Jump to content

pixy

Members
  • Posts

    295
  • Joined

  • Last visited

    Never

Posts posted by pixy

  1. I made some replacements to do the URL bbcode on a forum script i'm making. But i can't figure out why it's acting up...

    This is what it looks like in the bar:
    [IMG]http://img.photobucket.com/albums/v72/vanillachick/wronglink.gif[/img]

    This is the HTML the PHP spits out:
    [IMG]http://img.photobucket.com/albums/v72/vanillachick/wronglink_html.gif[/img]

    And this is the PHP that i'm using:
    [IMG]http://img.photobucket.com/albums/v72/vanillachick/wronglink_php.gif[/img]

    And this is the part of the function i'm using:
    [code]
    <?php
    // This is only part of the function, so that part where it actually starts is up a ways...
            $patterns[] = "#\[url\]([a-z]+?://){1}([^\"'<>]*?)\[/url\]#Smi";
            $replacements[] = '<a href="\1\2" target="_blank">\1\2</a>';

            $patterns[] = "#\[url\]([^\"'<>]*?)\[/url\]#Smi";
            $replacements[] = '<a href="http://\1" target="_blank">\1</a>';

            $patterns[] = "#\[url=([a-z]+?://){1}([^\"'<>]*?)\](.*?)\[/url\]#Smi";
            $replacements[] = '<a href="\1\2" target="_blank">\3</a>';

            $patterns[] = "#\[url=([^\"'<>]*?)\](.*?)\[/url\]#Smi";
            $replacements[] = '<a href="http://\1" target="_blank">\2</a>';
    ?>
    [/code]
  2. I think it's easier to use without ob_start(); and ob_flush();, since those are just more things to remember. Its not THAT hard.

    Plus i made my own redirect() function, so I dont need to worry about using header("location: url.php"); Very handy.
  3. I'm writing my own forum script for a Harry potter website i'm doing. It's based on the entire wizarding world...but that's not the point.

    Look at this...this is the admin page to create a forum:
    [IMG]http://img.photobucket.com/albums/v72/vanillachick/imcrazy_1.gif[/img]

    see the < mark? I can't figure out WHERE IT IS. I put font size to make it bigger so you can see it. Here's the HTML code:
    [IMG]http://img.photobucket.com/albums/v72/vanillachick/imcrazy_3.gif[/img]

    And if it even matters, the PHP code:
    [IMG]http://img.photobucket.com/albums/v72/vanillachick/imcrazy_2.gif[/img]

    [b][size=6]WHERE IS IT? I CANNOT FIND IT.[/size][/b]
    It's driving me absolutely insane.
  4. As I said in that thread also, you need to setcookie(); before you send ANYTHING to the browser. Even whitespace gives you errors.

    To redirect to pages, I use this function so I dont have to deal with headers...
    [code]
    <?php
    function redirect($path, $timeout=2, $type=X_REDIRECT_HEADER) {

        // Make sure the session isn't split
        if (strpos(urldecode($path), "\n") !== false || strpos(urldecode($path), "\r") !== false)
        {
            error('Tried to redirect to potentially insecure url.');
        }

        // force session to be written before redirecting
        session_write_close();

        $type = (headers_sent() || $type == X_REDIRECT_JS ) ? X_REDIRECT_JS : X_REDIRECT_HEADER;
        if ($type == X_REDIRECT_JS) {
            ?>
            <script language="javascript" type="text/javascript">
            function redirect() {
                window.location.replace("<?php echo $path?>");
            }

            setTimeout("redirect();", <?php echo ($timeout*1000)?>);
            </script>

            <?
        } else {
            if ( $timeout == 0) {
                header("Location: $path");
            } else {
                header("Refresh: $timeout; URL=./$path");
            }
        }
        return true;
    }
    ?>[/code]

