|
PHP - Uploading Feature?
I have made a script to upload a few files from the pc to my server.. like i upload big files which are generally above 50mb of size.. but most of the times as there is some problem with the internet the hours of wait is just ruined.. is there a better way to upload files.. i use the normal function
move_uploaded_file($_FILES['song1_upload']['tmp_name'] can anyone give a better idea than this? Similar TutorialsI have made a script to upload a few files from the pc to my server.. like i upload big files which are generally above 50mb of size.. but most of the times as there is some problem with the internet the hours of wait is just ruined.. is there a better way to upload files.. or anything that if the internet connection is interupted the downloading starts from wer it stopped cuz of the problem.. please help.. i use the normal function for uploading a file move_uploaded_file($_FILES['song1_upload']['tmp_name'] can anyone give a better idea than this? Hi All, I am a newbie and was designing a feature and needed some help. Wondering if i can get some help here. Here is the scenario. I have a website which has an Add Page. In the Add Page, customers can add address details and other information. Sometimes the customers might want to select an address from the existing address database. I have a button on the Add Page, which opens a new window which displays the addresses which can be used. When the customer selects an Address and clicks on the USE button, an POST is done to a new Add Page which displays the address. There is a slight glitch here. When the customers press on the USE button, a new Add Page is opened again in the same window. So how we have two instances of the Add Page. Now what I want to accomplish is that when the customer presses on the USE button, the new window should close and the already opened Add Page should display the selected Address. Is there a way to do this? I would greatly appreciate any input. Thank you, I'm using the wordpress themeplate, that has feature box in main page, which it use the feature images that has been listed on the pages, and it has this little icons that swtich them around every few second, now i need to have a small modification. i need the hover that is appearing on the top of the small boxes to show the tittle center, and also i need it to be linked (a href) to their pages... and the main background photo to be linked to that page as well. please help me url: http://www.makooliprekupec.com/en/ I had a question and couldn't really pin-point a forum to put this post in, so I hope this suits my topic. You always hear "Facebook is rolling out a new feature"; most recently "Twitter is rolling out the New Twitter.com" but it only releases to so many people at time. Or friends will get features on Facebook before I do (like I couldn't like threaded comments until about a month after all my other friends could). I was just wondering if anyone knows the actual method or how large sites go about releasing new features to users? We want to add a chat feature in PHP for a social site can somebody suggest a good solution, a script maybe, where registered users when online can chat with other registered members in the friend list I just came up with this idea I got for my registration script, where when the user has complete all steps in the registration process, he/she comes to a page that displays this: Code: [Select] <h1>Step 3: Activate your account</h1> <h2>Congratulations, <strong><?php echo $_SESSION["user"]["username"]; ?></strong>!</h2> <p>An email has been sent to <strong><?php echo $_SESSION["user"]["email"]; ?></strong> with an activation key, and important information regarding your account. Please check your email to complete registration.</p> Then this: Code: [Select] $email_client = preg_match ("/[@][a-zA-z0-9]{10}\.com$/", $_SESSION["user"]["email"]); $email_link = "<a href='http://www." . $email_client . ".com'>Go to " . $email_client . " mail now!</a>"; echo "<p class='center_align'>" . $email_link . "</p>"; Basically, what it does, is it figures out what email provider the user supplied as their email, and generates a link that allows them to go to that website, without having to type it in the address bar (I think I got that idea from facebook lol; only they probably do it differently). So anyway, It's not complete, and this is where I need someone's help... I assign a preg_match function to $email_client, so if it finds a string like "@yahoo.com", $email_client will be true, but that's not what I want. I want $email_client to equal a string, such as "yahoo" or "aol" based off of what the preg_match function finds, WITHOUT using if/else statements. Before I did an if/else statement for every email provider I could think of, but I think it better if I do it this way, as some people have crazy a** email names lol. So, basically what I want to do is this: Code: [Select] <?php //Step 1: Check email preg_match("/[@][a-zA-z0-9]{10}\.com$/", $_SESSION["user"]["email"]); //Step 2: Somehow assign the "a-zA-z0-9{10}" part to a variable //Step 3: Generate link with that variable used in the "href" attribute and the label ?> But I have no idea how to go about this...Help? Is PHP used to create this type is feature? I already have a MYSQL table set up, how difficult is it to create this sort of feature? On this image, where it says 'filter your results' if a user clicks 'Detached Houses' then only detached houses will be displayed. if a user clicks 'Semi-detached' then only semi detached houses will be shown. Whats the technical term for this type of feature, and can you point me towards any tutorials etc, would really appreciate it. thank you! I would like to have the option of thanking people by the press of a button.
