scottybwoy
-
Posts
532 -
Joined
-
Last visited
Never
Posts posted by scottybwoy
-
-
OK, here is my autorise function :
[code]
<?php
function authorise($user)
{
echo $user;
if ($user = TRUE)
{
$stmnt = "SELECT USER_ID FROM users WHERE uNAME = $user";
$result = mssql_query($stmnt);
if ($result != TRUE)
{
echo "You are not entered in the Database, please see the Administrator";
exit;
} else {
$success = TRUE;
}
} else {
$success = FALSE;
return $success;
}
}
?>
[/code]
Is there a better way of writing it? What I want it to do is get the user to report to admin f they are not already in the database and if they are already in the database just go passed the original function to load the page. Thanks -
Another quicky for the day, what is this not doing in this function :
if (! $this->authorise($user))
does it mean that if the user is not autorised (depending on the function authorise) what happens if there is not yet a value for $user?
Thanks -
couldn't you use post? Or put it in a class and use exteds on the following pages.
And while were here, what's case? looked it up in the man, just came up with cos isn't really the same? -
Thanx for the quick reply
-
If you include_once in a script, does the parent script pause whilst reading the script in the included script like explained below?
[code]
<?php
require_once "home.conf.php";
require_once $INTRANET_USER_CLASS;
require_once $DEBUGGER_CLASS;
?>
[/code]
then say in home.conf.php it has more includes/requires
require_once( $CLASSES . '/config.inc.php');
does it do the same? Cheers in advance ;) -
Hi Yeah, thats correct, although I really wanted to know if this is a secure way of doing it really as there is no real login so to speak. There is of course but it is done in the background, via the usernames within the network. We're using Win 2k also. So when a user logs into any machine (Windows Authentication), there user name is grabbed when index.php is executed then compared against the names in the database, if it's there let them to the home page, if not tell them to contact the administrator to set up an account for them. Just wondered if people could easily hack it if the computers were turned off at nite, and the users were logged in most of the day only allowing 1 session at a time for each user?
-
Didn't really know if I should put this here, but it does have a little to do with PHP, so here goes.
I'm developing an InTRanet system for my company, which runs Win2k throughout. My login script works from active users on the server. These users must be entered into the database before they can logon and are only allowed one session at a time. So when they are at work it should be fine, yeah? But when they are at home and their computers are off. Is the information safe? Only 3 users will have access to delete records, and only one directory has execution rights, containing just two files.
Thanks in advance -
Great thanks for clearing that up
-
example :
var $myTextColor = 'red';
is var depreciated and is it even needed? Can it be used like so :
$myTextColor = 'red';
Thanks -
*PROBE* Anyone know haow to help me on this one ?
-
I have this function :
[code]
<?php
if (! empty($pref['autotip']) && $pref['autotip']==1) {
$template->set_var('TIP_STATUS1', 'checked');
} else {
$template->set_var('TIP_STATUS1', '');
}
if (! empty($pref['autotip']) && $pref['autotip']==0) {
$template->set_var('TIP_STATUS2', 'checked');
} else {
$template->set_var('TIP_STATUS2', '');
}
$template->set_var('PREF_MNGR', $PREF_MNGR);
if (isset($this->update) && $this->update)
{
$template->set_var('UPDATE_MSG',
$this->getMessage('PREFERENCES_UPDATED')
);
}
else $template->set_var('UPDATE_MSG', '');
$themeTemplate->set_var('CONTENT_BLOCK',
$template->parse('mblock', 'mainBlock'));
$template->parse('contentBlock', 'fh1');
$themeTemplate->parse('cnblock', 'contentBlock');
$themeTemplate->parse('mmblock', 'mmainBlock');
$themeTemplate->pparse('output', 'fh');
}
?>
[/code]
And I want 'autotip' to always == 1 for 'TIP_STATUS1' i.e $template->set_var('TIP_STATUS1', 'checked');
So it will not have to get info from the form.
And I always want it to be like that so it never really needs to be updated. And if it never really needs to be updated it won't need to be stored in the database.
So could someone help me re-write this please. Many Thanks -
OK thanks
-
One more thing, if I pass a variable to a class like this :
$user_dbi = new DBI($USER_DB_URL);
will user_dbi end up the outcome of $USER_DB_URL being passed through the whole DBI Class? -
That's great, thanks Jenk for clearing that one up.
-
If your looking how to select multiple items in one selection box, then I do not know how to do it, without having multiple submit or select boxes, very messy? Also are you getting your options from a database or are they static?
-
So in the bottom one, $bar could change throughout the execution of the script however the static one will remain the same?
