jodunno
-
Posts
293 -
Joined
-
Last visited
-
Days Won
5
Everything posted by jodunno
-
what are you talking about? noone here is being nasty or has been nasty to you. I think that you are overreacting. I read parts of this thread and i saw a suggestion by Barand to add a parameter to your function named pdo and that you have failed to pass the connection to the function which requires it. How is pointing it out to you equate to a 'bloddy nose'? well, I am not a professional programmer (hobby for me) and i am not secretly pals with anyone here. However, you are wrong about finding a better forum. This forum has some of the nicest and most experienced pros. You will be missing out on pro help. You should give your pride a bloody nose and learn how to play nice with others. I do not see a reason for you to be nasty. you may not thank Barand for his time and expertise, so i will do it for you: Thanks, Barand. Meantime, i hope that your code is working and i wish you good luck in your lesser forum.
-
hey that is an excellent and time saving tip! I also did not know that php has this old friend from cpp. php is just a hobby for me. I don't have alot of time to invest. Now i have a new tool in my toolbox. I will play this over the weekend., haha. so you could drop the padding in my example and replace it with a better idea: <?php /* php 8.2 compatible */ $delimiter = 2; /* tens (01-99) */ if (empty($_GET['selectWeek']) || preg_match("/^[0-9]{1,$delimiter}+$/", $_GET['selectWeek']) === 0) { $gwetWK = '1'; } else { $gwetWK = intval($_GET['selectWeek']); } /* ltrim as a zero stripper: $gwetWK = ltrim($_GET['selectWeek'], '0'); */ $leapYear = false; /* set to true for 53 weeks */ $weeks = ['Weeks', $leapYear ? '53' : '52']; /* arrays are only used to store a label, title, caption text et cetera plus number. can be dynamic with db names */ $thisWeek = ['This Week', $gwetWK > $weeks[1] ? $gwetWK = $weeks[1] : $gwetWK]; $lastWeek = ['Previous Week', $thisWeek[1] - 1 < 1 ? '1' : $thisWeek[1] - 1]; $nextWeek = ['Next Week', $thisWeek[1] + 1 > $weeks[1] ? $weeks[1] : $thisWeek[1] + 1]; echo '<html>' . "\r\n"; echo '<head>' . "\r\n"; echo ' <title>' . $thisWeek[0] . ' = w' . $thisWeek[1] . '</title>' . "\r\n"; echo ' <style>' . "\r\n"; echo ' body { font-family: "Arial", "Helvetica", "Chicago", sans-serif; font-size: 16px; }' . "\r\n"; echo ' .centered { text-align: center; }' . "\r\n"; echo ' ul { margin: 0px 0px; padding: 0px 0px; }' . "\r\n"; echo ' li { list-style-type: none; }' . "\r\n"; echo ' .wbuttons { background: #a0a0ac; border-radius: 4px; border: solid 1px #808080; color: #f8f8f8; }' . "\r\n"; echo ' .nounderline { text-decoration: none; }' . "\r\n"; echo ' .inlineblock { display: inline-block; }' . "\r\n"; echo ' .padding8 { padding: 8px 8px; }' . "\r\n"; echo ' .border1 { border: solid 1px #ccccff; }' . "\r\n"; echo ' .bgsnow { background: #f8f8f8; }' . "\r\n"; echo ' .embolden { font-weight: bold; }' . "\r\n"; echo ' </style>' . "\r\n"; echo '</head>' . "\r\n"; echo '<body>' . "\r\n"; echo "\r\n"; echo ' <div class="centered"><ul class="inlineblock">' . "\r\n"; echo ' <li class="inlineblock padding8 embolden"><a class="nounderline" title="Week 01" href="http://localhost/test/int/?selectWeek=01"><<</a></li>' . "\r\n"; echo ' <li class="inlineblock padding8 embolden"><a class="wbuttons nounderline padding8" title="' . $lastWeek[0] . '" href="http://localhost/test/int/?selectWeek=' . $lastWeek[1] . '">' . sprintf('w%02d', $lastWeek[1]) . '</a></li>' . "\r\n"; echo ' <li class="inlineblock padding8 embolden"><span title="' . $thisWeek[0] . '" class="padding8 border1 bgsnow">' . sprintf('w%02d', $thisWeek[1]) . '</span></li>' . "\r\n"; echo ' <li class="inlineblock padding8 embolden"><a class="wbuttons nounderline padding8" title="' . $nextWeek[0] . '" href="http://localhost/test/int/?selectWeek=' . $nextWeek[1] . '">' . sprintf('w%02d', $nextWeek[1]) . '</a></li>' . "\r\n"; echo ' <li class="inlineblock padding8 embolden"><a class="nounderline" title="Week ' . $weeks[1] . '" href="http://localhost/test/int/?selectWeek=' . $weeks[1] . '">>></a></li>' . "\r\n"; echo ' </ul></div>' . "\r\n"; /* why add a w to the number? week is implied: 'selectWeek' */ echo '</body>' . "\r\n"; echo '</html> be sure to Thank Kicken for the tip. I hope that you can get your code working. Let usknow how it goes...
