chadrt
-
Posts
124 -
Joined
-
Last visited
Posts posted by chadrt
-
-
wow, I have read the page http://www.php.net/mysql_real_escape_string twice now and I cant say I understood a thing it was saying. I will take your information and try to find some explanations on the internet and see if I can research the usage and meanings that dont look like gibrish.
-
Oh and here is the code that is in the overall_header.html to form the lookup box that is displayed on the top of every page.
<font size=3><form method=post action=callsign.php><input type=text size=8 maxlength=8 name=cs><input type=submit value="Callsign Lookup"></form></font>
I think I may have answered my own question here. The fact that I am using a maxlength=8 option in my text box would most likely keep anything from ever happening malicious?
-
Ok here goes...
The script in question here is a callsign lookup script I built while I was just learning PHP (still have only limited knowledge) and it is not laid out logically. Things are very redundant and I know it could be improved a whole lot. The crazy notes were not so much for others to be able to follow what was happening but more for my own bennefit so I could go back and remember why I did those things
I dont really know PHP I just hacked a BUNCH of commands together to acomplish the lookup. It was a painfull process that took me a long time.The page is located at www.allstarnode.com and the lookup is the top left of the page. You can use "KI4MVI" as a test lookup if you like. The data from there is POSTed to a php page callsign.php which is a basic page. I keep carrying the data from one page to another passing it to a different varriable name. You will see this when you look at the pages.
callsign-switch.php is included in the callsign_body.php page and because the varriable for the callsign to be looked up is carried to it. The switch file determines what commands are going to be performed and what scripts will do what. The "list" and "details" pages are where the magic really happens. The details page was the first PHP page ever written by me I knew nothing about joining tables so it is very sloppy forgive me.
I will attach a zip of all the php pages I have written for this project!
-
I have a very simple database query that uses a single entry text box to lookup something but I dont want anyone using it to hijack my website what can be done to prevent that?
I hesitate with the amount of information I give out here so that someone doesnt see this post and target my site for hacking. It is a text box that in all actuality should never contain more than 6 characters. Someone told me once that it would be possible to put PHP code into that text box and execute commands on my system. Is that true or am I being paranoid here?
-
I currently use a script that is pretty much all over the place but it works by downloading a .zip file then unzipping it, then it loads that file into database tables. It uses a line like this in a .sql file
load data local infile './file.dat' into table AM fields terminated by '|';
In this case it is quite easy to perform the functions needed however I have another file that is formatted differently its raw contents are formatted like this:
Start Column Field Length
1 6
8 35
44 35
80 70
Anyway I wont print the rest of them but that is the basics! The file is a flat text file and I would like to populate a db table with its contents can anyone help me out with the format for doing this?
Chad
-
That is exactly what I needed! Thank you so very much...
Chad
-
I have some pretty complex scripts that pull data from an FCC database (they provide to the public) and they have in the past year been migrating the data to include a zip+4 but the zips are all stuck together for example:
80112-9999 would be displayed like this 801129999
What I would like to do is have it take the variable that contains the zip code and IF the zip is 9 digits place a dash "-" between 5th and 6th digits but IF the zip only contains 5 digits then it would only show the 5 digit zip code. Can this be done?
Chad
-
Ok so I think I understand the whole thing here with the two tables but I have a couple questions what is the "type" field? And there needs to be a section for the Group/Meeting Name. The venu would be like St. Pius Church but the group would be something like the name of the meeting or the group that meets there "Courage to Change" etc.
