serverman
-
Posts
215 -
Joined
-
Last visited
Posts posted by serverman
-
-
OK. Yeah my plan was to clean it up to make it more read able but maybe you are right and I should first attack the security then clean it. I got the login system off of github but yeah its a dead project on it. So I guess now I will dump the login system that I have, then fix all the XSS issues in my code. Then work in or write a new login system. I think removing the current member system will make it way easier to clean up the code.
-
I'm working on my first real project that I coded (other than the user system). I could use some help to know what I could and should clean up in my coding. I am self taught. I know I need to add sanitize codes to the field inputs and that is in the works. Do you see something that would make more sense to be a function in the functions.php include?
Index.php
<?php include_once 'includes/db_connect.php'; include_once 'includes/functions.php'; sec_session_start(); $PageTitle="Open Managment"; function customPageHeader(){?> <script type="text/JavaScript" src="js/sha512.js"></script> <script type="text/JavaScript" src="js/forms.js"></script> <!--Arbitrary HTML Tags--> <?php } include_once('includes/header.php'); if (isset($_GET['error'])) { echo '<p class="error">Error Logging In!</p>'; } if (login_check($mysqli) == true) : ?> <p>Welcome <?php echo htmlentities($_SESSION['username']); ?>! If you are done, please <a href="includes/logout.php">log out</a>.</p> <!--Arbitrary HTML Tags--> <?php $results = $mysqli->query("SELECT id, title, address, occupied FROM property"); ?> <div> <div class="propr"> <div class="propc"><h2>Property Title</h2></div> <div class="propc"><h2>Address</h2></div> <div class="propc"><h2>Occupied</h2></div> </div> <?php while($row = $results->fetch_array()) { ?> <div class="propr"> <div class="propc"><a href="list_prop.php?parent=<?= $row['id'] ?>"><?= $row["title"] ?></a></div> <div class="propc"><?= $row["address"] ?></div> <div class="propc"><?php if ($row["occupied"] == 1) {echo 'yes';} else { echo 'no'; }?></div> </div> <?php } print '</div>'; ?> <p> Add a new property:</p> <form action="newprop.php" method="post"> Property Name<input type="text" name="title"> Address<input type="text" name="address"> <input type="submit" value="Submit"> </form> <div> <?php $results = $mysqli->query("SELECT id, first_name, last_name, email, phone FROM tenant"); while($row = $results->fetch_array()) { ?> <div class="propr"> <div class="propc"><a href="list_tenant.php?parent=<?= $row['id'] ?>"><?= $row["first_name"] ?></a></div> <div class="propc"><?= $row["last_name"] ?></div> <div class="propc"><?= $row["email"] ?></div> <div class="propc"><?= $row["phone"] ?></div> </div> <?php } $mysqli->close(); ?></div> <p>Add tenant</p> <form action="new_tenant.php" method="post"> First Name<input type="text" name="fname"> Last Name<input type="text" name="lname"> Email<input type="text" name="email"> Phone Number<input type="text" name="phone"> <input type="submit" value="Submit"> </form> <?php else : echo '<p> You are currently logged out. Please log in.</p> <form action="includes/process_login.php" method="post" name="login_form"> Email: <input type="text" name="email" /> Password: <input type="password" name="password" id="password"/> <input type="button" value="Login" onclick="formhash(this.form, this.form.password);" /> </form>'; endif; ?> </body> </html>List_tenant.php
<?php include_once 'includes/db_connect.php'; include_once 'includes/functions.php'; sec_session_start(); $PageTitle="Open Managment"; function customPageHeader(){?> <!--Arbitrary HTML Tags--> <?php } include_once('includes/header.php'); ?> <?php if (login_check($mysqli) == true) : ?> <p>Welcome <?php echo htmlentities($_SESSION['username']); ?>! If you are done, please <a href="includes/logout.php">log out</a>.