Jump to content

Genesis730

Members
  • Posts

    96
  • Joined

  • Last visited

Everything posted by Genesis730

  1. In line 9 you add 1 to the variable $s... then in line 10 you ask if $s = 3, if not you set it back to 0... if you keep setting $s back to 0 in line 10 then the test in the beginning of line 10 will never result in 3...
  2. Me1337, mysql_real_escape_string or MRES is an important part of handling user input as far as security. You ALWAYS want to sanitize (make sure input is what you expect it to be and ONLY what you expect, nothing that might cause problems) user input cause you never know what might be sent.
  3. also the line before (line 26) has a ( and needs a {
  4. Bump any other input would be awesome
  5. none at all, it just doesn't do anything...
  6. I tried Chrome's debugger with no avail
  7. ROCKINDANO i sent you a link to a very basic example, it's at http://piratepad.net/QkbxCuYxCz this example has no error checking or security (which you should have so nobody goes and sends out emails to your users... but should be a starting point.
  8. In the DB you should have a column called newsletter (or some variation that is significant so you know what it is for) and either a 1 or 0 for true or false, whether they want the newsletter or not... Then you can make a textbox form that when you click sent, it queries the DB and collects all the emails from users that have newsletter set to 1 (for true) and sends it to those emails.
  9. I have some js files I want to use to be able to change values in a DB without reloading the page, also with just 1 click.. As it is, when I click the link to change the DB, nothing happens at all... and I don't know if I just have a simple mistake or what... Here's what I have *** jQuery.js *** $(document).ready(function() { $(".wrench").click(function() { var anchor = $(this).attr("id").split("-"); var span = $("#span-" + anchor[1]); var textBox = $("#text-" + anchor[2]); var userID = anchor[3]; var type = anchor[4]; $.getJSON('../admin_click_update_db.php', { 'text': textBox.val(), 'UID': userID, 'type': type }, function(data) { if (data.error == false) { if (span.text() == 1) { span.text(0); } else { span.text(1); } } else { alert(data.errorMessage); } }); }); $(".textBox").change(function() { var id = $(this).attr("id").split("-"); var val = $(this).val(); $.getJSON('../admin_field_update_db.php', { // not used yet... } }); }); *** ADMIN_CLICK_UPDATE_DB.PHP *** <?PHP $data = array(); $data['error'] = false; $data['change'] = false; if(isset($_GET['param1']) && isset($_GET['param2']) && isset($_GET['param3'])) { $data['change'] = true; $UID = mysql_real_escape_string($_GET['UID']); $type = mysql_real_escape_string($_GET['type']); $text = mysql_real_escape_string($_GET['text']); if($type == 0) { $new = 1; $query = mysql_query("SELECT activated FROM JQtest WHERE ID = '$UID'" ); if(mysql_result($query,0) == 1){ $new = 0; } } elseif($type == 1) { $new = 1; $query = mysql_query("SELECT disabled FROM JQtest WHERE ID = '$UID'" ); if(mysql_result($query,0) == 1){ $new = 0; } $query = mysql_query("UPDATE `JQtest` SET disabled='$new' WHERE username='$UID' "); if(!$query){ $data['error'] = true; $data['errorMessage'] = mysql_error(); } else { $data['error'] = false; } } else { $data['error'] = true; } echo json_encode($data); } ?> *** admincenter.php *** <?PHP require_once('user_functions.php'); echo '<script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.6.2/jquery.min.js"></script> <script type="text/javascript">window.jQuery || document.write("<script src=\'js/jquery-1.6.2.js\'>\x3C/script>")</script> <script type="text/javascript" language="javascript" src="js/javascript.js"></script>'; $title = "Admin Center"; require_once "header.php"; $username = $_SESSION['username']; $result = mysql_query("SELECT ulevel FROM `JQtest` WHERE username = '$username'"); $row = mysql_fetch_array($result); $rank = $row['ulevel']; $span = 0; $text = 0; // or textbox if (!LoggedIn()) { header("Location: index.php"); } echo '<div id="main" align="center">'; $result = mysql_query("SELECT * FROM `JQtest` ORDER BY registered DESC LIMIT 10"); if((mysql_num_rows($result) < 1)) { echo "There are no accounts yet"; } else { echo '<table cellspacing="2" cellpadding="5" border="0" align="center"> <tr align="center"> <td><b>Username</b></td> <td><b>Email</b></td> <td><b>Rank</b></td> <td><b>Activated</b></td> <td><b>Disabled</b></td> <td><b>Delete Acct</b></td> </tr>'; while( $row = mysql_fetch_array($result)){ echo ' <tr align="center"> <td>'.$row[2].'</td> <td>'.$row[6].'</td> <td> <input type="text" value="'.$row[1].'" id="text-'.$text.'" size="1"></td> <td><span id="span-'.$span.'">'.$row[14].'</span><a href="#" id="w-'.$span.'-'.$text.'-'.$row[0].'-0"><img src="images/wrench.png"></td>'; ++$span; echo ' <td><span id="span-'.$span.'">'.$row[11].'</span><a href="#" id="w-'.$span.'-'.$text.'-'.$row[0].'-1"><img src="images/wrench.png"></td>'; ++$span; echo ' <td><a href="#"><img src="images/cross.png"></td> </tr>'; ++$text; $span = 0; } } echo '</table> </div>'; require_once "footer.php"; ?>
  10. You have $message .= '<a href"http://www.mywebsite.com/verify?activationCode=$activationKey">Click here to activate your account.</a>'; should be $message .= '<a href="http://www.mywebsite.com/verify?activationCode=$activationKey">Click here to activate your account.</a>'; You forgot the = in a href="...
