Jump to content

serverman

Members
  • Posts

    215
  • Joined

  • Last visited

Profile Information

  • Gender
    Not Telling

serverman's Achievements

Regular Member

Regular Member (3/5)

0

Reputation

  1. I will think about it. Honestly the whole point of this project was really learn a lot more about php. I've just always used it to just get by when needed and I stopped doing web design work a few years ago.(Joined the military) but php is just a fun hobby I am trying to pick back up. For me I don't see the challenge in a framework. I need a challenge or I get bored.
  2. OK. Yeah my plan was to clean it up to make it more read able but maybe you are right and I should first attack the security then clean it. I got the login system off of github but yeah its a dead project on it. So I guess now I will dump the login system that I have, then fix all the XSS issues in my code. Then work in or write a new login system. I think removing the current member system will make it way easier to clean up the code.
  3. I'm working on my first real project that I coded (other than the user system). I could use some help to know what I could and should clean up in my coding. I am self taught. I know I need to add sanitize codes to the field inputs and that is in the works. Do you see something that would make more sense to be a function in the functions.php include? Index.php <?php include_once 'includes/db_connect.php'; include_once 'includes/functions.php'; sec_session_start(); $PageTitle="Open Managment"; function customPageHeader(){?> <script type="text/JavaScript" src="js/sha512.js"></script> <script type="text/JavaScript" src="js/forms.js"></script> <!--Arbitrary HTML Tags--> <?php } include_once('includes/header.php'); if (isset($_GET['error'])) { echo '<p class="error">Error Logging In!</p>'; } if (login_check($mysqli) == true) : ?> <p>Welcome <?php echo htmlentities($_SESSION['username']); ?>! If you are done, please <a href="includes/logout.php">log out</a>.</p> <!--Arbitrary HTML Tags--> <?php $results = $mysqli->query("SELECT id, title, address, occupied FROM property"); ?> <div> <div class="propr"> <div class="propc"><h2>Property Title</h2></div> <div class="propc"><h2>Address</h2></div> <div class="propc"><h2>Occupied</h2></div> </div> <?php while($row = $results->fetch_array()) { ?> <div class="propr"> <div class="propc"><a href="list_prop.php?parent=<?= $row['id'] ?>"><?= $row["title"] ?></a></div> <div class="propc"><?= $row["address"] ?></div> <div class="propc"><?php if ($row["occupied"] == 1) {echo 'yes';} else { echo 'no'; }?></div> </div> <?php } print '</div>'; ?> <p> Add a new property:</p> <form action="newprop.php" method="post"> Property Name<input type="text" name="title"> Address<input type="text" name="address"> <input type="submit" value="Submit"> </form> <div> <?php $results = $mysqli->query("SELECT id, first_name, last_name, email, phone FROM tenant"); while($row = $results->fetch_array()) { ?> <div class="propr"> <div class="propc"><a href="list_tenant.php?parent=<?= $row['id'] ?>"><?= $row["first_name"] ?></a></div> <div class="propc"><?= $row["last_name"] ?></div> <div class="propc"><?= $row["email"] ?></div> <div class="propc"><?= $row["phone"] ?></div> </div> <?php } $mysqli->close(); ?></div> <p>Add tenant</p> <form action="new_tenant.php" method="post"> First Name<input type="text" name="fname"> Last Name<input type="text" name="lname"> Email<input type="text" name="email"> Phone Number<input type="text" name="phone"> <input type="submit" value="Submit"> </form> <?php else : echo '<p> You are currently logged out. Please log in.</p> <form action="includes/process_login.php" method="post" name="login_form"> Email: <input type="text" name="email" /> Password: <input type="password" name="password" id="password"/> <input type="button" value="Login" onclick="formhash(this.form, this.form.password);" /> </form>'; endif; ?> </body> </html> List_tenant.php <?php include_once 'includes/db_connect.php'; include_once 'includes/functions.php'; sec_session_start(); $PageTitle="Open Managment"; function customPageHeader(){?> <!--Arbitrary HTML Tags--> <?php } include_once('includes/header.php'); ?> <?php if (login_check($mysqli) == true) : ?> <p>Welcome <?php echo htmlentities($_SESSION['username']); ?>! If you are done, please <a href="includes/logout.php">log out</a>.