mike12255
-
Posts
439 -
Joined
-
Last visited
-
Days Won
1
Posts posted by mike12255
-
-
nope just tested, the checksum only works if it is the exact same file for example, when I upload scripts they get a random name
so I upload note1.doc it goes to the db as ndfsfi_432.doc
so if i try and upload note1.doc the md5 is the same as the one in the db.
however if i open note1.doc copy everything and paste it into note2.doc and upload it the md5 is different so this is not an effective method.
-
i accept people to upload the notes in pdf doc rtf docx and in the future images so people that handwrite notes can upload them instead of rewriting
I can use md5_file is the files are the exact same but say the person changes the file just slightly im not sure if md5 will be the same.
-
My Project: Online school note sharing for my university.
How: You upload your note(s) get credits and with those credits buy other notes to download.
Problem: Whats to stop someone from uploading a note they have downloaded.
Security: Currently I have all notes go through an approval system where a staff member views the note sees if it is a legit note then approves it granting the user credits and making the note downloadable.
So does anyone have any theories about how I could stop someone from uploading a file that they have uploaded before or have downloaded?
timestamps on files md5checksums anything I need to find a way to fix this error and I have no idea.
-
have you tried echoing out all your variables to make sure your getting what you want from them?
-
Since you didn't bother to post the code that produces the error and the error message, it would be a little hard for anyone to directly help you.
Executing php code doesn't cause a header problem unless that code causes some character(s) to be output to the browser.
I did not have any errors as stated in my first post:
So strictly speaking I dont have a header error because my script does not produce errors.
@pikachu yeah I know about the exit thanks for making me aware I forgot it. and yeah i was just testing somthing quickly thats why there was a second s guess i forgot to fix it before posting.
-
addition to the sticked post
No.
I don't know how many times this has been stated, but I'll do it again. YOU CANNOT OUTPUT ANY CHARACTERS to the browser before you use a header() statement, a setcookie() statement, or a session_start() statement.
If the code that you are referring to is the 8 lines of HTML in your post above, that code is made up of about 200+ characters.
No characters where output before the header was sent so this was NOT the problem, was simply logic.
-
Couldnt edit the above post should read:
Solution: Turns out the headers will not send unless all of the other code is behind an else, possible addition to the sticked post?
-
Solution: Turns out the headers will not send unless all of the other code is behind an else userinfo.php?user=MikeH, possible addition to the sticked post?
So strictly speaking I dont have a header error because my script does not produce errors. However my script should be redirecting me to "notes.php?error=ad" but instead it just sends me back to the page I was previously at. My script is made to process a download via "tokens" and then redirect the user. That all works fine but what I am trying to do now is check if the user has already about the download and if they have redirect them to the error page letting them know. So in short the URL goes like this:
notes.php?viewn=2 -> purchase.php?user=MikeH&nid=2 (unseen page all processing) -> notes.php?error=ad
however what it is doing is:
notes.php?viewn=2 -> purchase.php?user=MikeH&nid=2 (unseen page all processing) -> notes.php?viewn=2
Here is the notes code:
<?php }else if (isset($_GET['viewn'])){ $cid = $_GET['viewn']; $query = "SELECT * FROM approvednotes WHERE cid =".$cid; $res = mysql_query($query) or die (mysql_error()); $i=0; $r=1; ?> <h2>Programs:</h2> <table summary="Summary Here" cellpadding="0" cellspacing="0"> <tr> <td><b>File Name</b></td> <td><b>Author</b></td> <td><b>Cost</b></td> <td><b>Buy</b></td> </tr> <?php echo "<tbody>"; echo "<tr class= \"dark\">"; while ($row = mysql_fetch_array($res)){ if($i == 1){ echo "</tr>"; $r++; if($r% 1 == 0){ echo "<tr class = \"light\">"; $i=0; $r = 0; }else{ echo "<tr class = \"dark\">"; $i=0; } } echo "<td> ". $row['name']."</td><td>".$row['username']."</td><td>".$row['value']." <img src=\"images/money.png \" height=\"30px\" /></td><td><a href=\"purchase.php?user=".$session->username."&nid=".$row['id']."\"><img src=\"images/buy.png\" height=\"30px\"/></a></td>"; $i++; } echo "</table>"; }?>Here is the purchase code:
<?php include("include/session.php"); if($session->checkLogin()){ $user= $_GET['user']; if ($user == $session->username){ $note = $_GET['nid']; $query3 = "SELECT * FROM users_downloaded WHERE nid=$note AND username='$user'"; $res3 = mysql_query($query3) or die (mysql_error()); $pass = mysql_num_rows($res3); if ($pass != 0){ header("Location: notess.php?error=ad"); } $nquery = "SELECT * FROM approvednotes WHERE id= ".$note; $nres = mysql_query($nquery) or die (mysql_error()); //Get info about the file while ($nrow = mysql_fetch_assoc($nres)){ $price = $nrow['value'] ; $location = $nrow['location']; } //see if user even has enough credits for this function creditcheck($username){ $usern= $_GET['user']; $query = "SELECT * FROM users WHERE username = '".$usern."'"; $res = mysql_query($query) or die(mysql_error()); while ($row = mysql_fetch_array($res)){ $credits = $row['credits']; } return $credits; } $credits = creditcheck($user); if($credits >= $price){ //user has enough credits to purchase note. $newamount = $credits - $price; $person = $session->username; $query = "UPDATE users SET credits =".$newamount." WHERE username='$person'"; $res = mysql_query($query) or die (mysql_error()); $query2 = "INSERT INTO users_downloaded (nid, username) VALUES ('$note','$person')"; $res2 = mysql_query($query2) or die (mysql_error()); header("Location: download.php?f=".$location); exit; }else{ //error not enough money!! header("Location: notes.php?error=ne"); } } }else{ header ("Location: notes.php?error=nl"); } ?> -
Ok i fixed the form it now looks like this:
<form action="course_proccess.php?action=approve" method="post"> <table align="left" border="1" cellspacing="0" cellpadding="3"> <tr> <td><b>Author</b></td> <td><b>File name</b></td> <td><b>Download</b></td> <td><b>Suggested catagory</b></td> <td><b>Select Catagory</b></td> <td>Approve</td> </tr> <td><input type="text " disabled="disabled" name="tr1_author" value="MikeH"></td> <td><input typee="text " disabled="disabled" name="tr1_name" value="A lot of my skills set back"></td> <td><a href= /uzEr%20Upl0ds/cache.zip > Download</a></td> <td>1001 Laws - Polceing </td> <td><select name="tr1_scatagory"> <option value="1"> Intro To Law </option> <option value="2"> 1001 Laws - Police Foundations </option> </select></td> <td><select name = "tr1_approve"> <option value = "1"> Yes</option> <option value = "2"> no</option> </select></td> </tr> <td><input type="text " disabled="disabled" name="tr2_author" value="MikeH"></td> <td><input typee="text " disabled="disabled" name="tr2_name" value="MM"></td> <td><a href= /uzEr%20Upl0ds/Michael Heintzman.doc > Download</a></td> <td>1001 Laws - Polceing </td> <td><select name="tr2_scatagory"> <option value="1"> Intro To Law </option> <option value="2"> 1001 Laws - Police Foundations </option> </select></td> <td><select name = "tr2_approve"> <option value = "1"> Yes</option> <option value = "2"> no</option> </select></td> </tr> <input type="hidden" name="rowCount" value="2"> <tr> <td><input type="submit" name="sendData" value="send"/></td> </tr> </table> </form>
however I printed the post and the name and filename location are not appearing this is what appears:
Array ( [tr1_scatagory] => 1 [tr1_approve] => 1 [tr2_scatagory] => 1 [tr2_approve] => 1 [rowCount] => 2 [sendData] => send )here is the process code:
if(isset($_GET['action'])){ if ($_GET['action'] == "approve"){ if(isset($_POST['sendData'])) { $dataArray = array(); $row_count = $_POST['rowCount']; for($i=1;$i<$row_count;$i++) { $approven = "tr".$i."_approve"; $approve = $_POST[$approven]; if($approve == 1) { //Move the info over to "approved files" and delete it out of newnotes $author = "tr".$i."_author"; $location = "tr".$i."_location"; $catagory ="tr".$i."_scatagory"; $filename = "tr".$i."_name"; $submitedby = $_POST['$author']; print_r($_POST); die("test"); $dataArray[]=array('author'=>$author,'fileName'=>$fileName,'Catagory'=>$catagory,'location'=>$location); var_dump($dataArray); }else{ //Email user saying they did not recive credits AND delete the entry } } if(!empty($dataArray)) { //now do what you want with the dataArray... var_dumb($dataArray); } } }if you want to view the site its cnotes.ca although you need an admin acc to view the admin center so if u make one ill make it an admin
-
So ive created a forum that I got handling several different approvals. (it is used to approve or decline all submitted notes) it works fine and it even submits fine im at the part know where i process the information and do something with it, below is my form:
<form action="course_proccess.php?action=approve" method="post"> <table align="left" border="1" cellspacing="0" cellpadding="3"> <tr> <td><b>Author</b></td> <td><b>File name</b></td> <td><b>Download</b></td> <td><b>Suggested catagory</b></td> <td><b>Select Catagory</b></td> <td>Approve</td> </tr> <td><input type="text " disabled="disabled" name="tr1_author" value="MikeH" </td> <td><input typee="text " disabled="disabled" name="tr1_name" value="A lot of my skills set back"</td> <td><a href= /uzEr%20Upl0ds/cache.zip > Download</a></td> <td>1001 Laws - Polceing </td> <td><select name="tr1_scatagory"> <option value="1"> Intro To Law </option> <option value="2"> 1001 Laws - Police Foundations </option> </select></td> <td><select name = "tr1_approve"> <option value = "1"> Yes</option> <option value = "2"> no</option> </select></td> </tr> <td><input type="text " disabled="disabled" name="tr2_author" value="MikeH" </td> <td><input typee="text " disabled="disabled" name="tr2_name" value="MM"</td> <td><a href= /uzEr%20Upl0ds/Michael Heintzman.doc > Download</a></td> <td>1001 Laws - Polceing </td> <td><select name="tr2_scatagory"> <option value="1"> Intro To Law </option> <option value="2"> 1001 Laws - Police Foundations </option> </select></td> <td><select name = "tr2_approve"> <option value = "1"> Yes</option> <option value = "2"> no</option> </select></td> </tr> <input type="hidden" name="rowCount" value="2"> <tr> <td><input type="submit" name="sendData" value="send"/></td> </tr> </table> </form>
so what I do in my process file is I have a for loop for all of the "TR's" in the table and if it is approved I have an if statment and then I want to add db stuff my problem is my $_POST's are returning blank and I have no idea why. Can someone please assit me with this? (p.s i have debugged and it does get into the if approve == 1 statment.
if(isset($_GET['action'])){ if ($_GET['action'] == "approve"){ if(isset($_POST['sendData'])) { $dataArray = array(); $row_count = $_POST['rowCount']; for($i=1;$i<$row_count;$i++) { $approven = "tr".$i."_approve"; $approve = $_POST[$approven]; if($approve == 1) { //Move the info over to "approved files" and delete it out of newnotes $author = "tr".$i."_author"; $location = "tr".$i."_location"; $catagory ="tr".$i."_scatagory"; $filename = "tr".$i."_name"; $submitedby = $_POST['author']; die($submitedby); $dataArray[]=array('author'=>$author,'fileName'=>$fileName,'Catagory'=>$catagory,'location'=>$location); var_dump($dataArray); }else{ //Email user saying they did not recive credits AND delete the entry } } if(!empty($dataArray)) { //now do what you want with the dataArray... var_dumb($dataArray); } } } -
Ok, how is this? Also the fields will not always be the same they change depending on what info is in the database.
<table align="left" border="1" cellspacing="0" cellpadding="3"> <tr> <td><b>Author</b></td> <td><b>File name</b></td> <td><b>Download</b></td> <td><b>Suggested catagory</b></td> <td><b>Select Catagory</b></td> <td>Approve</td> </tr> <td>MikeH</td> <td> A lot of my skills set back </td> <td><a href= /uzEr%20Upl0ds/cache.zip > Download</a></td> <td> 1001 Laws - Polceing </td> <td><select name="scatagory"> <option value="1"> Intro To Law </option> <option value="2"> 1001 Laws - Police Foundations </option> </select></td> <td><select name = "approve"> <option value = "1"> Yes</option> <option value = "2"> no</option> </select></td> </tr><td>MikeH</td> <td> MM </td> <td><a href= /uzEr%20Upl0ds/Michael Heintzman.doc > Download</a></td> <td> 1001 Laws - Polceing </td> <td><select name="scatagory"> <option value="1"> Intro To Law </option> <option value="2"> 1001 Laws - Police Foundations </option> </select></td> <td><select name = "approve"> <option value = "1"> Yes</option> <option value = "2"> no</option> </select></td> </tr> </table>
-
Do the hidden fields not posses the same data that the non-hidden ones do? I really appreciate you helping me, but I am confused about this.
-
Its wrote through php echos but ill give you the view source html
I have not added any forms or sumbit button yet so it is just a table because im not quite sure how to go about making a form with somthing like this:
<table align="left" border="1" cellspacing="0" cellpadding="3"> <tr><td><b>Author</b></td><td><b>File name</b></td><td><b>Download</b></td><td><b>Suggested catagory</b></td><td><b>Select Catagory</b></td><td>Approve</td></tr> <td>MikeH</td> <td> A lot of my skills set back </td><td><a href= /uzEr%20Upl0ds/cache.zip > Download</a></td><td> 1001 Laws - Polceing </td><td><select name="scatagory"><option value="1"> Intro To Law </option><option value="2"> 1001 Laws - Police Foundations </option></select></td><td><select name = "approve"> <option value = "1"> Yes</option> <option value = "2"> no</option> </select></td></tr><td>MikeH</td> <td> MM </td><td><a href= /uzEr%20Upl0ds/Michael Heintzman.doc > Download</a></td><td> 1001 Laws - Polceing </td><td><select name="scatagory"><option value="1"> Intro To Law </option><option value="2"> 1001 Laws - Police Foundations </option></select></td><td><select name = "approve"> <option value = "1"> Yes</option> <option value = "2"> no</option> </select></td></tr> </table>
-
thanks a lot i really didnt think of something like that at all.