Currently there is a like button but that's entirely different than a thank you button.
This topic has been moved to MySQL Help. http://www.phpfreaks.com/forums/index.php?topic=314222.0 Alright, so i got this site, and what i'm trying to do is to allow a user to search for another user using their zip code. However i also want them to be able to select the radius...so say for example someone selects to find a user with in 5 miles of their zip code i want them to get all the people from their zip code as well as the ones that are 5 miles away in radius from their zip code. Does anyone have any examples or pages were i can find tutorials. Any help would be gladly appreciated Hi all, Thanks for reading. I have this code: Code: [Select] $message = strip_tags($_POST['message'], '<p><strong><em>'); My question is however, is there a way that I could disable the onmouseover features in those tags? Thank you. Hi, I wanted to know is there any class or functions which will parse the mail body and find all the features like how many sentences, how many stop words, how many paragraphs, how many punctuation chars, etc. I haven't find anything good in my searching so far. I have parsed the whole body of email and separated the headers and body in variables. Now I want to perform these operations in only in the body. Thank you in advance. I need help adding a feature to the following php script that goes through folders and reads from txt files. Right now it is just grabbing the sub folder name, title and body and exporting it to a csv in columns A B and C respectively. What I need it to do is grab a summary from each txt file as well and added to the 4th column in the csv. I think the best way to do this would be to grab from the beginning of the body, to pre-defined closing }. So If I set it at 25 it will end the summary on the 25th } found in the txt file from the beginning of the body. All the txt is in spintax format like "The {Fox|Bird|Cat} {Stole|Took} The {Food|Water}" Code: [Select] <?php set_time_limit(0); // set unlimited execution time $base_folder = $_POST['base_folder']; $article_to_capture = (int)$_POST['article_to_capture']; $words = explode(',', $_POST['words']); // print_r($words); die(''); if(!is_dir($base_folder)) die('Invalid base folder. Please go <a href="step1.php"><strong>back</strong></a> and enter correct folder.'); ?><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <title>Artcle Scraper Step 2</title> <style type="text/css"> <!-- body { font-family: Verdana, Arial, Helvetica, sans-serif; font-size: 12px; color: #333333; } --> </style> </head> <body> <h2>Step 2 : Processing the content of the folder. </h2> <table width="100%" border="0" cellpadding="2" cellspacing="1" bgcolor="#CCCCCC"> <tr bgcolor="#FFFFFF"> <th width="10%"> </td> <th width="30%">BASE FOLDER NAME</td> <th width="50%"> <?php echo $base_folder;?></td> <th width="10%"> </td> </tr> <?php $subfolder_arr = scandir($base_folder); //print_r($arr1); $total_subfolders = sizeof($subfolder_arr); $subfolder_count = 0; $file_count = 0; $report = ""; $fp = fopen('articles.csv', 'w+'); for($i=0; $i< $total_subfolders; $i++){ $file_name = $subfolder_arr[$i]; if($file_name=='.'||$file_name=='..') continue; $sub_folder_name = $base_folder ."\\". $file_name; $file_type = is_dir($sub_folder_name) ? 'dir' : 'file'; if($file_type=='dir'){ $sub_folder_count++; $rpeort .= "Processing folder $sub_folder_count $sub_folder_name \r\n"; $msg = "Processing folder $sub_folder_count $sub_folder_name \r\n"; ?> <tr bgcolor="#FFFFFF"><td> </td><td colspan="2"> <?php echo $msg;?> </td><td> </td></tr> <tr bgcolor="#FFFFFF"><td> </td><td colspan="2"> <table width="90%" cellpadding="0" cellspacing="0" border="1" bordercolorlight="#0000FF"> <?php // process sub folder $column1 = $file_name; $column2 = '{'; $column3 = '{'; $first = true; $files_arr = scandir($sub_folder_name); $article_processed =0; // article_processed in current sub folder foreach($files_arr as $key=>$val){ if(is_file($sub_folder_name.'\\'.$val) ) { if( substr($val,-4)=='.txt' && (filesize($sub_folder_name.'\\'.$val) <= 35000) && (filesize($sub_folder_name.'\\'.$val) >= 4000)) //file is > 1kb { $size = filesize($sub_folder_name.'\\'.$val); $article_processed++; if($article_to_capture==0 || $article_processed <= $article_to_capture ){ if($first==true) $first=false; else { $column2 .= '|'; $column3 .= '|'; } // read file get title and body $file_content = file($sub_folder_name.'\\'.$val); $file_title = rtrim($file_content[0]); $file_content[0] = ''; $file_arr_size = sizeof($file_content); $words_arr_size = sizeof($words); $t=1; while($t < $file_arr_size){ $file_content[$t] = rtrim($file_content[$t]); //echo $file_content[$t]; //die('inside'); if( $words_arr_size>0 ){ //die('inside'); $temp = str_replace($words, "", $file_content[$t]); $file_content[$t] = $temp; } $t++; //if($t>=3) die('aa'); } $file_body = implode('',$file_content); $column2 .