jmr3460

Been testing and I wanted to know which is more reliable. Checking for just extension or type? This is what I have so far: if(isset($_FILES['test_file']['tmp_name'])){ $acceptable_ext = array('pdf' => 'application/pdf', 'doc' => 'application/msword', 'docx' => 'application/msword', 'pub' => 'application/vnd.mspublisher', 'pub' => 'application/x-mspublisher'); //$ext = pathinfo($_FILES['test_file']['name'], PATHINFO_EXTENSION); $type = $_FILES['test_file']['type']; if(in_array($type, array_values($acceptable_ext))){ //process form echo "Upload: " . $_FILES["test_file"]["name"] . "<br />"; echo "Type: " . $_FILES["test_file"]["type"] . "<br />"; echo "Size: " . ($_FILES["test_file"]["size"] / 1024) . " Kb<br />"; echo "Stored in: " . $_FILES["test_file"]["tmp_name"]; } else { echo "Wrong Extension"; } } or if(isset($_FILES['test_file']['tmp_name'])){ $acceptable_ext = array('pdf' => 'application/pdf', 'doc' => 'application/msword', 'docx' => 'application/msword', 'pub' => 'application/vnd.mspublisher', 'pub' => 'application/x-mspublisher'); $ext = pathinfo($_FILES['test_file']['name'], PATHINFO_EXTENSION); //$type = $_FILES['test_file']['type']; if(in_array($ext, array_values($acceptable_ext))){ //process form echo "Upload: " . $_FILES["test_file"]["name"] . "<br />"; echo "Type: " . $_FILES["test_file"]["type"] . "<br />"; echo "Size: " . ($_FILES["test_file"]["size"] / 1024) . " Kb<br />"; echo "Stored in: " . $_FILES["test_file"]["tmp_name"]; } else { echo "Wrong Extension"; } } Both ways work. Is one more reliable than the other?

Thank you I will test this for a bit. I have done some research and found some MIME type references that I can use for this. Thank you for your help.

OK so if: $acceptable_ext = array('pdf' => 'application/pdf', 'doc' => 'application/doc', 'docx' => application/docx'); $ext = pathinfo($_FILES['uploadedfile']['name'], PATHINFO_EXTENSION); if(in_array($ext, array_keys($acceptable_ext))){ //process form } Or would it be: $acceptable_ext = array('pdf' => 'application/pdf', 'doc' => 'application/doc', 'docx' => application/docx'); $type = $_FILES['uploadedfile']['type']; if(in_array($type, array_keys($acceptable_ext))){ //process form }

I know this may be irrelevant as I am working on a test script that will tell me about file types using $_FILES[test_file][type] with a say word document or a pdf. I did add to the bit above: chmod($target, 0644); I am really not dealing with images yet.

I was hacked by a spammer and I found that they got in using a form that did not have any security. I did not restrict file extensions. I know, I probably deserve it. Anyway I have read a bit the past few days about security and Mag posted some links that I am using to help me with security. First is to check the Referrer. I will have to get to that one. (But I will research for sure) Second is Restricting file types. This is where I am starting. What I have done is started by only accepting 5 file extensions with this bit of code. //This should process uploaded files $accept_ext = array('doc', 'docx', 'wps', 'pub','pdf'); $ext = pathinfo($_FILES['uploadedfile']['name'], PATHINFO_EXTENSION); if(!inarray($ext, $accept_ext){ //Explain security risk a little more so a non techi will understand //Maybe create a link with form data will still be in form //Will need to research this possibly using $_GET. Instead of echoing Sorry //maybe use header function to a page that will process variables in a new form. //Then Giving a warning about "Wrong File Extension." echo "Sorry Wrong File Extension. Try Again. <input type=button value=\"Back\" onClick=\"history.go(-1)\">"; } else { $target = "/home/crowleys/public_html/admin/uploads/"$date."-".$event_link.".".$ext @copy($_FILES[file][tmp_name],$target); } My first question is, "Is file extension the same as file type"? If not what should I start doing first with my form. The form is a bit long and I was going to rewrite bit by bit. Can anyone give me a starting? Thanks for any assistance.

Shouldn't it be: $ref_id = $_GET['ref']; Are you setting the variable value?

I guess I am just wanting to find out if the searches on this page is working properly and how maybe how the search pages are displaying on your machines. I am testing with FF and IE mostly and before I finish I usually test in Safari. Yes I guess it is a simple site. Some of these files were created as I was learning PHP and did not know how to do some things that I can do now. I have to admit that I have not been concentrating on validation since I have been learning PHP. I will work on this because I know that it will help in the display issues that I sometimes run into with IE. And I will go back to all of the pages of scripts and make sure that all have the same appearance. Though it has been a while since I have used iframes I will have to think about that one. If I do use iframes and the user goes to one of the links on the framed site it would take them completely away from my site, is that correct? If I went to the GET method would I still have the same capabilities with the select list? What is the advantages of using GET over POST. Before I forget Thank all of you for your comments I get a lot of useful information from this site. I hope to be able to do the same some day.

