MadTechie

Solved ? (if so please click topic solved at the bottom)

require_once('../private_folder/user/search_user.php?find_var=$_SESSION['find']'); Why not just use $_SESSION['find'] in search_user.php.. <DUMB CODE ALERT> However.. I think this is a really bad idea and i DO NOT recommend it but.... this should work $_GET['find_var'] = $_SESSION['find']; require_once('../private_folder/user/search_user.php'); </DUMB CODE ALERT>

It's easier when you know.. but i find the things i learnt the hard way i remember Break it down into smaller steps

I don't dislike array_map, I don't like the way its used. when people try to create a global function to sanitize all their in 1 hit, without taking into account what data is being passed it normally means they are not paying the right amount of attention to security..

Personally (and don't take this the wrong way) I would change strlen($_POST['username']) to !empty($_POST['username']) also a dislike using array_map to sanitize input fields on a global scale.

Welcome Solved ? (we have a button to mark it as solved if it is)

@RussellReal, and your do that on every page ?

can you post an example if your new array, as i'm not sure what you mean *just do a var_dump($contacts);

well you have set CURLOPT_POST but passed nothing to post! (no CURLOPT_POSTFIELDS) EDIT: example <?php $curl = curl_init(); curl_setopt($curl, CURLOPT_URL,"http://localhost/posttest.php"); curl_setopt($curl, CURLOPT_POST, true); curl_setopt($curl, CURLOPT_POSTFIELDS, "Hello=World&Foo=Bar&PHP=Freak"); curl_exec ($curl); curl_close ($curl); ?>

something like this <?php function check_auth() { session_start(); //if auth is not set or 0 then goto login.php if(empty($_SESSION['auth'])) { header("location login.php"); exit(); } } ?>

It really depends how your servers setup, you could do it via php + .htaccess if you wanted it more dynamic but for control I use apache (*vhost) *apache restart required

Nope.. won't work all your end up with is some cut up cables and less free time

Client Side = Javascript your want to have JS detect the keypress and pass that via a parameter ie "post.php?key="+keypressed then in PHP pick up that value *moving to JS section*

update FROM player p to FROM players p

No PHP loads before JavaScript, hence you need to reload the page while passing the value via GET.. IMO: I would have a onchange in the textarea that saves the this.value to a cookie, you could fire off a ajax request but its simpler to just use a cooke, you could then set the value of the textarea to the cookies value, or if you really wanted you could have PHP save it to a session but i don't really see the point.

oow custom tags per member, [ot] = [size=1][color=#666666] would be nice but I think its going to be more work than gain. but in all I like the idea Strange Fact!: There is a law on the books of Detroit, Michigan that states that "Alligators may not be tied to fire hydrants."

One more note.. when someone writes a routine like that to bolt the door shut.. they normally forget about the windows, remember securing the password so it can't be reversed isn't the start & end of security.. someone may not be-able to reverse the password back but they could just overwrite it..

No, but they couldn't technically hack md5("balls"); either.. before this debate starts all over.. please read What is the point of MD5? EDIT: side note: why not just use SHA-256 with two salt's

Should be simple, *untested or proof read* update form <form method="POST" action=""> <?php include ('testconfig.php'); $result = mysql_query("SELECT * FROM photo ORDER BY rank ASC") or die("Bad query: " . mysql_error()); while ($row = mysql_fetch_array($result)) { ?> <input type="text" name="id" size="2" value="<?php print $row['id']; ?>"> <input type="text" name="rank" size="2" value="<?php print $row['rank']; ?>"> <input type="text" name="description" size="" value="<?php print $row['description']; ?>"> <?php echo "<img src=\"" . $row['tn_src'] . "\"/>"; echo " <a href=delete1.php?id={$row['id']}>Delete</a><br>"; } // END WHILE ?> <input type="submit" value="Update" name="Update"> </form> to <?php include ('testconfig.php'); $result = mysql_query("SELECT * FROM photo ORDER BY rank ASC") or die("Bad query: " . mysql_error()); while ($row = mysql_fetch_array($result)) { ?> <input type="text" name="rank[<?php print $row['id']; ?>]" size="2" value="<?php print $row['rank']; ?>"> <input type="text" name="description[<?php print $row['id']; ?>]" size="" value="<?php print $row['description']; ?>"> <?php echo "<img src=\"" . $row['tn_src'] . "\"/>"; echo " <a href=delete1.php?id={$row['id']}>Delete</a><br>"; } // END WHILE ?> <input type="submit" value="Update" name="Update"> </form> and add loop if (isset($_POST['Update'])) { $sql1 = "UPDATE photo SET rank='$rank', description='$description' WHERE id=$id"; $result1 = mysql_query($sql1) or die(mysql_error()); if ($result1) { header("location:index.php"); } } to if (isset($_POST['Update'])) { foreach($_POST['description'] as $id => $description){ $rank = $_POST['rank'][$id]; $sql1 = "UPDATE photo SET rank='$rank', description='$description' WHERE id=$id"; $result1 = mysql_query($sql1) or die(mysql_error()); if ($result1) { header("location:index.php"); } } }

What problem? Oh the problem you created in your second to last post! the one that also had the sql problem, that you asked how to fix the SQL problem..