  11. Just realized i was using MRES so yes, that was the solution : Problem SOLVED!
  12. Change line 56 from if ($_POST['submitbtn']) { to if(isset($_POST['submitbtn'])) { I believe you need to call isset when checking to see if a form is submitted or not
  13. I have copied and pasted it exactly, and MichA-'el fails on mine being that I'm using " in the regex i didn't even think that i had to escape a ' but even doing so I get the same result, so could there possibly be a setting that's altering something and causing my issue??
  14. To help prevent the users from finding the files you could use .htaccess URL rewrite to disguise the URL location as a different one, so when they try to access the folder, it won't exist
  15. Still fails when i use your suggestion and try to escape the '
  16. So I'm trying to get this regex to work properly, I'm wanting to only accept uppercase letters, lowercase letters, one - (hyphen) and one ' (apostrophe). Everything seems to work except when i put a ' in the input, it fails. $regex = "/[^-'a-z]/i"; if (preg_match($regex,$lastname) || substr_count($lastname, "'") > 1 || substr_count($lastname, "-") > 1) { $errormessage = 'Last Name Invalid'; $error += 1; } Any help would be appreciated
  17. Don't EVER store passwords unencrypted.. Consider using MD5 or SHA1 to encrypt the password when they register and when they login, use the same encryption method to check if it matches the database encrypted pass. It's also good to use a dynamic (something different for each user) string (maybe random string or possibly a timestamp??) and add that to their password to make it more secure. SHA1 Example // here you would query the database to get the users encrypted pass from database and store it in $encryptedPassFromDatabase $pass = $encryptedPassFromDatabase; $ecnryptedPass = sha1($pass); SHA1 Example WITH SALT (random string added to pass for more security) // here you would query the database to get the users encrypted pass AND random string from database and store it in $encryptedPassFromDatabase and $SALT $pass = $encryptedPassFromDatabase.$SALT; $ecnryptedPass = sha1($pass); again just remember to use the same method of encryption when registering the user and when checking their login info so if you add a SALT to the end of the pass when registering, remember to also put the SALT at the end when checking login, if you added the SALT before their password during registration, again when checking login remember to add the same SALT before their pass when checking login. Best of luck
  18. You want to be able to type up an article and click Submit... and BAM!!! it's in the database ready to be (if not already) displayed somewhere on your site... If so you NEED to AT LEAST add the bit of security from MRES so you can put in quotes.. If you enter a quote and it's not escaped, PHP will think the first quote it finds is the end of the article and everything after that first quote will be deleted... So one for security and two for integrity reasons, you should use MRES and stripslashes to do what you want (if i'm understanding you correctly) As far as preseving the HTML (so it puts code in <b> in bold rather than just echoing <b> you need to use htmlentities() when sending code to the database and html_entity_decode() to display the code as bold rather than seeing <b>bold</b> in your article (as MasterAce14 was saying)
  19. So as MasterACE14 was saying earlier, use mysql_real_escape_string (MRES) (or mysqli_real_escape_string (MiRES)) to escape all the quotes in the body (1 security measure to prevent SQL injection) which would result in... Dear Sara O'Riley, This is an awesome article about...... turning into Dear Sara O\'Riley, This is an awesome article about...... and then use stripslashes when echoing ( $body = stripslashes($body); ) to turn it back into Dear Sara O'Riley, This is an awesome article about...... so the user sees it properly without all the \'s OR just listen to MasterACE14
  20. What's wrong with echo '<img src="WEB_ROOT/images/BeachSunset.jpg" width="200" alt="Picture: Beach Sunset." title="Picture: Beach Sunset.">' (using your original post as a template) Also you can define other columns in the DB, and use those variables to dynamically write the code attributes Maybe I'm missing something but at least to echo the images dynamically from the DB, this seems to be the way to do it... Are you also looking for how to insert the pictures into the DB?
