Jump to content


  • Content Count

  • Joined

  • Last visited

  • Days Won


Everything posted by gizmola

  1. The /tmp directory is typically setup with the "sticky bit" set. Let's assume that you created the /tmp/output file using your command line execution. What is the ownership of that file? What web server are you running? There are many different configurations possible. It's possible that your script is running but it can't overwrite the original file due to ownership issues and the sticky bit. Also you might attempt to capture the return value from shell_exec and look at that: $output = shell_exec('/usr/bin/env > /tmp/output'); echo "<pre>$output</pre>";
  2. Yes, content promotion would be the idea. I can set you up as an admin for it if you want. As for the feed, it pulls rss feeds from a number of sites and caches them. It's been quite a while but I have the source for the main site in bitbucket which I think you have access to.
  3. Well it's interesting that the main site's news feed has a pretty good news feed section in it, that I've fixed a few times and expanded to include a bunch of php news aggregator sites. I still don't find the time to read any of those articles nor do I go to any of the sites from which they are syndicated, but maybe we have some visitors that do. Of course I just looked at it, and it's not been updating since August, so something got broken with it again. Your idea about the RFC group sounds pretty nice, although I do see articles about RFC activity on some of the other PHP sites from time to time. It would be cool if some or all of whatever content you develop ended up on the facebook page, because we really don't seem to do much to work with that audience or get them into the forum.
  4. Well, if you're a hardcore professional PHP developer, I think the best editor hands down is phpstorm. The features it has are overwhelming. With that said, it costs $200 + $160 for year2 maintenance if you want access to upgrades. If you want something free, I'd suggest Eclipse PDT which I have used for years and is solid, maintained and functional. After that there's the free Electron based editors Visual Studio Code, Atom and Brackets. It seems like VSCode has the most momentum but they are all capable editors that tend to have similar packages available that support php syntax and commonly desired plugins for debugging and interactive development.
  5. The 2 things have nothing to do with each other, but I will say this about SQL Injections. Forget about mysqli_real_escape_string or any attempt to escape anything, and use parameters. Use parameters and bind the values. This eliminates the possibility of SQL Injections, because no interpolation is being done, and you also no longer have to care about escaping quotes or other characters special to SQL. https://www.php.net/htmlspecialchars is something you can use to combat XSS, or https://www.php.net/manual/en/filter.filters.sanitize.php. For XSS the best solution is to store the input in the DB as is, and then do your filtration/conversion when you are going to present the string on your site/within your application.
  6. You replaced Wordpress with what? I don't know how you get the entry from the DB, or what templating looks like but let's assume you are just using something like pure PHP. I'll assume that there's a variable named "$soundFile" available with the existing URL. <?php /// various code ?> <audio controls> <source src="<?= $soundFile ?>" type="audio/mpeg"> </audio> <?php /// more php code if needed Your type#2 url's that just have the url to the .mp3 will work perfectly. Only your entries that have encoded the url inside an anchor tag would be a problem. What I'd do is fix them in the DB with a SQL statement. Tip: Anytime you do a global UPDATE like this you need to be very careful to test and have a backup. I usually will make a backup table using something like this: CREATE TABLE t_atable LIKE atable; INSERT t_atable SELECT * FROM atable; So in this example, I assume your table is named `sound` and the column to have it's data fixed is named mp3_file. UPDATE sound SET mp3_file = SUBSTR(mp3_file, POSITION('http:' IN mp3_file), (POSITION('.mp3' IN mp3_file)+4 - POSITION('http:' IN mp3_file) )); Here is a dbfiddle that proves this will work with versions as old as MySQL 5.5. Hopefully you get the idea that it locates the 'http:' and the '.mp3' and uses those positions to carve out a substring with just the URL. It works fine if there is only the url pre-existing in the column. It's also impervious to small details like whether or not the url inside an anchor tag src has quotes around it or not. Assuming you are just putting new url's in the column in the future, you would only need to run this once to clean up your db.
  7. gizmola

