Jump to content

ialsoagree

Members
  • Posts

    406
  • Joined

  • Last visited

Everything posted by ialsoagree

  1. Change: function createFile($output_filename = null) { if($this->ext == "JPG" OR $this->ext == "JPEG") { imageJPEG($this->dst_r, $this->uploaddir.$output_filename.'.'.$this->ext, $this->quality); } elseif($this->ext == "PNG") { imagePNG($this->dst_r, $this->uploaddir.$output_filename.'.'.$this->ext); } elseif($this->ext == "GIF") { imageGIF($this->dst_r, $this->uploaddir.$output_filename.'.'.$this->ext); } return $output_filename; } To: function createFile($output_filename = null) { if($this->ext == "JPG" OR $this->ext == "JPEG") { imageJPEG($this->dst_r, $this->uploaddir.$output_filename, $this->quality); } elseif($this->ext == "PNG") { imagePNG($this->dst_r, $this->uploaddir.$output_filename); } elseif($this->ext == "GIF") { imageGIF($this->dst_r, $this->uploaddir.$output_filename); } return $output_filename; }
  2. That's true, and for single quotes you have to concatenate anyway, but: $stuff = array('fruit_1' => 'apple'); echo "I want an $stuff[fruit_1]"; //Echoes: I want an apple echo "I want an ".$stuff['fruit_1']; //Echoes: I want an apple
  3. Erm, wouldn't it be better to store the user's ID in the DB, or are you not talking about registered users? My only concern is that, if a logged in user rates something, then comes back on a different computer, from their own perspective their rating is now gone and they can rate the item again (in reality, they've just rated the same item twice from 2 different IP's). Not to mention, if two people share a computer or an IP address, 1 of them will lose the ability to rate if the other one rates that item.
  4. if it was a single variable its as you say because is an array element should be separated from the query Actually, mine works just fine. I'm personally not a big fan of concatenating a variable to a double quoted string since it's just extra work, but both your way and my way will work.
  5. The SQL to check for the e-mail is not quite right: $sql = "SELECT `id` from users where `email`= '".$_POST[regemail]."' LIMIT 1"; Should be: $sql = "SELECT `id` from users where `email`= '$_POST[regemail]' LIMIT 1"; To check for the username, do the same thing: $sql = "SELECT `id` from users where `name`= '$_POST[regname]' LIMIT 1"; But remember you need another set of if/else in case of a duplicate.
  6. Cron: http://www.scrounge.org/linux/cron.html Windows Task Scheduler: http://msdn.microsoft.com/en-us/library/windows/desktop/aa383614(v=vs.85).aspx
  7. As jesirose points out, when you use double quotes for a string in PHP: $some_var = "Some string"; PHP is checking the double quotes for variables (it's parsing the string as PHP). Using single quotes will not parse a string to PHP. So if you're going to concatenate a variable to a string, use single quotes for the string, otherwise dont' concatenate: $string = 'some string.'; $other_string = 'this is '.$string; echo $other_string; // Echoes: this is some string $other_string = 'this is $string'; echo $other_string; // Echoes: this is $string $other_string = "this is $string"; echo $other_string; // Echoes: this is some string
  8. I don't normally use mysql_result, but I think the row parameter is not optional: echo mysql_result($query,0);
  9. From what I've been able to find on the web, you're better off attempting to sell support and updates for your software. The issue primarily becomes ease of use for your customers. If you give your software complicated methods of validating the software, your customers are either going to try to find ways around your checks by editing your plugin's code, or they're simply going to look for an easier solution from your competitors. In both cases, you're going to get bad word-of-mouth and that's not something you want. It's far easier to simply offer the plugin for free, but only provide support (from installation, to technical support, to updates) for valide copies. You might, for example, include a page with your plugin that your software can read. That page will, say, report it's license key (which your customer would input when they first install your plugin). You can then check that that license key is valid. If it is, you provide support, or make updates available to that user. If their key is invalid or expired, you can send them a request to purchase a new key. The easier you make things for your customers, the more likely they are to recommend you to others. If you make validating too complex or frustrating for your customer, they're just going to look through your code and try to figure out how to disable it altogether. You can read more about this type of thing here: http://stackoverflow.com/questions/1260516/licensing-web-applications
