Andy17

I am just interested, is your CSS all in one file? (I am pretty new to CSS but anyway) If so, can't you just copy what ever is on ':link' to ':visited'? a:link {color: #FFFFFF; } a:visited {color: #FFFFFF; } ? Yeah it is. Sure I could, but I just didn't edit the link color, it's just the default one so that's why.

Hey guys, In my script I am pulling out data from my MySQL database that has previously been inserted by a user from another script. I am therefore wondering how to make it as secure as possible for displaying this information on my website. I am thinking of preventing the user from entering bad code (redirecting javascript for instance). This is something I quickly put together: <?php // Finding the row here $title = stripslashes(strip_tags(htmlspecialchars(htmlentities($row['title'], ENT_QUOTES)))); ?> How safe is the code below and did I forget something/is something redundant? Do you know of any improvements? Remember that I want to display it to the users so that's why I need it to be very safe. I did Google and search for a bit but didn't find exactly what I was looking for. If it has been up recently, I apologize. Thank you in advance.

I believe I understand what you are saying and it is a useful tip. Thank you both for your replies!

<?php echo '<img src=".../wallpaper/' . $row['img_large'] . '">'; ?> Think it should be something like that?

Hey, I'm making a simple referal system by using the GET method. I have this code: <select name="refer" /> <option>No one</option> <option<?php if ($_GET['ref'] == "someone1") { echo ' selected'; } ?>>ref1</option> <option<?php if ($_GET['ref'] == "someone2") { echo ' selected'; } ?>>ref2</option> </select> I just want to ask if any security precautions are needed when the information obtained from the URL is never printed and just used in an if statement. I personally don't see how it would be unsafe, but then again, I'm no bug exploiter, nor am I a great coder... Yet! Thanks!

Yeah ok, I just hoped there was a better solution, but hey, I'll only have to do it once! Thanks for the quick reply!

Hey guys, just a quick question. Is there a way to make visited links the same color as links that are not visited, except making a and a:visited the same color (just so I won't have to find a hex color close to the original). Basically I want to get rid of the purple kind of color the browsers automatically make when you visit a link and just have it display the normal link color. I did a quick search and didn't really find anything. If I missed it, I apologize.

ok I have just decided to let it "forget people" when logging out. It appears that everything is working as intended now. I guess the users should have the opportunity of "being forgotten" without manually deleting the cookies anyways. Thank you for your help, gevans, I appreciate it!

Bring it up.

They were actually placed like that already because of me using require, but it makes no difference. This if statement would always be true whether it's first or not (because the cookies are set)? <?php // If the cookies are set (the login information is remembered using cookies), then set variables and run login check if (isset($_COOKIE['cookie1']) && isset($_COOKIE['cookie2'])) { // Check if the user has pressed the logout button here. If yes, don't run the code below. $email = $_COOKIE['cookie1']; $password = $_COOKIE['cookie2']; logcheck($email, $password); } ?> As far as I understand, that if statement will be run again when redirecting, which makes the user log in once again (because the cookies are set!). That's why I don't want to run that code if the user has clicked on the log out button! Sorry, right now I'm just totally lost on this one. I just need to set a value when the log out button is pressed and to check if that value is 1 within the above if statement. If it is 1, then it should not set those variables nor run the logcheck() function. That's what I tried to do by using a hidden field - storing the number 1 in that field when pressing the log out button and then checking if that value was 1 in the above if statement. It just didn't really work out for me.

Sorry for not making myself perfectly clear, guys. I don't want to delete the cookies. I am determining whether a user is logged in or not by using a session ($_SESSION['logstatus']). The cookies are used for automatic login on each visit, but I am only able to login if I comment out the first if statement (I wrote the reason in my first post). So I just want to determine if the user has logged out before running the logcheck() in my first if statement - because if the user has just logged out, it shouldn't log him/her back in! I hope that makes more sense. Thanks for the replies!

Hey guys, I have coded a login/logout script, but now that I have added a remember system (by setting cookies), I cannot logout anymore. Here is the relevant code: <?php // Function checking if the information is correct here (called logcheck())! // If the cookies are set (the login information is remembered using cookies), then set variables and run login check if (isset($_COOKIE['cookie1']) && isset($_COOKIE['cookie2'])) { // Check if the user has logged out here. If yes, don't run the code below. $email = $_COOKIE['cookie1']; $password = $_COOKIE['cookie2']; logcheck($email, $password); } // If the logout button is pressed, then destroy the session & redirect if ($_POST['logoutbutton']) { session_destroy(); header('Location: /'); } ?> The problem is that when I try to logout, the cookies are obviously still set and therefore the first if statement will be true. This means that it will run the logcheck function again and login (so I am unable to logout!). So I guess I somehow need to set a value when logging out that I can access on all pages to check if the user has logged out, because then it should not run the login check again. Check my comment in the code above. I have tried using a hidden field, but I couldn't quite make it work. My idea was that I set the value of that field to 1 and check if it's 1 before running the login check function. I hope you understand my problem. Thanks!

