Jump to content

GingerRobot

Staff Alumni
  • Posts

    4,082
  • Joined

  • Last visited

About GingerRobot

  • Birthday 09/21/1989

Contact Methods

  • Website URL
    http://www.bsmithers.co.uk

Profile Information

  • Gender
    Male
  • Location
    UK

GingerRobot's Achievements

Regular Member

Regular Member (3/5)

1

Reputation

  1. 1.) You seem to have the arguments to in_array() the wrong way around: http://php.net/manual/en/function.in-array.php 2.) Unless this is a simplification, why use in_array() anyway? Surely this would suffice: if($i >= 1 && $i <= 16){ //valid }else{ //invalid }
  2. In general, it looks like you're getting there but you still appear to be missing the braces around the code to be executed only when the form has been submitted. You want to structure your code along the lines of: if(form submitted){ //validate form if(validated){ //Try emailing if(email sent ok){ //Tell user it was successful }else{ //Tell user there was a problem, try again later, alternative contact method etc } }else{ //Tell user there's a problem with their input } } //Display form Indenting your code properly will help to identify the flow of control you want.
  3. Not really sure I understand the question. Do you mean you wish to define the array on one page (load) and use them on another? If so, you should investigate the use of sessions. I'm sure Google can help and there's also a good tutorial on phpfreaks. Edit: Tutorial link: http://www.phpfreaks.com/tutorial/sessions-and-cookies-adding-state-to-a-stateless-protocol
  4. The text inside a textarea goes between <textarea> and </textarea>, not set as a value of the tag. See: http://www.w3schools.com/tags/tag_textarea.asp
  5. You should place the backslash (\) before the character you wish to escape.
  6. This topic has been moved to PHP Regex. http://www.phpfreaks.com/forums/index.php?topic=353729.0
  7. Looks like it, but try making the changes and see what happens
  8. The use of a prepared statement or parameterized query will protect you from SQL injection*. Of course, that doesn't mean that you definitely don't require any other form of input validation. You should still check that the query being executed contains expected values. For example, you would still need to check a value is positive, within some range etc, etc. In other words, the use of parameters or prepared statements avoids the need for separate sanitation (e.g. with mysql_real_escape_string() ), but you shouldn't just forget about validation entirely. *Assuming it has been implemented properly
  9. It looks like you've neglected to include braces around the code you wish to be executed conditionally. The syntax is: if(condition){ //code to execute if the condition is true //more code to execute if the condition is true } Note that if you omit the braces, this is still legal syntax. However, only the single next statement after the if statement will be executed conditionally -- all subsequent code will be execute regardless of the value of the condition. In general, this usually means the next line after the if statement will be conditional. So, for example: if(condition) //This line executed conditionally //This line executed unconditionally Although it is a matter of personal taste and coding convention, many people (including myself) advise against omitting the braces of an if statement even if you do not need them. In general, the braces make the code clearer.
  10. It's not very clear what the problem is. What is that you are trying to do? What is not working? Are you getting any error messages?
  11. Aside from the fact that it would probably be more efficient to do this inside a query (so you don't have to keep re-querying the database!): Why don't you try printing out the result of getContent() each time around the inner loop. This should help you find out why you're getting bogus results.
  12. Edit: kicken beat me to it, but I'd already typed this out so you may as well have it too (our approaches are essentially the same). Personally, my approach would be as follows: 1.) Leave the users table alone 2.) Create a new table, lets say, password_resets, with 3 fields: user id, request_time, uniqueToken. 3.) When someone wishes to reset a password, ask for the email address. 4.) Send the user an email something like: "To reset your password, click this link (or copy/paste): http://example.com/resetpassword?token=307gjhse03a0924njf08u234hjg 5.) Ensure reset password checks that the token was created recently (say, within the last 30 minutes). If so, let the user pick a new password. Note that until step 5 happens, their old password works ok (which is good, as it means someone can't lock you out and if you remember your password you can ignore the reset email). As noted above, this also removes the need for the user to copy/paste a temporary password which adds nothing to security. It also removes any issue with real vs temporary passwords and salting and shouldn't be too tricky to implement. Just make sure the unique token isn't guessable.
  13. It's a little difficult to tell without seeing all of the code, but my suspicion is that you're not resetting your $checked variables as the beginning of each loop iteration. This means that the second time around the loop, one of the $checked variables is already set. For example, try adding $checked1= ""; //repeat To the beginning of the loop.
  14. Another reason for not actually changing a user's password is that they then may not remember to update their password once they log in -- if you force them to via a temporary password/specific link then you don't have this issue. This is both nicer from a user's perspective and more secure; the time frame in which the password/url that was sent in plain text works is definitely limited. I am doing that in essence, except I make them paste in the temporary password. Why? I don't believe this adds any security but it is definitely more frustrating from a users point of view.
  15. You may want to look into Ajax if you're doing anything which requires interaction with something on the server (such as a database)
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.