|
PHP - How To Prevent Direct Reach ?
I have my template files and some functions in my server which are available for direct reach.
like ; my "index.php" file includes "loginpage.php" form which is ok when I enter www.site.com/index.php but also when I enter to www.site.com/loginpage.php it works and shows me just login page. So this is what I dont want. How can I prevent to reach the files directly like this, I want them to work just for other pages of my website, not for directly seeing. By the way can this problem also be solved by hosting settings or mod_rewrite ? Similar TutorialsHello, I want to prevent this page from being directly accessed by all via just putting its address in the address bar: http://www.mysite.com/page1/page2/signup.php I want to allow to be accessed this page only via clicking on a link in a particular page like: http://www.mysite.com/activate/index.php Please help me. A shipping vendor (like Stamps.Com) provides me a Printable Shipping Label to display on my website for Visitors to print.
When Visitors come to my page, my PHP code:
$Shipping_Label_Data = $LabelVendor->data[0]->contents; // vendor's API echo '<img src="/Label-Directory/'.$Order_Number.'.png" />'; Later I realized the security flaw: any snooper can fish for other Visitor's labels in my Label directory. What is the best way to prevent the display of other people's labels? Thank you!! I am using the debug_backtrace() php function to prevent direct access to admin files.
i simply place the code below at the top of a page eg config.php and direct access via the browser is prevented.
Is it a safe practice or is there a better way of doing it?
<?php
debug_backtrace() || die ("Direct access to this resource is forbidden");
?>
Thanks
I use jQuery when adding messages. However, the file can be called directly. For example: includes/add_comment.php?id=2 So, I can make a form and call this file directly to add a message. ID is user id and form can be submited with HTML form wherever are located. How to prevent direct access to the file when called through a Ajax? Hi... again. I really should donate to here or something, I use it so much and feel so bad. Ah well. All I need to do (in theory) is change something like this 1500 into a time which would obviously be 1PM. Basically I am going to be plotting a beautiful graph with all this but need the axis to begin with. In the case below the time it starts is 1500 and finishes at 2200. Code: [Select] // LOOP FROM START TO END $i = $eventecho['etd']; $ii = $eventfecho['eta']; while ($i <= $ii) { if($i == $ii) break; echo $i . "<br>"; $i = $i + 30; } This outputs: 1500 1530 1560 1590 1620 1650 1680 1710 1740 1770 1800 1830 1860 1890 1920 1950 1980 2010 2040 2070 2100 2130 2160 2190 Which is should. But obviously I just want the values: 1500 1530 1600 1630 etc.. ? So how exactly do I get the raw value which would be: "1500" and "2200" to turn magically into a time. Thanks, Harry. (Again, apologies for always posting, but im in the shtook.)
<!-- ********************************** -->
<!-- *********** signup.php *********** -->
<!-- ********************************** -->
<?php
session_start();
// If user is logged in, header them away
if(isset($_SESSION["username"])){
header("location: message.php?msg=NO to that weenis");
exit();
}
?><?php
// Ajax calls this NAME CHECK code to execute
if(isset($_POST["usernamecheck"])){
include_once("php_includes/db_conx.php");
$username = preg_replace('#[^a-z0-9]#i', '', $_POST['usernamecheck']);
$sql = "SELECT id FROM users WHERE username='$username' LIMIT 1";
$query = mysqli_query($db_conx, $sql);
$uname_check = mysqli_num_rows($query);
if (strlen($username) < 3 || strlen($username) > 16) {
echo '<strong style="color:#F00;">3 - 16 characters please</strong>';
exit();
}
if (is_numeric($username[0])) {
echo '<strong style="color:#F00;">Usernames must begin with a letter</strong>';
exit();
}
if ($uname_check < 1) {
echo '<strong style="color:#009900;">' . $username . ' is AVAILABLE</strong>';
exit();
} else {
echo '<strong style="color:#F00;">' . $username . ' is TAKEN</strong>';
exit();
}
}
?><?php
// Ajax calls this REGISTRATION code to execute
if(isset($_POST["u"])){
// CONNECT TO THE DATABASE
include_once("php_includes/db_conx.php");
// GATHER THE POSTED DATA INTO LOCAL VARIABLES
$u = preg_replace('#[^a-z0-9]#i', '', $_POST['u']);
$e = mysqli_real_escape_string($db_conx, $_POST['e']);
$p = $_POST['p'];
$g = preg_replace('#[^a-z]#', '', $_POST['g']);
$c = preg_replace('#[^a-z ]#i', '', $_POST['c']);
// GET USER IP ADDRESS
