chronister

Not trying to criticize here, but in your script your basically saying ... if username is not equal to password, redirect to login.php..... in your experience, when is username and password EVER equal?? In all the login systems I have created, this statement would redirect to the login page EVERY SINGLE TIME... even if the user is legitimately logged in. Is this login system using sessions for the login data? If it uses a session, then you would simply check for the presence of that var. Assuming it is $_SESSION['loggedIn'] as the session var, <?php if(isset($_SESSION['loggedIn'])) { // redirect to allowed page, or let user continue } else { // user is not properly logged in, redirect to login.php header('Location:login.php'); } ?> The code given above is trying to validate the user and ensure the credentials are correct. This is typically done with a database or flat-file database. Your looking for something that works after the validation is done. You need to see if they have been validated yet or not, so you would typically look for a particular session var, or look in a database and see if their session is set there.... depending on how the system is set up. Hope that helps... Nate

Ok, first off we are not going to write *all of* the code for you, however we are more than happy to help you. Your urgency is not our issue. Ok now that the "disclaimers" are out of the way. What do you have thus far? What do you know about coding? Sit down and think about what your going to need. The first step in completing any project is to take the large task and break it down into smaller pieces. Either post the code you have, or come up with a list of the individual pieces that you need to accomplish the task. Show us what you got Nate

Yes this is entirely possible. Your mail server has POP3 access I assume (Don't know of one that does not off hand). You will need to designate one particular mailbox to this, I looked on google and found several things regarding PHP & POP3 access. http://www.google.com/search?q=php+pop3&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a Nate

I like PHPMailer. It is a very simple to use email class that I discovered when trying to do the same thing your doing. I fought for hours trying to get the attachment to send properly, and could not get a non-corrupt attatchment. Within minutes phpMailer was able to do it first shot. Nate

I am not sure about crossing languages, but I am sure it works the same in Dutch as it would in english. strtotime(); is how I would do it. <?php $time = '7 januari 2009'; $timeString = strtotime($time); echo $timeString; ?>

thanks for the help here. I will be adding a flag in the validation array to include strip tags. I am trying to make this as universal as I can, and as such I could see some need to allow tags in the future, however I understand that it needs to be handled with caution and in most cases not needed at all. I found a site about XSS, and was able to trigger a remote .js file through the form, so that tells me right there that I have to deal with that. This particular .js file was just an alert, but next time it could be an ajax call and write the data it can find to a database. But other than that, do you see any other flaws? As I stated, this is my first attempt at a "real" OOP class, and am still learning about how to call things the correct way and such. Does it seem useful to those who have looked over it? Not that I am going to sell it, but would you actually pay for something like this if it were available? As far as sanitizing it for database use, that will be done after the results are returned. I thought about including database functionality to it, but I think it would be easier to get any db results for the form data before it is created, and then do any db inserts after the results are given. Thanks, Nate

Thanks for the reply darkfreaks, what did you use to test this, what page did you test it on, and what exactly is it testing against? The trim & strip tags could be used in several places, however I am trying to limit the class to simply 1. Create Form, 2. Process form 3. Return data as an array where further processing can be done to insert to db, send email, or write to file. I have thought about these functions, but I am not sure where to apply them at and how to trigger them properly to be the most effective. At the very basic of this class, we are simply creating form, checking it against some basic information and returning the data, so I am not sure how applying these in the class will make a difference in it's security. I guess my "vision" for this is those kinds of things get applied after the results array is returned. Does this make sense, or should I add some strip_slashes(), trim() or strip_tags() functions in the actual class?? * I did some testing and found that the strip_tags NEEDS to be there, or at least I need to trigger it when tags are not allowed (which is most always).* Thanks for the help. Nate

