Search Results

Search found 53 results on 3 pages for 'addslashes'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 3/3 | < Previous Page | 1 2 3 

  • function fetch() on a non-object problem

    - by shin
    I have this url, http://webworks.net/ww.incs/forgotten-password-verification.php?verification_code=974bf747124c69f12ae3b36afcaccc68&[email protected]&redirect=/ww.admin/index.php And this gives the following error. Fatal error: Call to a member function fetch() on a non-object in /var/www/webworks/ww.incs/basics.php on line 23 Call Stack: 0.0005 338372 1. {main}() /var/www/webworks/ww.incs/forgotten-password-verification.php: 0 0.0020 363796 2. dbRow() /var/www/webworks/ww.incs/forgotten-password-verification.php:18 The forgotten-password-verification.php require 'login-libs.php'; login_check_is_email_provided(); // check that a verification code was provided if( !isset($_REQUEST['verification_code']) || $_REQUEST['verification_code']=='' ){ login_redirect($url,'novalidation'); } // check that the email/verification code combination matches a row in the user table // $password=md5($_REQUEST['email'].'|'.$_REQUEST['password']); $r=dbRow('select * from user_accounts where email="'.addslashes($_REQUEST['email']).'" and verification_code="'.$_REQUEST['verification_code'].'" and active' ); if($r==false){ login_redirect($url,'validationfailed'); } // success! set the session variable, then redirect $_SESSION['userdata']=$r; $groups=json_decode($r['groups']); $_SESSION['userdata']['groups']=array(); foreach($groups as $g)$_SESSION['userdata']['groups'][$g]=true; if($r['extras']=='')$r['extras']='[]'; $_SESSION['userdata']['extras']=json_decode($r['extras']); login_redirect($url); And login-libs, require 'basics.php'; $url='/'; $err=0; function login_redirect($url,$msg='success'){ if($msg)$url.='?login_msg='.$msg; header('Location: '.$url); echo '<a href="'.htmlspecialchars($url).'">redirect</a>'; exit; } // set up the redirect if(isset($_REQUEST['redirect'])){ $url=preg_replace('/[\?\&].*/','',$_REQUEST['redirect']); if($url=='')$url='/'; } // check that the email address is provided and valid function login_check_is_email_provided(){ if( !isset($_REQUEST['email']) || $_REQUEST['email']=='' || !filter_var($_REQUEST['email'], FILTER_VALIDATE_EMAIL) ){ login_redirect($GLOBALS['url'],'noemail'); } } // check that the captcha is provided function login_check_is_captcha_provided(){ if( !isset($_REQUEST["recaptcha_challenge_field"]) || $_REQUEST["recaptcha_challenge_field"]=='' || !isset($_REQUEST["recaptcha_response_field"]) || $_REQUEST["recaptcha_response_field"]=='' ){ login_redirect($GLOBALS['url'],'nocaptcha'); } } // check that the captcha is valid function login_check_is_captcha_valid(){ require 'recaptcha.php'; $resp=recaptcha_check_answer( RECAPTCHA_PRIVATE, $_SERVER["REMOTE_ADDR"], $_REQUEST["recaptcha_challenge_field"], $_REQUEST["recaptcha_response_field"] ); if(!$resp->is_valid){ login_redirect($GLOBALS['url'],'invalidcaptcha'); } } basics.php is, session_start(); function __autoload($name) { require $name . '.php'; } function dbInit(){ if(isset($GLOBALS['db']))return $GLOBALS['db']; global $DBVARS; $db=new PDO('mysql:host='.$DBVARS['hostname'].';dbname='.$DBVARS['db_name'],$DBVARS['username'],$DBVARS['password']); $db->query('SET NAMES utf8'); $db->num_queries=0; $GLOBALS['db']=$db; return $db; } function dbQuery($query){ $db=dbInit(); $q=$db->query($query); $db->num_queries++; return $q; } function dbRow($query) { $q = dbQuery($query); return $q->fetch(PDO::FETCH_ASSOC); } define('SCRIPTBASE', $_SERVER['DOCUMENT_ROOT'] . '/'); require SCRIPTBASE . '.private/config.php'; if(!defined('CONFIG_FILE'))define('CONFIG_FILE',SCRIPTBASE.'.private/config.php'); set_include_path(SCRIPTBASE.'ww.php_classes'.PATH_SEPARATOR.get_include_path()); I am not sure how to solve the problem. Any help will be appreciated. Thanks in advance. UPDATE: My db CREATE TABLE IF NOT EXISTS `user_accounts` ( `id` int(11) unsigned NOT NULL AUTO_INCREMENT, `email` text, `password` char(32) DEFAULT NULL, `active` tinyint(4) DEFAULT '0', `groups` text, `activation_key` varchar(32) DEFAULT NULL, `extras` text, PRIMARY KEY (`id`) ) ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=10 ; INSERT INTO `user_accounts` (`id`, `email`, `password`, `active`, `groups`, `activation_key`, `extras`) VALUES (2, '[email protected]', '6d24dde9d56b9eab99a303a713df2891', 1, '["_superadministrators"]', '5d50e39420127d0bab44a56612f2d89b', NULL), (3, '[email protected]', 'e83052ab33df32b94da18f6ff2353e94', 1, '[]', NULL, NULL), (9, '[email protected]', '9ca3eee3c43384a575eb746eeae0f279', 1, '["_superadministrators"]', '974bf747124c69f12ae3b36afcaccc68', NULL);