$ip = preg_replace('#[^0-9.]#', '', getenv('REMOTE_ADDR'));
// DUPLICATE DATA CHECKS FOR USERNAME AND EMAIL
$sql = "SELECT id FROM users WHERE username='$u' LIMIT 1";
$query = mysqli_query($db_conx, $sql);
$u_check = mysqli_num_rows($query);
// -------------------------------------------
$sql = "SELECT id FROM users WHERE email='$e' LIMIT 1";
$query = mysqli_query($db_conx, $sql);
$e_check = mysqli_num_rows($query);
// FORM DATA ERROR HANDLING
if($u == "" || $e == "" || $p == "" || $g == "" || $c == ""){
echo "The form submission is missing values.";
exit();
} else if ($u_check > 0){
echo "The username you entered is alreay taken";
exit();
} else if ($e_check > 0){
echo "That email address is already in use in the system";
exit();
} else if (strlen($u) < 3 || strlen($u) > 16) {
echo "Username must be between 3 and 16 characters";
exit();
} else if (is_numeric($u[0])) {
echo 'Username cannot begin with a number';
exit();
} else {
// END FORM DATA ERROR HANDLING
// Begin Insertion of data into the database
// Hash the password and apply your own mysterious unique salt
$cryptpass = crypt($p);
include_once ("php_includes/randStrGen.php");
$p_hash = randStrGen(20)."$cryptpass".randStrGen(20);
// Add user info into the database table for the main site table
$sql = "INSERT INTO users (username, email, password, gender, country, ip, signup, lastlogin, notescheck)
VALUES('$u','$e','$p_hash','$g','$c','$ip',now(),now(),now())";
$query = mysqli_query($db_conx, $sql);
$uid = mysqli_insert_id($db_conx);
// Establish their row in the useroptions table
$sql = "INSERT INTO useroptions (id, username, background) VALUES ('$uid','$u','original')";
$query = mysqli_query($db_conx, $sql);
// Create directory(folder) to hold each user's files(pics, MP3s, etc.)
if (!file_exists("user/$u")) {
mkdir("user/$u", 0755);
}
// Email the user their activation link
$to = "$e";
$from = "auto_responder@wikigets.com";
$subject = 'WIKIGETS Account Activation';
$message = '<!DOCTYPE html><html><head><meta charset="UTF-8"><title>WIKIGETS Message</title></head><body style="margin:0px; font-family:Tahoma, Geneva, sans-serif;"><div style="padding:10px; background:#333; font-size:24px; color:#CCC;"><a href="http://www.WIKIGETS.com"><img src="http://www.WIKIGETS.com/images/logo.png" width="36" height="30" alt="WIKIGETS" style="border:none; float:left;"></a>WIKIGETS Account Activation</div><div style="padding:24px; font-size:17px;">Hello '.$u.',<br /><br />Click the link below to activate your account when ready:<br /><br /><a href="http://www.WIKIGETS.com/activation.php?id='.$uid.'&u='.$u.'&e='.$e.'&p='.$p_hash.'">Click here to activate your account now</a><br /><br />Login after successful activation using your:<br />* E-mail Address: <b>'.$e.'</b></div></body></html>';
$headers = "From: $from\n";
$headers .= "MIME-Version: 1.0\n";
$headers .= "Content-type: text/html; charset=iso-8859-1\n";
mail($to, $subject, $message, $headers);
echo "signup_success";
exit();
}
exit();
}
?>
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>Sign Up</title>
<link rel="icon" href="favicon.ico" type="image/x-icon">
<link rel="stylesheet" href="style/style.css">
<style type="text/css">
#body{
margin-left: 24px;
}
#signupform{
margin-top:24px;
margin-left:40px;
margin-right:40px;
}
#signupform > div {
margin-top: 12px;
}
#signupform > input,select {
width: 200px;
padding: 3px;
background: #F3F9DD;
}
#signupbtn {
font-size:18px;
padding: 12px;
}
#terms {
border:#CCC 1px solid;
background: #F5F5F5;
padding: 12px;
}
#sgn{margin: 30px auto 20px auto;
}
</style>
<script src="js/main.js"></script>
<script src="js/ajax.js"></script>
<script>
function restrict(elem){
var tf = _(elem);
var rx = new RegExp;
if(elem == "email"){
rx = /[' "]/gi;
} else if(elem == "username"){
rx = /[^a-z0-9]/gi;
}
tf.value = tf.value.replace(rx, "");
}
function emptyElement(x){
_(x).innerHTML = "";
}
function checkusername(){
var u = _("username").value;
if(u != ""){
_("unamestatus").innerHTML = 'checking ...';
var ajax = ajaxObj("POST", "signup.php");
ajax.onreadystatechange = function() {
if(ajaxReturn(ajax) == true) {
_("unamestatus").innerHTML = ajax.responseText;
}
}
ajax.send("usernamecheck="+u);
}
}
function signup(){
var u = _("username").value;
var e = _("email").value;
var p1 = _("pass1").value;
var p2 = _("pass2").value;
var c = _("country").value;
var g = _("gender").value;
var status = _("status");
if(u == "" || e == "" || p1 == "" || p2 == "" || c == "" || g == ""){
status.innerHTML = "Fill out all of the form data";
} else if(p1 != p2){
