3raser
-
Posts
815 -
Joined
-
Last visited
Everything posted by 3raser
-
Hey there, I currently have a banning system on my site that doesn't allow users to login with the banned account. But the cookies are set to remember them for a year. How can I destroy their cookie, so that they don't stay logged in and continue to use the site?
-
It doesn't need to echo, it sets $content to the text I want to be displayed here at the bottom of the code: <html> <head> <title><?php $title; ?></title> <link rel="stylesheet" type="text/css" href="theme/style.css" /> </head> <body> <div id="header"> MCSkins </div> <?php echo $content; ?> </center> </body> </html> Which is why I: return $content;
-
Well, I managed to get rid of the error. But why is it when I view my page, no results are echoed?...
-
Code: <?php include_once("includes/config.php"); if(!$_GET['id'] && $_POST['id']) { $id = mysql_real_escape_string($_POST['id']); } elseif($_GET['id'] && !$_POST['id']) { $id = mysql_real_escape_string($_GET['id']); } else { } if(!$id) { $content = "Sorry, you have not selected a skin to view."; } else { $extract_information = mysql_query("SELECT title,username,id,password,description FROM skins WHERE id = '$id' LIMIT 1") or die(mysql_error()); function displayBody($id,$extract) { mysql_query("UPDATE skins SET views = views + 1 WHERE id = '$id'"); $content = $extract['title']. ", by ". $extract['username'] .".<br/><br/>Description: ". $extract['description'] ." - <a href='view.php?download=". $extract['id'] ."'>Download</a><br/><br/> <img src='skins/". $extract['id'] .".png' width='500' height='300'>"; return $content; } if(mysql_num_rows($extract_information) == 0) { $content = "Sorry, no skin exists with this ID."; } else { $extract = mysql_fetch_assoc($extract_information); if($_GET['download']) { $does_exist_download = mysql_query("SELECT title,username,id,password,description FROM skins WHERE id = '$id' LIMIT 1"); if(mysql_num_rows($does_exist_download) == 0) { $content = "No skin exists with this ID, so you may not download."; } else { mysql_query("UPDATE skins SET downloads = downloads + 1 WHERE id = '". mysql_real_escape_string($_GET['download']) ."'"); header("Pragma: public"); header("Expires: 0"); header("Cache-Control: must-revalidate, post-check=0, pre-check=0"); header("Content-Type: application/force-download"); header( "Content-Disposition: attachment; filename=skins/".$extract['id'].".png"); header( "Content-Description: File Transfer"); @readfile($file); } } elseif(!$extract['password']) { displayBody($id); } elseif(!$_POST['password']) { $content = "<br/><br/><div id='header'>Password</div> <center><form action='view.php' method='POST'> <input type='hidden' name='id' value='". $id ."'>Password: <input type='password' name='password' maxlength='6'> <input type='submit' value='View'></form></center>"; } else { if($_POST['password'] != $extract['password']) { $content = "You have entered in an incorrect password. <a href='view.php?id=". $id ."'>Try Again</a> or <a href='index.php'>Home</a>."; } else { displayBody($id); } } } } ?> <html> <head> <title><?php $title; ?></title> <link rel="stylesheet" type="text/css" href="theme/style.css" /> </head> <body> <div id="header"> MCSkins </div> <?php echo $content; ?> </center> </body> </html> The function: function displayBody($id,$extract) { mysql_query("UPDATE skins SET views = views + 1 WHERE id = '$id'"); $content = $extract['title']. ", by ". $extract['username'] .".<br/><br/>Description: ". $extract['description'] ." - <a href='view.php?download=". $extract['id'] ."'>Download</a><br/><br/> <img src='skins/". $extract['id'] .".png' width='500' height='300'>"; return $content; } Error: Warning: Missing argument 2 for displayBody(), called in /home/a3473343/public_html/view.php on line 72 and defined in /home/a3473343/public_html/view.php on line 25
-
PLEASE DELETE THIS TOPIC. NEW ONE STARTED.