    Read the article

  • php soapclient returns null but getPreviousResults has proper results

    - by Joseph.Chambers
    I've ran into trouble with SOAP, I've never had this issue before and can't find any information on line that helps me solve it. The following code $wsdl = "path/to/my/wsdl"; $client = new SoapClient($wsdl, array('trace' => true)); //$$textinput is passed in and is a very large string with rows in <item></item> tags $soapInput = new SoapVar($textinput, XSD_ANYXML); $res = $client->dataprofilingservice(array("contents" => $soapInput)); $response = $client->__getLastResponse(); var_dump($res);//outputs null var_dump($response);//provides the proper response as I would expect. I've tried passing params into the SoapClient constructor to define soap version but that didnt' help. I've also tried it with the trace param set to false and not present which as expected made $response null but $res was still null. I've tried the code on both a linux and windows install running Apache. The function definition in the WSDL is (xxxx is for security reasons) <portType name="xxxxServiceSoap"> <operation name="dataprofilingservice"> <input message="tns:dataprofilingserviceSoapIn"/> <output message="tns:dataprofilingserviceSoapOut"/> </operation> </portType> I have it working using the __getLastResponse() but its annoying me it will not work properly. I've put together a small testing script, does anyone see any issues here. //very simplifed dataset that would normally be //read in from a CSV file of about 1mb $soapInput = getSoapInput("asdf,qwer\r\nzzxvc,ewrwe\r\n23424,2113"); $wsdl = "path to wsdl"; try { $client = new SoapClient($wsdl,array('trace' => true,'exceptions' => true)); } catch (SoapFault $fault) { $error = 1; var_dump($fault); } try { $res = $client->dataprofilingservice(array("contents" => $soapInput)); $response = $client->__getLastResponse(); echo htmlentities($client->__getLastRequest()); echo '<hr>'; var_dump($res); echo "<hr>"; echo(htmlentities($response)); } catch (SoapFault $fault) { $error = 1; var_dump($fault); } function getSoapInput($input){ $rows = array(); $userInputs = explode("\r\n", $input); $userInputs = array_filter($userInputs); // $inputTemplate = " <contents>%s</contents>"; $rowTemplate = "<Item>%s</Item>"; // $soapString = ""; foreach ($userInputs as $row) { // sanitize $row = htmlspecialchars(addslashes($row)); $xmlStr = sprintf($rowTemplate, $row); $rows[] = $xmlStr; } $textinput = sprintf($inputTemplate, implode(PHP_EOL, $rows)); $soapInput = new SoapVar($textinput, XSD_ANYXML); return $soapInput; }

    Read the article

  • (PHP) Validation, Security and Speed - Does my app have these?