status.innerHTML = "Your password fields do not match";
} else if( _("terms").style.display == "none"){
status.innerHTML = "Please view the terms of use";
} else {
_("signupbtn").style.display = "none";
status.innerHTML = 'please wait ...';
var ajax = ajaxObj("POST", "signup.php");
ajax.onreadystatechange = function() {
if(ajaxReturn(ajax) == true) {
if(ajax.responseText != "signup_success"){
status.innerHTML = ajax.responseText;
_("signupbtn").style.display = "block";
} else {
window.scrollTo(0,0);
_("signupform").innerHTML = "OK "+u+", check your email inbox and junk mail box at <u>"+e+"</u> in a moment to complete the sign up process by activating your account. You will not be able to do anything on the site until you successfully activate your account.";
}
}
}
ajax.send("u="+u+"&e="+e+"&p="+p1+"&c="+c+"&g="+g);
}
}
function openTerms(){
_("terms").style.display = "block";
emptyElement("status");
}
/* function addEvents(){
_("elemID").addEventListener("click", func, false);
}
window.onload = addEvents; */
</script>
</head>
<body>
<?php include_once("template_pageTop.php"); ?>
<div id="pageMiddle">
<h3 >Sign Up Here</h3>
<form name="signupform" id="signupform" onsubmit="return false;">
<div>Username: </div>
<input id="username" type="text" onblur="checkusername()" onkeyup="restrict('username')" maxlength="16">
<span id="unamestatus"></span>
<div>Email Address:</div>
<input id="email" type="text" onfocus="emptyElement('status')" onkeyup="restrict('email')" maxlength="88">
<div>Create Password:</div>
<input id="pass1" type="password" onfocus="emptyElement('status')" maxlength="16">
<div>Confirm Password:</div>
<input id="pass2" type="password" onfocus="emptyElement('status')" maxlength="16">
<div>Gender:</div>
<select id="gender" onfocus="emptyElement('status')">
<option value=""></option>
<option value="m">Male</option>
<option value="f">Female</option>
</select>
<div>Country:</div>
<select id="country" onfocus="emptyElement('status')">
<option value="">Country...</option>
<option value="Afganistan">Afghanistan</option>
<option value="Albania">Albania</option>
<option value="Algeria">Algeria</option>
<option value="American Samoa">American Samoa</option>
<option value="Andorra">Andorra</option>
<option value="Angola">Angola</option>
<option value="Anguilla">Anguilla</option>
<option value="Antigua & Barbuda">Antigua & Barbuda</option>
<option value="Argentina">Argentina</option>
<option value="Armenia">Armenia</option>
<option value="Aruba">Aruba</option>
<option value="Australia">Australia</option>
<option value="Austria">Austria</option>
<option value="Azerbaijan">Azerbaijan</option>
<option value="Bahamas">Bahamas</option>
<option value="Bahrain">Bahrain</option>
<option value="Bangladesh">Bangladesh</option>
<option value="Barbados">Barbados</option>
<option value="Belarus">Belarus</option>
<option value="Belgium">Belgium</option>
<option value="Belize">Belize</option>
<option value="Benin">Benin</option>
<option value="Bermuda">Bermuda</option>
<option value="Bhutan">Bhutan</option>
<option value="Bolivia">Bolivia</option>
<option value="Bonaire">Bonaire</option>
<option value="Bosnia & Herzegovina">Bosnia & Herzegovina</option>
<option value="Botswana">Botswana</option>
<option value="Brazil">Brazil</option>
<option value="British Indian Ocean Ter">British Indian Ocean Ter</option>
<option value="Brunei">Brunei</option>
<option value="Bulgaria">Bulgaria</option>
<option value="Burkina Faso">Burkina Faso</option>
<option value="Burundi">Burundi</option>
<option value="Cambodia">Cambodia</option>
<option value="Cameroon">Cameroon</option>
<option value="Canada">Canada</option>
<option value="Canary Islands">Canary Islands</option>
<option value="Cape Verde">Cape Verde</option>
<option value="Cayman Islands">Cayman Islands</option>
<option value="Central African Republic">Central African Republic</option>
<option value="Chad">Chad</option>
<option value="Channel Islands">Channel Islands</option>
<option value="Chile">Chile</option>
<option value="China">China</option>
<option value="Christmas Island">Christmas Island</option>
<option value="Cocos Island">Cocos Island</option>
<option value="Colombia">Colombia</option>
<option value="Comoros">Comoros</option>
<option value="Congo">Congo</option>
<option value="Cook Islands">Cook Islands</option>
<option value="Costa Rica">Costa Rica</option>
<option value="Cote DIvoire">Cote D'Ivoire</option>
<option value="Croatia">Croatia</option>
<option value="Cuba">Cuba</option>
<option value="Curaco">Curacao</option>
<option value="Cyprus">Cyprus</option>
