Jump to content

dptr1988

Members
  • Posts

    372
  • Joined

  • Last visited

    Never

Everything posted by dptr1988

  1. Ok, I have a copy of this script installed at 'http://www.phpcodinghelp.com/dev/login_system/login.php'. It is using the mysql database backend and all of the users that are in the array in the 'db_array' function have been added to the database. Note: only user 'harry' has the required permission 'd' that is needed to access the page. All the other can just login. Username: 'harry' Password: 'asdf' Other username/password pairs without the needed permissions: joe_sample/password john_sample/password test/test_password Username and password hashes provided for your convienience. The are the password hashes from the database. joe_sample/f6b363d47c1ff60c67eb121d6fb101c5 john_sample/f6b363d47c1ff60c67eb121d6fb101c5 harry/434e2ffa425d98d9682d2cef6a4a0a10 test/32e0b42b8a18365e9975b402a5d9d150 Expected behaviour: If you are not logged in, you will be presented with the login form. If you have posted incorrect values in the login form, you will be given an error message and the login form again. If you successfully login and have the required permissions, you should see this message: "You are now in a protected page, logged in as X and have the required permission 'Y' ", where 'X' is replaced with the username, and 'Y' with the permission that the page requires. If you select 'Remember me' when you login, you should receive a cookie with a username and password that will allow you to login without having to type your username/password combination. Note: This script is hosted on my own server, so feel free to do anything you want to the server. ( I make regular backups, so you can even erase my hard drive if you are able to!!). Thank you all for your help! Edit reason: To correct the password hashes.
  2. No, I don't have this hosted anywhere. I'm only using it as an example in a tutorial.
  3. The text editor used in these forums is just a simple textarea based editor with BBCode tags inserted by JavaScript . A WYSIWYG editor is much more complicated and much of the coding is done in JavaScript. So most of the programming that you are going to do would be in JavaScript. The only PHP code that you will need would code to load and save the from the editor. To get started, learn how to load/save text from a textarea.
  4. There is nothing in PHP that I know of that will be shared between multiple users. The best PHP has is sessions, which are only shared between page requests for the same user.
  5. Here is how two servers can communicate with each other: Server A requests page_1 from Server B and includes a 'callback' URL pointing to a page on Server A Server B process the request and when it is finished, it sends a request to the 'callback' URL that it received from Server A Server A handles the 'callback' URL and is now communicating with Server B in response to Server B's request. I don't know if this is what you were thinking of, as I didn't understand your problem very well.
  6. Have yo checked that "../Connections/Prodnet.php" is getting included properly. Have you set error_reporting to E_ALL? You should be getting error messages. http://www.phpcodinghelp.com/article.php?article=debug#basic_error_messages
  7. Yes, you need to use $_GET['product_id'] rather then $_SERVER['product_id']. If you don't understand why, add print_r($_GET); and print_r($_SERVER); and you will see the contents of both of those variables.
  8. Having nested directories like that is for avoiding problems caused by having to many files in a directory. It is a common way to do that. The apache cache is one example
  9. If both the $user_id and $filename directories did not exist, and you used the mkdir command like you are, it would need to create the $user_id directory and the $filename directory. That may or may not work. I'm not sure, but I think it's worth looking into, because the unix command 'mkdir' requires a special argument to do something like that. Just for curiosity, try this. It might work: mkdir("../../images/photos/$user_id/$filename1/", 0777, true);
  10. Try using absolute pathname rather then relative pathnames or at least while debugging. It looks like you might be trying to create two directories with one mkdir command. I'm not sure if that's allowed or if you have to specfiy the 'recursive' argument to do that. Check the manual: http://us3.php.net/mkdir Have you checked if the script has the proper permissions to create a file in the 'photos'directory
  11. How to set php.ini values in .htaccess: http://us2.php.net/manual/en/configuration.changes.php I'm not sure where to put .htaccess files. That's an apache problem.
  12. That is strange! Ok, so we have confirmed that the if statement is correct and the trouble is somewhere around the 'echo "$id"' or echo "$test2" lines? Have you already defined the variable $test2 that you are echoing with echo "$test2"? Do you have error_reporting set to E_ALL? http://www.phpcodinghelp.com/article.php?article=debug#basic_error_messages Are you manually setting the '$id' variable to '1' for debugging purposes or were you wanting it to be $id = $_GET['id']? Is there anything in 'config.php' that is messing up the script? Is 'config.php' included into your script more then once? Have you checked the SQL query? Does it work correctly by itself?