-
Are you using a radio buttins as a means of selection or what? You could put the results in an array and use implode.
-
Hi,
Say I have a class called foo. Foo has a number of functions in it. Then say I create a new instance of Foo
and pass a parameter to it like so :
$Foofoo = new Foo($bar)
Will the parameter of $bar embed itself into every instance of $bar in the Class so that whenever it is called via other $variables or Functions, it will use $bar when needed?
-
You might be able to do something like
$mypage = $_SERVER['HTTP_REFERER']
IF ($mypage = !NULL) {
// Show Content
} else {
header("Location: index.php");
}
surely you can put your <IFRAME> in the show content bit, hope that helps -
OK thanks for the info.
-
I'm using OOP with php 5.1.4 and keep running into page cannot be found error.
The trouble is I'm not sure which page either. I had a login page which is bypassed as a session is created so I'll skip that. Then the user should be passed back to home.php as follows :
[code]
<?php
class IntranetUserHomeApp extends PHPApplication {
function run()
{
if (! $this->authorize($this->getSessionField('SESSION_USERNAME')))
{
$this->alert('UNAUTHORIZED_ACCESS');
}
$this->uid = $this->getUID();
// At this point user is authorized
$this->displayHome();
}
function authorize()
{
return TRUE;
}
function displayHome()
{
global $HOME_MNGR;
global $HOME_TEMPLATE;
global $INTRANET_DIR;
global $REL_TEMPLATE_DIR;
$Template = Template($HOME_TEMPLATE_DIR);
$photoFile = sprintf("%s/photo%003d.jpg",$PHOTO_DIR, $this->getUID());
$photo = file_exists($photoFile) ? sprintf("%s/photo%003d.jpg",$REL_PHOTO_DIR,$this->getUID()) : sprintf("%s/%s",$REL_PHOTO_DIR,$DEFAULT_PHOTO);
$themeTemplate->set_var('TEMPLATE_DIR', $REL_TEMPLATE_DIR);
$themeTemplate->set_var('LEFT_NAVIGATION', $this->themeObj->getLeftNavigation($THEME_TEMPLATE_DIR . '/' . dirname($THEME_TEMPLATE[$this->theme])));
$template = new Template($this->getTemplateDir());
$template->set_file('fh1', $HOME_TEMPLATE);
$template->set_block('fh1', 'mainBlock', 'mblock');
$template->set_block('mainBlock', 'navigation', 'mblock');
$now = time();
$template->set_var(array(
'NAME' => $this->getName(),
'CURRENT_DATE' => date('l M d Y', $now),
'HOME_MNGR' => $HOME_MNGR
)
);
global $LD_CATEGORY_NAV_DIR, $LD_CATEGORY_NAV_OUTFILE;
$fp = fopen($LD_CATEGORY_NAV_DIR.'/'.$LD_CATEGORY_NAV_OUTFILE, "rb");
$contents = fread ($fp, filesize ($LD_CATEGORY_NAV_DIR.'/'.$LD_CATEGORY_NAV_OUTFILE));
$template->set_var('LD_NAV', $contents);
global $USER_DB_URL;
$user_dbi = new DBI($USER_DB_URL);
$thisUser = new IntranetUser($this->dbi, $this->uid);
$pref = $thisUser->getPreferences($this->uid);
session_register('SESSION_AUTO_TIP_SHOWN');
if (!empty($pref['autotip']) && !($this->getSessionField('SESSION_AUTO_TIP_SHOWN')))
{
$this->debug("Show tip window");
$_SESSION["SESSION_AUTO_TIP_SHOWN"] = 1;
$template->set_var('JS_TIP_SCRIPT', $this->popAutoTip());
} else {
$template->set_var('JS_TIP_SCRIPT', null);
}
$themeTemplate->set_var('SERVER_NAME', $this->get_server());
$themeTemplate->set_var('BASE_HREF', $REL_TEMPLATE_DIR);
$template->set_var('USER_NAME', ucfirst($thisUser->getName()));
$themeTemplate->set_var('CONTENT_BLOCK', $template->parse('mblock', 'mainBlock'));
$themeTemplate->parse('cnblock', 'contentBlock');
$themeTemplate->parse('mmblock', 'mmainBlock');
$themeTemplate->pparse('output', 'fh');
}
function unhtmlentities($string)
{
$trans_tbl = get_html_translation_table (HTML_ENTITIES);
$trans_tbl = array_flip ($trans_tbl);
return strtr ($string, $trans_tbl);
}
}
?>
[/code]
The functions used in DisplayHome() are set in this file called templates.inc :
[code]
<?php
class Template {
var $classname = "Template";
/* if set, echo assignments */
var $debug = false;
/* $file[handle] = "filename"; */
var $file = array();
/* relative filenames are relative to this pathname */
var $root = "/templates";
/* $varkeys[key] = "key"; $varvals[key] = "value"; */
var $varkeys = array();
var $varvals = array();
/* "remove" => remove undefined variables
* "comment" => replace undefined variables with comments
* "keep" => keep undefined variables
*/
var $unknowns = "comment";
/* "yes" => halt, "report" => report error, continue, "no" => ignore error quietly */
var $halt_on_error = "yes";
/* last error message is retained here */
var $last_error = "";
/***************************************************************************/
/* public: Constructor.
