|
PHP - Password Protect Code W/ Custom Input Fields Not Working. Help! :)
I have a problem w/ a widely used password protect php code. I use a business directory program that allows custom input fields. I'm using this code to password protect a business listing page in my directory code. I created custom fields for the username & password so a listing can enter their own user/pass but when I test it it won't work when I'm calling/echoing the fields. When I hardcode it w/ a user/pass it works. Any ideas on how I should recode this?:
Quote <?php // Define your username and password $username = "<?php echo $custom_74; ?>"; $password = "<?php echo $custom_16; ?>"; if ($_POST['txtUsername'] != $username || $_POST['txtPassword'] != $password) { ?> <h1>Login</h1> <form name="form" method="post" action="<?php echo $_SERVER['REQUEST_URI']; ?>"> <p><label for="txtUsername">Username:</label> <br /><input type="text" title="Enter your Username" name="txtUsername" /></p> <p><label for="txtpassword">Password:</label> <br /><input type="password" title="Enter your password" name="txtPassword" /></p> <p><input type="submit" name="Submit" value="Login" /></p> </form> <?php } else { ?> I close the code correctly. <?php echo $custom_74; ?> & <?php echo $custom_16; ?> are just incidently my custom field echo codes. I have over 150 custom fields working fine for user/listee options. The password protect code won't accept echos it seems as coded above. Thanks, Gene Similar TutorialsI'm not sure if this is a php or Apache question but here goes anyways. I have my Apache web server set up so I can access it from anywhere which obviously means anyone else can access it too. I have my index page which is basically a menu for the site password protected with a simple php script. The problem is the index.php password page can be bypassed by just typing the name or path of any of the pages on the site. I don't want to have to password protect or enter a session variable onto every page. Is there a practical way to make it where no page can be accessed without being routed from the index.php page ? hi all i have a code that i am trying to password to protect my webpage and i cant seen to get it to coonect to mysql DB. here is the code $c_username = "root"; $c_password = "Steph1989"; $c_host = "localhost"; $c_database = "eclipse_media"; // Connect. $connection = mysql_connect($c_host, $c_username, $c_password) or die ("It seems this site's database isn't responding."); mysql_select_db($c_database) or die ("It seems this site's database isn't responding."); Hey, nooby here I am looking for a PHP solution for password protect pages. I have successfully implemented this code which check a user name and password to grant access. The problem is that each user needs a different (password protected) page. What I would like to do is take it a step further and have each user directed to a specific page. visitor1 => www.mysite.com/visitor1.com visitor2 => www.mysite.com/visitor2.com Since I am not going to have anymore than three users I don't want the complication of a database and keep everything PHP. Any idea please? Cheers, This is the login page:
<?php
$LOGIN_INFORMATION = array(
'visitor1' => 'password1',
'visitor2' => 'password2'
);
define('USE_USERNAME', true);
define('LOGOUT_URL', 'http://www.mysite.com/logout.php');
define('TIMEOUT_MINUTES', 0);
define('TIMEOUT_CHECK_ACTIVITY', true);
if(isset($_GET['help'])) {
die('Include following code into every page you would like to protect, at the very beginning (first line):<br><?php include("' . str_replace('\\','\\\\',__FILE__) . '"); ?>');
}
$timeout = (TIMEOUT_MINUTES == 0 ? 0 : time() + TIMEOUT_MINUTES * 60);
if(isset($_GET['logout'])) {
setcookie("verify", '', $timeout, '/'); // clear password;
header('Location: ' . LOGOUT_URL);
exit();
}
if(!function_exists('showLoginPasswordProtect')) {
function showLoginPasswordProtect($error_msg) {
?>
<!DOCTYPE HTML>
<html>
<head>
</head>
<body class="loading">
<div style="width:500px; margin-left:auto; margin-right:auto; text-align:center">
<form method="post">
<p>Please enter password</p><br />
<font color="red"><?php echo $error_msg; ?></font><br />
<?php if (USE_USERNAME) echo 'Login:<br /><input type="input" name="access_login" /><br />Password:<br />'; ?>
<input type="password" name="access_password" /><p></p><input type="submit" name="Submit" value="Submit" />
</form>
</div>
</body>
</html>
<?php
die();
}
}
if (isset($_POST['access_password'])) {
$login = isset($_POST['access_login']) ? $_POST['access_login'] : '';
$pass = $_POST['access_password'];
if (!USE_USERNAME && !in_array($pass, $LOGIN_INFORMATION)
|| (USE_USERNAME && ( !array_key_exists($login, $LOGIN_INFORMATION) || $LOGIN_INFORMATION[$login] != $pass ) )
) {
showLoginPasswordProtect("Incorrect password.");
}
else {
setcookie("verify", md5($login.'%'.$pass), $timeout, '/');
unset($_POST['access_login']);
unset($_POST['access_password']);
unset($_POST['Submit']);
}
}
else {
if (!isset($_COOKIE['verify'])) {
showLoginPasswordProtect("");
}
$found = false;
foreach($LOGIN_INFORMATION as $key=>$val) {
$lp = (USE_USERNAME ? $key : '') .'%'.$val;
if ($_COOKIE['verify'] == md5($lp)) {
$found = true;
// prolong timeout
if (TIMEOUT_CHECK_ACTIVITY) {
setcookie("verify", md5($lp), $timeout, '/');
}
break;
