Search Results

Search found 131 results on 6 pages for 'stripslashes'.

Page 5/6 | < Previous Page | 1 2 3 4 5 6  | Next Page >

• Trouble editing Word document with PHP

  - by bhoomi-nature

  I want to open a word document and edit it I am opening the word document from the server and at that time it's opening with garbage values (perhaps it's not being properly converted to UTF-8). When I delete those garbage values and insert something from a textarea to that file it is going to insert and from then on it opens properly. I would like the document to open with the English words in the document instead of garbage value - it's only the first opening that's broken at present. <? $filename = 'test.doc'; if(isset($_REQUEST['Submit'])){ $somecontent = stripslashes($_POST['somecontent']); // Let's make sure the file exists and is writable first. if (is_writable($filename)) { // In our example we're opening $filename in append mode. // The file pointer is at the bottom of the file hence // that's where $somecontent will go when we fwrite() it. if (!$handle = fopen($filename, 'w')) { echo "Cannot open file ($filename)"; exit; } // Write $somecontent to our opened fi<form action="" method="get"></form>le. if (fwrite($handle, $somecontent) === FALSE) { echo "Cannot write to file ($filename)"; exit; } echo "Success, wrote ($somecontent) to file ($filename) <a href=".$_SERVER['PHP_SELF']."> - Continue - "; fclose($handle); } else { echo "The file $filename is not writable"; } } else { // get contents of a file into a string $handle = fopen($filename, 'r'); $somecontent = fread($handle, filesize($filename)); ?> <h1>Edit file <? echo $filename ;?></h1> <form name="form1" method="post" action=""> <p> <textarea name="somecontent" cols="80" rows="10"><? echo $somecontent ;?></textarea> </p> <p> <input type="submit" name="Submit" value="Submit"> </p> </form> <? fclose($handle); } ?>

  Read the article

• Image upload not functioning correctly

  - by PurpleSmurf

  I'm still trying to get to grips with PHP, and I'm trying to make a form that uploads a picture to a database. I don't have permissions for move_uploaded_file so I'm using the copy() as an alternative. Everywhere I've seen experiencing similar problems have all been with move_uploaded_file so I'm rather stuck. Trying to copy the image from the desktop doesn't seem to be working, it's not throwing up any more PHP errors but is displaying the error message for if something goes wrong. The form sends data to two tables in the database but I'm mainly concerned with the upload not working. There's over 200 lines so I'll post a snippet of the upload code, thank you in advance: function getExtension($str) { $i = strrpos($str,"."); if (!$i) { return ""; } $l = strlen($str) - $i; $ext = substr($str,$i+1,$l); return $ext; } //This variable is used as a flag. The value is initialized with 0 (meaning no error found) and it will be changed to 1 if an errro occures. If the error occures the file will not be uploaded. $errors=0; //checks if the form has been submitted if(isset($_POST['submitted'])) { //reads the name of the file the user submitted for uploading $image=$_FILES['image']['name']; //if it is not empty if ($image) { //get the original name of the file from the clients machine $filename = stripslashes($_FILES['image']['name']); //get the extension of the file in a lower case format $extension = getExtension($filename); $extension = strtolower($extension); //if it is unknown extension, class as an error and do not upload the file, otherwise continue if (($extension != "jpg") && ($extension != "jpeg") && ($extension != "png") && ($extension != "gif")) { //print error message echo '<h1>Unknown extension!</h1>'; $errors=1; } else { //get the size of the image in bytes //$_FILES['image']['tmp_name'] is the temporary filename of the file in which the uploaded file was stored on the server $size=filesize($_FILES['image']['tmp_name']); //give an unique name, for example the time in unix time format $image_name=time().'.'.$extension; //the new name will be containing the full path where will be stored (images folder) $newname="/home/k0929907/www/uploads/".$image_name; //verify if the image has been uploaded, and print error instead $copied = copy($_FILES['image']['tmp_name'], $newname); if (!$copied) { echo '<h1>Copy unsuccessfull!</h1>'; $errors=1; } } } }

  Read the article

• Problem carrying Session over to other pages

  - by AAA

  I am able to login a user, but while processing to the next page (memebers area) I can't display any user info let alone print the $_SESSION[email]. I am not sure what's up. Below is the login code and the testing members are page. Login page: session_start(); //also in a real app you would get the id dynamically $sql = "select `email`, `password` from `accounts` where `email` = '$_POST[email]'"; $query = mysql_query($sql) or die ("Error: ".mysql_error()); while ($row = mysql_fetch_array($query)){ $email = $row['email']; $secret = $row['password']; //we will echo these into the proper fields } mysql_free_result($query); // Process the POST variables $email = $_POST["email"]; //Variables $_SESSION["email"] = $_POST["email"]; $secret = $info['password']; //Checks if there is a login cookie if(isset($_COOKIE['ID_my_site'])) //if there is, it logs you in and directes you to the members page { $email = $_COOKIE['ID_my_site']; $pass = $_COOKIE['Key_my_site']; $check = mysql_query("SELECT email, password FROM accounts WHERE email = '$email'")or die(mysql_error()); while($info = mysql_fetch_array( $check )) { if (@ $info['password'] != $pass) { } else { header("Location: home.php"); } } } //if the login form is submitted if (isset($_POST['submit'])) { // if form has been submitted // makes sure they filled it in if(!$_POST['email'] | !$_POST['password']) { die('You did not fill in a required field.'); } // checks it against the database if (!get_magic_quotes_gpc()) { $_POST['email'] = addslashes($_POST['email']); } $check = mysql_query("SELECT email,password FROM accounts WHERE email = '".$_POST['email']."'")or die(mysql_error()); //Gives error if user dosen't exist $check2 = mysql_num_rows($check); if ($check2 == 0) { die('That user does not exist in our database. <a href=add.php>Click Here to Register</a>'); } while($info = mysql_fetch_array( $check )) //gives error if the password is wrong if (@ $_POST['password'] != $info['password']) { die('Incorrect password, please try again'); } else { // if login is ok then we add a cookie $_POST['email'] = stripslashes($_POST['email']); $hour = time() + 3600; setcookie(ID_my_site, $_POST['email'], $hour); setcookie(Key_my_site, $_POST['password'], $hour); //then redirect them to the members area header("Location: home.php"); } } } else { // if they are not logged in ?> <?php } ?> home.php session_start(); if(!isset($_SESSION['email'])) { header('Location: login_test3.php'); die('<a href="login_test3.php">Login first!</a>'); } //Variables $_SESSION["email"] = $email; print $_SESSION['name']; UPDATE Just realized the existing code gets in to the home.php file but will not echo anything. But as soon as you hit refresh the session is gone.

  Read the article

• change password.......

  - by shimaTun

  I've created a code to change a password. Now it seem contain an error. When I fill in the form to change password, and click save the error message: You forgot enter your userid! Please try again. I really don’t know what the error message means. Please guys. Help me fix it. Here's is the code: <?php # change password.php //set the page title and include the html header. $page_title = 'Change Your Password'; //include('templates/header.inc'); if(isset($_POST['submit'])){//handle the form require_once('connectioncomplaint.php');//connect to the db. //include "connectioncomplaint.php"; //create a function for escaping the data. function escape_data($data){ global $dbc;//need the connection. if(ini_get('magic_quotes_gpc')){ $data=stripslashes($data); } return mysql_real_escape_string($data); }//end function $message=NULL;//create the empty new variable. //check for a username if(empty($_POST['userid'])){ $u=FALSE; $message .='<p> You forgot enter your userid!</p>'; }else{ $u=escape_data($_POST['userid']); } //check for existing password if(empty($_POST['password'])){ $p=FALSE; $message .='<p>You forgot to enter your existing password!</p>'; }else{ $p=escape_data($_POST['password']); } //check for a password and match againts the comfirmed password. if(empty($_POST['password1'])) { $np=FALSE; $message .='<p> you forgot to enter your new password!</p>'; }else{ if($_POST['password1'] == $_POST['password2']){ $np=escape_data($_POST['password1']); }else{ $np=FALSE; $message .='<p> your new password did not match the confirmed new password!</p>'; } } if($u && $p && $np){//if everything's ok. $query="SELECT userid FROM access WHERE (userid='$u' AND password=PASSWORD('$p'))"; $result=@mysql_query($query); $num=mysql_num_rows($result); if($num == 1){ $row=mysql_fetch_array($result, MYSQL_NUM); //make the query $query="UPDATE access SET password=PASSWORD('$np') WHERE userid=$row[0]"; $result=@mysql_query($query);//run the query. if(mysql_affected_rows() == 1) {//if it run ok. //send an email,if desired. echo '<p><b>your password has been changed.</b></p>'; //include('templates/footer.inc');//include the HTML footer. exit();//quit the script. }else{//if it did not run OK. $message= '<p>Your password could not be change due to a system error.We apolpgize for any inconvenience.</p><p>' .mysql_error() .'</p>'; } }else{ $message= '<p> Your username and password do not match our records.</p>'; } mysql_close();//close the database connection. }else{ $message .='<p>Please try again.</p>'; } }//end of the submit conditional. //print the error message if there is one. if(isset($message)){ echo'<font color="red">' , $message, '</font>'; } ?> <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">

  Read the article

• IE adding a attribute 'done[number]' ??

  - by Phil Jackson

  Hi all im struggling to find an answer to my problem here. I've made a IM application the same as facebooks but it is having problems in IE. The problem started as I kept seeing rn at the beginnning of every post made via IE. That was due to stripslashes function. But as I was investigating I noticed my tag was being added an attribut 'done'; <li><UL done67="7">rn<LI class=name>ACTwebDesigns</LI>rn<LI class=speech>hello</LI></UL></li> <li><UL done1="4">rn<LI class=name>ACTwebDesigns</LI>rn<LI class=speech>foo</LI></UL></li> <li><UL done84="10">rn<LI class=name>ACTwebDesigns</LI>rn<LI class=speech>barr</LI>rn<LI class=speech ?>foobar</LI></UL></li> <li><UL done88="14">rn<LI class=name>ACTwebDesigns</LI>rn<LI class=speech>this is a test</LI></UL></li> does anyone know of a reason why IE would add this attribute? EDIT: function checkForm() { $(".chat_input").keydown(function(e){ if ( e.keyCode == 13 ) { var data = strip_tags($(this).val()); var username = $("#users_username").val(); var box = $(this).parents('div:eq(0)'); $(this).val(""); if( box.find('.conversation_box li.' + session_number ).length == 0 ) { var conversation_list = box.find('.conversation_box').html(); var insert_data = '<li class="' + session_number + '"><ul><li class="name">' + username + '</li><li class="speech">' + data + '</li></ul></li>'; box.find('.conversation_box').html(conversation_list + insert_data); bottom(); }else{ var conversation_list = box.find('.conversation_box li.' + session_number + ' ul').html(); var insert_data = '<li class="speech"">' + data + '</li>'; box.find('.conversation_box li.' + session_number + ' ul').html(conversation_list + insert_data); bottom(); } return false; } }); } function store_chat(){ try{ var token = $("#token").val(); var openedBoxes = $("li.conversation_list"); openedBoxes.each(function(){ var boxContainer = $(this).parents('div:eq(0)'); var amount = boxContainer.find('.conversation_box li').length; var p = boxContainer.find('.open_trigger').html(); var u = $("#users_username").val(); if( amount != 0 ){ if( $(this).parents('div:eq(0)').find('.conversation_box li.' + session_number ).length != 0 ) { var session_contents = $(this).parents('div:eq(0)').find('.conversation_box li.' + session_number ).html(); alert( session_contents ); $.ajax({ type: 'POST', url: './', data: 'token=' + token + '&re=7&s=' + amount + '&sd=' + session_contents + '&u=' + u + '&p=' + p, cache: false, timeout: 5000, success: function(html){ auth(html); boxContainer.find('.conversation_box').html(html); bottom(); } }); } } }); }catch(er){} }

  Read the article

• Is this PHP/MySQL login script secure?

