Jump to content

Highland3r

Members
  • Posts

    67
  • Joined

  • Last visited

    Never

Profile Information

  • Gender
    Not Telling

Highland3r's Achievements

Member

Member (2/5)

0

Reputation

  1. Ok so i am currently having a bit of a problem with a script i have been using and upgrading, at the moment i have the cms fully operational and requires username and password to login i have the mySQL set up with 10 options 1-10 1 - admin 2- editors and so on. within the user setting i then choose a group the problem is that all groups allow total access and i can not understand the process required so that say option 2 should only have access to half the website. Any ideas?? This is the code for the security. <?php //////////////////////////////////////////////////////////////////////////////////////// // Class: sentry // Purpose: Control access to pages /////////////////////////////////////////////////////////////////////////////////////// class sentry { var $loggedin = false; // Boolean to store whether the user is logged in var $userdata; // Array to contain user's data function sentry(){ session_start(); header("Cache-control: private"); } //====================================================================================== // Log out, destroy session function logout(){ unset($this->userdata); session_destroy(); return true; } //====================================================================================== // Log in, and either redirect to goodRedirect or badRedirect depending on success function checkLogin($user = '',$pass = '',$group = 10,$goodRedirect = '',$badRedirect = ''){ // Include database and validation classes, and create objects require_once('DbConnector.php'); require_once('Validator.php'); $validate = new Validator(); $loginConnector = new DbConnector(); // If user is already logged in then check credentials if ($_SESSION['user'] && $_SESSION['pass']){ // Validate session data if (!$validate->validateTextOnly($_SESSION['user'])){return false;} if (!$validate->validateTextOnly($_SESSION['pass'])){return false;} $getUser = $loginConnector->query("SELECT * FROM cmsusers WHERE user = '".$_SESSION['user']."' AND pass = '".$_SESSION['pass']."' AND thegroup <= ".$group.' AND enabled = 1'); if ($loginConnector->getNumRows($getUser) > 0){ // Existing user ok, continue if ($goodRedirect != '') { header("Location: ".$goodRedirect."?".strip_tags(session_id())) ; } return true; }else{ // Existing user not ok, logout $this->logout(); return false; } // User isn't logged in, check credentials }else{ // Validate input if (!$validate->validateTextOnly($user)){return false;} if (!$validate->validateTextOnly($pass)){return false;} // Look up user in DB $getUser = $loginConnector->query("SELECT * FROM cmsusers WHERE user = '$user' AND pass = MD5('$pass') AND thegroup <= $group AND enabled = 1"); $this->userdata = $loginConnector->fetchArray($getUser); if ($loginConnector->getNumRows($getUser) > 0){ // Login OK, store session details // Log in $_SESSION["user"] = $user; $_SESSION["pass"] = $this->userdata['pass']; $_SESSION["thegroup"] = $this->userdata['thegroup']; if ($goodRedirect) { header("Location: ".$goodRedirect."?".strip_tags(session_id())) ; } return true; }else{ // Login BAD unset($this->userdata); if ($badRedirect) { header("Location: ".$badRedirect) ; } return false; } } } } ?> This is the sequrity on login page <?php require_once("../includes/Sentry.php"); $sentry = new Sentry(); if ($HTTP_POST_VARS['user'] != ''){ $sentry->checkLogin($HTTP_POST_VARS['user'],$HTTP_POST_VARS['pass'],4,'index.php','failed.php'); } if ($HTTP_GET_VARS['action'] == 'logout'){ if ($sentry->logout()){ echo '<center>You have been logged out</center><br>'; } } ?>
  2. were would i place that ? it looks like the start of the php but i am not sure i am still trying to learn thanks for all the help i really appreciate it
