joel24

you can use user.php without index.php if you wish... I just put in index.php so you could create a list of the users in your database and link to that user in user.php - up to you how you use it

sorry - i had left my filemtime() code in there from the first example when I thought you were looking for the modified time also. I've just tested this and it works on my local. Could you please test it out? and if it's not working do a var_dump of what it's returning. function read_log() { global $path; // Declare Array for holding data read from log file $name = array(); // array for file name $count = array(); // array for file count $file_list = array(); $logPath = "$path/Includes/log"; $file = fopen($logPath,"r"); //i've removed your file() command here as fscanf requires a resource handle from fopen() and file() would return an array. if(!$file) { return null; } // Read the entire contents of the log file into the arrays while ($data = fscanf($file,"%[ -~]\t%d\n")) { list ($name, $count) = $data; $file_list[] = array('name'=>$name, 'count'=>$count); } fclose($file); // $file_list contains data read from the log file as an array (filename => count) krsort($file_list); //we need to reverse the array as the log items are added in chronological order (first to last), could use array_reverse here also. return $file_list; }

and then the script to show the user (i've linked it as /user.php) <?php $con=mysqli_connect("localhost","username","password","database"); // check connection if (mysqli_connect_errno()) { echo "Failed to connect to MySQL: " . mysqli_connect_error(); } if (!isset($_GET['id']) || !is_numeric($_GET['id'])) exit("You need a numeric user ID to view this page"); $id = $_GET['id']; $result = mysqli_query($con,"SELECT * FROM honor WHERE id='$id'"); $row = mysqli_fetch_assoc($result); //$row will contain all the fields for that user's row in the database echo "Name: " . $row['name'] . " " . $row['title']; echo "<br>"; mysqli_close($con); ?>

are you able to log into phpmyadmin and see what users are created...? otherwise what kind of machine are you on? windows? mac? linux? centos?

running php from your database? as you've said, it's bad idea and indicated a need to restructure your code. you need to run a php script to use the eval function... so obviously you have a php script somewhere? php is a server side coding language which is able to connect to your database, retrieve, insert and update information and then send data to the user (usually html). I'd suggest doing a few tutorials, or simply leaving the links as relative... Could you post your script which is currently showing the website to the user?

/* Send the message using mail() function */ $success = mail($myemail, $subject, $message,"Content-type:text/html\r\nFrom:".$email); if ($success){ echo "<p><b>Your message has been successfully sent. <a href=\"http://www.mywebsite.com\" title=\"Return to our homepage\">Return To The Homepage</a></b></p>"; } else { //send an email alerting you mail($myemail, "Email error", $message,"Content-type:text/html\r\nFrom:".$email); echo "<p><b>An error occurred when sending your email. If the problem persists please contact us on xxxx-xxxx"; } something like this should work, though it's a little unreliable as if there is an issue with the mail sending, it may not be able to send to you either. To setup a log, //add these to the top of your script. ini_set("log_errors", 1); ini_set("error_log", "path/to/your/log/file.log"); //then when you want to write a log entry error_log("This is the error message being written to the error.log"); you can read up about this error_log method here http://php.net/manual/en/function.error-log.php

When you have the URL, you need to call that method. i.e. <?php echo "<a href='" . getAbsoluteUrl($row['relativePath']) . "'>Here is a link</a> ?> You'll need to replace $row['relativePath'] with the variable you're currently using to display the URL / path.

In that case, you won't be able to see the timestamp for each filename download count... though you can easily order it if they're added in chronological order. // Function to read the log file, and return an array as (filename => downloads) function read_log() { global $path; // Declare Array for holding data read from log file $name = array(); // array for file name $count = array(); // array for file count $file_list = array(); $logPath = "$path/Includes/log"; $file = fopen($logPath,"r"); $file = @file($logPath); if(empty($file)) { return null; } // Read the entire contents of the log file into the arrays while ($data = fscanf($file,"%[ -~]\t%d\n")) { list ($name, $count) = $data; $file_list[] = array('name'=>$name, 'count'=>$count, 'modifiedTime'=>filemtime("$logPath/$name")); } fclose($file); // $file_list contains data read from the log file as an array (filename => count) krsort($file_list); //we need to reverse the array as the log items are added in chronological order (first to last), could use array_reverse here also. return $file_list; }

are you trying to limit it so only 4 people can sign up? your query is getting the count of users who have signed up with that username/password combination. If you want to get the total users do a SELECT count(*) or simply remove teh where clause from that query and your code should work... using count() is a better solution though it will require some small PHP changes. $query= mysql_query("SELECT * FROM users WHERE username = '$username' && password='$password'"); should be $query= mysql_query("SELECT username FROM users"); //we don't want to select all the data if you're just counting

why don't you do a mysql replace to remove the absolute URL and just use the file path so you can implement a more dynamic solution as per my original reply? i..e (ensure to remove the entire URL... i.e. if it's http://www.developmentsiteaddress.com then use that value.) UPDATE `table_name` SET `pathColumnName` = replace(pathColumnName, 'http://developmentsiteaddress.com', '')