-
that is what ltrim(, 'w0') will do: trim the w0 from the string. I'm confused reading this post. What are you trying to do with w? PHP should not be used to format an output string anywhere other than the point of output. I recommend dropping any w (which, i guess represents week. And week is implied so no need to insult a users intelligence by adding a w to the number.) I have spent some time to code an example of previous and next query string based pages using only php. I also added a 'w' at the point of output. Perhaps you can find the problem in your code by analyzing my code. If you want numbers to be padded, then pad them. If you want to work with annual data, then try to remember leap years. Also, writing scalable code is better, so we add a decimal places variable (tens, hundreds, thousands, etc.), then the code can be changed accordingly. Maybe my script will be of use to you. <?php /* php 8.2 compatible */ $delimiter = 2; /* tens (01-09) */ if (empty($_GET['selectWeek']) || preg_match("/^[0-9]{1,$delimiter}+$/", $_GET['selectWeek']) === 0) { $gwetWK = '1'; } else { $gwetWK = intval($_GET['selectWeek']); } /* ltrim as a zero stripper: $gwetWK = ltrim($_GET['selectWeek'], '0'); */ $leapYear = false; /* set to true for 53 weeks */ $weeks = ['Weeks', $leapYear ? '53' : '52']; $thisWeek = ['This Week', $gwetWK]; $thisWeek[1] = $thisWeek[1] > $weeks[1] ? $thisWeek[1] = $weeks[1] : $thisWeek[1]; $lastWeek = ['Previous Week', $thisWeek[1] - 1 < 1 ? '1' : $thisWeek[1] - 1]; $nextWeek = ['Next Week', $thisWeek[1] + 1 > $weeks[1] ? $weeks[1] : $thisWeek[1] + 1]; $thisWeek[1] = str_pad(strval($thisWeek[1]), $delimiter, '0', STR_PAD_LEFT); $lastWeek[1] = str_pad(strval($lastWeek[1]), $delimiter, '0', STR_PAD_LEFT); $nextWeek[1] = str_pad(strval($nextWeek[1]), $delimiter, '0', STR_PAD_LEFT); echo '<html>' . "\r\n"; echo '<head>' . "\r\n"; echo ' <title>' . $thisWeek[0] . ' = w' . $thisWeek[1] . '</title>' . "\r\n"; echo ' <style>' . "\r\n"; echo ' body { font-family: "Arial", "Helvetica", "Chicago", sans-serif; font-size: 16px; }' . "\r\n"; echo ' .centered { text-align: center; }' . "\r\n"; echo ' ul { margin: 0px 0px; padding: 0px 0px; }' . "\r\n"; echo ' li { list-style-type: none; }' . "\r\n"; echo ' .wbuttons { background: #a0a0ac; border-radius: 4px; border: solid 1px #808080; color: #f8f8f8; }' . "\r\n"; echo ' .nounderline { text-decoration: none; }' . "\r\n"; echo ' .inlineblock { display: inline-block; }' . "\r\n"; echo ' .padding8 { padding: 8px 8px; }' . "\r\n"; echo ' .border1 { border: solid 1px #ccccff; }' . "\r\n"; echo ' .bgsnow { background: #f8f8f8; }' . "\r\n"; echo ' .embolden { font-weight: bold; }' . "\r\n"; echo ' </style>' . "\r\n"; echo '</head>' . "\r\n"; echo '<body>' . "\r\n"; echo "\r\n"; echo ' <div class="centered"><ul class="inlineblock">' . "\r\n"; echo ' <li class="inlineblock padding8 embolden"><a class="nounderline" title="Week 01" href="http://localhost/test/int/?selectWeek=01"><<</a></li>' . "\r\n"; echo ' <li class="inlineblock padding8 embolden"><a class="wbuttons nounderline padding8" title="' . $lastWeek[0] . '" href="http://localhost/test/int/?selectWeek=' . $lastWeek[1] . '">w' . $lastWeek[1] . '</a></li>' . "\r\n"; echo ' <li class="inlineblock padding8 embolden"><span title="' . $thisWeek[0] . '" class="padding8 border1 bgsnow">w' . $thisWeek[1] . '</span></li>' . "\r\n"; echo ' <li class="inlineblock padding8 embolden"><a class="wbuttons nounderline padding8" title="' . $nextWeek[0] . '" href="http://localhost/test/int/?selectWeek=' . $nextWeek[1] . '">w' . $nextWeek[1] . '</a></li>' . "\r\n"; echo ' <li class="inlineblock padding8 embolden"><a class="nounderline" title="Week ' . $weeks[1] . '" href="http://localhost/test/int/?selectWeek=' . $weeks[1] . '">>></a></li>' . "\r\n"; echo ' </ul></div>' . "\r\n"; /* why add a w to the number? week is implied: 'selectWeek' */ echo '</body>' . "\r\n"; echo '</html>
-
$Result = Contracts($conn); $MyRow = $Result->fetch(); echo "Value = " . $MyRow['Venue']; function Contracts($conn) { $qList = $conn->query("SELECT * FROM EC_event WHERE ID = 2"); return $qList; } ?> Yet, you declare the function after it is called (!). $pdo, as implemented and mentioned by Barand, is just the name of the parameter (local scope) in his example. He obviously means pass the approprate $conn data to the function where the segregated database code resides. Which reminds me, i do not see a need to use a function at all. Functions should only be used for mathematics, algorithms and subroutines (but php devs stupidly ignore subroutines as a built-in programmatc validity subroutine() {}. cube a number in a function is good. echo the string from my class file is horrible, use echo.) I propose that you remove the unnecessary function. I see no parameters that are used to dynamiclly change the query for different needs or requirements (subroutine like usage). I do not think that the php version number is a problem here. It seems like functions, function parameters and the proper usage of functions is a problem. Please stop trying to blame Barand for your problems. He is trying to help you.
