Crew-Portal

<?php $page = $_GET['page']; $selection = explode(".", $page); if ($page == ""){ include_once('pages/dashboard.sidebar.php'); include_once('pages/dashboard.dashboard.php'); } else if (($page != "") && file_exists('pages/'.$page.'.php')){ include_once('pages/'.$selection[0].'.sidebar.php'); include_once('pages/'.$page.'.php'); } else { include_once('pages/error.php'); } ?> Sorry, this is off topic but Instead of creating every possible page name why not put a loop in there and then redirect based on input from href's and $page variable. Then redirect, if the page doesn't exist then it puts them at an error screen.

<?php header('Location: http://google.com/'); echo " <script type=\"text/javascript\"> <!-- window.location = \"http://google.com/\" //--> </script>"; die("Unknown Error"); ?> Make sure this is at the VERY top of your page. Before any HTML gets outputted to the browser. This will try to use PHP for the redirect, if it fails it will attempt Javascript for redirect, if Javascript also fails (or is turned off in the user client) it will cause an error page to load.

I have to completely agree with ginerjm. Keep your code simple, more un-needed scripting not only uses up more of your time to create and diagnose but it also increases the loading time of each page. Depending on how much traffic your website is getting these little pieces of unneeded, heavy transfer code can bring even the mightiest of servers to their knees.

I understand that however the quot marks dont execute because the string below strips them to ASCII, I tried injecting myself and it doesnt appear to work, however removing the lines below from the code allowed me to do so. $string = str_replace("\"", """, $string); $string = str_replace("'", "'", $string); $string = str_replace("`", "`", $string); Isn't that how it works?

Good afternoon William, Could you please include the contents from the file mylibrary/login.php as this is where your error is located. Cheers!

I was wondering what most of you guys use to prevent against SQL injection? This is what I am currently using. function transform_HTML($string, $length = NULL){ $string = trim($string); $string = utf8_decode($string); $string = htmlentities($string, ENT_NOQUOTES); $string = str_replace("\"", """, $string); $string = str_replace("#", "#", $string); $string = str_replace("$", "$", $string); $string = str_replace("%", "%", $string); $string = str_replace("&", "&", $string); $string = str_replace("'", "'", $string); $string = str_replace("(", "(", $string); $string = str_replace(")", ")", $string); $string = str_replace("*", "*", $string); $string = str_replace("+", "+", $string); $string = str_replace(",", ",", $string); $string = str_replace("-", "-", $string); $string = str_replace("/", "/", $string); $string = str_replace(":", ":", $string); $string = str_replace(";", ";", $string); $string = str_replace("<", "<", $string); $string = str_replace("=", "=", $string); $string = str_replace(">", ">", $string); $string = str_replace("?", "?", $string); $string = str_replace("@", "@", $string); $string = str_replace("[", "[", $string); $string = str_replace("]", "]", $string); $string = str_replace("^", "^", $string); $string = str_replace("_", "_", $string); $string = str_replace("`", "`", $string); $string = str_replace("{", "{", $string); $string = str_replace("|", "|", $string); $string = str_replace("}", "}", $string); $string = str_replace("~", "~", $string); $length = intval($length); if ($length > 0){ $string = substr($string, 0, $length); } return $string; } Which then gets called by: if ($action == 'login'){ // Login Action $_SESSION['loginerror'] = FALSE; $myusername = transform_HTML($_POST['login-username'], 21); $mypassword = transform_HTML($_POST['login-password'], 21); $sql="SELECT * FROM $table[users] WHERE username='$myusername' and password=MD5('$mypassword')"; $result=mysqli_query($db, $sql); // Mysql_num_row is counting table row $count=mysqli_num_rows($result); // If result matched $myusername and $mypassword, table row must be 1 row if($count==1){ // Login Stuff } Is there a more efficient way, or more secure way of doing this?

if (!isset($_SESSION['franchise_arr'][$rest])){ $rest = $_SESSION['SESS_RESTAURANT_ID']; } Works just great. Thank you. I can't believe I couldn't figure that one out. :\