}
}
if (!$found) {
showLoginPasswordProtect("");
}
}
?>
And here is the code I used at the top of each protected page:
<?php include("/home/user/public_html/clients/login.php"); ?>[/code]
On all my forms, after I send an empty string to one field, it will stop accepting values when I resubmit. My code passes through the W3C validator Any ideas?? Hello, I just joined today! I am very new to php, I'm sure you'll be able to tell I created a 'members area only' thanks to some awesome online tutorials!! The only part that isn't working is the page protection for the 'members only area'. I am using $_SESSION and ISSET, but wonder why page shows when the address to the protected page is typed directly in, (no session should exist) if I understand correctly ... Any help will be wonderful, I really can't do this on my own yet. I have tried many different combinations, I may have them all mixed together by now. Currently, I have this code to the top of the page I am trying to protect ... <? ob_start(); session_start(); //The users login details should be stored either in the post array or session array so we pull those login credentials $username = isset($_POST['username']) ? $_POST['username'] : $_SESSION['username']; $password = isset($_POST['password']) ? $_POST['password'] : $_SESSION['password']; //if no username session variable exists, redirect user: if(!isset($username)) { header("Location: login_form.php"); } ?> <html> <head> </head> <body> <p> This is the members only area</p> </body> </html> Hi, I have the following code: Code: [Select] <?php $cmd = $_GET['cmd']; if($cmd=="") { $cmd = "adminlogin";} // This creates the header for each of the installation pages switch($cmd) { // This is the installation agreement page case "adminlogin": print <<<LOGIN <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <title>Member Site Maker 1.0</title> <link rel="stylesheet" href="style.css" type="text/css" /> </head> <body> <div id="head" align="center"> <h1 id="siteName">Member Site Maker </h1> <br /> <table align="center" border="0" bgcolor="#CCCCCC"> <tr> <td align="center"><span class=style1><b>ADMIN LOGIN</b></span></td> </tr> <tr> <td> <form action=admin.php?cmd=manage method=POST> Password: <input type=text name=password1> </td> </tr> <tr> <td> <input type=submit name=submit value=Submit> </td> </tr> </table> </form> LOGIN; break; // Managing Users case "manage": include_once("header.html"); include_once("data/password.php"); $password1 = $_POST['password1']; $password2 = base64_decode($password); if ($password1 != $password2) { print <<<BADLOGIN <table width=953 border=1 align=center bgcolor=#00CCFF> <tr> <td><span class=style1><b><center>Failed Login</center></b></span></td> </tr> <tr> <td><span class=style2>Your passwords do not match. Please go back and correct this error</td> </tr> </table> BADLOGIN; } else { echo <<<MANAGE <!--end navBar2 div --> <div id="navBar2"> <div id="sectionLinks"> <ul> <li><a href="admin.php?cmd=manage&password1=$password1">Manage</a></li> <li><a href="admin.php?cmd=dashboard&password1=$password1">Dashboard</a></li> <li><a href="admin.php?cmd=approval&password1=$password1">Approval</a></li> <li><a href="admin.php?cmd=msgcentre&password1=$password1">Message Center</a></li> <li><a href="admin.php?cmd=logins&password1=$password1">Logins</a></li> </ul> </div> </div> <!--end navBar2 div --> <div id="content"> <div class="story"> <table width="100%" border="0"> <tr> <td bgcolor="#99FF66"><div align="center"><span class="style3">Login</span></div></td> <td bgcolor="#99FF66"><div align="center"><span class="style3">Name</span></div></td> <td bgcolor="#99FF66"><div align="center"><span class="style3">Last Visited </span></div></td> <td bgcolor="#99FF66"><div align="center"><span class="style3">Registration Date </span></div></td> <td bgcolor="#99FF66"><div align="center"><span class="style3">Reset Password </span></div></td> <td bgcolor="#99FF66"><div align="center"><span class="style3">Delete</span></div></td> </tr> <tr> <td> </td> <td> </td> <td> </td> <td> </td> <td> </td> <td> </td> </tr> </table> <h3> </h3> </div> </div> <!--end content --> MANAGE; } break; case "dashboard": break; case "approval": break; This works fine for when viewing the admin.php, I am asked for a password and then it compares the password against the encoded password before displaying the manage page. However this does not stop someone typing http://www.mysite.com/folder/admin.php?cmd=dashboard If they do that, it skips the password form and password check, and they can then go ahead and do whatever in the admin.php file. How can I prevent this, so that a password check is automatically done before allowing somebody to view the page? I have tried adding the code I used in the manage section, but it doesnt work again. Any help will be greatly appreciated, I been trying to work it out all day and run out of ideas. Many Thanks This topic has been moved to Apache HTTP Server. http://www.phpfreaks.com/forums/index.php?topic=358740.0 Hey guys,
Thank you in advance... here is my situation, I have a form with three (3) fields in it, the 'student name' is unlimited textfield with an "add more" button to it and I have two select fields ('number of shirts' and 'trophies') that depend on the number of entries for 'student name'...
