PHP - Finding Out What Browser A User Users

Hello friends,

I am new to PHP and have developed a website... i am stuck at one place. I want to know if the user changes the url in the adress bar and goes to another webpage.. Can we detect that?

This is very important for my website because I calsulate the duration of login based on whether user goes to another page or logs out.

Hey guys,   So, I have some complicated code, kind of. I'm using a Java server to generate a PDF. The actual user interacts with a HTML/PHP page and they click a submit and everything is good so far.   I generate a PDF to my /tmp directory (I'm using Linux) and it's a perfectly fine PDF. I can open it and read it and it's perfectly as it should be.   But when I try to send it to the user's browser as a download, the PDF I get doesn't open.   The error I get is "File type HTML document (text/html) is not supported" and that I'm unable to open the document.   My biggest question is, why? Is it something to do with the permissions of my directories and files? I've had a lot of errors be caused because of permissions so it wouldn't surprise me.   My output to the user page is :   Successfully connected to Java server. 

Trying to set a condition in my header a few questions:

This code is close but gives me an error code and doesn't redirect.

1) Can anyone figure out how to make this work so that if user is in IE6 the url will redirect to the second URL?
2) I would put this in my header right? I can't figure out why this isn't working.

Code: [Select]
<?php
$HTTP_USER_AGENT = $_SERVER['HTTP_USER_AGENT'];
function str_present($str,$substr)
{
$pos = strpos($str,$substr);
if($pos === false) {
 return false;
}
else {
 return true;
}
}
if (str_present($HTTP_USER_AGENT, "IE6"))
{
header('location: url1');
}else{
    header('location: url2');
}
?>

Hello   I am trying to work out how many regular users I have to my site and how long those users tend to be users..   So, I have a table that logs every time a user visits my site and logs in, it stores the date / time as a unix timestamp and it logs their user id.   I started by getting the id's of any user who logs in more than 5 times in a specified period, but now I want to extend that...  

 
SELECT userID as user, count(userID) as logins FROM login_history where timestamp > UNIX_TIMESTAMP('2014-06-01 00:00:00') and timestamp < UNIX_TIMESTAMP('2014-07-01 00:00:00') group by user having logins > 5;
 

I just discovered that I have a major security flaw with my website.
Anyone who logs in to the website can easily access other users information as well as delete and edit other users information just by changing the ID variable in the address bar.
I have user ID Session started on these pages but still people can do anything they like with other users information just by editing the address bar.
For example if your logged in in the address bar of www.mywebsite.com/delete_mystuff.php?id=5 and change the "5" say to a "9" then you will have access to user#9 information.

Every important page that I have has this code:
Code: [Select]
 session_start();

if (!isset($_SESSION['user_id'])) {
// Start defining the URL.
         $url = 'http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']);
// Check for a trailing slash.
         if ((substr($url, -1) == '/') OR (substr($url, -1) == '\\') ) {
         $url = substr ($url, 0, -1); // Chop off the slash.
}
// Add the page.
$url .= '/index.php';
ob_end_clean(); // Delete the buffer.
header("Location: $url");
exit(); // Quit the script.
} else {
                //Else If Logged In Run The Script

if((isset($_GET['id'])) && (is_numeric($_GET['id']))) {
         $id = (int) $_GET['id'];
} elseif ((isset($_POST['id'])) && (is_numeric($_POST['id']))) {
         $id = (int) $_POST['id'];
} else {
         echo ' No valid ID found, passed in url or form element';
        
         exit();
}



What am I doing wrong?
Please help if you know how to correct this.

Many thanks in advance.

hi,

i have made a website where people resgister their details of them and products.

they have to enter the following details in form

Name of company

name of the product

company address

email id 

password 

mobile number contact

and 

brief details about their company 

after filling all details user is registered on website.

user can then login with email id and pwd.

now after login ..user will get a page where he can upload the photos of products images and their price, so now my question is that when he finishes uploading (|by clicking on upload button) the product images and price text box ..then on final uploaded webspage it should show all other things which he registerd before (company name , mobile number etc) along with images and price...hence the main question that user does not need to enter mobile and address while uploading images and filling proce ..but on the final page it should show mobile and address along with price and images..as user is not going to enter mobile and address again and again as he will have multiple products to upload.

thanks in advance .