</p> <span> You are veiwing:</span> <?php //get tenant name and current var $a = intval($_GET['parent']); $results = $mysqli->query("SELECT id, first_name, last_name, current FROM tenant WHERE id = '$a'"); while($row = $results->fetch_array()) { echo $row["first_name"], ' ', $row["last_name"]; $current = $row["current"]; } $results->free(); if(isset($_POST['submit'])) { $prop_id = $_POST["prop_id"]; $tent_id = $_GET['parent']; $rent = $_POST["rent"]; $late = $_POST["late"]; $start_date = $_POST["start_d"]; $mysqli->query(" INSERT INTO tenancy (property_id, tent_id, rent, late, start_date, current) VALUES ('$prop_id', '$tent_id', '$rent', '$late', '$start_date', '1' ); "); $mysqli->query(" UPDATE tenant SET current='1' WHERE id=' $tent_id'; "); $mysqli->query(" UPDATE property SET occupied='1' WHERE id=' $prop_id'; "); $mysqli->close(); } elseif ($current == 0) { ?> <form action="list_tenant.php?parent=<?=$a?>" method="post"> <select name="prop_id"> <?php //get props for drop down $results = $mysqli->query("SELECT id, address FROM property"); while($row = $results->fetch_array()) { ?> <option value="<?= $row['id'] ?>"><?= $row["address"] ?></option> <?php } ?> </select> Rent Amount<input type="text" name="rent"> Late Fee<input type="text" name="late"> Move in date<input type="text" name="start_d"> <input type="submit" name="submit" value="submit"> </form> <?php $mysqli->close(); } elseif ($current == 1){ echo 'they live somewhere'; } ?> <p>tenancy info:</p> <?php else : ?> <p> <span class="error">You are not authorized to access this page.</span> Please <a href="index.php">login</a>. </p> <?php endif; ?> </body> </html>functions.php
<?php include_once 'psl-config.php'; function sec_session_start() { $session_name = 'sec_session_id'; // Set a custom session name $secure = SECURE; // This stops JavaScript being able to access the session id. $httponly = true; // Forces sessions to only use cookies. if (ini_set('session.use_only_cookies', 1) === FALSE) { header("Location: ../error.php?err=Could not initiate a safe session (ini_set)"); exit(); } // Gets current cookies params. $cookieParams = session_get_cookie_params(); session_set_cookie_params($cookieParams["lifetime"], $cookieParams["path"], $cookieParams["domain"], $secure, $httponly); // Sets the session name to the one set above. session_name($session_name); session_start(); // Start the PHP session session_regenerate_id(); // regenerated the session, delete the old one. } function login($email, $password, $mysqli) { // Using prepared statements means that SQL injection is not possible. if ($stmt = $mysqli->prepare("SELECT id, username, password, salt FROM members WHERE email = ? LIMIT 1")) { $stmt->bind_param('s', $email); // Bind "$email" to parameter. $stmt->execute(); // Execute the prepared query. $stmt->store_result(); // get variables from result. $stmt->bind_result($user_id, $username, $db_password, $salt); $stmt->fetch(); // hash the password with the unique salt. $password = hash('sha512', $password . $salt); if ($stmt->num_rows == 1) { // If the user exists we check if the account is locked // from too many login attempts if (checkbrute($user_id, $mysqli) == true) { // Account is locked // Send an email to user saying their account is locked return false; } else { // Check if the password in the database matches // the password the user submitted. if ($db_password == $password) { // Password is correct! // Get the user-agent string of the user. $user_browser = $_SERVER['HTTP_USER_AGENT']; // XSS protection as we might print this value $user_id = preg_replace("/[^0-9]+/", "", $user_id); $_SESSION['user_id'] = $user_id; // XSS protection as we might print this value $username = preg_replace("/[^a-zA-Z0-9_\-]+/", "", $username); $_SESSION['username'] = $username; $_SESSION['login_string'] = hash('sha512', $password . $user_browser); // Login successful. return true; } else { // Password is not correct // We record this attempt in the database $now = time(); if (!$mysqli->query("INSERT INTO login_attempts(user_id, time) VALUES ('$user_id', '$now')")) { header("Location: ../error.php?err=Database error: login_attempts"); exit(); } return false; } } } else { // No user exists. return false; } } else { // Could not create a prepared statement header("Location: ../error.php?err=Database error: cannot prepare statement"); exit(); } } function checkbrute($user_id, $mysqli) { // Get timestamp of current time $now = time(); // All login attempts are counted from the past 2 hours. $valid_attempts = $now - (2 * 60 * 60); if ($stmt = $mysqli->prepare("SELECT time FROM login_attempts WHERE user_id = ? AND time > '$valid_attempts'")) { $stmt->bind_param('i', $user_id); // Execute the prepared query. $stmt->execute(); $stmt->store_result(); // If there have been more than 5 failed logins if ($stmt->num_rows > 5) { return true; } else { return false; } } else { // Could not create a prepared statement header("Location: ../error.php?err=Database error: cannot prepare statement"); exit(); } } function login_check($mysqli) { // Check if all session variables are set if (isset($_SESSION['user_id'], $_SESSION['username'], $_SESSION['login_string'])) { $user_id = $_SESSION['user_id']; $login_string = $_SESSION['login_string']; $username = $_SESSION['username']; // Get the user-agent string of the user. $user_browser = $_SERVER['HTTP_USER_AGENT']; if ($stmt = $mysqli->prepare("SELECT password FROM members WHERE id = ? LIMIT 1")) { // Bind "$user_id" to parameter. $stmt->bind_param('i', $user_id); $stmt->execute(); // Execute the prepared query. $stmt->store_result(); if ($stmt->num_rows == 1) { // If the user exists get variables from result. $stmt->bind_result($password); $stmt->fetch(); $login_check = hash('sha512', $password . $user_browser); if ($login_check == $login_string) { // Logged In!!!! return true; } else { // Not logged in return false; } } else { // Not logged in return false; } } else { // Could not prepare statement header("Location: ../error.php?err=Database error: cannot prepare statement"); exit(); } } else { // Not logged in return false; } } function esc_url($url) { if ('' == $url) { return $url; } $url = preg_replace('|[^a-z0-9-~+_.?#=!&;,/:%@$\|*\'()\\x80-\\xff]|i', '', $url); $strip = array('%0d', '%0a', '%0D', '%0A'); $url = (string) $url; $count = 1; while ($count) { $url = str_replace($strip, '', $url, $count); } $url = str_replace(';//', '://', $url); $url = htmlentities($url); $url = str_replace('&', '&', $url); $url = str_replace("'", ''', $url); if ($url[0] !== '/') { // We're only interested in relative links from $_SERVER['PHP_SELF'] return ''; } else { return $url; } }once I fix security issues I will upload my project to github. Im doing this as an open source property management app.
-
So I noticed the home page has not been updated since last time I used the forum about 6 years ago. Isn't it about time to either do away with that or update it. I never liked it when it was added but now its kind of lame since its really outdated. why not just use forum.phpfreaks.com as the home page?
-
Ok this should be the very last thing. So I'm working on the code for the auto update of the rent. I'm not sure how to start the loop. Here is the code so far
<?php include_once 'includes/db_connect.php'; //before the loop $date = date(Y.m.d); $dt2 = new DateTime($date); //during $results = $mysqli->query("SELECT rent, start_date FROM tenancy WHERE tent_id ='$tent_id'"); while($row = $results->fetch_array()) { $rent = $row["rent"]; $movein = $row["start_date"]; } $results->free(); $dt1 = new DateTime($movein); $occupancy = $dt1->diff($dt2); $time = $occupancy->format('%m'); $updaterent = $time * -abs($rent); $mysqli->query("UPDATE payment SET amount='$updaterent' date'$date' WHERE tenancy_id='$tent_id'"); ?> -
The question was about doing things automatically. So I'll look I to chron jobs.
-
OK makes sense so instead of making another table for keeping track of fees just add them into payment just make them negative. I'm sure it's obvious I'm not a real programmer and don't pretend to be but I'm trying to do this right and not just hack it together. Just a hobby for me. Lots a tutorials for me haha. Can you point me in the right direction to have it add rent at the first of the month I've never done anything like that.
-
So I'm about caught up in my coding to get to the point of calculating rent, fees and such. tables now look like:
(payment)id | tenancy_id | date | amount | amount_type_id | note
(payment_type) id | type
(property)id | title | address | occupied
(tenancy)id | property_id | tent_id | rent | late | start_date | end_date | current
(tenant)id | first_name | last_name | email | phone | current
both currents and occupied are a tiny int for 1/0 if they are currently occupied or living somewhere updated with move out script
so still thinking about the math I think I need a another table for storing fee amounts.