* root: template directory.
* unknowns: how to handle unknown variables.
*/
function Template($root = "/templates", $unknowns = "comment") {
$this->set_root($root);
$this->set_unknowns($unknowns);
}
/* public: setroot(pathname $root)
* root: new template directory.
*/
function set_root($root) {
if (!is_dir($root)) {
$this->halt("set_root: $root is not a directory.");
return false;
}
$this->root = $root;
return true;
}
/* public: set_unknowns(enum $unknowns)
* unknowns: "remove", "comment", "keep"
*
*/
function set_unknowns($unknowns = "keep") {
$this->unknowns = $unknowns;
}
/* public: set_file(array $filelist)
* filelist: array of handle, filename pairs.
*
* public: set_file(string $handle, string $filename)
* handle: handle for a filename,
* filename: name of template file
*/
function set_file($handle, $filename = "") {
if (!is_array($handle)) {
if ($filename == "") {
$this->halt("set_file: For handle $handle filename is empty.");
return false;
}
$this->file[$handle] = $this->filename($filename);
} else {
reset($handle);
while(list($h, $f) = each($handle)) {
$this->file[$h] = $this->filename($f);
}
}
}
/* public: set_block(string $parent, string $handle, string $name = "")
* extract the template $handle from $parent,
* place variable {$name} instead.
*/
function set_block($parent, $handle, $name = "") {
if (!$this->loadfile($parent)) {
$this->halt("subst: unable to load $parent.");
return false;
}
if ($name == "")
$name = $handle;
$str = $this->get_var($parent);
$reg = "/<!--\s+BEGIN $handle\s+-->(.*)\n\s*<!--\s+END $handle\s+-->/sm";
preg_match_all($reg, $str, $m);
$str = preg_replace($reg, "{" . "$name}", $str);
$this->set_var($handle, $m[1][0]);
$this->set_var($parent, $str);
}
/* public: set_var(array $values)
* values: array of variable name, value pairs.
*
* public: set_var(string $varname, string $value)
* varname: name of a variable that is to be defined
* value: value of that variable
*/
function set_var($varname, $value = "") {
if (!is_array($varname)) {
if (!empty($varname))
if ($this->debug) print "scalar: set *$varname* to *$value*<br>\n";
$this->varkeys[$varname] = "/".$this->varname($varname)."/";
$this->varvals[$varname] = $value;
} else {
reset($varname);
while(list($k, $v) = each($varname)) {
if (!empty($k))
if ($this->debug) print "array: set *$k* to *$v*<br>\n";
$this->varkeys[$k] = "/".$this->varname($k)."/";
$this->varvals[$k] = $v;
}
}
}
/* public: subst(string $handle)
* handle: handle of template where variables are to be substituted.
*/
function subst($handle) {
if (!$this->loadfile($handle)) {
$this->halt("subst: unable to load $handle.");
return false;
}
$str = $this->get_var($handle);
$str = @preg_replace($this->varkeys, $this->varvals, $str);
return $str;
}
/* public: psubst(string $handle)
* handle: handle of template where variables are to be substituted.
*/
function psubst($handle) {
print $this->subst($handle);
return false;
}
/* public: parse(string $target, string $handle, boolean append)
* public: parse(string $target, array $handle, boolean append)
* target: handle of variable to generate
* handle: handle of template to substitute
* append: append to target handle
*/
function parse($target, $handle, $append = false) {
if (!is_array($handle)) {
$str = $this->subst($handle);
if ($append) {
$this->set_var($target, $this->get_var($target) . $str);
} else {
$this->set_var($target, $str);
}
} else {
reset($handle);
while(list($i, $h) = each($handle)) {
$str = $this->subst($h);
$this->set_var($target, $str);
}
}
return $str;
}
function pparse($target, $handle, $append = false) {
print $this->parse($target, $handle, $append);
return false;
}
/* public: get_vars()
*/
function get_vars() {
reset($this->varkeys);
while(list($k, $v) = each($this->varkeys)) {
$result[$k] = $this->varvals[$k];
}
return $result;
}
/* public: get_var(string varname)
* varname: name of variable.
