Jump to content

PaulRyan

Members
  • Posts

    876
  • Joined

  • Last visited

  • Days Won

    4

Everything posted by PaulRyan

  1. You need to check if the form has been posted before you validate the information. <?PHP if($_SERVER['REQUEST_METHOD'] == 'POST') { // form has been posted } ?>
  2. You could set a session variable on model.php, something like $_SESSION['model_redirect'] = true; Then on the form.php page, check to see if the session variable is set. If it is, then it was redirected from model.php, else it wasn't.
  3. You have OnClick on the buttons within the form, please post those functions. I'm assuming they submit the form, but when the form is submitted, you are returning false which cancels the submit action.
  4. You don't need the space after "Location:", if you had tried it, you would see it works without the space.
  5. Why keep jumping in and out of PHP tags dungpt29? Use this, as it will not produce any errors when error reporting is turned on (and it should be) <?PHP error_reporting(-1); $qry=mysql_query("SELECT * FROM reg_table where id=$id "); $res=mysql_fetch_array($qry); $radio = $res['gender']; switch($radio) { case 'male': $mal = true; break; case 'female': $fem = true; break; } ?> Gender: <br /> <input type="radio" name="colour" value="male" <?php echo isset($mal) ? 'checked' : '' ; ?> />Male <input type="radio" name="colour" value="female" <?php echo isset($fem) ? 'checked' : '' ; ?> />Female *Edit - Should the name of the check boxes be "gender" and not "colour"?
  6. You have updated the wrong file then, my suggestion would fix the 2 "Use of undefined constant" errors.
  7. $email = isset($_GET['email']) ? $_GET['email'] : FALSE ; Then add in a check to make sure $email is not false. if(empty($email)) { // The variable $_GET['email'] doesn't exist. } else { // Other code. } You also need to escape the variable before you use it in a query, to make sure it is safe to use.
  8. The code I posted works for those examples too. Just need this line: $Id = strtok($Id, "_") .'_'. strtok("_"); I only wrote the rest as an example, so you can see it's output.
  9. Requinix's example is just as easy and is quicker. <?PHP $Id = '15969_D55T_000'; $Id = strtok($Id, "_") .'_'. strtok("_"); echo $Id; ?>
  10. http://www.timeanddate.com/time/time-zones-interesting.html
  11. The server will still receive the data back, it's up to the server/page requesting the data what it does with it. Example: 1 - Page with auto submit form sends data via cURL to process page. 2 - Process page processes the form submission, and will return what ever output is generated. 3 - The page that submitted the form will then receive the output from the process page. 4 - You will then output the data to the end user.
  12. There is a few things I see wrong with the script at the minute. 1 - You haven't turned on error reporting, see here Error Reporting 2 - You are using MySQL, you should really be looking into MySQLi 3 - You are not validating the incoming form data before using it in your queries (previously mentioned by another user) 4 - You should be processing all PHP before any output to the browser, before this line <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> 5 - You are using MD5() for hasing your passwords, you should look into the PHPass Library This line here, you are using msql instead of mysql. $query = msql_query("SELECT * FROM users WHERE username='$user'"); Look into using isset/empty for checking whether variables are set and if they are empty etc.
  13. The script would record the server IP as it is the server making the request and not a client/end user.
  14. You have missed the $ off both the following lines. if (user_level == 1) { if (user_level == 2) {
  15. I can see quite a few things wrong with this, before any errors you are currently getting. Firstly, do not use GLOBAL, if you have to use globals, you're doing it wrong. Pass the connection to the function instead. Secondly, you do not sanitize any incoming data. You need to make sure all data is safe to use in queries. Thirdly, you should also pass the $_POST variables to the functions after sanitizing it. For some reason you are connecting with MySQLi at the top of the file, then connecting with MySQL later on in the file. Pick one and stick with it, MySQLi is the better option.