-
Hello, i am just wondering why you do not experiment with pdo, a better database design and modern html/css concepts? I see a table and i wonder why you think that you need to use a table at all. I have attached a code example of a similar 'table' using div tags and a second one using a list. I recommend dropping the tables and moving to css. Also, try to learn reusable css design. <!DOCTYPE html> <html> <head> <title></title> <style> div { position: relative; margin: 0px 0px; padding: 0px 0px; box-sizing: content-box; } ul { position: relative; margin: 0px 0px; padding: 0px 0px; } li { list-style-type: none; position: relative; margin: 0px 0px; padding: 0px 0px; } .inlineBlock { display: inline-block; } .centered { text-align: center; } .valignmiddle { vertical-align: middle; } .pad10 { padding: 10px 10px; } .border2dc { border: solid 2px #dcdcdc; } .sans-serif { font-family: "Verdana", "Arial", "Helvetica", sans-serif; } .ccccff { color: #ccccff; } .000000 { color: #000000; } .embolden { font-weight: bold; } img.cellImage { display: inline-block; width: 50px; height: 50px; } </style> </head> <body> <div class="centered"> <div class="inlineBlock border2dc valignmiddle"> <div class="inlineBlock pad10 valignmiddle border2dc"><img class="cellImage" src="'.$imglink.'"></div> <div class="inlineBlock pad10 valignmiddle border2dc sans-serif embolden ccccff">$row["comment"]</div> </div> </div> <br> <ul class="centered"> <li class="inlineBlock pad10 valignmiddle border2dc"><img class="cellImage" src="'.$imglink.'"></li> <li class="inlineBlock pad10 valignmiddle border2dc sans-serif embolden ccccff">$row["comment"]</li> </ul> </body> </html>
-
functional programming wih a few special terms that only work in classes, id est, this. Have a closer look. If you cannot see it then you are an idiot and an idiot trying to convince others to be an idiot in your likeness. Functional programming. And it is not my problem you cannot remember to include or require a file. LOL. <?php declare (strict_types = 1); Namespace SpyderEyes; // because Reflection Class exists. function Reflection($My_Class) { if (!is_array($My_Class) || count($My_Class) !== 2) { return 'error'; } $My_Constructor = $My_Class[0]; $Private_Function = $My_Class[1]; if (!is_string($My_Constructor) || !is_string($Private_Function)/*.*/) { return 'error'; } if (!in_array($Private_Function, ['TEST_shine','TEST_dust'], true)/*.*/) { return 'error'; } $TEST_shine = function(string $TEST_mirror = '') { //if (empty($_SESSION['SpyderEyes']['PrivateFunctionKey'])/*.*/) { return 'private function is inaccessible'; } return $TEST_mirror ? $TEST_mirror : 'empty'; }; //function TEST_dust(string $TEST_mirror = '') { $TEST_dust = function(string $TEST_mirror = '') { //if (empty($_SESSION['SpyderEyes']['PrivateFunctionKey'])/*.*/) { return 'private function is inaccessible'; } return $TEST_mirror ? bin2hex(base64_encode($TEST_mirror)) : 'undusted'; }; return (${$Private_Function})($My_Constructor); } $New_Reflection1 = Reflection(['Mirror, Mirror, on the wall', 'TEST_shine']); $New_Reflection2 = Reflection(['Mirror, Mirror, on the wall', 'TEST_dust']); echo '<p>' . $New_Reflection1 . '</p>' . PHP_EOL; echo '<p>' . $New_Reflection2 . '</p>' . PHP_EOL; ?> by the way, stop worrying about the 99percent, of which you are included. The 1percent hacks top Tech companies and kicken, requinix and jodunno combined are not a threat to the 1percent. You know doggone well that you cannot change my session code from the client, so stop leaking noetic venom. You only influence others to learn poor coding skills. Have a look at old php books (4 and 5) and see why hacking has wreaked havoc. You must have written one of those books 0.0 In any event, i always appreciate the tips, opinions, and any help. Thanks for taking time to read and reply. I am not on the class bandwagon at this time. I am going to continue with my spaghetti code. Also, Kicken, your 'cleaned up code' looks good actually but does nothing to control php devs wild lets throw errors for every reason approach to a language. I'd rather make functions and control the code myself. Best wishes, John.
