jcbones
Staff Alumni-
Posts
2,653 -
Joined
-
Last visited
-
Days Won
8
Everything posted by jcbones
-
It's not often I catch something you missed, it is usually the other way around. Thought I would rub it in a little.
-
But, since there is no real reason to have a variable to be the same as the value, I would suggest. echo("\t\t<td><a href='reviews2.php?$id='>" . "$id" . "</a>"); //could easily be written as: echo "\t\t<td><a href='reviews2.php?id=$id'>$id</a>"; See what I did there?
-
<?php session_start(); $token = (!isset($_GET['token'])) ? md5($_SERVER['HTTP_USER_AGENT'] . time()) : $_GET['token']; $_SESSION['token'] = (empty($_SESSION['token'])) ? $token : $_SESSION['token']; if($token != $_SESSION['token']) { exit('Invalid security measures!'); } ?> <a href="?token=<?php echo $token;?>">Next</a> If the hijacker doesn't have the token, he cannot access the page.
-
There has to be a better way to construct this?
jcbones replied to DBookatay's topic in PHP Coding Help
Here is a listing of holidays that I found buried deep in my library. Couple of years old, may need some added. if($monthName == 'January') { //New Years $holiday[$year]['01'][1]['New Years Day']['First Day of the Year'] = './images/flag.png'; $store_days[] = 1; } elseif($monthName == 'March' || $monthName == 'April') { //Easter $easter = explode(' ' ,date('m d Y', easter_date($year))); $holiday[$easter[2]][$easter[0]][$easter[1]]['Easter Sunday']['Easter Sunday'] = './images/egg.png'; } elseif($monthName == 'May') { //Mothers Day, Memorial Day. $mothersDay = date('j', strtotime('+1 week Sunday ' . $monthName . ' ' . $year)); $holiday[$year]['05'][$mothersDay]['Mothers Day']['Kiss your mother, it is her day.'] = './images/mother.png'; $memorialDay = (($mothersDay + 22) > $days_in_month) ? ($mothersDay + 22) - 7 : $mothersDay + 22; $holiday[$year]['05'][$memorialDay]['Memorial Day']['Support the Troops.'] = './images/soldier.png'; } elseif($monthName == 'June') { //Fathers Day $fathersDay = date('j',strtotime('+2 week Sunday June ' . $year)); $holiday[$year]['06'][$fathersDay]['Fathers Day']['Hug your father, it is his day.'] = './images/father.png'; } elseif($monthName == 'July') { //Independence Day $holiday[$year]['07'][4]['Independence Day']['Celebrate Freedom'] = './images/flag.png'; } elseif($monthName == 'September') { //Patriot Day $holiday[$year]['09'][11]['Patriot Day']['Memorial of the Twin Towers'] = './images/patriot.png'; $laborDay = date('j',strtotime('+0 week Monday September ' . $year)); $holiday[$year]['09'][$laborDay]['Labor Day']['National Holiday'] = './images/worker.png'; } elseif($monthName == 'November') { //Thanksgiviing switch($day_of_week){ case "Sun": $add = 25; break; case "Mon": $add = 24; break; case "Tue": $add = 23; break; case "Wed": $add = 22; break; case "Thu": $add = 21; break; case "Fri": $add = 27; break; case "Sat": $add = 26; break; } $thanksgiving = $add + 1; $holiday[$year][11][$thanksgiving]['Thanksgiving Day']['Give thanks for everything we have.'] = './images/turkey.png'; } elseif($monthName == 'December') { //Christmas $holiday[$year][12][25]['Christmas Day']['Celebrating the Birth of Jesus Christ'] = './images/ctree.png'; } -
If someone rides in on a session id, they will get the regenerate code as well. I think the most common way is to use tokens. Where tokens are set in the URL (usually a md5 hash of browser and time), then checked against the same token saved in the session.