I want to create the select fields based on this math, for as many 'student name' entries:
1- i want to have the select form for 'number of shirts' to be 0 up to that number... so if there are 6 'student name' entries, the select options will be 0,1,3,4,5,6,7
2- I want to have the select form for 'trophies' to be 5 'student name' entries to 1 'trophies', for example if there are 6 'student name' entries, the select options will be 0,1... if there are 13 entries, options will be 0,1,2... So if there are less than 5 'student name' entries, the select field will not show (hidden)
of course if there are no 'student name' entries, these two fields won't show up (hidden)
let me know if that make sense and ANY help or directions will be GREATLY APPRECIATED.
Thanks guys!
I'm trying to password protect and admin area but an included script, but it's not working very well. I've used this script forever, but for some reason it pops up an alert that says "The URL is not valid and cannot be loaded," when the form is submitted. It's an old script from PHPBuddy. Here is the script: // password_protect.php Code: [Select] <?php # Simple password protection # # (c) http://www.phpbuddy.com # Author: Ranjit Kumar # Feel free to use this script but keep this message intact! # # To protect a page include this file in your PHP pages! session_start(); $admin_user_name = "admin"; $admin_password = "admin"; //you can change the username and password by changing the above two strings if (!isset($HTTP_SESSION_VARS['user'])) { if(isset($HTTP_POST_VARS['u_name'])) $u_name = $HTTP_POST_VARS['u_name']; if(isset($HTTP_POST_VARS['u_password'])) $u_password = $HTTP_POST_VARS['u_password']; if(!isset($u_name)) { ?> <HTML> <HEAD> <TITLE><?php echo $HTTP_SERVER_VARS['HTTP_HOST']; ?> : Authentication Required</TITLE> </HEAD> <BODY bgcolor=#ffffff> <table border=0 cellspacing=0 cellpadding=0 width=100%> <TR><TD> <font face=verdana size=2><B>(Access Restricted to Authorized Personnel)</b> </font></td> </tr></table> <P></P> <font face=verdana size=2> <center> <?php $form_to = "http://$HTTP_SERVER_VARS[HTTP_HOST]$HTTP_SERVER_VARS[PHP_SELF]"; if(isset($HTTP_SERVER_VARS["QUERY_STRING"])) $form_to = $form_to ."?". $HTTP_SERVER_VARS["QUERY_STRING"]; ?> <form method=post action=<?php echo $form_to; ?>> <table border=0 width=350> <TR> <TD><font face=verdana size=2><B>User Name</B></font></TD> <TD><font face=verdana size=2><input type=text name=u_name size=20></font></TD></TR> <TR> <TD><font face=verdana size=2><B>Password</B></font></TD> <TD><font face=verdana size=2><input type=password name=u_password size=20></font></TD> </TR> </table> <input type=submit value=Login></form> </center> </font> </BODY> </HTML> <?php exit; } else { function login_error($host,$php_self) { echo "<HTML><HEAD> <TITLE>$host : Administration</TITLE> </HEAD><BODY bgcolor=#ffffff> <table border=0 cellspacing=0 cellpadding=0 width=100%> <TR><TD align=left> <font face=verdana size=2><B> You Need to log on to access this part of the site! </b> </font></td> </tr></table> <P></P> <font face=verdana size=2> <center>"; echo "Error: You are not authorized to access this part of the site! <B><a href=$php_self>Click here</a></b> to login again.<P> </center> </font> </BODY> </HTML>"; session_unregister("adb_password"); session_unregister("user"); exit; } $user_checked_passed = false; if(isset($HTTP_SESSION_VARS['adb_password'])) { $adb_session_password = $HTTP_SESSION_VARS['adb_password']; if($admin_password != $adb_session_password) login_error($HTTP_SERVER_VARS['HTTP_HOST'],$HTTP_SERVER_VARS['PHP_SELF']); else { $user_checked_passed = true; } } if($user_checked_passed == false) { if(strlen($u_name)< 2) login_error($HTTP_SERVER_VARS['HTTP_HOST'],$HTTP_SERVER_VARS['PHP_SELF']); if($admin_user_name != $u_name) //if username not correct login_error($HTTP_SERVER_VARS['HTTP_HOST'],$HTTP_SERVER_VARS['PHP_SELF']); if(isset($admin_password)) { if($admin_password == $u_password) { session_register("adb_password"); session_register("user"); $adb_password = $admin_password; $user = $u_name; } else { //password in-correct login_error($HTTP_SERVER_VARS['HTTP_HOST'],$HTTP_SERVER_VARS['PHP_SELF']); } } else { login_error($HTTP_SERVER_VARS['HTTP_HOST'],$HTTP_SERVER_VARS['PHP_SELF']); } $page_location = $HTTP_SERVER_VARS['PHP_SELF']; if(isset($HTTP_SERVER_VARS["QUERY_STRING"])) $page_location = $page_location ."