= $file_title; $column3 .= $file_body; ?> <tr><td> <?php //print_r($files_arr); echo $val ."\r\n"; echo round(($size / 1024), 2).' KB'; ?> </td></tr> <?php } //end if .txt } // article processed } // end if is_file } // end foreach ?> </table> </td><td> </td></tr> <?php $column2 .= '}'; $column3 .= '}'; // write to csv / excel file $erro = fputcsv ($fp, array($column1,$column2,$column3) ); } //end if filetype else{ } } // end for fclose($fp); ?> <tr bgcolor="#FFFFFF"> <td> </td> <td colspan=""> File Generated. Download it <a href="articles.csv" target="_blank">HERE</a></td> <td> </td> </tr> </table> </body> </html> Twitter chat features : 1) use ajax to reload the page to get new data from database for every 10 seconds, 2) When the user scroll down to the bottom of page, it load the older 5 data from database. I have 3 files (index.php, message1.php and message2.php) On index.php, I use ajax to reload the page for every 10 seconds to call a php file (message1.php). On message1.php, I use mysql to retrieve 30 records from database and php to display the records to the index.php. ($last_msg_id to hold the id of last data in message1.php, then send the $last_msg_id to index.php) When user scroll down to bottom of the page, it will auto call other php file (message2.php) to display older 5 records from database. (index.php will send $last_msg_id_id to message2.php, so that message2.php will know which was the last data previously and display the older data where id is less than $last_msg_id, eg : $query2 = "SELECT id, message, datetime FROM messages WHERE id < '$last_msg_id' LIMIT 5"; Now my problem is when the ajax reload the index.php, the value of $last_msg_id is become empty. So if the user is on the half way scrolling to bottom of page to get older data, the older data will not show up, it will show up the previous data because the value of $last_msg_id is back to empty after page is reloaded by ajax. May I know how to fix this problem please? Maybe I should not reload the page for every 10 seconds to get new data? If without reload the page, how am I going to get new data when his friends posted new messages on other side? This topic has been moved to JavaScript Help. http://www.phpfreaks.com/forums/index.php?topic=314473.0 Hi all, I'm very new to the wonderful world of php, so I'd appreciate any and all help in the matter. I've greatly simplified the code below to hopefully help you in helping me. Thanks! Ok, so I'm integrating a very simple message board feature into my site. The basic idea is that people post a comment, and have the option of replying to existing comments. I'm definitely not looking for a complete forum; just something that allows users to post and reply. I've tackled the posting bit easily enough. I have a form. Users fill in the form and the message, along with user information, is sent to a MySQL database. The information includes the username(Poster), the message(Message), an id that corresponds to the topic in question(Messid), a unique ID code for the message itself (ID), and a number of other variables like date and rank. I then use a while statement to bring up all of the messages that pertain to a particular topic; The output will only show messages that share the same Messid, and they are arranged in terms of descending ID: Code: [Select] <? while($row = mysql_fetch_array($resultcomments)) { $poster=$row['Poster']; $message= $row['Message']; $ID=$row['ID']; echo $message.$poster.$ID; } So far, so good. What I want is for users to be able to click on any one of the particular messages, and post a response comment that will appear directly below the message to which it responds. Any ideas how I might go about such a task? So far, I've created a new MySQL table that corresponds to these "subcomments". Each subcomment has a "subID" that corresponds to the ID of the message to which it responds. By including a while statement within the while statement above, I can successfully list all of the subcomments that correspond to a message directly below it. The problem, of course, is that I have to insert the subID values manually in php_my_admin. I'm hoping there's a way for php to automatically detect the ID value of the message in question... Many many thanks for any assistance I can get. Once this revolution in communication makes me a billionaire, I will be certain to reward you most properly. Thanks again. The following script came from using-custom-paths. It appears that these are PHP 8's new attributes, correct?