The website I am working on is a HRIS project for a popular fast food franchise chain. The login for one restaurant allows one user to modify all actions for all restaurants owned by the same franchisee. These are organized by multiple databases calling the same id's. Below is the code used for selecting all restaurants where the same franchise id is used as the restaurant login. $result = mysql_query("SELECT id, name FROM restaurants WHERE franchise = $_SESSION[sESS_RESTAURANT_FRANCHISE]"); $_SESSION['franchise_arr'] = array(); while($row = mysql_fetch_array($result)){ $_SESSION['franchise_arr'][$row['id']] = $row['name']; } So lets say for one login the SESSION array is populated like this: $_SESSION[sESS_RESTAURANT_FRANCHISE][1] = "Restaurant One"; $_SESSION[sESS_RESTAURANT_FRANCHISE][15] = "Restaurant Two"; $_SESSION[sESS_RESTAURANT_FRANCHISE][29] = "Restaurant Three"; I need a way to check to see if the KEY value is in an array as oppose to the value itself. For example I have: if (!in_array($rest, $_SESSION['franchise_arr'])){ $rest = $_SESSION['SESS_RESTAURANT_ID']; } However that checks for the values "Restaurant One", "Restaurant Two", "Restaurant Three". Where I would like it to look for "1", "15", or "29". I hope someone understands what I mean :\ I've been strugging with this for quite a while.

wow, Thanks alot. This was alot more info than I was wanting. Much appreciated

I have a database with all users.. Within that database all users have an id. How would I make it so users can "friend" other users? Would I need to make a new table for that? Im sorry for the dumb question.. I havent dealt with php or mysql in about two years because I was busy getting engaged and all.. But now that I have time again I think im gonna take up one of my old projects. Granted I probably could have answered this question myself back then but now im finding some trouble taking up programming again. :\

Quick question. When setting a charactor set should I use a header and a META or just a header? Like: <?php header('Content-Type: text/html; charset=utf-8'); echo '<meta http-equiv=Content-Type content="text/html; charset=UTF-8">'; ?> or just: <?php header('Content-Type: text/html; charset=utf-8'); ?>

Really? no one?

Thats not the problem. This is how PHP is designed to find files. It will always use the first file as the library and try to locate other files from the directory the main file is being executed from.

Quick question. I created a quick library using Curl to post tweets to twitter. However whenever I do it says "Submitted by API". Is there any way to change the name from API to my website name? Or do I have to sign up thru a twitter API Licence. If there is a library to change this name can someone show me how to do it?

Beautiful. Thanks alot man

That works great phpORcaffine. But why cant I echo $crypted?

Quick question about encription. Is there a way of encoding information and then having a relable way of decoding it? Preferable with a easter egg. Such as: $encoded_string = "Testing".$secretword; I tried using base64_encode and _decode, and it worked perfectly. The only problem is that the string length is not constant. I need a way of encoding so that the length is always the same.. 4 Charactors.. 50 Charactors. It doesnt matter, It just has to be constant. So that "test" and "Hello my name is billy bob joe" Would both encode with a str length of like.. 18. You know what I mean?

I love you. Thanks alot man, means a ton It works beautifully!

<?php class Site{ // some stuff here. } class Connection extends Site{ private $database; private $host; private $username; private $password; private function Connect(){ $connection = @mysql_connect("$host", "$username", "$password") or die("Couldn't connect."); $db = @mysql_select_db($$database, $connection) or die("Couldn't select database."); } function Connection($db,$host,$user,$pass){ this->$database = $db; this->$host = $host; this->$username = $user; this->$password = $pass; Connect(); } } Site s = new Connection("bla","bla","bla","bla"); ?> It seems like it should work, However I end up getting this error: Parse error: syntax error, unexpected T_OBJECT_OPERATOR in C:\xampp\htdocs\lib\config.php on line 18 Any suggestions?