  - by NightMICU

  Greetings, A site I designed was compromised today, working on damage control at the moment. Two user accounts, including the primary administrator, were accessed without authorization. Please take a look at the log-in script that was in use, any insight on security holes would be appreciated. I am not sure if this was an SQL injection or possibly breach on a computer that had been used to access this area in the past. Thanks <?php //Start session session_start(); //Include DB config require_once('config.php'); //Error message array $errmsg_arr = array(); $errflag = false; //Connect to mysql server $link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD); if(!$link) { die('Failed to connect to server: ' . mysql_error()); } //Select database $db = mysql_select_db(DB_DATABASE); if(!$db) { die("Unable to select database"); } //Function to sanitize values received from the form. Prevents SQL injection function clean($str) { $str = @trim($str); if(get_magic_quotes_gpc()) { $str = stripslashes($str); } return mysql_real_escape_string($str); } //Sanitize the POST values $login = clean($_POST['login']); $password = clean($_POST['password']); //Input Validations if($login == '') { $errmsg_arr[] = 'Login ID missing'; $errflag = true; } if($password == '') { $errmsg_arr[] = 'Password missing'; $errflag = true; } //If there are input validations, redirect back to the login form if($errflag) { $_SESSION['ERRMSG_ARR'] = $errmsg_arr; session_write_close(); header("location: http://tapp-essexvfd.org/admin/index.php"); exit(); } //Create query $qry="SELECT * FROM user_control WHERE username='$login' AND password='".md5($_POST['password'])."'"; $result=mysql_query($qry); //Check whether the query was successful or not if($result) { if(mysql_num_rows($result) == 1) { //Login Successful session_regenerate_id(); //Collect details about user and assign session details $member = mysql_fetch_assoc($result); $_SESSION['SESS_MEMBER_ID'] = $member['user_id']; $_SESSION['SESS_USERNAME'] = $member['username']; $_SESSION['SESS_FIRST_NAME'] = $member['name_f']; $_SESSION['SESS_LAST_NAME'] = $member['name_l']; $_SESSION['SESS_STATUS'] = $member['status']; $_SESSION['SESS_LEVEL'] = $member['level']; //Get Last Login $_SESSION['SESS_LAST_LOGIN'] = $member['lastLogin']; //Set Last Login info $qry = "UPDATE user_control SET lastLogin = DATE_ADD(NOW(), INTERVAL 1 HOUR) WHERE user_id = $member[user_id]"; $login = mysql_query($qry) or die(mysql_error()); session_write_close(); if ($member['level'] != "3" || $member['status'] == "Suspended") { header("location: http://members.tapp-essexvfd.org"); //CHANGE!!! } else { header("location: http://tapp-essexvfd.org/admin/admin_main.php"); } exit(); }else { //Login failed header("location: http://tapp-essexvfd.org/admin/index.php"); exit(); } }else { die("Query failed"); } ?>

  Read the article

• Website Link Injection

  - by Ryan B

  I have a website that is fairly static. It has some forms on it to send in contact information, mailing list submissions, etc. Perhaps hours/days after an upload to the site I found that the main index page had new code in it that I had not placed there that contained a hidden bunch of links in a invisible div. I have the following code the handles the variables sent in from the form. <?php // PHP Mail Order to [email protected] w/ some error detection. $jamemail = "[email protected]"; function check_input($data, $problem='') { $data = trim($data); $data = stripslashes($data); $data = htmlspecialchars($data); if ($problem && strlen($data) == 0) { die($problem); } return $data; } $email = check_input($_POST['email'], "Please input email address."); $name = check_input($_POST['name'], "Please input name."); mail($jamemail, "Mailing List Submission", "Name: " . $name . " Email: " .$email); header('Location: index.php'); ?> I have the following code within the index page to present the form with some Javascript to do error detection on the content of the submission prior to submission. <form action="sendlist.php" method="post" onSubmit="return checkmaill(this);"> <label for="name"><strong>Name: </strong></label> <input type="text" name="name"/><br /> <label for="email"><strong>Email: </strong></label> <input type="text" name="email"/><br /> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<input type="submit" value="Subscribe" style="width: 100px;"/> </form> At the end of the day, the source code where the injected hyperlinks is as follows: </body> </html><!-- google --><font style="position: absolute;overflow: hidden;height: 0;width: 0"> xeex172901 <a href=http://menorca.caeb.com/od9c2/xjdmy/onondaga.php>onondaga</a> <a href=http://menorca.caeb.com/od9c2/xjdmy/tami.php>tami</a> <a href=http://menorca.caeb.com/od9c2/xjdmy/shotguns.php>shotguns</a> <a href=http://menorca.caeb.com/od9c2/xjdmy/weir.php>weir</a> <a href=http://menorca.caeb.com/od9c2/xjdmy/copperhead.php>copperhead</a> <a href=http://menorca.caeb.com/od9c2/xjdmy/mpv.php>mpv</a> <a href=http://menorca.caeb.com/od9c2/xjdmy/brunei.php>brunei</a> <a href=http://menorca.caeb.com/od9c2/xjdmy/doreen.php>doreen</a>

  Read the article

• PHP Image resize - Why is the image uploaded but not resized?

  - by Hans

  BACKGROUND I have a script to upload an image. One to keep the original image and one to resize the image. 1. If the image dimensions (width & height) are within max dimensions I use a simple "copy" direct to folder UserPics. 2. If the original dimensions are bigger than max dimensions I want to resize the width and height to be within max. Both of them are uploading the image to the folder, but in case 2, the image will not be resized. QUESTION Is there something wrong with the script? Is there something wrong with the settings? SETTINGS Server: WAMP 2.0 PHP: 5.3.0 PHP.ini: GD2 enabled, Memory=128M (have tried 1000M) Tried imagetypes uploaded: jpg, jpeg, gif, and png (same result for all of them) SCRIPT //Uploaded image $filename = stripslashes($_FILES['file']['name']); //Read filetype $i = strrpos($filename,"."); if (!$i) { return ""; } $l = strlen($filename) - $i; $extension = substr($filename,$i+1,$l); $extension = strtolower($extension); //New picture name = maxid+1 (from database) $query = mysql_query("SELECT MAX(PicId) AS number FROM userpictures"); $row = mysql_fetch_array($query); $imagenumber = $row['number']+1; //New name of image (including path) $image_name=$imagenumber.'.'.$extension; $newname = "UserPics/".$image_name; //Check width and height of uploaded image list($width,$height)=getimagesize($uploadedfile); //Check memory to hold this image (added only as checkup) $imageInfo = getimagesize($uploadedfile); $requiredMemoryMB = ( $imageInfo[0] * $imageInfo[1] * ($imageInfo['bits'] / 8) * $imageInfo['channels'] * 2.5 ) / 1024; echo $requiredMemoryMB."<br>"; //Max dimensions that can be uploaded $maxwidth = 20; $maxheight = 20; // Check if dimensions shall be original if ($width > $maxwidth || $height > $maxheight) { //Make jpeg from uploaded image if ($extension=="jpg" || $extension=="jpeg" || $extension=="pjpeg" ) { $modifiedimage = imagecreatefromjpeg($uploadedfile); } elseif ($extension=="png") { $modifiedimage = imagecreatefrompng($uploadedfile); } elseif ($extension=="gif") { $modifiedimage = imagecreatefromgif($uploadedfile); } //Change dimensions if ($width > $height) { $newwidth = $maxwidth; $newheight = ($height/$width)*$newwidth; } else { $newheight = $maxheight; $newwidth = ($width/$height)*$newheight; } //Create new image with new dimensions $newdim = imagecreatetruecolor($newwidth,$newheight); imagecopyresized($newdim,$modifiedimage,0,0,0,0,$newwidth,$newheight,$width,$height); imagejpeg($modifiedimage,$newname,60); // Remove temp images imagedestroy($modifiedimage); imagedestroy($newdim); } else { // Just add picture to folder without resize (if org dim < max dim) $newwidth = $width; $newheight = $height; $copied = copy($_FILES['file']['tmp_name'], $newname); } //Add image information to the MySQL database mysql_query("SET character_set_connection=utf8", $dbh); mysql_query("INSERT INTO userpictures (PicId, Picext, UserId, Width, Height, Size) VALUES('$imagenumber', '$extension', '$_SESSION[userid]', '$newwidth', '$newheight', $size)")

  Read the article

• File Upload drops with no reason

  - by sufoid

  Hallo I want to make an file upload. The script should take the image, resize it and upload it. But it seems that there is any unknown to me error in the upload. Here the code define ("MAX_SIZE","2000"); // maximum size for uploaded images define ("WIDTH","107"); // width of thumbnail define ("HEIGHT","107"); // alternative height of thumbnail (portrait 107x80) define ("WIDTH2","600"); // width of (compressed) photo define ("HEIGHT2","600"); // alternative height of (compressed) photo (portrait 600x450) if (isset($_POST['Submit'])) { // iterate thorugh all upload fields foreach ($_FILES as $key => $value) { //read name of user-file $image = $_FILES[$key]['name']; // if it is not empty if ($image) { $filename = stripslashes($_FILES[$key]['name']); // get original name of file from clients machine $extension = getExtension($filename); // get extension of file in lower case format $extension = strtolower($extension); // if extension not known, output error // otherwise continue if (($extension != "jpg") && ($extension != "jpeg") && ($extension != "png") && ($extension != "gif")) { echo '<div class="failure">Fehler bei Datei '. $_FILES[$key]['name'] .': Unbekannter Dateityp: Es können nur Dateien vom Typ .gif, .jpg oder .png hochgeladen werden.</div>'; } else { // get size of image in bytes // $_FILES[\'image\'][\'tmp_name\'] >> temporary filename of file in which the uploaded file was stored on server $size = getimagesize($_FILES[$key]['tmp_name']); $sizekb = filesize($_FILES[$key]['tmp_name']); // if image size exceeds defined maximum size, output error // otherwise continue if ($sizekb > MAX_SIZE*1024) { echo '<div class="failure">Fehler bei Datei '. $_FILES[$key]['name'] .': Die Datei konnte nicht hochgeladen werden: die Dateigröße überschreitet das Limit von 2MB.</div>'; } else { $rand = md5(rand() * time()); // create random file name $image_name = $rand.'.'.$extension; // unique name (random number) // new name contains full path of storage location (images folder) $consname = "photos/".$image_name; // path to big image $consname2 = "photos/thumbs/".$image_name; // path to thumbnail $copied = copy($_FILES[$key]['tmp_name'], $consname); $copied = copy($_FILES[$key]['tmp_name'], $consname2); $sql="INSERT INTO photos (galery_id, photo, thumb) VALUES (". $id .", '$consname', '$consname2')" or die(mysql_error()); $query = mysql_query($sql) or die(mysql_error()); // if image hasnt been uploaded successfully, output error // otherwise continue if (!$copied) { echo '<div class="failure">Fehler bei Datei '. $_FILES[$key]['name'] .': Die Datei konnte nicht hochgeladen werden.</div>'; } else { $thumb_name = $consname2; // path for thumbnail for creation & storage // call to function: create thumbnail // parameters: image name, thumbnail name, specified width and height $thumb = make_thumb($consname,$thumb_name,WIDTH,HEIGHT); $thumb = make_thumb($consname,$consname,WIDTH2,HEIGHT2); } } } } } // current image could be uploaded successfully echo '<div class="success">'. $success .' Foto(s) erfolgreich hochgeladen!</div>'; showForm(); // call to function: create upload form }

