bytesize

crop.php needs to run using <img src='../crop.php?h=50&w=50&f=$origloc' /> , it's the only way this will work.

The image is copied to a folder and another script displays the image. photos/whatever.jpg is put into f and crop.php crops the image and copies it to crops/whatever.jpg <img src='../crop.php?h=50&w=50&f=photos/whatever.jpg' />

The session works. I did not want to include all of the code from the switch. The only reason I mentioned it is because someone asked on another post of mine if the session had been started.

I need help making img src work without using echo. The session has been started from another page. <?php $name = $_FILES['change']['name']['myfile']; $tmp_name = $_FILES['change']['tmp_name']['myfile']; if($name) { //start upload process $dblocation = "$name"; $location = "photos/$name"; move_uploaded_file($tmp_name,$location); $origloc = $location; $_SESSION['imglocation'] = $origloc; echo "<img src='../crop.php?h=50&w=50&f=$origloc' />"; } ?>

This code logs the user in with the correct user_email, user_pwd, and active=1. A '0' is inserted into the active column of the users table during registration. I need help checking if active=0 then flash_warning('User account not activated'). login_user.php <?php include(MODEL_PATH.'user.php'); switch ($route['view']){ case "login_user": if(login($params['user']['user_email'], $params['user']['user_pwd'])) { flash_notice('You are logged in!'); redirect_to(''); } else { flash_warning('Username or password is invalid!'); $route['view'] = 'login'; } break; } user.php <?php session_start(); function login($username, $password) { db_connect_posts(); $query = sprintf("SELECT * FROM users WHERE user_email = '%s' AND user_pwd = '%s' AND active = '1'" , mysql_real_escape_string($username), md5($password) ); $result = mysql_query($query); $number_of_posts = mysql_num_rows($result); if($number_of_posts == 0) { return false; } $row = mysql_fetch_array($result); $_SESSION['user'] = $row; return true; } ?> Login form <form action="<?php echo '/'.APP_ROOT.'/'; ?>sessions/login_user" method="post"> <fieldset> <legend>Login</legend> <div> <label>E-mail</label> <input name="user[user_email]" size="40" type="text" /> </div> <div> <label>Password</label> <input name="user[user_pwd]" size="40" type="password" /> </div> <input type="submit" value="Login" /> </fieldset> </form>

Problem solved. The create_user($params) function on the register.php page was being called after the session. Thank you for everyone's help, it is greatly appreciated.

The session is started elsewhere. The session is being used on register.php page that inserts into the database. When the query is echoed from user.php, which is the supplied code above, and the form is echoed from register.php the results are different. I can supply more code if necessary.

'$code = rand(11111111,99999999)' is inserted into the database with 'users.code = $code' and '$_SESSION['code']' is using '$code = rand(11111111,99999999)' as well. The INSERT 'users.code = $code' and $_SESSION['code'] return different results. They must match.

I need help making $_SESSION['code'] match variable $code when executed. They're both accessing rand() but with different results. <?php function create_user($params) { db_connect_posts(); $code = rand(11111111,99999999); $_SESSION['code'] = $code; $query = sprintf("INSERT INTO users SET users.screen_name = '%s', users.user_email = '%s', users.user_pwd = '%s', users.image = '%s', created_at = NOW(), users.code = $code, users.active = '0'" , mysql_real_escape_string($params['screen_name']), mysql_real_escape_string($params['user_email']), md5($params['user_pwd']), mysql_real_escape_string($params['image']) ); $result = mysql_query($query); if(!$result) { return false; } else { return true; } } ?>