-
Erhm, changed my code too this, and now the page will take 30 seconds to load. It seems the function may be repeating itself over and over and over, because sometimes the views row jumps to 20 thousand. <?php include_once("includes/config.php"); if(!$_GET['id'] && $_POST['id']) { $id = mysql_real_escape_string($_POST['id']); } elseif($_GET['id'] && !$_POST['id']) { $id = mysql_real_escape_string($_GET['id']); } else { } if(!$id) { $content = "Sorry, you have not selected a skin to view."; } else { $extract_information = mysql_query("SELECT title,username,id,password,description FROM skins WHERE id = '$id' LIMIT 1") or die(mysql_error()); function displayBody($id,$extract) { mysql_query("UPDATE skins SET views = views + 1 WHERE id = '$id'"); $content = $extract['title']. ", by ". $extract['username'] .".<br/><br/>Description: ". $extract['description'] ." - <a href='view.php?download=". $extract['id'] ."'>Download</a><br/><br/> <img src='skins/". $extract['id'] .".png' width='500' height='300'>"; return $content; } if(mysql_num_rows($extract_information) == 0) { $content = "Sorry, no skin exists with this ID."; } else { $extract = mysql_fetch_assoc($extract_information); if($_GET['download']) { $does_exist_download = mysql_query("SELECT title,username,id,password,description FROM skins WHERE id = '$id' LIMIT 1"); if(mysql_num_rows($does_exist_download) == 0) { $content = "No skin exists with this ID, so you may not download."; } else { mysql_query("UPDATE skins SET downloads = downloads + 1 WHERE id = '". mysql_real_escape_string($_GET['download']) ."'"); header("Pragma: public"); header("Expires: 0"); header("Cache-Control: must-revalidate, post-check=0, pre-check=0"); header("Content-Type: application/force-download"); header( "Content-Disposition: attachment; filename=skins/".$extract['id'].".png"); header( "Content-Description: File Transfer"); @readfile($file); } } elseif(!$extract['password']) { displayBody($id); } elseif(!$_POST['password']) { $content = "<br/><br/><div id='header'>Password</div> <center><form action='view.php' method='POST'> <input type='hidden' name='id' value='". $id ."'>Password: <input type='password' name='password' maxlength='6'> <input type='submit' value='View'></form></center>"; } else { if($_POST['password'] != $extract['password']) { $content = "You have entered in an incorrect password. <a href='view.php?id=". $id ."'>Try Again</a> or <a href='index.php'>Home</a>."; } else { displayBody($id); } } } } ?> <html> <head> <title><?php $title; ?></title> <link rel="stylesheet" type="text/css" href="theme/style.css" /> </head> <body> <div id="header"> MCSkins </div> <?php echo $content; ?> </center> </body> </html>
-
Thanks, this is now solved. What ever happened to the solve button?
-
So, would it be included with $id in the parameter? Also, can you reset my post count and delete all my threads and posts besides this one, or just delete everything after this is solved? Have 500 questions as postcount makes me feel like the 500 is....well...not deserved.
-
Within the functions section of the manual. Most newcomers don't. That's why it's such a trap. The bigger picture is that eventually you will be working with someone else's code. Now, lets say they have a function documented like so.... This says that the function foo excepts 1 argument, a string to be used within the function as $name. Now, if this function also relies upon a global $content you have no way of knowing about it and you cannot use the function without first defining $content somewhere. Functions accept arguments so that they are self documenting, sure, you could go and look at the code for the foo() function but you shouldn't have to. So the code I'm looking for is: function displayBody($id) { mysql_query("UPDATE skins SET views = views + 1 WHERE id = '$id'"); $content = $extract['title']. ", by ". $extract['username'] .".<br/><br/>Description: ". $extract['description'] ." - <a href='view.php?download=". $extract['id'] ."'>Download</a><br/><br/> <img src='skins/". $extract['id'] .".png' width='500' height='300'>"; return $content; } Sorry if I'm getting annoying, I just like to make sure I do things right before I start putting it into action. And right now I don't have the option to test, seeing as my website is under review. I hate my host. -.- EDIT: After this post is solved, can an admin/moderator delete all my posts/threads? My 500 posts are usually just questions, and I feel thats a bit....crappy.
-
Is their a documentation on that then? I really don't see why global is that bad though, it just lets other section of the code access the data and also makes changes to $content outside the function, which is exactly what I need it do do.
-
Er....global is pretty much based from the link he gave me, and it's really the only thing it talks about scopes. :?
-
Ok, it seems changing my code to this: function displayBody($id) { global $content; mysql_query("UPDATE skins SET views = views + 1 WHERE id = '$id'"); $content = $extract['title']. ", by ". $extract['username'] .".<br/><br/>Description: ". $extract['description'] ." - <a href='view.php?download=". $extract['id'] ."'>Download</a><br/><br/> <img src='skins/". $extract['id'] .".png' width='500' height='300'>"; } Gave me this...weird error: User 'a3473343_data' has exceeded the 'max_questions' resource (current value: 100000)
-
If the page would load I'd show you. :/ http://stonedknights.net46.net/view.php?id=14 Ummm, ??? Anyway, I told you in another thread that your variables are out of scope in the function displayBody(), I also told you how to fix it. You should really read up on variable scope. Yes, and I'm using the code you suggested for me to use. :/ And reading up now.