?". $HTTP_SERVER_VARS["QUERY_STRING"]; header ("Location: ". $page_location); } } } ?> And here is the file I'm trying to protect: //index.php Code: [Select] <?php include('password_protect.php'); include("connection.php"); //Logout if($_REQUEST['action'] == "logout") { session_unset(); session_destroy(); header('Location:index.php'); } //Script Actions //Add Main Display if ($_REQUEST['action'] == "add_main_d") { //Upload Image $target_path = "main_display/"; $target_path = $target_path . basename( $_FILES['image']['name']); if(move_uploaded_file($_FILES['image']['tmp_name'], $target_path)) { $msg1 = "<p>The image ". basename( $_FILES['image']['name']). " has been uploaded</p>"; } else { $msg1 = "<p>There was an error uploading the image, please try again!</p>"; } $image = $_FILES['image']['name']; //Add Info to Database $query = "INSERT INTO main_display (title,descrip,link,image) VALUES('$_REQUEST[title]','$_REQUEST[descrip]','$_REQUEST[link]','$image')"; $result = mysql_query($query) or die ("Can't do anything with the query!"); $msg = "<p>" . $_REQUEST['title'] . " added to the main display.</p>"; } //Add Guest if ($_REQUEST['action'] == "add_guest") { //Upload Image $target_path = "guests/"; $target_path = $target_path . basename( $_FILES['image']['name']); if(move_uploaded_file($_FILES['image']['tmp_name'], $target_path)) { $msg1 = "<p>The image ". basename( $_FILES['image']['name']). " has been uploaded</p>"; } else { $msg1 = "<p>There was an error uploading the image, please try again!</p>"; } $image = $_FILES['image']['name']; //Add Info to Database $query = "INSERT INTO guest (name,ep,link,image) VALUES('$_REQUEST[name]','$_REQUEST[ep]','$_REQUEST[link]','$image')"; $result = mysql_query($query) or die ("Can't do anything with the query!"); $msg = "<p>" . $_REQUEST['name'] . " was added to the guest list.</p>"; } //Delete Item if($_REQUEST['action'] == "delete_item"){ $query = "SELECT * FROM main_display WHERE id = '$_REQUEST[item]'"; $result = mysql_query($query) or die ("Can't do anything with the query!"); $row = mysql_fetch_array($result,MYSQL_ASSOC); $image = $row['image']; unlink("main_display/$image"); //Delete news $query = "DELETE FROM main_display WHERE id = '$_REQUEST[item]'"; $result = mysql_query($query) or die ("Can't do anything with the query!"); $msg = "Display Meny Item erased."; } //Delete Guest if($_REQUEST['action'] == "delete_guest"){ $query = "SELECT * FROM guest WHERE id = '$_REQUEST[item]'"; $result = mysql_query($query) or die ("Can't do anything with the query!"); $row = mysql_fetch_array($result,MYSQL_ASSOC); $image = $row['image']; unlink("guests/$image"); //Delete news $query = "DELETE FROM guest WHERE id = '$_REQUEST[item]'"; $result = mysql_query($query) or die ("Can't do anything with the query!"); $msg = "Display Meny Item erased."; } ?> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <link rel="stylesheet" type="text/css" href="style.css" /> <title>Admin Window</title> <?php //Form Check - Javascript if($_REQUEST['view'] == "main_d") { include("add_main_d_check.php"); } if($_REQUEST['view'] == "guest_d") { include("add_guest_d_check.php"); } ?> </head> <body> <div id="wrapper"> <h1> Admin Window </h1> <div id="links"> <ul> <li><a href="index.php">Main</a></li> <li><a href="index.php?view=main_d">Main Display</a></li> <li><a href="index.php?view=guest_d">Guests</a></li> <li><a href=\"index.php?action=logout\">Logout</a></li> </ul> </div> <?php if (isset($msg1)) { echo $msg1 . "<br />"; } if (isset($msg)) { echo $msg; } //Page Controller switch($_REQUEST['view']) { case "main_d": include("main_d.php"); break; case "guest_d": include("guests.php"); break; default: if(!isset($_REQUEST['action'])){ echo "<p>Please select an action.</p>"; } break; } ?> </div> </body> </html> I will be grateful for any help on this. Thanks! I am working on a site Wordpress site where I have used a plugin to create some custom fields that appear when a user is creating a new page. The code below is a snipet from the template that calls those custom fields and places the user input into the proper sections of the page.
The first line is working perfectly, the second piece of code is where my error is coming from. The code in bold is the call to the user input url. I need this to be input into the button shortcode. I am not very experienced with php, so I am hoping that I have just made a simple syntax error.
Any help would be greatly appreciated!
....
