Jump to content


  • Content Count

  • Joined

  • Last visited

  • Days Won


gizmola last won the day on June 29

gizmola had the most liked content!

Community Reputation

163 Excellent

1 Follower

About gizmola

  • Rank
    Prolific Member

Contact Methods

  • AIM
  • Website URL

Profile Information

  • Gender
  • Location
    Los Angeles, CA USA

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. How about just using serialize() and unserialize(). This is what php session handling does.
  2. Yes absolutely. PyCharm is simply an editor/Integrated Development Environment. You need some sort of server environment to test. It's possible to make it work in a localhost or virtual server on your workstation, but for a smallish project like this one, probably not worth the trouble.
  3. maxxd, From what I've seen, it's more a matter of the php team wanting to give developers the same tools and capabilities that exist in other languages. Adding syntax to easily use anonymous functions is yet another step in furthering that longtime goal. With that said, the associative array assignment syntax does make this a change that will cause some head scratching for long time PHP developers.
  4. Note: I edited the original post and removed the comments about the code block. I also removed the email and site url specifics. This is the line that sets that: // Enter your email addresses: @required $emailTO[] = array( 'email' => 'stefan@...', 'name' => 'Stefan' ); If that is your email address, then I don't see any obvious coding issues. So to gw1500se's point, this would suggest a configuration issue with the server, where the Mail Transfer Agent which will be delivering your mail needs to be setup and working. There are many things involved in getting a working MTA. You'll likely need support from your hosting company.
  5. This is the modern/functional programming way of handling a problem like this. I'm not a huge javascript fan, but having to practice it on occasion certainly opened my eyes to the use of filter/map/reduce and other mainstays of functional programming. I've also found this guy's youtube channel to be both educational and inspirational. You do have to do a bit of research for the php functions that are similar, but in the case of arrays there are ones like array_filter that I find are great as glue for so many smallish tasks as demonstrated by Barand's code.
  6. Good find. There are actually many of these errors where it's requesting http over https which the browser won't allow. Either the server needs to be configured to serve https or the code/configuration needs to be changed so that it uses relative paths or for some of the included external javascript and css, to use '//....' rather than 'http://'. The login fails for the same reason, as it's attempting an ajax call to: http://....com/requests.php?f=login which is denied.
  7. I'm not a big fan of extract or anything that could make a bunch of odd variables when you can just use: 'pagecontent' => html_entity_decode($row['pagecontent']), With that said, I didn't see anything exceptionally broken in your code. Probably the issue is that you aren't setting the HTTP Header to indicate you are returning json. Before your echo: header('Content-Type: application/json'); If something else is broken, you should have a message in your logs.
  8. This appears to be what you have now on submit: $sql = "INSERT IGNORE INTO bookingcategory SET bookingid=$bookingid, categoryid=$catID"; So there are 2 things to note here: On a new booking a booking row gets created and you get the id of this new booking row and store it in $bookingid For each category selected a row is inserted in bookingcategory with the bookingid and the categoryid So, the first issue you need to deal with is how will php get the bookingid that has just been created? Your primary options are either to redirect to the same script, only passing a url parameter like ?bookingid= Set a cookie with the booking id there Use a session variable I would suggest that you use sessions, since they have the advantage of hiding the bookingid from the user. If you pass a parameter, anyone looking at your system could just change the booking id parameter and see other bookings, however, if this is an admin system, perhaps that doesn't matter as much. Still sessions have great utility and may help with other problems you'll face. Now assuming, you want to be able to add to this script, the logic you described, what is missing is that you need to SELECT the booking and related information so you can refill the form variables or otherwise display the booking data which has now been saved. It should be obvious to you that you can't do that unless you have access to the saved booking id. Getting a list of the preselected categories would require a query like: SELECT c.* FROM bookingcategory bc JOIN category c ON c.id = bc.categoryid WHERE bc.bookingid = $bookingid The actual query may be slightly different as there is no way to intuit the actual column names from your posted code. The results of that query can be used to set the selected categories in your form/UI.
  9. I realized that the name of the password column in the database is 'contrasena', so you need to change this line of code: if (md5($password) != $user['realpass']) { to if (md5($password) != $user['contrasena']) {