  10. Once again, I want to reinterate, you're not properly checking whether the user has logged in successfully. It's great that you're storing passwords with some amount of hashing/encryption, but your login script doesn't account for that: $dbusername = $row['username']; $dbpassword = $row['username']; } if ($username==$dbusername&&$password==$dbpassword) Firstly, as I indicated before, $dbpassword doesn't appear to have the right data saved to it. Secondly, because you're not hashing/encrypting the $password variable, authentication will always fail because $password will never == the hashed/encrypted password (well, unless someone put in the proper hash/encryptiong string of their actual password). That being established, to get it to redirect them after login, you might want to do something like this: Echo "Login successful. <a href='profile.php?id=[[insert user ID variable here]]'>Click here to enter members area</a"; Then have profile.php check $_GET['id'] for the user ID, and get the relevant information from the database.
  11. Sometimes this information is available through an XML feed that will may only have limited instructions available. XFire - an instant messaging service - for example, has a pretty extensive XML feed with a rather bare-bones set of instructions for using said XML feed. If you're not able to find information using a search for API, try searching for the game and "XML" or "XML feed" - you might find something that way.
  12. Well, for starters: while ($row = mysql_fetch_assoc($query)) { $dbusername = $row['username']; $dbpassword = $row['username']; } if ($username==$dbusername&&$password==$dbpassword) There's a few things wrong with this chunk of code: For starters, can users share the same username? If no, then you might want to check to make sure $numrows == 1 or == 0; the former means you have 1 regitered user with that username, the latter (which you already check) means no one with that username exists. If both conditions are false (IE. the number of rows is greater than 1) then you have multiple users with the same username, you should report an error to yourself (as the web administrator) so you can look into how that happened. If, however, users can share a username, then you need to modify your loop, because currently on the user with the last ID will be checked (and all other users with that username will never be able to login). Say you had 3 users with the username "Bob" - the way your script currently works, it would assign the details of the 1st "Bob" to the variable $row, then IMMIDIATELY overwrite $row with the details of the 2nd "Bob", then IMMIDIATELY overwrite $row with the details of the 3rd "Bob" - so if you were the 1st or 2nd "Bob" your login credentials are checked against "Bob" 3, and unless you have the same password, you won't authenticate. Secondly, you have this problem: $dbpassword = $row['username']; This should probably be: $dbpassword = $row['password']; Additionally, you should NOT store passwords as plain text. This is a huge security problem. Even if your website doesn't contain any sensitive information many users will use the same username and password across multiple sites. If your passwords aren't stored encrypted at all, you've now given a hacker access to users e-mail addresses, the password they might use for that e-mail address, and the username they might use on lots of websites. And you can be held liable for damages. You might want to look into phpass: http://www.openwall.com/phpass/
  13. Do you have any error suppression on? If not, we really need to see more of your PHP. If the error is in the code you've posted, you haven't provided enough context for us to find it. From what we can see of what you posted, there's no reason your code isn't working. We need to see more.
  14. $found_user = mysql_fetch_array($result); Can we see the mysql you used to generate $result? Copying the all the relevant PHP lines would be ideal.
  15. Actually, it would seem to me that your category ID column (which is probably your primary key) doesn't auto_increment and therefor you have to submit a unique ID with each new category manually.
