j.smith1981

Hi there I have a problem here, I think I may know what it is but just wanted some guidance on this issue. I took the logic from a previous help from the people on this forum and here is my landing page: <?php // ini_set("display_errors", 1); // randomly starts a session! session_name("jeremyBasicLogin"); session_start(); if(isset($_SESSION['username'])) { // display whatever when the user is logged in: echo <<<ADDENTRY <html> <head> <title>User is now signed in:<title> </head> <body> <h1>You are now signed in!</h1> <p>You can do now what you want to do!</p> </body> </html> ADDENTRY; } else { // If anything else dont allow access and send back to original page! header("location: signin.php"); } ?> This is where the user goes to when they go to this system (not a functional system, ie it doesnt actually do anything its more for my own theory. As you wont have a session on the first turn to this page it goes to: signin.php which contains: <?php // ini_set("display_errors", 1); require_once('func.db.connect.php'); if(array_key_exists('submit',$_POST)) { dbConnect(); // connect to database anyways! // Do a procedure to log the user in: // Santize User Inputs $username = trim(stripslashes(mysql_real_escape_string($_POST['username']))); // cleans up with PHP first! $password = trim(stripslashes(mysql_real_escape_string(md5($_POST['password'])))); // cleans up with PHP first! $sql = "SELECT * FROM users WHERE username='$username' AND password='$password'"; $result = mysql_query($sql); if(mysql_num_rows($result) == 1) { session_name("jeremyBasicLogin"); session_start(); $_SESSION['is_logged_in'] = true; $_SESSION['username'] = $username; //print_r($_SESSION); // debug purposes only! $_SESSION['time_loggedin'] = time(); // this is adding to the array (have seen the output in the SESSION vars! // call function to update the time stamp in MySQL? header("location: index.php"); } else if(mysql_num_rows($result) != 1) { $message = "You typed the wrong password or Username Please retry!"; } } else { $message = ""; } // displays the login page: echo <<<LOGIN <html> <body> <h1>Example Login</h1> <form id="login" name="login" action="{$_SERVER['PHP_SELF']}" method="post"> <label for="username">Username: </label><input type="text" id="username" name="username" value="" /><br> <label for="password">Password: </label><input type="text" id="password" name="password" value="" /><br> <input type="submit" id="submit" name="submit" value="Login" /> </form> LOGIN; echo "<p>" . $message . "</p>"; echo <<<LOGIN <p>Please Login to View and Edit Your Entries</p> <p><a href="register.php">Click Here To Signup</a><p> </body> </html> LOGIN; ?> This checks through user inputs and hopefully logs them in, when Ive inserted the data into the database itself it works, if I try and login but if a user fills in this form: signup.php: <?php //ini_set("display_errors", 1); $message =''; require_once('func.db.connect.php'); if(array_key_exists('submit',$_POST)) { dbConnect(); // connect to database anyways! // do some safe protecting of the users variables, apply it to all details! $username = trim(stripslashes(mysql_real_escape_string($_POST['username']))); // cleans up with PHP first! $email = trim(stripslashes(mysql_real_escape_string($_POST['email']))); // cleans up with PHP first! $password = trim(stripslashes(mysql_real_escape_string(md5($_POST['password'])))); // does as above but also encrypts it using the md5 function! $password2 = trim(stripslashes(mysql_real_escape_string(md5($_POST['password2'])))); // does as above but also encrypts it using the md5 function! if($username != '' && $email != '' && $password != '' && $password2 != '') { // do whatever when not = to nothing/empty fields! if($password === $password2) { // do database stuff to enter users details $sql = "INSERT INTO `test`.`users` (`id` ,`username` ,`password`) VALUES ('' , '$username', MD5( '$password' ));"; $result = mysql_query($sql); if($result) { $message = 'You may now login by clicking <a href="index.php">here</a>'; } } else { // echo out a user message says they got their 2 passwords incorrectly typed: $message = 'Pleae re enter your password'; } } else { // they where obviously where empty $message = 'You missed out some required fields, please try again'; } } echo <<<REGISTER <html> <body> <h1>Register Form</h1> <p>Please fill in this form to register</p> <form id="register" name="register" action="{$_SERVER['PHP_SELF']}" method="post"> <table> <tr> <td><label for="username">Username: </label></td> <td><input type="text" id="username" name="username" value="" /></td> </tr> <tr> <td><label for="email">Email: </label></td> <td><input type="text" id="email" name="email" value="" /></td> </tr> <tr> <td><label for="password">Password: </label></td> <td><input type="text" id="password" name="password" value="" /></td> </tr> <tr> <td><label for="password">Confirm Password: </label></td> <td><input type="text" id="password2" name="password2" value="" /></td> </tr> <tr> <td><input type="submit" id="submit" name="submit" value="Register" /></td> </tr> <table> REGISTER; echo "<p>" . $message . "</p>"; echo <<<REGISTER </form> </body> </html> REGISTER; ?> As I said when the user signs up when submitting the above form, it doesnt work, keeps coming up with a different value for the password, so I am about 99% certain its the password, but I have been maticulous about copying in the sanitize function for SQL injections and it just doesnt still work, really puzzled now. Any helps appreciated, Jeremy.