I think math wise want to do it like this
$rawrent = $months * $rent $rdue = $rawrent - $paid $totaldue = $rdue + $fees
does that make since or is there a better way to do this
-
mac_g that makes since. I was planning originally to have it where you just edit the property when someone else moves in but this works better because then you still have a record of the last person and such. thanks for the suggestion.
-
benanamen, I like that idea will be adding that table. the plan for this is just to do the basic accounting for now. So far most of the software I have found is either an attempt to be your own personal zillow for doing listings or complex CMS. I will be checking out tenant cloud.
-
I am working on a application to keep track of rent for multiple houses. Making this for a friend to use but once I have it working I'm going to put it out open source for anyone to use.
So the only thing I'm stumped on is keeping track of late fees. I'm not sure where to start on this. late fees start if you haven't payed by the 5th of the month but is also waveable. I feel like I need to keep track of something else in the tables to do this right now I have 2 tables for it. Maybe add a balance table? one has the property info the other has payment info it looks like this:
(propery)
Id | title | address | rent | late | tenant | occupancy
(payment)
id | parent | date | note
Any ideas would help math isn't my thing ha.
-
So I just wanted to say hi again its been years since I logged in on here. I'm Back! Its also been years since I have payed with php but I have to say I love PHP7! I still type like a 10 year old and still cant spell haha.
-
well it counts on the user to make sure the numbers add up... a script could easily auto detect errors..
-
now you need to grow the database... maybe make it more like a wiki?
-
Ive been trying to setup PHP realty today and it keeps giving me this output after I try installation method 1
dumpSQL = true; // set template path and file name $phprealty->construct(TEMPS,"theme.html"); // start session function startCMSSession(); // include urls include(INC."config.urls.php"); // lets get the page action for the content source $action = isset($_REQUEST['a']) ? $_REQUEST['a'] : 1; // PAGE SOURCE CHOOSER switch($action){ /********************************************************************/ /* content management - show the requested frame */ /********************************************************************/ case 1: // home page view $snippet = @file_get_contents(TEMPS."index.php"); break; case 2: // member login / logout $snippet = @file_get_contents(MGR."admin/man_login.php"); break; case 21: // main page for member area if($phprealty->checkLogin()==true){ $snippet = @file_get_contents(MGR."admin/index.php"); }else{ header("Location: index.php?a=2"); } break; case 3: // view listings $snippet = @file_get_contents(TEMPS."p_list.php"); break; case 31: // view propertys $snippet = @file_get_contents(TEMPS."p_view.php"); break; case 4: // search properties $snippet = @file_get_contents(TEMPS."p_search.php"); break; case 5: // list featured listings $snippet = @file_get_contents(TEMPS."f_list.php"); break; case 6: // about us page $snippet = @file_get_contents(TEMPS."about.php"); break; default : // this is a backup just incase the action does not get set above // default if no action was sent lets show a not valid error. $snippet = $notfound." "; $snippet .= $err404; break; }// end switch for frame source $phprealty->replace("title",SITENAME); // set title to site $phprealty->replace("WWW",WWW); // set the url to the start of the site $phprealty->parseSnippet(LANG,$_REQUEST); $content = $phprealty->parseSnippet($snippet,$_REQUEST); // run snippet content $content = $phprealty->parseSnippets($content,$_REQUEST); $phprealty->replace("content",$content); // replace content section based on above actions //$navigation = @file_get_contents(MGR."static/nav.php"); //$navigation = $phprealty->parseSnippet($navigation,$_REQUEST); // run navigation content //$phprealty->replace("navigation",$navigation); // replace navigation content $phprealty->replace("TEMPS",WTEMPS); // replace urls to point to the correct directory if($phprealty->dumpSQL){ echo $phprealty->queryCode; } print_r($phprealty->get()); // output the page ob_end_flush(); // ouput content } else { echo ' ERROR! while reading language file. Check file existence and properties (CHMOD) ';} ?>installation method 2 doesn't make it past step 2
This my manager/includes/config.inc.php
// database connection information $database_type = "mysql"; $database_server = "localhost"; $database_user = "****"; $database_password = "*****"; $dbase = "realty"; $table_prefix = "phprealty_"; // other global site variables define('WWW',"http://localhost/phprealtyv05/"); // with trailing slash define('REL',$_SERVER['DOCUMENT_ROOT']."/phprealtyv05/"); // adjust this to the directory of phpRealty if it is not your document_root. WITH TRAILING SLASH "/" define('TEMPS',REL."templates/default/"); // change to the folder that you use for your template, with trailing slash define('WTEMPS',WWW."templates/default/"); // change to the folder that you use for your template, with trailing slash define('SITENAME',"phpRealty v0.05"); // site name define('LANG',"/templates/languages/english.inc.php"); // path to language file. there are 2 ways to set this: // ex1:LANG = "templates/languages/english.inc.php" OR -
when you say too glued are you saying you think it needs more padding? Ive only tested my self in opera, IE and the browser on my blackberry.