I need help making the variable $code in sessions.php to work with the email activation. sessions.php <?php include(MODEL_PATH.'user.php'); switch ($route['view']){ case "register": break; case "signup": $errors = validate($register_validations, $params['register']); if($errors) { //$route['view'] = 'index'; $route['view'] = 'register'; //print_r($errors); flash_warning('Please correct errors!'); } else { $code = I need this variable to included the random number created in user.php so it can be sent in the email; $register = $params['register']; $username = $register['screen_name']; $to = $register['user_email']; $subject = "Activate your account"; $headers = "From: richard@whatsyouraction.com"; $body = "Hello $username,\n\nYou registered and need to activate your account by clicking the link below\n\nhttp://whatsyouraction.com/chatbox/emailactivation/activate?code=$code\n\nThanks!"; if (!mail($to,$subject,$body,$headers)) { flash_warning('We couldn\'t sign you up at this time. Please try again later.'); $route['view'] = 'register'; } else { create_user($params['user']); flash_notice('Successfully registered!'); redirect_to('sessions/login'); } } break; } ?> user.php <?php function create_user($params) { db_connect_posts(); $code = rand(11111111,99999999); $query = sprintf("INSERT INTO users SET users.screen_name = '%s', users.user_email = '%s', users.user_pwd = '%s', users.image = '%s', created_at = NOW(), users.code = $code, users.active = '0'" , mysql_real_escape_string($params['screen_name']), mysql_real_escape_string($params['user_email']), md5($params['user_pwd']), mysql_real_escape_string($params['image']) ); $result = mysql_query($query); if(!$result) { return false; } else { return true; } } ?> register.php <form action="<?php echo '/'.APP_ROOT.'/'; ?>sessions/signup" method="post"> <fieldset> <legend>Register</legend> <div> <label>Screen Name</label> <input name="register[screen_name]" size="40" type="text" /> </div> <div> <label>E-mail</label> <input name="register[user_email]" size="40" type="text" /> </div> <div> <label>Password</label> <input name="register[user_pwd]" size="40" type="password" /> </div> <div> <label>Image</label> <input name="register[image]" size="40" type="text" /> </div> <input type="submit" name="submit" value="Register" /> </fieldset> </form>

I would like to include: 'You have not activated your account, please check your email' message if the user is registered but not activated. The database field 'active' is set to '0'. When the user activates their account from an e-mail, the 'active' field is set to '1'. This code works but I can't get it to display the not activated message which is not included because I didn't want to create confusion. <?php function login($username, $password) { db_connect_posts(); $query = sprintf("SELECT * FROM users WHERE user_email = '%s' AND user_pwd = '%s' AND active = '1'" , mysql_real_escape_string($username), md5($password)); $result = mysql_query($query); $number_of_posts = mysql_num_rows($result); if($number_of_posts == 0) { return false; } $row = mysql_fetch_array($result); $_SESSION['user'] = $row; return true; } ?> Login switch <?php case "login_user": if(login($params['user']['user_email'], $params['user']['user_pwd'])) { redirect_to('posts'); } else { flash_warning('Username or password is invalid'); $route['view'] = 'login'; } break; ?>

Thank you! It works with the escape removed. Are you saying the INSERT should use VALUES instead of SET? I'm using SET and it seems to work.

I want to add it to the user_pwd field in the database in both functions.

I would like to add md5 encryption into the create and login functions but I'm having difficulties with the process. user.php - create user and login functions <?php function create_user($params) { db_connect_posts(); $query = sprintf("INSERT INTO users SET users.screen_name = '%s', users.user_email = '%s', users.user_pwd = '%s', users.image = '%s', created_at = NOW()" , mysql_real_escape_string($params['screen_name']), mysql_real_escape_string($params['user_email']), mysql_real_escape_string($params['user_pwd']), mysql_real_escape_string($params['image']) ); $result = mysql_query($query); if(!$result) { return false; } else { return true; } } function login($username, $password) { db_connect_posts(); $query = sprintf("SELECT * FROM users WHERE user_email = '%s' AND user_pwd = '%s'" , mysql_real_escape_string($username), mysql_real_escape_string($password) ); $result = mysql_query($query); $number_of_posts = mysql_num_rows($result); if($number_of_posts == 0) { return false; } $row = mysql_fetch_array($result); $_SESSION['user'] = $row; return true; } ?> Register form: <form action="<?php echo '/'.APP_ROOT.'/'; ?>sessions/signup" method="post"> <fieldset> <legend>Register</legend> <div> <label>Screen Name</label> <input name="user[screen_name]" size="40" type="text" /> </div> <div> <label>E-mail</label> <input name="user[user_email]" size="40" type="text" /> </div> <div> <label>Password</label> <input name="user[user_pwd]" size="40" type="password" /> </div> <div> <label>Image</label> <input name="user[image]" size="40" type="text" /> </div> <input type="submit" name="Register" value="Register" /> </fieldset> </form> Login form: <form action="<?php echo '/'.APP_ROOT.'/'; ?>sessions/login_user" method="post"> <fieldset> <legend>Login</legend> <div> <label>E-mail</label> <input name="user[user_email]" size="40" type="text" /> </div> <div> <label>Password</label> <input name="user[user_pwd]" size="40" type="password" /> </div> <input type="submit" value="Login" /> </fieldset> </form>