-
where is the code examples? kicken up dust. I'm happy with my current code. But it all seems like functional programming in a wrapper called a class that just reinvents the wheel imo. Not seeing the benefits yet on the server-side scripting aspect of the www. Meantime, i'll try to find new ways to keep the code in my control without throwing exceptions for a minor nuisance. <?php declare (strict_types = 1); Namespace SpyderEyes; // because Reflection Class exists. class Reflection { protected $TEST_mirror; function __construct($TEST_shine) { //notice the word <i>function</i>. a <i>return</i> is valid within a function. $this->TEST_mirror = $TEST_shine; } function TEST_shine() { if (empty($_SESSION['SpyderEyes']['PrivateFunctionKey'])/*.*/) { return 'private function is inaccessible'; } if (!is_string($this->TEST_mirror)) { return 'error'; } return $this->TEST_mirror ? $this->TEST_mirror : 'empty'; } function TEST_dust() { if (empty($_SESSION['SpyderEyes']['PrivateFunctionKey'])/*.*/) { return 'private function is inaccessible'; } if (!is_string($this->TEST_mirror)) { return 'error'; } return $this->TEST_mirror ? bin2hex(base64_encode($this->TEST_mirror)) : 'undusted'; } } $TEST_reflector = new Reflection('Mirror, Mirror, on the wall'); echo '<p>' . $TEST_reflector->TEST_shine() . '</p>' . PHP_EOL; echo '<p>' . $TEST_reflector->TEST_dust() . '</p>' . PHP_EOL; ?> i also created a private function without specifying it within the class. no key, no code. unset when finished. i go to bed now and play more tomorrow. Best wishes, from John.
-
seeking Class error handling examples not more whining. I'm fed up and seeking examples. Newbie tutorials are offensive. I am currently taking my first (baby) steps into PHP OOP. I have a read about classes and i've tested a class file with a construct and functions. Once again, php devs make interject like whining babies over minor problems that a dev can handle with code. Agressive error handling within classes is the scope of my aim here. I have to ask what are pro(fessional) php coders doing about errors in classes? do you not notice how php lays an egg and just shuts down your website to show an error that a developer can handle with proper coding. Hey, php devs: if !is_string(). I can do it myself. No need for an exaggerated bsod. Anyway, i have found a few tricks that stop this from happening. 1. return false from an if statement in the construct but a property declaration is necessary. 2. return error in the functions when data is a mismatch and return a null coalesce jic (Just incase) php forgets its place. so far, i am happy with the results. I want to know what others are doing to prevent all errors other than fatal. I cannot find examples of error handling in classes. I am amazed that i cannot find anything to guide me along. Maybe i am not typing the right phrase. Anyone have examples of stopping baby whining about minor errros? Have a look at my error thwarting attempts. Have better code? a link to better examples? <?php declare (strict_types = 1); Namespace SpyderEyes; // because Reflection Class exists. class Reflection { protected $TEST_mirror; public function __construct($TEST_shine) { if (!is_string($TEST_shine)/*.*/) { return false; } $this->TEST_mirror = $TEST_shine; } public function TEST_shine(): string { if (!is_string($this->TEST_mirror)) { return 'error'; } return $this->TEST_mirror ? $this->TEST_mirror : 'empty'; } public function TEST_dust(): string { if (!is_string($this->TEST_mirror)) { return 'error'; } return $this->TEST_mirror ? bin2hex(base64_encode($this->TEST_mirror)) : 'undusted'; } } $TEST_reflector = new Reflection(['Mirror, Mirror on the Wall', 'exit']); echo '<p>' . $TEST_reflector->TEST_shine() . '</p>' . PHP_EOL; echo '<p>' . $TEST_reflector->TEST_dust() . '</p>' . PHP_EOL; ?> I wonder if php devs forgot about if !is_string. LOL Best wishes, John
-
<?php session_start(); include_once "configure.php"; if (!isset($_SESSION['id'])){ header("location: login.php"); }else{ so why include the db config file if the user is a visitor? why use an else clause when the page is by now redirected (if exit is used)? and again, what kicken typed to you regarding the use of exit. i recommend installing xampp on a personal computer and recoding your website and database to version 2.0. You have alot to learn, young Jedi. Best wishes, John
-
Hello again, I have tried to help you for a few hours yesterday. I am not a php specialist and my database skills are kindergarten level, so i advise you to follow the lead of the specialists in the forum, such as gizmola. Barand is also a db wizard. Requinix is just awesome in my opinion. Not trying to leave anyone out because we have access to many skilled coders here that post tips and code regularly. You don't have to build your program with someone elses design but you should definitely follow leads and correct code that isn't working or is insecure et cetera. Obviously, the session variables are not set. You know that because a simple isset check redirection always redirects you (the 'is not set' is true). I cannot see how you are associating a switch with a user in the first place. When a user logs in, how do you handle this action? you check the db for a password where username/email matches a form post named username/email. Password verify the password, then a user is logged in. Now what do you do? If you need user associated data then you must associate this data with the user at login. An id column is usually how coders IDentify a user. So the session should have a $_SESSION['id'] set at login (identify the logged in user). Then your switch query would be 'SELECT switch FROM sale WHERE id ='. you have to complete the WHERE id = part. An example using pdo with a session variable loaded into the session at user login verification: $varSESSIONid = $_SESSION['id']; $servername = '127.0.0.1'; $username = ''; $password = ''; $dbname = ''; $att = array( PDO::ATTR_EMULATE_PREPARES => false, PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC ); // adjust the charset to whatever you have implemented $conn = new PDO("mysql:host=$servername; dbname=$dbname; charset=utf8mb4", $username, $password, $att); $sql = 'SELECT switch FROM sale WHERE id = :sessionID'; $req = $conn->prepare($sql); $req->execute(array(':sessionID' => $varSESSIONid)); $row = $req->fetch(); $_SESSION['salecheck'] = $row['switch']; then you would have the switch associated with the logged in user ($_SESSION['id'], if this is what you are doing with id). once you fix your database problems, your switch will be working. You can see that the following code works by simply uncommenting/commenting the various arrays in a development server such as xampp. <?php declare (strict_types = 1); // this is a switch.php page example // you also need a nosale.php file and a sale.php to test this code (array) $_FakeSESSION = ['id' => 1, 'salecheck'=> 1]; //(array) $_FakeSESSION = ['id' => 1, 'salecheck'=> 0]; //(array) $_FakeSESSION = ['id' => 1, 'salecheck'=> true]; //(array) $_FakeSESSION = ['id' => 1, 'salecheck'=> false]; if (!isset($_FakeSESSION['id'])/*.*/) { // change the isset variable to $_SESSION['id'] when you fix your db/session issues echo 'visitor page view'; exit; } require_once empty($_FakeSESSION['salecheck']) ? 'nosale.php' : 'sale.php'; // change the empty variable to $_SESSION['salecheck'] when you fix your db/session issues // the switch will work when the database code is adjusted. I suggest that you repair your database and the code that is associated with the login script. You need a user id and you need to use that id to query id specific data from the db. Best wishes.
