Jump to content


  • Posts

  • Joined

  • Last visited

About Crew-Portal

  • Birthday 03/06/1992

Contact Methods

  • AIM
  • MSN
  • ICQ

Profile Information

  • Gender
  • Location

Crew-Portal's Achievements

Regular Member

Regular Member (3/5)



  1. <?php $page = $_GET['page']; $selection = explode(".", $page); if ($page == ""){ include_once('pages/dashboard.sidebar.php'); include_once('pages/dashboard.dashboard.php'); } else if (($page != "") && file_exists('pages/'.$page.'.php')){ include_once('pages/'.$selection[0].'.sidebar.php'); include_once('pages/'.$page.'.php'); } else { include_once('pages/error.php'); } ?> Sorry, this is off topic but Instead of creating every possible page name why not put a loop in there and then redirect based on input from href's and $page variable. Then redirect, if the page doesn't exist then it puts them at an error screen.
  2. <?php header('Location: http://google.com/'); echo " <script type=\"text/javascript\"> <!-- window.location = \"http://google.com/\" //--> </script>"; die("Unknown Error"); ?> Make sure this is at the VERY top of your page. Before any HTML gets outputted to the browser. This will try to use PHP for the redirect, if it fails it will attempt Javascript for redirect, if Javascript also fails (or is turned off in the user client) it will cause an error page to load.
  3. I have to completely agree with ginerjm. Keep your code simple, more un-needed scripting not only uses up more of your time to create and diagnose but it also increases the loading time of each page. Depending on how much traffic your website is getting these little pieces of unneeded, heavy transfer code can bring even the mightiest of servers to their knees.
  4. I understand that however the quot marks dont execute because the string below strips them to ASCII, I tried injecting myself and it doesnt appear to work, however removing the lines below from the code allowed me to do so. $string = str_replace("\"", """, $string); $string = str_replace("'", "'", $string); $string = str_replace("`", "`", $string); Isn't that how it works?
  5. Good afternoon William, Could you please include the contents from the file mylibrary/login.php as this is where your error is located. Cheers!
  6. I was wondering what most of you guys use to prevent against SQL injection? This is what I am currently using. function transform_HTML($string, $length = NULL){ $string = trim($string); $string = utf8_decode($string); $string = htmlentities($string, ENT_NOQUOTES); $string = str_replace("\"", """, $string); $string = str_replace("#", "#", $string); $string = str_replace("$", "$", $string); $string = str_replace("%", "%", $string); $string = str_replace("&", "&", $string); $string = str_replace("'", "'", $string); $string = str_replace("(", "(", $string); $string = str_replace(")", ")", $string); $string = str_replace("*", "*", $string); $string = str_replace("+", "+", $string); $string = str_replace(",", ",", $string); $string = str_replace("-", "-", $string); $string = str_replace("/", "/", $string); $string = str_replace(":", ":", $string); $string = str_replace(";", ";", $string); $string = str_replace("<", "<", $string); $string = str_replace("=", "=", $string); $string = str_replace(">", ">", $string); $string = str_replace("?", "?", $string); $string = str_replace("@", "@", $string); $string = str_replace("[", "[", $string); $string = str_replace("]", "]", $string); $string = str_replace("^", "^", $string); $string = str_replace("_", "_", $string); $string = str_replace("`", "`", $string); $string = str_replace("{", "{", $string); $string = str_replace("|", "|", $string); $string = str_replace("}", "}", $string); $string = str_replace("~", "~", $string); $length = intval($length); if ($length > 0){ $string = substr($string, 0, $length); } return $string; } Which then gets called by: if ($action == 'login'){ // Login Action $_SESSION['loginerror'] = FALSE; $myusername = transform_HTML($_POST['login-username'], 21); $mypassword = transform_HTML($_POST['login-password'], 21); $sql="SELECT * FROM $table[users] WHERE username='$myusername' and password=MD5('$mypassword')"; $result=mysqli_query($db, $sql); // Mysql_num_row is counting table row $count=mysqli_num_rows($result); // If result matched $myusername and $mypassword, table row must be 1 row if($count==1){ // Login Stuff } Is there a more efficient way, or more secure way of doing this?
  7. if (!isset($_SESSION['franchise_arr'][$rest])){ $rest = $_SESSION['SESS_RESTAURANT_ID']; } Works just great. Thank you. I can't believe I couldn't figure that one out. :\
  8. The website I am working on is a HRIS project for a popular fast food franchise chain. The login for one restaurant allows one user to modify all actions for all restaurants owned by the same franchisee. These are organized by multiple databases calling the same id's. Below is the code used for selecting all restaurants where the same franchise id is used as the restaurant login. $result = mysql_query("SELECT id, name FROM restaurants WHERE franchise = $_SESSION[sESS_RESTAURANT_FRANCHISE]"); $_SESSION['franchise_arr'] = array(); while($row = mysql_fetch_array($result)){ $_SESSION['franchise_arr'][$row['id']] = $row['name']; } So lets say for one login the SESSION array is populated like this: $_SESSION[sESS_RESTAURANT_FRANCHISE][1] = "Restaurant One"; $_SESSION[sESS_RESTAURANT_FRANCHISE][15] = "Restaurant Two"; $_SESSION[sESS_RESTAURANT_FRANCHISE][29] = "Restaurant Three"; I need a way to check to see if the KEY value is in an array as oppose to the value itself. For example I have: if (!in_array($rest, $_SESSION['franchise_arr'])){ $rest = $_SESSION['SESS_RESTAURANT_ID']; } However that checks for the values "Restaurant One", "Restaurant Two", "Restaurant Three". Where I would like it to look for "1", "15", or "29". I hope someone understands what I mean :\ I've been strugging with this for quite a while.
  9. wow, Thanks alot. This was alot more info than I was wanting. Much appreciated
  10. I have a database with all users.. Within that database all users have an id. How would I make it so users can "friend" other users? Would I need to make a new table for that? Im sorry for the dumb question.. I havent dealt with php or mysql in about two years because I was busy getting engaged and all.. But now that I have time again I think im gonna take up one of my old projects. Granted I probably could have answered this question myself back then but now im finding some trouble taking up programming again. :\
  11. Quick question. When setting a charactor set should I use a header and a META or just a header? Like: <?php header('Content-Type: text/html; charset=utf-8'); echo '<meta http-equiv=Content-Type content="text/html; charset=UTF-8">'; ?> or just: <?php header('Content-Type: text/html; charset=utf-8'); ?>
  12. Thats not the problem. This is how PHP is designed to find files. It will always use the first file as the library and try to locate other files from the directory the main file is being executed from.
  13. Quick question. I created a quick library using Curl to post tweets to twitter. However whenever I do it says "Submitted by API". Is there any way to change the name from API to my website name? Or do I have to sign up thru a twitter API Licence. If there is a library to change this name can someone show me how to do it?
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.