Jump to content

serverman

Members
  • Content count

    215
  • Joined

  • Last visited

Community Reputation

0 Neutral

About serverman

  • Rank
    Advanced Member

Profile Information

  • Gender
    Not Telling
  1. serverman

    suggestions on cleaning up my coding

    I will think about it. Honestly the whole point of this project was really learn a lot more about php. I've just always used it to just get by when needed and I stopped doing web design work a few years ago.(Joined the military) but php is just a fun hobby I am trying to pick back up. For me I don't see the challenge in a framework. I need a challenge or I get bored.
  2. serverman

    suggestions on cleaning up my coding

    OK. Yeah my plan was to clean it up to make it more read able but maybe you are right and I should first attack the security then clean it. I got the login system off of github but yeah its a dead project on it. So I guess now I will dump the login system that I have, then fix all the XSS issues in my code. Then work in or write a new login system. I think removing the current member system will make it way easier to clean up the code.
  3. I'm working on my first real project that I coded (other than the user system). I could use some help to know what I could and should clean up in my coding. I am self taught. I know I need to add sanitize codes to the field inputs and that is in the works. Do you see something that would make more sense to be a function in the functions.php include? Index.php <?php include_once 'includes/db_connect.php'; include_once 'includes/functions.php'; sec_session_start(); $PageTitle="Open Managment"; function customPageHeader(){?> <script type="text/JavaScript" src="js/sha512.js"></script> <script type="text/JavaScript" src="js/forms.js"></script> <!--Arbitrary HTML Tags--> <?php } include_once('includes/header.php'); if (isset($_GET['error'])) { echo '<p class="error">Error Logging In!</p>'; } if (login_check($mysqli) == true) : ?> <p>Welcome <?php echo htmlentities($_SESSION['username']); ?>! If you are done, please <a href="includes/logout.php">log out</a>.</p> <!--Arbitrary HTML Tags--> <?php $results = $mysqli->query("SELECT id, title, address, occupied FROM property"); ?> <div> <div class="propr"> <div class="propc"><h2>Property Title</h2></div> <div class="propc"><h2>Address</h2></div> <div class="propc"><h2>Occupied</h2></div> </div> <?php while($row = $results->fetch_array()) { ?> <div class="propr"> <div class="propc"><a href="list_prop.php?parent=<?= $row['id'] ?>"><?= $row["title"] ?></a></div> <div class="propc"><?= $row["address"] ?></div> <div class="propc"><?php if ($row["occupied"] == 1) {echo 'yes';} else { echo 'no'; }?></div> </div> <?php } print '</div>'; ?> <p> Add a new property:</p> <form action="newprop.php" method="post"> Property Name<input type="text" name="title"> Address<input type="text" name="address"> <input type="submit" value="Submit"> </form> <div> <?php $results = $mysqli->query("SELECT id, first_name, last_name, email, phone FROM tenant"); while($row = $results->fetch_array()) { ?> <div class="propr"> <div class="propc"><a href="list_tenant.php?parent=<?= $row['id'] ?>"><?= $row["first_name"] ?></a></div> <div class="propc"><?= $row["last_name"] ?></div> <div class="propc"><?= $row["email"] ?></div> <div class="propc"><?= $row["phone"] ?></div> </div> <?php } $mysqli->close(); ?></div> <p>Add tenant</p> <form action="new_tenant.php" method="post"> First Name<input type="text" name="fname"> Last Name<input type="text" name="lname"> Email<input type="text" name="email"> Phone Number<input type="text" name="phone"> <input type="submit" value="Submit"> </form> <?php else : echo '<p> You are currently logged out. Please log in.</p> <form action="includes/process_login.php" method="post" name="login_form"> Email: <input type="text" name="email" /> Password: <input type="password" name="password" id="password"/> <input type="button" value="Login" onclick="formhash(this.form, this.form.password);" /> </form>'; endif; ?> </body> </html> List_tenant.php <?php include_once 'includes/db_connect.php'; include_once 'includes/functions.php'; sec_session_start(); $PageTitle="Open Managment"; function customPageHeader(){?> <!--Arbitrary HTML Tags--> <?php } include_once('includes/header.php'); ?> <?php if (login_check($mysqli) == true) : ?> <p>Welcome <?php echo htmlentities($_SESSION['username']); ?>! If you are done, please <a href="includes/logout.php">log out</a>.</p> <span> You are veiwing:</span> <?php //get tenant name and current var $a = intval($_GET['parent']); $results = $mysqli->query("SELECT id, first_name, last_name, current FROM tenant WHERE id = '$a'"); while($row = $results->fetch_array()) { echo $row["first_name"], '&nbsp', $row["last_name"]; $current = $row["current"]; } $results->free(); if(isset($_POST['submit'])) { $prop_id = $_POST["prop_id"]; $tent_id = $_GET['parent']; $rent = $_POST["rent"]; $late = $_POST["late"]; $start_date = $_POST["start_d"]; $mysqli->query(" INSERT INTO tenancy (property_id, tent_id, rent, late, start_date, current) VALUES ('$prop_id', '$tent_id', '$rent', '$late', '$start_date', '1' ); "); $mysqli->query(" UPDATE tenant SET current='1' WHERE id=' $tent_id'; "); $mysqli->query(" UPDATE property SET occupied='1' WHERE id=' $prop_id'; "); $mysqli->close(); } elseif ($current == 0) { ?> <form action="list_tenant.php?parent=<?=$a?>" method="post"> <select name="prop_id"> <?php //get props for drop down $results = $mysqli->query("SELECT id, address FROM property"); while($row = $results->fetch_array()) { ?> <option value="<?= $row['id'] ?>"><?= $row["address"] ?></option> <?php } ?