  Read the article

• User Getting Logged Out After Making First Comment

  - by John

  Hello, I am using a login system that works well. I am also using a comment system. The comment function does not show up unless the user is logged in (as shown in commentformonoff.php below). When a user makes a comment, the info is passed from the function "show_commentbox" to the file comments2a.php. Then, the info is passed to the file comments2.php. When the site is first pulled up on a browser, after logging in and making a comment, the user is logged out. After logging in a second time during the same browser session, the user is no longer logged out after making a comment. How can I keep the user logged in after making the first comment? Thanks in advance, John Commentformonoff.php: <?php if (!isLoggedIn()) { if (isset($_POST['cmdlogin'])) { if (checkLogin($_POST['username'], $_POST['password'])) { show_commentbox($submissionid, $submission, $url, $submittor, $submissiondate, $countcomments, $dispurl); } else { echo "<div class='logintocomment'>Login to comment</div>"; } } else { echo "<div class='logintocomment'>Login to comment</div>"; } } else { show_commentbox($submissionid, $submission, $url, $submittor, $submissiondate, $countcomments, $dispurl); } ?> Function "show_commentbox": function show_commentbox($submissionid, $submission, $url, $submittor, $submissiondate, $countcomments, $dispurl) { echo '<form action="http://www...com/.../comments/comments2a.php" method="post"> <input type="hidden" value="'.$_SESSION['loginid'].'" name="uid"> <input type="hidden" value="'.$_SESSION['username'].'" name="u"> <input type="hidden" value="'.$submissionid.'" name="submissionid"> <input type="hidden" value="'.stripslashes($submission).'" name="submission"> <input type="hidden" value="'.$url.'" name="url"> <input type="hidden" value="'.$submittor.'" name="submittor"> <input type="hidden" value="'.$submissiondate.'" name="submissiondate"> <input type="hidden" value="'.$countcomments.'" name="countcomments"> <input type="hidden" value="'.$dispurl.'" name="dispurl"> <label class="addacomment" for="title">Add a comment:</label> <textarea class="checkMax" name="comment" type="comment" id="comment" maxlength="1000"></textarea> <div class="commentsubbutton"><input name="submit" type="submit" value="Submit"></div> </form> '; } Included in comments2a.php: $uid = mysql_real_escape_string($_POST['uid']); $u = mysql_real_escape_string($_POST['u']); $query = sprintf("INSERT INTO comment VALUES (NULL, %d, %d, '%s', NULL)", $uid, $subid, $comment); mysql_query($query) or die(mysql_error()); $lastcommentid = mysql_insert_id(); header("Location: comments2.php?submission=".$submission."&submissionid=".$submissionid."&url=".$url."&submissiondate=".$submissiondate."&comment=".$comment."&subid=".$subid."&uid=".$uid."&u=".$u."&submittor=".$submittor."&countcomments=".$countcomments."&dispurl=".$dispurl."#comment-$lastcommentid"); exit(); Included in comments2.php: if($_SERVER['REQUEST_METHOD'] == "POST"){header('Location: http://www...com/.../comments/comments2.php?submission='.$submission.'&submissionid='.$submissionid.'&url='.$url.'&submissiondate='.$submissiondate.'&submittor='.$submittor.'&countcomments='.$countcomments.'&dispurl='.$dispurl.'');} $uid = mysql_real_escape_string($_GET['uid']); $u = mysql_real_escape_string($_GET['u']);

  Read the article

• Text not Being Placed Correctly In the Center

  - by ThatMacLad

  This is another noobish mistake from me but I've placed some text in my page but after adding some padding to my div tag it's impossible for me to place my Text in the vertical center. Here is a preview of my problem: The CSS: body { background-image: url(../images/body-bg.jpg); font-family: arial; } .cms-head { background-image: url(../images/cms-head.png); background-repeat: no-repeat; width: 850px; height: 50px; padding: 5px; margin-bottom: -10px; } .posts-list { background-image: url(../images/new-post-b.png);; width: 840px; height: 500px; padding: 5px; border-bottom: 1px solid #000000; } .content { width: 850px; height: 500px; margin-left: auto; margin-right: auto; } .edit-post-but { background-image: url(../images/new-button.png); background-repeat: no-repeat; width: 60px; height: 40px; } .post-title { width: 834px; height: 40px; background-image: url(../images/post-head.png); background-repeat: no-repeat; -moz-border-radius: 5px; -webkit-border-radius: 5px; margin-left: auto; margin-right: auto; padding: 5px; font-size: 20px; color: #ffffff; } .bottom { width: 850px; height: 50px; background-image: url(../images/cms-bot.png); background-repeat: no-repeat; } a:active, a:link, a:visited{ color: #ffffff; } a:hover{ text-decoration:none; } The HTML/PHP: <html> <head> <title>Blog Name | Edit Post</title> <link rel="stylesheet" href="css/cms.css" type="text/css" /> </head> <body> <div class="content"> <div class="cms-head"> <a href="newpost.php"><img src="images/new-button.png" /></a> <a href="#"><img src="images/rss-button.png" /></a> </div> <div class="posts-list"> <?php mysql_connect ('localhost', 'root', 'root') ; mysql_select_db ('tmlblog'); $result = mysql_query("SELECT timestamp, id, title FROM php_blog ORDER BY id DESC"); while($row = mysql_fetch_array($result)) { $date = date("l F d Y",$row['timestamp']); $id = $row['id']; $title = strip_tags(stripslashes($row['title'])); if (mb_strlen($title) >= 50) { $title = substr($title, 0, 50); $title = $title . "..."; } print("<div class='post-title'><a href=\"update.php?id=" . $id . "\"><img src='images/edit-button.png'></a>$title<br /></div>"); } mysql_close(); ?> </div> <div class="bottom"></div> </div> </body> </html>

  Read the article

• Html LogIn form not functioning

  - by Tony C

  Ok, I have a login form that looks like this: <form id="loginForm" name="loginForm" method="post" action="login-exec.php"> <table width="300" border="0" align="center" cellpadding="2" cellspacing="0"> <tr> <td width="112"><b>Login</b></td> <td width="188"><input name="login" type="text" class="textfield" id="login" /></td> </tr> <tr> <td><b>Password</b></td> <td><input name="password" type="password" class="textfield" id="password" /></td> </tr> <tr> <td>&nbsp;</td> <td><input type="submit" name="Submit" value="Login" /></td> </tr> </table> </form> Now, This form is on a page in a directory called members. When i put it on a page in the home directory and change the action to "members/login-exec.php" When I try to logIn it just refreshes the page, but the name of the page in the browser changes to the actions taking place in the form. Any ideas on making this work guys? EDIT, heres the login-exec.php code: <?php //Start session session_start(); //Include database connection details require_once('config.php'); //Array to store validation errors $errmsg_arr = array(); //Validation error flag $errflag = false; //Connect to mysql server $link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD); if(!$link) { die('Failed to connect to server: ' . mysql_error()); } //Select database $db = mysql_select_db(DB_DATABASE); if(!$db) { die("Unable to select database"); } //Function to sanitize values received from the form. Prevents SQL injection function clean($str) { $str = @trim($str); if(get_magic_quotes_gpc()) { $str = stripslashes($str); } return mysql_real_escape_string($str); } //Sanitize the POST values $login = clean($_POST['login']); $password = clean($_POST['password']); //Input Validations if($login == '') { $errmsg_arr[] = 'Login ID missing'; $errflag = true; } if($password == '') { $errmsg_arr[] = 'Password missing'; $errflag = true; } //If there are input validations, redirect back to the login form if($errflag) { $_SESSION['ERRMSG_ARR'] = $errmsg_arr; session_write_close(); header("location: login-form.php"); exit(); } //Create query $qry="SELECT * FROM members WHERE login='$login' AND passwd='".md5($_POST['password'])."'"; $result=mysql_query($qry); //Check whether the query was successful or not if($result) { if(mysql_num_rows($result) == 1) { //Login Successful session_regenerate_id(); $member = mysql_fetch_assoc($result); $_SESSION['SESS_MEMBER_ID'] = $member['member_id']; $_SESSION['SESS_FIRST_NAME'] = $member['firstname']; $_SESSION['SESS_LAST_NAME'] = $member['lastname']; session_write_close(); header("location: members.php"); exit(); }else { //Login failed header("location: login-failed.php"); exit(); } }else { die("Query failed"); } ?>

  Read the article

• change password code error.....