    Just store it in a functions.php and include it somewhere if you want to use it...
  5. [code]
    <?php
    if (isset($_POST['submitted'])) {
       $errors = array();
       if (empty($_POST['email'])) {
           $errors[] = 'You did not enter an email address.';
       }
       else {
           $email = $_POST['email'];
       }
       if (empty($errors)) { //
           // First, make sure the email address exists
           $query = "SELECT user_id FROM users WHERE email='$email'";
           $result = mysql_query($query);
           if (mysql_num_rows($result) == 1) { // Found it
               $row = mysql_fetch_array($result, MYSQL_NUM);
               $id = $row[0];
               // Now, create a new, random password
               $new_pass = subtr(md5(uniqid(rand(),1)), 3, 10);
               $query = "UPDATE users SET password='$new_pass' WHERE user_id='$id'";
                $result = mysql_query($query);
               if ($result) {
                   // Send an email
                   $body = "Your password for website has been changed to $new_pass. Log in to change it.";
                   mail($email, 'Your Password has been changed', $body, 'From: Admin');
                   echo 'You have been emailed a temporary password.';
              }
              else {
                  echo mysql_error();
              }
           }
           else {
               echo 'Your email did not correspond with any emails on record.';
           }
       }
       else {
           foreach ($errors as $msg) {
               echo '<li> '.$msg.'</li>';
           }
       }
    }
    else {
       echo '<form action="thisfile.php" method="post">
       <b>Email</b> <input type="text" name="email">
       <input type="hidden" name="submitted" value="TRUE">
       <input type="submit" name="submit" value="Submit"></form>';
    }
    ?>
    [/code]
  6. Here's what I usually do to validate my scripts...

    $errors = array();
    if (empty($_POST['whatever'])) {
        $errors[] = 'You didnt fill in a field';
    }
    else {
        $whatever = $_POST['whatever'];
    }
    if (empty($errors)) {
        // Do the query and inserting, and make sure they're no duplicate usernames, etc.
    }
    else {
        foreach ($errors as $msg) {
            echo '<li> '.$msg.'</li>';
        }
    }

    That way, if there are any errors at all, it tells the user what they are and lets them try again. That way it wont put them in the database.
  7. if you encrypted the password with SHA() or MD5() [b]YOU CANNOT DECRYPT IT[/b]. That's kind of "the point."

    I'm sure there's a function called encode() and decode() that allows it to be decoded, but if it can be decoded that defeats the purpose.

    Like I said before, if they forget their password have a place for them to put in their email address and it'll send the username and newly random password to the email. Then they can change it by logging in.

    When you told someone to make a page to change the password, were you talking to me?
  8. ^ Yep! The girl that runs it, Snow White, also has a forum there with lots of helpful people. They're all really nice, too. :) The tutorials are simple, and that's where I started learning from, too.

    I'm learning Visual QuickPro (not quickstart) guide to PHP & MySQL by Larry Ullman. It has complete examples in it like making shopping carts, content management, user log in--plus it's all explained step by step. It's only like $25 and was worth EVERY penny.
  9. ^ No, you shouldn't do that. As you said, someone would figure it out.

    You should create a random string of letters and numbers (you can use md5(), uniqueid(), and rand() for that) and insert the random password into the database. Then send them an email with the randomly generated password. Then, when they log into their account they can change it to whatever they want.
  10. To BillyBob, you shouldn't send information through the $_GET url--it's not secure. You don't want the user to be able to just view all the stuff, especially if you are submitting things in hidden fields you DONT want the user to change.

    Here's an example:
    [code]
    <?php
    if (isset($_POST['submitted'])) {
       if (!empty($_POST['username'])) {
           $username = $_POST['username'];
       }
       else {
           echo 'You did not enter a username.';
           die();
       }
       if (!empty($_POST['password'])) {
           $password = $_POST['password'];
       }
       else {
           die ('You did not type a password!');
       }
       $query = "SELECT * FROM users WHERE username='$username' AND password=SHA('$password')";
       $result = mysql_query($query);
       if (mysql_num_rows($result) == 1) {
           // Set cookies or sessions here
           echo 'You have been logged in!';
       }
       else {
           echo 'Your username and password did not match any in record.';
       }
    }
    else {
       echo '<form action="file.php" method="post">
       <b>Username:</b> <input type="text" name="username">
       <b>Password:</b> <input type="password" name="password">
       <input type="hidden" name="submitted" value="TRUE">
       <input type="submit" name="submit" value="Log In">
       </form>';
    }
    ?>
    [/code]

    Then, when you register the user, insert SHA('$password') into the database. That way, if someone gains access to the database they can't just log in to people's accounts.