-
as long as you are getting values from the db and assigning those values to the session, then this shouldn't be a problem. session_start is used and the data in the session should be accessible. Try to change the logic. By testing for a user id, we have to separate a visitor from a user, which we are not doing. We also have to separate a user into sale and nosale page, so more than one condition is required (especially to separate visitors from users.) <?php session_start(); include_once "config.php"; //and be certain that the session variables are set in this file if (!isset($_SESSION['id'])/*.*/) { //then we have a vistor, which should not see a yes or no page? header('Location: /'); //go to root page or wherever they should be in your design exit; } if (empty($_SESSION['salecheck'])/*.*/) { //then we have a user, which should see a nosale page header('Location: nosale.php'); //go to root page or wherever they should be in your design exit; } //then we have a user, which should not see a yes page echo 'this is the YES page view.'; ?> if this is not working then something else is breaking. Try to echo session variables to see that they exist and what are their values if they exist. How are you checking these values as they are assigned to a user? $sql = "SELECT id, switch FROM sale" where username = what? i do not see this information. Therefore, i assume that the session variables do not exist. where is this login code? are you certain that you have set ALL of the necessary data before you present to us this problem? look it over. think about it.
-
gizmola has mentioned a better method for you to follow. using an empty value for a no is complicating the matter. true or false would be a better road. In the meantime, based upon your last post, then we need to change the logic to accomodate a not yes value (as long as the session salecheck exists.) if (!isset($_SESSION['id']) || isset($_SESSION['salecheck']) && $_SESSION['salecheck'] !== 'yes') { header('Location: nosale.php'); exit; }
-
we started with on.php and off.php then we got to nosale.php. we started with off or on values, switched to yes or no values and now true or false. we need consistency to find the problem. select a value for salecheck session variable and maintain it until you resolve the issue. we should check the value of the session variable to learn more. Perhaps the variable is not being set in your db code. Somewhere you need to set the value in the session from the db. Let's revisit your db code and the row to the session variable: <?php $servername = "localhost"; $username = "removed for posting"; $password = "removed for posting"; $dbname = "removed for posting"; // Create connection $conn = new mysqli($servername, $username, $password, $dbname); // Check connection if ($conn->connect_error) { die("Connection failed: " . $conn->connect_error); } $sql = "SELECT id, switch FROM sale"; $result = $conn->query($sql); $row = $result->fetch_assoc(); $_SESSION['salecheck'] = $row['switch']; $conn->close(); ?> now try the following code to test the session variable <?php session_start(); include_once "config.php"; if (isset($_SESSION['id'])){ if (!empty($_SESSION['salecheck'])/*.*/) { echo $_SESSION['salecheck']; } echo '<p>this is the yes page.</p>'; } else { header("location: nosale.php"); exit; } ?> once you have the session variable working and settle on a value, then my earlier code should work. <?php session_start(); if (!isset($_SESSION['id']) || !empty($_SESSION['salecheck']) && $_SESSION['salecheck'] === 'no') { header('Location: nosale.php'); exit; } echo 'this is the YES page view.'; ?> let us know...
-
check my last post for that code. if !isset OR !empty AND no
-
And if you want to check if a logged in user has a no too then use the following code model <?php declare (strict_types = 1); (array) $_FakeSESSION = ['id' => 1, 'salecheck'=> 'yes']; if (!isset($_FakeSESSION['id']) || !empty($_FakeSESSION['salecheck']) && $_FakeSESSION['salecheck'] === 'no') { header('Location: nosale.php'); exit; } echo 'this is the YES page view.'; ?> what we are doing is better if we read it to ourselves. if session id is not set OR a session salecheck is not empty AND its value equates to no, then nosale.php otherwise, load the sales page data because user is logged in and the salecheck is yes. does this solve your problem?