-
no sorry I must not have made myself clear that table that I drew is a real form on my webpage I want to get info from all of the ones on the webpage form that say yes to approve.
-
yes I understand that part and actually have it working right now. My issue is say the user loses the note, I want them to be able to visit their profile and redownload and previously purchased notes. However Im not sure how to go about storing the information that they have purchased note X.
-
yes because only the results where approve == yes need to have modifications made into the db
-
Im creating a token system where if a user uploads notes they get tokens and can download other peoples notes. My problem is I am not sure where to store the information for who has bought the note for future download. Should I store the information in the database under the table that looks after the notes, in its own table, or in a file that has arrays of the Note names and the users who are allowed to download it.
I figured the best way would to have it in the db table that looks after the users but im not sure how I would get about making it so that every time the user bought another note I didnt have to add a new field.
-
If you do trash and start over again just know that it is not failure but progress. A lot of good projects went through many drafts and I encourage you to continue. Try using flowcharts to plan out your ideas before writing your code, if you dont already.
-
I was only able to take a quick look at it, but at first glance, I liked the looks of it. Im currently creating a website for my school for which I wanted to include a forum. If you are fine with it I would like to use this one and any modifications I make relay onto you? Good job so far with what you have done alone, impressive.
if this is open source of course.
-
So i got a table that looks somthing like this:
File Name | Download | Suggested Catagory | Select Catagory | Approve
--------------------------------------------------------------------------------------
test | Download | blah blah blah | Option menu | yes or no option menu
test | Download | blah blah blah | Option menu | yes or no option menu
test | Download | blah blah blah | Option menu | yes or no option menu
what I want to do is in the file that processes this it only looks at the ones that have had the "approve column" submitted as a yes. Next it will to a mysql entry into verrified notes. Problem is with X amount of entries in that form I dont know how to look at only the ones that have said yes. Do I create a new form for each entry or put them all as one entry and after this what do I do next?
-
ive looked at this for a while now and im not sure whats wrong, the error occured when i entered $cat and catagory into it, without that the query works perfectly fine, any help appreciated.
<?php INSERT INTO newnotes (uid, name, catagory, location) VALUES ('1', 'test', '1001 Laws - Polceing', '/home/mikeh/public_html/uzEr Upl0ds/Alyssa O'Leary.doc')the <php tag is only to give color and make it less dull the query is from a die($query) statment
-
Some websites i've visited you select your country and depending on what country you select the states in the select field below change without refreashing the page. How do you got about doing this. I want to make it so that the user can select a catagory and then a subcatagory without refreashing the page. It will be going into the code posted below:
<?php $query = "SELECT * FROM catagories ORDER BY name ASC"; $uploadLocation = "/home/mikeh/public_html/uzEr Upl0ds/";?> <div id="main"> <div id="caption">UPLOAD FILE</div> <div id= "pholder"> <div id="icon"> </div> <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post" name="fileForm" id="fileForm" enctype="multipart/form-data"> File to upload:<center> <table> <? $res = mysql_query($query) or die (mysql_error());?> <tr><td><select name="catagory"> <?php while ($row = mysql_fetch_array($res)){ ?> <option value="<?=$row['id']?>"><?=$row['name']?></option> <? } ?> </select></td></tr> <tr><td> <label for="code"> Course name eg. 1001 Laws - Intro To Law</label></td></tr> <tr><td><input name="code" type="text" /></td></tr> <tr><td><input name="upfile" type="file" size="36"></td></tr> <tr><td align="center"><br/><input class="text" type="submit" name="submitBtn" value="Upload"></td></tr> </table></center> </form> </div> <?php -
The code and the URL to your site that you posted doesn't match the code and the filename mentioned in the error message. It will be a little hard to actually help you without the actual code/file that the error message indicates the problem is occurring in.
I always miss the little things.. turns out that error log was from a previous test i tried. This works fine my ftp client just was not updating properly thanks for the input everyone.
how to protect php file
in PHP Coding Help
Posted
I dont understand what you mean. People cannot see the code that is inside <?php and ?>
although for connecting to db and stuff people normally use the include statement and keep that stuff in a seperate file. Go here