*
* public: get_var(array varname)
* varname: array of variable names
*/
function get_var($varname) {
if (!is_array($varname)) {
return $this->varvals[$varname];
} else {
reset($varname);
while(list($k, $v) = each($varname)) {
$result[$k] = $this->varvals[$k];
}
return $result;
}
}
/* public: get_undefined($handle)
* handle: handle of a template.
*/
function get_undefined($handle) {
if (!$this->loadfile($handle)) {
$this->halt("get_undefined: unable to load $handle.");
return false;
}
preg_match_all("/\{([^}]+)\}/", $this->get_var($handle), $m);
$m = $m[1];
if (!is_array($m))
return false;
reset($m);
while(list($k, $v) = each($m)) {
if (!isset($this->varkeys[$v]))
$result[$v] = $v;
}
if (count($result))
return $result;
else
return false;
}
/* public: finish(string $str)
* str: string to finish.
*/
function finish($str) {
switch ($this->unknowns) {
case "keep":
break;
case "remove":
$str = preg_replace('/{[^ \t\r\n}]+}/', "", $str);
break;
case "comment":
$str = preg_replace('/{([^ \t\r\n}]+)}/', "<!-- Template $handle: Variable \\1 undefined -->", $str);
break;
}
return $str;
}
/* public: p(string $varname)
* varname: name of variable to print.
*/
function p($varname) {
print $this->finish($this->get_var($varname));
}
function get($varname) {
return $this->finish($this->get_var($varname));
}
/***************************************************************************/
/* private: filename($filename)
* filename: name to be completed.
*/
function filename($filename) {
if (substr($filename, 0, 1) != "/") {
$filename = $this->root."/".$filename;
}
if (!file_exists($filename))
$this->halt("filename: file $filename does not exist.");
return $filename;
}
/* private: varname($varname)
* varname: name of a replacement variable to be protected.
*/
function varname($varname) {
return preg_quote("{".$varname."}");
}
/* private: loadfile(string $handle)
* handle: load file defined by handle, if it is not loaded yet.
*/
function loadfile($handle) {
if (isset($this->varkeys[$handle]) and !empty($this->varvals[$handle]))
return true;
if (!isset($this->file[$handle])) {
$this->halt("loadfile: $handle is not a valid handle.");
return false;
}
$filename = $this->file[$handle];
$str = implode("", @file($filename));
if (empty($str)) {
$this->halt("loadfile: While loading $handle, $filename does not exist or is empty.");
return false;
}
$this->set_var($handle, $str);
return true;
}
/***************************************************************************/
/* public: halt(string $msg)
* msg: error message to show.
*/
function halt($msg) {
$this->last_error = $msg;
if ($this->halt_on_error != "no")
$this->haltmsg($msg);
if ($this->halt_on_error == "yes")
die("<b>Halted.</b>");
return false;
}
/* public, override: haltmsg($msg)
* msg: error message to show.
*/
function haltmsg($msg) {
printf("<b>Template Error:</b> %s<br>\n", $msg);
}
}
?>
[/code]
All my templates are in one folder called templates ;) and the constants are defined in this file here called constants.php :
[code]
<?php
$APPLICATION_CLASS = 'class.PHPApplication.php';
$ERROR_HANDLER_CLASS = 'class.ErrorHandler.php';
$AUTHENTICATION_CLASS = 'class.Authentication.php';
// $DBI_CLASS = 'class.DBI.php';
$DEBUGGER_CLASS = 'class.Debugger.php';
$USER_CLASS = 'class.User.php';
$THEME_CLASS = 'class.Theme.php';
$THEME_TEMPLATE_CLASS = 'class.ThemeTemplate.php';
$ACL_CLASS = 'class.ACL.php';
$TEMPLATE_CLASS = 'template.inc';
$TRUE = 1;
$FALSE = 0;
$ON = 1;
$OFF = 0;
$SUCCESS = 1;
$WWW_NEWLINE = '<BR>';
$NEWLINE = "\r\n";
$TABLE_DOES_NOT_EXIST = 1;
$TABLE_UNKNOWN_ERROR = 666;
define('LOGIN', 1);
define('LOGOUT', 2);
?>
[/code]
and my include path is as follows from config.inc.php :
[code]
<?php
$ROOT_PATH = $_SERVER['DOCUMENT_ROOT'];
$INTRANET_DIR = $ROOT_PATH . '/database';
$SCRIPTS = $INTRANET_DIR . '/scripts';
$CLASSES = $INTRANET_DIR . '/classes';
$FORGOTTEN_PASSWORD_APP = $SCRIPTS . '/user_mngr/forgotten_pwd.php';
$PHPLIB_DIR = $INTRANET_DIR . '/library/php';
$PATH = $PEAR_DIR . ';' . $PHPLIB_DIR . ';' . $CLASSES;
ini_set( 'include_path', ';' . $PATH . ';' . ini_get('include_path'));
$TEMPLATE_DIR = $INTRANET_DIR . '/templates';
$THEME_TEMPLATE_DIR = $INTRANET_DIR . '/templates/themes';
?>
[/code]
Before it was showing the login.html under url of /database/scripts/home/home.php Which is what it should be doing, however now it should just display home.html and bypass the login and redirect to home after creating the session. I know that it has created the session as I can check in the database so I don't know now where it is failing. Can anyboby see where this is happening?