-
okay, so i was confused about what you are doing (since i cannot see your complete page and i am obviously failing to listen to your problem carefully.) I apologize for misunderstanding your goals. Simply check for the lack of a session id and redirect. <?php session_start(); include_once "config.php"; if (!isset($_SESSION['id'])/*.*/){ header("location: nosale.php"); exit; } ?> also, i always add a small comment between parentheses because if statements with too many parentheses can be confusing. I often miss one somewhere and it drives me nuts. redirecting a user that does not have an id (logged in?). The sales page will be viewable now if the session id is set, otherwise the redirection will take you to nosale.php. edit: the salecheck session variable should be an error if the user is not logged in, so the header redirect does not happen. You would have to check if both session variables are set to escape this problem. But then it begs the question 'why use a yes switch if it isn't really used?'
-
!isset($_SESSION['id']) if NOT isset $_SESSION['id'] AND $_SESSION['salecheck'] == "yes" session id is not set and session salecheck is yes if yes means that a user is supposed to view the page and the user should have a session id, then this code is failing because session id is set. you are simply misunderstanding the logic. if IS set Session ID AND session salecheck === yes should allow the logged in user with yes permission to view the page if (isset($_SESSION['id']) && $_SESSION['salecheck'] === 'yes') you still need to exit after a header.
-
I see that my advice is a bit much, so let me just work off of your data. Add an exit immediately after the header redirection and try the script again. so: <?php session_start(); include_once "config.php"; if(!isset($_SESSION['id']) && $_SESSION['salecheck'] == "yes"){ header("location: nosale.php"); exit; } ?>
-
client side versus server side should not be a foreign concept to you. So what do you do when i disable JavaScript in my web browser? or what do you do if i use fiddler to fiddle with the request? Imagine if your bank used Javascript to control access to a page. If i could use a shaking my head while holding it in my hands in a downward shamed posiion, then i would use such an emoji here and now.
-
Please do not implement a script (client side technology) in place of server-side control. I hope that you are really not using such code on a live website. I hope that you understand why this is a bad suggestion. Thanks for trying to be helpful but this is really hurtful advice. I hope that you do not think that i am being rude. I'm just shocked that you would make such a suggestion. 🤯
-
okay but Linux is an Operating System. In your code you are using a header for redirection but you have failed to exit the php script, thus it continues execution of the script (which ends up at on.php !). However, you shouldn't redirect here because it is not really a legitimate reason to do so. Simply store the db switch in a session variable instead. ALSO use one page and change the view based upon the switch. Like so: then in the on_or_off_single_switch_page.php page: if (!empty($_SESSION['MyPagePermissionSwitch']) && $_SESSION['MyPagePermissionSwitch'] === 'on') { echo 'the page is really turned on, LOL'; require_once on.php; /* require_once dirname(__FILE__) . '/../outofrootfolder/on.php'; /* } else { echo 'you are not permitted to view this file. The page is a big turn off!'; require_once off.php; /* or whatever action/consequence that you desire is to be enacted in this condition block */ /* we want off to be the default, right? } the above code is just an example. Handle the condition according to your code. I am not a php specialist, so you should wait for the specialists to reply. Is this helpful to you? Best wishes, John
-
Hello PNew Code, Apache (or whatever server you are using) should be the first line of defense not php. A firewall [0] in conjunction with the server [1] is even better. Then use a session variable as a last line of defense. Apache code to be placed in the www or public directory in the htconfig file (or an .htaccess file): <FilesMatch ".php$"> Order deny,allow Deny from all </FilesMatch> <FilesMatch "^index\.php$"> Order deny,allow Allow from all </FilesMatch> The garbage that is to be found online, such as !d and !f, simply means if the file or directory doesn't exist. One should not use such code as php files should not be requestable files. Only allow index.php or whatever you want to name your index files using the aforementioned FilesMatch rules in Apache. Once again, to be clear, this is not a true php problem. The php specialists should not have to reply to such questions. I'm trying to help out by steering you in the right direction. Best wishes, John
-
But a grid design isn't necessary to achieve such a layout. vide my screen cpture attached image. I don't know what you are creating but it is a messy design like going back to tables and pixel gifs. How do you suppose it will work on a phone? Even so, a grid is not necessary. I call it gridlock, LOL. we go back to caveman html days. I was a hard headed tables only layout coder until 2015 when i learned html5 and css3. I now see the light and i have become a better html coder. I hope you that you also drop the table mindset and create clean simple desins without grid. I also prefer much larger text and less data on pages. I see why Google looks so good compared to other sites: simplicity. A search box, logo, copyright and done.