<?php $config= array('site'=> array('connection'=> array('database'=>'SECRET', 'username'=>'SECRET', 'password'=>'SECRET', 'location'=>'localhost', 'type'=>'mysql'), array('settings'=> array('backgroundcolor'=>'#CEE1E9', 'contentcolor'=>'#FFFFFF', 'sidebarcolor'=>'#C8D1D5', 'textcolor'=>'#000000', 'linkcolor'=>'#002E6E', 'backgroundimage'=>null, 'disposition'=>1, 'language'=>'English'), array('name'=> array('sitename'=>'None', 'slogan'=>'None'), array('sessions'=> array('username'=>$_SESSION['valid_user'], 'user_id'=>$_SESSION['user_id']), array('server'=> array('file_quota'=>5000000, 'user_quota'=>50000000, 'monthly_quota'=>15000000, 'uploads'=>TRUE), array('uploads'=> array('image/png'=>TRUE, 'image/jpeg'=>TRUE, 'image/gif'=>TRUE, 'image/svg+xml'=>TRUE, 'audio/mpeg'=>TRUE, 'audio/x-speex'=>TRUE, 'application/ogg'=>TRUE, 'application/pdf'=>TRUE, 'application/vnd.oasis.opendocument.text'=>TRUE, 'application/vnd.oasis.opendocument.text-template'=>TRUE, 'application/vnd.oasis.opendocument.graphics'=>TRUE, 'application/vnd.oasis.opendocument.graphics-template'=>TRUE, 'application/vnd.oasis.opendocument.presentation'=>TRUE, 'application/vnd.oasis.opendocument.presentation-template'=>TRUE, 'application/vnd.oasis.opendocument.spreadsheet'=>TRUE, 'application/vnd.oasis.opendocument.spreadsheet-template'=>TRUE, 'application/vnd.oasis.opendocument.chart'=>TRUE, 'application/vnd.oasis.opendocument.chart-template'=>TRUE, 'application/vnd.oasis.opendocument.image'=>TRUE, 'application/vnd.oasis.opendocument.image-template'=>TRUE, 'application/vnd.oasis.opendocument.formula'=>TRUE, 'application/vnd.oasis.opendocument.formula-template'=>TRUE, 'application/vnd.oasis.opendocument.text-master'=>TRUE, 'application/vnd.oasis.opendocument.text-web'=>TRUE, 'application/x-zip'=>TRUE, 'application/zip'=>TRUE, 'text/plain'=>TRUE, 'video/mpeg'=>TRUE, 'video/mp4'=>TRUE, 'video/quicktime'=>TRUE, 'video/mpeg'=>TRUE) ))))))); ?> The following script works fine but when I call the array I have to do it like so.. $config['site'][0]['settings']['backgroundcolor']; But I would like to access it by $config['site']['settings']['backgroundcolor']; Any ideas on how to remove that useless integer value?

Thanks, That wasnt the problem but I got it solved myself. How I did it.. I still dont know.. But it works now, thats all I care about

I surrounded the array with <PRE></PRE> and got: Array ( [site] => Array ( [connection] => Array ( [database] => SECRET [username] => SECRET [password] => SECRET [location] => localhost ) [0] => Array ( [settings] => Array ( [backgroundcolor] => #CEE1E9 [contentcolor] => #FFFFFF [sidebarcolor] => #C8D1D5 [textcolor] => #000000 [linkcolor] => #002E6E [backgroundimage] => [disposition] => 1 ) ) [1] => Array ( [name] => Array ( [sitename] => None [slogan] => None [language] => English ) ) [2] => Array ( [sessions] => Array ( [username] => [user_id] => ) ) ) ) Does that shed any light on the situation? Cause I understand that I dont have the arrays grouped properly. But sadly I dont know how to fix it :'(

<?php $config= array('site'=> array('connection'=> array('database'=>'SECRET', 'username'=>'SECRET', 'password'=>'SECRET', 'location'=>'localhost'), array('settings'=> array('backgroundcolor'=>'#CEE1E9', 'contentcolor'=>'#FFFFFF', 'sidebarcolor'=>'#C8D1D5', 'textcolor'=>'#000000', 'linkcolor'=>'#002E6E', 'backgroundimage'=>null, 'disposition'=>1), ), array('name'=> array('sitename'=>'None', 'slogan'=>'None', 'language'=>'English'), ), array('sessions'=> array('username'=>$_SESSION['valid_user'], 'user_id'=>$_SESSION['user_id']), ), ) ) ;?> Why cant I access my arrays like.. $config['site']['settings']['backgroundcolor']; I cant figure it out. And im not getting any errors..

Oh yah, I know what you meant. I didnt mean to sound sarcastic.

Actually I really like it. im sure some people will be pissed about it but thats there problem1.