  3. i am not sure what you mean i am not the best t php, im still learning alot. what functions are missing? This is all my code now minus the search form = 'q' <?php //connect to your database mysql_connect("localhost","web225-content","Password"); //(host, username, password) //specify database mysql_select_db("web225-content") or die("Unable to select database"); //select which database we're using $query = trim($_GET['q']); $query = preg_replace('#[^A-Za-z0-9 ]#', '', $query); if (3 < strlen($query)) { //words with less then 3 characters are considered invalid $query = escape($query); $query = 'SELECT thearticle, REF FROM cmsarticles' . " WHERE thearticle = '$query' OR thearticle LIKE '%$query%'" . ' ORDER BY id'; $result = query($query); if (0 < ($row_count = row_count())) { $page = ctype_digit($_GET['p']) ? intval($_GET['p']) : 1; $items_per_page = 20; $number_of_pages = floor($row_count / $items_per_page); $offset = ($page - 1) * $items_per_page; for ($number = 1, $index = $offset; $index < $row_count && $index < $offset + $items_per_page; ++$number, ++$index) { $thearticle = mysql_result($result, $index, 'thearticle'); $ref = mysql_result($result, $index, 'REF'); echo "$number. <a href=\"$ref\">$thearticle</a><br>\n"; } mysql_free_result($result); echo ((1 < $page) ? '<a href="'.build_url(array('p'=>$page-1)).'">< previous</a>' : '<strong>< previous</strong>'), ' ', (($page < $number_of_pages) ? '<a href="'.build_url(array('p'=>$page+1)).'">next ></a>' : '<strong>next ></strong>'); }} ?>
  4. error is not with conection details they are all correct ther is no error only a blank return when i search any ideas?
  5. Code is looking great and much more stable but i am unable to get the code to function now as i am probably not putting the database details in correct? <?php //connect to your database mysql_connect("localhost","web225-content","Password"); //(host, username, password) //specify database mysql_select_db("web225-content") or die("Unable to select database"); //select which database we're using $query = trim($_GET['q']); $query = preg_replace('#[^A-Za-z0-9 ]#', '', $query); if (3 < strlen($query)) { //words with less then 3 characters are considered invalid $query = escape($query); $query = 'SELECT thearticle, REF FROM cmsarticles' . " WHERE thearticle = '$query' OR thearticle LIKE '%$query%'" . ' ORDER BY id'; $result = query($query); if (0 < ($row_count = row_count())) { $page = ctype_digit($_GET['p']) ? intval($_GET['p']) : 1; $items_per_page = 20; $number_of_pages = floor($row_count / $items_per_page); $offset = ($page - 1) * $items_per_page; for ($number = 1, $index = $offset; $index < $row_count && $index < $offset + $items_per_page; ++$number, ++$index) { $thearticle = mysql_result($result, $index, 'thearticle'); $ref = mysql_result($result, $index, 'REF'); echo "$number. <a href=\"$ref\">$thearticle</a><br>\n"; } mysql_free_result($result); echo ((1 < $page) ? '<a href="'.build_url(array('p'=>$page-1)).'">< previous</a>' : '<strong>< previous</strong>'), ' ', (($page < $number_of_pages) ? '<a href="'.build_url(array('p'=>$page+1)).'">next ></a>' : '<strong>next ></strong>'); }} ?>
  6. The code below is for generating my website search engine, the problem im having is i want the variable "what my visitors are looking for to highlight within all the text" so when they hit search it highlights the variable now i have tried loads of diffrent methods but i am unable to intergrate into the script below. the script works fine at the moment with no errors this is only an extra. Thanks for any help offerd. <?php // Get the search variable from URL $var = @$_GET['q'] ; $trimmed = trim($var); //trim whitespace from the stored variable // rows to return $limit=10; // check for an empty string and display a message. if ($trimmed == "") { echo "<p>Please enter a search...</p>"; exit; } // check for a search parameter if (!isset($var)) { echo "<p>We dont seem to have a search parameter!