janusmccarthy

This isn't a question about coding in php.

This is basically correct. I modified the session id cookie with a path by using the following bit of code where I create the session: session_set_cookie_params ( 0, {PATH}); session_start(); where {PATH} is the directory path from the host. (e.g. if http://www.mypages.com/boromir and boromir is the webfolder that I want to restrict the cookie's access to, then {PATH}='/boromir') There end up being two cookies in my cookie jar with session name PHPSESID (or whatever it's called). They are differentiated only by the path.

That won't work. There are times when a person should be able to cross groups (me, for example, as someone who has to support users across groups as well as my own development area).

Here's the situation. We have a domain ( let's call it www.foobar.com) and at this domain each department is given their own folder (www.foobar.com/finance, www.foobar.com/research, etc). In each of the department's respective webfolders is installed a program that keeps track of its users via sessions through session_start(). Unfortunately, once you've signed in on finance, you can walk over to research their tool marks you as logged in because of the session variable. This (needless to say) is not what is wanted. I would like to restrict the cookie to the domain/folder in which it is assigned. I suspect setting the session name or the session path is involved in the fix, however, it hasn't worked for me thus far. Session Autostart is not on. Any ideas?

Yeah, sorry about that. I know the terniary, the line I'm looking at is the second line. I'm just putting the line above it to let people know that everything is set but $baseurl. I should have stated that better.

What purpose is served by the bit of code between the two equal signs in the $installurl set? Is this some sneaky way of setting $baseurl? I remember the code seemed to blow up when I took it out. $protocol = $_SERVER['HTTPS']==='on' ? 'https://' : 'http://'; $installurl = $protocol.$_SERVER['SERVER_NAME'].$baseurl=implode('/PETE/',array_slice(explode('/PETE/',$_SERVER['SCRIPT_NAME']),0,-1)).'/'; As always, any help greatly appreciated.

Is this a trick question? Are you getting an error? I can't see anything wrong with it off the top of my head, but you could have written it and tested in the time it takes to post here so I'm not sure why it's here. If you are getting an error, separate out the statements: print "QUERY STRING: "."(SELECT * FROM tbl1 WHERE id = $id) UNION (SELECT * FROM tbl2 WHERE id = $id)"; print "QUERY RESULT: ".mysql_query("(SELECT * FROM tbl1 WHERE id = $id) UNION (SELECT * FROM tbl2 WHERE id = $id)"); print "COUNT RESULT: ".mysql_num_rows(mysql_query("(SELECT * FROM tbl1 WHERE id = $id) UNION (SELECT * FROM tbl2 WHERE id = $id)"));

Then going by number might be a better way to do it, since the validation of the range and the selection by case seem to make those things easier unless you can switch on a string value (I'm not sure if you can do that without looking it up).

Yeah, Keith's idea works too, but if you're insisting on separately validating the range (which incidentally you don't need to do because your selecting from a list of pre-defined values), you'll wind up back at a case statement again.

I would personally use a session. However, if you want to manage cookies yourself then you want to use setcookie: http://php.net/manual/en/function.setcookie.php

Okay...just by chance, is it only avi's that aren't working? Because you're using $_GET['tmedia'] for everything but avi's and $_GET['media'] for avi. Otherwise, anything wrong with just using a case statement? // Set fxtype if( !isset($_GET['type']) || $_GET['type']=="all") $fxtype=""; // part for selecting the file host = ok else { // part for selecting the file host = ok if ($_GET['type']>=1 && $_GET['type']<=12) $fxtype="AND type='".$_GET['type']."'"; else $fxtype=""; } //Set fxmedia if(!isset($_GET['tmedia']) || $_GET['tmedia']=="all") $fxmedia=""; // part for selecting the file extension = ok else { if($_GET['tmedia']>=1 && $_GET['tmedia']<=5) { $fxmedia="AND media='"; switch ($_GET['tmedia']) { case 1: $fxmedia .= "avi'"; break; case 2: $fxmedia .= "mp3'"; break; {...etcetera...} } } else $fxmedia=""; } $q="SELECT `... FROM `v2links` WHERE MATCH (caption) AGAINST ('$kwd') $fxtype $fxmedia ";

The code base for this is fairly large, and I know I'm not going to be able to post more than bits and pieces of it. I have multiple web folders and I came across an interesting issue. I open a page at: https://{Domain}/{Folder1}/{Script Name} and bring up a dialog. I then change the URL to https://{Domain}/{Folder2}/{Script Name} which is running an exact copy of the script Now here's the weird thing, if I go to the dialog of the window and use the opener property, I reference: https://{Domain}/{Folder2}/{Script Name} not Folder1. is this a bug? Or am I not using the opener properly?