  - by shimaTun

  I've created a code to change a password. Now it seem contain an error.before i fill the form. the page display the error message: Parse error: parse error, unexpected $end in C:\Program Files\xampp\htdocs\e-Complaint(FYP)\userChangePass.php on line 222 this the code: <?php # userChangePass.php //this page allows logged in user to change their password. $page_title='Change Your Password'; //if no first_name variable exists, redirect the user if(!isset($_SESSION['nameuser'])){ header("Location: http://" .$_SERVER['HTTP_HOST']. dirname($_SERVER['PHP_SELF'])."/index.php"); ob_end_clean(); exit(); }else{ if(isset($_POST['submit'])) {//handle form. require_once('connectioncomplaint.php'); //connec to the database //check for a new password and match againts the confirmed password. if(eregi ("^[[:alnum:]]{4,20}$", stripslashes(trim($_POST['password1'])))){ if($_POST['password1'] == $_POST['password2']){ $p =escape_data($_POST['password1']); }else{ $p=FALSE; echo'<p><font color="red" size="+1"> Your password did not match the confirmed password!</font></p>'; } }else{ $p=FALSE; echo'<p><font color="red" size="+1"> Please Enter a valid password!</font></p>'; } if($p){ //if everything OK. //make the query $query="UPDATE access SET password=PASSWORD('$p') WHERE userid={$_SESSION['userid']}"; $result=@mysql_query($query);//run the query. if(mysql_affected_rows() == 1) {//if it run ok. //send an email,if desired. echo '<p><b>your password has been changed.</b></p>'; //include('templates/footer.inc');//include the HTML footer. exit(); }else{//if it did not run ok $message= '<p>Your password could not be change due to a system error.We apolpgize for any inconvenience.</p><p>' .mysql_error() .'</p>'; } mysql_close();//close the database connection. }else{//failed the validation test. echo '<p><font color="red" size="+1"> Please try again.</font></p>'; } }//end of the main Submit conditional. ?> And code for form: <h1>Change Your Password</h1> <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post"> <fieldset> <p><b>New Password:</b><input type="password" name="password1" size="20" maxlength="20" /> <small>Use only letters and numbers.Must be between 4 and 20 characters long.</small></p> <p><b>Confirm New Password:</b><input type="password" name="password2" size="20" maxlength="20" /></p> </fieldset> <div align="center"> <input type="submit" name="submit" value="Change My Password" /></div> </form><!--End Form-->

  Read the article

• jquery drag and drop script and problem in reading json array

  - by Mac Taylor

  i made a script , exactly like wordpress widgets page and u can drag and drop objects this is my jquery script : <script type="text/javascript" >$(function(){ $('.widget') .each(function(){ $(this).hover(function(){ $(this).find('h4').addClass('collapse'); }, function(){ $(this).find('h4').removeClass('collapse'); }) .find('h4').hover(function(){ $(this).find('.in-widget-title').css('visibility', 'visible'); }, function(){ $(this).find('.in-widget-title').css('visibility', 'hidden'); }) .click(function(){ $(this).siblings('.widget-inside').toggle(); //Save state on change of collapse state of panel updateWidgetData(); }) .end() .find('.in-widget-title').css('visibility', 'hidden'); }); $('.column').sortable({ connectWith: '.column', handle: 'h4', cursor: 'move', placeholder: 'placeholder', forcePlaceholderSize: true, opacity: 0.4, start: function(event, ui){ //Firefox, Safari/Chrome fire click event after drag is complete, fix for that if($.browser.mozilla || $.browser.safari) $(ui.item).find('.widget-inside').toggle(); }, stop: function(event, ui){ ui.item.css({'top':'0','left':'0'}); //Opera fix if(!$.browser.mozilla && !$.browser.safari) updateWidgetData(); } }) .disableSelection(); }); function updateWidgetData(){ var items=[]; $('.column').each(function(){ var columnId=$(this).attr('id'); $('.widget', this).each(function(i){ var collapsed=0; if($(this).find('.widget-inside').css('display')=="none") collapsed=1; //Create Item object for current panel var item={ id: $(this).attr('id'), collapsed: collapsed, order : i, column: columnId }; //Push item object into items array items.push(item); }); }); //Assign items array to sortorder JSON variable var sortorder={ items: items }; //Pass sortorder variable to server using ajax to save state $.post("blocks.php"+"&order="+$.toJSON(sortorder), function(data){ $('#console').html(data).fadeIn("slow"); }); } </script> main part is saving object orders in table and this is my php part : function stripslashes_deep($value) { $value = is_array($value) ? array_map('stripslashes_deep', $value) : stripslashes($value); return $value; } $order = $_GET['order']; $order = sql_quote($order); if(empty($order)){ echo "Invalid data"; exit; } global $db,$prefix; if (get_magic_quotes_gpc()) { $_POST = array_map('stripslashes_deep', $_POST); $_GET = array_map('stripslashes_deep', $_GET); $_COOKIE = array_map('stripslashes_deep', $_COOKIE); $_REQUEST = array_map('stripslashes_deep', $_REQUEST); } $data=json_decode($order); foreach($newdata->items as $item) { //Extract column number for panel $col_id=preg_replace('/[^\d\s]/', '', $item->column); //Extract id of the panel $widget_id=preg_replace('/[^\d\s]/', '', $item->id); $sql="UPDATE blocks_tbl SET bposition='$col_id', weight='".$item->order."' WHERE id='".$widget_id."'"; mysql_query($sql) or die('Error updating widget DB'); } print_r($order); now forexample the output is this : items\":[{\"id\":\"item26\",\"collapsed\":1,\"order\":0,\"column\":\"c\"},{\"id\":\"item0\",\"collapsed\":1,\"order\":0,\"column\":\"i\"},{\"id\":\"item0\",\"collapsed\":1,\"order\":1,\"column\":\"i\"},{\"id\":\"item1\",\"collapsed\":1,\"order\":2,\"column\":\"i\"},{\"id\":\"item3\",\"collapsed\":1,\"order\":3,\"column\":\"i\"},{\"id\":\"item16\",\"collapsed\":1,\"order\":4,\"column\":\"i\"},{\"id\":\"item0\",\"collapsed\":1,\"order\":5,\"column\":\"i\"},{\"id\":\"item6\",\"collapsed\":1,\"order\":6,\"column\":\"i\"},{\"id\":\"item17\",\"collapsed\":1,\"order\":7,\"column\":\"i\"},{\"id\":\"item19\",\"collapsed\":1,\"order\":8,\"column\":\"i\"},{\"id\":\"item10\",\"collapsed\":1,\"order\":9,\"column\":\"i\"},{\"id\":\"item11\",\"collapsed\":1,\"order\":10,\"column\":\"i\"},{\"id\":\"item0\",\"collapsed\":1,\"order\":0,\"column\":\"l\"},{\"id\":\"item5\",\"collapsed\":1,\"order\":1,\"column\":\"l\"},{\"id\":\"item8\",\"collapsed\":1,\"order\":2,\"column\":\"l\"},{\"id\":\"item13\",\"collapsed\":1,\"order\":3,\"column\":\"l\"},{\"id\":\"item21\",\"collapsed\":1,\"order\":4,\"column\":\"l\"},{\"id\":\"item28\",\"collapsed\":1,\"order\":5,\"column\":\"l\"},{\"id\":\"item7\",\"collapsed\":1,\"order\":0,\"column\":\"r\"},{\"id\":\"item20\",\"collapsed\":1,\"order\":1,\"column\":\"r\"},{\"id\":\"item15\",\"collapsed\":1,\"order\":2,\"column\":\"r\"},{\"id\":\"item18\",\"collapsed\":1,\"order\":3,\"column\":\"r\"},{\"id\":\"item14\",\"collapsed\":1,\"order\":4,\"column\":\"r\"}]} question is how can i find out column_id or order im a little bit confused

  Read the article

• mysql to excel exporting data using php getting html code also

  - by pmms

  hi all following is code for getting xlsheet from mysql using php ` if( ($_POST['Submit']=='generateexcel')) { $tblname=$_GET['generateexcel']; global $obj_mysql; $table="tbl_js_login"; // this is the tablename that you want to export to csv from mysql. function exportMysqlToCsv($table,$filename = 'export.csv') { $csv_terminated = "\n"; $csv_separator = ","; $csv_enclosed = '"'; $csv_escaped = "\"; $sql_query = "select fld_id, fld_fname,fld_lname from $table"; // Gets the data from the database $result = mysql_query($sql_query); $fields_cnt = mysql_num_fields($result); $schema_insert = ''; for ($i = 0; $i < $fields_cnt; $i++) { $l = $csv_enclosed . str_replace($csv_enclosed, $csv_escaped . $csv_enclosed, stripslashes(mysql_field_name($result, $i))) . $csv_enclosed; $schema_insert .= $l; $schema_insert .= $csv_separator; } // end for $out = trim(substr($schema_insert, 0, -1)); $out .= $csv_terminated; // Format the data while ($row = mysql_fetch_array($result)) { $schema_insert = ''; for ($j = 0; $j < $fields_cnt; $j++) { if ($row[$j] == '0' || $row[$j] != '') { if ($csv_enclosed == '') { $schema_insert .= $row[$j]; } else { $schema_insert .= $csv_enclosed . str_replace($csv_enclosed, $csv_escaped . $csv_enclosed, $row[$j]) . $csv_enclosed; } } else { $schema_insert .= ''; } if ($j < $fields_cnt - 1) { $schema_insert .= $csv_separator; } } // end for $out .= $schema_insert; $out .= $csv_terminated; $out1 = strip_tags($out); } // end while header("Cache-Control: must-revalidate, post-check=0, pre-check=0"); header("Content-Length: " . strlen($out1)); // Output to browser with appropriate mime type, you choose ;) header("Content-type: text/x-csv"); //header("Content-type: text/csv"); //header("Content-type: application/csv"); header("Content-Disposition: attachment; filename=$filename"); echo $out1; exit; } exportMysqlToCsv($table); } include_once $path."includes/jobseeker_form.php"; /* function is_duplicate($login_name) { global $obj_mysql; $sql="SELECT * FROM tbl_admin_details WHERE fld_login ='$login_name'"; $num=$obj_mysql-get_num_rows($sql); if($num==0) return false; else return true; }*/ ?` the above code we are using for genrating the xlsheet along with xlsheet we are getting html at th top . following is the screen shot of xlsheet please provide some help how to remove the html code from xlsheet

  Read the article

• PayPal IPN - having trouble accessing session data?

