PHP - Php Stability Advice

for those of you who don't know i am creating a piece of forum software called ASF. Ive done it by myself so far but as it grows i find it harder to write the code and keep organised. my code is a mess and things arent done the way they should be. So if anyone can give me advice or wants to help i could post some of the files for download. Even if you just want to have a look and let me know waht you think.

Thanks
Carl

http://www.thevault.cz.cc

Hello, can someone please advice me on what scripts I will need to accomplish the following.

I want users to be able to login to their personal page, on there will be items such as pdf files, jpeg files etc, that they will be able to download.

Are there any free scripts out there that can do this, that anyone knows of? I don't mind paying if its a cheapish script for one of you to make for me, but money is a bit tight at the moment so a free script would be my 1st choice...

Thanks for all your help

I have a restricted page for members of a website. This restricted area is within a directory called 'download.'

There is a login form on two pages (home and support pages, found in the main menu). These pages are on the site root directory. When the user successfully logs in they are taken inside the download directory to index.php.

This index.php has a different look to the site root design. I have since redesigned this page to have the same structure as the site root pages.

I would love for the user to able to navigate around the main site if they wanted, and when they clicked support in the menu they would have all the download files there on the page, instead of a login form.

My question is how would I implement this login so that when the user logs in the support page changes from the login page to the page with the files.

I don't want to to duplicate the site within the download directory, I was hoping for an efficient method, but I am unsure how to go about it. 

This topic has been moved to Application Design.

http://www.phpfreaks.com/forums/index.php?topic=328588.0

Hi everyone

This is not really about php code...sorry. But i want some advice if you dont mind. I am working on a system, but i would like it to be available for PC use, aswell as for mobile use. What would be the best? To create two websites, one for mobile other for PC, and upload them to .mobi and .com domains, or should i create only one... I need this to be as user-friendly as possible...because the clients who are going to use this, is those ppl that is not comfortable with a PC, not to mention the web.

Thanks

hello 


i need someone to take a look on this , General comments on the code process and how should i continue !!!



[attachment deleted by admin]

Hey everyone

A little advice would be great.  okay... I have a system that registers users and then allows them to take part in a quiz, which uses sessions and a database however what the problem is, is that i would like the user to be able to see the results of there quiz rather than destroying a session on logout.php

for example when they login, they will click member area for example and this will display info about the quiz they completed.... i.e. Scores

How would i do keep this info so its not lost on logging out??

Thanks in advance guys

Lance

I am working on adding security to my code. This is new to me and I am confused at which one to use. The numbers, email and pswd are all explanatory its the text fields that are confusing me.

So I have a variety of text fields where the user can input what they want. I want to be able to add in a variety of characters but want it to be secure as well.

I want to be able to use the "&" so I think I want Quote

FILTER_SANITIZE_STRING, FILTER_FLAG_ENCODE_AMP


All the text fields will be used for descriptions or notes.

Also, how secure, if at all, is this function? It was a very earlier attempt at security

function check_input($data)   {
  $data = trim($data);
  $data = htmlspecialchars($data);
  return $data;
}

Yup, the nice person left some friendly messages just to prove it. Now i need to recover. I have back up code and DB. But I need to establish what kind of hack it was and how to improve things. The big tell tale, is that all the javascript is gone off the pages. Yet the js tools ( jquery etc ) all all still there. They also got past the login page as well.  The site was built with CodeIgniter so I had invested my trust in the framework as I will never assume I know more than the CI guys on security.  any ideas jump to mind as to what kind of hack it was and therefore what obvious things I can do to avoid it again ? Many Thanks !!

Hi,

Is anyone here familiar with the Facebook API?

My boss wants people to be able to share their store with their friends on Facebook from within the stores admin panel. He wants the following.

1) Display all friends with a checkbox next to each name.
2) Check the friends you want to inform about your store.
3) Post a message on checked friends wall.

It sounds simple.

The problem is the friends selection screen. Some of my friends on Facebook have 1000 friends. Obviously listing all of them is inpractical. Ideally I need a search box to limit the friends that display and make it easy to find who you are looking for. Does something like this already exist? Does it have a name?

I have made a small class to learn how to do them. This basically adds the new user to the database upon registration. I would like to know if i am doing things right or if there is a better way. Also can anyone tell me why i would use this class? Previously I just included the insert query and if statements in my main register.php page and everything worked fine. what are the advantages to using it in a class?

