tyweed

I closed down those user and pass until i fix these embarrassing flaws. And to think i'm a experienced programmer this is bad bad!

Ok i think have pinned down what it was. I think a sql injection into the table has somehow got in so when the browser prints out table it's letting a javascript redirect happen. I'm trying to get access into mysql now so i can have a look at the tables. as of right now the only way i was editing the table info was through php and this won't work! I guess i should have programmed a bit better!

someone must have done something to the site. It has to do with the javascript redirect i use when you get logged in i think? What is wierd is it goes to main for a second then jumps to that youtube video? Wow I must have a biug whole in my security? var result = oReq.responseText; if(result == "redirect") window.location.href="main.php"; else $("error").innerHTML = result; This is called on successfull login any ideas how someone could have linked the site without changing source in my files? i'm very curious

Thanks, yeah I meant to say that the site is just in development stage. So a lot of it is still broken. I was more curious about what you thought of the idea, and interfaces, and overall look within the site.

it should have unobtrusive javascript. What didnt work?

I have started to develop a betting website/social network site where groups of individuals can keep track of all their bets, talk trash, etc. a lot of the social networking features have not yet been implemented. However, I have all of the betting statistic and table features implemented at this time. I would like to get some opinions on features I should add, the overall layout, and any other opinion you might have from your initial look at the website. I'm open for any ideas and all criticism! I hope to hear from you, http://www.voodoowebman.com/youbetyourass/ajax/Login.php email: test@demo.com pass: demo

I have a goal to be a php developer. I have a cs degree and 0 work experience. Do you think it is worth while to learn the zend framework? I have been playing around with it and it is very frustrating. I just don't want to be pulling my hair out for nothing. Just wanted other php users opinion.

I'm curious and would like a few peoples opinions on a small problem. I have created a friendly betting site. One where a group of individuals can make bets and it stores them into mysql table and helps keep track of the stats. At this point in time it has the user signup,login,bet making,stuff complete. I wanted to add a blog like thing so people could talk trash to eachother, maybe avatars,some other stuff. You think i'd be better trying to integrate my existing stuff into a cms like joomla or drupal. just get seperate blog open soure application. Or write my own. Please all opinions open I eagerly await your advice php freaks!

boy am i stupid thanks!

I'm completely confused as to why this is not working? I have a comma seperated list of variables i check using the in shortcut vs having to list multiple or's. ============== table example query================ id user_id groupname 1 1 test 2 3 test 3 2 test 23 1 thisisnew 22 10 test ============================================= Select user_id from user_id_groupname where groupname in ('test,thisisnew') is returning zero? but Select user_id from user_id_groupname where groupname='test' or groupname='thisisnew' returns: The corret response user_id 1 3 2 1 10 I have no idea what is heppening I though in is just a shorthand for testing multiple or's? whats going on?