Okay, I figured it out on my own. In short, it seems to work if you make sure to create a named object hierarchy for javascript to find the path. [*]In the page containing the two frames... Use a named frameset Make sure each of the iframes have a name (for this example envision a frame named LEFT and a frame named RIGHT. [*]To call one frame from the other frame...(for this example envision that LEFT calls RIGHT to refresh) Place the following call in the body of the html page: echo "<script language=javascript>parent.RIGHT.window.location.reload();</script>" Note that if the script you're calling uses the $_SET variable, you may to set the location directly and pass in your set. Before I wasn't using a named frameset and couldn't reference either parent or RIGHT directly.

Unix: http://www.library.yale.edu/wsg/docs/permissions/ Make sure you can navigate to the directory, and write permissions exist on the directory and on the file itself.

Alright, I've tried this, and I don't seem to be doing it right. In the dialog script, I added the name field to the iframe and gave it the value "userdocs" In the script for FRAME B, in the body of the html document, I've added: (if doing a restore) $sm->log_debug( "Calling file listing refresh."); //Call my log file. echo "<script language=javascript>userdocs.window.location='PETE/testpages.php?whose=user';</script>"; I can see the log message hit the log. I'm receiving a message from firebug 'userdocs is not defined.' What could I be missing? Do I need to put the frames within a frameset or otherwise take extra steps to ensure they can see each other? Do I need to go through the containing page somehow?