  16. I cannot edit my last post, take a look at this. I have changed around some of the logic, as I was getting a lot of errors when I ran the code on my dev setup. I have replace ereg with preg_match. I have used ternary operators for some of the assignment of variables. I have removed unneeded variables best I can. Instead of echo-ing from the function, I have chosen the return any error information. <?PHP //### Process valid_repair_upgradeform error_reporting(-1); //### Get Data From Form $confirmation_number = isset($_POST['confirmation_number']) ? $_POST['confirmation_number'] : FALSE ; $Email = isset($_POST['Email']) ? $_POST['Email'] : FALSE ; $List = array(); //### Validate confirmation number if(empty($confirmation_number)) { echo 'No confirmation number.'. PHP_EOL; exit; } else { //### Remove anything that is a not a number $confirmation_number = preg_replace('#[\D]#', '', $confirmation_number); } //### Validate e-mail address if(empty($Email)) { echo 'No e-mail address.'. PHP_EOL; exit; } else if(($emailError = check_email_address($Email)) !== true) { echo $emailError; exit; } //Define Variable(s) $date = date("D d M Y - H:i:s "); $my_file = "s_vcs.txt"; $my_path = $_SERVER['DOCUMENT_ROOT']."/home/users/web/b686/dom.horacela/public_html/"; $my_name = "Newbieca"; $my_mail = "coon-a@gmx.com"; $my_replyto = "coon-a@gmx.com"; $my_subject = "Order Validated"; $my_message = "This order was validated Confirmation Number: $confirmation_number on Date: $date.\r\n\r\n"; //### Check if file is writable if(!is_writable($my_file)) { echo 'The file is not writable.'. PHP_EOL; exit; } //### Search file for Confirmation_number. If found call function $searchfor = preg_replace('#[\D]#', '', $confirmation_number); //### Check if file is readable if (!is_readable($my_file)) { echo 'The file is not readable'. PHP_EOL; exit; } else { //### Open the file for reading $fh = fopen($my_file, "r+"); $olddata = fread($fh, filesize($my_file)); //### Search a match if(strpos($olddata, $searchfor) != FALSE) { echo 'Found it!'; echo mail_attachment($my_file, $my_path, "horacfe@netscape.com", $my_mail, $my_name, $my_replyto, $my_subject, $my_message); echo email(); } fclose($fh); } //FUNCTION(S) function check_email_address($Email) { // First, we check that there's one @ symbol, and that the lengths are right if (!preg_match("/^[^@]{1,64}@[^@]{1,255}$/", $Email)) { // Email invalid because wrong number of characters in one section, or wrong number of @ symbols. return "Email invalid because wrong number of characters in one section, or wrong number of @ symbols.\n"; } // Split it into sections to make life easier $Email_array = explode("@", $Email); $local_array = explode(".", $Email_array[0]); for ($i = 0; $i < sizeof($local_array); $i++) { if(!preg_match("/^(([A-Za-z0-9!#$%&'*+\/=?^_`{|}~-][A-Za-z0-9!#$%&'*+\/=?^_`{|}~\.-]{0,63})|(\"[^(\\|\")]{0,62}\"))$/",$local_array[$i])) { return "Split it into sections to make life easier\n"; } } if (!preg_match("/^\[?[0-9\.]+\]?$/",$Email_array[1])) { // Check if domain is IP. If not, it should be valid domain name //echo "Check if domain is IP. If not, it should be valid domain name\n"; //echo "<br />\n"; $domain_array = explode(".", $Email_array[1]); if(sizeof($domain_array) < 2) { return "Not enough parts to domain\n"; } for ($i = 0; $i < sizeof($domain_array); $i++) { if(!preg_match("/^(([A-Za-z0-9][A-Za-z0-9-]{0,61}[A-Za-z0-9])|([A-Za-z0-9]+))$/", $domain_array[$i])) { return false; } } } return true; }// End of email check function function mail_attachment($filename, $path, $mailto, $from_mail, $from_name, $replyto, $subject, $message) { // Email phpnewbieca with attachment global $date, $my_file, $my_path, $my_name, $my_mail, $my_replyto, $my_subject, $my_message, $confirmation_number, $Email, $List, $my_file, $searchfor, $fh, $olddata; // $file = $path.$filename; $file_size = filesize($file); $handle = fopen($file,"r"); $content = fread($handle,$file_size); fclose($handle); $content = chunk_split(base64_encode($content)); $uid = md5(uniqid(time())); $name = basename($file); $header = "From: ".$from_name." <".$from_mail.">\r\n"; $header .= "Reply-To: ".$replyto."\r\n"; $header .= "MIME-Version: 1.0\r\n"; $header .= "Content-Type: multipart/mixed; boundary=\"".$uid."\"\r\n\r\n"; $header .= "This is a multi-part message in MIME format.\r\n"; $header .= "--".$uid."\r\n"; $header .= "Content-type:text/plain; charset=iso-8859-1\r\n"; $header .= "Content-Transfer-Encoding: 7bit\r\n\r\n"; $header .