I can't seem to figure out to more effectively use ajax so that i do not have to keep repeating code in separate files. So, here is an example of what i'm talking about. Let's say you have a login page written in php. <html> <body> <div id="main"> <img src="logo.gif" alt="You bet your ass logo" width="212" height="120"> <?php include_once("./classes/MysqlManager.php"); include_once("./classes/UserFunctions.php"); if(isset($_POST['submit']) ) { if(get_magic_quotes_gpc()) { $email = trim($_POST['email']); $password = trim($_POST['password']); } else { $email = mysql_real_escape_string(trim($_POST['email'] ) ); $password = mysql_real_escape_string( trim($_POST['password'] )); } $mysqlmanager = new MysqlManager(); $query ="SELECT * FROM users WHERE email = '$email' AND password = '$password'"; if(!$r = $mysqlmanager->executeQuery($query))//bad sql command { $mysqlmanager->printSqlError(); printLogin(); } //check for error input empty password or userID else if( $email == "" || $password == "") { print "<p class='warning'> You forgot to enter in either your email or password.</p>"; printLogin(); } //check for error input incorrect password or userID else if(mysql_num_rows($r) == 1) { $userFunc = new UserFunctions(); $row = mysql_fetch_array($r); $_SESSION['name'] = $row['username']; $_SESSION['email'] = $email; $_SESSION['password'] = $password; $_SESSION['user_id'] = $row['user_id']; // no longer need this thus far $_SESSION['grouplist'] = $userFunc->getGroupList($row['user_id']); if($email == "admin") header("Location:admin.php"); else header("Location:main.php"); } else { print "<p class='warning'> Incorrect Login or Password!</p>"; printLogin(); } } else { printLogin(); } function printLogin() { print <<< HTMLBLOCK <center> <div id="error" > </div> <form method = "post" action="login.php" id="form"> <table> <tr> <td align = left> <fieldset> <legend> Login</legend> <label for="email">Email :</label> <br/> <input type = 'text' name = 'email' class="required" size = '40'/> <br/> <label for="password">Password :</label> <br/> <input type = 'password' name = 'password' class="required" size = '25'/> <br/> <br/> <input type = 'submit' name = 'submit' id='submit' value = 'submit'/> <br/> <br/> <a href='LostPassword.php'> Forgot Password?</a> | <a href="Signup.php"> Add New Group </a> <br/> </fieldset> </td> </tr> </table> <br> <br> HTMLBLOCK; } ?> </div> </body> </html> So this was a fully working php login page now i'd like to use ajax to make it better. The problem is i can't seem to figure out how to call this same page with ajax to use the existing code. Instead i create a new file that copies almost exactly the php chunk of code. Here is the example ajax php file called <?php session_start(); include_once("./classes/MysqlManager.php"); include_once("./classes/UserFunctions.php"); //validate all form fields were filled in header('Content-Type:text\xml'); $mysqlmanager = new MysqlManager(); $email = trim($_POST['email']); $password = trim($_POST['password']); $query ="SELECT * FROM users WHERE email = '$email' AND password = '$password'"; if(!$r = $mysqlmanager->executeQuery($query))//bad sql command { $mysqlmanager->printSqlError(); } else if(mysql_num_rows($r) == 1) { $userFunc = new UserFunctions(); $row = mysql_fetch_array($r); $_SESSION['name'] = $row['username']; $_SESSION['email'] = $email; $_SESSION['password'] = $password; $_SESSION['user_id'] = $row['user_id']; print "redirect"; } else { print "<p class='warning'> Incorrect Login or Password!</p>"; } ?> you see how that test.php class is just a cut n paste of code from the login.php class. It just seems so inefficient to code this way. I'd like to use my existing php code that calls itself in the ajax request. It just does not seem correct.Does my problem make any sense? It seems to be a common dilemma for me?

thats what i'v tried the code above shows i tried var row = result.documentElement.getElementsByTagName("row"); where result is the responseXML. I noticed most load the xml into a method i have not. I just assume that it's already loaded into the responseXML

So I have this xml which was created in php file by concatenating a string to create the xml myself: <table> <row> <nameBet> will Mike puke San Luis Obispo weekend party! Steve (No) Kenny (yes) </nameBet> <betBetween> 2 </betBetween> <amount> 5 </amount> <winner> 1 </winner> <betId> 24 </betId> <betCreator> 1 </betCreator> <dateOfBet> 24-Apr-2008 </dateOfBet> </row> <row> <nameBet> Sharks (Ken) vs Flames (Steve) game 7 </nameBet> <betBetween> 2 </betBetween> <amount> 5 </amount> <winner> 2 </winner> <betId> 23 </betId> <betCreator> 1 </betCreator> <dateOfBet> 23-Apr-2008 </dateOfBet> </row> </table> This is the php that creates the xml echo "<?xml version=\"1.0\" encoding=\"utf-8\"?>"; $this->grid .= "<table>\n"; while($row = mysql_fetch_assoc($r)) { $this->grid .= "<row>\n"; foreach($row as $name => $value) { //print "foreach: " . $name . " " . $value . "</br>"; $this->grid .= "\t<". $name. ">\n". $value . "\t</". $name . ">\n"; if($filter == "myBets") { if( ($name == "betCreator") && ($value == $user_id)) { $this->grid .= "\t<editDelete>\n". //<a href=\'EditBet.php?id=\".$row['betId']."'>Edit Bet</a> // | <a href='DeleteBet.php?id=".$row['betId']."'> Delete Bet</a> . "\t</editDelete>\n"; } } } $this->grid .= "</row>\n"; }//end while $this->grid .= "</table>\n"; return $this->grid; } And finally the javascript i'm having the trouble with function ajaxRequest(url,params) { var aj = new Ajax.Request( url, { method:"post", parameters: params, onComplete: getResponse } ); } /* ajax.Response */ function getResponse(oReq) { //var result = oReq.responseText; var result = oReq.responseXML; var row = result.documentElement.getElementsByTagName("row"); alert(row); <=== undefined So the problem is i'm unable to figure out how to grab the data from this xml. I have tried everything and searched everywhere. If i print result it shows [object xmldocument] . But anything else gives me undefined any ideas why? I tried formating the headers in php that did not seem to help. If i do responseText it prints the xml formated file? If i write my xml to a file and open in ie and mozilla it opens fine like an xml file? Forgot to mention i'm using prototype for ajax call for ease of use. but i don't think its a prototype problem...... I'm so lost and frustrated!

