AdRock
-
Posts
913 -
Joined
-
Last visited
Posts posted by AdRock
-
-
you defined the $img variable inside of the if else statement, and only there can it be called without redefining it
I was just about to say that.
The image hasn't been called in the first place if the else is taken.
-
on here
if(strcmp($_SESSION[$key], $items[$key]) != 0) { -
I thought that worked for a minute
I get this error message now.
Notice: Undefined index: user_idCould it be becuase of the version of php i'm using locally?
PHP Version 5.2.9-1 -
I am getting this warning
Notice: Undefined index: 5 in C:\Apache\htdocs\OB\php\userfuncs.php on line 448which refers to this section
// if there is no match for any session, return false so session is destroyed foreach($session_array as $key) { if(strcmp($key, $items[$key]) != 0) { return false; } }What is causing this warning? Do i need to wrap that code above in an if statement so it's only called if a session is registered> I can disable warnings as it works fine but i don't know the best way to make this code work as it should without warnings.
Here is the whole code
/** * This function is called by the checkLogin function * It connects to the datanase and gets the record with the users credentials in it. * It then creates 2 arrays, 1 for the database record and the other for the session. * it then compares each array with the other to see if there is a match. * If there is a match then everything is fine. if not someone has been tampering with the cookie so return false **/ $items = array(); while ($row = $result->fetch()) { $items = array( 'user_id' => $row['userid'], 'username' => $row['username'], 'email' => $row['email'], 'user_level' => $row['user_level'], 'encrypted_id' => md5($row['userid']), 'encrypted_name' => md5($row['username']), 'encrypted_email' => md5($row['email']), 'encrypted_user' => md5($row['user_level']) ); } $session_array = array( $_SESSION['userid'], $_SESSION['username'], $_SESSION['email'], $_SESSION['user_level'], $_SESSION['encrypted_id'], $_SESSION['encrypted_name'], $_SESSION['encrypted_email'], $_SESSION['encrypted_user'] ); // if there is no match for any session, return false so session is destroyed foreach($session_array as $key) { if(strcmp($key, $items[$key]) != 0) { return false; } } -
-
I have noticed that today that some of the content that is saved from my form is printing random characters and crap.
I am using htmlentities on the form input and it seems to be adding more rubbish.
I am using the UTF-8 charset as a meta tag.
Is this the correct way of using htmlentities?
htmlentities($string, ENT_QUOTES, 'UTF-8')
Also i noticed the other day with a problem I had that using htmlentities was replacing " with &" when i thought it should have just been "
-
You could try using == instead of =
I would use a switch statement instead of using ifs
http://www.w3schools.com/PHP/php_switch.asp
In your case
switch($boxorlink) { case 'box': //other code break; case 'link': //other code break; default: } -
Did what you suggested and still wouldn't work so looked at what is stored in database and it seems that htmlentities stored the quote as &" so that is what the extra chars are and why it wasn't working.
It works now so thanks very much chaps as this was doing more swede in for a whole day and night....ahhh
-
Donw what you said and it appears that it is not doind the decode
Array ( [ 0] => [ [1] => Q [2] => U [3] => O [4] => T [5] => E [6] => = [7] => & [8] => q [9] => u [10] => o [11] => t [12] => ; [13] => A [14] => d [15] => R [16] => o [17] => c [18] => k [19] => & [20] => q [21] => u [22] => o [23] => t [24] => ; [25] => ] [26] => j [27] => u [28] => s [29] => t [30] => [31] => t [32] => e [33] => s [34] => t [35] => i [36] => n [37] => g [38] => [39] => t [40] => h [41] => e [42] => [43] => e [44] => r [45] => r [46] => o [47] => r [48] => [ [49] => / [50] => Q [51] => U [52] => O [53] => T [54] => E [55] => ] [56] => [57] => [58] => A [59] => n [60] => o [61] => t [62] => h [63] => e [64] => r [65] => [66] => t [67] => e [68] => s [69] => t )
Array ( [ 0] => [ [1] => Q [2] => U [3] => O [4] => T [5] => E [6] => = [7] => " [8] => A [9] => d [10] => R [11] => o [12] => c [13] => k [14] => " [15] => ] [16] => j [17] => u [18] => s [19] => t [20] => [21] => t [22] => e [23] => s [24] => t [25] => i [26] => n [27] => g [28] => [29] => t [30] => h [31] => e [32] => [33] => e [34] => r [35] => r [36] => o [37] => r [38] => [ [39] => / [40] => Q [41] => U [42] => O [43] => T [44] => E [45] => ] [46] => [47] => A [48] => n [49] => o [50] => t [51] => h [52] => e [53] => r [54] => [55] => t [56] => e [57] => s [58] => t )
$test = '[quote="AdRock"]just testing the error[/quote] Another test'; $message = html_entity_decode($message, ENT_QUOTES); $test = html_entity_decode($test, ENT_QUOTES); print_r(str_split($message)); print_r(str_split($test));
-
I would also be interested if there is a company or legitimate individual out there (who is known by and recommended by this board) that would evaluate and or attempt to hack my website to see if it has vulnerabilities.
Is there such a service?
My mate who went to Exeter University now works for a company called 'Transition Consulting Limited (TCL)' who are based on uni campus and they do software testing and i'm pretty sure they test websites for vulnerabilities.
He told me there was a lecture when he was there given by a member of TCL staff to show how websites can be hacked.