<p><?php echo types_render_field("copy-section");?></p>
<?php echo do_shortcode('[button color="accent-color" hover_text_color_override="#fff" size="large" url="' . echo types_render_field("signup-link"); . '" text="SIGN UP TODAY - It's Free and Secure!" color_override="#d28743"]'); ?>
....
Hi all, So I'm not completely sure on how to do this, but basically this i what i want. I want the users to be able to create "fields" in my table, so let's say we have a structure like this: Field 1 Field 2 Field 3 Data 1 Data 2 Data 3 Problem is, that i want my users to update both the <td> and <tr> information via mysql, without altering the database. And I'm not sure on how I can make sure, that everything gets out in the right order. I have this so far: Code: [Select] <table id="sort-table"> <thead> <tr> <?PHP echo ' <td> Identifier </td> '; $result = mysql_query("SELECT * FROM fields ORDER BY `order`"); while($row = mysql_fetch_array($result)) { echo ' <td> ' . $row["name"] . ' </td> '; } ?> <th style="width:128px">Options</th> </tr> </thead> This will display the field 1, 2, 3 etc.. My problem is.. How do i get the content displayed in the right order to the right fields.. :/ I hope you understand me, if not, please tell me so I can elaborate ^_^ I know this might seems like a noob question, and I'm sorry that I couldn't search, but I didn't know what to search for. This topic has been moved to PHP Applications. http://www.phpfreaks.com/forums/index.php?topic=358297.0 I recently changed the PHP code where the submitter receives a receipt, Now they want the submitter to receive it with less fields than what the E-mail goes to.
For example the people who get the email from the submitter sees all the fields, but the submitter gets a receipt with different fields. I cannot seem to figure it out. Any help is appreciated. So I receive all this fields name,lastname,email,Phone,ReferredBy. But the submitter receives only these files name,lastname,ReferredBy
<?php // OPTIONS - PLEASE CONFIGURE THESE BEFORE USE! $yourEmail = "example1@email,example2@email.com"; // the email address you wish to receive these mails through $yourWebsite = "Application"; // the name of your website $thanksPage = ''; // URL to 'thanks for sending mail' page; leave empty to keep message on the same page $maxPoints = 4; // max points a person can hit before it refuses to submit - recommend 4 $requiredFields = "name,lastname,email,Phone,ReferredBy"; // names of the fields you'd like to be required as a minimum, separate each field with a comma $textlink ='<a href="confirmation.html">Click Here And Take The Next Step</a>.' ; // DO NOT EDIT BELOW HERE $error_msg = array(); $result = null; $requiredFields = explode(",", $requiredFields); function clean($data) { $data = trim(stripslashes(strip_tags($data))); return $data; } function isBot() { $bots = array("Indy", "Blaiz", "Java", "libwww-perl", "Python", "OutfoxBot", "User-Agent", "PycURL", "AlphaServer", "T8Abot", "Syntryx", "WinHttp", "WebBandit", "nicebot", "Teoma", "alexa", "froogle", "inktomi", "looksmart", "URL_Spider_SQL", "Firefly", "NationalDirectory", "Ask Jeeves", "TECNOSEEK", "InfoSeek", "WebFindBot", "girafabot", "crawler", "www.galaxy.com", "Googlebot", "Scooter", "Slurp", "appie", "FAST", "WebBug", "Spade", "ZyBorg", "rabaz"); foreach ($bots as $bot) if (stripos($_SERVER['HTTP_USER_AGENT'], $bot) !== false) return true; if (empty($_SERVER['HTTP_USER_AGENT']) || $_SERVER['HTTP_USER_AGENT'] == " ") return true; return false; } if ($_SERVER['REQUEST_METHOD'] == "POST") { if (isBot() !== false) $error_msg[] = "No bots please! UA reported as: ".$_SERVER['HTTP_USER_AGENT']; // lets check a few things - not enough to trigger an error on their own, but worth assigning a spam score.. // score quickly adds up therefore allowing genuine users with 'accidental' score through but cutting out real spam $points = (int)0; $badwords = array("adult"); foreach ($badwords as $word) if ( strpos(strtolower($_POST['comments']), $word) !== false || strpos(strtolower($_POST['name']), $word) !== false ) $points += 2; if (strpos($_POST['comments'], "http://") !== false || strpos($_POST['comments'], "www.") !== false) $points += 2; if (isset($_POST['nojs'])) $points += 1; if (preg_match("/(<.*>)/i", $_POST['comments'])) $points += 2; if (strlen($_POST['name']) < 3) $points += 1; if (strlen($_POST['comments']) < 15 || strlen($_POST['comments'] > 1500)) $points += 2; if (preg_match("/[bcdfghjklmnpqrstvwxyz]{7,}/i", $_POST['comments'])) $points += 1; // end score assignments foreach($requiredFields as $field) { trim($_POST[$field]); if (!isset($_POST[$field]) || empty($_POST[$field]) && array_pop($error_msg) != "Please fill in all the required fields and submit again.