Sorry it's a bit of a long one. -
Jenk I only have one connection, but what do you mean by namespace? My directory structure is like so :
|
+-Database
| +-Classes
| | | // lib.session_handler.php is in here
| | | // All my classes
| +-httpd
| | +-images
| | +-index.php
| | +-styles.css
| +-library
| | +-PEAR
| | +-php
| +-scripts
| | +-login
| | +-home
| | +-customers
| | +- // You get the idea
| +-Templates
| | | // All my templates -
Cheers Jenk thats great, I think it's sorted now. Will I ba able to specify $SESS_LINK for other queries to connect to that database, outside of this file?
-
Ok, Now this is my lib.session_handler.php
[code]
<?php
require_once('constants.php');
$DEBUG = 0;
$SESS_LIFE = get_cfg_var("session.gc_maxlifetime");
function sess_open($save_path, $session_name) {
global $SESS_LINK;
if ($SESS_LINK = mssql_connect('localhost', 'user', 'pass')) {
return mssql_select_db('mri_sql');
} else {
return false;
}
}
function sess_close() {
return true;
}
function sess_read($key) {
global $DEBUG, $SESS_LIFE, $SESS_LINK;
$statement = "SELECT * FROM sessions WHERE sesskey = '$key' AND expiry > '" . time() . "'";
$result = mssql_query($statement);
echo "<br />" . msql_error() . "<br />\n";
if ($DEBUG) echo "sess_read: $statement <br>result: $result<br>";
if ($result) {
$row = mssql_fetch_assoc($result);
return $row['value'];
}
return false;
}
function sess_write($key, $val) {
global $SESS_LIFE, $SESS_LINK;
$expiry = time() + $SESS_LIFE;
$value = addslashes($val);
$statement = "INSERT INTO sessions VALUES ('$key', $expiry, '$value')";
mssql_query($statement) or die ('Query failed.'); // this is line 45
if ($DEBUG) echo "sess_write: $statement <br>result: $result<br>";
if (! $result) {
$statement = "UPDATE sessions SET expiry = $expiry, value = '$value' " .
"WHERE sesskey = '$key' AND expiry > " . time();
mssql_query($statement) or die ('Query failed.');
}
return $result;
}
function sess_destroy($key) {
global $SESS_LINK;
$statement = "DELETE FROM sessions WHERE sesskey = '$key'";
$result = mssql_query($statement);
if ($DEBUG) echo "sess_destroy: $statement <br>result: $result<br>";
return $result;
}
function sess_gc($maxlifetime) {
global $SESS_LINK;
$statement = "DELETE FROM sessions WHERE expiry < " . time();
$qid = mssql_query($statement);
if ($DEBUG) echo "sess_gc: $statement <br>result: $result<br>";
return 1;
}
session_set_save_handler(
"sess_open",
"sess_close",
"sess_read",
"sess_write",
"sess_destroy",
"sess_gc");
?>
[/code]
Now it gets past sess_read and displays the same error for line 45 sess_write function :
Query failed.PHP Warning: mssql_query() [function.mssql-query]: message: Invalid object name 'sessions'. (severity 16) in C:\Inetpub\wwwroot\database\classes\lib.session_handler.php on line 45 PHP Warning: mssql_query() [function.mssql-query]: Query failed in C:\Inetpub\wwwroot\database\classes\lib.session_handler.php on line 45
Why would this be if it worked on the one above? Thanks for your help
not really understanding this not!
in PHP Coding Help
Posted