-
calculating elapsed time between pageload and page submission
jcbones replied to peppericious's topic in PHP Coding Help
<?php if(isset($_POST['submit'])) { $time_start = $_POST['generated']; $time_end = time(true); $time = $time_end - $time_start; if($time < 2) { // form submitted in less than 2 seconds echo "You're a vile spammer.<br /><br />"; } else { echo "Phew, you're human, I can go ahead and process your data.<br /><br />"; } echo $time . " seconds elapsed before hitting Submit."; // for my own info } ?> <form id='form1' method='POST' action=''> <input type='hidden' name='generated' value='<?php echo time(); ?>' /> <input name='submit' type='submit' value='submit'> </form> -
The function works for me. test input: [b]Bold[/b] [center]Center[/center] [i]Italics[/i] [list][*]Ordered List[/list] [u]Underline?[/u] [size=3]Font Size 3[/size] [color=green]Green Text[/color] <br /> Output: <b>Bold</b> <center>Center</center> <i>Italics</i> <ol><li>Ordered List</li></ol> <u>Underline?</u> <font size="3">Font Size 3</font> <font color="green">Green Text</font>
-
Passing the user level to the has_access function should return a true or false, that is what you should check. You cannot pass operators in the function arguments like that. Being that we don't have access to the has_access() function, we cannot point you in the right direction. However, for you second problem. Replace your BBCode function with this snippet, and you can type [reset] and it will clear the file for you (it writes [reset] at the top of the file). function resetLog() { $logFilename = 'log.txt'; //filename. file_put_contents($logFilename,'[reset]'); //open the file, overwrite the contents with the string [reset], close the file. return true; //return true. } function BBCode ($string) { //looking for the reset code if(strpos($string,'[reset]') !== false) { //if string is found. resetLog(); //call the reset function. $string = str_replace('[reset]','',$string); //delete the string [reset] from the input. } $search = array( '#\[center\](.*?)\[/center\]#si', '#\[list\](.*?)\[/list\]#si', '#\[li\](.*?)\[/li\]#si', '#\[b\](.*?)\[/b\]#si', '#\[br\](.*?)\[/br\]#si', '#\[i\](.*?)\[/i\]#si', '#\[u\](.*?)\[/u\]#si', '#\[img\](.*?)\[/img\]#si', '#\[url=http://(.*?)\](.*?)\[/url\]#si', '#\[size=(.*?)\](.*?)\[/size\]#si', '#\[font=(.*?)\](.*?)\[/font\]#si', '#\[color=(.*?)\](.*?)\[/color\]#si', '#\[code\](.*?)\[/code\]#si' ); $replace = array( '<center>\\1</center>', '<ol>\\1</ol>', '<li>\\1</li>', '<b>\\1</b>', '<br>\\1</br>', '<i>\\1</i>', '<u>\\1</u>', '<img src="\\1">', '<a href="\\1">\\2</a>', '<font size="\\1">\\2</font>', '<font family="\\1">\\2</font>', '<font color="\\1">\\2</font>', '<code>\\1</code>' ); return preg_replace($search, $replace, $string); }
-
1. Build a page that holds a form to insert a customers review into the database, specifying the company by it's unique key. 2. Link to the page using a $_GET parameter (unique key) that specifies the company. 3. Pull the reviews back to your original page with a database query, using the unique key to specify the company/ies. It looks like you have the database queries down, so things you need to look at are. $_GET You should have a table in your database similar to: CREATE TABLE IF NOT EXISTS `reviews` ( `id` int(11) NOT NULL AUTO_INCREMENT, `user_id` int(11) NOT NULL, `comment` text NOT NULL, `review_time` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP, `yes` int(4) NOT NULL DEFAULT '0', `no` int(4) NOT NULL DEFAULT '0', PRIMARY KEY (`id`) ); You can add a column if you need to approve reviews before they are shown.
-
PROBLEMS WITH COM (CRYSTAL REPORT 11 Y PHP 5)
jcbones replied to ysabelafuentes's topic in PHP Coding Help
-
<?php //Set calendar to current time. $date = strtotime('now'); //see manual for accepted formats. //This puts the day, month, and year in seperate variables $day = date('d', $date) ; $month = date('m', $date) ; $year = date('Y', $date) ; //This gets us the month name $monthName = date('F', $date) ; //Here we generate the first day of the month $first_day = mktime(0,0,0,$month, 1, $year) ; //Here we find out what day of the week the first day of the month falls on $day_of_week = date('w', $first_day) ; //Array to hold the days of the week. $days_of_week = array('Sun','Mon','Tues','Wed','Thurs','Fri','Sat'); //We then determine how many days are in the current month $days_in_month = cal_days_in_month(0, $month, $year) ; //Here we start building the table heads $calendar = '<table class="calendar">'; //first table row. $calendar .= '<tr>'; for($i = 0; $i < $days_in_month; $i++,$day_of_week++) { $day_of_week = ($day_of_week > 6) ? 0 : $day_of_week; $calendar .= '<td>' . $days_of_week[$day_of_week] . '</td>'; } $calendar .= '</tr>'; //second table row. $calendar .= '<tr>'; for($i = 1; $i < ($days_in_month + 1); $i++) { $calendar .= '<td>' . $i . '</td>'; } $calendar .= '</tr></table>'; //send the calendar to output. echo '<body>' . $calendar . '</body>'; ?>
-
What exactly is involved with using Authorize.net?
jcbones replied to Zane's topic in Application Design
Authorize.net says it better than I could even begin to explain it. -
If it is back, it is in the lower right hand corner of the page.
-
I do all of my processing before the output. Only echo'ing inside of HTML.