-
Well there are no dates because the meetings happen every week not just on a particular day. The reason that the time field is varchar is because I dont know enough about mysql php to create that situation for a day of the week/time only characteristic. I wouldnt mind at all actually if the database was restructured I might even learn a thing or two about how it works reading the code. And no I wont be adding anything for any days or cities that wont hold anything in the db. I will simply delete the record/add a new record. Although as I think about it if the day time was set in another way it may open a door for me to add the ability to say show Tuesday as the first day in the list if today is Tuesday or organize the output based on the time of the meeting without hassles. Let me know if you more access than read only, thank you so much for your help! All the time we hear of folks that loose their meeting schedules or what have you and I think with building a small little site dedicated to small browser of the cell phone I am building a nearly platform independant solution to the problem. And I have these little QR Codes that I can post at the meetings for those that have Android or iPhone type smart phones and they can just instantly go to the mobile site. Because of NA I have almost 8 years of clean time from drugs and alcohol and this is how I repay them by keeping up on the technology. Of course they dont expect anything in return but it feels good anyway.
Chad
-
I have been doing some reading on the net and found a couple nice little queries.
1) SELECT DISTINCT column FROM table
2) foreach
I have been able to display a list of cities from the table and I have played with doing a foreach to create a list of meetings but think I need to run a distinct inside of each of the distinct's for the days of the week somehow using the foreach to extract the data associated with it. IDK will step away from the keyboard for a minute to clear my brain.
-
I did this to generate the links for each of the meetings that will point to the full meeting details page (yet to be created). Plus I changed it from pulling all the data to only what is needed by this page. (SELECT ID, name, time) instead of (SELECT *)
<?php // Make a MySQL Connection mysql_connect("***", "***", "***") or die(mysql_error()); mysql_select_db("nameetings") or die(mysql_error()); // Get all the data from the "example" table $result = mysql_query("SELECT ID, name, time FROM meetings") or die(mysql_error()); echo "<table border='1'>"; echo "<tr> <th>Group Name</th> <th>Time</th> </tr>"; while($row = mysql_fetch_array( $result )) { echo "<tr><td><a href=\"details.php?id=".$row['ID']."\">"; echo $row['name']; echo "</a></td><td>"; echo $row['time']; echo "</td></tr>"; } echo "</table>"; ?> -
I have gleaned this code from Tizag:
<?php mysql_connect("***", "***", "***") or die(mysql_error()); mysql_select_db("nameetings") or die(mysql_error()); $result = mysql_query("SELECT * FROM meetings") or die(mysql_error()); echo "<table border='1'>"; echo "<tr> <th>Group Name</th> <th>Time</th> </tr>"; while($row = mysql_fetch_array( $result )) { echo "<tr><td>"; echo $row['name']; echo "</td><td>"; echo $row['time']; echo "</td></tr>"; } echo "</table>"; ?>But this does no sorting what so ever in respect to the meeting Cities or Days. Somehow I have to come up with a statement that select the entire the city column and makes a list that is based on unique entries I think then sort the entries in the DB based on the unique entries then I was thinking of using a string replace for the days of the week that would display them correctly.
Am I on the right track?
-
I am starting from scratch here the whole list was daunting to say the least. I am a "cut and paste scripter" I have done some orriginal works in php that were impressive to me but nothing on a grand scale.
I can send you a read only username and password to my mysql server for the database and table in question. I am working on the code as we speak. I would only send that in the form of a pm, even though its only readonly I would prefer not to invite the world in there.
Chad
-
I am trying to write a simple method of displaying our meetings schedule for North Idaho Area Narcotics Anonymous it pulls from a MySQL database and I want it to look like this:
COEUR D'ALENE
Sunday:
Group 1 Name Time
Group 2 Name Time
Group 3 Name Time
Monday:
Group 1 Name Time
Group 2 Name Time
POST FALLS
Sunday:
Group 1 Name Time
Ok so my problem is I dont know how to make php create the heading only if there are meetings in that heading so if there are no meetings in POST FALLS then it wont make a list for post falls or if there are no meetings in POST FALLS on Sunday then it wont show the SUNDAY heading. This way it will be maintenance free page just add/delete meetings in the database then go from there. Each meeting name will be a link to an ID corresponding to the unique ID in the database so you click it then read all the info on that meeting. It will be a way for NA members to view the schedule from their mobile phones easily.
