phreak3r
-
Posts
110 -
Joined
-
Last visited
Posts posted by phreak3r
-
-
I am trying to delete some videos. The videos are echo'd out individually with their own 'delete' input. The input value takes the id of the video, I didn't know of any other work around for that.
I'd like to delete the video that corresponds with the button pressed, if that makes sense. Anyways, I would like to delete the video where the video id is equal to the video id of the input or the value of the input pressed.
I am positive the way I am carrying this out is not correct, as I am thrown an 'index undefined error'.
Here is the disgusting code at hand. Recommendations are appreciated, but please try and keep answers in line with the relevant information given. Thank You.
<?php error_reporting(-1); ini_set('display_errors', 1); ini_set('display_startup_errors', 1); error_reporting(E_ALL); require('dbcon/dbcon.php'); include('header.php'); include('user.php'); $channel_id = $_SESSION['channel_id']; $query = $pdo->prepare("SELECT * FROM videos001 WHERE uploader = :channel_id"); $query->bindValue('channel_id', $_SESSION['channel_id']); $query->execute(); while ($row = $query->fetch(PDO::FETCH_ASSOC)) { $title = $row['video_title']; $video_path = $row['video_path']; $video_id = $row['video_id']; /* - get videos of user - display videos out onto page */ ?> <html> <body> <div class="content"> <form method="post"> <h3><?php echo $title; ?></h3> <input type="button" name="delete" id="delete" value="<?php echo $video_id;?>" onclick="deleteVideo()"> </form> </div> </body> </html> <?php } function removeVideoFromFilesystem(PDO $pdo, $video_path, $video_id) { //chdir($video_path); //unlink($video_id . ".mp3"); $query = $pdo->prepare("DELETE from videos001 where video_id = :video_id"); $query->bindValue(':video_id', $_POST['delete']); $query->execute(); } if (isset($_POST['call_func'])) { removeVideoFromFileSystem($pdo, $video_path, $_POST['delete']); } ?> <html> <head> <script src="https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js"></script> <script> function deleteVideo() { $.ajax({ url: 'dashboard.php', type: 'post', data: {"call_func":"1"}, success: function(response) { console.log(response); } }); } </script> </head> <body><?php print_r($_POST['delete']); ?></body> </html>
-
1 hour ago, requinix said:
You're return;ing inside the loop.
The whole function is actually kinda wrong. Try again. Without a loop.
I ended up copying the function from a StackOverflow answer. I am not familiar with some of the operations used in this function, but I will make an attempt to re-write it.
-
@gw1500se When you upload a video to YouTube it tells you 'uploaded x seconds ago' 'uploaded x minutes ago'. I am trying to implement that feature to display the elapsed time, since each file upload if that makes sense.
-
I wrote a function that grabs the elapsed time of a recently uploaded video. However, the time does not seem to increment. For example, if I upload a video, the time will display as '1 second'.
However, if I continuously refresh the page, the time does not increment or increase. Any way to fix this? I figured I'd have to put it in some kind of loop (I do call the function in another class).
function getElapsedTime($time) { $time = time() - $time; // get time since video upload date $time = ($time < 1) ? 1 : $time; $tokens = array( 31536000 => 'year', 2592000 => 'month', 604800 => 'week', 86400 => 'day', 3600 => 'hour', 60 => 'minute', 1 => 'second' ); foreach ($tokens as $unit => $text) { if ($time < $unit) continue; $numberOfUnits = floor($time / $unit); return $numberOfUnits . ' ' . $text . (($numberOfUnits > 1) ? 's' : ''); } }
-
On 7/29/2019 at 1:41 PM, ginerjm said:
Never sanitize input data? Why on earth would you NOT do that? Hackers can put anything into an input field and your script has to be prepared to handle it or face the consequences. The rule might be 'never alter input'. But for sure you have to sanitize it to avoid damage to your database or whatever your script is doing with the data.
How would you sanitize input without changing or mangling it?