-
No, number_format accepts 1, 2, or 4 parameters, not 3. With those parameters, the first is the number being passed to the function, the second is the amount of decimal places to show, and the 3rd and fourth is for the separators (decimal, and thousands -> in that order).
-
Managing User View, Post, Reply permissions
jcbones replied to MargateSteve's topic in PHP Coding Help
You only need one user level, the higher it is, the higher the privi's. I hold them in my user table. example: 0 = guest or not logged in. 10 = regular user 20 = admin 30 = super admin 40 = etc. I always skip numbers to allow for future modification. The reason this works is a super admin has all the privileges of the previous numbers, and so on down the line. So, you don't have to check any further than the maximum level. In other words, if someone is allowed to post, then they already have permission to reply, and view. If they have the permission to upload a photo, then they already have permission to post, reply, and view. -
If you are storing in a comma delimited string, then you are doing MySQL wrong. It will lead to many headaches later. If you posted your database structure, and a sample of your data, then we could help you to properly structure it. To answer your question. If the contents of your CSV string is correctly structured: ie item1,item2,item3 and not item3,item1,item2. Your current code should work. Although, I think you could use str_replace and it would be faster. $value = $data["mysqlDataField"]; echo '<ul><li>' . str_replace(',','</li><li>',$value) . '</li></ul>';
-
How to avoid data duplication after page refresh
jcbones replied to believeinsharing's topic in PHP Coding Help
Couple of things you could do. 1. redirect the page back to itself after processing (without the GET params of course). 2. Hit the database prior to processing, to see if that exact row is already there, (query the database with every single bit of info you are fixing to put there, returns a row it is there). Either/or, and I'm sure there are other fine examples out there, these are just the most common that I see. -
<?php //for syntax highlighting class display_run_data { function __construct($mysqli){ $query="SELECT * FROM run_data"; $result=$mysqli->query($query); $num=$result->num_rows; //$row = $result->fetch_row(); //this selects the row, it needs to be in a while loop. $feilds = $mysqli->field_count; echo"<tr>"; while ($finfo = $result->fetch_field()) { echo "<td><a href=\"index.html?where=".$finfo->name."\">".strtoupper($finfo->name)."</a></td>"; } echo"</tr>"; while($row = $result->fetch_row() ) { //maybe here. echo "<tr>"; foreach ($row as $key=>$value){ echo "<td>".$value."</td>"; } echo "</tr>"; } } }
-
Yes, there is no PHP6.
-
ready code for login page Prepared Statements + AES encryption
jcbones replied to phpretarded's topic in PHP Coding Help
Turn on error reporting. <?php error_reporting(-1); ini_set('display_errors',1); -
ready code for login page Prepared Statements + AES encryption
jcbones replied to phpretarded's topic in PHP Coding Help
2 things. It is mysqli_stmt_execute, and you need to bind the results. // 5. EXECUTING THE STATEMENT mysqli_stmt_execute($stmt); //Bind the result. mysqli_stmt_bind_result($stmt,$company); OR, just keep it all in OOP. //4. BINDING THE PARAMETERS $stmt->bind_param('s', $username); // 5. EXECUTING THE STATEMENT $stmt->execute(); //Bind Result; $stmt->bind_result($company); -
1. You should be using COUNT(*), as you do not need the full result set. 2. You need to link to your image files, or let PHP create the image for you. The snippet below creates the image via PHP, you will need to do some tweaking. It is commented up, so that shouldn't be a problem. // Connect to the database include "connect.php"; // Query the database and get the count $result = mysql_query("SELECT COUNT(*) FROM tablename"); $rows = mysql_fetch_row($result); $num_rows = $rows[0]; // Display the results echo '<img src="image.php?gen=' . $num_rows . '" alt="' . $num_rows . '" />'; image.php <?php header('Content-type: image/png'); $text = $_GET['gen']; $font = 'fonts/A.C.M.E._Explosive_Bold.ttf'; //location of your true type font. // Create the image $im = imagecreatetruecolor(800,600); //800x600 // Create some colors $white = imagecolorallocate($im, 255, 255, 255); $grey = imagecolorallocate($im, 150, 150, 150); $black = imagecolorallocate($im, 0, 0, 0); imagefilledrectangle($im, 0, 0, 799, 599, $white); // Add some shadow to the text imagettftext($im, 20, 0, 31, 30, $grey, $font, $text); // Add the text imagettftext($im, 20, 0, 30, 29, $black, $font, $text); // Using imagepng() results in clearer text compared with imagejpeg() imagepng($im); //create the image. imagedestroy($im); //remove image from memory. ?>
-
Try: <?php //important, if short tags are turned off <? will not do anything. echo $_POST['Jack']; ?>
-
Tizag is a much better tutorial than w3schools. As w3schools will often lead you down the wrong path. One thing that neither will tell you is how important data sanitation and validation are. If you get stuck, we can help. If you have a question, we can help.