So there would be many productid's and just 1 qty for each product as yes with what I have as the rest of the program, I thought that was it, just was very late and was tired and probably wasnt concentrating properly. Thanks ever so much! Going to try and output those aswell, just to see what I can do with it, ace thanks!

I am having trouble understanding what this means: foreach($_SESSION['cart'] as $product_id => $quantity) I look forward to any responses in advance.

Ahh ok, I was treating it like any other custom function I have done where you go: function myFunction($var1,$var2) { // do whatever with $var1 . $var2; } $value1 = 'my first value'; $value2 = 'my second value'; myFunction($value1,$value2) // < thinking this is how you do the md5() function God I should have previously gone through a tutorial before I found on here and put that into mine, ace thanks ever so much for your help, will see what the output of TRUE is though and see what happens. What I have got allot into recently, is criticising my own methods for doing things, already learning allot about the more theoretical parts of application design, I am loving it though! Going to move this onto a complete auth system for myself and use various free security apps to see if I can break them deliberately to see if I can bump their security up a notch (something I have been dabbling with at work regarding PCI Compliance). But thats wonderful thank you soo much, Jeremy.

I have a weird problem with an md5() function. I am trying to write a token system, (just for my own fun really), going off an example guestbook I got help with from here. What my main aim is to allow the moderator for the guestbook to receive an email (which is working in its own context), with a link to a script page that checks into the database and when the user clicks on the link it allows the message in the guestbook to be shown. But when I try md5() the ip address of the user it works, but I thought if that same user went in and did another post, it would come up with the same checksum, causing quite bad problems to be honest. So I thought about using something like: $time = microtime(); $checksum = md5($ip,$time); But this keeps coming up with say: Is there anyway of getting around this at all? To show a real value as I am sure this wont work, any helps greatly appreciated, Jeremy

I always have the same trouble, just fiddling around with it usually helps myself. Its like I always use if(!isset($_SESSION)) is the one I start off with and then just bump it up later on, adding an stage of it every time to see where I am going wrong usually helps me, but thats just my way of doing things.

Ah ok thats cool, just not really using this of course for productional purposes more a prove to myself I could get it to return a value that's all, for educational purposes myself. Thanks for your help though as always much appreciated! Jeremy

I was wondering just a general question here. I am just going through a text book on the main aspects of a problem solving approach to PHP, but when I was just trying out one of my own theories on this particular one of my own: <html> <body> <h1>User Input set as functions</h1> <tt>Please enter a value below:</tt> <br> <form id="userInput" name="userInput" action="<?php echo $_SERVER['PHP_SELF']; ?>" method="get"> <input type="text" id="input" name="input" value="" /> <input type="submit" value="Send This" /> </form> <?php function mistake($errorvalue) { echo $errorvalue; } function getValue($userInput) { return $userInput; } if(!isset($_GET['input']) || $_GET['input'] == '') { mistake("No value received yet!"); // calls the error function } else { $input = $_GET['input']; echo "You did enter something, this was: "; $userInput = getValue($input); echo "$userInput"; } ?> </body> </html> I am quite impressed with what I have done there, though I know its nothing special and could obviously be done not using functions at all, just wanted to see if I could get one that returns something, in this case the 'getValue()' function. But when I've set it to work out what type of variable ie gettype is it? (going off completely memory here), its always a string, even if all I do is enter a 1, even tried not using the GET method for the form and used the POST one instead it still says that a single integer is a string. Why just out of question is it doing this? Just quite interested thats all. Thanks for your time and I look forward to any replies, Jeremy.

If its NTI in Leeds that could possibly be Simon Sharpe, I have been taught by him, when I was at University, hes a great guy, great at PHP. Had us doing an Ecommerce site when working on our first attempt at PHP, was merely asking us to see how far we could get with it. I got a 1st from him, hes a great tutor!