  - by Martin Bean

  Hello, all. I'm having issues with PayPal IPN integration where it seems I cannot get my solution to read session variables. Basically, in my shop module script, I store the customer's details as provided by PayPal to an orders table. However, I also wish to save products ordered in a transaction to a separate table linked by the order ID. However, it's the second part of the script that's not working, where I loop through the products in the session and then save them to the orders_products table. Is there a reason why the session data not being read? The code within shop.php is as follows: if ($paypal->validate_ipn()) { $name = $paypal->ipn_data['address_name']; $street_1 = $paypal->ipn_data['address_street']; $street_2 = ""; $city = $paypal->ipn_data['address_city']; $state = $paypal->ipn_data['address_state']; $zip = $paypal->ipn_data['address_zip']; $country = $paypal->ipn_data['address_country']; $txn_id = $paypal->ipn_data['txn_id']; $sql = "INSERT INTO orders (name, street_1, street_2, city, state, zip, country, txn_id) VALUES (:name, :street_1, :street_2, :city, :state, :zip, :country, :txn_id)"; $smt = $this->pdo->prepare($sql); $smt->bindParam(':name', $name, PDO::PARAM_STR); $smt->bindParam(':street_1', $street_1, PDO::PARAM_STR); $smt->bindParam(':street_2', $street_2, PDO::PARAM_STR); $smt->bindParam(':city', $city, PDO::PARAM_STR); $smt->bindParam(':state', $state, PDO::PARAM_STR); $smt->bindParam(':zip', $zip, PDO::PARAM_STR); $smt->bindParam(':country', $country, PDO::PARAM_STR); $smt->bindParam(':txn_id', $txn_id, PDO::PARAM_INT); $smt->execute(); // save products to orders relationship $order_id = $this->pdo->lastInsertId(); // $cart = $this->session->get('cart'); $cart = $this->session->get('cart'); foreach ($cart as $product_id => $item) { $quantity = $item['quantity']; $sql = "INSERT INTO orders_products (order_id, product_id, quantity) VALUES ('$order_id', '$product_id', '$quantity')"; $res = $this->pdo->query($sql); } $this->session->del('cart'); mail('[email protected]', 'IPN result', 'IPN was successful on wrestling-wear.com'); } else { mail('[email protected]', 'IPN result', 'IPN failed on wrestling-wear.com'); } And I'm using the PayPal IPN class for PHP as found here: http://www.micahcarrick.com/04-19-2005/php-paypal-ipn-integration-class.html, but the contents of the validate_ipn() method is as follows: public function validate_ipn() { $url_parsed = parse_url($this->paypal_url); $post_string = ''; foreach ($_POST as $field => $value) { $this->ipn_data[$field] = $value; $post_string.= $field.'='.urlencode(stripslashes($value)).'&'; } $post_string.= "cmd=_notify-validate"; // append IPN command // open the connection to PayPal $fp = fsockopen($url_parsed[host], "80", $err_num, $err_str, 30); if (!$fp) { // could not open the connection. If logging is on, the error message will be in the log $this->last_error = "fsockopen error no. $errnum: $errstr"; $this->log_ipn_results(false); return false; } else { // post the data back to PayPal fputs($fp, "POST $url_parsed[path] HTTP/1.1\r\n"); fputs($fp, "Host: $url_parsed[host]\r\n"); fputs($fp, "Content-type: application/x-www-form-urlencoded\r\n"); fputs($fp, "Content-length: ".strlen($post_string)."\r\n"); fputs($fp, "Connection: close\r\n\r\n"); fputs($fp, $post_string . "\r\n\r\n"); // loop through the response from the server and append to variable while (!feof($fp)) { $this->ipn_response.= fgets($fp, 1024); } fclose($fp); // close connection } if (eregi("VERIFIED", $this->ipn_response)) { // valid IPN transaction $this->log_ipn_results(true); return true; } else { // invalid IPN transaction; check the log for details $this->last_error = 'IPN Validation Failed.'; $this->log_ipn_results(false); return false; } }

  Read the article

• Problem With View Helpers

  - by Richard Knop

  I wrote few custom view helpers but I have a little trouble using them. If I add the helper path in controller action like this: public function fooAction() { $this->view->addHelperPath('My/View/Helper', 'My_View_Helper'); } Then I can use the views from that path without a problem. But when I add the path in the bootstrap file like this: protected function _initView() { $this->view = new Zend_View(); $this->view->doctype('XHTML1_STRICT'); $this->view->headScript()->appendFile($this->view->baseUrl() . '/js/jquery-ui/jquery.js'); $this->view->headMeta()->appendHttpEquiv('Content-Type', 'text/html; charset=UTF-8'); $this->view->headMeta()->appendHttpEquiv('Content-Style-Type', 'text/css'); $this->view->headMeta()->appendHttpEquiv('Content-Language', 'sk'); $this->view->headLink()->appendStylesheet($this->view->baseUrl() . '/css/reset.css'); $this->view->addHelperPath('My/View/Helper', 'My_View_Helper'); } Then the view helpers don't work. Why is that? It's too troublesome to add the path in every controller action. Here is an example of how my custom view helpers look: class My_View_Helper_FooBar { public function fooBar() { return 'hello world'; } } I use them like this in views: <?php echo $this->fooBar(); ?> Should I post my whole bootstrap file? UPDATE: Added complete bootstrap file just in case: class Bootstrap extends Zend_Application_Bootstrap_Bootstrap { protected function _initFrontController() { $this->frontController = Zend_Controller_Front::getInstance(); $this->frontController->addModuleDirectory(APPLICATION_PATH . '/modules'); Zend_Controller_Action_HelperBroker::addPath( 'My/Controller/Action/Helper', 'My_Controller_Action_Helper' ); $this->frontController->registerPlugin(new My_Controller_Plugin_Auth()); $this->frontController->setBaseUrl('/'); } protected function _initView() { $this->view = new Zend_View(); $this->view->doctype('XHTML1_STRICT'); $this->view->headScript()->appendFile($this->view->baseUrl() . '/js/jquery-ui/jquery.js'); $this->view->headMeta()->appendHttpEquiv('Content-Type', 'text/html; charset=UTF-8'); $this->view->headMeta()->appendHttpEquiv('Content-Style-Type', 'text/css'); $this->view->headMeta()->appendHttpEquiv('Content-Language', 'sk'); $this->view->headLink()->appendStylesheet($this->view->baseUrl() . '/css/reset.css'); $this->view->addHelperPath('My/View/Helper', 'My_View_Helper'); } protected function _initDb() { $this->configuration = new Zend_Config_Ini(APPLICATION_PATH . '/configs/application.ini', APPLICATION_ENVIRONMENT); $this->dbAdapter = Zend_Db::factory($this->configuration->database); Zend_Db_Table_Abstract::setDefaultAdapter($this->dbAdapter); $stmt = new Zend_Db_Statement_Pdo($this->dbAdapter, "SET NAMES 'utf8'"); $stmt->execute(); } protected function _initAuth() { $this->auth = Zend_Auth::getInstance(); } protected function _initCache() { $frontend= array('lifetime' => 7200, 'automatic_serialization' => true); $backend= array('cache_dir' => 'cache'); $this->cache = Zend_Cache::factory('core', 'File', $frontend, $backend); } public function _initTranslate() { $this->translate = new Zend_Translate('Array', BASE_PATH . '/languages/Slovak.php', 'sk_SK'); $this->translate->setLocale('sk_SK'); } protected function _initRegistry() { $this->registry = Zend_Registry::getInstance(); $this->registry->configuration = $this->configuration; $this->registry->dbAdapter = $this->dbAdapter; $this->registry->auth = $this->auth; $this->registry->cache = $this->cache; $this->registry->Zend_Translate = $this->translate; } protected function _initUnset() { unset($this->frontController, $this->view, $this->configuration, $this->dbAdapter, $this->auth, $this->cache, $this->translate, $this->registry); } protected function _initGetRidOfMagicQuotes() { if (get_magic_quotes_gpc()) { function stripslashes_deep($value) { $value = is_array($value) ? array_map('stripslashes_deep', $value) : stripslashes($value); return $value; } $_POST = array_map('stripslashes_deep', $_POST); $_GET = array_map('stripslashes_deep', $_GET); $_COOKIE = array_map('stripslashes_deep', $_COOKIE); $_REQUEST = array_map('stripslashes_deep', $_REQUEST); } } public function run() { $frontController = Zend_Controller_Front::getInstance(); $frontController->dispatch(); } }

  Read the article

• My form php is not working and I can't figure out where I went wrong

  - by user1081524

  I'm fairly new to all this, but I've created a form, and this is what I've written to send it. I've used "[email protected]" here instead of the real address <?php /* Set e-mail recipient */ $myemail = "[email protected]"; /* Check all form inputs using check_input function */ $names = check_input($_POST['names'], "Please return to our Application Form and enter your and your future spouse's names."); $weddingtype = check_input($_POST['weddingtype'], "Please return to our Application Form and fill in what kind of wedding you will be having."); $religioussect = check_input($_POST['religioussect'], "Please return to our Application Form and tell us about your religion and wedding traditions."); $dateone = check_input($_POST['dateone'], "Please return to our Application Form and give us the date for at least one event."); $eventone = check_input($_POST['eventone'], "Please return to our Application Form and list at least one event."); $locationone = check_input($_POST['locationone'], "Please return to our Application Form and give us the location for at least one event."); $durationone = check_input($_POST['durationone'], "Please return to our Application Form and give us the duration of at least one event."); $typeone = check_input($_POST['typeone'], "Please return to our Application Form and tell us whether you would like video, photo or both for at least one event."); $datetwo = $_POST['datetwo']; $eventtwo = $_POST['eventtwo']; $locationtwo = $_POST['locationtwo']; $durationtwo = $_POST['durationtwo']; $typetwo = $_POST['typetwo']; $datethree = $_POST['datethree']; $eventthree = $_POST['eventthree']; $locationthree = $_POST['locationthree']; $durationthree = $_POST['durationthree']; $typethree = $_POST['typethree']; $datefour = $_POST['datefour']; $eventfour = $_POST['eventfour']; $locationfour = $_POST['locationfour']; $durationfour = $_POST['durationfour']; $typefour = $_POST['typefour']; $guests1 = check_input($_POST['guests1'], "Please return to our Application Form and tell us how many guests will attend at least one event."); $guests2 = $_POST['guests2']; $guests3 = $_POST['guests3']; $guests4 = $_POST['guests4']; $concerns = $_POST['concerns']; if(!isset($_POST['submit'])){ $subject = "Quote Application"; /*Message for the e-mail */ $message = "Hello! Another happy couple has filled out a Quote Application Form :D Hooray! Their names are $names. What sort of wedding are they having? '$weddingtype'. What religious sect and wedding traditions are they following? '$religioussect'. Now for their wedding events... Ooh boy! 1. $dateone $eventone $durationone $typeone Estimated guests: $guests1 $locationone 2. $datetwo $eventtwo $durationtwo $typetwo Estimated guests: $guests2 $locationtwo 3. $datethree $eventthree $durationthree $typethree Estimated guests: $guests3 $locationthree 4. $datefour $eventfour $durationfour $typefour Estimated guests: $guests4 $locationfour Any concerns the couple have follow here: '$concerns' You better be ready to get to work now! And also, have a really good day :) "; /* Functions used */ function check_input($data, $problem='') { $data = trim($data); $data = stripslashes($data); $data = htmlspecialchars($data); if ($problem && strlen($data) == 0) { show_error($problem); } return $data; } function show_error($myError) { ?> <b>We apologize for the inconvenience, an error occurred.</b><br /> <?php echo $myError; ?> <?php exit(); } /* Send the message using mail() function */ mail($myemail, $subject, $message); /* Redirect visitor to the thank you page */ header('Location: thanks.html'); exit(); ?> Please help me find what I'm doing wrong, I'm barely a beginner here. Thanks in advance!