-
Never sanitize input, correct? I had asked the folks over at #php@freenode about that and they suggested I not sanitize input data.
-
How can I go about validating a form in PHP? I am trying to do so, but I am clueless as to how to structure it.
-
Do I only have to use Dependency Injection and pass in the instance of the helper class when the function I want to call contains a parameter? I did something similar, but the other function did not contain a parameter. Yet, the call to the function without the parameter went through and the function with the parameter gives me an error. Just trying to make sense of this.
-
I am having an error here with my code/script. I try and call sanitizeData($data) from functions.php class in createUser.php class. I end up with an expected 'new' T_NEW error.
createUser.php file
<?php require('dbcon/dbcon.php'); include('fileUpload.php'); include('functions.php'); class createUser { public $functionsClassInstance = new helperFunctions(); public $avatar; public $bio; public $video_count; public $c_status; public $usernameI; public $username; public $password; public $email; public $doc; public $last_logged_in; public function addUser(PDO $pdo) { // add user info to db $avatar = "/soapbox/assets/soap.jpg"; $usernameI = $_POST['username']; $username = $functionsClassInstance->sanitizeData($usernameI); //$username = strip_tags(trim($_POST['username'];)) $password = password_hash($_POST['password'], PASSWORD_DEFAULT); $bio = $_POST['bio']; $email = $_POST['email']; $c_status = 0; date_default_timezone_set('UTC'); $doc = date("Y-m-d h:i:s"); // account date last seen/logged in // add account age $query = $pdo->prepare("INSERT into profiles001 (username, password, email, c_status, bio, doc, avatar) VALUES (:username, :password, :email, :cstat, :bio, :doc, :avatar)"); $query->bindValue(':username', $username); $query->bindValue(':password', $password); $query->bindValue(':email', $email); $query->bindValue(':doc', $doc); $query->bindValue(':bio', $bio); $query->bindValue(':cstat', $c_status); $query->bindValue(':avatar', $avatar); // if user uploads file, add path and file to database and server, if not revert to default. if ($_FILES["avatar"]["error"] == 4) { $query->execute(); } elseif ($_FILES["avatar"]["error"] != 4) { $file = new fileUpload(); $file->processFile(); $avatar = "/soapbox/uploads/" . $_FILES["avatar"]["name"]; $query = $pdo->prepare("INSERT into profiles001 (username, password, email, c_status, bio, doc, avatar) VALUES (:username, :password, :email, :cstat, :bio, :doc, :avatar)"); $query->bindValue(':username', $username); $query->bindValue(':password', $password); $query->bindValue(':email', $email); $query->bindValue(':doc', $doc); $query->bindValue(':bio', $bio); $query->bindValue(':cstat', $c_status); $query->bindValue(':avatar', $avatar); $query->execute(); } // create variables // initialize variables // bind values of variables being entered into database } } // this file is responsible for creating the users ?>
functions.php class
<?php // Functions are stored here // Any code that is repeated more than once is put into a function to make my life easier // The start of going from procedural to OOP // checks if user is logged in or not, limits access to certain pages in/on site. class helperFunctions { function sanitizeData($data) { strip_tags($data); trim($data); return $data; } } ?>
-
Yeah, it is loading the /etc/php.ini file.
-
kicken, sqlite and odbc only show up for the enabled drivers. Well, I can take back my earlier claim of being sure that the extensions were enabled. I do have them installed to my knowledge when taking a look at /etc/php.ini, I see among the many extensions: mysql.so, mysqli.so, pdo.so, pdo_mysql.so, pdo_sqlite.so and pdo_odbc.so
-
I chose this category as I thought my topic would best fit here. I am running 14.2 Slackware Linux with the latest version of PHP. In the error log, I receive the error: Uncaught PDOException: could not find driver in 'x file path'. I am positive that I have the required extensions and modules installed and enabled.
