Jump to content

Lamez

Members
  • Posts

    1,686
  • Joined

  • Last visited

    Never

Posts posted by Lamez

  1. Okay before I continue any further, what do you think of this current design. It is not complete, but before I put a lot of time and effort into it I want to make sure it is worth finishing.

     

    http://phchurch.net/index.html

     

    If it looks like a good idea so far, the content and right box will need color\graphics, do something with the navigation and change the header and footer to different color\gradient\graphic.

     

  2. I am trying to optimize my website for speed as much as possible. However it is heavily database driven. Are there any ways to speed up each page request?

     

    Also I am closing each MySql connection after every page load. Here is my database class, is that a good idea?

    <?php
    //For changes, see: http://www.php.net/manual/en/mysqli.connect.php
    class Database{
    	var $mysqli, $result, $q, $affectedRows;
    	function __construct($host, $user, $pass, $db){
    		$this->connect($host, $user, $pass, $db);
    	}
    	function connect($host, $user, $pass, $db){
    		$this->mysqli = new MySQLi($host, $user, $pass, $db);
    		if(mysqli_connect_error()){
    			//Add Line to error handling system here...
    			echo "Internal Site Error - Cannot Continue!";
    			exit;
    		}
    	}
    	function clean(){
    		$str = $this->q;
    		$str = @trim($str);
    		if(get_magic_quotes_gpc()){
    			$str = stripslashes($str);
    		}
    		$this->q = mysqli_real_escape_string($this->mysqli, $str);
    	}
    	function execute($query, $mode = MYSQLI_STORE_RESULT){
    		$this->q = $query;
    		$this->clean();
    		$result = $this->mysqli->query($query, $mode);				
    		if(is_object($result) && $result instanceof MySQLi_Result){//if result is a object and is part of the mysqli class?
    			$this->result = $result;
    			$this->affectedRows = $this->result->num_rows;
    		}else
    			$this->affectedRows = $this->mysqli->affected_rows;
    		return $this;
    	}
    	function fetchRow(){
    		return $this->result->fetch_assoc();
    	}
    	function fetchAll(){
    		/*$row = $this->result->fetch_all($mode); 
    		 See manual for the mode under mysqli_result::fetch_all
    		//return !empty($row) ? $row : array();//if not empty return row, else return an array? */
    		$row = array();
    		while($f = $this->fetchRow()){
    			$row[] = $f;
    		}
    		return !empty($row) ? $row : array();
    	}
    	function numRows(){
    		return $this->affectedRows;
    	}
    	function delete($table, $where){
    		return $this->execute("DELETE FROM ".$table." WHERE ".$where);
    	}
    	function deleteAll($table){
    		return $this->execute("TRUNCATE ".$table);
    	}
    	function update($table, $set, $where){
    		return $this->execute("UPDATE ".$table." SET ".$set." WHERE ".$where);
    	}
    	function select($table, $select = "*", $where = NULL, $cap = ""){
    		if(is_null($where) || empty($where))
    			return $this->execute("SELECT ".$select." FROM ".$table." ".$cap);
    		else
    			return $this->execute("SELECT ".$select." FROM ".$table." WHERE ".$where." ".$cap);
    	}
    	function lastId(){
    		return $this->mysqli->insert_id;
    	}
    	function resetInc($table, $inc){
    		$this->execute("ALTER TABLE ".$table." AUTO_INCREMENT = ".$inc);
    	}
    	function error(){
    		return @mysqli_error($this->mysqli). " <strong><font color=\"red\">QUERY</font>: ".$this->q."</strong>";
    	}
    	function close(){
    		@mysqli_close($this->mysqli);
    	}
    	function __destruct(){
    		$this->close();
    	}
    }
    $db = new Database(DB_HOST, DB_USER, DB_PASS, DB_DB);
    ?>
    
    

  3. @OOP:

     

    Okay, I was having trouble a while ago, but I had the variables set as private, then I was getting an error saying that it was not a property of FootballPool. I just tried what you suggested and it worked.

     

    So if in the base class, the property that I am trying to access has to be protected and above? If private, it only belongs to the base, or that class?

