insrtsnhere13
Members-
Posts
64 -
Joined
-
Last visited
Never
Profile Information
-
Gender
Not Telling
insrtsnhere13's Achievements
Member (2/5)
0
Reputation
-
Having some trouble with my uploading script. My host isnt helping very much either, here is the script im using to try and upload pdf files. <?php $target_path = "/testsite/flyers/"; $target_path = $target_path . basename( $_FILES['uploadedfile']['name']); if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) { echo "The file ". basename( $_FILES['uploadedfile']['name']). " has been uploaded"; } else{ echo "There was an error uploading the file, please try again!"; } ?> I always end up getting the error echo though, any help? Please post if i need to give any more info.
-
[SOLVED] Parse error: syntax error, unexpected T_STRING
insrtsnhere13 replied to scrap0346's topic in PHP Coding Help
change [code] <?php if(isset($_SESSION['username'])) { $data = mysql_fetch_array(mysql_query('SELECT * FROM `users` WHERE `username`="'.$_SESSION['username'].'"')); echo 'You are logged in, '.$_SESSION['username'].'. [/code] to [code] <?php if(isset($_SESSION['username'])) { $data = mysql_fetch_array(mysql_query('SELECT * FROM `users` WHERE `username`="'.$_SESSION['username'].'"'); ); echo 'You are logged in, '.$_SESSION['username'].'. [/code] -
sorry to thread jack but is that all that is required to treat forms? what about forms with larger content such as a message or forum post?
-
field not being entered into database..
insrtsnhere13 replied to insrtsnhere13's topic in PHP Coding Help
Oh, sorry, i did a little more troubleshooting and found out what the problem was.. it didnt like echoing the $receiver variable after hitting post.. so i just made another hidden field with that variable in it.. thanks! -
Hey everyone, little bit of background info. Trying to make a private messaging system. I have a form on a profile page that just submits the users id to a sendmessage.php file where the actual script is. Problem is, the receiver's id is not being placed in the database.. heres the code: Relevant parts of viewprofile.php: [code] <?php $user = $_GET['user']; ?> <form action="sendmessage.php" method="post"> <input type="hidden" name="receiver" value="<?php echo "$user"; ?>"> <input type="submit" value="Send user a message"></form> [/code] sendmessage.php: [code] <?php $receiver = $_POST['receiver']; //sender would be = $_SESSION['id']; $sender = "000002"; $date = date("l, F d, Y - h:i A"); if(!isset($_POST['submit'])) { //form hasnt been submitted ?> Send a message<br> <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post"> Message:<br> <textarea name="message" cols="40" rows="10"></textarea><br><br> <input type="submit" name="submit" value="Post"></form> <?php } else { $message = $_POST['message']; $message = stripslashes($message); include("connect.php"); $query = "INSERT INTO messages (sender, receiver, message, date) VALUES('$sender', '$receiver', '$message', '$date')"; $result = mysql_query($query) or die ("Error in query: $query. ".mysql_error()); echo "Your message was sent"; mysql_close($connection); } ?> [/code] everything is being placed into the database except receiver..