Here is my code for the user.php class where I take the user information and add it to the database:
<?php require('dbcon/dbcon.php'); class User { public $avatar; public $bio; public $video_count; public $c_status; public $username; public $password; public $email; public $doc; public $last_logged_in; //if ($_SERVER['REQUEST_METHOD'] == 'POST') { public function addUser(PDO $pdo) { // add user info to db $username = $_POST['username']; $password = password_hash($_POST['password'], PASSWORD_DEFAULT); $bio = $_POST['bio']; $email = $_POST['email']; $c_status = 0; $doc = date("Y-m-d h:i:s"); // account date last seen/logged in // add account age $query = $pdo->prepare("INSERT into profiles001 (username, password, email, c_status, bio, doc) VALUES (:username, :password, :email, :cstat, :bio, :doc)"); $query->bindValue(':username', $username); $query->bindValue(':password', $password); $query->bindValue(':email', $email_address); $query->bindValue(':doc', $doc); $query->bindValue(':bio', $bio); $query->bindValue(':cstat', $c_status); $query->execute(); // create variables // initialize variables // bind values of variables being entered into database } // addUser($pdo); //} // isLoggedIn - checks if user is logged in or not // getUser - returns/gets user??? // avatar // bio // registration date // video count // last logged in // username // email address } ?>
Here is my code for the dbcon.php class where the database connection is made:
<?php $host = "localhost"; $database = "soapbox"; $username = "drb"; $password = "m1n3craft"; // Create connection try { $pdo = new PDO('mysql:host=localhost;dbname=soapbox;', $username, $password); } catch (PDOExcpetion $e) { print "Error!: " . $e.getMessage() . "<br/>"; die(); } /* Print error message and or code to the screen if there is an error. */ ?>
and the code for the confirmation.php class where the data is displayed temporarily:
<?php include('header.php'); include('user.php'); require('dbcon/dbcon.php'); //include('functions.php'); if ($_SERVER['REQUEST_METHOD'] == 'POST') { $user = new User(); $user->addUser(); // if username exists do not continue... } ?> <!DOCTYPE html> <html> <head> <title>soapbox - confirmation</title> </head> <br> <?php $username = $_POST['username']; $email = $_POST['email']; $format = "The data provided has been sent to the server and is being inserted into the database. In order to complete the process, %s, we need you to confirm your account. If not confirmed, your account will be deleted a month from the marked registration date. We have sent you an email at %s, the provided email upon registration. Thank you and cheers! - The Staff at Soapbox"; echo sprintf($format, $username, $email); session_destroy(); ?> </body> </html>
-
An example? Please and thank you!
-
13 hours ago, ginerjm said:
PHP ... simply manipulating arrays? Wow - I would have never thought of that. There is so much much more that one can do with PHP. It is incredible how many extensions/add-ons have been written to complement native PHP that for someone to boil it all down to "manipulating arrays" is hard to fathom.
Glad to see that mac_gyver figured it out for you.
As for how to handle error messages - you tried one way but it's kind of backwards. Instead of storing your set of canned messages use an array to save generated messages. You can do it with just a numeric (default) key that is meaningless or with a named index to help you decide how to output them, but the values will be whatever message you want to eventually output. So - as you go thru your processing and accumulate errors you build/manipulate this array and at the end of your logic test if the array is empty or not and then output it or do whatever you intended to do with the user's input.
Sarcastic and cynical. Mmmm...my favorite flavor!
What is the difference between my canned messages and using an array to 'save' generated messages? I am the kind of person that needs things further simplified sometimes.
-
8 hours ago, mac_gyver said:
your form processing code, after detecting that a post method form was submitted, first needs to detect and handle the condition in item #3 in my list above. you should detect that the $_FILES array is empty and set up an appropriate user error message, than skip trying to process any $_FILES or $_POST data since there isn't any.
you should use an array to hold the validation errors (this is not the same as your array holding the defined error messages.) as you test and validate the submitted data, store the errors into an array variable. this variable then also serves as an error flag. if the array is empty, there are no errors and you can use the submitted data. if the array is not empty, there are errors. to display the errors, you would output the content of this array at the appropriate point in your html document.