</p> <span> You are veiwing:</span> <?php //get tenant name and current var $a = intval($_GET['parent']); $results = $mysqli->query("SELECT id, first_name, last_name, current FROM tenant WHERE id = '$a'"); while($row = $results->fetch_array()) { echo $row["first_name"], '&nbsp', $row["last_name"]; $current = $row["current"]; } $results->free(); if(isset($_POST['submit'])) { $prop_id = $_POST["prop_id"]; $tent_id = $_GET['parent']; $rent = $_POST["rent"]; $late = $_POST["late"]; $start_date = $_POST["start_d"]; $mysqli->query(" INSERT INTO tenancy (property_id, tent_id, rent, late, start_date, current) VALUES ('$prop_id', '$tent_id', '$rent', '$late', '$start_date', '1' ); "); $mysqli->query(" UPDATE tenant SET current='1' WHERE id=' $tent_id'; "); $mysqli->query(" UPDATE property SET occupied='1' WHERE id=' $prop_id'; "); $mysqli->close(); } elseif ($current == 0) { ?> <form action="list_tenant.php?parent=<?=$a?>" method="post"> <select name="prop_id"> <?php //get props for drop down $results = $mysqli->query("SELECT id, address FROM property"); while($row = $results->fetch_array()) { ?> <option value="<?= $row['id'] ?>"><?= $row["address"] ?></option> <?php } ?> </select> Rent Amount<input type="text" name="rent"> Late Fee<input type="text" name="late"> Move in date<input type="text" name="start_d"> <input type="submit" name="submit" value="submit"> </form> <?php $mysqli->close(); } elseif ($current == 1){ echo 'they live somewhere'; } ?> <p>tenancy info:</p> <?php else : ?> <p> <span class="error">You are not authorized to access this page.</span> Please <a href="index.php">login</a>. </p> <?php endif; ?> </body> </html> functions.php <?php include_once 'psl-config.php'; function sec_session_start() { $session_name = 'sec_session_id'; // Set a custom session name $secure = SECURE; // This stops JavaScript being able to access the session id. $httponly = true; // Forces sessions to only use cookies. if (ini_set('session.use_only_cookies', 1) === FALSE) { header("Location: ../error.php?err=Could not initiate a safe session (ini_set)"); exit(); } // Gets current cookies params. $cookieParams = session_get_cookie_params(); session_set_cookie_params($cookieParams["lifetime"], $cookieParams["path"], $cookieParams["domain"], $secure, $httponly); // Sets the session name to the one set above. session_name($session_name); session_start(); // Start the PHP session session_regenerate_id(); // regenerated the session, delete the old one. } function login($email, $password, $mysqli) { // Using prepared statements means that SQL injection is not possible. if ($stmt = $mysqli->prepare("SELECT id, username, password, salt FROM members WHERE email = ? LIMIT 1")) { $stmt->bind_param('s', $email); // Bind "$email" to parameter. $stmt->execute(); // Execute the prepared query. $stmt->store_result(); // get variables from result. $stmt->bind_result($user_id, $username, $db_password, $salt); $stmt->fetch(); // hash the password with the unique salt. $password = hash('sha512', $password . $salt); if ($stmt->num_rows == 1) { // If the user exists we check if the account is locked // from too many login attempts if (checkbrute($user_id, $mysqli) == true) { // Account is locked // Send an email to user saying their account is locked return false; } else { // Check if the password in the database matches // the password the user submitted. if ($db_password == $password) { // Password is correct! // Get the user-agent string of the user. $user_browser = $_SERVER['HTTP_USER_AGENT']; // XSS protection as we might print this value $user_id = preg_replace("/[^0-9]+/", "", $user_id); $_SESSION['user_id'] = $user_id; // XSS protection as we might print this value $username = preg_replace("/[^a-zA-Z0-9_\-]+/", "", $username); $_SESSION['username'] = $username; $_SESSION['login_string'] = hash('sha512', $password . $user_browser); // Login successful. return true; } else { // Password is not correct // We record this attempt in the database $now = time(); if (!$mysqli->query("INSERT INTO login_attempts(user_id, time) VALUES ('$user_id', '$now')")) { header("Location: ../error.php?err=Database error: login_attempts"); exit(); } return false; } } } else { // No user exists. return false; } } else { // Could not create a prepared statement header("Location: ../error.php?err=Database error: cannot prepare statement"); exit(); } } function checkbrute($user_id, $mysqli) { // Get timestamp of current time $now = time(); // All login attempts are counted from the past 2 hours. $valid_attempts = $now - (2 * 60 * 60); if ($stmt = $mysqli->prepare("SELECT time FROM login_attempts WHERE user_id = ? AND time > '$valid_attempts'")) { $stmt->bind_param('i', $user_id); // Execute the prepared query. $stmt->execute(); $stmt->store_result(); // If there have been more than 5 failed logins if ($stmt->num_rows > 5) { return true; } else { return false; } } else { // Could not create a prepared statement header("Location: ../error.php?err=Database error: cannot prepare statement"); exit(); } } function