    - by Devner
    Hi all, I am currently working on a building community website in PHP. This contains forms that a user can fill right from registration to lot of other functionality. I am not an Object-oriented guy, so I am using functions most of the time to handle my application. I know I have to learn OOPS, but currently need to develop this website and get it running soon. Anyway, here's a sample of what I let my app. do: Consider a page (register.php) that has a form where a user has 3 fields to fill up, say: First Name, Last Name and Email. Upon submission of this form, I want to validate the form and show the corresponding errors to the users: <form id="form1" name="form1" method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>"> <label for="name">Name:</label> <input type="text" name="name" id="name" /><br /> <label for="lname">Last Name:</label> <input type="text" name="lname" id="lname" /><br /> <label for="email">Email:</label> <input type="text" name="email" id="email" /><br /> <input type="submit" name="submit" id="submit" value="Submit" /> </form> This form will POST the info to the same page. So here's the code that will process the POST'ed info: <?php require("functions.php"); if( isset($_POST['submit']) ) { $errors = fn_register(); if( count($errors) ) { //Show error messages } else { //Send welcome mail to the user or do database stuff... } } ?> <?php //functions.php page: function sql_quote( $value ) { if( get_magic_quotes_gpc() ) { $value = stripslashes( $value ); } else { $value = addslashes( $value ); } if( function_exists( "mysql_real_escape_string" ) ) { $value = mysql_real_escape_string( $value ); } return $value; } function clean($str) { $str = strip_tags($str, '<br>,<br />'); $str = trim($str); $str = sql_quote($str); return $str; } foreach ($_POST as &$value) { if (!is_array($value)) { $value = clean($value); } else { clean($value); } } foreach ($_GET as &$value) { if (!is_array($value)) { $value = clean($value); } else { clean($value); } } function validate_name( $fld, $min, $max, $rule, $label ) { if( $rule == 'required' ) { if ( trim($fld) == '' ) { $str = "$label: Cannot be left blank."; return $str; } } if ( isset($fld) && trim($fld) != '' ) { if ( isset($fld) && $fld != '' && !preg_match("/^[a-zA-Z\ ]+$/", $fld)) { $str = "$label: Invalid characters used! Only Lowercase, Uppercase alphabets and Spaces are allowed"; } else if ( strlen($fld) < $min or strlen($fld) > $max ) { $curr_char = strlen($fld); $str = "$label: Must be atleast $min character &amp; less than $max char. Entered characters: $curr_char"; } else { $str = 0; } } else { $str = 0; } return $str; } function validate_email( $fld, $min, $max, $rule, $label ) { if( $rule == 'required' ) { if ( trim($fld) == '' ) { $str = "$label: Cannot be left blank."; return $str; } } if ( isset($fld) && trim($fld) != '' ) { if ( !eregi('^[a-zA-Z0-9._-]+@[a-zA-Z0-9._-]+\.([a-zA-Z]{2,4})$', $fld) ) { $str = "$label: Invalid format. Please check."; } else if ( strlen($fld) < $min or strlen($fld) > $max ) { $curr_char = strlen($fld); $str = "$label: Must be atleast $min character &amp; less than $max char. Entered characters: $curr_char"; } else { $str = 0; } } else { $str = 0; } return $str; } function val_rules( $str, $val_type, $rule='required' ){ switch ($val_type) { case 'name': $val = validate_name( $str, 3, 20, $rule, 'First Name'); break; case 'lname': $val = validate_name( $str, 10, 20, $rule, 'Last Name'); break; case 'email': $val = validate_email( $str, 10, 60, $rule, 'Email'); break; } return $val; } function fn_register() { $errors = array(); $val_name = val_rules( $_POST['name'], 'name' ); $val_lname = val_rules( $_POST['lname'], 'lname', 'optional' ); $val_email = val_rules( $_POST['email'], 'email' ); if ( $val_name != '0' ) { $errors['name'] = $val_name; } if ( $val_lname != '0' ) { $errors['lname'] = $val_lname; } if ( $val_email != '0' ) { $errors['email'] = $val_email; } return $errors; } //END of functions.php page ?> OK, now it might look like there's a lot, but lemme break it down target wise: 1. I wanted the foreach ($_POST as &$value) and foreach ($_GET as &$value) loops to loop through the received info from the user submission and strip/remove all malicious input. I am calling a function called clean on the input first to achieve the objective as stated above. This function will process each of the input, whether individual field values or even arrays and allow only tags and remove everything else. The rest of it is obvious. Once this happens, the new/cleaned values will be processed by the fn_register() function and based on the values returned after the validation, we get the corresponding errors or NULL values (as applicable). So here's my questions: 1. This pretty much makes me feel secure as I am forcing the user to correct malicious data and won't process the final data unless the errors are corrected. Am I correct? Does the method that I follow guarantee the speed (as I am using lots of functions and their corresponding calls)? The fields of a form differ and the minimum number of fields I may have at any given point of time in any form may be 3 and can go upto as high as 100 (or even more, I am not sure as the website is still being developed). Will having 100's of fields and their validation in the above way, reduce the speed of application (say upto half a million users are accessing the website at the same time?). What can I do to improve the speed and reduce function calls (if possible)? 3, Can I do something to improve the current ways of validation? I am holding off object oriented approach and using FILTERS in PHP for the later. So please, I request you all to suggest me way to improve/tweak the current ways and suggest me if the script is vulnerable or safe enough to be used in a Live production environment. If not, what I can do to be able to use it live? Thank you all in advance.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 1 2 3