Over 120 people have looked at this and no one has an opinion?? Come on folks.... lemme know what you think of it. It works well, but I am wondering if you guys can see anything that could be written better, cleaner or more efficient. I have posted a link to my profile on the index page now to "prove" that it is my site I appreciate any feedback given. Nate

you probably forgot a ; on the line above it. Nate

I have created a class that handles form creation and form processing. It takes the Post data submitted by the generated form and returns an array with data validated against a set of rules. The form that is created is fully css based form that uses ordered lists for the form elements. An optional message area displays a summary of errors at the top of the page. Each form element is created by calling class methods and passing data to it, an array is created to define validation "rules" and the processing is actually called with a 1 line method. I would like you folks to take a look at it and give me your opinion of it. Are there any changes you would suggest? If you go to http://ctsqc.com/formClassExamples/ you will find a test form with all the field types that are currently working. You will also find the source of this form, the source of the main form class file, and a tab that shows the current html of the form. There are several css files, a few images, some js files and a few other PHP files that hold other classes or misc functions that are not shown. This is my first real shot at an OOP class that really does something, so if you have suggestions, please let me know. Submit the form so you get errors and give note the highlighting. The error summary is optional. Thanks Nate

Post your code and we can look at it and see what is going on there. Nate

elaborate more please. What do you mean by a message box? PHP can generate HTML, so thereby you can use PHP to generate an HTML box. What are you looking for? nate

??????? What do you mean no control?? If you loaded popup.js, then it gives you the ability to control the height, width, toolbars, status.... etc.. 'location=no, menubar=no, ' + 'status=no, toolbar=no, scrollbars=no, resizable=no'); I have given you what you need, you simply need to try it for yourself. It opens a new window, centered onscreen and gives you control over the size and window chrome. Don't know what else I can do for ya. Nate

Well, it would be nice if you tried it yourself. The folks here at PHPfreaks, have no problem helping those who try to help themselves, but don't like doing it for them as that does not teach anything. So just for the sake of getting this done, I have done it for you. In the future, please try to do things yourself and when you run into issues ask for help. create pop.js and add it into the head of your file. popup.js <!-- function wopen(url, name, w, h) { // Fudge factors for window decoration space. // In my tests these work well on all platforms & browsers. w += 32; h += 96; wleft = (screen.width - w) / 2; wtop = (screen.height - h) / 2; // IE5 and other old browsers might allow a window that is // partially offscreen or wider than the screen. Fix that. // (Newer browsers fix this for us, but let's be thorough.) if (wleft < 0) { w = screen.width; wleft = 0; } if (wtop < 0) { h = screen.height; wtop = 0; } var win = window.open(url, name, 'width=' + w + ', height=' + h + ', ' + 'left=' + wleft + ', top=' + wtop + ', ' + 'location=no, menubar=no, ' + 'status=no, toolbar=no, scrollbars=no, resizable=no'); // Just in case width and height are ignored win.resizeTo(w, h); // Just in case left and top are ignored win.moveTo(wleft, wtop); win.focus(); } // --> <?php { $href = 'forum_entry.php?id='.$id.'&page='.$page.'&category='.$category.'&order='.$order.'&descasc='.$descasc; if (isset($aname)) { $subnav_1 .= '<a href="'.$href.'" target="popup" class="textlink" onClick="wopen(\''.$href.'\', \'popup\', 300, 200); return false;">'.$lang['back_to_posting_linkname'].'</a>'; } else { $subnav_1 .= '<a href="'.$href.'" class="textlink" >'.$lang['back_linkname'].'</a>'; } } ?> I am assuming that you only wanted this to go on the first link. So try that and see what you get. You may need to adjust the size of the window. Nate

Not java, javascript. They are 2 totally separate things. And you will have to implement the code I gave into your PHP or do you already have code to open in a new window ....etc. Just using _blank as your target will not open in a window that you can manipulate as in removing address bar, status bar, buttons etc. From the code you gave, all I can see as far as the new popup window is the _blank target. Integrating the code I gave should not be too difficult for ya. Nate

Do you truly need them in separate variables? If it is not absolutely needed, then make your life easier and create the date/time string with 1 date() call.