<option value="Czech Republic">Czech Republic</option>
<option value="Denmark">Denmark</option>
<option value="Djibouti">Djibouti</option>
<option value="Dominica">Dominica</option>
<option value="Dominican Republic">Dominican Republic</option>
<option value="East Timor">East Timor</option>
<option value="Ecuador">Ecuador</option>
<option value="Egypt">Egypt</option>
<option value="El Salvador">El Salvador</option>
<option value="Equatorial Guinea">Equatorial Guinea</option>
<option value="Eritrea">Eritrea</option>
<option value="Estonia">Estonia</option>
<option value="Ethiopia">Ethiopia</option>
<option value="Falkland Islands">Falkland Islands</option>
<option value="Faroe Islands">Faroe Islands</option>
<option value="Fiji">Fiji</option>
<option value="Finland">Finland</option>
<option value="France">France</option>
<option value="French Guiana">French Guiana</option>
<option value="French Polynesia">French Polynesia</option>
<option value="French Southern Ter">French Southern Ter</option>
<option value="Gabon">Gabon</option>
<option value="Gambia">Gambia</option>
<option value="Georgia">Georgia</option>
<option value="Germany">Germany</option>
<option value="Ghana">Ghana</option>
<option value="Gibraltar">Gibraltar</option>
<option value="Great Britain">Great Britain</option>
<option value="Greece">Greece</option>
<option value="Greenland">Greenland</option>
<option value="Grenada">Grenada</option>
<option value="Guadeloupe">Guadeloupe</option>
<option value="Guam">Guam</option>
<option value="Guatemala">Guatemala</option>
<option value="Guinea">Guinea</option>
<option value="Guyana">Guyana</option>
<option value="Haiti">Haiti</option>
<option value="Hawaii">Hawaii</option>
<option value="Honduras">Honduras</option>
<option value="Hong Kong">Hong Kong</option>
<option value="Hungary">Hungary</option>
<option value="Iceland">Iceland</option>
<option value="India">India</option>
<option value="Indonesia">Indonesia</option>
<option value="Iran">Iran</option>
<option value="Iraq">Iraq</option>
<option value="Ireland">Ireland</option>
<option value="Isle of Man">Isle of Man</option>
<option value="Israel">Israel</option>
<option value="Italy">Italy</option>
<option value="Jamaica">Jamaica</option>
<option value="Japan">Japan</option>
<option value="Jordan">Jordan</option>
<option value="Kazakhstan">Kazakhstan</option>
<option value="Kenya">Kenya</option>
<option value="Kiribati">Kiribati</option>
<option value="Korea North">Korea North</option>
<option value="Korea Sout">Korea South</option>
<option value="Kuwait">Kuwait</option>
<option value="Kyrgyzstan">Kyrgyzstan</option>
<option value="Laos">Laos</option>
<option value="Latvia">Latvia</option>
<option value="Lebanon">Lebanon</option>
<option value="Lesotho">Lesotho</option>
<option value="Liberia">Liberia</option>
<option value="Libya">Libya</option>
<option value="Liechtenstein">Liechtenstein</option>
<option value="Lithuania">Lithuania</option>
<option value="Luxembourg">Luxembourg</option>
<option value="Macau">Macau</option>
<option value="Macedonia">Macedonia</option>
<option value="Madagascar">Madagascar</option>
<option value="Malaysia">Malaysia</option>
<option value="Malawi">Malawi</option>
<option value="Maldives">Maldives</option>
<option value="Mali">Mali</option>
<option value="Malta">Malta</option>
<option value="Marshall Islands">Marshall Islands</option>
<option value="Martinique">Martinique</option>
<option value="Mauritania">Mauritania</option>
<option value="Mauritius">Mauritius</option>
<option value="Mayotte">Mayotte</option>
<option value="Mexico">Mexico</option>
<option value="Midway Islands">Midway Islands</option>
<option value="Moldova">Moldova</option>
<option value="Monaco">Monaco</option>
<option value="Mongolia">Mongolia</option>
<option value="Montserrat">Montserrat</option>
<option value="Morocco">Morocco</option>
<option value="Mozambique">Mozambique</option>
<option value="Myanmar">Myanmar</option>
<option value="Nambia">Nambia</option>
<option value="Nauru">Nauru</option>
<option value="Nepal">Nepal</option>
<option value="Netherland Antilles">Netherland Antilles</option>
<option value="Netherlands">Netherlands (Holland, Europe)</option>
<option value="Nevis">Nevis</option>
<option value="New Caledonia">New Caledonia</option>
<option value="New Zealand">New Zealand</option>
<option value="Nicaragua">Nicaragua</option>
<option value="Niger">Niger</option>
<option value="Nigeria">Nigeria</option>
<option value="Niue">Niue</option>
<option value="Norfolk Island">Norfolk Island</option>
<option value="Norway">Norway</option>