  4. I am working on my Pool class (base) and my FootballPool class (derived). I have this as my constructor

     

    Pool.php

    	protected $pid, $uid, $pkid, $name;
    	function __construct($pid, $uid){
    		$this->pid = $pid;
    		$this->uid = $uid;
    		$this->pkid = $this->pkid();
    		if(isset($_SESSION['picksInfo']['name']))
    			$this->name = $_SESSION['picksInfo']['name'];
    		else
    			$this->name = NULL;	
    	}
    

     

    Now a function in my FootballPool class needs to call $pid, $uid, and $pkid. How can I do that?

    I have tried this: Pool::$pid, but then I get this error

     

    Fatal error: Access to undeclared static property: Pool::$pid in /var/www/core/includes/FootballPool.php on line 31

     

    I am confused, because in the parents constructor, it is set.

     

    So basically, how can I call a variable set in the base class from a child or derived class?

  5. After quick thought, I figured it out. I have tested it and it seems to work, here is how I solved my problem:

     

    	function fetchRow(){
    
    		return $this->result->fetch_assoc();
    
    	}
    
    	function fetchAll($mode = 'MYSQLI_ASSOC'){
    
    		/*$row = $this->result->fetch_all($mode); */
    
    		//return !empty($row) ? $row : array();//if not empty return row, else return an array?
    
    		$row = array();
    
    		while($f = $this->fetchRow())
    
    			$row[] = $f;
    
    		return !empty($row) ? $row : array();
    
    	}
    

     

    Any suggestions?

     

     

    Note: I also don't code with double spaces. I am using Linux and I think it might have something to do with the text-encoding, but I am not sure.

  6. That is cool, so say if my application is using PostgreSQL I could use the PDO functions, then I all of a sudden switch back to mysql I could use the same functions? That would be real handy when using my Database class.

  7. I have a Text Captcha class I wrote! Very easy to use!

     

    The class:

    <?php
    /*
        This program is free software: you can redistribute it and/or modify
        it under the terms of the GNU General Public License as published by
        the Free Software Foundation, either version 3 of the License, or
        (at your option) any later version.
    
        This program is distributed in the hope that it will be useful,
        but WITHOUT ANY WARRANTY; without even the implied warranty of
        MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
        GNU General Public License for more details.
    
        You should have received a copy of the GNU General Public License
        along with this program.  If not, see <http://www.gnu.org/licenses/>.
    */
    //Created By James Little 
    class TextCaptcha{
    	private $question;
    	private $xml;
    	private $postVar = "realAns";
    	private $salt = "Something Really Really Random, like 79";
    
    	function __construct($api, $url = "http://textcaptcha.com/api/"){
    		@session_start(); //Starts session if one has not already been started. @ messages any errors it may produce.
    		if(!isset($_SESSION['~TC'])){ //So if called on page, does not send request more than once.
    			//Grab question and answers!
    			$url = $url.$api;
    			try{
    				$this->xml = @new SimpleXMLElement($url, NULL, true);
    			}catch(Exception $e){
    				//Could not Connect, this is the default
    				$fallback =  '<captcha>'.
    				'<question>How many wheels does a car have?</question>'.
    				'<answer>'.md5(4).'</answer>
    				<answer>'.md5("four").'</answer></captcha>';
    				$this->xml = new SimpleXMLElement($fallback);
    			}
    			$this->setQA();
    		}else
    			$this->question = $_SESSION['~TC'];
    	}
    	function question(){
    		return $this->question;
    	}
    	function refresh($title = "Refresh"){
    		if(isset($_GET['newQuestion'])){
    			unset($_SESSION['~TC']);
    			header("Location: ".$this->getURL(false));
    		}else
    			return '<a href="'.$this->getURL(true).'newQuestion">'.$title.'</a>';
    	}
    	function correctAnswer($ans){
    		$ra = $_POST[$this->postVar];
    		unset($_SESSION['~TC']);
    		$ans = $this->setAns($ans);
    		for($i = 0; $i<count($ra); $i++){
    			if($ra[$i] === $ans){
    				return true;
    			}
    		}
    		return false;
    	}
    	private function setQA(){
    		//Set the questions and answers.
    		$this->question = (string) $this->xml->question;
    		$addOn = "";
    		foreach ($this->xml->answer as $hash){
    			$addOn .= '<input type="hidden" name="'.$this->postVar.'[]" value="'.$this->setAns((string) $hash, false).'" />';
    		}
    		$this->question = $addOn.$this->question;
    		$_SESSION['~TC'] = $this->question;
    	}
    	private function getURL($fix){//This Function needs to be rewritten.
    		$page = "http://".$_SERVER['HTTP_HOST'].$_SERVER['SCRIPT_NAME'];
    		$page .= "?";
    		if(count($_SERVER['QUERY_STRING']) > 0)
    			$page .= $_SERVER['QUERY_STRING'];
    		if($fix)
    			$page .= "&";
    		else
    			$page = str_replace("&newQuestion", "", $page);
    		return $page;
    	}
    	private function setAns($ans, $userInput = true){
    		if($userInput) //Because the answers already come in as hashed, but they need to be reshash with salt
    			return md5(md5(strtolower(trim($ans))).$this->salt);
    		else
    			return md5($ans.$this->salt);
    	}
    };
    ?>
    