> </select> Rent Amount<input type="text" name="rent"> Late Fee<input type="text" name="late"> Move in date<input type="text" name="start_d"> <input type="submit" name="submit" value="submit"> </form> <?php $mysqli->close(); } elseif ($current == 1){ echo 'they live somewhere'; } ?> <p>tenancy info:</p> <?php else : ?> <p> <span class="error">You are not authorized to access this page.</span> Please <a href="index.php">login</a>. </p> <?php endif; ?> </body> </html> functions.php <?php include_once 'psl-config.php'; function sec_session_start() { $session_name = 'sec_session_id'; // Set a custom session name $secure = SECURE; // This stops JavaScript being able to access the session id. $httponly = true; // Forces sessions to only use cookies. if (ini_set('session.use_only_cookies', 1) === FALSE) { header("Location: ../error.php?err=Could not initiate a safe session (ini_set)"); exit(); } // Gets current cookies params. $cookieParams = session_get_cookie_params(); session_set_cookie_params($cookieParams["lifetime"], $cookieParams["path"], $cookieParams["domain"], $secure, $httponly); // Sets the session name to the one set above. session_name($session_name); session_start(); // Start the PHP session session_regenerate_id(); // regenerated the session, delete the old one. } function login($email, $password, $mysqli) { // Using prepared statements means that SQL injection is not possible. if ($stmt = $mysqli->prepare("SELECT id, username, password, salt FROM members WHERE email = ? LIMIT 1")) { $stmt->bind_param('s', $email); // Bind "$email" to parameter. $stmt->execute(); // Execute the prepared query. $stmt->store_result(); // get variables from result. $stmt->bind_result($user_id, $username, $db_password, $salt); $stmt->fetch(); // hash the password with the unique salt. $password = hash('sha512', $password . $salt); if ($stmt->num_rows == 1) { // If the user exists we check if the account is locked // from too many login attempts if (checkbrute($user_id, $mysqli) == true) { // Account is locked // Send an email to user saying their account is locked return false; } else { // Check if the password in the database matches // the password the user submitted. if ($db_password == $password) { // Password is correct! // Get the user-agent string of the user. $user_browser = $_SERVER['HTTP_USER_AGENT']; // XSS protection as we might print this value $user_id = preg_replace("/[^0-9]+/", "", $user_id); $_SESSION['user_id'] = $user_id; // XSS protection as we might print this value $username = preg_replace("/[^a-zA-Z0-9_\-]+/", "", $username); $_SESSION['username'] = $username; $_SESSION['login_string'] = hash('sha512', $password . $user_browser); // Login successful. return true; } else { // Password is not correct // We record this attempt in the database $now = time(); if (!$mysqli->query("INSERT INTO login_attempts(user_id, time) VALUES ('$user_id', '$now')")) { header("Location: ../error.php?err=Database error: login_attempts"); exit(); } return false; } } } else { // No user exists. return false; } } else { // Could not create a prepared statement header("Location: ../error.php?err=Database error: cannot prepare statement"); exit(); } } function checkbrute($user_id, $mysqli) { // Get timestamp of current time $now = time(); // All login attempts are counted from the past 2 hours. $valid_attempts = $now - (2 * 60 * 60); if ($stmt = $mysqli->prepare("SELECT time FROM login_attempts WHERE user_id = ? AND time > '$valid_attempts'")) { $stmt->bind_param('i', $user_id); // Execute the prepared query. $stmt->execute(); $stmt->store_result(); // If there have been more than 5 failed logins if ($stmt->num_rows > 5) { return true; } else { return false; } } else { // Could not create a prepared statement header("Location: ../error.php?err=Database error: cannot prepare statement"); exit(); } } function login_check($mysqli) { // Check if all session variables are set if (isset($_SESSION['user_id'], $_SESSION['username'], $_SESSION['login_string'])) { $user_id = $_SESSION['user_id']; $login_string = $_SESSION['login_string']; $username = $_SESSION['username']; // Get the user-agent string of the user. $user_browser = $_SERVER['HTTP_USER_AGENT']; if ($stmt = $mysqli->prepare("SELECT password FROM members WHERE id = ? LIMIT 1")) { // Bind "$user_id" to parameter. $stmt->bind_param('i', $user_id); $stmt->execute(); // Execute the prepared query. $stmt->store_result(); if ($stmt->num_rows == 1) { // If the user exists get variables from result. $stmt->bind_result($password); $stmt->fetch(); $login_check = hash('sha512', $password . $user_browser); if ($login_check == $login_string) { // Logged In!!!! return true; } else { // Not logged in return false; } } else { // Not logged in return false; } } else { // Could not prepare statement header("Location: ../error.php?err=Database error: cannot prepare statement"); exit(); } } else { // Not logged in return false; } } function esc_url($url) { if ('' == $url) { return $url; } $url = preg_replace('|[^a-z0-9-~+_.?#=!&;,/:%@$\|*\'()\\x80-\\xff]|i', '', $url); $strip = array('%0d', '%0a', '%0D', '%0A'); $url = (string) $url; $count = 1; while ($count) { $url = str_replace($strip, '', $url, $count); } $url = str_replace(';//', '://', $url); $url = htmlentities($url); $url = str_replace('&', '&', $url); $url = str_replace("'", ''', $url); if ($url[0] !== '/') { // We're only interested in relative links from $_SERVER['PHP_SELF'] return ''; } else { return $url; } } once I fix security issues I will upload my project to github. Im doing this as an open source property management app.
  4. So I noticed the home page has not been updated since last time I used the forum about 6 years ago. Isn't it about time to either do away with that or update it. I never liked it when it was added but now its kind of lame since its really outdated. why not just use forum.phpfreaks.com as the home page?
  5. serverman