I would appreciate your assistance, there are tons of login scripts and they work just fine. However I need my operators to login and then list their activities for the other operators who are logged in to see and if desired send their clients on the desired activity. I have the login working like a charm and the activities are listed just beautifully. How do I combine the two tables in the MySQL with PHP so the operator Logged in can only make changes to his listing but see the others.

FIRST THE ONE script the member logges in here to the one table in MSQL:
<?php
   session_start();
   
   require_once('config.php');
   
   $errmsg_arr = array();
   
   $errflag = false;
   
   $link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD);
   if(!$link) {
      die('Failed to connect to server: ' . mysql_error());
   }
   
   $db = mysql_select_db(DB_DATABASE);
   if(!$db) {
      die("Unable to select database");
   }
   
   function clean($str) {
      $str = @trim($str);
      if(get_magic_quotes_gpc()) {
         $str = stripslashes($str);
      }
      return mysql_real_escape_string($str);
   }
   
   $login = clean($_POST['login']);
   $password = clean($_POST['password']);
   
   if($login == '') {
      $errmsg_arr[] = 'Login ID missing';
      $errflag = true;
   }
   if($password == '') {
      $errmsg_arr[] = 'Password missing';
      $errflag = true;
   }
   
   if($errflag) {
      $_SESSION['ERRMSG_ARR'] = $errmsg_arr;
      session_write_close();
      header("location: login-form.php");
      exit();
   }
   
   $qry="SELECT * FROM members WHERE login='$login' AND passwd='".md5($_POST['password'])."'";
   $result=mysql_query($qry);
   
   if($result) {
      if(mysql_num_rows($result) == 1) {
         session_regenerate_id();
         $member = mysql_fetch_assoc($result);
         $_SESSION['SESS_MEMBER_ID'] = $member['member_id'];
         $_SESSION['SESS_FIRST_NAME'] = $member['firstname'];
         $_SESSION['SESS_LAST_NAME'] = $member['lastname'];
         session_write_close();
         header("location: member-index.php");
         exit();
      }else {
         header("location: login-failed.php");
         exit();
      }
   }else {
      die("Query failed");
   }
?>

................................................. ................................
Now I need the person who logged in to the table above to be able to make multiple entries to the table below

<?
$ID=$_POST['ID'];
$title=$_POST['title'];
$cost=$_POST['cost'];
$activity=$_POST['activity'];
$ayear=$_POST['aday'];
$aday=$_POST['ayear'];
$seats=$_POST['special'];
$special=$_POST['seats'];
mysql_connect("xxxxxx", "xxx350234427", "========") or die(mysql_error());
mysql_select_db("xxxx") or die(mysql_error());
mysql_query("INSERT INTO `activity` VALUES ('ID','$title', '$cost','$activity', '$aday', '$ayear', '$special', '$seats')");
Print "Your information has been successfully added to the database!"
?>
Click <a href="member-profile.php">HERE</a> to return to the main menu
  <?php      
?>

Hi,

so far I have managed to set up a somewhat basic login website with a mysql database backend.

Once they have logged on they go to a "main menu" page.

What I need to define is that user A sees button A but only that button, etc.

(Then of course that same rule would have to apply if they tried to directly go to the page, but I am guessing I can do that in the same way that I currently do to force a login).

If anyone has any tutorials or sample code I would much appreciate it.

Thanks,

Actually, what i want to do is to use the email to fetch the $email,$password and $randomnumber from database after

Hi guys,

I am trying to put together a little system that allows users to log onto my website and access there own personal page. I am creating each page myself and uploading content specific to them which cannot be viewed by anyone else.

I have got the system to work up as far as:

1/ The user logs in
2/ Once logged in they are re-directed to their own page using 'theirusername.php'

Thats all good and working how I need it too. The problem I have is this. If I log onto the website using USER A details - I get taken to USER A's page like I should but - If I then go to my browser and type in USERBdetails.php I can then access USER B's page.