    phpdoc not work

    This is an ongoing problem with phpDocumentor and the JMS Serializer package. See this: https://github.com/phpDocumentor/phpDocumentor2/issues/1868 You would probably have more luck working directly through the Github issue tracker.
  8. Seems like you figured out that you needed to find where the $base variable was being set, and change that. Congrats on figuring it out, and on behalf of the the others who aided, you're most welcome.
  9. To add to what Mac said, usually there are some configuration files involved. We have no way of saying for sure without code to look at, but a typical strategy would be to set up a variable or constant that contains the site root. Mac helpfully highlighted the differences for you. You should do a search through the source files for '/home/sites' and make sure that is replaced with '/home/customer/www'. Sometimes these configurations are stored in database tables, so that might be the problem if it's not hardcoded. There is no way for us to know for sure again without looking at some of the sourcecode for the site.
  10. You might reach out and ask them if they would share info with you, unless of course you are trying to clone the site. If you're not planning on direct competition, they might be willing to share with you, but obviously the site has a lot of moving parts, and from a UI standpoint it appears to me to be a bunch of custom javascript, with some bootstrap, and as I said previously, RESTful ajax calls for data submission. It really doesn't look to me like something you can go find on github.
  11. My best guess is that it is something customized. The site is highly commercialized, and ironically exactly what the founder stated he didn't like in an interview I found: http://www.english-test.net/esl-cafe/24/index.html There are a gazillion adnetworks, with extensive monitoring and tracking. I did see that at some point they had a full time SEO person involved, as well as a distributed development team. Clearly it's nothing out of the box, but at least as a non-member, the site looks ugly and distracting to me, with the content hard to find within all the add banners, panels and modal windows. The other thing I can tell you is that it's using a REST api setup, and mapping the *.htm extension to something, which could be essentially anything on the serverside. They have taken a number of steps to obfuscate what they are using, so that indicates they don't want you to know.
  12. How about just using serialize() and unserialize(). This is what php session handling does.
  13. Yes absolutely. PyCharm is simply an editor/Integrated Development Environment. You need some sort of server environment to test. It's possible to make it work in a localhost or virtual server on your workstation, but for a smallish project like this one, probably not worth the trouble.
  14. maxxd, From what I've seen, it's more a matter of the php team wanting to give developers the same tools and capabilities that exist in other languages. Adding syntax to easily use anonymous functions is yet another step in furthering that longtime goal. With that said, the associative array assignment syntax does make this a change that will cause some head scratching for long time PHP developers.
  15. Note: I edited the original post and removed the comments about the code block. I also removed the email and site url specifics. This is the line that sets that: // Enter your email addresses: @required $emailTO[] = array( 'email' => 'stefan@...', 'name' => 'Stefan' ); If that is your email address, then I don't see any obvious coding issues. So to gw1500se's point, this would suggest a configuration issue with the server, where the Mail Transfer Agent which will be delivering your mail needs to be setup and working. There are many things involved in getting a working MTA. You'll likely need support from your hosting company.
  16. This is the modern/functional programming way of handling a problem like this. I'm not a huge javascript fan, but having to practice it on occasion certainly opened my eyes to the use of filter/map/reduce and other mainstays of functional programming. I've also found this guy's youtube channel to be both educational and inspirational. You do have to do a bit of research for the php functions that are similar, but in the case of arrays there are ones like array_filter that I find are great as glue for so many smallish tasks as demonstrated by Barand's code.
  17. Good find. There are actually many of these errors where it's requesting http over https which the browser won't allow. Either the server needs to be configured to serve https or the code/configuration needs to be changed so that it uses relative paths or for some of the included external javascript and css, to use '//....' rather than 'http://'. The login fails for the same reason, as it's attempting an ajax call to: http://....com/requests.php?f=login which is denied.