Just move the if ($errors == 0) in side previous if block imagedestroy($tmp1); } } } //If no errors registred, print the success message if ($errors == 0) { $q = "INSERT into photo(description, src, tn_src) VALUES('$description', '$filename', '$filename1')"; //$mysqli = new MySQLi($db_server, $db_user, $db_pass, $db_name) or die(mysqli_error()); //$result = $mysqli->query($q) or die(mysqli_error($mysqli)); $result = mysql_query($q) or die(mysql_error()); if ($result) { $change = '<div class="msgdiv">Image Uploaded Successfully!</div>'; } } ?> to imagedestroy($tmp1); } } //If no errors registred, print the success message if ($errors == 0) { $q = "INSERT into photo(description, src, tn_src) VALUES('$description', '$filename', '$filename1')"; //$mysqli = new MySQLi($db_server, $db_user, $db_pass, $db_name) or die(mysqli_error()); //$result = $mysqli->query($q) or die(mysqli_error($mysqli)); $result = mysql_query($q) or die(mysql_error()); if ($result) { $change = '<div class="msgdiv">Image Uploaded Successfully!</div>'; } } } ?>

okay, different test try this.. <?php error_reporting(E_ALL); include('connect.php'); $bid = $_GET['bid']; $imageS = "SELECT * FROM phpblob WHERE id = '$bid'"; $imageQ = mysql_query($imageS); $imageD = mysql_fetch_object($imageQ); header("Content-type: image/jpeg"); readfile('path/to/image/test.jpg'); //<----------UPDATE //print "$imageD->bbblob"; //comment out ?> Now that should work.. if it doesn't comment out all lines except <?php error_reporting(E_ALL); header("Content-type: image/jpeg"); readfile('path/to/image/test.jpg'); //<----------UPDATE ?> that has to work.. if it doesn't the image path is wrong (removing the header will show the error).. (fix and re-test)