  16. Your problem is here: "var url = "update_database.php?id="+id;" The URL only contains the ID, it doesn't contain the names and values of the form. Because you're not using the HTML submit feature (which would have the browser handling the HTTP request to submit all the form names and their values) you have to do this manually. That is, you have to rewrite the URL to include every form name, and the form value. For example: var url = "update_database.php?id="+id; var url = url+"&check1="+ //assign an ID to check1, and then you could use getElementById(ID Assigned).value
  17. I'm not sure what's wrong, but wanted to point this out in case it means something to anyone else, I think it's what PFMaBiSmAd was refering to. This is from the first index: ['f_names'] = String(99) "a:4:{i:0;s:18:"register_user_name";i:1;s:5:"r_u_n";i:2;s:10:"user_alias";i:3;s:12:"nickusername";} " ['1'] = String(99) "a:4:{i:0;s:18:"register_user_name";i:1;s:5:"r_u_n";i:2;s:10:"user_alias";i:3;s:12:"nickusername";} " This is from the second index: ['f_names'] = String(104) "a:4:{i:0;s:18:"register_password";i:1;s:5:"r_pass_word";i:2;s:10:"user_pass";i:3;s:12:"reg-pass-word";} " ['1'] = String(104) "a:4:{i:0;s:18:"register_password";i:1;s:5:"r_pass_word";i:2;s:10:"user_pass";i:3;s:12:"reg-pass-word";} " Notice that in the first index, f_names has "register_user_name" "r_u_n" "user_alias" etc. In the second index, f_names is an EXACT duplicate of '1' from below, it doesn't have "register_user_name" "r_u_n" or "user_alias".
  18. Firstly: $sql= "SELECT * FROM $table_name WHERE username ='$_POST[username]' AND password = password('$_POST[password]')"; You should NOT use the MySQL password function. That being said, you didn't really state what's wrong. So, what's the problem?
  19. Without knowing more about the incomming information I really can't provide a solution to you. Can you run your script as-is and copy the HTML from the page source? Without seeing the HTML form that will be submitted on an edit, add, or delete, it's not possible to provide you with a suggestion that is likely to work.
  20. Actually, __FILE__ might not do what I'm thinking. In any event, your 2nd problem is more straight forward. You can simply replace __FILE__ with wherever the user input is stored... IE. if it was submitted in a text box named "url" you'd replace __FILE__ with $_POST['file'] But you should make sure to validate user input in advance! $var2 = substr(strrchr($_POST['url'], '/'), 1); $var1 = substr($_POST['url'], 0, -(strlen($var2)));
  21. __FILE__ is a global constant defined by PHP. It should contain the entire URL and, iirc, any get variables (get variables WILL break this code iirc, please let me know if that's a problem).
  22. If you do the first method: $con = mysql_connect("localhost","root",""); if(!$con){ die ('Can not connect to : '.mysql_error());} mysql_select_db("ims",$con); if (!isset($_POST['cat'])) { $result=mysql_query("select cat_id,cat_name from category"); echo "<select name=cat>"; while($nt=mysql_fetch_array($result)) { echo "<option value=$nt[cat_id]> $nt[cat_name] </option>"; } echo "</select> <input type="submit" name="Next >>" />"; } else { //Check to make sure $_POST['cat'] is valid BEFORE you run any MySQL query!!! //display their original choice, include code for the 2nd drop down box } mysql_close($con); Keep in mind that code that echoes HTML before the database is declared and after the database is closed will be displayed both in the 1st and 2nd page.
  23. $var2 = substr(strrchr(__FILE__, '/'), 1); $var1 = substr(__FILE__, 0, -(strlen($var2))); I believe this will work, but it's untested, I'm just trying to work it out in my head so I strongly suggest testing it first and if it's not giving you what you expect, report back on your results.
  24. Does the number always appear after a slash "/"?
  25. Since HTTP is stateless (a non-constant connection) you'll either need to use multiple pages, run all the queries every time and use javascript to display the appropriate 2nd drop down, or use AJAX to populate a 2nd drop down box without refreshing. Of those options, the 1st is the easiest (and far more resource efficient than the 2nd), the 3rd is the hardest although debatebly the most convenient for the user (assuming the user even has AJAX enabled on their browser - most users will but not all). For the 1st option, you'll need to rewrite your page to check if an option has been selected and submitted (and if it has, populate the 2nd drop down box) or just proceed as normal (with a "next" button, so after they make their first choice, that choice is submitted and a 2nd drop down is populated on the next page). I hope that makes sense, I can provide a quick example if you need.
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.