Jump to content

Jenk

Members
  • Posts

    778
  • Joined

  • Last visited

    Never

Posts posted by Jenk

  1. [code]<?php
    $dir = '/path/to/old/dir';
    $handle = opendir($dir);

    while(($file = readdir($handle)) !== false)
    {
        if (preg_match('/' . preg_quote('\/ : * ? " < > |', '/') . '/', $file))
        {
            $path = $dir . DIRECTORY_SEPARATOR . $file;
            if (!in_array($file, array('..', '.')) && is_file($path))
            {
                $contents = file_get_contents($path);
                $newPath = $dir . DIRECTORY_SEPARATOR . preg_replace('/' . preg_quote('\/ : * ? " < > |', '/') . '/', '_', $file);
                if (file_put_contents($newPath, $contents) !== false)
                {
                    $unlink($path); //delete old file only if able to create new
                }
            }
        }
    }
    ?>[/code]
  2. reliance on the user agent string is not bullet proof, because it is of course dependant on the user agent broadcasting it in the first place.

    FireFox allows the user to change their user agent string quite easily for example.

    In other words.. make your site accessible to all browsers.

    Should also use a keyword search rather than standard comparison:
    [code]<?php

    if (stripos('mozilla', $_SERVER['HTTP_USER_AGENT']) === false) {
        die('Get firefox.');
    }

    ?>[/code]
  3. or you can just be sensible and not use the session ID as the key on your basket table.. if the user accidentaly disconnects after adding a large number of items to a cart they are going to be mighty annoyed to find it all lost when they return..
  4. Which template engine you using? (I'm guessing Smarty?)

    Anyway, to get you started..

    [code]<?php
    $queued = mysql_query("SELECT * FROM links WHERE links_status = 'queued'");
    if (!mysql_num_rows($queued)) {
        $quededs_link_html = array();
        while ($row = mysql_fetch_assoc($queued)) {
            $quededs_link_html[] = array(
                    'href' => $row['links_url'],
                    'img' => $row['links_image'],
            );
        }
        $tpl->assign('quededs_link_html', $quededs_link_html);
    }
    ?>[/code]

    and if it is Smarty, your template can now use the following to display the above:

    [code]<table>
        {if isset($links)}
            {section name=link loop=$links}
            <tr><td><a href="{$links[link].href}"><img src="{$links[link].img}"></a></td></tr>
            {/section}
        {else}
        <tr><td width="100%" bgcolor="#FFFFFF" class="style7">There are 0 links waiting in queue</td></tr>
        {/if}
    </table>[/code]

    btw.. don't hardcode HTML into you app.. that's why you are using templates in the first place.
  5. everytime user clicks 'add to basket,' add it to the session data and/or table.

    everytime user clicks 'remove from basket,' remove it from the session data and/or table.

    Baskets are no different from your standard Order tables/pages.
  6. PHP_SELF has vulnerabilities.. use SCRIPT_NAME instead, and to be fully compat, use full URI not just relative:
    [code]<?php

    echo '<form action="http://' . $_SERVER['HTTP_HOST'] . $_SERVER['SCRIPT_NAME'] . '" method="post">';

    ?>[/code]
  7. [quote author=Barand link=topic=106321.msg425561#msg425561 date=1157053325]
    This the approach I had in mind

    [code]
    <?php
    session_start();
    if (isset($_POST['usernum'])) {
        if ($_SESSION['randomnumber']==$_POST['usernum']) {
            unset($_SESSION['randomnumber']);

            session_regenerate_id(true);

            // process form data here
            echo "<p>Number OK<br>Processing</p>";
           
            // redirect to other page
            echo "<p>Redirecting</p>";
            exit;
        }
        else {
            echo "<p>Invalid input</p>";
        }
    }
    else {
        //generate random code
        $_SESSION['randomnumber'] = rand(11111,99999); 

    }


    echo "Enter this number : {$_SESSION['randomnumber']} ";
    ?>
    <FORM method='POST'>
    Code <input type="text" name="usernum" size="5"><br>
    <input type="submit" name="submit" value="Submit">
    </FORM>[/code]
    [/quote]added unset() and session_regenerate_id()

    and simply echoing it is a bad idea.. spam bots can just 'copy and paste' it, which is why most captcha's use images - but I get that the above is just 'pseudo'
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.