dj-kenpo

I feel like an idiot answering my own question.

possible part 2. I just answered my own question like a dumbass on my own thread. now I'm back to yours. check out string parse. depending on how the username etc is written on the page you're accessing (you haven't given any details for anyone to go on here) this might work for extracting the data http://ca.php.net/manual/en/function.parse-str.php <?php $str = "first=value&arr[]=foo+bar&arr[]=baz"; parse_str($str); echo $first; // value echo $arr[0]; // foo bar echo $arr[1]; // baz parse_str($str, $output); echo $output['first']; // value echo $output['arr'][0]; // foo bar echo $output['arr'][1]; // baz ?>

ahhh, I see. I just found string parse, so I think that will work. it also seems more secure. do you agree? I think it answers another guys question too... http://ca.php.net/manual/en/function.parse-str.php <?php $str = "first=value&arr[]=foo+bar&arr[]=baz"; parse_str($str); echo $first; // value echo $arr[0]; // foo bar echo $arr[1]; // baz parse_str($str, $output); echo $output['first']; // value echo $output['arr'][0]; // foo bar echo $output['arr'][1]; // baz ?>

why do you not suggest it?

well, curl library is a good start as someone just got me using it on my second last question to this forum. now as to how you will read the specific parts eg username, not sure. but curl will grab the body of text FROM the webpage, then you just need to filter. part 1 anyways

I know this is a weird question, but bear with me. using $Get_string = $_SERVER['QUERY_STRING']; to receive a query string such as month=may&$day=15&year=2006 so that $Get_string = "month=may&$day=15&year=2006" can I separate the values and turn them into variables? (like a normally would with a url get) $month = "may" $day= "15" etc it would be great to just do $_GET on the url but I'm sending the string as a variable to another script... so i can't just go the easy route. hope this question makes sense thanks, cheers!

file_get_contents seemed like a great idea, I'm on dreamhost and got this "URL file-access is disabled in the server configuration" anything else I can do?

no, I need the person to stay in their local directory and not get transfered elsewhere. but it was a good idea. mysite.com/page.php grabs example.com/user_pages/page.php but no one knows it occured. I don't want to have to update the same file 600 times for different members. nor do I want the file space issues. easier to just refrence the same file with a sort of shortcut. make sense? at all...?

ya I've been quietly confused on this as well, for the same reasons, still don't get it though. so it just calls the foo function?

I'd like to include a file but the include command won't work cross server (not on my server anyways) and I just want the rendered html anyways. is there a way that I can grab the html and output? I'd liek to avoid curl as it's a high traffic site and I imagine it eats more cpu. basicly I want to create a file pointer eg page.php <? $Get_string = $_SERVER['QUERY_STRING']; include("example.com/user_pages/page.php?$Get_string"); ?> except obviously the above doesn't work as include hates get variables. any help loved.

instead of attacking the guy why don't you guys think about alternatives to the same end. yes, you can't un-md5 (without 6000 computers) and yes, sorry to say it but you're being annoying by not getting that fact. but there are alternatives. you could create your own simple encrypt function. use string replace and swap soem of your characters. ie a=g b=z etc. you could do something simple that would encrypt your scripts as you wish them to be, for whatever strange reason you need to do this.

hi, so I'm a little lost. in my security script when someone is NOT logged in, I use: header('Location: index.php'); thing is, I would liek to keep track of what page they were ON so once they log in it takes them BACK. ie, user goes to example.com/photos.php gets redirected to login, then after that gets taken BACK to photos. I tried detecting the previous page with both getenv ("HTTP_REFERER"); and $_SERVER['SCRIPT_URI']; which as I discovered don't work with a header. so is there any other way to detect the previous page, or send it via a post or variable when using header()? thanks

is this for a forum? or mail? cookies could also work, and then you don't fill up a database with thousands of lines of backlog from month old posts.... just an idea. I'm going to go that route on a forum I'm building from scratch

I'm really interested in this code as I was ABOUT to start coding a billing system myself, but only part of your code is here, not sure what's in your functions. on a breif scan of it, how are you running it once a day? manually or auto? your table structure isn't here, so I can't really see much. my thinking is that you'd want the members table. then the billing rate, then a sepeate bill tracking table, listing what they've paid, how much, and when the payment was made, this makes the calculations much easier and a snap. is this how you are setup now? or are you using more or less tables?

http refer is acctually the incorrect way to do it now that I looked furthur, as the $server command is limited on many shared hosts (ie, on my dreamhost accoutn it works on one server, not the other...) also, it relies on the clients browser, so it's hit and miss, many browsers don't report it due to security. it's much better to use sessions to supply the previous page url I'll let someone else do the example code for that one tho...

there's a complete basic login script like half way down the page right now from someone else working on one. just read over that one.

anyone? any oppinions?

$ref = $_SERVER['HTTP_REFERER']; if(preg_match('/^(www\.example¦example)\.com/', $ref) ){ //do matched stuff } else{ //do unmatched stuff } assuming your site is example.com then you can check the http refer. if it came from your domain, use it, else ignore, and pass it as they said as a hidden form variable.

you don't convert it back, you convert the submitted one into md5 as well, and then compare the two. if they match, log the user in, if not, deny access

I beleive the correct method is sessions, not cookies. make sure the password goes through md5($password); this is pretty good encrpytion that comes with php. also don't sotre a text or readable version of the users password in your database. it's a big security no no if someone finds a hole in your code and starts listing out data they shouldn't.

I always just use the following and it works fine, but for all I know it's full of security holes. at the top of my page I say //set database host, usually localhost $DBHost = "localhost"; //set datbase user $DBUser = "root"; //set database pass $DBPass = "root"; //set database name $DBName = "test_table"; mysql_connect("$DBHost", "$DBUser", "$DBPass"); mysql_select_db("$DBName"); then I do whatever sql queries, php I need. then I say at the bottom mysql_close() try that

ok, so I have a photo album script. right now I grab the photo by it's table ID. this is messy though as if I grab the second photo in the 4th album, it will really be photo_ID 197, etc. I've thought of a way to just say, get image#2 in album #4 but I'm wondering what you guys think. more and more and more and more sql calls, array if statments etc, it all adds up, does this make sense or seem bloated? //photo album $Count=1; //get image number $pic= $_GET["pic"]; -do an sql call for ALL images in that folder $sql = "SELECT photo_ID FROM photos WHERE Parent_ID=4"; $result = mysql_query($sql); while($row = mysql_fetch_array($result)) { //list out images and count if count = get[image number] then we have the image ID. $photo_ID=$row["photo_ID"]; if ($Count== $pic){ $imaginary_photo_ID = $photo_ID; } $Count++; } it will work, but there's already sql calls for stuff in the header, footer, settings, etc etc etc and it just keeps adding up. can anyone think of eaither a better way of faking the number or a totally different method? storing the fake image number count in the database won't cut it, as photos get deleted or shuffled in order, so that doesn't seem efficient. but maybe it is? maybe doing one intensive edit loop is better than 1000 little ones? cheers!

it wants the function checkIP. you don't seem to have that function there, hence this is incomplete code (unless I'm blind. which I sometimes am). can anyone comment, is storing hits in a textfile MUCH slower than an sql database? I would assume by alot! also, keep in mind, people at offices/colleges many times use shared IP. therefore, if 30 people in an office look at your site and you filter by IP, you will get an very, very incorrect count. it's better to use sessions.

http://ca3.php.net/mail the php mail() function is really easy to use. if you read the manual on it it will answer your question completly + much more. in email there is the header section. you must decide what you want in the header section, and edit accordingly. you can then have the email appear to come from however you like.

anyone?