Okay, I'm going to fix this for you, but a few things. ...BEGIN SOAPBOX 1. You do not own scripts you have not paid for and did not develop yourself. Don't put a copyright on it. You haven't earned that right. Someone is letting you use that code freely, but THEY own that code. Give credit where credit is due. 2. Learn the language if you're going to ask for help. If you aren't doing the basic work in trying to understand something, you shouldn't ask for someone to do it for you without compensation. We couldn't ask you basic questions about your code. It's one thing to not know the ins and outs of a language when its something you write, because you still know what its trying to do. It's another thing to grab something without knowing what it does, muck with it, and then ask for help without doing your part. ...END SOAPBOX You'll want to put back your common.php and get user name methods. <?php //function to break text after x characters function str_break($str,$maxlen){ $nobr = 0; $len = strlen($str); for($i=0;$i<$len;$i++){ if(($str[$i]!=' ') && ($str[$i]!='-') && ($str[$i]!="\n")) { $nobr++; } else { $nobr = 0; if($maxlen+$i>$len) { $str_br .= substr($str,$i); break; } } if($nobr>$maxlen) { $str_br .= ' '.$str[$i]; $nobr = 1; } else { $str_br .= $str[$i]; } } return $str_br; } $file = "shouts.txt"; $shouts = 8; // Number of shouts to be displayed $maxlength_text = "140"; // Maximum length of text $break_name = "15"; // Break name after characters without space $break_text = "15"; // Break text after characters without space // b) Copy this code to your PHP file // c) Copy your PHP file and the shouts file defined in // variable $file to your server using ASCII mode // d) Make the shouts file writable (Windows: adjust // security, Unix: chmod 777) $input_name = $_SESSION['usersname']; //number of shouts to be displayed $input_text = ''; if( isset( $_POST['input_text']) && strlen( $_POST['input_text'])) { $input_text = $_POST['input_text']; //get last name and comment $handle = fopen($file,"r"); if( $handle) { while(!feof($handle)) { $row = fgets($handle,999999); if( $row) { list($tmp_name,$tmp_text) = split("\|\|\|\|\|",$row); if($tmp_name != "" && $tmp_text != "") { $last_name = $tmp_name; $last_text = str_replace("\n","",$tmp_text); } } } } fclose($handle); $input_text = str_break($input_text,$break_text); //break text $input_text = str_replace("<","<",$input_text); //prevent html input $input_text = str_replace(">",">",$input_text); //prevent html input $input_text = stripslashes($input_text); //strip slashes if($last_text != $input_text){ $handle = fopen($file,"a"); //open shouts file to write (append) fputs($handle,"$input_name|||||$input_text\n"); //insert name and shout fclose($handle); //close file handle } } $display = (isset($_GET["show"]) ? "all" : $shouts); //read shouts file $names = array(); //array to store names $shouts = array(); //array to store shouts $handle = fopen($file,"r"); //open shouts file to read if( $handle) { while(!feof($handle)){ //read row by row if( $row = fgets($handle,999999)){ list($name,$shout) = split("\|\|\|\|\|",$row); if($name){ array_push($names,$name); array_push($shouts,$shout); } } } } fclose($handle); //close file handle //reverse arrays so that new lines are first $names = array_reverse($names); $shouts = array_reverse($shouts); //number of shouts to really print $max = ($display == "all" ? count($names) : $display); ?> <html> <head> <font face="Fixedsys"> <center> <img src = "Banner.bmp"><br> <title>_REMOVED_</title> <h3><a href = "index.php">Home</a> | <b>Chat</b> | <a href="_REMOVED_">_REMOVED_</a> | <a href="staff.php">Staff</a></h3> </font> </head> <body> <font face="Comic Sans MS" font size = "2"> <hr> <p> Info on 'Chat':<br> 'Chat' has an 8 chats history, max length of 140 characters.<br> If you want to request a full history, please email me.<br> <br> <p> <?php echo '<form action="'.$_SERVER["PHP_SELF"].'" method="post">'; echo '<b>'.$_SESSION['userName'].'</b><br />'; echo '<input type="text" value="Your Text" name="input_text" maxlength="'.$maxlength_text.'"' .' onfocus="if(this.value==\'Your text\'){this.value=\'\';}"' .' onblur="if(this.value==\'\'){this.value=\'Your text\';}" /><br />'; ?> <input type="submit" value="Shout!" /> </form> </p> <hr /> <p> <?php //print shouts for($i=0;$i<$max && $i<count($names);$i++) { echo '<strong> '.$names[$i].':&nbsp</strong>'.$shouts[$i].'<br>'; } ?> </p> <hr> </p> </font> </body> <footer> <font face = "Times New Roman" font size = 1> Copyright) 2009, _REMOVED_<br> </center> </html>

Do you have the code from before you made your changes?

All I did was move the code around. I didn't change the logic. There are no errors because there are no errors. It's like if you had a program that did the following. Take a number and store it to A. Take a number and store it to B. Add A + B. Display '6'. You're complaining that you gave 100 for A and 200 for B, but it only prints out 6 and you're not getting any errors. The problem is with the logic. I don't know what it is *exactly* you want to do, therefore I cannot tell you where your script is going wrong. What I can say is you can probably look at the script, and if YOU know what you want it to do, can likely see where it might be wrong. Review your script.