-
well.. if your table is large and have enough people you should be able to do this.. ORDER BY rank ASC
-
Just thought of something, security issue
insrtsnhere13 replied to insrtsnhere13's topic in PHP Coding Help
[!--quoteo(post=375493:date=May 20 2006, 09:34 AM:name=shoz)--][div class=\'quotetop\']QUOTE(shoz @ May 20 2006, 09:34 AM) [snapback]375493[/snapback][/div][div class=\'quotemain\'][!--quotec--] It wouldn't take a very complicated script to spam the site. The way you have it coded now means that the numbers are user submitted values. So, the tool can send whatever numbers it likes. Keep in mind that I'm not trying to discourage you. It's a good thing to be thinking about ways to secure your site and you should continue doing so. The "d" from the fread line has been removed to allow the post to the forum to go through. [code] <?php $host = 'yoursite.com'; $path = '/path/to/script.php'; $content = 'usernumber=1&number=0&number2=2&submit=Submit'; $length = strlen($content); $header = "POST $path HTTP/1.0\r\n" ."Host: $host\r\n" ."Content-Length: $length\r\n" ."Connection: close\r\n" ."\r\n" ."$content"; $fp = fsockopen($host, 80, $errno, $errstr, 15); if(!$fp) { print "couldn't connect<br />\n"; exit; } if (FALSE === fwrite($fp, $header)) { print "couldn't write to socket<br />\n"; exit; } $output = ''; while (!feof($fp) ) { //The "d" from the end of fread has been removed here $output .= frea($fp, 2048); } print $output; ?> [/code] EDIT: Btw, I do realize that you're saying that you're not trying to come up with a solution as effective as a CAPTHA but I think you're also saying that you don't want to come up with a solution thats very easy to break either. [/quote] Uhhh.. im not wuite sure, but i dont think this has anything to do with my post.. other than the info at the top about not trying to discourage me, and in regards to the script being able to enter whatever number it wants, since the numbers are randomly generated, a random number generator wouldnt work.. unless the script was actually made for this specific code.. and yes, this is not a maximum security code, just a thought on security thats a little easier to understand than a captcha -
Just thought of something, security issue
insrtsnhere13 replied to insrtsnhere13's topic in PHP Coding Help
went through this morning and wrote some code.. heres what I came up with, I think it works pretty good!! [code] <?php if(!isset($_POST[submit])) { $number = rand(0, 1000); $number2 = $number + 13; echo "Please enter a number greater than ".$number." and less than ".$number2; ?> <form method="POST" action="<?php $_SERVER["PHP_SELF"] ?>" <input type="text" name="usernumber" size="10"> <input type="hidden" name="number" value="<?php echo "$number"; ?>" <input type="hidden" name="number2" value="<?php echo "$number2"; ?>" <input type="submit" name="submit" value="Submit"> </form> <?php }else{ $usernumber = $_POST['usernumber']; $number = $_POST['number']; $number2 = $_POST['number2']; if ($usernumber > $number && $usernumber < $number2) { echo "Correct!! $usernumber is inbetween $number and $number2"; }else { echo "Try again!!"; } } ?> [/code] -
Just thought of something, security issue
insrtsnhere13 replied to insrtsnhere13's topic in PHP Coding Help
yea, i knew this wasnt as good as a captcha code but i think that for a minimum threat level site, this would be more then enough to prevent someone from costantly spamming, or stop a simple program -
Just thought of something, security issue
insrtsnhere13 replied to insrtsnhere13's topic in PHP Coding Help
Yea, I mean, it really is a check and guess thing, but as long as the value remains the same, its a little easier to break, in my case, the number values always change.. there for inputting random numbers would yield far less results -
Hey guys, I just thought of any idea for form security, I dont think it could be nearly as good as a CAPTCHA image but its pretty good for basic protection from automatic form fillers. Couldnt it be possible to have an extra form field, which instructs the user to enter a number between a random set of numbers that are within a certain range of each other.. ie.. two random numbers are selected within say.. 13 numbers of each other. 26 and 39 the form instructs users to enter a number between 26 - 39. When the user enters the number, it is compared with the two and if it is found to be between the two numbers, the form is verified and the information is allowed to be sent, if not, it is rejected and is sent back with another set of random numbers.. obviously the hole in this is that a person could just keep entering random numbers until they get it right.. which is where bigger numbers come in. i understand it might be a little less convienient then a CAPTCHA but its seems a lot simpler to code let me know what you think
-
$appcounter++; thats the correct syntax
-
according to his code, I would assume its spanish. I could be horribly wrong though [img src=\"style_emoticons/[#EMO_DIR#]/wink.gif\" style=\"vertical-align:middle\" emoid=\":wink:\" border=\"0\" alt=\"wink.gif\" /]
-
Hey, recently installed php on my laptop and I cant do something like this... <? code ?> html code <? code ?> if have any other <? ?> on a page otehr than the first two, it doesnt parse anything after the added tag... this is make my include not working.. cuz some of my include are php scripts so i have to have the tags in there and when they get included the added tags messes up everything.. please help!
-
403 Forbidden Error when attempting to post
insrtsnhere13 replied to insrtsnhere13's topic in PHP Coding Help
found something else.. if i do <? include("nav.php"); ?> i get a blank screen.. if i do <?php include("nav.php"); ?> i get what i need.. anyone know a way to disable that <?php thing so i can just do <? and if i do something like.. have part of a php script at the top, end the <? ?> somewhere in the middle to display html without having to worry about echos and the reopen the php tags.. it messes up that page and display the rest of the php coding without parsing it