\r\n") $error_msg[] = "Please fill in all the required fields and submit again."; } if (!empty($_POST['name']) && !preg_match("/^[a-zA-Z-'\s]*$/", stripslashes($_POST['name']))) $error_msg[] = "The name field must not contain special characters.\r\n"; if (!empty($_POST['email']) && !preg_match('/^([a-z0-9])(([-a-z0-9._])*([a-z0-9]))*\@([a-z0-9])(([a-z0-9-])*([a-z0-9]))+' . '(\.([a-z0-9])([-a-z0-9_-])?([a-z0-9])+)+$/i', strtolower($_POST['email']))) $error_msg[] = "That is not a valid e-mail address.\r\n"; if ($error_msg == NULL && $points <= $maxPoints) { $subject = "Payment"; $message = "New applicant: \n\n"; foreach ($_POST as $key => $val) { if (is_array($val)) { foreach ($val as $subval) { $message .= ucwords($key) . ": " . clean($subval) . "\r\n"; } } else { $message .= ucwords($key) . ": " . clean($val) . "\r\n"; } } $message .= "\r\n"; // this means reply to the sender with e-mail and subject. if (strstr($_SERVER['SERVER_SOFTWARE'], "Win")) { $headers = "From: {$_POST['email']}\r\n"; $headers .= "Bcc: $yourEmail\r\n"; $headers .= "Reply-To: {$_POST['email']}\r\n"; } else { $headers = "From: {$_POST['email']}\r\n"; $headers .= "Bcc: $yourEmail\r\n"; $headers .= "Reply-To: {$_POST['email']}\r\n"; } if (mail($_POST['email'],$subject,$message,$headers)) { if (!empty($thanksPage)) { header("Location: $thanksPage"); exit; } else { $result = 'Congratulations! We have received your application. IMPORTANT Click link below'; $disable = true; } } else { $error_msg[] = 'Your mail could not be sent this time. ['.$points.']'; } } else { if (empty($error_msg)) $error_msg[] = 'Your mail looks too much like spam, and could not be sent this time. ['.$points.']'; } } function get_data($var) { if (isset($_POST[$var])) echo htmlspecialchars($_POST[$var]); } ?> Does any one have a better idea to protect PHP files so that you can distribute a 'release' without the customer being able to read the source files. There are tools on the internet which costs money, BUT your are dependant on their software and if its not open source, its not trustworthy. What I've done so far is writing an ISAPI DLL in borland cpp and installed it under iis6. Basically you call this isappi dll and it decrypts the encrypted php files and executes them respectively. It is thread safe (as is php). There are other methods available on the net that you use to encrypt your pages, BUT the decryption algorithm is found in your main php file and duh, if you can read the main file, you can easily decrypt all other files, so that is a bad idea. Any other ideas? Possibly to write a PHP extension perhaps but I have not been able to get that working on borland cpp. Using base64_encode to encode the name of a major function on your code and them shift the values to reach non printable chars. This way, when a newbie tries to temper your code, opening it on a editor, it will fail to run when saved! What do you think? I need bit of help, so I am looking into a plugin created for newsletter where default is it shows ad but it has option to remove ads by checking the check box. Default is to send ads in newsletter but if you don't want to send ads through newsletter then check the box. The problem is, it seems like checkbox selected is not being picked up. Some help would be appreciated. The custom field in wp:
'label' => 'Hide newsletter ads',
'name' => 'hide_ads',
'type' => 'checkbox',
'instructions' => 'Checking the checkbox will remove ads',
'required' => 0,
'conditional_logic' => 0,
'wrapper' => array(
'width' => '',
'class' => '',
'id' => '',
),
'choices' => array(
'Hide newsletter ads' => 'Hide newsletter ads',
),
'allow_custom' => 0,
'default_value' => array(
),
'layout' => 'block',
'toggle' => 0,
'return_format' => 'value',
'save_custom' => 0,
),
This is the php code for it:
<!doctype html>
<html lang="en-GB">
<head>
<meta name="viewport" content="width=device-width" />
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<meta name="x-apple-disable-message-reformatting">
<title><?php the_title(); ?></title>
<style>
<?php require ABSPATH . 'path/newsletter.css'; ?>
</style>
<!--[if mso]>
<style type="text/css">
.outlook-fallback-font {
font-family: 'Lucida Bright', 'Cambria', -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen-Sans, Ubuntu, Cantarell, "Helvetica Neue", sans-serif;
}
</style>
<![endif]-->
</head>
<?php
$hide_newsletter_ads = get_field('hide_ads');
echo $hide_newsletter_ads;
?>
<body itemscope itemtype="http://schema.org/EmailMessage">
<div class="wrap">
<?php
if (!$hide_newsletter_ads) {
include ABSPATH . 'path/ad-banner.php';
}
?>
<div class="header">
<a href="<?php bloginfo( 'url' ); ?>">
<img src="<?php echo get_home_url().'logo.png' ?>" alt="News"
/>
</a>
</div>
<?php
if ( have_posts() ) :
while ( have_posts() ) :
the_post();
?>
<?php if ( get_field( 'newsletter_summary' ) ) { ?>