  Read the article

• Search Form using PHP/mySQL and Fancybox iFrame

  - by Cocoonfxmedia

  I am struggling to get a search form in PHP to work with a fancybox iFrame. The search form queries a MySQL database and I want the results to show in the iFrame. However for some reason i can not get this to work. I have pasted the complete code below. Appreciate any support with this? Java Script: <script type="text/javascript"> $(document).ready(function() { $("#tip5").fancybox({ 'scrolling' : 'no', 'titleShow' : false, 'onClosed' : function() { $("#login_error").hide(); } }); }); </script> HTML/PHP <form method="post" action="test2.php?go" id="topF"> <input type="text" name="name"> <input type="submit" name="submit" id="tip5" href="#results" value="Search" class="buttonSubmit"> </form> <div id="results"> <?php if(isset($_POST['submit'])){ if(isset($_GET['go'])){ if(preg_match("/[A-Z | a-z]+/", $_POST['name'])){ $name=$_POST['name']; //-query the database table $sql="SELECT id, COMPANY, TOWN, COUNTY, ServiceStandards,Active FROM main WHERE Active='Y' AND COMPANY LIKE '%" . $name . "%' OR TOWN LIKE '%" . $name . "%'AND Active='Y' OR ServiceStandards LIKE '%" . $name . "%' AND Active='Y' OR COUNTY LIKE '%" . $name . "%'AND Active='Y'"; $result5=mysql_query($sql); $numrows=mysql_num_rows($result5); echo "<p>" .$numrows . " results found for " . stripslashes($name) . "</p>"; //-create while loop and loop through result set while($numrow=mysql_fetch_array($result5)){ $Company =$numrow['COMPANY']; $Town=$numrow['TOWN']; $County=$numrow['COUNTY']; $ID=$numrow['id']; $Service=$numrow['ServiceStandards']; //-display the result of the array echo "<ul>\n"; echo "<li>" . "<a href=\"test2.php?id=$ID\">" .$Company . "</a></li>\n"; echo "</ul>"; } } else{ echo "<p>Please enter a search query</p>"; } } } if(isset($_GET['by'])){ $letter=$_GET['by']; $sql="SELECT *,COMPANY,COMPANY+0 FROM main WHERE Active='Y' AND COMPANY LIKE '" . $letter . "%' ORDER BY COMPANY"; $result5=mysql_query($sql); $result6=mysql_query($sql); $rows=mysql_num_rows($result6); echo "<p>" .$numrows . " results found for " . $letter . "</p>"; while($rows=mysql_fetch_array($result6)){ $Company =$rows['COMPANY']; $Town=$rows['TOWN']; $County=$rows['COUNTY']; $Post=$rows['POSTCODE']; $ID=$rows['id']; //-display the result of the array echo "<ul>\n"; echo "<li>" . "<a href=\"test2.php?id=$ID\">" .$Company . "</a> <br/>" .$Town . ", " .$County. ", " .$Post."</li>\n"; echo "</ul>"; } } if(isset($_GET['id'])){ $contactid=$_GET['id']; $sql="SELECT * FROM main WHERE Active='Y' AND id=" . $contactid; $result7=mysql_query($sql); while($row=mysql_fetch_array($result7)){ $Company =$row['COMPANY']; $Town=$row['TOWN']; $County=$row['COUNTY']; $Email=$row['Email']; $Web=$row['Web']; //-display the result of the array echo 'Company Name: '. $row['COMPANY'] . '<br />'; echo 'Town: '. $row['TOWN'] . '<br/>'; echo 'Postcode: '. $row['POSTCODE'] . '<br/>'; echo 'Telephone: '. $row['TELEPHONE'] . '<br/>'; echo 'Email: '. $row['Email'] . '<br/>'; echo 'Web: ' . "<a href=".$Web.">" .$Web . "</a> <br/>\n"; echo ' '. '<br/>'; echo 'Service: '. $row['ServiceStandards'] . '</br>'; } } ?> </div>

  Read the article

• Form contents not showing in email

  - by fmz

  This is a followup to a question I posted yesterday. I thought everything was working fine, but today, I am not getting any results in the email from the drop down field. Here is the form code in question: <label for="purpose"><span class="required">*</span> Purpose</label> <select id="purpose" name="purpose" style="width: 300px; height:35px;"> <option value="" selected="selected">-- Select One --</option> <option value="I am interested in your services">I am interested in your services!</option> <option value="I am interested in a partnership">I am interested in a partnership!</option> <option value="I am interested in a job">I am interested in a job!</option> </select> It is then processed in PHP and should output the selected option to an email, however the Reason for Contact line always comes through with nothing in it. Here is the PHP code: <?php if(!$_POST) exit; $name = $_POST['name']; $company = $_POST['company']; $email = $_POST['email']; $phone = $_POST['phone']; $purpose = $_POST['purpose']; $comments = $_POST['comments']; $verify = $_POST['verify']; if(trim($name) == '') { echo '<div class="error_message">Attention! You must enter your name.</div>'; exit(); } else if(trim($email) == '') { echo '<div class="error_message">Attention! Please enter a valid email address.</div>'; exit(); } else if(trim($phone) == '') { echo '<div class="error_message">Attention! Please enter a valid phone number.</div>'; exit(); } else if(!isEmail($email)) { echo '<div class="error_message">Attention! You have enter an invalid e-mail address, try again.</div>'; exit(); } if(trim($comments) == '') { echo '<div class="error_message">Attention! Please enter your message.</div>'; exit(); } else if(trim($verify) == '') { echo '<div class="error_message">Attention! Please enter the verification number.</div>'; exit(); } else if(trim($verify) != '4') { echo '<div class="error_message">Attention! The verification number you entered is incorrect.</div>'; exit(); } if($error == '') { if(get_magic_quotes_gpc()) { $comments = stripslashes($comments); } // Configuration option. // Enter the email address that you want to emails to be sent to. // Example $address = "[email protected]"; $address = "[email protected]"; // Configuration option. // i.e. The standard subject will appear as, "You've been contacted by John Doe." // Example, $e_subject = '$name . ' has contacted you via Your Website.'; $e_subject = 'You\'ve been contacted by ' . $name . '.'; // Configuration option. // You can change this if you feel that you need to. // Developers, you may wish to add more fields to the form, in which case you must be sure to add them here. $e_body = "You have been contacted by $name.\r\n\n"; $e_company = "Company: $company\r\n\n"; $e_content = "Comments: \"$comments\"\r\n\n"; $e_purpose = "Reason for contact: $purpose\r\n\n"; $e_reply = "You can contact $name via email, $email or via phone $phone"; $msg = $e_body . $e_content . $e_company . $e_purpose . $e_reply; if(mail($address, $e_subject, $msg, "From: $email\r\nReply-To: $email\r\nReturn-Path: $email\r\n")) { // Email has sent successfully, echo a success page. echo "<fieldset>"; echo "<div id='success_page'>"; echo "<h1>Email Sent Successfully.</h1>"; echo "<p>Thank you <strong>$name</strong>, your message has been submitted to us.</p>"; echo "</div>"; echo "</fieldset>"; } else { echo 'ERROR!'; } } function isEmail($email) { // Email address verification, do not edit. return(preg_match("/^[-_.[:alnum:]]+@((([[:alnum:]]|[[:alnum:]][[:alnum:]-]*[[:alnum:]])\.)+(ad|ae|aero|af|ag|ai|al|am|an|ao|aq|ar|arpa|as|at|au|aw|az|ba|bb|bd|be|bf|bg|bh|bi|biz|bj|bm|bn|bo|br|bs|bt|bv|bw|by|bz|ca|cc|cd|cf|cg|ch|ci|ck|cl|cm|cn|co|com|coop|cr|cs|cu|cv|cx|cy|cz|de|dj|dk|dm|do|dz|ec|edu|ee|eg|eh|er|es|et|eu|fi|fj|fk|fm|fo|fr|ga|gb|gd|ge|gf|gh|gi|gl|gm|gn|gov|gp|gq|gr|gs|gt|gu|gw|gy|hk|hm|hn|hr|ht|hu|id|ie|il|in|info|int|io|iq|ir|is|it|jm|jo|jp|ke|kg|kh|ki|km|kn|kp|kr|kw|ky|kz|la|lb|lc|li|lk|lr|ls|lt|lu|lv|ly|ma|mc|md|mg|mh|mil|mk|ml|mm|mn|mo|mp|mq|mr|ms|mt|mu|museum|mv|mw|mx|my|mz|na|name|nc|ne|net|nf|ng|ni|nl|no|np|nr|nt|nu|nz|om|org|pa|pe|pf|pg|ph|pk|pl|pm|pn|pr|pro|ps|pt|pw|py|qa|re|ro|ru|rw|sa|sb|sc|sd|se|sg|sh|si|sj|sk|sl|sm|sn|so|sr|st|su|sv|sy|sz|tc|td|tf|tg|th|tj|tk|tm|tn|to|tp|tr|tt|tv|tw|tz|ua|ug|uk|um|us|uy|uz|va|vc|ve|vg|vi|vn|vu|wf|ws|ye|yt|yu|za|zm|zw)$|(([0-9][0-9]?|[0-1][0-9][0-9]|[2][0-4][0-9]|[2][5][0-5])\.){3}([0-9][0-9]?|[0-1][0-9][0-9]|[2][0-4][0-9]|[2][5][0-5]))$/i",$email)); } ?> Any assistance would be greatly appreciated. Thanks!

  Read the article

• Php and Jquery Validation: with Jquery Form Plugin

  - by Jacinto

  Hi, This is the first time I have attempted to make a form using jquery and php. I used the folks over at Mid Mo Design as an example but even with that tutorial am still having trouble getting it to do what I want. This is the code I have been using. As well as jquery 1.4.1 and jQuery Form Plugin 2.43. Any help would be greatly appreciated. css scrollContact { border-top: double 1px #0D0D0D; padding: 100px 50px 50px 50px; background: #020303; position: relative; overflow: hidden; width: 924px; text-align: justify; } .contactInfo { float:left; width: 214px; margin-right: 10px; margin-top: 5px; } contactForm { float: left; width: 700px; } contactForm span { float: left; margin:5px; width: 455px; } input, textarea { -moz-border-radius:5px 5px 5px 5px; border:1px solid #001932; color:#BBBBBB; font:1.1em Verdana,Geneva,sans-serif; background: #0A0A0A; } input:hover, textarea:hover { border:1px solid #0278f2; background: #242424; } contactForm span input { line-height:1.8em; width:430px; padding:11px 10px; margin: 0px 0px 10px 0px; } contactForm input { line-height:1.8em; width:200px; padding:11px 10px; margin: 5px; } contactForm textarea { height:190px; line-height:1.8em; width:430px; padding:10px; } .message { background:#eee; color:#000; display:none; padding:10px; height: 70px; position: absolute; bottom:0px; } Html Contact Navigate To: Work services about contact Get A Free Quote Thank you for your interest in contacting me. Please use the form to the right to contact me via email. I will respond to your inquiry as soon as possible. Please note all fields are required. What Next? Thank you for your interest in contacting me. Please use the form to the right to contact me via email. I will respond to your inquiry as soon as possible. Please note all fields are required. Your Message Php <?php $sendto = '[email protected]'; $subject = 'Contact from contact form'; $errormessage = 'Oops! There seems to have been a problem. May we suggest...'; $thanks = "Thanks for the email! We'll get back to you as soon as possible!"; $honeypot = "You filled in the honeypot! If you're human, try again!"; $emptyname = 'Entering your name?'; $emptyemail = 'Entering your email address?'; $emptytitle = 'Entering The Subject?'; $emptymessage = 'Entering a message?'; $alertname = 'Entering your name using only the standard alphabet?'; $alertemail = 'Entering your email in this format: [email protected]?'; $alerttitle = 'Entering the subject using only the standard alphabet?'; $alertmessage = "Making sure you aren't using any parenthesis or other escaping characters in the message? Most URLS are fine though!"; $alert = ''; $pass = 0; function clean_var($variable) { $variable = strip_tags(stripslashes(trim(rtrim($variable)))); return $variable; } if ( empty($_REQUEST['last']) ) { if ( empty($_REQUEST['contactName']) ) { $pass = 1; $alert .= "" . $emptyname . ""; } elseif ( ereg( "[][{}()*+?.\^$|]", $_REQUEST['contactName'] ) ) { $pass = 1; $alert .= "" . $alertname . ""; } if ( empty($_REQUEST['contactEmail']) ) { $pass = 1; $alert .= "" . $emptyemail . ""; } elseif ( !eregi("^[_a-z0-9-]+(.[_a-z0-9-]+)@[a-z0-9-]+(.[a-z0-9-]+)(.[a-z]{2,3})$", $_REQUEST['contactEmail']) ) { $pass = 1; $alert .= "" . $alertemail . ""; } if ( empty($_REQUEST['contactTitle']) ) { $pass = 1; $alert .= "" . $emptytitle . ""; } elseif ( ereg( "[][{}()*+?.\^$|]", $_REQUEST['contactTitle'] ) ) { $pass = 1; $alert .= "" . $alerttitle . ""; } if ( empty($_REQUEST['contactMessage']) ) { $pass = 1; $alert .= "" . $emptymessage . ""; } elseif ( ereg( "[][{}()*+?\^$|]", $_REQUEST['contactMessage'] ) ) { $pass = 1; $alert .= "" . $alertmessage . ""; } if ( $pass==1 ) { echo "$(\".message\").hide(\"slow\").show(\"slow\"); "; echo "" . $errormessage . ""; echo ""; echo $alert; echo ""; } elseif (isset($_REQUEST['message'])) { $message = "From: " . clean_var($_REQUEST['contactName']) . "\n"; $message .= "Email: " . clean_var($_REQUEST['contactEmail']) . "\n"; $message .= "Telephone: " . clean_var($_REQUEST['contactTitle']) . "\n"; $message .= "Message: \n" . clean_var($_REQUEST['contactMessage']); $header = 'From:'. clean_var($_REQUEST['contactEmail']); mail($sendto, $subject, $message, $header); echo "$(\".message\").hide(\"slow\").show(\"slow\").animate({opacity: 1.0}, 4000).hide(\"slow\"); $(':input').clearForm() "; echo $thanks; die(); } } else { echo "$(\".message\").hide(\"slow\").show(\"slow\"); "; echo $honeypot; } ?