Your simple script worked and made me figure out what was wrong! Instead of .mycurrentdomain.com, I had put .mynewdomain.com, which I haven't even bought yet. I should just have put in my old domain since that is the one I am using for the testing of my project. Thank you for your help and I apologize that I did not spot this. I really should have.

I didn't code the script checking for them yet, I just checked for cookies using Firefox as you said. I also tried with IE just to make sure it's not just Firefox acting up.

I tried isset the first time but when it didn't work, I just used empty because that's how I did it in my previous project (even though it should work with isset). This isn't the problem anyways, because as I stated, PHP does find the if statement to be true and therefore run the setcookie code. The cookies are just not set for some unknown and very mysterious reason! Yeah, I know. I'm still quite lost on this one. I just don't see why it doesn't work. Does the placement of the setcookie functions matter as long as they are in the head?

Umm, I can't edit my post, but the if statement IS in fact true and it does run the code within the brackets. I tested it by adding an echo after the setcookie functions. I'm not sure what you mean by your post to be honest... I chose to insert text and not variables with text just to break it down as much as I could.

Hey guys, I have played with cookies before but I am still relatively new to it. My problem is that my cookies are not being set, even though PHP gives me no error. Here is the code I have. <?php // If the remember checkbox is marked when logging in, then set the cookies if (!empty($_POST['remember'])) { $time = 60 * 60 * 24 * 365 * 20 + time(); setcookie("h_n1", "email", $time, "/", ".mydomain.com", false, true); setcookie("h_n2", "password", $time, "/", ".mydomain.com", false, true); } ?> Any ideas? And yes, I have used sha1 on the password. Just a bonus question, though: should I use sha1 on the email as well? I know it's normally not necessary, but I thought it might be when storing it in a cookie (I realize that the e-mail cannot be used for much, but anyways...). Thank for in advance, freaks!

Doh, I cannot believe I didn't crack that one! That worked, thanks for your help.

Bump. Sorry, no one reads page 6!

bump (page 3 is not cool!)

Thanks a lot guys, I appreciate it! I will take a look at those comments soon.

Thank you for your reply. The thing is that it only works by clicking the logout button twice. I remember having this problem before, but I never solved it in a satisfying way (one that wasn't very complicated). This is what I have: <?php // Logout form echo '<form name="logout" method="post"><input type="submit" value="Log out" name="logoutbutton" /></form>'; // If the logout button is pressed, then destroy the session if (isset($_POST['logoutbutton'])) { session_destroy(); } if ($_SESSION['logstatus'] != 1) { header('Location: /'); } ?> For some reason, using !isset did not work.

Hey guys, I have coded a login system and am therefore making a logout system (obviously). It works and when you logout, a session is set to 0 to show that you are not logged in anymore. However, if the user is on a page that requires him/her to be logged in, he/she will still be able to see the content before he/she either refreshes or navigates away. I do know a few ways to fix this, but it would be a little tricky. I therefore thought of adding the login protected pages to an array, like this (just an example): <?php $loginpage_array[0] = "myorders.php"; $loginpage_array[1] = "profile.php"; $loginpage_array[2] = "settings.php"; $loginpage_array[3] = "submit.php"; ?> I would therefore need a script to check if the current page is the same as one of the pages in the array. I have the following function to get the current page: <?php function currentpage() { return substr($_SERVER["SCRIPT_NAME"],strrpos($_SERVER["SCRIPT_NAME"],"/")+1); } ?> So now I just need to somehow check if the current page name is in that array that I have made. I realize that there are several ways to do this, but my other ideas are too "tricky" and would require me to edit each login protected page. If you, however, have a better idea to do this, please let me know. Thank you in advance!

The place where you echo out your form, you could do that much easier: <?php // Shortened it a lot but I hope you get the point echo '<form method="POST">'; // Instead of echo "<form method=\"POST\">"; ?> That's a whole lot of escapes you got there, which is not necessary and also time consuming.

Sorry if I'm a little slow here... Wouldn't it be best to just always use htmlentities() (instead of htmlspecialchars()) when pulling out data for display on a website? Thanks for all the replies, I learned a thing or two. Also, I'm not going to be storing with credit cards! Not only do I not have enough experience with PHP, I do not know how to work with SSL either. It would also take a long time for me to feel comfortable storing information like that.