on windows the PDF load on the page but I am looking for a better way to desplay them or convert the data in the pdfs to html data
-
Layout is done just need to make sure it looks good and works good for everyone. Basic website with a basic look and feel is what we were going for.
I up for any Ideas on better ways to display the PDFs?
well check it out : http://tommymattonies.com/
Oh ps. is you have any SEO tips for it I'd appreciate it. Made the website for my uncles restaurant
-
I'm looking to create a team to bring an idea of mine to life and share it with the world. Its going to be complicated but good project to have in your portfolio if it is success full.
needs:
PHP coder(s)
javascript coder(s)
1 Image / layout designer
1 HTML/css
The idea in a nut shell is simply put its a just a cross between forum and chat rooms.
I dont plan on making any money off it. all money made via donation/ advertisement will go to keeping the project alive and successful.
Email me at servermans@gmail.com
-
Samba is only installed on the server as Mchl said this is true... on the windows clients you do not need to install Samba client but you do have to install the Samba client on your linux clients. Fat32 CAN work but i would not do it. NTFS is better but on linux i would use exe3.
-
First what kind of file server? FTP or SMB or torrent?
scsi + raid5 is better for file servers than sata but sata is a little cheaper(off topic sorry)
but to answer your question yes you can have 1 nic for Intranet and one nic for internet. but how it is done depends on what kind of file server you are setting up
one more off topic thing... Ubuntu has a lot of crap that slows it down so archlinux might be more fit for what you are doing because its lighter and lighter is better on servers as we all know. and i hope you are using raid 5 or have really good harddrives.
and you mean Nic as port right
-
main thing is it is a smooth clean layout kinda serif style layout but you used a sanserif font. you might want to spell check
also you might want to try to keep the height the same.
the style looks great but it has become a cliche almost because so many sites have that look but it looks good.
-
Sometimes a project is a dead end... and rethink what you want to do and go for it
-
...Site best viewed in mozilla firefox, people stop putting crap like that in you websites. it's best view in no browser because markup is bad, and who uses tables for layouts anymore?
blinking butten is annoying that's why the blink attribute is depreciated by W3C for text.
layout is really gray.
-
sorry but no. that about it, i can not find one nice thing to say about layout, or the scripting. the idea is nice, the poems are OK (written more of song style than poem style). i will be honest it reminds me of my first try at making a website before i learned anything.
layout is out dated, bland and blahish.
invalid markup
but i will not push that because its only your 2nd site just don't get in a habit of bad coding. but your markup is a lot like my English also looks like you used a lot of rewritten script and just threw it together.
-
darkc0de.com (you will find me on there time to time because i am learning python) has alot of exploit info and scripts that you can fix on your site plus alot of members post sites they hack
suggestions on cleaning up my coding
in PHP Coding Help
Posted
I will think about it. Honestly the whole point of this project was really learn a lot more about php. I've just always used it to just get by when needed and I stopped doing web design work a few years ago.(Joined the military) but php is just a fun hobby I am trying to pick back up. For me I don't see the challenge in a framework. I need a challenge or I get bored.