</p>"; exit; } //connect to your database mysql_connect("localhost","username","password"); //(host, username, password) //specify database mysql_select_db("My database") or die("Unable to select database"); //select which database we're using // Build SQL Query $query = "select * from cmsarticles where thearticle like \"%$trimmed%\" order by ID"; $numresults=mysql_query($query); $numrows=mysql_num_rows($numresults); if ($numrows == 0) { echo "<h4>Results</h4>"; echo "<p>Sorry, your search: "" . $trimmed . "" returned zero results</p>"; } // next determine if s has been passed to script, if not use 0 if (empty($s)) { $s=0; } // get results $query .= " limit $s,$limit"; $result = mysql_query($query) or die("Couldn't execute query"); // display what the person searched for echo "<p>You searched for: "" . $var . ""</p>"; // begin to show results set echo "Results"; $count = 1 + $s ; // now you can display the results returned while ($row= mysql_fetch_array($result)) { $title = $row["thearticle"]; $link = $row["REF"]; echo "$count.)$title<a href='$link'>Click here to view full document</a><br><br>"; $count++ ; } $currPage = (($s/$limit) + 1); //break before paging echo "<br />"; // next we need to do the links to other results if ($s>=1) { // bypass PREV link if s is 0 $prevs=($s-$limit); print " <a href=\"$PHP_SELF?s=$prevs&q=$var\"><< Prev 10</a>&nbsp "; } // calculate number of pages needing links $pages=intval($numrows/$limit); // $pages now contains int of pages needed unless there is a remainder from division if ($numrows%$limit) { // has remainder so add one page $pages++; } // check to see if last page if (!((($s+$limit)/$limit)==$pages) && $pages!=1) { // not last page so give NEXT link $news=$s+$limit; echo " <a href=\"$PHP_SELF?s=$news&q=$var\">Next 10 >></a>"; } $a = $s + ($limit) ; if ($a > $numrows) { $a = $numrows ; } $b = $s + 1 ; echo "<p>Showing results $b to $a of $numrows</p>"; ?>
  7. any idea were i would start looking to find the problem?
  8. when i change line 210 to for($i=1;$i<=$no_of_days i++){ from for($i=1;$i<=$no_of_days; i++){ then i only get error HTTP/1.1 500 Internal Server Error Server: Microsoft-IIS/7.0 X-Powered-By: ASP.NET Date: Fri, 16 Apr 2010 19:39:14 GMT Connection: close Content-Length: 140 PHP Parse error: syntax error, unexpected T_INC, expecting ';' in \\10.0.3.22\home\thunderhosts.co.uk\public_html\calendar.php on line 210 any ideas i beleve if i can get this error then the script will run ? the calendar.php code is <? $prm=$_REQUEST['prm']; $chm=$_REQUEST['chm']; $roomtypeid=$_REQUEST['roomtype_id']; $capacity1=$_REQUEST['capacity']; //666666666666666666666666666666666666666666666 $current_date=date('m/d/Y'); //echo $current_date.'<br>'; function GetDays($sStartDate, $sEndDate){ // Firstly, format the provided dates. // This function works best with YYYY-MM-DD // but other date formats will work thanks // to strtotime(). $sStartDate = gmdate("Y-m-d", strtotime($sStartDate)); $sEndDate = gmdate("Y-m-d", strtotime($sEndDate)); // Start the variable off with the start date $aDays = $sStartDate; // Set a 'temp' variable, sCurrentDate, with // the start date - before beginning the loop $sCurrentDate = $sStartDate; // While the current date is less than the end date while($sCurrentDate < $sEndDate){ // Add a day to the current date $sCurrentDate = gmdate("Y-m-d", strtotime("+1 day", strtotime($sCurrentDate))); // Add this new day to the aDays array $aDays = $aDays.",".$sCurrentDate; } // Once the loop has finished, return the // array of days. return $aDays; } function full_booking($array) { $ret_array=array(); $count_n=count($array); $array_1=explode(',',$array[0]); for($i=0;$i<count($array_1);$i++) { for($k=1;$k<$count_n;$k++) { if(in_array($array_1[$i],explode(',',$array[$k]))) { $f1=1; } else { $f1=0; break; } } if($f1) $ret_array[]=$array_1[$i]; } return $ret_array; } $conn1 = new COM("ADODB.Connection") or die("Cannot start ADO"); $conn1->open("DRIVER={Microsoft Access Driver (*.mdb)}; DBQ=". realpath("http://www.thunderhosts.co.uk/db/bsihbs.mdb").";"); //^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ $rs50=$conn1->execute("select * from h_bookinfo where checkout_date >#".