  Read the article

• (PHP) Validation, Security and Speed - Does my app have these?

  - by Devner

  Hi all, I am currently working on a building community website in PHP. This contains forms that a user can fill right from registration to lot of other functionality. I am not an Object-oriented guy, so I am using functions most of the time to handle my application. I know I have to learn OOPS, but currently need to develop this website and get it running soon. Anyway, here's a sample of what I let my app. do: Consider a page (register.php) that has a form where a user has 3 fields to fill up, say: First Name, Last Name and Email. Upon submission of this form, I want to validate the form and show the corresponding errors to the users: <form id="form1" name="form1" method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>"> <label for="name">Name:</label> <input type="text" name="name" id="name" /><br /> <label for="lname">Last Name:</label> <input type="text" name="lname" id="lname" /><br /> <label for="email">Email:</label> <input type="text" name="email" id="email" /><br /> <input type="submit" name="submit" id="submit" value="Submit" /> </form> This form will POST the info to the same page. So here's the code that will process the POST'ed info: <?php require("functions.php"); if( isset($_POST['submit']) ) { $errors = fn_register(); if( count($errors) ) { //Show error messages } else { //Send welcome mail to the user or do database stuff... } } ?> <?php //functions.php page: function sql_quote( $value ) { if( get_magic_quotes_gpc() ) { $value = stripslashes( $value ); } else { $value = addslashes( $value ); } if( function_exists( "mysql_real_escape_string" ) ) { $value = mysql_real_escape_string( $value ); } return $value; } function clean($str) { $str = strip_tags($str, '<br>,<br />'); $str = trim($str); $str = sql_quote($str); return $str; } foreach ($_POST as &$value) { if (!is_array($value)) { $value = clean($value); } else { clean($value); } } foreach ($_GET as &$value) { if (!is_array($value)) { $value = clean($value); } else { clean($value); } } function validate_name( $fld, $min, $max, $rule, $label ) { if( $rule == 'required' ) { if ( trim($fld) == '' ) { $str = "$label: Cannot be left blank."; return $str; } } if ( isset($fld) && trim($fld) != '' ) { if ( isset($fld) && $fld != '' && !preg_match("/^[a-zA-Z\ ]+$/", $fld)) { $str = "$label: Invalid characters used! Only Lowercase, Uppercase alphabets and Spaces are allowed"; } else if ( strlen($fld) < $min or strlen($fld) > $max ) { $curr_char = strlen($fld); $str = "$label: Must be atleast $min character &amp; less than $max char. Entered characters: $curr_char"; } else { $str = 0; } } else { $str = 0; } return $str; } function validate_email( $fld, $min, $max, $rule, $label ) { if( $rule == 'required' ) { if ( trim($fld) == '' ) { $str = "$label: Cannot be left blank."; return $str; } } if ( isset($fld) && trim($fld) != '' ) { if ( !eregi('^[a-zA-Z0-9._-]+@[a-zA-Z0-9._-]+\.([a-zA-Z]{2,4})$', $fld) ) { $str = "$label: Invalid format. Please check."; } else if ( strlen($fld) < $min or strlen($fld) > $max ) { $curr_char = strlen($fld); $str = "$label: Must be atleast $min character &amp; less than $max char. Entered characters: $curr_char"; } else { $str = 0; } } else { $str = 0; } return $str; } function val_rules( $str, $val_type, $rule='required' ){ switch ($val_type) { case 'name': $val = validate_name( $str, 3, 20, $rule, 'First Name'); break; case 'lname': $val = validate_name( $str, 10, 20, $rule, 'Last Name'); break; case 'email': $val = validate_email( $str, 10, 60, $rule, 'Email'); break; } return $val; } function fn_register() { $errors = array(); $val_name = val_rules( $_POST['name'], 'name' ); $val_lname = val_rules( $_POST['lname'], 'lname', 'optional' ); $val_email = val_rules( $_POST['email'], 'email' ); if ( $val_name != '0' ) { $errors['name'] = $val_name; } if ( $val_lname != '0' ) { $errors['lname'] = $val_lname; } if ( $val_email != '0' ) { $errors['email'] = $val_email; } return $errors; } //END of functions.php page ?> OK, now it might look like there's a lot, but lemme break it down target wise: 1. I wanted the foreach ($_POST as &$value) and foreach ($_GET as &$value) loops to loop through the received info from the user submission and strip/remove all malicious input. I am calling a function called clean on the input first to achieve the objective as stated above. This function will process each of the input, whether individual field values or even arrays and allow only tags and remove everything else. The rest of it is obvious. Once this happens, the new/cleaned values will be processed by the fn_register() function and based on the values returned after the validation, we get the corresponding errors or NULL values (as applicable). So here's my questions: 1. This pretty much makes me feel secure as I am forcing the user to correct malicious data and won't process the final data unless the errors are corrected. Am I correct? Does the method that I follow guarantee the speed (as I am using lots of functions and their corresponding calls)? The fields of a form differ and the minimum number of fields I may have at any given point of time in any form may be 3 and can go upto as high as 100 (or even more, I am not sure as the website is still being developed). Will having 100's of fields and their validation in the above way, reduce the speed of application (say upto half a million users are accessing the website at the same time?). What can I do to improve the speed and reduce function calls (if possible)? 3, Can I do something to improve the current ways of validation? I am holding off object oriented approach and using FILTERS in PHP for the later. So please, I request you all to suggest me way to improve/tweak the current ways and suggest me if the script is vulnerable or safe enough to be used in a Live production environment. If not, what I can do to be able to use it live? Thank you all in advance.

  Read the article

• Please Critique this PHP Login Script

  - by NightMICU

  Greetings, A site I developed was recently compromised, most likely by a brute force or Rainbow Table attack. The original log-in script did not have a SALT, passwords were stored in MD5. Below is an updated script, complete with SALT and IP address banning. In addition, it will send a Mayday email & SMS and disable the account should the same IP address or account attempt 4 failed log-ins. Please look it over and let me know what could be improved, what is missing, and what is just plain strange. Many thanks! <?php //Start session session_start(); //Include DB config include $_SERVER['DOCUMENT_ROOT'] . '/includes/pdo_conn.inc.php'; //Error message array $errmsg_arr = array(); $errflag = false; //Function to sanitize values received from the form. Prevents SQL injection function clean($str) { $str = @trim($str); if(get_magic_quotes_gpc()) { $str = stripslashes($str); } return $str; } //Define a SALT, the one here is for demo define('SALT', '63Yf5QNA'); //Sanitize the POST values $login = clean($_POST['login']); $password = clean($_POST['password']); //Encrypt password $encryptedPassword = md5(SALT . $password); //Input Validations //Obtain IP address and check for past failed attempts $ip_address = $_SERVER['REMOTE_ADDR']; $checkIPBan = $db->prepare("SELECT COUNT(*) FROM ip_ban WHERE ipAddr = ? OR login = ?"); $checkIPBan->execute(array($ip_address, $login)); $numAttempts = $checkIPBan->fetchColumn(); //If there are 4 failed attempts, send back to login and temporarily ban IP address if ($numAttempts == 1) { $getTotalAttempts = $db->prepare("SELECT attempts FROM ip_ban WHERE ipAddr = ? OR login = ?"); $getTotalAttempts->execute(array($ip_address, $login)); $totalAttempts = $getTotalAttempts->fetch(); $totalAttempts = $totalAttempts['attempts']; if ($totalAttempts >= 4) { //Send Mayday SMS $to = "[email protected]"; $subject = "Banned Account - $login"; $mailheaders = 'From: [email protected]' . "\r\n"; $mailheaders .= 'Reply-To: [email protected]' . "\r\n"; $mailheaders .= 'MIME-Version: 1.0' . "\r\n"; $mailheaders .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n"; $msg = "<p>IP Address - " . $ip_address . ", Username - " . $login . "</p>"; mail($to, $subject, $msg, $mailheaders); $setAccountBan = $db->query("UPDATE ip_ban SET isBanned = 1 WHERE ipAddr = '$ip_address'"); $setAccountBan->execute(); $errmsg_arr[] = 'Too Many Login Attempts'; $errflag = true; } } if($login == '') { $errmsg_arr[] = 'Login ID missing'; $errflag = true; } if($password == '') { $errmsg_arr[] = 'Password missing'; $errflag = true; } //If there are input validations, redirect back to the login form if($errflag) { $_SESSION['ERRMSG_ARR'] = $errmsg_arr; session_write_close(); header('Location: http://somewhere.com/login.php'); exit(); } //Query database $loginSQL = $db->prepare("SELECT password FROM user_control WHERE username = ?"); $loginSQL->execute(array($login)); $loginResult = $loginSQL->fetch(); //Compare passwords if($loginResult['password'] == $encryptedPassword) { //Login Successful session_regenerate_id(); //Collect details about user and assign session details $getMemDetails = $db->prepare("SELECT * FROM user_control WHERE username = ?"); $getMemDetails->execute(array($login)); $member = $getMemDetails->fetch(); $_SESSION['SESS_MEMBER_ID'] = $member['user_id']; $_SESSION['SESS_USERNAME'] = $member['username']; $_SESSION['SESS_FIRST_NAME'] = $member['name_f']; $_SESSION['SESS_LAST_NAME'] = $member['name_l']; $_SESSION['SESS_STATUS'] = $member['status']; $_SESSION['SESS_LEVEL'] = $member['level']; //Get Last Login $_SESSION['SESS_LAST_LOGIN'] = $member['lastLogin']; //Set Last Login info $updateLog = $db->prepare("UPDATE user_control SET lastLogin = DATE_ADD(NOW(), INTERVAL 1 HOUR), ip_addr = ? WHERE user_id = ?"); $updateLog->execute(array($ip_address, $member['user_id'])); session_write_close(); //If there are past failed log-in attempts, delete old entries if ($numAttempts > 0) { //Past failed log-ins from this IP address. Delete old entries $deleteIPBan = $db->prepare("DELETE FROM ip_ban WHERE ipAddr = ?"); $deleteIPBan->execute(array($ip_address)); } if ($member['level'] != "3" || $member['status'] == "Suspended") { header("location: http://somewhere.com"); } else { header('Location: http://somewhere.com'); } exit(); } else { //Login failed. Add IP address and other details to ban table if ($numAttempts < 1) { //Add a new entry to IP Ban table $addBanEntry = $db->prepare("INSERT INTO ip_ban (ipAddr, login, attempts) VALUES (?,?,?)"); $addBanEntry->execute(array($ip_address, $login, 1)); } else { //increment Attempts count $updateBanEntry = $db->prepare("UPDATE ip_ban SET ipAddr = ?, login = ?, attempts = attempts+1 WHERE ipAddr = ? OR login = ?"); $updateBanEntry->execute(array($ip_address, $login, $ip_address, $login)); } header('Location: http://somewhere.com/login.php'); exit(); } ?>