  21. I have this site I just got all the error checking to work. It doesn't use a database yet but I was wondering as far what I have now, is there any simpler way to accomplish what I'm doing or does anybody have any suggestion on how to improve what I have? feel free to just copy all the pages and try it yourself and let me know if there is anything i forgot Thanks so much in advance -Genesis730 *** INDEX.PHP *** <?PHP session_start(); // Start our session include("display_forms.php"); include("functions.php"); include("errors.php"); if(isset($_POST['quickLogin'])){ $username = $_POST['quickUser']; $password = $_POST['quickPass']; $rememberMe = $_POST['rememberMe']; $_SESSION['result'] = checkLogin($username, $password, $rememberMe); if($_SESSION['result'][0] == NULL && $_SESSION['result'][1] == NULL){ // Login Successful! Set session variables $_SESSION['loggedIn'] = true; $_SESSION['username'] = $username; } else { // Something went wrong, display errors } } if($_SESSION['loggedIn']){ echo "<br /><div align='right'>Welcome back ".$username; echo "<br /><br />[ <a href='functions.php?logout=1'>Logout</a> ]</div>"; } else { form_quickLogin(); } ?> *** DISPLAY_FORMS.PHP *** <?PHP function form_quickLogin() { $username = $_POST['quickUser']; $password = $_POST['quickPass']; $rememberMe = isset($_POST['rememberMe']) ? " checked" : ""; echo "<form action='index.php' method='POST' > <table cellspacing='0' cellpadding='0' border='0' align='right'> <tr> <td align='right'>Username </td><td align='left'><input type='text' class='input' name='quickUser' value='$username' maxlength='30'></td> </tr><tr> <td colspan='2' align='right'>"; if ($_SESSION['result'][0] != NULL){ $error = $_SESSION['result'][0]; echo "<font color='#FF0000'>$error</font>"; } else { echo " "; } echo "</td> </tr><tr> <td align='right'>Password </td><td align='left'><input type='password' class='input' name='quickPass' value='$password' maxlength='30'></td> </tr><tr> <td colspan='2' align='right'>"; if ($_SESSION['result'][1] != NULL){ $error = $_SESSION['result'][1]; echo "<font color='#FF0000'>$error</font>"; } else { echo " "; } echo "</td> </tr>"; if(REMEMBER_ME) { echo "<tr><td colspan='2' align='right'><br />Remember Me<input type='checkbox' class='checkbox' name='rememberMe' $rememberMe><input type='hidden' name='quickLogin' value='1'> <input type='submit' class='submit' value='Login'></td> </tr><tr> <td colspan='2' align='right'><br />[ <a href='forgotpass.php'>Forgot Pass</a> ] - [ <a href='register.php'>Register</a> ]</td> </tr> </table></form>"; } else { echo "<tr><td colspan='2' align='right'><br /> <input type='submit' name='quickLogin' class='submit' value='Login'></td> </tr> </table></form>"; } } unset($_SESSION['result']); ?> *** CONSTANTS.PHP *** <?PHP define("DB_SERVER", ""); define("DB_USER", ""); define("DB_PASS", ""); define("DB_NAME", ""); define("COOKIE_EXPIRE", 60*60*24*100); //100 days by default define("COOKIE_PATH", "/"); //Avaible in whole domain define("REMEMBER_ME", false); define("REGISTER_EMAIL_2X", false); define("REGISTER_PASSWORD_2X", true); ?> *** FUNCTIONS.PHP *** <?PHP session_start(); function checkLogin($username,$password,$rememberMe){ $username = "username~~#$*~~".sanitize($username); $password = "password~~#$*~~".$password; $rememberMe = "rememberMe~~#$*~~".$rememberMe; $result = errorCheck($username,$password,$rememberMe); return $result; } function sanitize($var) { $var = mysql_real_escape_string($var); return $var; } function desanitize($var) { $var = stripslashes($var); return $var; } // Logout if($_GET['logout']== "1"){ unset($_SESSION['loggedIn']); unset($_SESSION['username']); unset($_SESSION); session_destroy(); header("Location: index.php"); } ?