So it is not the same as my array holding defined error messages? I might have an idea of what you mean, but for the most part I do not. How would this help? In my mind, PHP is a language where you are simply manipulating arrays, that's all. At least that is how I interpret it.
-
mac_gyver, that worked, I am still getting an error, but at least there isn't any of the null business.
-
The Loaded Configuration File is /etc/php/7.2/apache2/php.ini. Both master and local are 8M. I modified the drb@z10n:/etc/php/7.2/cli path. ?
-
ginerjm, I think the form is valid. I will scour the Internet for some similar problems.
-
1 hour ago, Barand said:
Should work
<?php $a = 'foo'; $b = 'bar'; echo $a, $b, '<br>'; //--> foobar echo $a . $b . '<br>'; //--> foobar ?>
Yes, it does. I made a simple mistake and added a semicolon after the variable. For example : echo $a; "<br>";
-
2 minutes ago, Barand said:
Unlike print() (which allows only a single argument and you would have to use "." to concatenate with that function) echo() will accept several arguments separated by commas. Either will do.
Okay, well I tried using "." but that did not really seem to work. Thank you for your contribution. I know many of my previous posts may display the behavior "IT'S BROKEN! HELP!", but I am genuinely trying to understand this all.
-
Apparently there is nothing in the array.
Array ( )
And why is a comma used instead of a period in reference to the echo "<pre>",print_r($_POST, true),"</pre>"; line?
-
If you really want to see the whole code, here it goes. I could do with some better erm...organization/structure? It is such a big script, so I tried to refrain from including it.
<?php include('header.php'); require('dbcon/dbcon.php'); include('functions.php'); isLoggedIn(); if ($_SERVER['REQUEST_METHOD'] == 'POST') { // Error declaration $error = ["Your file is too big!", "There was an error uploading your file!", "Cannot upload file of this type!", "Empty fields!"]; // Process POST variables $videoTitle = $_POST['video_title']; $videoDesc = $_POST['textarea-videoDesc']; // Process session variable $username = $_SESSION['username']; // file upload stuff... $file = $_FILES['videoFile']; $fileName = $file['name']; $fileTmpName = $file['tmp_name']; $fileSize = $file['size']; $fileError = $file['error']; $fileType = $file['type']; $fileExt = explode('.', $fileName); $fileActualExt = strtolower(end($fileExt)); $allowed = array('mp4', 'mov', 'mkv'); if (in_array($fileActualExt, $allowed)) { if ($fileError === 0) { if ($fileSize < 2000000) { $fileNameNew = $username . "." . $fileActualExt; $fileDestination = "channel/" . $username . "/videos/" . $fileNameNew; move_uploaded_file($fileTmpName, $fileDestination); } else { echo $error[0]; } } else { echo $error[1]; } } else if (!$allowed) { echo $error[2]; } //////////////////////////////////////////////////////////////////// $thumbnailImageFile = $_FILES['thumbnailImage']; $thumbnailImageName = $_FILES['thumbnailImage']['name']; $thumbnailImageTmpName = $_FILES['thumbnailImage']['tmp_name']; $thumbnailImageSize = $_FILES['thumbnailImage']['size']; $thumbnailImageError = $_FILES['thumbnailImage']['error']; $thumbnailImageType = $_FILES['thumbnailImage']['type']; $thumbnailImageExt = explode('.', $thumbnailImageName); $thumbnailImageActualExt = strtolower(end($thumbnailImageExt)); $allowedThumbnailFileExts = array('png', 'jpg', 'jpeg'); if (in_array($thumbnailImageActualExt, $allowedThumbnailFileExts)) { if ($thumbnailImageError === 0) { if ($thumbnailImageSize < 200000000) { $thumbnailImageNameNew = $username . "thumbnailImage" . uniqid('', true). "." . $thumbnailImageActualExt; $thumbnailImageDestination = 'uploads/thumbnails/' . $thumbnailImageNameNew; move_uploaded_file($thumbnailImageTmpName, $thumbnailImageDestination); } else { echo $error[0]; } } else { echo $error[1]; } } else if (!