  Read the article

• change password code error

  - by ejah85

  I've created a code to change a password. Now it seem contain an error. When I fill in the form to change password, and click save the error message: Warning: mysql_real_escape_string() expects parameter 2 to be resource, null given in C:\Program Files\xampp\htdocs\e-Complaint(FYP)\userChangePass.php on line 103 Warning: mysql_real_escape_string() expects parameter 2 to be resource, null given in C:\Program Files\xampp\htdocs\e-Complaint(FYP)\userChangePass.php on line 103 I really don’t know what the error message means. Please guys. Help me fix it. Here's is the code: <?php session_start(); ?> <?php # change password.php //set the page title and include the html header. $page_title = 'Change Your Password'; //include('templates/header.inc'); if(isset($_POST['submit'])){//handle the form require_once('connectioncomplaint.php');//connect to the db. //include "connectioncomplaint.php"; //create a function for escaping the data. function escape_data($data){ global $dbc;//need the connection. if(ini_get('magic_quotes_gpc')){ $data=stripslashes($data); } return mysql_real_escape_string($data, $dbc); }//end function $message=NULL;//create the empty new variable. //check for a username if(empty($_POST['userid'])){ $u=FALSE; $message .='<p> You forgot enter your userid!</p>'; }else{ $u=escape_data($_POST['userid']); } //check for existing password if(empty($_POST['password'])){ $p=FALSE; $message .='<p>You forgot to enter your existing password!</p>'; }else{ $p=escape_data($_POST['password']); } //check for a password and match againts the comfirmed password. if(empty($_POST['password1'])) { $np=FALSE; $message .='<p> you forgot to enter your new password!</p>'; }else{ if($_POST['password1'] == $_POST['password2']){ $np=escape_data($_POST['password1']); }else{ $np=FALSE; $message .='<p> your new password did not match the confirmed new password!</p>'; } } if($u && $p && $np){//if everything's ok. $query="SELECT userid FROM access WHERE (userid='$u' AND password=PASSWORD('$p'))"; $result=@mysql_query($query); $num=mysql_num_rows($result); if($num == 1){ $row=mysql_fetch_array($result, MYSQL_NUM); //make the query $query="UPDATE access SET password=PASSWORD('$np') WHERE userid=$row[0]"; $result=@mysql_query($query);//run the query. if(mysql_affected_rows() == 1) {//if it run ok. //send an email,if desired. echo '<p><b>your password has been changed.</b></p>'; include('templates/footer.inc');//include the HTML footer. exit();//quit the script. }else{//if it did not run OK. $message= '<p>Your password could not be change due to a system error.We apolpgize for any inconvenience.</p><p>' .mysql_error() .'</p>'; } }else{ $message= '<p> Your username and password do not match our records.</p>'; } mysql_close();//close the database connection. }else{ $message .='<p>Please try again.</p>'; } }//end oh=f the submit conditional. //print the error message if there is one. if(isset($message)){ echo'<font color="red">' , $message, '</font>'; } ?> <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post"> <body> <script language="JavaScript1.2">mmLoadMenus();</script> <table width="604" height="599" border="0" align="center" cellpadding="0" cellspacing="0"> <tr> <td height="130" colspan="7"><img src="images/banner(E-Complaint)-.jpg" width="759" height="130" /></td> </tr> <tr> <td width="100" height="30" bgcolor="#ABD519"></td> <td width="100" bgcolor="#ABD519"></td> <td width="100" bgcolor="#ABD519"></td> <td width="100" bgcolor="#ABD519"></td> <td width="100" bgcolor="#ABD519"></td> <td width="160" bgcolor="#ABD519"> <?php include "header.php"; ?>&nbsp;</td> </tr> <tr> <td colspan="7" bgcolor="#FFFFFF"> <fieldset><legend> Enter your information in the form below:</legend> <p><b>User ID:</b> <input type="text" name="username" size="10" maxlength="20" value="<?php if(isset($_POST['userid'])) echo $_POST['userid']; ?>" /></p> <p><b>Current Password:</b> <input type="password" name="password" size="20" maxlength="20" /></p> <p><b>New Password:</b> <input type="password" name="password1" size="20" maxlength="20" /></p> <p><b>Confirm New Password:</b> <input type="password" name="password2" size="20" maxlength="20" /></p> </fieldset> <div align="center"> <input type="submit" name="submit" value="Change My Password" /></div> </form><!--End Form--> </td> </tr> </table> </body> </html>

  Read the article

• How to use data of one table in 'where' clause of another table?

  - by sahar

  hello, i need ur help guys..i m making website for 'home docor ideas'..i have a log in form(login-form.php) in which when 'log in' and 'password' is inserted,after verification through login-execute.php, redirected to viewOrder.php where user can view all of the orders ordered by clients.. all is fine up till here.. but what i want is,when user get logged in ,he view only that order which is ordered by him not all customer's orders.. two tables are there in database: members and order_insert.. in 'members' table, login and password is stored and in 'order_insert',orders of customers is stored.. codes of these three pages is as follows.. ......................... login-form.php ......................... <form id="loginForm" name="loginForm" method="post" action="login-exec.php"> <table width="300" border="0" align="center" cellpadding="2" cellspacing="0"> <tr> <td width="112"><b>Login</b></td> <td width="188"><input name="login" type="text" class="textfield" id="login" /></td> </tr> <tr> <td><b>Password</b></td> <td><input name="password" type="password" class="textfield" id="password" /></td> </tr> <tr> <td>&nbsp;</td> <td><input type="submit" name="Submit" value="Login" /></td> </tr> </table> </form> ......................... login-execute.php ......................... <?php //Start session session_start(); //Include database connection details require_once('config.php'); //Array to store validation errors $errmsg_arr = array(); //Validation error flag $errflag = false; //Connect to mysql server $link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD); if(!$link) { die('Failed to connect to server: ' . mysql_error()); } //Select database $db = mysql_select_db(DB_DATABASE); if(!$db) { die("Unable to select database"); } //Function to sanitize values received from the form. Prevents SQL injection function clean($str) { $str = @trim($str); if(get_magic_quotes_gpc()) { $str = stripslashes($str); } return mysql_real_escape_string($str); } //Sanitize the POST values $login = clean($_POST['login']); $password = clean($_POST['password']); //Input Validations if($login == '') { $errmsg_arr[] = 'Login ID missing'; $errflag = true; } if($password == '') { $errmsg_arr[] = 'Password missing'; $errflag = true; } //If there are input validations, redirect back to the login form if($errflag) { $_SESSION['ERRMSG_ARR'] = $errmsg_arr; session_write_close(); header("location: login-form.php"); exit(); } //Create query $qry="SELECT * FROM members WHERE login='$login' AND passwd='".md5($_POST['password'])."'"; $result=mysql_query($qry); //Check whether the query was successful or not if($result) { if(mysql_num_rows($result) == 1) { //Login Successful session_regenerate_id(); $member = mysql_fetch_assoc($result); $_SESSION['SESS_MEMBER_ID'] = $member['member_id']; $_SESSION['SESS_FIRST_NAME'] = $member['firstname']; $_SESSION['SESS_LAST_NAME'] = $member['lastname']; session_write_close(); header("location: viewOrder.php"); exit(); }else { //Login failed header("location: login-failed.php"); exit(); } }else { die("Query failed"); } ?> ............................. viewOrder.php .............................. <html> <body bgcolor="#FFFFFF" > <? $host="localhost"; // Host name $username="root"; // Mysql username $password=""; // Mysql password $db_name="mydatabase"; // Database name $tbl_name="order_insert"; // Table name $tbl_name2="members"; // connect to server and databases mysql_connect("$host", "$username", "$password")or die("cannot connect"); mysql_select_db("$db_name")or die("cannot select DB"); $result = mysql_query("SELECT * FROM $tbl_name "); print "<center>"; $output .= "<table width=1100 border=1 bordercolor=black>"; $output .= "<tr align=center><td>ID</td><td>First Name</td><td>Last Name</td><td>E Mail</td><td> City </td><td> Country </td><td> Phone</td><td>Decoration Type</td><td>Service Description</td><td>Budget</td><td>Update</td><td>Delete</td></tr>"; $output .= "<th></th><th></th>"; $output .= "</tr>\n\n"; while ($row = mysql_fetch_assoc($result)){ $output .= "<tr>\n"; foreach ($row as $col=>$val){ $output .= " <td>$val</td>\n"; } // end foreach $keyVal = $row["id"]; $output .= "<td><a href='update.php?ID=$row[orderId]' >Update </a></td>"; $output .= "<td><a href='delete.php?ID=$row[orderId]' >Delete </a></td>"; $output .= "</tr>\n\n"; }// end while $output .= "</table></center>"; print "$output"; ?>&nbsp;&nbsp;&nbsp;<br> <br> <center><table > <tr><td> <form action="home.php"><font color="#FF0000"><input type="submit" name="btn" style="color:#CC0000" value="<--Back" ></font></form></td></tr></table></center> </body> </html> ..... your help and suggestions will be appreciated

  Read the article

< Previous Page | 1 2 3 4 5 6  | Next Page >