Here is the class:

<?php

define ("NO_USERNAME", "Please Enter A Username");
define ("NO_PASSWORD", "Please Enter A Password");
define ("NO_EMAIL", "Please Enter An Email Address");
define ("SUCCESFULL_REGISTRATION", "Done");
define ("NO_MATCH", "Your Passwords Did Not Match");
define ("UNKNOWN_ERROR", "An Unknown Error Occured");

class User
{
public $user_name;
public $password;
public $email_address;
public $password_confirm;
public $processed;
public $error;

function user_create($user_name, $password, $email_address, $password_confirm)
{
if (empty($user_name))
{
$this->error = NO_USERNAME;
}
elseif (empty($password))
{
$this->error = NO_PASSWORD;
}
elseif (empty($email_address))
{
$this->error = NO_EMAIL;
}
elseif ($password != $password_confirm)
{
$this->error = NO_MATCH;
}
else
{
$this->error = NULL;
}

if ($this->error == NULL)
{
echo "Username: " . $user_name . "<br />";
mysql_query("INSERT INTO test_members
(user_name,
password,
email_address)
VALUES
('$user_name',
'".md5($password)."',
'$email_address')")
or trigger_error("SQL", E_USER_ERROR);

$this->processed = TRUE;

}

}

public function encryptPassword($password)
{
$password = sha1(md5(md5(sha1(sha1($this->password)))));
}

}

?>

Chapter 2 homework is coded. It works and that is the main thing, but I dont just want the grade, I want want to learn php and be proficent at it. Is there anything that looks wrong, Variable names, lack off comments, things out of place. All advice is welcome.

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0
Strict//EN"
"html://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Temperature Conversion</title>
<meta http-equiv="content-type"
	content="text/html; charset=iso-8859-1" />
</head>

<body>
<h1>Fahrenheit to Celsius Conversions</h1>
<article>
<?php
	$degFahrenheit = 0;
	
	function degreeConverter ($degFahrenheit) { //Function converts F* to C*
		$degCelsius = (($degFahrenheit - 32) * 5/9);
		$returnCelsius = round ($degCelsius, 1);
		return $returnCelsius;
	}
	do {//begining of loop
	$convertCelsius = degreeConverter($degFahrenheit);
	echo "<p>$degFahrenheit degrees Fahrenheit = $convertCelsius degrees Celsius.</p>";
	++degFahrenheit;
	}
	while ($degFahrenheit <= 100);//end of loop
?>
</article>
</body>
</html>

I've been trying to find a good, up-to-date source on how to secure the authentication credentials for my db connection. I've done some PHP coding and would like to learn more. There's plenty information available, but I often find books inevitably have typos in the code. Also most of the online tutorials are either at least several years old or deal more with user login security.

User authentication is one thing, but what are the best ways to secure the connection to the database itself? Obviously your basic newbie method of unencrypted host, username, password, and database stored in a connectvar file is just open invitation--or maybe not since it doesn't present a challenge to a hacker. Some say to encrypt the credentials with something like MD5 and store them in .htaccess. Other sources say not to use MD5. Any advice on where to find some good resources on this?

Cheers!

Hello everyone. I have been told that PHP, javascript and html would be needed for this. So I am here to explain and ask your advice.

Since being severely disabled in a car accident, I am trying to make use of what I have left. I would like to use my knowledge and try to help those who want to get back to work. I will give my time for free but the cost of using council premises must be paid for, albeit heavily subsedised by the benefits department.

I will need a single page. It will need a datepicker (so I am told) where students can see what days are available and then select their chosen dates and complete their details. Then, the system will make some calculations and send me an email with the details that I can add to official paperwork and email on, to the student, the benefits department and the local council. I would also like to be able to "log in" to the page, to put the details in myself and still to send me the email with the details, as before.

Should I explain everything I am trying to achieve, in one post, or can someone advise me as to which parts need which code and make separate posts in the corresponding threads?

I am trying to study as much as possible and am finding this forum a great help. But, a little help or guidance in the right direction would be great.

Thank you, in advance, for your help

Hi All,

I currently have a ticketqueue that show's all tickets assigned to a group of people, but split into personal queues, but the way that I wrote it, means that it needs manually updating if a specific person leaves/joins the department. For example, to get the queue details, I use the following query:

Code: [Select]
$username1 = mssql_query("select id,subject,body,priority from queue where assignedto = username1";)
$username2 = mssql_query("select id,subject,body,priority from queue where assignedto = username2";)

I have repeated this code for all of the users in our team. Which seams a waste, as I have all the information on our team stored in a DB called "sysadminusers". Is there an array I could use that would look at all the usernames in the table, and then repeat the query for me?

I would also need this array to display the results on the page, currently I use the following:

Code: [Select]
while($username1_tickets = mssql_fetch_assoc($username1)){
echo $username1_tickets['id'],$username1_tickets['subject']$username1_tickets['body'],$username1_tickets['priority'];}
while($username2_tickets = mssql_fetch_assoc($username2)){
echo $username2_tickets['id'],$username2_tickets['subject']$username2_tickets['body'],$username2_tickets['priority'];}

I am just looking for some design advice and code examples that would help me tidy up my code for this page, it seams a lot of code for quite a simple page.

Thanks
Matt