<option value="Oman">Oman</option>
<option value="Pakistan">Pakistan</option>
<option value="Palau Island">Palau Island</option>
<option value="Palestine">Palestine</option>
<option value="Panama">Panama</option>
<option value="Papua New Guinea">Papua New Guinea</option>
<option value="Paraguay">Paraguay</option>
<option value="Peru">Peru</option>
<option value="Phillipines">Philippines</option>
<option value="Pitcairn Island">Pitcairn Island</option>
<option value="Poland">Poland</option>
<option value="Portugal">Portugal</option>
<option value="Puerto Rico">Puerto Rico</option>
<option value="Qatar">Qatar</option>
<option value="Republic of Montenegro">Republic of Montenegro</option>
<option value="Republic of Serbia">Republic of Serbia</option>
<option value="Reunion">Reunion</option>
<option value="Romania">Romania</option>
<option value="Russia">Russia</option>
<option value="Rwanda">Rwanda</option>
<option value="St Barthelemy">St Barthelemy</option>
<option value="St Eustatius">St Eustatius</option>
<option value="St Helena">St Helena</option>
<option value="St Kitts-Nevis">St Kitts-Nevis</option>
<option value="St Lucia">St Lucia</option>
<option value="St Maarten">St Maarten</option>
<option value="St Pierre & Miquelon">St Pierre & Miquelon</option>
<option value="St Vincent & Grenadines">St Vincent & Grenadines</option>
<option value="Saipan">Saipan</option>
<option value="Samoa">Samoa</option>
<option value="Samoa American">Samoa American</option>
<option value="San Marino">San Marino</option>
<option value="Sao Tome & Principe">Sao Tome & Principe</option>
<option value="Saudi Arabia">Saudi Arabia</option>
<option value="Senegal">Senegal</option>
<option value="Serbia">Serbia</option>
<option value="Seychelles">Seychelles</option>
<option value="Sierra Leone">Sierra Leone</option>
<option value="Singapore">Singapore</option>
<option value="Slovakia">Slovakia</option>
<option value="Slovenia">Slovenia</option>
<option value="Solomon Islands">Solomon Islands</option>
<option value="Somalia">Somalia</option>
<option value="South Africa">South Africa</option>
<option value="Spain">Spain</option>
<option value="Sri Lanka">Sri Lanka</option>
<option value="Sudan">Sudan</option>
<option value="Suriname">Suriname</option>
<option value="Swaziland">Swaziland</option>
<option value="Sweden">Sweden</option>
<option value="Switzerland">Switzerland</option>
<option value="Syria">Syria</option>
<option value="Tahiti">Tahiti</option>
<option value="Taiwan">Taiwan</option>
<option value="Tajikistan">Tajikistan</option>
<option value="Tanzania">Tanzania</option>
<option value="Thailand">Thailand</option>
<option value="Togo">Togo</option>
<option value="Tokelau">Tokelau</option>
<option value="Tonga">Tonga</option>
<option value="Trinidad & Tobago">Trinidad & Tobago</option>
<option value="Tunisia">Tunisia</option>
<option value="Turkey">Turkey</option>
<option value="Turkmenistan">Turkmenistan</option>
<option value="Turks & Caicos Is">Turks & Caicos Is</option>
<option value="Tuvalu">Tuvalu</option>
<option value="Uganda">Uganda</option>
<option value="Ukraine">Ukraine</option>
<option value="United Arab Erimates">United Arab Emirates</option>
<option value="United Kingdom">United Kingdom</option>
<option value="United States of America">United States of America</option>
<option value="Uraguay">Uruguay</option>
<option value="Uzbekistan">Uzbekistan</option>
<option value="Vanuatu">Vanuatu</option>
<option value="Vatican City State">Vatican City State</option>
<option value="Venezuela">Venezuela</option>
<option value="Vietnam">Vietnam</option>
<option value="Virgin Islands (Brit)">Virgin Islands (Brit)</option>
<option value="Virgin Islands (USA)">Virgin Islands (USA)</option>
<option value="Wake Island">Wake Island</option>
<option value="Wallis & Futana Is">Wallis & Futana Is</option>
<option value="Yemen">Yemen</option>
<option value="Zaire">Zaire</option>
<option value="Zambia">Zambia</option>
<option value="Zimbabwe">Zimbabwe</option>
</select>
<div>
<a href="#" onclick="return false" onmousedown="openTerms()">
View the Terms Of Use
</a>
</div>
<div id="terms" style="display:none;">
<h3>WIKIGETS Terms Of Use</h3>
<p>1. Using WIKIGETS
<Br> $100.<BR></p>
</div>
<br /><br />
<button id="signupbtn" onclick="signup()">Create Account</button>
<span id="status"></span>
</form>
</div>
<?php include_once("template_pageBottom.php"); ?>
</body>
</html>
Hello everyone
I am unable to send activation email from my sign up page though the form submits all form inputs to mysql database.