This cannot happen!! I need for USER A not to be able to access USER B profile - there is obviously no point in the login otherwise! If you are not logged in you obviously cannot access any secure page. That much is working!

Please find below the code I am using:


LOGIN

<?php
session_start();


function dbconnect()
{
    $link = mysql_connect("localhost", "username", "password") or die ("Error: ".mysql_error());

}
?>

<?php
if(isset($_SESSION['loggedin']))
{
    header("Location:" . strtolower($username) . ".php");
if(isset($_POST['submit']))
{
   $username = mysql_real_escape_string($_POST['username']);
   $password = mysql_real_escape_string($_POST['password']);
   $mysql = mysql_query("SELECT * FROM clients WHERE username = '{$username}' AND password = '{$password}'");
   if(mysql_num_rows($mysql) < 1)
   {
     die("Password or Username incorrect! Please <a href='login.php'>click here</a> to try again");
   }   $_SESSION['loggedin'] = "YES";
   $_SESSION['username'] = $username;
 $_SESSION['name']
   header("Location:" . strtolower($username) . ".php");
}
?> 

HEADER ON EACH PHP PAGE

<?php
session_start();
if(!isset($_SESSION['loggedin']))
{
    die(Access to this page is restricted without a valid username and password);
?>

---------------------------------------------------

Am I right in thinking it is something to do with the "loggedin" part?

The system I have here is adapted from a normal login system I have been using for years. The original just checks the details and then does a 'session start'. This one obviously has to re-direct to a user specific page. To do this I used the <<header("Location:" . strtolower($username) . ".php");>> line to redirect to a page such as "usera.php" or "userb.php"

Any help would be greatly appreciated! 

Ta

Hi,

I am getting frustrated beyond belief at the moment with trying to get a very simple script to run, I am using PHP 5.3.3 and MySQL 5.1 on a Win2k8 server with IIS7.5. Basically my script is connecting to a local database, running a single select query, returning those rows and building up a string from them.

The problem is that I am receiving complete BS responses from PHP that the access is denied for the user being specified. This is complete rubbish since the user can connect via mysql, sqlyog, ASP.NET MVC without issue but for some bizarre reason it is not working via PHP.

The code for the script is here :

Code: [Select]
<?php

$mysql = mysql_connect('127.0.0.1:3306', 'myuser', 'mypass', 'mydatabase');


if (!$mysql) {
  die(mysql_error());
  $content = "<nobr></nobr>";
} else {
  
  $result = mysql_query('SELECT * FROM tblEventGroup'); 
  $content = "<nobr>";
  
  if ($result) {     
      while($row = mysql_fetch_assoc($result)) {
       $content .= "<span>";
       $content .= $row['GroupName'];
       $content .= "</span>";
       $content .= "<a href=\"../Event/EventSearch?groupid=";
       $content .= $row['GroupId'];
       $content .= "\" target=\"_blank\">Book here</a> ";
      }
  }
  
  mysql_close($mysql);
  $content .= "</nobr>";

}

?>
I cannot for the life of me understand what the problem is, the return error is

Access denied for user 'myuser'@'localhost' (using password: YES)

Okay I'm done with searching for answers, working on this preg_match for about 3 hours now.   I'm looking for "($0.01/$0.02 USD)" in a string. The needle might be slighty different. Possible strings that I might look for is:

(€xx.xx/€xx.xx EUR) where the EUR can be changed into USD, including its signs.

Hi

I have a file, that is copied from other files. All other files work perfectly.
But, for some reason this one is throwing back an error.

I've been over it so many time, but can't see whats wrong.