Your code works and so does this: <?php if(current_user('id') && $post['user_id'] == current_user('id')): ?> I can edit and delete a post with the current user! Thank you for your help.

Thank you for the quick response. Not working for me. The function with the database. <?php function find_post($id) { db_connect(); $query = sprintf("SELECT posts.id as id, posts.title, posts.body, posts.user_id, users.username FROM posts, users WHERE posts.user_id = users.id AND posts.id = %s", mysql_real_escape_string($id) ); $result = mysql_query($query); $number_of_posts = mysql_num_rows($result); if($number_of_posts == 0) { return false; } $row = mysql_fetch_array($result); return $row; } ?> The switch. case "show": $post = find_post($params['id']); break; I tried this but it doesn't work. <?php if(logged_in() && $post['user_id'] == $user['id']): ?> <p> [ <a href="<?php echo '/'.APP_ROOT.'/'; ?>posts/<?php echo $post['id']; ?>/edit">Edit</a> ] [ <a href="<?php echo '/'.APP_ROOT.'/'; ?>posts/<?php echo $post['id']; ?>/delete">Delete</a> ] </p> <?php endif; ?> What am I missing?

A logged in user can edit or delete anyone's post. The user should only be able to edit their posts and no one else's. Can someone help me with this code? config.php <?php function login($username, $password) { db_connect(); $query = sprintf("SELECT * FROM users WHERE username = '%s' AND password = '%s' ", mysql_real_escape_string($username), mysql_real_escape_string($password) ); $result = mysql_query($query); $number_of_posts = mysql_num_rows($result); if($number_of_posts == 0) { return false; } $row = mysql_fetch_array($result); $_SESSION['user'] = $row; return true; } function current_user($field) { return $_SESSION['user'][$field]; } function check_authentication() { if($_SESSION['user']) { return true; } else { redirect_to('sessions/new'); } } function logged_in() { if($_SESSION['user']) { return true; } else { return false; } } function current_user($field) { return $_SESSION['user'][$field]; } ?> This is the edit/delete page. <?php if(logged_in()): ?> <p> [ <a href="<?php echo '/poststuff/'; ?>posts/<?php echo $post['id']; ?>/edit">Edit</a> ] [ <a href="<?php echo '/poststuff/'; ?>posts/<?php echo $post['id']; ?>/delete">Delete</a> ] </p> <?php endif; ?>

Easy fix! Thank you.

How can I make index.php?view=cart work in place of cart.php in the following code? Works: header("Location: cart.php?msg=Thank you. Check your e-mail for Login details."); die; } else header("Location: cart.php?msg=Account with given email does not exist."); die; Doesn't work: header("Location: index.php?view=cart?msg=Thank you. Check your e-mail for Login details."); die; } else header("Location: index.php?view=cart?msg=Account with given email does not exist."); die;