Below is my code .Please help.
Thank you
activation.php
<!-- ********************************** -->
<!-- *********** activation.php ******* -->
<!-- ********************************** -->
<?php
if (isset($_GET['id']) && isset($_GET['u']) && isset($_GET['e']) && isset($_GET['p'])) {
// Connect to database and sanitize incoming $_GET variables
include_once("php_includes/db_conx.php");
$id = preg_replace('#[^0-9]#i', '', $_GET['id']);
$u = preg_replace('#[^a-z0-9]#i', '', $_GET['u']);
$e = mysqli_real_escape_string($db_conx, $_GET['e']);
$p = mysqli_real_escape_string($db_conx, $_GET['p']);
// Evaluate the lengths of the incoming $_GET variable
if($id == "" || strlen($u) < 3 || strlen($e) < 5 || strlen($p) != 74){
// Log this issue into a text file and email details to yourself
header("location: message.php?msg=activation_string_length_issues");
exit();
}
// Check their credentials against the database
$sql = "SELECT * FROM users WHERE id='$id' AND username='$u' AND email='$e' AND password='$p' LIMIT 1";
$query = mysqli_query($db_conx, $sql);
$numrows = mysqli_num_rows($query);
// Evaluate for a match in the system (0 = no match, 1 = match)
if($numrows == 0){
// Log this potential hack attempt to text file and email details to yourself
header("location: message.php?msg=Your credentials are not matching anything in our system");
exit();
}
// Match was found, you can activate them
$sql = "UPDATE users SET activated='1' WHERE id='$id' LIMIT 1";
$query = mysqli_query($db_conx, $sql);
// Optional double check to see if activated in fact now = 1
$sql = "SELECT * FROM users WHERE id='$id' AND activated='1' LIMIT 1";
$query = mysqli_query($db_conx, $sql);
$numrows = mysqli_num_rows($query);
// Evaluate the double check
if($numrows == 0){
// Log this issue of no switch of activation field to 1
header("location: message.php?msg=activation_failure");
exit();
} else if($numrows == 1) {
// Great everything went fine with activation!
header("location: message.php?msg=activation_success");
exit();
}
} else {
// Log this issue of missing initial $_GET variables
header("location: message.php?msg=missing_GET_variables");
exit();
}
?>
Edited by laxi, 26 July 2014 - 08:50 PM. I use phpmail script to send attachments from site to e-mail. The script itself works. I noticed that e.g. in the case of Gmail messages are coming but without attachments. Instead, in addition to the content, there is a very long message containing only the hash string. In addition, not all mailboxes display content correctly. In some cases, the content also adds, for ex.: Quote--PHP-alt-41babb7e7ab4c64e3af6ea533924bebdContent-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit and the html coding in plain text. Can it be standardized so as not to display unnecessary information? Here's my code:
<?php
$to = $_POST['email'];
$subject = 'Attachment from site domain.com';
$subject = sprintf("=?utf-8?B?%s?=", base64_encode($subject));
$random_hash = md5(uniqid(time()));
$headers = "From: MySite <site@domain.com>\r\nReply-To: site@domain.com";
$headers .= "\r\nContent-Type: multipart/mixed; boundary=\"PHP-mixed-".$random_hash."\"";
$filename = $_POST['file_id'] . ".pdf";
$path = "/home/ftp/wp-content/uploads";
$file = $path . "/" . $filename;
// read file into $data var
$f = fopen($file, "rb");
$data = fread($f, filesize( $file ) );
fclose($f);
$attachment = chunk_split(base64_encode($data));
ob_start();
?>
--PHP-mixed-<?php echo $random_hash; ?>
Content-Type: multipart/alternative; boundary="PHP-alt-<?php echo $random_hash; ?>"
--PHP-alt-<?php echo $random_hash; ?>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Hello,
Here the mail text.