  18. I'm not a big fan of extract or anything that could make a bunch of odd variables when you can just use: 'pagecontent' => html_entity_decode($row['pagecontent']), With that said, I didn't see anything exceptionally broken in your code. Probably the issue is that you aren't setting the HTTP Header to indicate you are returning json. Before your echo: header('Content-Type: application/json'); If something else is broken, you should have a message in your logs.
  19. This appears to be what you have now on submit: $sql = "INSERT IGNORE INTO bookingcategory SET bookingid=$bookingid, categoryid=$catID"; So there are 2 things to note here: On a new booking a booking row gets created and you get the id of this new booking row and store it in $bookingid For each category selected a row is inserted in bookingcategory with the bookingid and the categoryid So, the first issue you need to deal with is how will php get the bookingid that has just been created? Your primary options are either to redirect to the same script, only passing a url parameter like ?bookingid= Set a cookie with the booking id there Use a session variable I would suggest that you use sessions, since they have the advantage of hiding the bookingid from the user. If you pass a parameter, anyone looking at your system could just change the booking id parameter and see other bookings, however, if this is an admin system, perhaps that doesn't matter as much. Still sessions have great utility and may help with other problems you'll face. Now assuming, you want to be able to add to this script, the logic you described, what is missing is that you need to SELECT the booking and related information so you can refill the form variables or otherwise display the booking data which has now been saved. It should be obvious to you that you can't do that unless you have access to the saved booking id. Getting a list of the preselected categories would require a query like: SELECT c.* FROM bookingcategory bc JOIN category c ON c.id = bc.categoryid WHERE bc.bookingid = $bookingid The actual query may be slightly different as there is no way to intuit the actual column names from your posted code. The results of that query can be used to set the selected categories in your form/UI.
  20. I realized that the name of the password column in the database is 'contrasena', so you need to change this line of code: if (md5($password) != $user['realpass']) { to if (md5($password) != $user['contrasena']) {
  21. First off, there is no reason to query anything until you have insured you have input from the user. An empty username or password should fail and no querying should occur. There is no reason to do multiple queries here. Do one query by username, and use that result for further analysis. I can't guarantee this works, but it should be pretty close. Make sure you understand the changes I made and review documentation if you aren't clear. <?php session_start(); $servername = "localhost"; $dbusername = ""; $dbpassword = ""; $dbname = ""; $pdo = new PDO("mysql:host=$servername;dbname=$dbname",$dbusername,$dbpassword); $pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); $pdo->setAttribute(PDO::ATTR_DEFAULT_FETCH_MODE, PDO::FETCH_ASSOC); $pdo->setAttribute(PDO::ATTR_EMULATE_PREPARES, false); if ($pdo->connect_error) { die("Connection failed: " . $pdo->connect_error); } $id=""; $username = trim($_POST['username']); $password = trim($_POST['password']); //Login if (!empty($username) && !empty($password)) { // Check the email with database $stmt = $pdo->prepare('SELECT * FROM users WHERE username=:username LIMIT 1'); $stmt->execute(array('username' => $username)); // Get the result $user = $stmt->fetch(PDO::FETCH_ASSOC); // Check if user exists if ($user) { if ($user['bloqueado'] == 'NO') { if (md5($password) != $user['realpass']) { die("contrasena incorrecta"); } else { $_SESSION['loguin'] = "OK"; $_SESSION['username'] = $username; header("Location: ./herramientas.php"); exit; } } else { die("Tu usuario ha sido bloqueado o todavĂ­a no ha sido aceptado por un administrador. Si el problema persiste contacta con contacto@leonmacias.com"); } } else { die("No hay ninguna cuenta con este nombre de usuario"); } } else { echo 'El campo usuario esta vacio'; }
  22. I apologize if this wasn't clear, but while I fixed some issues and formatting problems, I didn't mean to imply that I made the code work. Those are things we want you to do for yourself. Barand went further towards making your code actually work. If you have specific questions after making fixes, we welcome you updating the question with the latest code and any new questions you might have.
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.