    

     

    An Example:

     

    <?php
    //To gain an API key, visit: http://textcaptcha.com/register
    include("TextCaptcha.php");
    $TextCaptcha = new TextCaptcha("MY API KEY HERE");
    
    if(isset($_POST['submit'])){
    	if($TextCaptcha->correctAnswer($_POST['answer']))
    		echo "Correct, ";
    	else
    		echo "No, ";
    	echo '<a href="?">Try Again!</a>';
    	unset($_POST['submit']);
    }else{
    
    	echo '<form action="?" method="post" name="TC">';
    	echo $TextCaptcha->question();
    	echo " ";
    	echo $TextCaptcha->refresh("New Question");
    	echo '<br />';
    	echo '<input type="input" name="answer" />';
    	echo '<input type="submit" name="submit" value="Submit" />';
    	echo '</form>';
    }
    ?>
    

     

    Also read that article posted, I know it will help you. Take the time to read. We do not post answers, but the path to the answers. Quit being lazy :/

  8. I have an error that I seem to find curious. Let me explain what I have. I have a Database class that has a function (the culprit) that is called fetchAll. It is suppose to call the mysqli method mysqli_result::fetch_all(). This method does exist, I have looked it up: The PHP Manual, however do note the last comment on the page, it describes my problem, but does not explain how I can fix it. Now, here is my error:

     

    Fatal error: Call to undefined method mysqli_result::fetch_all() in /var/www/core/includes/Database.php on line 36

     

    Here is line 36:

    $row = $this->result->fetch_all($mode);

     

    Here is the entire function, or is it called a method since it is in a class?

    	function fetchAll($mode = 'MYSQLI_ASSOC'){
    
    		$row = $this->result->fetch_all($mode);
    
    		return !empty($row) ? $row : array();//if not empty return row, else return an array?
    
    	}
    

     

    I could post the entire class, but I think it might be irrelevant so I will spear you guys.

     

    Do you guys think you might be able to help me out?

     

    Thanks!

  9. I am working on a new website and I want it to be free of security holes. Before I continue let me add some things:

    • I downloaded the template to have some pretty interface, I hate downloaded templates and plan on creating my own later when I get time.
       
    • Your goal is to create an account on the website.
       
    • Your second goal is to gain administrative access of the website.
       
    • Please break the website as much as possible, I have it backed up.
       
    • Email system is not working at all, not finished.
       
    • Please provide your exploits and how you did it.
       
    • Proof of ownership: http://www.krazypickem.com/ownership/phpfreaks.txt
       
    • Finally, The Website: http://www.krazypickem.com

    Notes:

    • Not logged in message: "Welcome Guest!"
    • Logged in message: "Welcome -INSERT USER'S NAME HERE-!"
    • Admin Message : "Welcome Admin -INSERT USER'S NAME HERE-!"

     

    Thanks guys, for your help. Like I said do your worst.

     

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.