$allowed) { echo $error[2]; } if (isset($file) && $fileSize != 0 /*&& $thumbnailImageSize != 0*/ && !empty($videoTitle)) { $sql = $pdo->prepare("INSERT into videos001 (uploader, video, thumbnail, video_title, video_desc) VALUES (:username, :fileDestination, :thumbnailImageDestination, :videoTitle, :videoDesc)"); $sql->bindValue(':username', $username); $sql->bindValue(':fileDestination', $fileDestination); $sql->bindValue(':thumbnailImageDestination', $thumbnailImageDestination); $sql->bindValue(':videoTitle', $videoTitle); $sql->bindValue(':videoDesc', $videoDesc); $sql->execute(); header('Location: /soapbox/upload.php?success'); } else { echo $error[3]; var_dump($file, $videoTitle, $videoDesc); } } // end of if server method... // TODO: if there's no thumbnail, do not upload video, let user know to put in a thumbnail ?> <!DOCTYPE html> <html> <head> <title>soapbox - upload</title> </head> <body> <form action="upload.php" method="POST" enctype="multipart/form-data" multiple><br> <p>Video File:</p><input type="file" name="videoFile" id="fileToUpload"><br> <p>Thumbnail Image File: </p><input type="file" name="thumbnailImage"><br> <p>Video Title: </p><input type="text" name="video_title" id="videoTitle" placeholder="Video title"><br> <p>Video Description</p><textarea name="textarea-videoDesc" placeholder="Video description..." rows="7" style="resize: none;"></textarea><br> <br><input type="submit" name="uploadBtn" value="Upload"> </form> </body> </html>
-
8 hours ago, requinix said:
Did you restart Apache/nginx/PHP so the change takes effect?
I restarted the Apache2 service.
4 hours ago, ginerjm said:You showed us two separate blocks of code. What is there physical relationship in this script? Does the first block get executed when the second has not been run yet? Do you actually confirm that you have a post array at some point?
Oh! I am so sorry, I forgot to add in the script, here you go.
if (isset($file) && $fileSize != 0 /*&& $thumbnailImageSize != 0*/ && !empty($videoTitle)) { $sql = $pdo->prepare("INSERT into videos001 (uploader, video, thumbnail, video_title, video_desc) VALUES (:username, :fileDestination, :thumbnailImageDestination, :videoTitle, :videoDesc)"); $sql->bindValue(':username', $username); $sql->bindValue(':fileDestination', $fileDestination); $sql->bindValue(':thumbnailImageDestination', $thumbnailImageDestination); $sql->bindValue(':videoTitle', $videoTitle); $sql->bindValue(':videoDesc', $videoDesc); $sql->execute(); header('Location: /soapbox/upload.php?success'); } else { echo $error[3]; var_dump($file, $videoTitle, $videoDesc); }
-
I am working on a video-hosting site, something akin to YouTube. I converted whatever MySQLi I had to PDO. This piece of particular code is responsible for checking if the fields are filled in; then proceeds to upload the files and inserts data into the database. The code jumps straight to the error I created which is "empty fields". The var_dump prints out as null all the way. I cannot seem to figure out where the problem lies. I would say it could be that the file is not set? I am not quite sure. Here is what the log gives me:
[Sat Feb 16 00:19:35.575770 2019] [php7:warn] [pid 16239] [client 127.0.0.1:42504] PHP Warning: POST Content-Length of 12263648 bytes exceeds the limit of 8388608 bytes in Unknown on line 0, referer: http://localhost/soapbox/upload.php [Sat Feb 16 00:19:35.576769 2019] [php7:notice] [pid 16239] [client 127.0.0.1:42504] PHP Notice: Undefined index: video_title in /var/www/html/soapbox/upload.php on line 15, referer: http://localhost/soapbox/upload.php [Sat Feb 16 00:19:35.576805 2019] [php7:notice] [pid 16239] [client 127.0.0.1:42504] PHP Notice: Undefined index: textarea-videoDesc in /var/www/html/soapbox/upload.php on line 16, referer: http://localhost/soapbox/upload.php [Sat Feb 16 00:19:35.576811 2019] [php7:notice] [pid 16239] [client 127.0.0.1:42504] PHP Notice: Undefined index: videoFile in /var/www/html/soapbox/upload.php on line 22, referer: http://localhost/soapbox/upload.php [Sat Feb 16 00:19:35.576829 2019] [php7:notice] [pid 16239] [client 127.0.0.1:42504] PHP Notice: Undefined index: thumbnailImage in /var/www/html/soapbox/upload.php on line 51, referer: http://localhost/soapbox/upload.php [Sat Feb 16 00:19:35.576845 2019] [php7:notice] [pid 16239] [client 127.0.0.1:42504] PHP Notice: Undefined index: thumbnailImage in /var/www/html/soapbox/upload.php on line 52, referer: http://localhost/soapbox/upload.php [Sat Feb 16 00:19:35.576849 2019] [php7:notice] [pid 16239] [client 127.0.0.1:42504] PHP Notice: Undefined index: thumbnailImage in /var/www/html/soapbox/upload.php on line 53, referer: http://localhost/soapbox/upload.php [Sat Feb 16 00:19:35.576854 2019] [php7:notice] [pid 16239] [client 127.0.0.1:42504] PHP Notice: Undefined index: thumbnailImage in /var/www/html/soapbox/upload.php on line 54, referer: http://localhost/soapbox/upload.php [Sat Feb 16 00:19:35.576858 2019] [php7:notice] [pid 16239] [client 127.0.0.1:42504] PHP Notice: Undefined index: thumbnailImage in /var/www/html/soapbox/upload.php on line 55, referer: http://localhost/soapbox/upload.php [Sat Feb 16 00:19:35.576862 2019] [php7:notice] [pid 16239] [client 127.0.0.1:42504] PHP Notice: Undefined index: thumbnailImage in /var/www/html/soapbox/upload.php on line 56, referer: http://localhost/soapbox/upload.php
I have changed the allotted sizes in the php.ini file, so that rules out the POST Content-Length problem, I think.
Here are the "undefined indexes":
$videoTitle = $_POST['video_title']; $videoDesc = $_POST['textarea-videoDesc']; $file = $_FILES['videoFile']; $thumbnailImageName = $_FILES['thumbnailImage']['name']; $thumbnailImageTmpName = $_FILES['thumbnailImage']['tmp_name']; $thumbnailImageSize = $_FILES['thumbnailImage']['size']; $thumbnailImageError = $_FILES['thumbnailImage']['error']; $thumbnailImageType = $_FILES['thumbnailImage']['type']; $thumbnailImageExt = explode('.', $thumbnailImageName);
And the corresponding form names to go with them:
<form action="upload.php" method="POST" enctype="multipart/form-data" multiple><br> <p>Video File:</p><input type="file" name="videoFile" id="fileToUpload"><br> <p>Thumbnail Image File: </p><input type="file" name="thumbnailImage"><br> <p>Video Title: </p><input type="text" name="video_title" id="videoTitle" placeholder="Video title"><br> <p>Video Description</p><textarea name="textarea-videoDesc" placeholder="Video description..." rows="7" style="resize: none;"></textarea><br> <br><input type="submit" name="uploadBtn" value="Upload"> </form>
Undefined Index Error
in PHP Coding Help
Posted
@requinix I'm going to use as many tags as I need to. When I figure out a way to not have to use more than one I will eliminate one of the two.
I didn't know inline event handlers were already outdated, I don't follow the corporation or industry standards.
I guess I'll just figure it out. Thanks for the response though.