-
sloppy refers to my latest discoveries, for example: i have failed to recognize that dividing bytes by 1024 may not produce a number with a decimal point. 😬 My code breaks at this variable with a php error message. i have to add a new line of code to this file: if (!str_contains($SID_kilobytes, '.')) { $SID_kilobytes.= '.0'; } the same is true for the $SID_maxDimKB variable both must be checked before the list explode i also failed to recognize that the ini file may not be configured for file uploads my code breaks with please select an image for upload, which is an incorrect error message. i have to add an ini check to alert a user that file_upload is disabled if (empty(ini_get('file_uploads'))) { $SID_errors = 'File uploads are disabled.'; break;} this, then, sould disable the form as well. so $SID_formDisplay binary switch 0|1 needs implemented. I also failed to handle form tampering by posting multiple files. very amateur error. i should have thought about this in my last code change if (count($_FILES) > 1) { $SID_errors = 'File uploads may not contain multiple files.'; break; } I have since learned that file size checking requires filesize function for accuracy. Thus, i have added a new variable: $SID_fileSize = filesize($_FILES['Upload']['tmp_name']); subsequent changes are required: if ($SID_filesize > 1000000) { $SID_errors = 'File size is larger than 1 MB.'; break; } et cetera I have also updated the try catch code because the custom error handler throws an argument error in PHP 8.2 I have a long way to go in order to develop a tight, secure, well thought out file upload script. I didn't realize that file uploads are such a difficult concept to handle Files will also need to be scanned for malicious code. Another thing that i notice is that a user should have a maximum amount of file uploads plus, one also needs to check if the user has already uploaded the file. One cannot be permitted to upload the same file a million times. this is what i mean about sloppy concepts. As long as i am able to spot what is missing or incorrect, then i will end up with a pretty fine script (someday, LOL)
-
i have no experience with file uploading scripts and i cannot find any professional examples. I am aware of the problems that exist with handling file uploads, such as hidden code inside of images. I have spent alot of free time trying to make a better file upload script because i may want to use one myself in the future. Anyway, i have come across alot of problems while trying to redesign this script. I have never used number_format and i have learned that it automatically rounds numbers, which i do not want when displaying kilobytes. I have tried to present the size info as it appears in the right-click file properties of a Windows system. I also discovered that url encoded file names pass straight by the regex. LOL. what happens here, i have no idea. %FE should not get by the regex but it does. So i suppose that my regex is not correct. I applied it to the path filename instead and it now catches %FE. I also had a problem using getimagesize when a file is corrupted. I had to figure out a way to ignore the warning and move on. I've added error handling for such warnings because i think that extra data in a file is an exception. Also, i wanted a way to define a maximum size for an image based upon its dimensions. I have not factored gif images yet because gif images have frames and can also be animated. I will need to think about it before i have a solution. But jpeg and png images now have a max size (which also catches unnecessary data). So i will now post my newest code. I've added a binary logged in user variable for testing purposes because i am not using a session. I have not thought of everything (obviously) but alot of potential problems are handled with this new script and it is a bit more secure. Again, i am not a programmer so i may be missing something. Like i said before, i cannot find any professional examples, so this is my own attempt to handle file uploads as a file upload amateur. <?php declare (strict_types = 1); /* session_start(); */ (int) $SESSIONuserID = 1; /* var $SESSIONuserID represents $_SESSION['userID'] for non session development purposes */ (string) $SID_pageTitle = 'Upload files'; switch ($_SERVER["REQUEST_METHOD"]) { case 'GET': /* use this area to set any variables required for the get page, et cetera */ break; case 'POST': (string) $SID_errors = ''; if (empty($SESSIONuserID)) { $SID_errors = 'Please login to upload files'; break; } if ($_FILES['Upload']['size'] > 10000000) { $SID_errors = 'File size too large'; break; } /* 1 MB = 1000000, 5 MB = 5000000 Bytes, 10 MB = 10000000, 15 MB = 15000000, 20 MB = 20000000 Bytes */ (array) $SID_filesArrayErrors = ['1'=>'File size is too large','4'=>'Please choose a file for upload']; if (!empty($_FILES['Upload']['error'])) { if (array_key_exists($_FILES['Upload']['error'], $SID_filesArrayErrors)) { $SID_errors = $SID_filesArrayErrors[$_FILES['Upload']['error']]; break; } $SID_errors = 'Error uploading file. Please try again.'; break; } if (preg_match('/^[A-Za-z0-9-_.