I have written loops but nothing that would leave out a heading based on lack of a given entry. Any help would be most appreciated. Thank you!!!
Chad
-
Hello everyone here is my perplexing situation...
I followed a lot of information on how to successfully pipe an email to a PHP script. Nothing seemed to work till I found this page http://www.webmasterworld.com/php/3679220.htm
#!/usr/bin/php -q <?php // read from stdin $fd = fopen("php://stdin", "r"); $email = ""; while (!feof($fd)) { $email .= fread($fd, 1024); } fclose($fd); // handle email $lines = explode("\n", $email); // empty vars $from = ""; $subject = ""; $headers = ""; $message = ""; $splittingheaders = true; for ($i=0; $i < count($lines); $i++) { if ($splittingheaders) { // this is a header $headers .= $lines[$i]."\n"; // look out for special headers if (preg_match("/^Subject: (.*)/", $lines[$i], $matches)) { $subject = $matches[1]; } if (preg_match("/^From: (.*)/", $lines[$i], $matches)) { $from = $matches[1]; } } else { // not a header, but message $message .= $lines[$i]."\n"; } if (trim($lines[$i])=="") { // empty line, header section has ended $splittingheaders = false; } } preg_match("/boundary=\".*?\"/i", $headers, $boundary); $boundaryfulltext = $boundary[0]; if ($boundaryfulltext!="") { $find = array("/boundary=\"/i", "/\"/i"); $boundarytext = preg_replace($find, "", $boundaryfulltext); $splitmessage = explode("--" . $boundarytext, $message); $fullmessage = ltrim($splitmessage[1]); preg_match('/\n\n(.*)/is', $fullmessage, $splitmore); if (substr(ltrim($splitmore[0]), 0, 2)=="--") { $actualmessage = $splitmore[0]; } else { $actualmessage = ltrim($splitmore[0]); } } else { $actualmessage = ltrim($message); } $clean = array("/\n--.*/is", "/=3D\n.*/s"); $cleanmessage = trim(preg_replace($clean, "", $actualmessage)); mail("me@myserver.com", "Pipe Script Results", "$cleanmessage", "From: some_email@example.com"); return NULL; ?>now with that in mind I took the orriginal scripting found there and added the last little bit. But the entire process of this script has me LOST I am getting better at this but when I use this script I still get
--001636025c26dfe7d70474f0aab7 Content-Type: text/plain; charset=ISO-8859-1 MESSAGE CONTENT
My question is what I am wanting $cleanmessage to output is just "MESSAGE CONTENT" nothing more. But I have tried to filter out the "--001636025c26dfe7d70474f0aab7" and the Content-Type: etc but I am at a stumbling block.
It took me almost a month of trying to get this far. My server has no standard control panel or anything and figuring out the permissions and aliases files etc was a PITA so here I am with the final leg of the mess. Thanks for any help that can be provided...
Chad
-
Thank you very much for your help!!
-
I set that IP only as a demonstration purpose I have an external IP that will go there, but I didnt want to create any problems with the server publicly displaying that IP, that I have planned to use my script with.
I just wanted to make sure that script was going to function without a ton of problems. There is little security involved with my basic script that I have built, sql injection etc that could wreak havoc.
-
I am trying to protect a script and I think I found a solution but I was hoping someone out here could provide me with something that might be smother or tell me if this is sufficient enough to do the trick.
<? $ip = $_SERVER['REMOTE_ADDR']; if ($ip=='192.168.1.1') { } else { die( "Protected Script - Your server does not have permission to use this resource!"); } // Rest of Code below here! ?>That code would be at the very top of my script to only allow only a specific server to use the page. Thank in advance for anyone that has suggestions.
Chad
-
I am in the midst of building a dispatching system that will keep track of calls for a roadside assistance company as well as the clients we serve, drivers on staff, dispatchers etc. The schedules we create are quite simple they consist of a 7 day week each starting on Wednesday and ending on Tuesday the fields can simply be VARCHAR (20) or something as we use the fields to note Vacation, OFF time, or 24, 6P - 8A, etc.. I am looking for a way to implement the schedule for the drivers, dispatchers and managers via the dispatch system for centralized access to everything.