Ah ok of course yea! Thanks for that. Is there any site where I can get the same certification for maybe a bit cheaper than something like £600 then or doesnt that exist? Just thought I would put that up, since I am thinking of taking this but lack the funds to pay for such a certification. Thanks again, Jez

I have to agree fully with you, though I dont interview people, what I have learnt beyond University has been very rewarding. The things they didnt cover when I did Interactive Internet Systems was basic PHP stuff, not really focussing much at all on security, I am tempted to look at some of the scripts I tried using and hammering them myself, expose their flaws and try to work out a better more secure version of them. Though in the broad way across the whole spectrum of Computers, they tend to teach you that, its all about making it your own degree, they will deliberately leave things out (probably why they didnt cover security. I wish looking back, I could have deliberately hacked my application, then shown the tutors the old version I created and then shown a more secure version of it just to prove to them I have been working, I would have looked really good, but thats what allot of concious (excuse spelling) people who care about their education think anyways. Its like I would go out of a presentation wishing I had explained this, this and this, planning would only go so far but there's always points I missed out, I am my own worst critic! Good point though! Just one more thing if I may: That tends to cost quite allot doesnt it? Like one course I have seen (being biased towards my University) NTI in Leeds charge about £600 for this, I will post a link to their site if anyone wants to have a look? Really good thread though!

I am so sorry I havent replied to this. Ahh good thoughts on this though, I mean what I was under the impression of, was take a hosted web page with a hosting company for example. If someone was to hack into their file system (by what ever means of course), then if the sessions where filesystem based, they could possibly get in through that way. Having a session stored in a database, where they would be using different usernames and/or passwords than the account they got in through, would stop them looking at that, suppose though that doesnt really matter though as the company would need to firm up its security. Good thoughts though, Really helps allot thanks!

I have a question thats been bugging me for a while. I have a system I am supposed to be developing, where a customer (actually a franchisee), goes into input all their sales for a certain period, a month in this case. So all their sales get recorded on a monthly basis, this could be quite confidential information so SSL is obviously adventagious (excuse spelling), but in the actual architecture of this system, would it be advisable to go for file system based sessions or mysql based sessions? I mean we do have our own server which I am planning on using this on, but because this is confidential information, say if a Franchisee was to deliberately hack the system I have developed or in essence, hack into the server and login and make it look asif a competitor has done worse than them. Which one is best file or mysql? Just for thoughts really, also if mysql is the best for this purpose, has anyone got any good tutorials or found any I could use? Would be quite interesting though. Thanks in advance for any replies, Jez.

I dunno. I like to have control of when errors display or not so I usually set the option in a config file for each site. I usually have the php ini file set display_errors to on and then when I want them off, use an ini_set directive, error reporting level, in my website config file. I guess it doesn't matter which way round you do it, i.e keep display_errors to off in your ini file and then set them to on using ini_set. Just my preference. I am personally too paranoid about securuty so I always have display errors set to off and then display all the errors of course in the http logs. Thats the way I usually do it.

Thats the one thing I never get is the -> sign, why cant I ever remember what its called, suppose it could be called some kind of construct am I wrong or? But say with the 2 colons (: : but without the space, since it keeps putting up an emoticon grrr!) thats like -> but when your assigning an object with data, but the data itself is a constant. I believe the 2nd to be correct though could need a bit of rewording, I tend to say that when I am not 100% sure what I am talking about, since this stuff has only just come to get stuck in my head very lately, only now am I able to somewhat understand what I am doing for myself. Great discussions though! Gets my theory going I can tell you! Jez.

Ahh thats what it is! I just need to remove the @, brilliant. Will create some kind of exception then, really plugging into this all OOP related stuff, its making sense! Thanks for the speedy reply though! TBH I dont think that (with the tutorial I was looking at) tutorials that good, its got some stuf thats just pointless I think but its good to look at and expand on myself and make better, find my learning curve greatens and it allows me to learn a whole lot more! If that makes any sense lol.

Hi, I am really plugging into how to write functions in PHP. But I was going to delve into a user management program and try to create it, but dont want to be the older version of what I was before if you like, where I just type in for the sake of typing in code so I thought I would question what their doing. But a peice of code, a very small snippet, this came up: @mysql_connect What does this actually mean with the @ sign infront of the mysql_connect function? Seen this a few times but just never appreciated what the at sign means, any help is wonderfully appreciated of course. Thanks, Jeremy

I dont know off hand myself. I am just teaching myself object orientated programming but will have a look at a few examples and see what I can come up with. Shouldnt be too difficult though, depending on what you actually are trying to achieve.

An associated array could be something like: $myArray = array('myKey'=>1, 'anotherKey'=>2) while($element = each($myArray)) { echo "Key is: " . $element['key'] . " - Value is: " . $element['value']; } Not tested though! Thanks so much for all the help people have given me on this site I really truely appreciate it, cant wait for some replies to this would be good to hear someones opposing opinion of my code. I cant believe I am showing others how to do things, even though these are mostly taken from books I have read, but their really making sense, its well cool!

