Undefined index: thumbnailImage in /var/www/html/soapbox/upload.php on line 51, referer: http://localhost/soapbox/upload.php [Sat Feb 16 00:19:35.576845 2019] [php7:notice] [pid 16239] [client 127.0.0.1:42504] PHP Notice: Undefined index: thumbnailImage in /var/www/html/soapbox/upload.php on line 52, referer: http://localhost/soapbox/upload.php [Sat Feb 16 00:19:35.576849 2019] [php7:notice] [pid 16239] [client 127.0.0.1:42504] PHP Notice: Undefined index: thumbnailImage in /var/www/html/soapbox/upload.php on line 53, referer: http://localhost/soapbox/upload.php [Sat Feb 16 00:19:35.576854 2019] [php7:notice] [pid 16239] [client 127.0.0.1:42504] PHP Notice: Undefined index: thumbnailImage in /var/www/html/soapbox/upload.php on line 54, referer: http://localhost/soapbox/upload.php [Sat Feb 16 00:19:35.576858 2019] [php7:notice] [pid 16239] [client 127.0.0.1:42504] PHP Notice: Undefined index: thumbnailImage in /var/www/html/soapbox/upload.php on line 55, referer: http://localhost/soapbox/upload.php [Sat Feb 16 00:19:35.576862 2019] [php7:notice] [pid 16239] [client 127.0.0.1:42504] PHP Notice: Undefined index: thumbnailImage in /var/www/html/soapbox/upload.php on line 56, referer: http://localhost/soapbox/upload.php I have changed the allotted sizes in the php.ini file, so that rules out the POST Content-Length problem, I think. Here are the "undefined indexes": $videoTitle = $_POST['video_title']; $videoDesc = $_POST['textarea-videoDesc']; $file = $_FILES['videoFile']; $thumbnailImageName = $_FILES['thumbnailImage']['name']; $thumbnailImageTmpName = $_FILES['thumbnailImage']['tmp_name']; $thumbnailImageSize = $_FILES['thumbnailImage']['size']; $thumbnailImageError = $_FILES['thumbnailImage']['error']; $thumbnailImageType = $_FILES['thumbnailImage']['type']; $thumbnailImageExt = explode('.', $thumbnailImageName); And the corresponding form names to go with them: <form action="upload.php" method="POST" enctype="multipart/form-data" multiple><br> <p>Video File:</p><input type="file" name="videoFile" id="fileToUpload"><br> <p>Thumbnail Image File: </p><input type="file" name="thumbnailImage"><br> <p>Video Title: </p><input type="text" name="video_title" id="videoTitle" placeholder="Video title"><br> <p>Video Description</p><textarea name="textarea-videoDesc" placeholder="Video description..." rows="7" style="resize: none;"></textarea><br> <br><input type="submit" name="uploadBtn" value="Upload"> </form>
  21. Yes, however, that was not really the issue. Not sure if this is the solution I am looking for, but I changed $row == 1 && password_verify($password, $row['password']) to $row['username'] == $username && password_verify($password, $row['password']. But, thank you.
  22. From my understanding it fetches result from or of the array?
  23. Here is what they mysqli version looked like: <?php include('header.php'); require('dbcon/dbcon.php'); // if fields in form are set and submitted, check if user exists and is logged in or not if ($_SERVER['REQUEST_METHOD'] == 'POST') { $username = mysqli_real_escape_string($conn, $_POST['username']); $password = mysqli_real_escape_string($conn, $_POST['password']); $user_query = "SELECT * FROM profile0 WHERE username = '$username'"; $result = mysqli_query($conn, $user_query); $row = mysqli_fetch_assoc($result); // if username and password match, init session and redirect to another page. if (mysqli_num_rows($result) == 1 && password_verify($password, $row['password'])) { $_SESSION['logged_in_user'] = $username; // set to IDnum later on... $_SESSION['username'] = $username; // check if the user is logged in // if so, redirect to main page for logged-in users. if (isset($_SESSION['logged_in_user'])) { $_SESSION['logged_in_user'] = TRUE; header('Location: main.php'); } else { // not logged in, keep on same page... session_destroy(); exit(); } } else if ($username != $row['username'] || $password != $row['password']) { echo "Incorrect username or password."; } } ?>
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.