I removed some pointless code (loading MySqlI) and moved some parts around, turned on error reporting, try that if it fails you should get a useful error.. <?php error_reporting(E_ALL); // It double checks to see if I'm logged in require_once 'sources/login/classes/Membership.php'; $membership = New Membership(); $membership->confirm_Member(); $db_name = "trek_trek"; $db_server = "localhost"; $db_user = "trek_user"; $db_pass = "intergreen"; $change = ""; $abc = ""; define("MAX_SIZE", "400"); $errors = 0; $rank = $_POST['rank']; $description = $_POST['description']; $id = $_POST['id']; // Check if button name "Submit" is active, do this if (isset($_POST['Update'])) { $sql1 = "UPDATE photo SET rank='$rank', description='$description' WHERE id=$id"; $result1 = mysql_query($sql1) or die(mysql_error()); if ($result1) { header("location:index1.php"); } } if (isset($_POST['Upload'])) { $image = $_FILES["file"]["name"]; $uploadedfile = $_FILES['file']['tmp_name']; if ($image) { $filename = stripslashes($_FILES['file']['name']); $extension = getExtension($filename); $extension = strtolower($extension); if (($extension != "jpg") && ($extension != "jpeg") && ($extension != "png") && ($extension != "gif")) { $change = '<div class="msgdiv">Unknown Image extension </div> '; $errors = 1; } else { $size = filesize($_FILES['file']['tmp_name']); if ($size > MAX_SIZE * 1024) { $change = '<div class="msgdiv">You have exceeded the size limit!</div> '; $errors = 1; } if ($extension == "jpg" || $extension == "jpeg") { $uploadedfile = $_FILES['file']['tmp_name']; $src = imagecreatefromjpeg($uploadedfile); } else if ($extension == "png") { $uploadedfile = $_FILES['file']['tmp_name']; $src = imagecreatefrompng($uploadedfile); } else { $src = imagecreatefromgif($uploadedfile); } list ($width, $height) = getimagesize($uploadedfile); $newwidth = 600; $newheight = ($height / $width) * $newwidth; $tmp = imagecreatetruecolor($newwidth, $newheight); $newwidth1 = 200; $newheight1 = ($height / $width) * $newwidth1; $tmp1 = imagecreatetruecolor($newwidth1, $newheight1); imagecopyresampled($tmp, $src, 0, 0, 0, 0, $newwidth, $newheight, $width, $height); imagecopyresampled($tmp1, $src, 0, 0, 0, 0, $newwidth1, $newheight1, $width, $height); $filename = "uploads/" . $_FILES['file']['name']; $filename1 = "uploads/tn/" . $_FILES['file']['name']; imagejpeg($tmp, $filename, 100); imagejpeg($tmp1, $filename1, 100); imagedestroy($src); imagedestroy($tmp); imagedestroy($tmp1); } } } //If no errors registred, print the success message if ($errors == 0) { $q = "INSERT into photo(description, src, tn_src) VALUES('$description', '$filename', '$filename1')"; //$mysqli = new MySQLi($db_server, $db_user, $db_pass, $db_name) or die(mysqli_error()); //$result = $mysqli->query($q) or die(mysqli_error($mysqli)); $result = mysql_query($q) or die(mysql_error()); if ($result) { $change = '<div class="msgdiv">Image Uploaded Successfully!</div>'; } } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <title>Admin Page</title> <link rel="stylesheet" href="sources/styles.css" type="text/css" /> <link rel="stylesheet" href="admin.css" type="text/css" /> </head> <body> <div id="container"> <div id="header"> <h1>Admin page</h1> </div> <div id="content"> <div id="page"> <?php echo $change; ?> <table width="502" cellpadding="0" cellspacing="0" id="main"> <tbody> <tr> <td width="500" height="238" valign="top" id="main_right"> <div id="posts"> <form method="post" action="" enctype="multipart/form-data" name="form1"> <table width="500" border="0" align="center" cellpadding="0" cellspacing="0"> <tr> <Td style="height: 25px"> </Td> </tr> <tr> <td width="150"> <div align="right" class="titles">Picture :</div> </td> <td width="350" align="left"> <div align="left"><input size="25" name="file" type="file" style="font-family: Verdana; font-size: 10pt" class="box" /></div> </td> </tr> <tr> <Td></Td> <Td valign="top" height="35px" class="help">Image maximum size <b>400 </b>kb</span></Td> </tr> <tr> <Td></Td> <Td valign="top" height="35px"><label for="description">Description</label><br /> <input type="text" name="description" value="" /><br /> </Td> </tr> <tr> <Td></Td> <Td valign="top" height="35px"><input type="submit" id="mybut" value="Upload" name="Upload" /></Td> </tr> <tr> <td width="200"> </td> <td width="200"> <table width="200" border="0" cellspacing="0" cellpadding="0"> <tr> <td width="200" align="center"> <div align="left"></div> </td> <td width="100"> </td> </tr> </table> </td> </tr> </table> </form> </div> </td> </tr> </tbody> </table> <form method="POST" action=""> <?php include ('testconfig.php'); $result = mysql_query("SELECT * FROM photo ORDER BY rank ASC") or die("Bad query: " . mysql_error()); while ($row = mysql_fetch_array($result)) { ?> <input type="text" name="id" size="2" value="<?php print $row['id']; ?>"> <input type="text" name="rank" size="2" value="<?php print $row['rank']; ?>"> <input type="text" name="description" size="" value="<?php print $row['description']; ?>"> <?php echo "<img src=\"" . $row['tn_src'] . "\"/>"; echo " <a href=delete1.php?id={$row['id']}>Delete</a><br>"; } // END WHILE ?> <input type="submit" value="Update" name="Update"> </form> </div>1.0 <?php function getExtension ($str) { $i = strrpos($str, "."); if (! $i) { return ""; } $l = strlen($str) - $i; $ext = substr($str,$i+1,$l); return $ext; } ?>

Common mistake with cPanel is the database name and username have an account name prefix.. ie My account is MadTechie, I create a database called 'jobs', I then create a User called 'Techie' password '123' then I assign him to the jobs database (full access) I assume thats where your at now.. now to connect Now my database name is 'MadTechie_jobs', username is 'MadTechie_Techie', password is '123'

Well that's a valid (start of) JPEG, and this appears when you load up BLOB.PHP it would seam like the header isn't being called header('Content-Type: image/jpeg'); Is that the full code ? I don't get how your getting the raw data, with a header used.. you wouldn't get an image but you wouldn't get the data.. theirs some detail missing!