$current_date."# and roomtype_id=$roomtypeid"); $rs51=$conn1->execute("select * from h_room where roomtype_id=$roomtypeid and capacity=$capacity1"); $m50 = $rs50->Fields(13); $m51 = $rs51->Fields(0); $booked_array=array(); $available_array=array(); while(!$rs50->EOF){ $booked_array[]=$m50->value; $rs50->MoveNext(); } while(!$rs51->EOF){ $available_array[]=$m51->value; $rs51->MoveNext(); } $intersect_array = array_intersect(array_unique($booked_array),$available_array); $different_array=array_diff($available_array,$intersect_array); if(count($different_array)==0) $flag_a=1; else $flag_a=0; //vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv if($flag_a){ $rs1=$conn1->execute("select * from h_bookinfo where checkout_date >#".$current_date."# and roomtype_id=$roomtypeid order by room_id"); $f11 = $rs1->Fields(18); $f21 = $rs1->Fields(19); $f31 = $rs1->Fields(20); $f41 = $rs1->Fields(23); $f51 = $rs1->Fields(13); $f61 = $rs1->Fields(14); $allbooking=array(); $startFlag = true; $strBuff1 = ""; $strBuff2 = ""; $lastid = ""; while (!$rs1->EOF) { if($f31->value==true or $f41->value==true or ($f31->value==true and $f41->value==true)){ $rs2=$conn1->execute("select * from h_room where roomtype_id=$roomtypeid and capacity=$capacity1"); $k11 = $rs2->Fields(0); $falg1=0; while (!$rs2->EOF) { if($f51->value==$k11->value){ //$strBuff1 = $onearray[1].",".$onearray[2]; $strBuff1 = getDays($f11->value,$f21->value); if($lastid == $f51->value || $startFlag == true){ $strBuff2 = strlen($strBuff2) == 0 ? $strBuff1 : $strBuff2.",".$strBuff1; $startFlag = false; } else{ $allbooking[$lastid] = $strBuff2; $strBuff2 = $strBuff1; //echo "Buff2: ".$strBuff2."<br>"; } $lastid = $f51->value; //echo print_r($getdates); //echo '<br>'; /*$n99=count($getdates); for($kkk=0; $kkk<$n99; $kkk++){ $allbooking[]=array($f51->value,$getdates[$kkk]); }*/ //echo $f11->value.'-'.$f21->value.'->'.$f31->value.'->'.$f41->value.'->'.$f51->value.'->'.$f61->value.'<br>'; } $rs2->MoveNext(); $falg1++; } $rs2->Close(); //$rs2=$conn1->execute("select * from h_room where roomtype_id=".$f61->value); } $rs1->MoveNext(); } $allbooking[$lastid] = $strBuff2; $rs1->Close(); $conn1->Close(); if($falg1==1){ $booked_date=array(); $booked_date1=array_merge(array(),$allbooking); $booked_date=(explode(',',$booked_date1[0])); //print_r($booked_date); }else{ $allbooking=array_merge(array(),$allbooking); $booked_date=full_booking($allbooking); } } //echo '<br><br>'; //print_r($allbooking); //$allbooking=array_merge(array(),$allbooking); //echo '<br><br>'; //print_r(full_booking($allbooking)); /*echo '<br><br>'; print_r(array_repeated($allbooking)); echo '<br><br>'; print_r(array_repeated(array_repeated($allbooking))); echo '<br><br>'; print_r($booked_date); */ //hjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjj if(isset($prm) and $prm > 0){ $m=$prm+$chm; }else{ $m=date("m"); } $d=date("d"); // Finds today's date $y=date("Y"); // Finds today's year $m2=date("m"); $no_of_days=date('j',mktime(0,0,0,$m,1,$y)); // This is to calculate number of days in a month $mn=date('M',mktime(0,0,0,$m,1,$y)); // Month is calculated to display at the top of the calendar $mn1=date('m',mktime(0,0,0,$m,1,$y)); //echo '<br>'.(int)$mn1.'<br>'; $yn=date('Y',mktime(0,0,0,$m,1,$y)); // Year is calculated to display at the top of the calendar $j=date('w',mktime(0,0,0,$m,1,$y)); // This will calculate the week day of the first day of the month //echo $no_of_days.'-'.$mn1.'-'.$yn; for($k=1; $k<=$j; $k++){ // Adjustment of date starting $adj .