--PHP-alt-<?php echo $random_hash; ?>
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: 8bit
<h2>Hello,</h2>
<p>Here's the mail text</p>
--PHP-alt-<?php echo $random_hash; ?>--
--PHP-mixed-<?php echo $random_hash; ?>
Content-Transfer-Encoding: base64
Content-Type: application/pdf; name="<?php echo $filename; ?>"
Content-Disposition: attachment
<?php echo $attachment; ?>
--PHP-mixed-<?php echo $random_hash; ?>--
<?php
$message = ob_get_clean();
if (@mail($to, $subject, $message, $headers )) {
echo "<p><b>File send!</b></p> Check your e-mail.";
} else {
echo "<p><b>Error!</b></p> File not send.";
}
?>
What can I change to make delivery with an attachment work for all mailboxes? I just finished a page of code that passes all the debug tests except for the very last line on the page. </html>. The page has php and html, java script and some SQL. (see I'm learning and hadn't placed a post until I exhausted my limited resources. The Error Codeis: PHP Parse error: syntax error, unexpected $end in C:\wamp\www\registerform.php on line 292 Here's my concern: I read this error statement as an error()is missing. Please clarify something for me, You start the php code with <?php and end it with ?>. I also understand that the end() will stop all further operation. Correct. When you have a form call itself for data checking, and if the data is correct, send it to the appropriate database table, does one need to place the end() at the end of the php portion of the code? And if so, will it not stop any of the code from being read the first time the page is called? Also since the FORMs action calls for the page to load itself for data verification, how at the end of the checking do I go call another page? here's the page: The page is attached: I have a php form for uploading file as the action sends to upload.php. How I can avoid any kind of direct access to upload.php? I want to kill the php process at the first line without performing the remaining code (it is very critical for me as I have a counter), except calls coming from form.php. Hello everyone, I have a question. I'm trying to figure out a way to make it so that when a user visits a page for a certain file, they are given the file to download but can't see the link to that file. Example: There is a file on http://serverB.com/file.rar A person goes to http://serverA.com/?file=file.rar They can download http://serverB.com/file.rar without seeing the link to that file. Is there any way to do this? Thanks. Trying to sort out setting a cookie that allows visitor to decide which sub domain to go directly to in subsequent visits. Somewhat complicated by the fact that the sub domains are running seprate instances of wordpress. Here's the code... any suggestions appreciated! Code: [Select] <?php if (isset($_POST['submitted'])) { $site=$_POST['site']; setcookie("SitePref",$site, time() + 60*60*24*30, 'historybee.com'); if ($site == 'ms') { header("Location: http://ms.historybee.com/"); } elseif ($site == 'hs') { define('WP_USE_THEMES', true); require('./wp-blog-header.php'); } } else { //if we have a cookie, load the site if (isset($_COOKIE['SitePref'])) { if (($_COOKIE['SitePref']) == 'hs') { define('WP_USE_THEMES', true); require('./wp-blog-header.php'); } else { header("Location: http://ms.historybee.com/"); } } else { //if we don't have a cookie, load the form ?> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <meta http-equiv="content-type" content="text/html; charset=utf-8"> <title>The National History Bee</title> </head> <body style="margin:0;padding:0;background: url('http://ms.historybee.com/wp-content/themes/makinghistoryblue/img/body_bg_hb5.jpg') repeat-x scroll center top #F2BF3B;"> <div align="center" style="width:800px;margin:0 auto;background:#fff;"> <p><img src="http://ms.historybee.com/wp-content/themes/makinghistoryblue/img/nhb_logo.png"> <p><h1>Welcome to the National History Bee!</h1> <p>The National History Bee has both High School and Middle School competitions. <p>Please choose which site you would like to visit. Your choice will be remembered for 30 days. <form action= "<?php echo $_SERVER['PHP_SELF']; ?>" method ="POST"> <input type="radio" name="site" value="ms"> Middle School Competition <input type="radio" name="site" value="hs"> High School Competition <input type ="hidden" name="submitted" value="true"> <p><input type="submit" value="Remember My Choice"> </form> <br /><br /><br /> </div> </body> </html> <?php } } ?> I've just done a Contact Me form. Once a message has been sent, I'd like to direct the user to a new page saying 'thanks for getting in touch', just so it's clear the message has been sent. What's the best function to use for that? I tried require("message.php") and include() but the two files got mixed up and all I got was a mess! Thanks in advance for any help I've got a question, I thought I'd be able to do this fairly easily. I don't want to do an .htaccess solution also. I tried this, define('ACCESS', TRUE); // then on other page if(!defined('ACCESS'){die('Direct access not allowed.');} Need some assistance, appreciated. I want to perform a php process initiated by AJAX according to the method described in http://www.w3schools.com/PHP/php_ajax_database.asp with this line Code: [Select] xmlhttp.open("GET","getuser.php?q="+str,true); the php process in getuser.php is initiated. But how I can restrict direct access to getuser.php? If someone visit getuser.php?q=something; the process will be started for "something". I want to run the getuser.php process only and only when it is initiated from my main page. Hello everyone, What is the best method of blocking direct access to certain files like functions, modules, and etc? I was trying the if ( ! defined('BASEPATH')) exit('No direct script access allowed');method but I feel like there must be a more convenient/better way. Any suggestions are appreciated, thank you. I have solved this now. Hi, I found a code for login page on web which would check against the database and login, I wanted to modify it so that once the password is verified the user will be directed to a new page with the session variables also active. I read about " header()" functionality which would achieve this so i added this to the code but my code seems to fail with the error "Cannot modify header information - headers already sent by (output started at C:\xampp\phpMyAdmin\scripts\login1.php:7) in C:\xampp\phpMyAdmin\scripts\login1.php on line 10 " The code for login1.php is as below- For quick understanding i have removed all the section related to DB validation ..so the below code must activate the next page "add_entry2.php" immediately after submit button is pressed. Please see below.. Thanks in advance. Code: [Select] <html> <head> <title>Login</title> </head> <body> <?php if (isset($_POST['submit'])) {if(!