<div class="newsletter-summary"><?php the_field( 'newsletter_summary' ); ?></div>
<?php } ?>
<?php if ( have_rows( 'newsletter_content' ) ) : ?>
<?php
// Loop through the ACF blocks
$count = 0;
while ( have_rows( 'newsletter_content' ) ) :
the_row();
if ( get_row_layout() === 'story' ) :
?>
<?php if ( 0 === $count ) { ?>
<span class="date outlook-fallback-font"><?php the_time( 'd M Y' ); ?></span>
<?php } ?>
<?php if ( get_sub_field( 'story_heading' ) ) : ?>
<h1><?php the_sub_field( 'story_heading' ); ?></h1>
<?php endif; ?>
<div class="content">
<?php the_sub_field( 'story_content' ); ?>
</div>
<?php
endif;
if ( 'post_list' === get_row_layout() ) :
?>
<?php
$posts = get_sub_field( 'post_list' );
if ( $posts ) :
?>
</div>
<div class="story-list">
<h2><span class="wrap"><?php the_sub_field( 'post_list_heading' ); ?></span></h2>
<div class="wrap-table">
<table width="100%" cellpadding="0" cellspacing="0" border="0">
<?php
// Output story cards
foreach ( $posts as $i => $post ) {
if ( 0 === $i % 2 ) {
echo '<tr>';
}
$class = ( 0 === $i % 2 ) ? 'odd' : 'even';
$image_src = wp_get_attachment_image_src( get_post_thumbnail_id( $post->ID ), array( 640, 345 ) );
$image_srcset = wp_get_attachment_image_srcset( get_post_thumbnail_id( $post->ID ) );
echo sprintf(
'<td class="story-cell %4$s" valign="top">
<a href="%1$s" class="story-card outlook-fallback-font">
<img src="%3$s" alt="" height="120" style="height: 150px; object-fit: cover;" />
<span>%2$s</span>
</a>
</td>',
esc_url( get_permalink( $post->ID ) . '?utm_source=newsletter&utm_medium=email&utm_campaign=newsletter' ), // permalink
esc_html( get_the_title( $post->ID ) ), // title
// esc_attr( $image_src[0] ), // image - src
esc_attr( $image_src[0] ), // image - src
esc_attr( $class ) // class
);
if ( 0 !== $i % 2 || count( $posts ) === ( $i + 1 ) ) {
echo '</tr>';
}
}
?>
</table>
</div>
</div>
<div class="wrap">
<?php
endif;
endif;
if (!$hide_newsletter_ads) {
(0 === $count) {
include ABSPATH . 'path/mpu-1.php';
}
if (1 === $count) {
include ABSPATH . 'path/mpu-2.php';
}
}
$count++;
endwhile;
endif;
?>
<div class="footer">
<table width="100%" cellpadding="0" cellspacing="0" border="0">
<tr>
<td align="left">
© <?php echo esc_html( date( 'Y' ) ); ?>
</td>
<td class="footer-link">
<a href="<?php echo get_permalink( get_page_by_path( 'privacy-policy' ) ); ?>">Privacy Policy</a> ·
<a href="%unsubscribe_url%">Unsubscribe</a>
</td>
</tr>
</table>
</div>
</div>
<?php
endwhile;
endif;
?>
I have a calendar select date function for my form that returns the date in the calendar format for USA: 02/16/2012. I need to have this appear as is for the form and in the db for the 'record_date' column, but I need to format this date in mysql DATE format (2012-02-16) and submit it at the same time with another column name 'new_date' in the database in a hidden input field. Is there a way to do this possibly with a temporary table or something? Any ideas would be welcome. Doug I am having a very strange issue on one server. I have the same code in a development server running fine, but in my prod server it is failing. Here is the main issue: I have a user authentication routine that accepts UserID and Password from a form and validates it against a MySQL database. So to start, UserId and Password are entered via POST variables as is standard: $UserId=@$_POST['UserId']; $Password=@$_POST['Password']; The Password is encrypted using a standard crypt method such as: $encrypt = crypt($Password,'6!68$7435!'); And this is stored in a MySQL database. This part is working fine, that is, the password is encrypted in value and stored in the MySQL database as 'epasswd'. On login, I am using session, so a standard session_start() and eventual session_destroy() on logout are used. The reason I mention this is because I suspect my issue is session related. So normally this works well. User logs in and I check credentials as follows in one part of my auth routine: elseif(UserAuth($UserId,$Password)){ $UserLogin=$UserId; session_start(); $_SESSION['UserLogin'] = $UserLogin; sql_insertActivity(); header("Location: home.php"); And the auth routine is as follows: <? function UserAuth($UserId,$Password){ global $conn; $Stmt="select epasswd from Users where UserId='$UserId' and Approved='1' or Approved='-1' or Approved='-2'"; $Result = mysql_query($Stmt, $conn) or die(mysql_error()); $Result=mysql_fetch_row($Result); $epasswd=$Result[0]; $retval=($epasswd==crypt($Password,$epasswd)); return($retval); } ?