\s]{1,48}$/', pathinfo($_FILES['Upload']['name'], PATHINFO_FILENAME)) === 0) { $SID_errors = 'Invalid file: Filenames must be Alphanumeric with the following acceptions: - _ . and word spaces.'; break; } /* beware of bom and url encoded strings. for example: %FE%FF%00%3C%00s%00c%00r%00i%00p%00t%00%3E%00a%00l%00e%00r%00t%00(%00%22%00P%000%00w%00n%00e%00d%00%22%00)%00;%00%3C%00%00s%00c%00r%00i%00p%00t%00%3E */ if (preg_match('/^jpg|jpeg|jpe|png|gif$/', pathinfo($_FILES['Upload']['name'], PATHINFO_EXTENSION)) === 0) { $SID_errors = 'Invalid file: Filetypes must be jpg/jpeg, png or gif'; break; } //if (function_exists(pathinfo($_FILES['Upload']['name'], PATHINFO_FILENAME))) { error_log("attention! file upload name contains a function name: " . pathinfo($_FILES['Upload']['name'], PATHINFO_FILENAME)); /* store original name, assign new name */ break; } /* catches built-in functions: phpinfo, phpinfo(), file_get_contents et cetera. use prefixes for all user defined code (here $SID_, stands for site id). */ if (class_exists(pathinfo($_FILES['Upload']['name'], PATHINFO_FILENAME))) { error_log("attention! file upload name contains a class name: " . pathinfo($_FILES['Upload']['name'], PATHINFO_FILENAME)); /* store original name, assign new name */ break; } if (file_exists(pathinfo($_FILES['Upload']['name'], PATHINFO_FILENAME))) { error_log("attention! file upload exists: " . pathinfo($_FILES['Upload']['name'], PATHINFO_FILENAME)); /* store original name, assign new name */ break; } (string) $SID_kilobytes = strval($_FILES['Upload']['size'] / 1024); list($SID_digit, $SID_decimal) = explode('.', $SID_kilobytes); $SID_kilobytes = $SID_digit . '.' . substr($SID_decimal, 0, 1); unset($SID_digit); unset($SID_decimal); set_error_handler(function ($err_severity, $err_msg, $err_file, $err_line, array $err_context) { throw new ErrorException( $err_msg, 0, $err_severity, $err_file, $err_line ); }, E_WARNING); try { $SID_dimensions = getimagesize($_FILES['Upload']['tmp_name']); } catch (Exception $e) { $e->getMessage(); $SID_errors = 'File may be corrupted. Please try again'; restore_error_handler(); break; } /* corrupt files cause a warning. suppressing errors is being avoided with a try catch block instead */ if (empty($SID_dimensions) || !is_array($SID_dimensions)) { $SID_errors = 'File may be corrupted. Please try again'; break; } if (empty($SID_dimensions[0]) || empty($SID_dimensions[1])) { $SID_errors = 'File may be corrupted. Please try again'; break; } if ($SID_dimensions[0] < 10 || $SID_dimensions[1] < 10) { $SID_errors = 'File dimensions must be at least 10px x 10px'; } if ($SID_dimensions[0] > 1200 || $SID_dimensions[1] > 1200) { $SID_errors = 'File dimensions must be at most 1200px x 1200px'; break; } (string) $SID_maxDim = ''; (string) $SID_maxDimKB = ''; (int) $SID_channels = 4; switch (strtolower(pathinfo($_FILES['Upload']['name'], PATHINFO_EXTENSION))) { case 'png': $SID_channels = 6; break; } (int) $SID_maxDim = round(($SID_dimensions[0] * $SID_dimensions[1] * $SID_channels) / 8); (string) $SID_maxDimKB = strval($SID_maxDim / 1024); if (is_string($SID_maxDimKB)) { list($SID_maxDimDigit, $SID_maxDimDecimal) = explode('.', $SID_maxDimKB); } if ($_FILES['Upload']['size'] > $SID_maxDim) { $SID_errors = 'File size too large for these dimensions ' . $SID_dimensions[0] . ' x ' . $SID_dimensions[1] . '<br>The file may contain unnecessary data.'; break; } (string) $SID_dir = 'folder/'; (int) $SID_timestamp = time(); (string) $SID_filename = $SID_dir . $SID_timestamp.basename($_FILES['Upload']['name']); if (!move_uploaded_file($_FILES['Upload']['tmp_name'], $SID_filename)) { $SID_errors = 'Failed to upload the file. Please try again.'; break; } (string) $SID_dateCreated = date('l, F, Y') . ' ' . date('h:i:s'); $SID_pageTitle = 'File uploaded'; break; } ?> <!DOCTYPE html> <html> <head> <title><?php if (!empty($SID_pageTitle)) { echo $SID_pageTitle; } ?></title> </head> <body> <div data-role="page" id="page"> <div data-role="header"> <h1>Upload files</h1> <?php if (empty($SESSIONuserID)) { echo '<a href="#" data-role="button" data-icon="home">Sign in</a>'; } else { echo '<a href="#" data-role="button" data-icon="home">Sign out</a>'; } ?> </div> <div data-role="content"><p> <?php if (!empty($SID_errors)) { echo '<div><p>' . $SID_errors . '</p></div>'; } if (empty($SID_errors) && !empty($SID_pageTitle) && $SID_pageTitle === 'File uploaded') { echo '<p>Image transfer complete:</p>'; echo '<p>Image name: ' . htmlspecialchars($_FILES['Upload']['name'], ENT_QUOTES) . '<br>'; echo 'Image Type: ' . htmlspecialchars($_FILES['Upload']['type'], ENT_QUOTES) . '<br>'; if (!empty($SID_dimensions[0]) && !empty($SID_dimensions[1])) { echo 'Image Dimensions: ' . $SID_dimensions[0] . ' x ' . $SID_dimensions[1] . '<br>'; echo 'Image Size: '; if (!empty($SID_kilobytes)) { echo $SID_kilobytes . ' KB (' . $_FILES['Upload']['size'] . ' bytes)<br>'; } else { echo $_FILES['Upload']['size'] . ' bytes<br>'; } echo 'Maximum size imposed: ' . $SID_maxDimDigit . '.' . substr($SID_maxDimDecimal, 0, 1) . ' KB (' . $SID_maxDim . ' bytes)<br>'; } if (!empty($SID_dateCreated)) { echo 'Date created: ' . $SID_dateCreated . '</p>'; } echo '<p>Would you like to upload another image?</p>'; } ?> <form autocomplete="off" accept-charset="UTF-8" method="post" enctype="multipart/form-data"> <input type="file" name="Upload"> <input type="submit"> </form> </p></div> </div> </body> </html> I am not done with this concept yet but i will not post further updates in this thread. Old threads should be avoided. I do apologize to everyone here for my sloppy code in the previous posts. Best of luck to you and to all beginners of php.