Have you checked your spam/junkmail? You're setting the from email address to whatever value the customer enters... you should hardcode the from email address to an email address you own (and test that it works)... and if you want to be able to reply, you can add a "reply-to" header also. You're sending the emails from a web server which will have no matching DNS records for the SPF/DKIM check and will most likely be ending up in the spam box if it's trying to send an email from another domain which the SPF/DKIM can resolve. I'm not a wizard at the spam filter auth process though from a glance this would be my first suggestion (to check your spam filter). You should also have a if condition to check if the mail method worked correctly, currently you're just telling everyone that their email has been sent. /* Send the message using mail() function */ $success = mail($myemail, $subject, $message,"Content-type:text/html\r\nFrom:".$email); if ($success){ echo "<p><b>Your message has been successfully sent. <a href=\"http://www.mywebsite.com\" title=\"Return to our homepage\">Return To The Homepage</a></b></p>"; } else { //here you should set up logging to log the error so you can debug echo "<p><b>An error occurred when sending your email. If the problem persists please contact us on xxxx-xxxx"; }

do you store them as absolute links? store them as relative and then you can play with them easily after retrieving... i.e. create a method which creates an absolute URL from a relative link based on the current domain. function getAbsoluteUrl($relativePath) { return $_SERVER['HTTP_HOST'].$relativePath; } //and then when you want the absolute URL call that method.

is phpmyadmin available? try going to http://localhost/phpmyadmin in your browser I'd suggest creating the database through that and then just using PHP to deal with inserting and retrieving of rows.

** Edit ** I've just had a reread of your question, what data is stored in each log file? Is there a timestamp for each log file or is a new logfile created for each log entry? The following code will need to be adjusted after the above is answered... // Function to read the log file, and return an array as (filename => downloads) function read_log() { global $path; // Declare Array for holding data read from log file $name = array(); // array for file name $count = array(); // array for file count $file_list = array(); $logPath = "$path/Includes/log"; $file = fopen($logPath,"r"); $file = @file($logPath); if(empty($file)) { return null; } // Read the entire contents of the log file into the arrays while ($data = fscanf($file,"%[ -~]\t%d\n")) { list ($name, $count) = $data; $file_list[] = array('name'=>$name, 'count'=>$count, 'modifiedTime'=>filemtime("$logPath/$name")); } fclose($file); // $file_list contains data read from the log file as an array (filename => count) usort($file_list,'compareFileModifiedTimes'); return $file_list; } function compareFileModifiedTimes($array1,$array2) { return strtotime($array1['modifiedTime']) > strtotime($array2['modifiedTime']); } It's using the PHP usort method and I've restructured a bit of your code to make it more readable.. (i.e. removing the two arrays (name/count) and just using one from the start). I've not tested it yet though ensure you turn on error_reporting if you experience any errors.

use ajax polling to send requests every x seconds to the server, when you initiate a session for a user then store that in a row in the database and each time this ajax request is received update that row to have "lastContactTime" set to the time of the ajax request... When a user logs in it will create a new row in the above table as it's a login request if they're logged out when they move outside of the network. or, if whilst logged into the site, they're required to be clicking new pages frequently, then you can just ensure on each page load whilst logged in, you can skip the ajax polling and update the lastContactTime field each time a page is loaded and a user is logged in. or i'm sure you could muster up a solution using socket.io though it may be overkill.

are the database and php code both on the same server/machine - i.e. your localhost? Are you sending over a password when you try to connect? go to http://localhost/phpmyadmin and have a look at the user and ensure it's setup correctly.

you need to run the PHP command to initiate a session. session_start(); http://php.net/manual/en/function.session-start.php

The error you're seeing is because you're sanitizing the $_GET['download_file'] URL which is good, though the / is being removed. This should not be in there, read below. straight away i see a security risk, you need to jail the downloads to a single folder - if you have that someone could change the link to be www.mysite.com/downloads/download.php?download_file=index.php and then follow that code to download each file in your site and view the code to hack. You need to remove the directory from the download link and just pass a filename... or even an ID linked to a list of files in your database, then you can increase a counter each time one is downloaded so you know how many times it's downloaded.. For now if you don't want a database with each file, just change your code to have the download directory written into the code so it's not passed in the URL.

you should just use a captcha field to stop spammers, https://developers.google.com/recaptcha/old/docs/php

as long as they're not modifying the same field, it's fine... I'm not sure what kind of system you're running though the above will only be an issue if there are multiple people using hte same account or updating the same user row, then you can put a lock on the row though it's starting to seem like a convoluted solution to a simple problem. multiple connections to the table doing whatever is fine, if one tries to edit the same row whilst another is editing, the second edit's attempt will overwrite the first.

you'll need a php script delivering the file if you want to ensure security... though if security isn't a huge issue (i.e. someone could copy the direct download link and send it to someone else and that's okay), then just have a javascript which disables the download button for x seconds... are you just wanting to advertise before the file is downloaded? then just have two html files, or even just the one... set setTimeout() in your javascript and you can have a countdown on whichever page before activating the download link. check this jsfiddle on this stackoverflow post; http://stackoverflow.com/a/6146437

you'll want to do a file_get_contents and then search through the entire file with strpos which is a lot less efficient than if you were to store the IP address in the database. Why do you want to know if they've been there before? Set a cookie if it's not too important... what if someone is at a university and has a shared IP address? Setup a database table, add the email address and other details and do a SELECT query to see if that IP address, or email exists.

put some debugging in there to see if you reach that block as you've got a few if conditions prior <div class="page-content"> <?php echo "<h1>IN HERE</h1><pre>".print_r($sel_page,1); ?> </div>

I would just use a single database and set it up in a relational way to have a region table and link each user to that table, why do you have multiple instances? are the applications vastly different between regions?

use .htaccess to block the /public_html/directory/downloads directory with a 'block from all, allow from 127.0.0.1' or the apache user and then deliver the file to the user using readfile... though this will use up some resources if you're delivering large files... http://php.net/manual/en/function.readfile.php here's a few stack overflow posts which should help http://stackoverflow.com/questions/14024877/deny-direct-download-of-file-using-php http://stackoverflow.com/questions/10834196/secure-files-for-download