login_check($mysqli) { // Check if all session variables are set if (isset($_SESSION['user_id'], $_SESSION['username'], $_SESSION['login_string'])) { $user_id = $_SESSION['user_id']; $login_string = $_SESSION['login_string']; $username = $_SESSION['username']; // Get the user-agent string of the user. $user_browser = $_SERVER['HTTP_USER_AGENT']; if ($stmt = $mysqli->prepare("SELECT password FROM members WHERE id = ? LIMIT 1")) { // Bind "$user_id" to parameter. $stmt->bind_param('i', $user_id); $stmt->execute(); // Execute the prepared query. $stmt->store_result(); if ($stmt->num_rows == 1) { // If the user exists get variables from result. $stmt->bind_result($password); $stmt->fetch(); $login_check = hash('sha512', $password . $user_browser); if ($login_check == $login_string) { // Logged In!!!! return true; } else { // Not logged in return false; } } else { // Not logged in return false; } } else { // Could not prepare statement header("Location: ../error.php?err=Database error: cannot prepare statement"); exit(); } } else { // Not logged in return false; } } function esc_url($url) { if ('' == $url) { return $url; } $url = preg_replace('|[^a-z0-9-~+_.?#=!&;,/:%@$\|*\'()\\x80-\\xff]|i', '', $url); $strip = array('%0d', '%0a', '%0D', '%0A'); $url = (string) $url; $count = 1; while ($count) { $url = str_replace($strip, '', $url, $count); } $url = str_replace(';//', '://', $url); $url = htmlentities($url); $url = str_replace('&', '&', $url); $url = str_replace("'", ''', $url); if ($url[0] !== '/') { // We're only interested in relative links from $_SERVER['PHP_SELF'] return ''; } else { return $url; } } once I fix security issues I will upload my project to github. Im doing this as an open source property management app.
  4. So I noticed the home page has not been updated since last time I used the forum about 6 years ago. Isn't it about time to either do away with that or update it. I never liked it when it was added but now its kind of lame since its really outdated. why not just use forum.phpfreaks.com as the home page?
  5. Ok this should be the very last thing. So I'm working on the code for the auto update of the rent. I'm not sure how to start the loop. Here is the code so far <?php include_once 'includes/db_connect.php'; //before the loop $date = date(Y.m.d); $dt2 = new DateTime($date); //during $results = $mysqli->query("SELECT rent, start_date FROM tenancy WHERE tent_id ='$tent_id'"); while($row = $results->fetch_array()) { $rent = $row["rent"]; $movein = $row["start_date"]; } $results->free(); $dt1 = new DateTime($movein); $occupancy = $dt1->diff($dt2); $time = $occupancy->format('%m'); $updaterent = $time * -abs($rent); $mysqli->query("UPDATE payment SET amount='$updaterent' date'$date' WHERE tenancy_id='$tent_id'"); ?>
  6. The question was about doing things automatically. So I'll look I to chron jobs.
  7. OK makes sense so instead of making another table for keeping track of fees just add them into payment just make them negative. I'm sure it's obvious I'm not a real programmer and don't pretend to be but I'm trying to do this right and not just hack it together. Just a hobby for me. Lots a tutorials for me haha. Can you point me in the right direction to have it add rent at the first of the month I've never done anything like that.
  8. So I'm about caught up in my coding to get to the point of calculating rent, fees and such. tables now look like: (payment)id | tenancy_id | date | amount | amount_type_id | note (payment_type) id | type (property)id | title | address | occupied (tenancy)id | property_id | tent_id | rent | late | start_date | end_date | current (tenant)id | first_name | last_name | email | phone | current both currents and occupied are a tiny int for 1/0 if they are currently occupied or living somewhere updated with move out script so still thinking about the math I think I need a another table for storing fee amounts. I think math wise want to do it like this $rawrent = $months * $rent $rdue = $rawrent - $paid $totaldue = $rdue + $fees does that make since or is there a better way to do this
  9. mac_g that makes since. I was planning originally to have it where you just edit the property when someone else moves in but this works better because then you still have a record of the last person and such. thanks for the suggestion.
  10. benanamen, I like that idea will be adding that table. the plan for this is just to do the basic accounting for now. So far most of the software I have found is either an attempt to be your own personal zillow for doing listings or complex CMS. I will be checking out tenant cloud.