Hey all, I have been working part time on a site that I volunteer for. I have developed this site from scratch and it is a growing process. I only need the search part of this page or pages tested. The searches are not actually live yet. The links in the header and the links in the footer will take you away from the searches. I am about ready to link this meeting list to the site though. Because I am the only one who is working on the site I am only testing in FF, IE and safari. I guess good or bad I need to hear from someone who know what to test. I have plans to do a search by zip code in the future but for now there are very few of these groups that have given me their zip code. Anyway here is the link: http://www.arscna.org/meeting/ Thanks for any help

Hey it worked. About the cookie thing. This calendar has only about 20 or so events in the future. I am just giving the users of this calendar an option to be able to edit their own events. I have warned them about having to accept cookies and only being able to edit from the computer they added the event from. If the calendar becomes more busy in the future I will use mysql to allow users to login and edit. Another reason that I am using cookies are that some of these people will not add events if they have to work for it. This is how I solved my problem with my cookies: <?php $email = $_COOKIE['email']; $connection = mysql_connect("localhost", "user", "pw") or trigger_error(mysql_error()); $db_name = "arscnaor_calendar"; $db = mysql_select_db($db_name, $connection) or trigger_error(mysql_error()); //This is the time function to find the greatest time for any $email $sql = "SELECT date FROM calendar WHERE email = '$email' AND first_day = 1"; $query = mysql_query($sql) or trigger_error(mysql_error()); while($result = mysql_fetch_array($query)){ $times = strtotime($result['date']); } $max = max(array($times)); setcookie("test", $email, $max, "/", ".site.org"); ?> If there is a faster or more efficient way I am more that willing to try it.

I guess I should have looked a little longer. I found the max(). I am going to retrieve the dates and convert to unix then try putting them into the max array. I hope this works.

I have used this array to insert time: <?php $times = array("12AM" => "0:", "1AM" => "1:", "2AM" => "2:", "3AM" => "3:", "4AM" => "4:", "5AM" => "5:", "6AM" => "6:", "7AM" => "7:", "8AM" => "8:", "9AM" => "9:", "10AM" => "10:", "11AM" => "11:", "12PM" => "12:", "1PM" => "13:", "2PM" => "14:", "3PM" => "15:", "4PM" => "16:", "5PM" => "17:", "6PM" => "18:", "7PM" => "19:", "8PM" => "20:", "9PM" => "21:", "10PM" => "22:", "11PM" => "23:"); foreach ($times as $k => $v) { echo "<option value=\"" .$v . "\">" . $k . "</option>"; } ?> Then when I called it on my page I used: //$military is a variable that I retrieved from mysql $time = date("g:i A", strtotime($military)); Of course I also used another array with minutes and seconds on it (00:00),(30:00)

Hello All, I have a calendar that I am adding edit capabilities to. I am using cookies to give user that ability. I set the cookie expiration to the date of the event. I now have run into an issue that if the same user adds another event that is one month or more before the first event then the second cookie's expiration is changed to the second date. The possibly is that 3 or 4 or 5 event dates could be added by the same user. I can call all of these dates from the table, is there a function that selects the greatest value in an array or something like that?

Sorry for your troubles. I found it. I have been changing some things with the site. I am moving the admin folder to another and I am changing $_COOKIE (which is easy but not as versatile) to $_SESSION. I had an if statement checking for $_COOKIE in front of the $_SESSION. Thanks for the replies though.

OK thanks for the fast reply. This block of script is supposed to redirect the user to the regional admin page if the $_SESSION ['type'] is set to regional. When I echo $_SESSION['type'] it echos regional so the session type is set to the correct name I just need the block to return true so the redirect will happen.

I am trying to use $_SESSION cookies to verify admin privileges . I don't understand why this is not working: /*everything above here is working*/ $session = mysql_fetch_array($session_query); $type = $session['admin_type']; $name = $session['admin_name']; $level = $session['admin_level']; $_SESSION['type'] = $type; $_SESSION['name'] = $name; $_SESSION['level'] = $level; /*This is returning false*/ if(isset($_SESSION['type'])) { if($_SESSION['type'] == 'regional') { header('Location: all_admin.php'); exit(); } } What am I not doing right.

Thank you very much. I was just reading more on the LIKE clause and just about to go their. You were a great help. That fixed it.