> So I am checking for a valid UserID and Password on form input, and I have a few other variables set for approved status. The retval checks the password they enter versus the encrypted value for a match. This usually works well. Then login occurs and session started, etc. Here is the issue. I added a quick admin routine a little while ago which helps reset a user's password to a temporary value. Once this value is set, along with a setting of approved=-1 in my database, then the user is re-directed to a Change Password screen to update his or her password. *Note: I changed the value to 'Charlie' for this discussion purpose. Here is that quick admin routine I run when I need to change a User to a temp setting: // ----- Establish database connection ----- require "../inc_php/inc_mysql_prod.php"; // $UserId=@$_GET['UserId']; $Password='Charlie'; $encrypt = crypt($Password,'6!68$7435!'); $sql = "UPDATE Users set epasswd='$encrypt', approved='-1' where UserId='$UserId'"; mysql_query($sql, $conn) or die(mysql_error()); So this does work as I validate the UserID is updated in the MySQL database along with an encrypted value for 'Charlie'. However, this is where things breakdown going forward. When the user logs in with the temp credentials, and enters in the Change password routine, their new password is saved in the table. However, when logging back in with the new credentials, the new password is not valid. And what's odd is that 'Charlie', the temp password, works for them on login and nothing else, no matter how many times they change the password in the form. So seems a case of session management out of control? What is the issue? I am defining session on all Php pages used, and have a logout to destroy session, etc. The temp password routine is something I run as an admin in the system and it doesn't have a session start statement. And I am not defining any global vars for Password. I lloked into session management and tried some UNSET paths and such, but may not be doing this correctly. Also I did a complete stop apache, remove all php sess_ files, restart and to no avail. I tried the clear my client side cookies deal in the browser, and still the same problem. What is odd is that this same set of code works fine on my other server, but breaks down on the mirrored server. They are essentially twins in all setup. Some minor differences between the two servers regarding PHP setup that might(?) make a difference. DEV server: SERVER_SOFTWARE Apache/2.2.3 (Red Hat) PROD server: (server showing the issues): SERVER_SOFTWARE Apache/2.2.3 (CentOS) HTTP_COOKIE PHPSESSID=3gocr0hhelvsjjlt63pp4qlnp3 _REQUEST["PHPSESSID"] 3gocr0hhelvsjjlt63pp4qlnp3 _COOKIE["PHPSESSID"] 3gocr0hhelvsjjlt63pp4qlnp3 _SERVER["HTTP_COOKIE"] PHPSESSID=3gocr0hhelvsjjlt63pp4qlnp3 Thanks appreciate the help! -Eddie I have a website with a variable number of inputs in various categories. I want to allow the user to add rows to the table with the input lines in every category. The table looks like this:
<tr><th>Working Capital Changes</th></tr><tr><td><input type="hidden" name="category_code[]" value="WORK"><input type="text" name="description[]" value="Increase (decrease) in working capital" size="60"></td>
<td><input type="text" name="amount[1][]" value="" onblur="this.value = formatNumber2Comma(this.value);" ></td></tr>
<tr><td><input type="hidden" name="category_code[]" value="WORK"><input type="text" name="description[]" value="" size="60"></td>
<td><input type="text" name="amount[1][]" onblur="this.value = formatNumber2Comma(this.value);" ></td></tr>
<tr><th>Depreciation and Amortization</th></tr><tr><td><input type="hidden" name="category_code[]" value="DEPR"><input type="text" name="description[]" value="Depreciation and Amortization (for taxes)" size="60"></td>
<td><input type="text" name="amount[1][]" value="" onblur="this.value = formatNumber2Comma(this.value);" ></td></tr>
<tr><td><input type="hidden" name="category_code[]" value="DEPR"><input type="text" name="description[]" value="" size="60"></td><td><input type="text" name="amount[1][]" onblur="this.value = formatNumber2Comma(this.value);" ></td></tr>
I tried adding the following near the top of the page:
<script src="//ajax.googleapis.com/ajax/libs/jquery/2.1.1/jquery.min.js"></script>
<script type="text/javascript">
var count = 0;
$(function(){
alert ('wow');
$('tr#add_field').click(function(){
alert ('whee');
count += 1;
$('#container').append('<table><tr><td><input id="field_' + count + 'type="hidden" name="category_code[]" value="DEPR"><input type="text" name="description[]" value="" size="60"></td><td><input type="text" name="amount[1][]" onblur="this.value = formatNumber2Comma(this.value);" ></td></tr></table>' );
});
});
I get the wow alert on page load and whee when I click the link:
<tr id="add_field"><th><a href="#">Click to add another line</a></th></tr>that I added to the bottom of the table before the </table> but I do not get an additional line I have tried moving the add_field line outside of the table and changing the <tr></tr> to a <p></p> but that does not help. |
|||||||