  11. I am working on a application to keep track of rent for multiple houses. Making this for a friend to use but once I have it working I'm going to put it out open source for anyone to use. So the only thing I'm stumped on is keeping track of late fees. I'm not sure where to start on this. late fees start if you haven't payed by the 5th of the month but is also waveable. I feel like I need to keep track of something else in the tables to do this right now I have 2 tables for it. Maybe add a balance table? one has the property info the other has payment info it looks like this: (propery) Id | title | address | rent | late | tenant | occupancy (payment) id | parent | date | note Any ideas would help math isn't my thing ha.
  12. So I just wanted to say hi again its been years since I logged in on here. I'm Back! Its also been years since I have payed with php but I have to say I love PHP7! I still type like a 10 year old and still cant spell haha.
  13. well it counts on the user to make sure the numbers add up... a script could easily auto detect errors..
  14. now you need to grow the database... maybe make it more like a wiki?
  15. Ive been trying to setup PHP realty today and it keeps giving me this output after I try installation method 1 dumpSQL = true; // set template path and file name $phprealty->construct(TEMPS,"theme.html"); // start session function startCMSSession(); // include urls include(INC."config.urls.php"); // lets get the page action for the content source $action = isset($_REQUEST['a']) ? $_REQUEST['a'] : 1; // PAGE SOURCE CHOOSER switch($action){ /********************************************************************/ /* content management - show the requested frame */ /********************************************************************/ case 1: // home page view $snippet = @file_get_contents(TEMPS."index.php"); break; case 2: // member login / logout $snippet = @file_get_contents(MGR."admin/man_login.php"); break; case 21: // main page for member area if($phprealty->checkLogin()==true){ $snippet = @file_get_contents(MGR."admin/index.php"); }else{ header("Location: index.php?a=2"); } break; case 3: // view listings $snippet = @file_get_contents(TEMPS."p_list.php"); break; case 31: // view propertys $snippet = @file_get_contents(TEMPS."p_view.php"); break; case 4: // search properties $snippet = @file_get_contents(TEMPS."p_search.php"); break; case 5: // list featured listings $snippet = @file_get_contents(TEMPS."f_list.php"); break; case 6: // about us page $snippet = @file_get_contents(TEMPS."about.php"); break; default : // this is a backup just incase the action does not get set above // default if no action was sent lets show a not valid error. $snippet = $notfound." "; $snippet .= $err404; break; }// end switch for frame source $phprealty->replace("title",SITENAME); // set title to site $phprealty->replace("WWW",WWW); // set the url to the start of the site $phprealty->parseSnippet(LANG,$_REQUEST); $content = $phprealty->parseSnippet($snippet,$_REQUEST); // run snippet content $content = $phprealty->parseSnippets($content,$_REQUEST); $phprealty->replace("content",$content); // replace content section based on above actions //$navigation = @file_get_contents(MGR."static/nav.php"); //$navigation = $phprealty->parseSnippet($navigation,$_REQUEST); // run navigation content //$phprealty->replace("navigation",$navigation); // replace navigation content $phprealty->replace("TEMPS",WTEMPS); // replace urls to point to the correct directory if($phprealty->dumpSQL){ echo $phprealty->queryCode; } print_r($phprealty->get()); // output the page ob_end_flush(); // ouput content } else { echo ' ERROR! while reading language file. Check file existence and properties (CHMOD) ';} ?> installation method 2 doesn't make it past step 2 This my manager/includes/config.inc.php // database connection information $database_type = "mysql"; $database_server = "localhost"; $database_user = "****"; $database_password = "*****"; $dbase = "realty"; $table_prefix = "phprealty_"; // other global site variables define('WWW',"http://localhost/phprealtyv05/"); // with trailing slash define('REL',$_SERVER['DOCUMENT_ROOT']."/phprealtyv05/"); // adjust this to the directory of phpRealty if it is not your document_root. WITH TRAILING SLASH "/" define('TEMPS',REL."templates/default/"); // change to the folder that you use for your template, with trailing slash define('WTEMPS',WWW."templates/default/"); // change to the folder that you use for your template, with trailing slash define('SITENAME',"phpRealty v0.05"); // site name define('LANG',"/templates/languages/english.inc.php"); // path to language file. there are 2 ways to set this: // ex1:LANG = "templates/languages/english.inc.php" OR
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.