="<td > </td>"; } /// Starting of top line showing name of the days of the week ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> </head> <body topmargin="0" bottommargin="0" leftmargin="0" rightmargin="0" background="img/main_bg2.jpg"> <?php echo "<table cellspacing='0' cellpadding='4' align=left style='border:1px solid #CC6600;'><tr><td align=center bgcolor='#FF9966' style='border:1px solid #CC6600;'><font size='3' face='Tahoma'> <a href='calendar.php?prm=$m&chm=-1&roomtype_id=$roomtypeid&capacity=$capacity1'><img src='img/Navigation_icons_14.gif' border=0></a> </td><td colspan=5 align=center bgcolor='#FF9966' style='border:1px solid #CC6600;'><font size='3' face='Tahoma'>$mn $yn </td><td align=center bgcolor='#FF9966' style='border:1px solid #CC6600;'><font size='3' face='Tahoma'> <a href='calendar.php?prm=$m&chm=1&roomtype_id=$roomtypeid&capacity=$capacity1'><img src='img/Navigation_icons_10.gif' border=0></a> </td></tr><tr>"; echo "<td style='border:1px solid #CC6600; background-image:url(images/corner_booked_right.jpg); background-repeat:no-repeat ' width='25' ><font size='2' face='Tahoma'><b>Sun</b></font></td><td style='border:1px solid #CC6600;' width='25'><font size='2' face='Tahoma'><b>Mon</b></font></td><td style='border:1px solid #CC6600;' width='25'><font size='2' face='Tahoma'><b>Tue</b></font></td><td style='border:1px solid #CC6600;' width='25'><font size='2' face='Tahoma'><b>Wed</b></font></td><td style='border:1px solid #CC6600;' width='25'><font size='2' face='Tahoma'><b>Thu</b></font></td><td style='border:1px solid #CC6600;' width='25'><font size='2' face='Tahoma'><b>Fri</b></font></td><td style='border:1px solid #CC6600;' width='25'><font size='2' face='Tahoma'><b>Sat</b></font></td></tr><tr>"; ////// End of the top line showing name of the days of the week////////// //////// Starting of the days////////// $waiting=0; $approved=0; for($i=1;$i<=$no_of_days i++){ if($y <= $yn and $m2<=$mn1) { //&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&& //&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&& if($y >= $yn and $m2==$mn1 and $d>$i) { echo $adj."<td valign=top bgcolor=#cccccc style='border:1px solid #CC6600;'><font size='2' color='#999999' face='Tahoma'>$i<br>"; // This will display the date inside the calendar cell echo " </font></td>"; } else { //#####booked date mark start######################### $n76=count($booked_date); for($pp=0;$pp<$n76;$pp++) { $b_date= $booked_date[$pp]; $exp_date=explode('-',$b_date); $b_year=$exp_date[0]; $b_month=$exp_date[1]; $b_day=$exp_date[2]; //echo $pp; if($yn==$b_year and $mn1==$b_month and $i==(int)$b_day) { $flag=1; } } //#####booked date mark start######################### if($flag) { echo $adj."<td valign=top bgcolor=#f7b961 style='border:1px solid #CC6600;'><font size='2' face='Tahoma'>$i<br>"; // This will display the date inside the calendar cell //echo $aaaaa;$aaaaa echo " </font></td>"; $flag=0; } else { echo $adj."<td valign=top bgcolor=#ffffff style='border:1px solid #CC6600;'><font size='2' face='Tahoma'>$i<br>"; //echo $aaaaa;// This will display the date inside the calendar cell echo " </font></td>"; } } } else { echo $adj."<td valign=top bgcolor=#cccccc style='border:1px solid #CC6600;'><font size='2' color='#999999' face='Tahoma'>$i<br>"; // This will display the date inside the calendar cell echo " </font></td>"; } $adj=''; $j ++; if($j==7){echo "</tr><tr>"; $j=0;} } echo "</tr></table>"; ?> </body> </html> [code]
  9. but the problem is i get error 500 :'( i cant trouble shoot the script all i know is the above
  10. were would i find the values ? i thought it was generic and as i am working with a 3rd party dcript im not 100% sure any suggestions?
  11. i beleve the error could lie within this part of code $no_of_days=date('t',mktime(0,0,0,$m,1,$y)); is there any obvious error here? or am i going the wrong direction?? this is starting to drive me crazy lol been working on this problem for over a month any help apreciated
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.