Its actually dead easy passing arguements to functions! I thought a few weeks ago it was the hardest thing ever dont have a clue why though grrr. Most of this is based on classes though (the only way in my head I can get them to work, anyone that wants to convert these into a more procedural approach, I dont mind at all! Here's a very simple one I have been working on (taken allot from a book I have been reading on an solution approach to PHP5 and MySQL by Apress, good book too I advise it I really do!): Here's a simple example of not really a proper class but objects in PHP alone, without delcaring a class (not advised in a real system obviously): <?php $ball->colour = "Green"; $ball->type = "Football"; echo $ball->colour; // Outputs Green echo $ball->weight; // Outputs 100 ?> To make this more formatted but I am not sure how this works, anyone care to explain this printf construct? printf("The ball's colour is %s, and its weight is %d kilos.",$ball->colour, $ball->weight); This will output: Not sure how the printf function works exactly, never really used it. The most basic way to create objects!

Hi there, I thought I would get ahead of myself for a project I just cant seem to get my head around and I was wondering if you could help. I have say 20 users on my web admin section yea? Each have say 40 posts (actually their building projects but lets just reffer to them as posts), how do I allow users to delete their own individual posts? I am a little confused about how to go about doing this, so any advice would be really appreciated. Thanks in advance.

No their not, they do the same thing in principle but their coded entirely in 2 different ways. X Windows Server is what makes the GUI possible, Graphical User Interface, I like to think of Linux as say like windows 3.1 but with an operational part behind the graphics interface called the server that talks to the commandline and issues commands to the shell. The shell is the Linux equivalent to the commandline in Windows (there's more than just one of them too, the common one is BASH Bourne Again Shell is what that stands for, cant remember his full name the guy that developed it but his surname was Bourne he gave up with it and then came back to it years later and finished it off), KORN is another cant remember the others they have their differences for different things. I love Linux myself, just restrained to Windows due to work, commercialisation etc (god its annoying!), why I have both on my working computer and Linux on my lite home made server out of a Linux machine, using the howtoforge tutorials. Its fun working in Linux!

Who wrote the code? A master at ASP.NET and average at PHP? What kind of opcode cache did they use for PHP? Did they use any at all? How did they configure PHP? How did they configure ASP.NET? How did they make sure that their benchmarks were representative of each language's strong point (e.g. ASP.NET may be faster at doing X, but PHP may be faster at doing Y)? Which platform did they run it on? What compiler flags did they use? The list goes on and on and on. There are too many factors to make any meaningful conclusion about their relative speed. Thats a very valid point that, I mean I do apologise about what I said about it coming from jamaica lol, was tired brain not functioning properly. Not to drift off topic here at all, but to make that kind of judgement would be really unfair, I mean generally Microsoft love to over load things, make things far more complex than they need to be, like have 10s of thousands of libraries (I know I am probably exadurating this, excuse spelling if you will), with direct X anyways, I mean its way over blown compared to what it needs to be, OpenGL is allot better controlled I think myself. Although I havent done allot but event that on button click whatever event handler it is, why have all that rubbish overblown in there? Microsoft just go with the old and put things over it to save money in developing things, ie Vista's kernel for the operating system itself (ie if you've ever used Linux before you'll understand the operating system doesnt include notepad, thats just a software they bundle with it), to run notepad you need a kernel to load that application, the bit of software that talks to the hardware. That was identical to XP, they just changed the face of it and probably added a few (with comparison to Linux with this) added modules to allow you to do more, where as windows 7 was a complete change I believe in the kernel, they dont let you know this because they are so user friendly, why I refuse to like Microsoft but then I am forced to due to the majority of my work being based on Windows. Ask yourself this, why in polls of the web servers live today does Linux Apache outwit IIS? Because its faster! I mean there are comparisons to this though Apache is quite slow at delivering media content, but there are tips on the web somewhere or lying around in some archive to optimise this issue, so that doesnt occur, I dont know about this myself only been told this from friends advice at work. Just goes to show how powerful Linux servers really are, literally once when Linux was first out, a company was developing some advanced calculation software based on the operating system, they left it continually running for 2 years, most of the time not doing anything at all came back on x day and it had the same performance asif it had just been installed right there and then in the same hour, its crazy that! I doubt everything Microsoft claims personally prefer to stick to the open source stuff (why I love PHP). God I need to stop waffling lol.

I will definately be taking a look at this. I am learning a huge amount, apologies I should have looked at this first rather than starting up a thread. Thanks ever so much for linking this tutorial though! Thanks again, Jez

Ahh yes of course I mean I understood what OOP was all about, just didnt fully appreciate until I started learning how to write very simple code at how managable it is. Its definately helping me understand some code I am expected to understand in my workplace, your replies have been invaluable to me really and I really thank you for that! Going to keep cracking on with it finding out things about it and try to develop as many as I can in my own applications, just so I can get more experience in using it, but what you have said, I will keep coming back to. Thanks ever so much for your advice, Jez.