= $message."\r\n\r\n"; $header .= "--".$uid."\r\n"; $header .= "Content-Type: application/octet-stream; name=\"".$filename."\"\r\n"; // use different content types here $header .= "Content-Transfer-Encoding: base64\r\n"; $header .= "Content-Disposition: attachment; filename=\"".$filename."\"\r\n\r\n"; $header .= $content."\r\n\r\n"; $header .= "--".$uid."--"; if(mail($mailto, $subject, "", $header)) { return "mail attachment send ... OK <br>"; // or use booleans here } else { return "mail attachment send ... ERROR!<br>"; } }//~End of mail attachment function function email() { // Email Customer HTML global $date, $my_file, $my_path, $my_name, $my_mail, $my_replyto, $my_subject, $my_message, $confirmation_number, $Email, $List, $my_file, $searchfor, $fh, $olddata; //Stuff Array $List[0] = isset($_POST['confirmation_number']) ? $confirmation_number.' <br><br>' : '' ; $List[1] = isset($_POST['Email']) ? $Email.'<br>' : '' ; $to = "$Email"; $subject = "RE: Validation of Repair/Upgrade Order\n\n"; //begin of HTML message $message = <<<EOF <html> <body BGCOLOR='tan' TEXT='black'><br> <br> <Font size="1+"><b>Thank you for validating your order $date.</font></b><br> CONFIRMATION NUMBER: $List[0] <Font size="1+">Please visit us again <a href="http://www.horacefranklinjr.com/"> Horace's Home Computer Repair<Font></a> </body> </html> EOF; //end of message $headers = "Mime-Version: 1.0" . "\r\n"; $headers .= "Content-type: text/html; charset=iso-8859-1" ."\r\n"; $headers .= "Sensitivity: Personal" . "\r\n"; $headers .= "From: $From" . "\r\n"; $headers .= "Reply To: $From" . "\r\n"; $headers .= "Return-Path: $From" . "\r\n"; $headers .= "X-Priority: 1 (Highest)" . "\r\n"; $headers .= "X-MSMail-Priority: High" . "\r\n"; $headers .= "Importance: High" . "\r\n"; // now lets send the email. if(mail($to, $subject, $message, $headers)) { return "mail send ... OK <br>"; // or use booleans here } else { return "mail send ... ERROR! <br>"; } } ?>
  17. You are running a different version of the file, as I cannot see I can't find the number you are searching for anywhere in the code you have provided.
  18. If it is ALWAYS going to be a number, just preg_replace anything that isn't a number? Example $searchfor =preg_replace('#[\D]#', '', $confirmation_number);
  19. Allow the user to select their timezone and then use that timezone to define when they can next do the task etc.
  20. <?PHP //### Start the session session_start(); //### Include config include('config.php'); //### Start output $cartOutput = ''; $answerOutput = ''; //### If session cart is not set, remove it if(!isset($_SESSION['cart'])) { $_SESSION['cart'] = array(); } //### Add item to cart if(isset($_GET['hello'])) { $itemID = isset($_GET['cart']) ? $_GET['cart'] : FALSE ; if(!empty($itemID)) { array_push($_SESSION['cart'], $itemID); } } //### Display cart if items exist if(isset($_SESSION['cart'])) { foreach($_SESSION['cart'] as $value) { $cartOutput .= $value.' <br>'; } } //### Select items from database $selectAnswersQuery = "SELECT `answer` FROM `answers`"; $selectAnswers = mysql_query($selectAnswersQuery) OR DIE (mysql_error()); //### Check to see if rows are returned if(mysql_num_rows($selectAnswers)) { while($row = mysql_fetch_assoc($selectAnswers)) { $answerOutput .= '<a href="m.php?cart='. $row['answer'] .'&hello=yes">'. $row['answer'] .'</a><br>'; } } else { $answerOutput .= 'No rows returned. <br>'; } //### Display output echo $answerOutput; echo $cartOutput; ?>
  21. The logic in the pchange.php file is flawed. You are using variables that are not set in your queries ($hash_pass) You aren't checking to make sure the record exists before changing the password. You don't give any understandable feedback unless they have successfully changed their password. You need to move away from MD5() hashing passwords and looking into something more secure blowfish() for example, or the phpass library
  22. AbraCadaver is correct, you want to create the query to select MORE than 1 row. When you have selected the rows, then use a while loop to iterate over the returned rows and display them how you wish.
  23. This line: $fh = fopen(MyfFile, "r"); You are missing the $ from infront of MyFile
  24. Wouldn't it be $splititupsomemore[4] ? Unless I'm missing something. There are 5 elements to each line, and the last one is the element that may or may not be there.
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.