$_POST['uname'] | !$_POST['passwd']){die('You did not fill in a required field.'); } header('Location: add_entry2.php');} else {// if form hasn't been submitted ?> <h1>Login</h1> <form action="<?php echo $_SERVER['PHP_SELF']?>" method="post"> <table align="center" border="1" cellspacing="0" cellpadding="3"> <tr><td>Username:</td><td> <input type="text" name="uname" maxlength="40"> </td></tr> <tr><td>Password:</td><td> <input type="password" name="passwd" maxlength="50"> </td></tr> <tr><td colspan="2" align="right"> <input type="submit" name="submit" value="Login"> </td></tr> </table> </form> <?php } ?> </body> </html> Hello, I'm having some major major issues, with a web hosting / PHP / MySQL database issue and if anyone can help that would be amazing! Okay first I have a MySQL database setup, with a table called "staff", within that there is a "username" and "password" field pretty self explanatory. I have a login in page (login.php) see first set of coding and a loginaction (loginaction.php) and what is suppose to happen is the loginaction checks the posted data against the database and if correct relocate to another page. I have had this coding and much more complex coding working on various other servers, but this is the first time I've ever dealt with BT Business webhosting, which is pretty useless right now and poor help to date from technicians who say it is a purely a coding issue. From what I have established I believe that the issue is occuring because BT don't have the apache server setup correctly for what I'm trying to do or that the browser is seeing the "$result" on "loginaction.php" and data, resulting in a white page of certain doom! Please help!! login.php [<?php include "sections/phparea.php";?> <?php include "sections/header.php";?> <?php include "sections/left.php";?> <!-- start content --> <div id="content"> <?php // Include the formatted error message if (isset($_SESSION['message'])) echo "<h4>".$_SESSION['message']."</h4>"; // Generate the login <form> layout ?> <form action="loginaction.php" method="post" enctype="multipart/form-data"> <table class="tablelogin" > <tr> <td> <label for="email">E-mail Address</label> </td> <td> <input type="text" name="email" id="email" /> </td> </tr> <tr> <td> <label for="password">Password</label> </td> <td> <input type="password" name="password" id="password" /> </td> </tr> <tr> <td> </td> <td> <a href="../ambustar/accountrecovery.php">Forgotten Password?</a> </td> </tr> <tr> <td> </td> <td> </td> </tr> <tr> <td> </td> <td> <input type="hidden" name="count" id="count" value="1" /> <input type="reset" name="reset" id="reset" value="Clear" /> <input type="submit" name="submit" id="submit" value="Log in" /> </td> </tr> </table> </form> </div> <!-- end content --> <?php include "sections/right.php";?> <?php include "sections/footer.php";?> ] loginaction.php [<?php session_start(); include "dbconnect.php"; $email =$_POST["email"]; $password =$_POST["password"]; $query = "SELECT * FROM staff WHERE username = '$email' AND password = '$password'"; $result = mysql_query($query) or die ("Error in query: $query. ".mysql_error()); // see if any rows were returned if (mysql_num_rows($result) > 0) { header("Location: test.php"); } else { header("Location: login.php"); } ?> ] dbconnect.php [<?php $hostname = "sql5c30a.carrierzone.com"; $username = "user"; $password = "password"; $databaseName = "main_bikescarsandvans_co_uk"; $connection = mysql_connect($hostname, $username, $password); // or die ("Unable to connect!") mysql_select_db($databaseName) or die ("Unable to select database!"); ?> ] we have already see the facility in website gmail and facebook that when user log-in successfully then its redirects the page to another page automatically, can someone tell me how to redirect the page when log-in becomes successful ?
User tries to Log-in -> create session variable -> now redirect the page
I can verify user account details and set the session variable at the same time, but how to reload the page so that it finds the session and reload itself and then redirect the page to new page ??
Thanks for sparing your time here !!
Hi, I have one webhost (A) that supports no PHP and has unlimited bandwidth. I have a second webhost (B) that does support PHP, but has limited bandwidth. The website is on host A and contains a 5mb file that people can download and I'd like to count the downloads. But now I need to use host B to count the downloads. I'm using this small script on host B to count the downloads. <?php $hits=file("count.txt"); $hits[0]++;$fp=fopen("count.txt","w"); fputs($fp,$hits[0]); fclose($fp); header("Location: http://webhost-A.com/files/download.zip"); ?> The download link people see on my website is: http://webhost-B.com/download.php Generally this works fine, but I found out that people can still find the direct link with download managers and then put that direct link on their website, which prevents me from counting those downloads. A solution I found is to use ReadFile. But the problem is that when using ReadFile, host B first downloads the file from host A and then sends it to the user and that's exactly what I don't want. Is it possible to let people download the file directly from host A without showing the direct download link in any way and also count the downloads? |
|||||||