    You would, of course, want to do something to validate $username and $password to protect from mysql_injection. I have an escape_data function I created for that, you can let me know if you want me to post it.
  11. I have no idea what CodeCharge is, but Dreamweaver is GREAT for php coding because the syntax coloring helps you see when you forget semi-colons or commas, etc. And you can keep track of your {} much easier.

    www.daydreamgraphics.com has lots of easy PHP tutorials that explain everything and help you learn to write your own scripts.

    For me, I bought a PHP/mySQL book and I used it non-stop. It's so helpful, and it's how I learned to write PHP code.

    Also, you should download the latest PHP manual. It lists all sorts of helpful functions and lots of user-submitted functions.
  12. If you're just trying to change the appearance of your site, you'd just use CSS or HTML...but if you are trying to actually create a forum then you due. There are LOADS of free forum systems out there and tutorials for creating your own. I know http://www.daydreamgraphics.com has a tutorial in the PHP forum for creating a simple board. Then we could help you add some small features. If you want a large scale project done, you'll want to check the Freelance board.

    Oh, and your site has music that comes up. You shouldn't do that. It interrupted "Bruised" by Jack's Mannequin, which is unacceptable. ;)
  13. You can just plug this in where it goes.
    In this case, I would suggest making simpler forms of your sessions and storing the player's ID in a session also...

    So while I write this, I'm assuming that $player is their username, and $player_id is their player id. Much easier than $_SESSION plus it doesn't have ' ' marks, so it won't make the script go wonky.

    [code]
    <?php
    // First find out current stats.
    $query = "SELECT istr, iagil, iarm, idex FROM users WHERE username='$player'";
    $result = mysql_query($query);
    if ($result) {
      $row = mysql_fetch_array($result, MYSQL_NUM);
      // Show current values -- you can take these out eventually, it's just to catch where the problem is
      echo '<li> Strength: '.$row[0].'</li>
      <li> Agility: '.$row[1].'</li>
      <li> Armory: '.$row[2].'</li>
      <li> Dex: '.$row[3].'</li>';
      $query2 = "SELECT dmg, arm, adex, aagil FROM market WHERE id='$player_id'";
      $result2 = mysql_query($query2);
      if (mysql_num_rows($result2) > 0) {
        $row2 = mysql_fetch_assoc($result);
        // Show the effects of the item being equipped
        echo 'Damage: '.$row2['dmg'].'<br>
        Armor: '.$row2['arm'].'<br>
        Adex: '.$row2['adex'].'<br>
        Agil: '.$row2['aagil'].'<br>';
        // Now do the math to make sure values are right before putting them in the DB
        $new_dmg = $row[0] + $row2['dmg'];
        $new_arm = $row[2] + $row2['arm'];
        $new_agil = $row[1] + $row2['aagil'];
        $new_dex = $row[3] + $row2['adex'];
        echo "The new damage is $new_dmg, the new armor is $new_arm, the new agil is $new_agil, the new dex is $new_dex.";
        // You should put the type of item in the item's description so we know which status to update to one.
        $new_query = "UPDATE users SET istr='$new_dmg', iagil='$new_agil', iarm='$new_arm', idex='$new_dex' WHERE uid='$player_id'";
        $new_result = mysql_query($new_query);
        if ($new_result) {
          echo 'Item stats were sucessfully updated.';
        }
        else {
          echo mysql_error();
        }
      }
      else {
        echo 'You have no items.';
      }
    }
    else {
      echo mysql_error();
    }
    ?>
    [/code]

    As I said in the script, it dont know how you are determining the type of each item (weapon, versus armor, etc.) but we could easily adjust the query to update the status of that as equipped.
  14. What I would do is query the database for the stats they currently have and show them first. Make those into nicer variables, and do the math outside of mySQL first. That way you can see what it's trying to put in before you update and fix the problem there.

    I'm getting off the computer, but I could write something for updating the stats tomarrow.
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.