I am trying to pull out a count of rows that have a specific string within a string from a table. The string for example might be something like: Discussion, Book Study, ... etc. This string is actually created from the array $formats. I want to know how many rows have the phrase "Discussion" in it, and how many rows have the phrase "Book Study" in it. I have tried to do this by using "LIKE" in my query, but what I am getting is a set of numbers that are not right. For example I know there are at least 2 "Men" meetings, but the number for it is "0". Can someone tell me why or what I am doing wrong with my code? Or, is there a better way besides using LIKE in my query to do this? Here is my code: <?php ini_set ("display_errors", "1"); error_reporting(E_ALL); session_start(); $db_name = "arscnaor_meetings"; //connect to server and select database $connection = mysql_connect("localhost", "username", "password") or die(mysql_error()); $db = mysql_select_db($db_name, $connection) or die(mysql_error()); //formats from add_meetings $formats = array("Discussion", "Literature Study", "Book Study", "Basic Text", "It Works", "Step Study Guides", "IP Study", "Step Study", "Traditions Study", "Concepts Study", "Just For Today", "New Comer", "Participation", "Topic", "Candlelight", "Speaker", "Birthday", "Serenity", "Men", "Women", "Varies", "Other"); foreach($formats as $format){ $format_sql = "SELECT format FROM meeting WHERE format LIKE '$format'"; $format_query = mysql_query($format_sql) or trigger_error(mysql_error()); $format_num = mysql_num_rows($format_query); echo $format . ": " . $format_num . "<br />"; } ?> Thanks for any help

I was trying to tell you thank you Mat Techie. You helped me fix my first problem and my second problem was from me misspelling a variable. I am very grateful for this website. I was also saying that I know you guys help a lot of people with this php. I get a lot of help. I just wanted to say that I try and find the problem from other sources before I come here. I thought I read that somewhere on this site. The right way to ask a question (of which I am still learning that obviously) and trying to find the answer somewhere else (google, ect.) I hope to be able to help people on this site one day. I look at some of the other post and when I do post I usually find out how much I have to learn. I will keep on coding and I will get there some day. By the Way Your last code fixed the problem.

I guess I should learn to read and spell. I misspelled my $selected variable in my loop. Thanks for all your help MadTechie. I really try to find the answer from php.net and most of the time I do. I know you guys help a lot of addict and I only come here when I can't find the answer anywhere else. Thanks again

OK I echoed my $minute and it echoed the correct minute (30) I need to set my variable $selected now so that it is equal to selected for the value on my option loop. this is what I have now: echo "</select><select name=\"minute\">"; $minutes = array('00', '15', '30', '45'); foreach($minutes as $minut){ if($minut == $minute){ $selected = "selected"; } else { $selected = ""; } echo "<option value=\"" . $minut . "\"" . $slected . ">" . $minut . "</option>"; } echo "</select>";

I am going to try and change my database column to a date format and insert it as such to see what that does. That got rid of the notice, but the value is not recognized. My $selected variable is not working. since the notice is gone I am thinking that thee is a value in my array not. <select name=\"minute\">"; $minutes = array('00', '15', '30', '45'); foreach($minutes as $minut){ if($minut == $minute){ $selected = "selected"; } else { $selected = ""; } echo "<option value=\"" . $minut . "\"" . $slected . ">" . $minut . "</option>"; } echo "</select>

I tried the quick fix and now my $hours is not jiving with my code below. This is form to update some information from a database. In my table my column it called time it is a varchar though. This value was created by this line for insertion as a string. $time= $hour . ":" . $minute;

$sql_meeting = "SELECT * FROM meeting WHERE meeting_id = '$meeting_id' AND del = 0"; $query_meeting = mysql_query($sql_meeting) or trigger_error(mysql_error()); $result_meeting = mysql_fetch_array($query_meeting); $day = $result_meeting['day']; $time = $result_meeting['time']; $split_time = explode(':', $time); $hour = $split_time[0];//line 53 $minute = $split_time[1];//line54

I have exploded a string as such: $time = "20:30"; $times = explode(':', $time); $hour = $times[0];//line 53 $minute = $times[1];//line 54 I am getting this notice:Notice: Undefined offset: 1 in /home/arscnaor/public_html/meeting/admin/update_meeting.php on line 54 First of all what is offset? Second why did I not get a notice on line 53? By the way 20:30 is a varchar in my database table.

Yea thanks for the reply. Sorry it took so long to reply back I solved the problem. Instead of trying to double parse I used the copy() and renamed my file current.pdf to a short term folder then I moved_uploaded_file() to a permanent folder with a permanent name that will not change. My issue was that I needed two links to be updated when I uploaded a file. Instead of updating both links I just renamed the copied file so the link stays the same. Then My permanent link will only appear when a file is uploaded and given its name. I am sorry if this is hard to understand