tyweed

I closed down those user and pass until i fix these embarrassing flaws. And to think i'm a experienced programmer this is bad bad!

Ok i think have pinned down what it was. I think a sql injection into the table has somehow got in so when the browser prints out table it's letting a javascript redirect happen. I'm trying to get access into mysql now so i can have a look at the tables. as of right now the only way i was editing the table info was through php and this won't work! I guess i should have programmed a bit better!

someone must have done something to the site. It has to do with the javascript redirect i use when you get logged in i think? What is wierd is it goes to main for a second then jumps to that youtube video? Wow I must have a biug whole in my security? var result = oReq.responseText; if(result == "redirect") window.location.href="main.php"; else $("error").innerHTML = result; This is called on successfull login any ideas how someone could have linked the site without changing source in my files? i'm very curious

Thanks, yeah I meant to say that the site is just in development stage. So a lot of it is still broken. I was more curious about what you thought of the idea, and interfaces, and overall look within the site.

it should have unobtrusive javascript. What didnt work?

I have started to develop a betting website/social network site where groups of individuals can keep track of all their bets, talk trash, etc. a lot of the social networking features have not yet been implemented. However, I have all of the betting statistic and table features implemented at this time. I would like to get some opinions on features I should add, the overall layout, and any other opinion you might have from your initial look at the website. I'm open for any ideas and all criticism! I hope to hear from you, http://www.voodoowebman.com/youbetyourass/ajax/Login.php email: [email protected] pass: demo

I have a goal to be a php developer. I have a cs degree and 0 work experience. Do you think it is worth while to learn the zend framework? I have been playing around with it and it is very frustrating. I just don't want to be pulling my hair out for nothing. Just wanted other php users opinion.

I'm curious and would like a few peoples opinions on a small problem. I have created a friendly betting site. One where a group of individuals can make bets and it stores them into mysql table and helps keep track of the stats. At this point in time it has the user signup,login,bet making,stuff complete. I wanted to add a blog like thing so people could talk trash to eachother, maybe avatars,some other stuff. You think i'd be better trying to integrate my existing stuff into a cms like joomla or drupal. just get seperate blog open soure application. Or write my own. Please all opinions open I eagerly await your advice php freaks!

boy am i stupid thanks!

I'm completely confused as to why this is not working? I have a comma seperated list of variables i check using the in shortcut vs having to list multiple or's. ============== table example query================ id user_id groupname 1 1 test 2 3 test 3 2 test 23 1 thisisnew 22 10 test ============================================= Select user_id from user_id_groupname where groupname in ('test,thisisnew') is returning zero? but Select user_id from user_id_groupname where groupname='test' or groupname='thisisnew' returns: The corret response user_id 1 3 2 1 10 I have no idea what is heppening I though in is just a shorthand for testing multiple or's? whats going on?