    late fees in rental app

    Ok this should be the very last thing. So I'm working on the code for the auto update of the rent. I'm not sure how to start the loop. Here is the code so far <?php include_once 'includes/db_connect.php'; //before the loop $date = date(Y.m.d); $dt2 = new DateTime($date); //during $results = $mysqli->query("SELECT rent, start_date FROM tenancy WHERE tent_id ='$tent_id'"); while($row = $results->fetch_array()) { $rent = $row["rent"]; $movein = $row["start_date"]; } $results->free(); $dt1 = new DateTime($movein); $occupancy = $dt1->diff($dt2); $time = $occupancy->format('%m'); $updaterent = $time * -abs($rent); $mysqli->query("UPDATE payment SET amount='$updaterent' date'$date' WHERE tenancy_id='$tent_id'"); ?>
  6. serverman

    late fees in rental app

    The question was about doing things automatically. So I'll look I to chron jobs.
  7. serverman

    late fees in rental app

    OK makes sense so instead of making another table for keeping track of fees just add them into payment just make them negative. I'm sure it's obvious I'm not a real programmer and don't pretend to be but I'm trying to do this right and not just hack it together. Just a hobby for me. Lots a tutorials for me haha. Can you point me in the right direction to have it add rent at the first of the month I've never done anything like that.
  8. serverman

    late fees in rental app

    So I'm about caught up in my coding to get to the point of calculating rent, fees and such. tables now look like: (payment)id | tenancy_id | date | amount | amount_type_id | note (payment_type) id | type (property)id | title | address | occupied (tenancy)id | property_id | tent_id | rent | late | start_date | end_date | current (tenant)id | first_name | last_name | email | phone | current both currents and occupied are a tiny int for 1/0 if they are currently occupied or living somewhere updated with move out script so still thinking about the math I think I need a another table for storing fee amounts. I think math wise want to do it like this $rawrent = $months * $rent $rdue = $rawrent - $paid $totaldue = $rdue + $fees does that make since or is there a better way to do this
  9. serverman

    late fees in rental app

    mac_g that makes since. I was planning originally to have it where you just edit the property when someone else moves in but this works better because then you still have a record of the last person and such. thanks for the suggestion.
  10. serverman

    late fees in rental app

    benanamen, I like that idea will be adding that table. the plan for this is just to do the basic accounting for now. So far most of the software I have found is either an attempt to be your own personal zillow for doing listings or complex CMS. I will be checking out tenant cloud.
  11. serverman

    late fees in rental app

    I am working on a application to keep track of rent for multiple houses. Making this for a friend to use but once I have it working I'm going to put it out open source for anyone to use. So the only thing I'm stumped on is keeping track of late fees. I'm not sure where to start on this. late fees start if you haven't payed by the 5th of the month but is also waveable. I feel like I need to keep track of something else in the tables to do this right now I have 2 tables for it. Maybe add a balance table? one has the property info the other has payment info it looks like this: (propery) Id | title | address | rent | late | tenant | occupancy (payment) id | parent | date | note Any ideas would help math isn't my thing ha.
  12. serverman

    hello once more!

    So I just wanted to say hi again its been years since I logged in on here. I'm Back! Its also been years since I have payed with php but I have to say I love PHP7! I still type like a 10 year old and still cant spell haha.
×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.