It is good practice to eliminate spaces in any filenames or directory names. there are tooo many issues that arise because of these. I agree with CV, the function is probably stopping at that space and not finding a correct file there. nate

This took all of 10 seconds on google http://www.google.com/search?q=javascript+open+new+window+centered+on+page&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a <html> <head> <script> <!-- function wopen(url, name, w, h) { // Fudge factors for window decoration space. // In my tests these work well on all platforms & browsers. w += 32; h += 96; wleft = (screen.width - w) / 2; wtop = (screen.height - h) / 2; // IE5 and other old browsers might allow a window that is // partially offscreen or wider than the screen. Fix that. // (Newer browsers fix this for us, but let's be thorough.) if (wleft < 0) { w = screen.width; wleft = 0; } if (wtop < 0) { h = screen.height; wtop = 0; } var win = window.open(url, name, 'width=' + w + ', height=' + h + ', ' + 'left=' + wleft + ', top=' + wtop + ', ' + 'location=no, menubar=no, ' + 'status=no, toolbar=no, scrollbars=no, resizable=no'); // Just in case width and height are ignored win.resizeTo(w, h); // Just in case left and top are ignored win.moveTo(wleft, wtop); win.focus(); } // --> </script> </head> <body> <a href="page.html" target="popup" onClick="wopen('page.html', 'popup', 300, 200); return false;"> Click here to open the page in a new window. </a> </body> </html> Nate

does this appear at the very top of the page? You can test it out by calling that function somewhere else, by itself. <?php siteloklogout() ?> If this prints something on screen, then it echos... if it does not print on screen, then it probably returns data. BTW, use code tags when you post code. It is the # button above. Nate

I would bet that if you look into the function siteloklogout() you will find that it echo's something rather than returns it. Here is an example of what I mean. <?php function echoSomething() { echo 'This is echo\'d in the function'; } function returnSomething() { return ' This is returned in the function'; } ?> These 2 functions will do something dramatically different. The first one will echo as soon as it is called. If it is in a file that is included in the header, then it will echo at the very top of the page. The second one will return something so that you can control where it is echo'd or have it set to a variable and echo that later. I would bet that yours is echo'ing and I would also bet it is at the top of the page.... am I right? Nate

Basically, you would run something like this wherever you want the diamond check / reduction to take place. If that is on your index page, then run it there. If it is on the content page.... your script and the logic determines where you want to run this. <?php if(takeDiamond()) { // let the user proceed, they have 1 less diamond now } else { // the user does not have enough diamonds to proceed. } ?> Nate

<?php $conn = mysql_connect("localhost", "root", ""); if (!$conn) { echo "Unable to connect to DB: " . mysql_error(); exit; } if (!mysql_select_db("customer_temp_database")) { echo "Unable to select mydbname: " . mysql_error(); exit; } $firstName = mysql_real_escape_string($_POST[firstname]); $lastName = mysql_real_escape_string($_POST[lastname]); $query = "INSERT INTO customer (firstname, lastname) VALUES ('$firstName','$lastName')"; $result = mysql_query($query); if(mysql_affected_rows() > 0) { echo 'Inserted to database sucessfully'; } ?> Nate

<?php if ($slname == "") { echo "1-800-295-9100"; } else { echo '<a href= "'.siteloklogout().'" class="topmenu"><b>Logout</b></a>'; } ?> You don't "embed" php within itself. You simply have to concatenate properly. Nate

yeah, to do what you want, you will have to put them together with some sort of a string seperator and then use explode() on the processing script to split them up. <select name="option1"><option value="<?php echo $var1.','. $var2; ?>"></option></select> On the processing page.... <?php $splitMe = $_POST['option1']; $vars = explode(',', $splitMe); echo 'var1 = '. $var[0]; echo '<br>'; echo 'var2 = '. $var[1]; ?> Hope that helps. Nate

Then check and ensure that your hostname is actually localhost. I have a paid host and my mysql hostname is something like db4428583.domain.com. The mysql server and web server are apparently not the same machine. But if that was the case, then your or die() clause should be tossing an error at you. I am not sure..... I would suggest making sure that your hostname, username and password for the mysql server are all correct. nate