> *** ERRORS.PHP *** <?PHP function errorCheck() { $error = array(); $numargs = func_num_args(); $arg_list = func_get_args(); for ($i = 0; $i < $numargs; $i++) { $colonPosition = strpos($arg_list[$i], '~~#$*~~') ; $field = substr( $arg_list[$i], 0, $colonPosition); $value = substr( $arg_list[$i], $colonPosition +7); if($field == "username"){ $result[0] = checkUsername($value); } if($field == "password"){ $result[1] = checkPassword($value); } if($field == "on"){ // WORKAROUND field == on if "Remember Me" is set. Set cookies accordingly! } } return $result; } function checkUsername($username) { $field = "username"; if(strlen(trim($username)) == 0) { // Username not entered $error[username] = "Username Blank"; // Resulting error message return $error[username]; } elseif(strlen(trim($username)) < 5) { // Username minimum length $error['username'] = "Username Too Short"; // Resulting error message return $error[username]; } elseif(strlen(trim($username)) > 32) { // Username maximum length $error['username'] = "Username Too Long"; // Resulting error message return $error[username]; } } function checkPassword($password) { $field = "password"; if(strlen(trim($password)) == 0) { // Password not entered $error[password] = "Password Blank"; // Resulting error message return $error[password]; } elseif(strlen(trim($password)) < 5) { // Password minimum length $error['password'] = "Password Too Short"; // Resulting error message return $error[password]; } elseif(strlen(trim($password)) > 32) { // Password maximum length $error['password'] = "Password Too Long"; // Resulting error message return $error[password]; } } function checkEmail($email) { $field = "emailaddress"; } ?>
  22. How could I implement that into my code and be able to return the error string(s) onto the prior page with the form...
  23. So I have this site I'm trying to do and thought it would be a lot shorter and easier to modify if you only had to use one function to check for errors for a particular type of input (username, email, password, name, etc.) So instead of copying each function and having it in 5 places, only use one function... Now I do have it working, I think... However it's not idiot-proof reason being if they input a : then it messes up. So my question is this, does anybody know if there is a better approach at this or can anyone improve on my code to make it function the way i'd like it to??? Thanks in advance *** INDEX.PHP *** <?PHP session_start(); // Start our session include("display_forms.php"); // Include display_forms.php to display the login form include("functions.php"); if($_SERVER["REQUEST_METHOD"] == "POST"){ // TEST IF form was submitted and method is POST (login form) $username = $_POST['quickUser']; $password = $_POST['quickPass']; $rememberMe = $_POST['rememberMe']; if(checkLogin($username, $password, $rememberMe)){ // Functions.php -> checkLogin function // Login Successful! Set session variables $_SESSION['loggedIn'] = true; $_SESSION['username'] = $username; } else { // Something went wrong, display errors } } if($_SESSION['loggedIn']){ echo "<br /><div align='right'>Welcome back ".$username."</div>"; echo "[ <a href='functions.php'>Logout</a> ]"; } else { form_quickLogin(); } ?> *** DISPLAY_FORMS.PHP *** <?PHP function form_quickLogin() { echo "<form action='index.php' method='POST'> <table cellspacing='0' cellpadding='0' border='0' align='right'> <tr> <td align='right'>Username </td><td align='left'><input type='text' class='input' name='quickUser' value='$username' maxlength='30'></td> </tr><tr> <td colspan='2' align='right'>"; if (isset($error[username])){ $error = $functions->$error['username']; echo "<font color='#FF0000'>$error</font>"; } else { echo " "; } echo "</td> </tr><tr> <td align='right'>Password </td><td align='left'><input type='password' class='input' name='quickPass' value='$password' maxlength='30'></td> </tr><tr> <td colspan='2' align='right'>"; if (isset($_SESSION['$empty']) && in_array('quickPass', $_SESSION['$empty'])){ echo "<font color='#FF0000'>Please Enter Password</font>"; } else { echo " "; } echo "</td> </tr>"; if(REMEMBER_ME) { echo "<tr><td colspan='2' align='right'><br />Remember Me<input type='checkbox' class='checkbox' name='rememberMe' $rememberMe><input type='hidden' name='quickLogin' value='1'> <input type='submit' class='submit' value='Login'></td> </tr><tr> <td colspan='2' align='right'><br />[ <a href='forgotpass.php'>Forgot Pass</a> ] - [ <a href='register.php'>Register</a> ]</td> </tr> </table></form>"; } else { echo "<tr><td colspan='2' align='right'><br /><input type='hidden' name='quickLogin' value='1'> <input type='submit' name='quickLogin' class='submit' value='Login'></td> </tr><tr> <td colspan='2' align='right'><br />[ <a href='forgotpass.php'>Forgot Pass</a> ] - [ <a href='register.php'>Register</a> ]</td> </tr> </table></form>"; } } ?