<?php
// api/src/Entity/Question.php
#[ApiResource(
subresourceOperations: [
'api_questions_answer_get_subresource' => [
'method' => 'GET',
'path' => '/questions/{id}/all-answers',
],
],
)]
class Question
{
}
I currently am using PHP7 and will need to convert them. Does the following look correct? Thanks
/**
* @ApiResource(
* subresourceOperations = {
* "api_questions_answer_get_subresource" = {
* "method" = "GET",
* "path" = "/questions/{id}/all-answers"
* }
* }
* )
*/
I have a script that allows me to sort user submitted data either by category OR by date and I'd like to accomplish both at the same time, so my question is how can I do that? This is my script: <?php $select_category = $_REQUEST['sort_category']; $sort_date_var = $_REQUEST['sort_date']; // Connect to the database $dbc = mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME); if (($select_category == 'All') || (!isset($select_category)) && (!isset($sort_date_var))) { // Retrieve the chosen category from MySQL $query3 = "SELECT * FROM con"; $data3 = mysqli_query($dbc, $query3); //Loop through the array of data while ($row3 = mysqli_fetch_array($data3)) { echo "<table class='knuffixTable'>"; // Display the score data echo "<tr><td class='knuffix_name'>"; echo "<strong>" . htmlentities($row3['name']) . "</strong><br /></td></tr>"; echo "<tr><td class='knuffix_contribution'><pre>" . $row3['contribution'] . "</pre><br /></td></tr>"; echo "<tr><td class='knuffix_categoryDate'>" . $row3['category'] . " | " . date('M d, Y', strtotime($row3['contributed_date'])) . " </td></tr>"; echo "</table>"; } mysqli_close($dbc); } if ($select_category) { // Retrieve the chosen category from MySQL $query2 = "SELECT * FROM con WHERE category = '$select_category'"; $data2 = mysqli_query($dbc, $query2); //Loop through the array of data while ($row2 = mysqli_fetch_array($data2)) { echo "<table class='knuffixTable'>"; // Display the score data echo "<tr><td class='knuffix_name'>"; echo "<strong>" . htmlentities($row2['name']) . "</strong><br /></td></tr>"; echo "<tr><td class='knuffix_contribution'><pre>" . $row2['contribution'] . "</pre><br /></td></tr>"; echo "<tr><td class='knuffix_categoryDate'>" . htmlentities($row2['category']) . " | " . date('M d, Y', strtotime($row2['contributed_date'])) . " </td></tr>"; echo "</table>"; } mysqli_close($dbc); } // SORT DATE BLOCK if ($sort_date_var) { // Retrieve the chosen category from MySQL $query4 = "SELECT * FROM con ORDER BY contributed_date $sort_date_var"; $data4 = mysqli_query($dbc, $query4); //Loop through the array of data while ($row4 = mysqli_fetch_array($data4)) { echo "<table class='knuffixTable'>"; // Display the score data echo "<tr><td class='knuffix_name'>"; echo "<strong>" . htmlentities($row4['name']) . "</strong><br /></td></tr>"; echo "<tr><td class='knuffix_contribution'><pre>" . $row4['contribution'] . "</pre><br /></td></tr>"; echo "<tr><td class='knuffix_categoryDate'>" . htmlentities($row4['category']) . " | " . date('M d, Y', strtotime($row4['contributed_date'])) . " </td></tr>"; echo "</table>"; } mysqli_close($dbc); } ?> The first block is the default state where ALL the data is being shown when the site is being visited. The second block sorts by category and the third by date. The problem is that only ONE of the last two blocks work at a time and I would like to have a combination of date and category sorting. Thanks for all the suggestions. Since there have been some debates about how to safely pass PHP values to JavaScript, I hope I can clarify a few things.