  13. This looks like a PHP related problem if you don't get echo id or 'test2' line It looks like your $_GET['id'] variable is not set. Try putting print_r($_GET) right before the IF statement. That will show you what $_GET vars are set and if the $_GET['id'] variable exists and is correct.
  14. When you go to process that text with PHP, you strip out or disable all HTML tags. Then tag the approved BBCode tags and convert them to HTML. Also I want to double check that you understand that JavaScript or any script that can be put between <script></script> tags can not be run on your server and only can cause trouble on the clients web browser when it is redisplayed by the PHP script.
  15. And advanced editor like fckeditor will return HTML contents, so there is no need to use bbcode. ( IE. HTML is greater then BBCode) If you want to use BBCode use a simple textare like in these forums.
  16. If you want a full blown WYSIWYG editor, I can reccomend 'http://www.fckeditor.net/' and 'http://tinymce.moxiecode.com/'. Text editors like the ones on these forums are simple textareas with JavaScript buttons that will insert bbcode.
  17. Can you post the exact SQL query here? The way you describe your table, it sounds like it's impossible to have a row where chooseID = pastID. For each row, either the pastID is set or the chooseID is set. But your query is looking for rows that have both the chooseID and pastID set and are equal. This may or may not work. SELECT ca1.chooseTitle FROM chooseadventure AS ca1 JOIN chooseadventure AS ca2 ON ca1.pastID = ca2.chooseID
  18. You can use auto_prepend_file and auto_append_file in your .htaccess files http://us.php.net/manual/en/ini.core.php#ini.auto-prepend-file
  19. It looks good to me. Very clean and organized. I didn't see any security related issues. Although I don't see the point in storing the password in the $_SESSION variable. The password should only be needed when you do the actual login.
  20. When barand says echo $query, he means print out the query that you generated and see if it is correct. Here are some MySQL/PHP debugging tips that may help you understand what barand meant by 'echo $query': http://www.phpcodinghelp.com/article.php?article=debug#tips_mysql
  21. Just about every time I create froms with PHP, I have the PHP script generate the froms based on data from an array or database. Here is a sample that might work for you: <?php function print_options($values, $selected_value) { $output = ''; foreach($values as $value) { $output .= "<option value='{$value}' "; if ($value == $selected_values)) { $output .= " selected='selected' "; } $output .= ">{$value}</option>\n"; } return $output; } echo '<select class="input" id="gender" name="gender"> '; echo print_options(array('Male', 'Female'), 'Male') echo </select>; ?> Using PHP as a HTML 'template' system can be a real pain. For something like this, use PHP as a scripting language that dynamically generates the data. Remember: If you find youself writing out big lists or redundant code, then you are doing something wrong. Programming should be fun. There is no need to type the same thing over and over again.
  22. No. the 'LIKE' operater is just about the best the MySQL can offer. If you know how to generate a list of different misspelliings you could list them all in the query like this: $sql="SELECT * FROM table_name WHERE field_name LIKE '%$string%' OR " . "field_name LIKE '%$misspelling1%' OR " . "field_name LIKE '%$misspelling2%' OR " . "field_name LIKE '%$misspelling3%' OR " . "field_name LIKE '%$misspelling4%' ";
  23. Yes, I know how to use grep or equivalent file content searching programs, like KFileReplace. I was wondering if there was a regular expression or program that would allow you to search in specific parts of PHP source code like comments, strings, identifiers. I did find a way to do the rebranding. With a couple of different searches, I was able to find ( hopefully ) all references to that name, but I had to manually sort through hundreds of hits in comments and variable/constant identifiers and that is what I was hoping to avoid.
  24. If your $attori variable contains multiple names like you mentioned, you can replace all of the spaces between the names with '%' before using it in the SQL query, so that it would match each word in it rather then the whole string. <?php $attori = str_replace(' ', '%', $attori); ?>
  25. ivanella: Did you try my example? Did it work? Rohan Shenoy: Yes, and it's always good to try everything possible and get everyones ideas. More brains are better then one. Note: If you want to get really, really, really, really, technical, there are 5 indications that the name 'attori' is a PHP variable and none of those 5 indicators appear on the 'link_field6' fieldname. Those find indicators are left and right single quotes, left and right curly brackets and the dollar sign. A SQL field name would not be quoted in a situation like this, would never have the curly brackets or the dollar sign. So if the person writing this code put all of those characters in on one PHP variable that indicated it was a PHP variable, there is a good chance that they would also at least include 1 of those indicators on the 'link_field6' name. Also the word 'field' appears in 'link_field6' which also suggests that could be a SQL field name.
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.