-
If the page would load I'd show you. :/ http://stonedknights.net46.net/view.php?id=14
-
Yes, I do: include_once("includes/config.php");
-
Whenever a valid ID is entered, my page stops loading and when it finally does load, it gives a lot of MySQL connection errors. What is wrong with my function code? <?php include_once("includes/config.php"); if(!$_GET['id'] && $_POST['id']) { $id = mysql_real_escape_string($_POST['id']); } elseif($_GET['id'] && !$_POST['id']) { $id = mysql_real_escape_string($_GET['id']); } else { } if(!$id) { $content = "Sorry, you have not selected a skin to view."; } else { $extract_information = mysql_query("SELECT title,username,id,password,description FROM skins WHERE id = '$id' LIMIT 1"); function displayBody($id) { mysql_query("UPDATE skins SET views = views + 1 WHERE id = '$id'"); $content = (displayBody($id)) ? $extract['title']. ", by ". $extract['username'] .".<br/><br/>Description: ". $extract['description'] ." - <a href='view.php?download=". $extract['id'] ."'>Download</a><br/><br/> <img src='skins/". $extract['id'] .".png' width='500' height='300'>" : NULL; return true; } if(mysql_num_rows($extract_information) == 0) { $content = "Sorry, no skin exists with this ID."; } else { $extract = mysql_fetch_assoc($extract_information); if($_GET['download']) { $does_exist_download = mysql_query("SELECT title,username,id,password,description FROM skins WHERE id = '$id' LIMIT 1"); if(mysql_num_rows($does_exist_download) == 0) { $content = "No skin exists with this ID, so you may not download."; } else { mysql_query("UPDATE skins SET downloads = downloads + 1 WHERE id = '". mysql_real_escape_string($_GET['download']) ."'"); header("Pragma: public"); header("Expires: 0"); header("Cache-Control: must-revalidate, post-check=0, pre-check=0"); header("Content-Type: application/force-download"); header( "Content-Disposition: attachment; filename=skins/".$extract['id'].".png"); header( "Content-Description: File Transfer"); @readfile($file); } } elseif(!$extract['password']) { displayBody($id); } elseif(!$_POST['password']) { $content = "<br/><br/><div id='header'>Password</div> <center><form action='view.php' method='POST'> <input type='hidden' name='id' value='". $id ."'>Password: <input type='password' name='password' maxlength='6'> <input type='submit' value='View'></form></center>"; } else { if($_POST['password'] != $extract['password']) { $content = "You have entered in an incorrect password. <a href='view.php?id=". $id ."'>Try Again</a> or <a href='index.php'>Home</a>."; } else { displayBody($id); } } } } ?> <html> <head> <title><?php $title; ?></title> <link rel="stylesheet" type="text/css" href="theme/style.css" /> </head> <body> <div id="header"> MCSkins </div> <?php echo $content; ?> </center> </body> </html>
-
I tried submitting random pictures, yes, but the picture didn't show up. And they may have image width and height restrictions. Do you mind telling me or giving me the function name that does that?
-
Because it submits instantly.
-
I know they don't do it manually. And how could you scan to make sure it's an actual skin?
-
How do I make it so when a user clicks download, it will download the image from the path to their computer?
-
Thanks, that worked. But now all it says is: , by . And it also doesn't run the query in the function.
-
When changed to this: function displayBody() { mysql_query("UPDATE skins SET views = views + 1 WHERE id = '$id'"); $content = $extract['title']. ", by ". $extract['username'] ."."; } Nothing comes up. -.-
-
It doesn't belong in head.
-
<?php include_once("includes/config.php"); if(!$_GET['id'] && $_POST['id']) { $id = mysql_real_escape_string($_POST['id']); } elseif($_GET['id'] && !$_POST['id']) { $id = mysql_real_escape_string($_GET['id']); } else { } if(!$id) { $content = "Sorry, you have not selected a skin to view."; } else { $extract_information = mysql_query("SELECT title,username,downloads,views,id FROM skins WHERE id = '$id' LIMIT 1"); if(mysql_num_rows($extract_information) == 0) { $content = "Sorry, no skin exists with this ID."; } else { $extract = mysql_fetch_assoc($extract_information); function displayBody() { mysql_query("UPDATE skins SET views = views + 1 WHERE id = '$id'"); echo $extract['title']. ", by ". $extract['username'] ."."; } if(!$extract['password']) { $content = displayBody(); } elseif(!$password) { $content = "<br/><br/><div id='header'>Password</div> <form action='view.php' method='POST'><input type='password' name='password'> <input type='submit' value='View'></form>"; } else { if($password != $extract['password']) { $content = "You have entered in an incorrect password. <a href='view.php?id=". $id ."'>Try Again</a> or <a href='index.php'>Home</a>."; } else { $content = displayBody(); } } } } ?> <html> <head> <title><?php $title; ?></title> <link rel="stylesheet" type="text/css" href="theme/style.css" /> </head> <body> <div id="header"> MCSkins </div> <?php echo $content; ?> </table> </center> </body> </html> In the code above, the function does not include the data properly as seen here: http://stonedknights.net46.net/view.php?id=2 And, why is the information above the black bar/title? In the code, you can see $content is echo'ed below the div id. So, why does the text appear above it?
-
All of the replies above are very helpful, and I'll look more into the if & else statement suggestions. But not using brackets, can't they make you lose track? And I have yet to see PHP scripts that use a system like such. But if I could get more opinions on it, I'd be happy to give it a shot. ====== @btherl Thanks for all of that! I will now start officially putting my PHP code at the top of the page, and just use variables to show the data. Also, how your MySQL injection statement, the dropping, only $id is vulnerable, correct? Because if something doesn't go through error checking, say die(mysql_error()), how can my database still risk MySQL injection if it's gone through mysql_real_escape_string? I thought the error checking process wasn't for security, but more of notifications and reporting faulty databases/problems.