Currently all the technical pieces are correct. It's more of a "how to" question than a code assist. I've inherited this code and while I understand it, it's spread out over several files and the chances of it being posted in its entirety is slim. I currently have a dialog that shows two iframes. One iframe shows the contents of the "file" directory, one iframe shows the contents of the "archive" directory. The control that sends a file to the "archive" directory is on the dialog. The control that restores the archive to the "file" directory is in the archive iframe itself. Currently when a file is archived, both frames are called to refresh by the dialog. However, when a file is restored from archive, because the control that restores the archive exists in the iframe, only the archive iframe is being refreshed. Is there a way to propagate the need to refresh to the "file" iframe? I just don't see how. Any help is appreciated. ///////////////////////////////////////////// To organize the information another way and for additional information.... ///////////////////////////////////////////// DIALOG ------------ The dialog contains two iframes, FRAME A and FRAME B. The dialog also contains a button that when clicked, sets a POST variable denoting the need to archive, then submits on FRAME A then FRAME B. FRAME A ---------- Frame A's script displays the contents of the "File" directory. When the DIALOG submits to Frame A, Frame A generates a ZIP SCRIPT, then jumps to the script. When the ZIP SCRIPT returns to Frame A, Frame A removes the ZIP SCRIPT, then displays the contents of the "File" directory. FRAME B ---------- Frame B's script displays the contents of the "Archive" directory. Each archived file in Frame B has a RESTORE_BUTTON which returns a file to the "Files" directory. When the DIALOG submits to Frame B, Frame B checks to see if the ZIP SCRIPT exists. If it does, it reloads and checks later. If it doesn't, then it displays the contents of the "Archive" directory. When the RESTORE_BUTTON is pressed, Frame B generates a RESTORE_SCRIPT and jumps to it. When the RESTORE_SCRIPT returns to Frame B, Frame B removes the RESTORE_SCRIPT, then displays the contents of the "Archive" directory.

I'm not sure if it will work, as I'm not sure what it is exactly you're trying to do. This is in general what I'm talking about though when I talk about separation of code. It's at least a starting point for you to jump off of. Oh, btw, you need to define your checkUser method. <?php require_once('common.php'); checkUser(); //function to break text after x characters function str_break($str,$maxlen){ $nobr = 0; $len = strlen($str); for($i=0;$i<$len;$i++){ if(($str[$i]!=' ') && ($str[$i]!='-') && ($str[$i]!="\n")) { $nobr++; } else { $nobr = 0; if($maxlen+$i>$len) { $str_br .= substr($str,$i); break; } } if($nobr>$maxlen) { $str_br .= ' '.$str[$i]; $nobr = 1; } else { $str_br .= $str[$i]; } } return $str_br; } // a) Adjust the configuration variables to your needs $file = "shouts.txt"; // Name of the file which contains the shouts $shouts = 8; // Number of shouts to be displayed $maxlength_text = "140"; // Maximum length of text $break_name = "15"; // Break name after characters without space $break_text = "15"; // Break text after characters without space // b) Copy this code to your PHP file // c) Copy your PHP file and the shouts file defined in // variable $file to your server using ASCII mode // d) Make the shouts file writable (Windows: adjust // security, Unix: chmod 777) //number of shouts to be displayed $usersname = $_SESSION['userName']; $input_name = $_POST['usersname']; $input_text = $_POST["input_text"]; //check if form has been submitted if(isset($input_name) && isset($input_text) && $input_name!="Your name" && $input_text!="Your text" && strlen($input_text)>0) { //get last name and comment $handle = fopen($file,"r"); while(!feof($handle)) { $row = fgets($handle,999999); list($tmp_name,$tmp_text) = split("\|\|\|\|\|",$row); if($tmp_name != "" && $tmp_text != "") { $last_name = $tmp_name; $last_text = str_replace("\n","",$tmp_text); } } fclose($handle); $input_text = str_break($input_text,$break_text); //break text $input_text = str_replace("<","<",$input_text); //prevent html input $input_text = str_replace(">",">",$input_text); //prevent html input $input_text = stripslashes($input_text); //strip slashes if($last_text != $input_text){ $handle = fopen($file,"a"); //open shouts file to write (append) fputs($handle,"$usersname|||||$input_text\n"); //insert name and shout fclose($handle); //close file handle } } //read shouts file $names = array(); //array to store names $shouts = array(); //array to store shouts $handle = fopen($file,"r"); //open shouts file to read while(!feof($handle)){ //read row by row $row = fgets($handle,999999); list($name,$shout) = split("\|\|\|\|\|",$row); if($name){ array_push($names,$name); array_push($shouts,$shout); } } fclose($handle); //close file handle //reverse arrays so that new lines are first $names = array_reverse($names); $shouts = array_reverse($shouts); //number of shouts to really print $max = ($display == "all" ? count($names) : $display); ?> <html> <head> <font face="Fixedsys"> <center> <img src = "Banner.bmp"><br> <title>_REMOVED_</title> <h3><a href = "index.php">Home</a> | <b>Chat</b> | <a href="_REMOVED_">_REMOVED_</a> | <a href="staff.php">Staff</a></h3> </font> </head> <body> <font face="Comic Sans MS" font size = "2"> <hr> <p> Info on 'Chat':<br> 'Chat' has an 8 chats history, max length of 140 characters.<br> If you want to request a full history, please email me.<br> <br> <p> <?php echo '<form action="'.$_SERVER["PHP_SELF"].'" method="post">'; echo '<b>'.$_SESSION['userName'].'</b><br />'; echo '<input type="text" value="Your Text" name="input_text" maxlength="'.$maxlength_text.'"' .' onfocus="if(this.value==\'Your text\'){this.value=\'\';}"' .' onblur="if(this.value==\'\'){this.value=\'Your text\';}" /><br />'; ?> <input type="submit" value="Shout!" /> </form> </p> <hr /> <p> <?php //print shouts for($i=0;$i<$max && $i<count($names);$i++) { echo '<strong> '.$names[$i].':&nbsp</strong>'.$shouts[$i].'<br>'; } ?> </p> <hr> </p> </font> </body> <footer> <font face = "Times New Roman" font size = 1> Copyright© 2009, _REMOVED_<br> </center> </html>