It might be worth checking them out
-
just checked using strlen() and the string from the database is 70 whereas the hard coded string is 69
-
I've done this
$test = '[quote="AdRock"]just testing the error[/quote] Another test'; $message = html_entity_decode($message, ENT_QUOTES); // from database $test = html_entity_decode($test, ENT_QUOTES); // hard coded string //preg_match_all('/\[\s*QUOTE="([^"]*)"/s', $message, $out); //print_r($out[1]); var_dump($message); var_dump($test);this is the output (without the extra spaces after square brackets)
string(70) "[ QUOTE=AdRock]just testing the error[/quote ] Another test"string(59) "[ QUOTE=AdRock]just testing the error[/quote ] Another test"
so what is the extra 11 chars?
-
what is really strange is that i was able to extract the rest of the string after the closing ] and print it out, so everyythignafter
was printed. I don't know if it's to do with the quotes.I'll give your suggestion a try and let you know
-
I've tried what you said and by hard coding the string it works but as soon as i grab a string from the database which is exactly the same it prints and empty array.
There is nothing wrong with any code that i can see, it just makes no sense.
It's like it's refusing to add it to an array
-
I've managed to get some ouptput combining your earlier post and last post
I get the username but in quotes. How do i get rid of the quotes? The regex?
Also, i tried it on another string but this time the output is different.
[ QUOTE=AdRock]just testing the error[/quote ]gives me
"AdRock"]just testing the error[/quoteand (note that this is on 2 lines with line breaks)
[ QUOTE=AdRock]blah blah blah blah blahblah blah blah blah blah[/quote ]
gives me
AdRock
"AdRock"$text = html_entity_decode($message); $a=preg_match_all("/\[quote=(.*.)\]/",$text,$b); $searchText = $b[1]; echo $searchText[0]; -
why not?
UPDATE table set field='$field', field2='$field2', field3='$field3' WHERE thisfied='$thisval'
make sure you protect against SQL injection
$field etc would be your POST vars
-
not really hot on RegEx ad preg_match
I've done what you suggested and this is the output
Array ( [0] => Array ( ) [1] => Array ( ) )$text = html_entity_decode($message); $a=preg_match_all("/\[quote=(.*.)\]/",$text,$b); print_r($b);What is $b?
Also can this be used to extract the actual message too?
-
This is the original message as stroed in database before html_entity_decode
var_dump($message);
string(78) "[ QUOTE=AdRock]just testing the error[/quote ] Another test"Then after decoding it but should make no difference
$mess = html_entity_decode($message); $some_array = explode('"', $mess); print_r($some_array)Array ( [0] => [ QUOTE=AdRock]just testing the error[/quote ] Another test ) -
been doing some debugging and found that it is not exploding.
Echoing out $myarray[1] prints nothing
Echoing out $myarray[0] prints the whole string
I've tested it locally and it works, hosted doesn't work....could there be a problem if using differnet versions of PHP
-
When testing that code with a hard coded string it worked but when trying it in my page it returns NULL
I use html_entity_decode to get the quotes back etc and var_dumping that shows the whole string
Trying to explode that doesn't now work with this code
$original = html_entity_decode($message); //original string $myarray = explode('"', $original); $user_name = $myarray[1]; var_dump($myarray[1]); //prints NULL var_dump($user_name); //prints NULLprobably something really obvious but i can't see it
-
freeloader, your example worked if there were only 2 sets of quotes....thanks anyway
litebearer, spot on....does what i want.
This has been doing my head in all afternoon
-
What about using $_SERVER['HTTP_REFERER']?
store that to a variable and redirect using the variable in header location
-
I did google this and found the example i gave and i did think about split/explode.
If all users had the same length username it wouldn't be so hard so i can find where i need to start the extraction from and that would be the first set of double quotes, but i need to find out where the second set is
-
Are you on about using sessions?
Say you try and view a restricted page like your user control panel and you are directed to a login page, after you login on you want to go back to the control panel page.
The way i do it is check if a session has been registered and redirect to log in if not. After the user logs in you could use a header redirect to the control panel page or whatever.
I have a function that redirects to a certain page after the user logs in
looping through database and output to select list or not
in PHP Coding Help
Posted
I have a list of products in my database (i.e T-Shirts, etc). Some of them are the same product but different sizes and prices but still the same thing and also any other random product in there that doesn't come in different sizes.
I have a shopping cart which normally connects to the database and creates a form for each product.
What i want to do is if it's a product without a size, just create the usual form, but if it's a T-Shirt for example with different sizes, put them in a select drop list.
Here is my code that loops through the database and outputs the form just for a standard form (no sizes)
while (list($prodid,$item,$description,$price) = $result->fetchrow()) { if ($count % NUMCOLS == 0) echo "<tr>"; # new row echo '<td>'; echo '<form method="post" action="" class="jcart"> <fieldset> <input type="hidden" name="jcartToken" value="'.$_SESSION['jcartToken'].'" /> <input type="hidden" name="my-item-id" value="'.$prodid.'" /> <input type="hidden" name="my-item-name" value="'.$item.'" /> <input type="hidden" name="my-item-price" value="'.$price.'" /> <input type="hidden" name="my-item-url" value="product.php?prodid='.$prodid.'" /> <ul> <li><img src="images/shop/products/test.gif" /></li> <li><strong><a href="product.php?prodid='.$prodid.'">'.$item.'</a></strong></li> <li>Price: £'.number_format($price, 2).'</li> <li> <label>Qty: <input type="text" name="my-item-qty" value="1" size="3" /></label> </li> </ul> <div class="buttonadd"> <input type="submit" name="my-add-button" value=" " class="addcart" /> </div> </fieldset> </form> '; echo '</td>'; $count++; $counter++; if ($count % NUMCOLS == 0) echo "</tr>\n"; # end row }here is the table structure
I have added a field called itemid which links all different sizes of one product to it.
WHat i need to know now is how i code so it sees how many of an an itemid there is and if it's one, stick it in a normal form and if it's greater than one , put it into a select list