What I see as a dilemma in my feeble little mind may be something quite simple but I am so new to php and mysql that I know almost nothing and I am looking for a way to make this all come together.
My problem: we keep track of the old schedules for this to work we must have some relationship between the schedule table and the users table. Then be able to generate a weeks worth of schedules for the crew based on input. But how do I make it so I dont have to create another table for each work week with every driver in it? I am willing to entertain any thoughts anyone may have on a simple way to accomplish this. I am just looking for ideas here and once I have the idea in place I will try and build somethign and then maybe I can post the code here and chew it back and forth to figure out works best. Your help is greatly appreciated...
~Chad
-
Just for anyone following this thread the modifications that I posted did work however there was one problem. The Day and Week calculations were actually calculating 24min as opposed to 24hrs. and the week was actually calculating 168min. to fix that I adjusted this:
$cTime = time() + (60 * $x); //changed to cTime as hour seamed weird! to $cTime = time() + (3600 * $x); //changed to cTime as hour seamed weird!
Many thanks to KingPhillip and MadTechie for all their help in this and I am very grateful to have a place like this to come and bounce my ideas off of and get help when needed.
~Chad
-
Ok sorry to keep posting here I dont want anyone to think I am going crazy one post after another but I think I found a solution and if there is a better way then by all means please let me know!!
I added this to the top of the Dindex.php (logged in page of the dispatch sytem)
if(isset($_COOKIE['CT_my_site'])) {}else{ $hour = time() + 3600; setcookie(ID_my_site, $_COOKIE[iD_my_site], $hour); setcookie(Key_my_site, $_COOKIE[Key_my_site], $hour); }Then added this to the login page
if($_POST['stay'] ==""){}else{ setcookie(CT_my_site, $_POST['stay'], $cTime); //adding for use on the members page }(My goal is to be able to start relying on forums less and less and not make everyone else do the work for me, so I at least have to try to figure it out on my own!)
So far this seems to be working...
-
Google one time token script and start looking at what you think might work for you. Attempt to build the script and if you have problems then post what you have thus far and everyone will gladly help you. Or if you prefer there is board here that is for freelance work read the help topics in that board and make a post. Maybe someone will be able to help you out...
Chad
Just a friendly word of advice, I am not associated with the moderators or such here so take it for what it is.
-
Ok I am not a PHP programmer by any means but I am getting better with each passing day. Here is something that I think I found the code at the top of the Dindex.php
session_start(); setcookie(ID_my_site, $_POST['username'], $_SESSION['cTime']); setcookie(Key_my_site, $_POST['pass'], $_SESSION['cTime']);
leads me to believe that it is looking for a username and password that have been posted to the page and in all actuallity I think the only way the page can really see a username and password is thru the session varriables not post. So would I simply change the $_POST['username'], to $_SESSION instead for the username and pass?
-
I left the html portion of the page out if its needed just let me know. This below is the login.php file.