So i'm including a class DBInfo that has a few static variables that i'm using to connect to my database. This include is in the MysqlManager class. Then i'm using the scope resolution operator to access those static variables in DBInfo: <?php include("DBManager.php"); include("DBInfo.php"); <================ included here class MysqlManager extends DBManager { function MysqlManager() { $startTime = $this->getMicroTime(); <============== see below this line my call to those static variables using scope resolution operator if (!$this->connection = @mysql_connect(DBInfo::$host,DBInfo::$user,DBInfo::$pass,true)){ $this->errorCode = mysql_errno(); DBInfo looks like: class DBInfo { static $host = 'localhost'; static $user = 'root'; static $pass = ''; static $db = 'bets'; } So on my local i'm using php5 and i gert no errors. On my host its php4 and i'm gettiong this error and i have no idea why? Parse error: parse error, unexpected ',', expecting '(' in /www/vo/youbetyourass/MysqlManager.php on line 13

Ok I have this query Select Distinct b.*,g.groupname,g.user_id from betstable as b, user_id_groupname as g WHERE betCreator in (1,2,4,6,'Open') AND betBetween in (1,2,4,6,'Open') and it is returning : dateBet nameBet BetBetween|BetCreator Amount Winner Groupname 11-24-2008 test again jon | ken 4 jon test 11-24-2008 test again jon | ken 4 jon test2 11-24-2008 test again jon | ken 4 jon test 11-24-2008 test again jon | ken 4 jon test 11-24-2008 test again jon | ken 4 jon test 02-Apr-2008 test1 tyweed | ken 4 ken test 02-Apr-2008 test1 tyweed | ken 4 ken test2 02-Apr-2008 test1 tyweed | ken 4 ken test 02-Apr-2008 test1 tyweed | ken 4 ken test 02-Apr-2008 test1 tyweed | ken 4 ken test tables look like the following --------------Betstable------------------------------ nameBet betBetween amount winner betId betCreator dateOfBet test Open 5 1 5 24-Apr-2008 test again 2 4 4 6 4 11-24-2008 test1 2 4 2 2 1 02-Apr-2008 test 2 2 4 1 3 1 02-Apr-2008 testy Open 45 4 2 02-Apr-2008 fffffffffffffffffffffffffffffffffff 1 23456 5 2 05-Apr-2008 --------user_id_groupname------------------- id user_id groupname 1 1 test 2 1 test2 3 2 test 10 4 test 18 6 test ------------------------------------------ The query is suppose to return all bets in the betstable where a user_id of betBetween,betCreator are in the same group. essentially only show bets where users are in the same group as the user which in this case was 1,2,4,6, open Open is a bet anyone can view. I kinda understand why it is repeating but i'm unsure how to get these same results but only showing 1 unique row for every bet. It seems to repeat every bet the number of results were found. So if six fit the query logic it repeats every find six times?