> *** FUNCTIONS.PHP *** <?PHP session_start(); include("errors.php"); function checkLogin($username,$password,$rememberMe){ $username = "username:".$username; $password = "password:".$password; errorCheck($username,$password,$rememberMe); } function logout() { unset($_SESSION['loggedIn']); unset($_SESSION['username']); unset($_SESSION); session_destroy(); return; } ?> *** ERRORS.PHP *** <?PHP function errorCheck() { $error = array(); $numargs = func_num_args(); $arg_list = func_get_args(); for ($i = 0; $i < $numargs; $i++) { $explode = explode(":", $arg_list[$i]); $field = $explode[0]; $value = $explode[1]; if($field == "username"){ checkUsername($value); } if($field == "password"){ checkUsername($value); } if($field == "email"){ checkUsername($value); } } } function checkUsername($username) { $field = "username"; if(!isset($username)) { // Username not entered $error[username] = "Username Blank"; // Resulting error message return $error[username]; } elseif(strlen(trim($username)) < 5) { // Username minimum length $error['username'] = "Username Too Short"; // Resulting error message return false; } elseif(strlen(trim($username)) > 32) { // Username maximum length $error['username'] = "Username Too Long"; // Resulting error message return false; } else { return true; } } function checkPassword($password) { $field = "password"; if(!isset($password)) { // Password not entered $error[password] = "Password Blank"; // Resulting error message return false; } elseif(strlen(trim($password)) < 5) { // Password minimum length $error['password'] = "Password Too Short"; // Resulting error message return false; } elseif(strlen(trim($password)) > 32) { // Password maximum length $error['password'] = "Password Too Long"; // Resulting error message return false; } else { return true; } } function checkEmail($email) { $field = "emailaddress"; } ?>
  24. I have this script that takes a UNIX timestamp and determines how long it will be or has been since the timestamp... I was hoping somebody could help me modify it to also show the current array plus the one before it... so if there's 1 week, it'll show x days or if theres 1 month it'll show x weeks, etc... to get a more accurate reading. Here is the script... <?php function timeSince($timestamp) { $chunks = array( array(60 * 60 * 24 * 365 , 'year'), array(60 * 60 * 24 * 30 , 'month'), array(60 * 60 * 24 * 7, 'week'), array(60 * 60 * 24 , 'day'), array(60 * 60 , 'hour'), array(60 , 'minute'), array(1, 'second') ); $since = time() - $timestamp; for ($i = 0, $j = count($chunks); $i < $j; $i++) { $seconds = $chunks[$i][0]; $name = $chunks[$i][1]; if(($count = floor($since / $seconds)) != 0) break; } $printtime = ($count == 1) ? "1 {$name}" : "$count {$name}s"; return $printtime . " ago"; } function timeUntil($timestamp) { $chunks = array( array(60 * 60 * 24 * 365 , 'year'), array(60 * 60 * 24 * 30 , 'month'), array(60 * 60 * 24 * 7, 'week'), array(60 * 60 * 24 , 'day'), array(60 * 60 , 'hour'), array(60 , 'minute'), array(1, 'second') ); $until = $timestamp - time(); for ($i = 0, $j = count($chunks); $i < $j; $i++) { $seconds = $chunks[$i][0]; $name = $chunks[$i][1]; if(($count = floor($until / $seconds)) != 0) break; } if($count < 0) return "Expired ".timeSince($original); $printtime = ($count == 1) ? "1 {$name}" : "$count {$name}s"; return $printtime; } ?>
  25. Instead of echo try header('location: ./page1.php'); That is assuming page1.php is in one folder above the current page
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.