I can't seem to figure out to more effectively use ajax so that i do not have to keep repeating code in separate files. So, here is an example of what i'm talking about. Let's say you have a login page written in php. <html> <body> <div id="main"> <img src="logo.gif" alt="You bet your ass logo" width="212" height="120"> <?php include_once("./classes/MysqlManager.php"); include_once("./classes/UserFunctions.php"); if(isset($_POST['submit']) ) { if(get_magic_quotes_gpc()) { $email = trim($_POST['email']); $password = trim($_POST['password']); } else { $email = mysql_real_escape_string(trim($_POST['email'] ) ); $password = mysql_real_escape_string( trim($_POST['password'] )); } $mysqlmanager = new MysqlManager(); $query ="SELECT * FROM users WHERE email = '$email' AND password = '$password'"; if(!$r = $mysqlmanager->executeQuery($query))//bad sql command { $mysqlmanager->printSqlError(); printLogin(); } //check for error input empty password or userID else if( $email == "" || $password == "") { print "<p class='warning'> You forgot to enter in either your email or password.</p>"; printLogin(); } //check for error input incorrect password or userID else if(mysql_num_rows($r) == 1) { $userFunc = new UserFunctions(); $row = mysql_fetch_array($r); $_SESSION['name'] = $row['username']; $_SESSION['email'] = $email; $_SESSION['password'] = $password; $_SESSION['user_id'] = $row['user_id']; // no longer need this thus far $_SESSION['grouplist'] = $userFunc->getGroupList($row['user_id']); if($email == "admin") header("Location:admin.php"); else header("Location:main.php"); } else { print "<p class='warning'> Incorrect Login or Password!</p>"; printLogin(); } } else { printLogin(); } function printLogin() { print <<< HTMLBLOCK <center> <div id="error" > </div> <form method = "post" action="login.php" id="form"> <table> <tr> <td align = left> <fieldset> <legend> Login</legend> <label for="email">Email :</label> <br/> <input type = 'text' name = 'email' class="required" size = '40'/> <br/> <label for="password">Password :</label> <br/> <input type = 'password' name = 'password' class="required" size = '25'/> <br/> <br/> <input type = 'submit' name = 'submit' id='submit' value = 'submit'/> <br/> <br/> <a href='LostPassword.php'> Forgot Password?</a> | <a href="Signup.php"> Add New Group </a> <br/> </fieldset> </td> </tr> </table> <br> <br> HTMLBLOCK; } ?> </div> </body> </html> So this was a fully working php login page now i'd like to use ajax to make it better. The problem is i can't seem to figure out how to call this same page with ajax to use the existing code. Instead i create a new file that copies almost exactly the php chunk of code. Here is the example ajax php file called <?php session_start(); include_once("./classes/MysqlManager.php"); include_once("./classes/UserFunctions.php"); //validate all form fields were filled in header('Content-Type:text\xml'); $mysqlmanager = new MysqlManager(); $email = trim($_POST['email']); $password = trim($_POST['password']); $query ="SELECT * FROM users WHERE email = '$email' AND password = '$password'"; if(!$r = $mysqlmanager->executeQuery($query))//bad sql command { $mysqlmanager->printSqlError(); } else if(mysql_num_rows($r) == 1) { $userFunc = new UserFunctions(); $row = mysql_fetch_array($r); $_SESSION['name'] = $row['username']; $_SESSION['email'] = $email; $_SESSION['password'] = $password; $_SESSION['user_id'] = $row['user_id']; print "redirect"; } else { print "<p class='warning'> Incorrect Login or Password!</p>"; } ?> you see how that test.php class is just a cut n paste of code from the login.php class. It just seems so inefficient to code this way. I'd like to use my existing php code that calls itself in the ajax request. It just does not seem correct.Does my problem make any sense? It seems to be a common dilemma for me?

thats what i'v tried the code above shows i tried var row = result.documentElement.getElementsByTagName("row"); where result is the responseXML. I noticed most load the xml into a method i have not. I just assume that it's already loaded into the responseXML

So I have this xml which was created in php file by concatenating a string to create the xml myself: <table> <row> <nameBet> will Mike puke San Luis Obispo weekend party! Steve (No) Kenny (yes) </nameBet> <betBetween> 2 </betBetween> <amount> 5 </amount> <winner> 1 </winner> <betId> 24 </betId> <betCreator> 1 </betCreator> <dateOfBet> 24-Apr-2008 </dateOfBet> </row> <row> <nameBet> Sharks (Ken) vs Flames (Steve) game 7 </nameBet> <betBetween> 2 </betBetween> <amount> 5 </amount> <winner> 2 </winner> <betId> 23 </betId> <betCreator> 1 </betCreator> <dateOfBet> 23-Apr-2008 </dateOfBet> </row> </table> This is the php that creates the xml echo "<?xml version=\"1.0\" encoding=\"utf-8\"?>"; $this->grid .= "<table>\n"; while($row = mysql_fetch_assoc($r)) { $this->grid .= "<row>\n"; foreach($row as $name => $value) { //print "foreach: " . $name . " " . $value . "</br>"; $this->grid .= "\t<". $name. ">\n". $value . "\t</". $name . ">\n"; if($filter == "myBets") { if( ($name == "betCreator") && ($value == $user_id)) { $this->grid .= "\t<editDelete>\n". //<a href=\'EditBet.php?id=\".$row['betId']."'>Edit Bet</a> // | <a href='DeleteBet.php?id=".$row['betId']."'> Delete Bet</a> . "\t</editDelete>\n"; } } } $this->grid .= "</row>\n"; }//end while $this->grid .= "</table>\n"; return $this->grid; } And finally the javascript i'm having the trouble with function ajaxRequest(url,params) { var aj = new Ajax.Request( url, { method:"post", parameters: params, onComplete: getResponse } ); } /* ajax.Response */ function getResponse(oReq) { //var result = oReq.responseText; var result = oReq.responseXML; var row = result.documentElement.getElementsByTagName("row"); alert(row); <=== undefined So the problem is i'm unable to figure out how to grab the data from this xml. I have tried everything and searched everywhere. If i print result it shows [object xmldocument] . But anything else gives me undefined any ideas why? I tried formating the headers in php that did not seem to help. If i do responseText it prints the xml formated file? If i write my xml to a file and open in ie and mozilla it opens fine like an xml file? Forgot to mention i'm using prototype for ajax call for ease of use. but i don't think its a prototype problem...... I'm so lost and frustrated!