I can't seem to make this work. If I use $ext it does not add the extension to the file. Where does this code belong? if($_FILES['banner']['tmp_name']['type'] == 'image/jpg') $ext = '.jpg'; elseif($_FILES['banner']['tmp_name']['type'] == 'image/gif') $ext = '.gif'; index.php - This is the complete case "create" <?php include('validate.php'); case "create": $page_title = 'Submit Banner'; $page_on = 'submit'; $id_num = mysql_real_escape_string($_POST['banner']['paypal_id']); if($id_num > "") { $rs_duplicate = mysql_query("SELECT id FROM photos WHERE paypal_id='$id_num'") or die("MySql Error:<br>".mysql_error()); $duplicate = mysql_num_rows($rs_duplicate); if ($duplicate > 0) { header("Location: index.php"); exit(); } } if(is_jpeg($_FILES['banner']['type']['file']) and is_valid_file_size($_FILES['banner']['size']['file']) and is_uploaded_file($_FILES['banner']['tmp_name']['file']) and is_minimum_width_height($_FILES['banner']['tmp_name']['file']) and is_maximum_width_height($_FILES['banner']['tmp_name']['file']) ) { if(is_fields_filled_out($_POST['banner'])) { $_POST['banner']['theme_id'] = $this_weeks_theme['id']; $photo_id = create_photo($_POST['banner']); copy($_FILES['banner']['tmp_name']['file'], './banners/'.$photo_id.'.jpg'); /*$notice = "Success! Your banner has been uploaded.";*/ header("Location: index.php"); } else { $warning = "ERROR: All the text fields must be filled-in."; } } else { $warning = "ERROR: Banner must be a jpg or gif, maximum file size 100k, and not larger than 728px by 90px."; } break; ?> validate.php - This is the file included with index.php <?php function is_jpeg($file_type) { if($file_type == 'image/jpeg' or $file_type == 'image/pjpeg' or $file_type == 'image/gif') { return true; } else { return false; } } function is_minimum_width_height($minimun) { $min_width = 450; $min_height = 50; list($img_width, $img_height) = getimagesize($minimun); if($img_width >= $min_width and $img_height >= $min_height) { return true; } else { return false; } } function is_maximum_width_height($maximum) { $min_width = 728; $min_height = 90; list($img_width, $img_height) = getimagesize($maximum); if($img_width <= $min_width and $img_height <= $min_height) { return true; } else { return false; } } function is_valid_file_size($file_size, $max_size = 100000) { if($file_size > $max_size) { return false; } else { return true; } } function is_fields_filled_out($params) { foreach($params as $key => $value) { if(!isset($key) || ($value == '')) { return false; } } return true; } ?>

Nothing

I need the id because of the tags connected to each image. How would I puy $ext in place of .jpg in this line of code? <?php copy($_FILES['banner']['tmp_name']['file'], './banners/'.$photo_id.'.jpg'); ?> and in here as well? <a href="<?php echo safe_output($photo['web_url']); ?>" target="_blank" class="bannerImg"><img src="banners/<?php echo $photo['id']; ?>.jpg"/></a>

The problem is the "appropriate extension". Right now .jpg is hard coded in both lines of code. It doesn't matter what file type. I need a variable that includes .jpg, .gif, and .png depending on which file is being uploaded. I'm having trouble creating that variable.

This code uploads a file to the server then renames it to the next id number from the database and adds the extension .jpg to the file name. index.php - I need .jpg to be a variable that will append .gif if it's a gif file or .png if it's a png file. Currently, if the file is a .jpg, .gif, or .png, the files are given the extension .jpg. <?php copy($_FILES['banner']['tmp_name']['file'], './banners/'.$photo_id.'.jpg'); ?> _photo.php - I want to replace .jpg in this code with the variable from above. <a href="<?php echo safe_output($photo['web_url']); ?>" target="_blank" class="bannerImg"><img src="banners/<?php echo $photo['id']; ?>.jpg"/></a>

I'm not receiving a post to index.php. The post returns to form.php. PayPal puts its data into column paypal_trans_id in table orders. When the form is submitted, the post is put into table photos column txn_id. form.php <input name="photo[paypal_id]" size="40" type="hidden" value="<?php echo $_POST['txn_id']; ?>" /> It seems like the only way this will work is to check if there is a match between table orders.paypal_trans_id and photos.paypal_id and put this query inside the index.php file. Something like the example below. I know the code is incorrect, but you get the idea, right? index.php $rs_duplicates = mysql_query("select from photos.paypal_id = orders.paypal_trans_id"); $duplicates = mysql_num_rows($rs_duplicates); if ($duplicates > 0) { header("Location: index.php"); exit(); }