<?php $action = $_GET['action']; $landing = $_POST['landing']; switch ($action) { case "missing": $error = "<font color=red>Please fill in both fields!</font>"; break; case "invalidu": $error = "<font color=red>Invalid Username!</font>"; break; case "invalidp": $error = "<font color=red>Invalid Password!</font>"; break; case "invalidc": $error = "<font color=red>Invalid Session!</font>"; break; case "logout": $error = "<font color=red>Logged out!</font>"; break; default: $error = "Enter login info below."; break; } // Connects to your Database mysql_connect("localhost", "*****", "*****") or die(mysql_error()); mysql_select_db("****") or die(mysql_error()); //Checks if there is a login cookie if(isset($_COOKIE['ID_my_site'])) //if there is, it logs you in and directes you to the members page { $username = $_COOKIE['ID_my_site']; $pass = $_COOKIE['Key_my_site']; $check = mysql_query("SELECT * FROM users WHERE username = '$username'")or die(mysql_error()); while($info = mysql_fetch_array( $check )) { if ($pass != $info['password']) { } else { header("Location: Dindex.php?page=dashboard"); } } } //if the login form is submitted if (isset($_POST['submit'])) { // if form has been submitted // makes sure they filled it in if(!$_POST['username'] | !$_POST['pass']) { header("Location: login.php?action=missing"); } // checks it against the database if (!get_magic_quotes_gpc()) { $_POST['email'] = addslashes($_POST['email']); } $check = mysql_query("SELECT * FROM users WHERE username = '".$_POST['username']."'")or die(mysql_error()); //Gives error if user dosen't exist $check2 = mysql_num_rows($check); if ($check2 == 0) { header("Location: login.php?action=invalidu"); } while($info = mysql_fetch_array( $check )) { $_POST['pass'] = stripslashes($_POST['pass']); $info['password'] = stripslashes($info['password']); $_POST['pass'] = md5($_POST['pass']); //gives error if the password is wrong if ($_POST['pass'] != $info['password']) { header("Location: login.php?action=invalidp"); } else { // if login is ok then we add a cookie $_POST['username'] = stripslashes($_POST['username']); $x=3; if(!empty($_POST['stay'])) { switch($_POST['stay']) { case "week": $x=(24*7); break; case "day": $x=24; break; default; $x=3; break; } } session_start(); //add $cTime = time() + (60 * $x); //changed to cTime as hour seamed weird! $_SESSION['cTime'] = $cTime; //Add setcookie(ID_my_site, $_POST['username'], $cTime); //update setcookie(Key_my_site, $_POST['pass'], $cTime); //update // This sets the initial cookie! //$hour = time() + 3600; //setcookie(ID_my_site, $_POST['username'], $hour); //setcookie(Key_my_site, $_POST['pass'], $hour); //then redirect them to the members area header("Location: Dindex.php?page=".$landing); } } } else { // if they are not logged in ?>And here is the Dindex.php file.
<?php session_start(); setcookie(ID_my_site, $_POST['username'], $_SESSION['cTime']); setcookie(Key_my_site, $_POST['pass'], $_SESSION['cTime']); $page = $_GET['page']; $fileaccess9 = "allowRR783"; // Connects to your Database mysql_connect("localhost", "*****", "*****") or die(mysql_error()); mysql_select_db("*****") or die(mysql_error()); //checks cookies to make sure they are logged in if(isset($_COOKIE['ID_my_site'])) { $username = $_COOKIE['ID_my_site']; $pass = $_COOKIE['Key_my_site']; $check = mysql_query("SELECT * FROM users WHERE username = '$username'")or die(mysql_error()); while($info = mysql_fetch_array( $check )) { //if the cookie has the wrong password, they are taken to the login page if ($pass != $info['password']) { header("Location: login.php"); } //otherwise they are shown the admin area else { // this creates the menu bar and header for the pages - content is static include("headnav.php"); //main page content will change dynamically depending on which menu item is pressed. include($page.".php"); //This page will include the copyright and any other information that will be at the bottom of pages statically. include("footer.php"); } } } else //if the cookie does not exist, they are taken to the login screen { header("Location: login.php"); } ?>Actually I am not logged in at all anymore. It seems that I have to login every time I click a button within my system. ouch...
Trying to redirect on empy...
in PHP Coding Help
Posted
I have this line of code that reads like this:
$theusername = $_POST['username']; if(empty($theusername)){ header("Location: login.php?error=allfields"); }I have tried to put $_POST['username'] within the empty but either way it doesnt redirect to that it just continues to execute code in the page. The result should be back to the index.php where the login is located and then because of the error field it shows a custom message to the user.
No there is no other output to the browser
Yes it continues to execute code from the rest of the system
No I do not see the url in the address box of the browser showing the correct url