Error:
Fatal error: Call to undefined method stdClass::save() in /home/p/o/powtest/web/public_html/admin/lib/ajax_php/add_interests.php on line 28


add_interests.php
Code: [Select]
<?PHP
require_once("../../../includes/initialize.php");

$flag = 0;
$ID = $_POST['ID'];
$type = $_POST['type'];
$category = $_POST['category'];
$interest = $_POST['interest'];
$expInt = explode("\n", $interest);
$DMOD = date('Y-m-d');
$TMOD = date('H:i:s');

$check_entry = Admin_interest::if_exists(clean_input_value($category));
if($check_entry == 0){
$new_category = Admin_interest::make($ID, clean_input_value($category), clean_input_value($type), $DMOD, $TMOD);
if($new_category && $new_category->save()){
$CID = $new_category->id;
$flag = 1;
}
}


foreach($expInt as $expInts){

$check_entry = Admin_interests_sub::if_exists($CID, clean_input_value($expInts));
if($check_entry == 0){
$new_interest = Admin_interests_sub::make($ID, $CID, clean_input_value($expInts), $DMOD, $TMOD);
if($new_interest && $new_interest->save()){
$message = 'Thank You: Your list Has Been Saved';
}else{
$message = "Sorry, There was an error";
}
}

}

echo $message;
?>


Class:
Code: [Select]
<?PHP
require_once(LIB_PATH.DS.'database.php');

class Admin_interests_sub {

protected static $table_name="admin_interests_sub";
protected static $db_fields = array('id', 'category_id', 'interest_sub', 'dateMod', 'timeMod');
public $id;
public $category_id;
public $interest_sub;
public $dateMod;
public $timeMod;


public static function make($ID, $category_id, $interest_sub, $DMOD, $TMOD){
if(!empty($interest_sub)){
$interest = new Admin_interests_sub();
$interest->id = (int)$ID;
$interest->category_id = (int)$category_id;
$interest->interest_sub = $interest_sub;
$kw->dateMod = $DMOD;
$kw->timeMod = $TMOD;
return $kw;
}else{
return false;
}
}

protected function attributes(){
$attributes = array();
foreach(self::$db_fields as $field){
if(property_exists($this, $field)){
$attributes[$field] = $this->$field;
}
}
return $attributes;
}

protected function sanitized_attributes(){
global $database;
$clean_attributes = array();
foreach($this->attributes() as $key => $value){
$clean_attributes[$key] = $database->escape_value($value);
}
return $clean_attributes;
}

public function save(){
return !empty($this->id) ? $this->update() : $this->create();
}

public function create(){
global $database;
$attributes = $this->sanitized_attributes();
$sql = "INSERT INTO ".self::$table_name." (";
$sql .= join(", ", array_keys($attributes));
$sql .= ") VALUES ('";
$sql .= join("', '", array_values($attributes));
$sql .= "')";
if($database->query($sql)){
$this->id = $database->insert_id();
return true;
}else{
return false;
}
}

public function update(){
global $database;
$attributes = $this->sanitized_attributes();
$attribute_pairs = array();
foreach($attributes as $key => $value){
$attribute_pairs[] = "{$key}='{$value}'";
}
$sql = "UPDATE ".self::$table_name." SET ";
$sql .= join(", ", $attribute_pairs);
$sql .= " WHERE id=".$database->escape_value($this->id);
$database->query($sql);
return ($database->affected_rows() == 1) ? true : false;
}

public function delete(){
global $database;
$sql = "DELETE FROM ".self::$table_name." ";
$sql .= "WHERE id=".$database->escape_value($this->id);
$sql .= " LIMIT 1";
$database->query($sql);
return ($database->affected_rows() == 1) ? true : false;
}

}

?>


Any help finding this bug will be a big help.

Thanks

Im trying to find the time between the last database entry and the current time and then echo it so it says something like '2 minutes ago'. I tried doing:

$last_post_gap = strtotime('NOW') - strtotime($topic_info->topic_last_post_time);
$last_post_gap = date('i', strtotime($last_post_gap));
$last_post = date('F j, Y', strtotime($topic_info->topic_last_post_time));


if ($last_post <= '- 1 DAY') 
{ 
$last_post = 'Yesterday at '.date("g:i a", strtotime($topic_info->topic_last_post_time)); 
}
if ($last_post <= '- 1 MINUTE') 
{ 
$last_post = 'Less Than 1 Minute Ago'; 
}
else
{
$last_post = $last_post_gap.' Minutes Ago';
}

but that just displays 0 minutes ago regardless of the time.

Is there anything im missing?