  10. First off, there is no reason to query anything until you have insured you have input from the user. An empty username or password should fail and no querying should occur. There is no reason to do multiple queries here. Do one query by username, and use that result for further analysis. I can't guarantee this works, but it should be pretty close. Make sure you understand the changes I made and review documentation if you aren't clear. <?php session_start(); $servername = "localhost"; $dbusername = ""; $dbpassword = ""; $dbname = ""; $pdo = new PDO("mysql:host=$servername;dbname=$dbname",$dbusername,$dbpassword); $pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); $pdo->setAttribute(PDO::ATTR_DEFAULT_FETCH_MODE, PDO::FETCH_ASSOC); $pdo->setAttribute(PDO::ATTR_EMULATE_PREPARES, false); if ($pdo->connect_error) { die("Connection failed: " . $pdo->connect_error); } $id=""; $username = trim($_POST['username']); $password = trim($_POST['password']); //Login if (!empty($username) && !empty($password)) { // Check the email with database $stmt = $pdo->prepare('SELECT * FROM users WHERE username=:username LIMIT 1'); $stmt->execute(array('username' => $username)); // Get the result $user = $stmt->fetch(PDO::FETCH_ASSOC); // Check if user exists if ($user) { if ($user['bloqueado'] == 'NO') { if (md5($password) != $user['realpass']) { die("contrasena incorrecta"); } else { $_SESSION['loguin'] = "OK"; $_SESSION['username'] = $username; header("Location: ./herramientas.php"); exit; } } else { die("Tu usuario ha sido bloqueado o todavía no ha sido aceptado por un administrador. Si el problema persiste contacta con contacto@leonmacias.com"); } } else { die("No hay ninguna cuenta con este nombre de usuario"); } } else { echo 'El campo usuario esta vacio'; }
  11. I apologize if this wasn't clear, but while I fixed some issues and formatting problems, I didn't mean to imply that I made the code work. Those are things we want you to do for yourself. Barand went further towards making your code actually work. If you have specific questions after making fixes, we welcome you updating the question with the latest code and any new questions you might have.
  12. Well, if you have a specific PDO question, then it would be better for future readers to do a new topic. If we are just cleaning up what you've been working on and it's dwindling down, then no worries, and continuing the topic has the advantage that those who have already been helping you will get notifications.
  13. I overstated the issue with else. It's bad form, but not an error. The uninitialized variable is probably the reason things don't work as you expect. I fixed a few issues and formatted your code properly: <?php session_start(); $servername = "localhost"; $dbusername = ""; $dbpassword = ""; $dbname = ""; $conn = new mysqli($servername, $dbusername, $dbpassword, $dbname); if ($conn->connect_error) { die("Connection failed: " . $conn->connect_error); } $id=""; $username = $_POST['username']; $password = md5($_POST['password']); $func = "SELECT contrasena FROM users WHERE username='$username'"; $realpassask = $conn->query($func); $realpassaskres = $realpassask->fetch_assoc(); $realpass = $realpassaskres[contrasena]; $func2 = "SELECT bloqueado FROM users WHERE username='$username'"; $blockedask = $conn->query($func2); $blockedres = $blockedask->fetch_assoc(); $bloqueado = $blockedres[bloqueado]; //Login if(!empty($username)) { // Check the email with database $userexists = $pdo->prepare("SELECT COUNT(username) FROM users WHERE username= '$username' LIMIT 1"); $userexists->bindParam(':username', $username); $userexists->execute(); // Get the result $userexistsres = $userexists->fetchColumn(); // Check if result is greater than 0 - user exist if ($userexistsres == 1) { if ($bloqueado == NO) { if ($password != $realpass) { die("contrasena incorrecta"); } else { $_SESSION['loguin']="OK"; $_SESSION['username']="$username"; header("Location: ./herramientas.php"); exit; } } else { die("Tu usuario ha sido bloqueado o todavía no ha sido aceptado por un administrador. Si el problema persiste contacta con contacto@leonmacias.com"); } } else { die("No hay ninguna cuenta con este nombre de usuario"); } } else { echo 'El campo usuario esta vacio'; } For example, you had $id = "''"; Not sure what you were trying to do there. If you are initializing it to a null equivalent empty string then just use "" or '' I removed the ending '?>' from the file. You don't need it and it's best not to have end block statements as they can in some circumstances cause issues. I'd recommend looking at PSR-2 and adopting those standards. Something odd about your code is when you do 2 queries in a row where USERNAME = '$username'. Do one query and either SELECT * or SELECT contrasena, bloqueado. Whenever you have a header('Location:...) you need to follow that with exit/die. (They are the same function, but most people use exit). Of course currently you are doing those queries and yet you do nothing with them. Also because you are not using prepared statements with bound parameters, your code will allow SQL injection. Again, our advice is that you use PDO. Here's a tutorial that will teach you everything you need to know.
  14. The first step towards writing decent code is to properly indent and format your code. Don't put multiple lines of code on the same line. You should have a newline at the end of each line. You should have indentation for any blocks. PHP is case sensitive for most things other than function names and class names. Be consistent. Make all control statements (if-then-else) lower case. //Login if(!empty($username)) { // Check the email with database $userexists = $pdo->prepare("SELECT COUNT(username) FROM users WHERE username= '$username' LIMIT 1"); $userexists->bindParam(':username', $username); $userexists->execute(); The $pdo variable doesn't exist, however this is where it looks like you dropped in some PDO code. The consensus of experts at phpfreaks is that PDO is the better database API to use, so we'd recommend you convert everything to pdo anyways.
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.