Did you print out the value of $a?

I'm looking at your code and I'm seeing a couple of things that makes the baby coding Jeebus cry. It might also be a source of your problems or of problems in the future. Try and follow some simple steps. 1. Keep your html and your php code as separate as possible. Ideally, you just want to limit their mixing to simple output statements. Code is just easier to trace if you can read most of it at once. I prefer to keep the php code above the form code. Find a style that works for you. 2. Unless you specifically output text via the echo or print commands, your php code doesn't actually write anything. I mention this because there are a couple of places where you've placed the php code within paragraph markers with nothing else. 3. When echoing a line of html that uses php code, don't write half the line in php and break the html to write a php block. Instead, echo the whole line within a php block. That means, don't do this: <iframe <?php echo 'id="'.$foobar.'"'; ?> > And do this instead: <?php echo '<iframe id="'.$foobar.'" >'; ?> 4. There's almost never a good reason to have two variables with almost the same name. That is, avoid $name and $names, $shout and $shouts, etc. You can separate them notationally and still show they're related (pair $a_names or $name_array with $name instead) 5. Speaking of $shouts: You're using $shouts to be the number of default shout messages (value=. Later in the script, you recycle the variable $shouts to be an array. Try to avoid doing things like this, and verify this isn't part of your problem. 6. Defining a function does not actually call that function. They definitely doesn't belong mixed in with your html, and should be at the top of the page. I prefer to write the function and pass in everything the function needs as a parameter.

Oops, sorry, typo, here you go if( isset( $_SESSION[ 'userName'])) { ob_start(); var_dump($_SESSION['userName']); $a=ob_get_contents(); ob_end_clean(); } else { $a="I'm 'special'."; }

Great, what happens when you add the code I just told you to add, and print the value of $a to a file?

You still haven't defined the behavior that's wrong. You're just saying..."$_SESSION['username']: it's not working the way it's supposed to". You don't give us any output. Give us a frame of reference. At this point, I'm not sure if the problem is a possible bug with your script, a design flaw, or if you're just "special". Let's assume the worst and see what's happening. Let's try some of the basic ways to troubleshoot something wrong. 1. What is the value of $_SESSION['username']? Add the following code at the top of your script: if( isset( $_SESSION[ 'username])) { ob_start(); var_dump($_SESSION['username']); $a=ob_get_contents(); ob_end_clean(); } else { $a="I'm 'special'."; } Either print the value of $a to the screen or to a file. What did you get for the value of $_SESSION? If you're 'special', make sure your session has started, you haven't unset the variable somewhere, and that you actually set the value of $_SESSION['username']. If you got the value you're expecting, tell us the intended behavior of your program and how this deviates. If you got a value you weren't expecting or it was blank, try and find the places where *that* value gets set.