One suggestion that kept recurring was to simply run the value through json_encode() and then inject the result into a script element. The JSON-encoding is supposed to (magically?) prevent cross-site scripting vulnerabilities. And indeed it seemingly works, because naïve attacks like trying to inject a double quote will fail.
Unfortunately, this approach doesn't work at all and is fundamentally wrong for several reasons:
json_encode() was never intended to be a security function. It simply builds a JSON object from a value. And the JSON specification doesn't make any security promises either. So even if the function happens to prevent some attack, this is implementation-specific and may change at any time.
JSON doesn't know anything about HTML entities. The encoder leaves entities like " untouched, not realizing that this represents a double quote which is dangerous in a JavaScript context.
The json_encode() function is not encoding-aware, which makes it extremely fragile and unsuitable for any security purposes. Some of you may know this problem from SQL-escaping: There used to be a function called mysql_escape_string() which was based on a fixed character encoding instead of the actual encoding of the database connection. This quickly turned out to be a very bad idea, because a mismatch could render the function useless (e. g. the infamous GBK vulnerability). So back in 2002(!), the function was abandoned in favor of mysql_real_escape_string(). Well, json_encode() is like the old mysql_escape_string() and suffers from the exact same issues.
Any of those issues can be fatal and enable attackers to perform cross-site scripting, as demonstrated below.
1)
The entire “security” of json_encode() is based on side-effects. For example, the current implementation happens to escape forward slashes. But the JSON standard doesn't mandate this in any way, so this feature could be removed at any time (it can also be disabled at runtime). If it does get disabled, then your application is suddenly wide open to even the most trivial cross-site scripting attacks:
<?php
header('Content-Type: text/html; charset=UTF-8');
$input = '</script><script>alert(String.fromCharCode(88, 83, 83));</script><script>';
?>
<!DOCTYPE HTML>
<html>
<head>
<meta charset="utf-8">
<title>XSS</title>
</head>
<body>
<script>
var x = <?= json_encode($input, JSON_UNESCAPED_SLASHES) ?>;
</script>
</body>
</html>
2)
In XHTML, a script element works like any other element, so HTML entities like " are replaced with their actual characters (in this case a double quote). But JSON does not recognize HTML entities, so an attacker can use them to bypass json_encode() and inject arbitrary characters:
<?php
header('Content-Type: application/xhtml+xml; charset=UTF-8');
$input = "";alert('XSS');"";
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>XSS</title>
<meta http-equiv="content-type" content="text/html; charset=UTF-8" />
</head>
<body>
<script type="text/javascript">
var x = <?= json_encode($input) ?>;
</script>
</body>
</html>
3)
json_encode() blindly assumes that the input and the output should always be UTF-8. If you happen to use a different encoding, or if an attacker manages to trigger a specific encoding, you're again left with no protection at all:
<?php
header('Content-Type: text/html; charset=UTF-7');
$input = '+ACIAOw-alert(+ACI-XSS+ACI)+ADsAIg-';
?>
<!DOCTYPE HTML>
<html>
<head>
<meta charset="utf-7">
<title>XSS</title>
</head>
<body>
<script>
var x = <?= json_encode($input) ?>;
</script>
</body>
</html>
(This particular example only works in Internet Explorer.)
I hope this makes it very clear that json_encode() is not a security feature in any way. Relying on it is conceptually wrong and simply a very bad idea.
It's generally not recommended to inject code directly into a script element, because any mistake or bug will immediately lead to a cross-site scripting vulnerability. It's also very difficult to do it correctly, because there are special parsing rules and differences between the various flavors of HTML. If you try it, you're asking for trouble.
So how should one pass PHP values to JavaScript? By far the most secure and robust approach is to simply use Ajax: Since Ajax cleanly separates the data from the application logic, the value can't just “leak” into a script context. This is essentially like a prepared statement.
If you're into micro-optimization and cannot live with the fact that Ajax may need an extra request, there's an alternative approach by the OWASP: You can JSON-encode the data, HTML-escape the result, put the escaped content into a hidden div element and then parse it with JSON.parse():
<?php
header('Content-Type: text/html; charset=UTF-8');
$input = 'bar';
?>
<!DOCTYPE HTML>
<html>
<head>
<meta charset="utf-8">
<title>XSS</title>
<style>
.hidden {
display: none;
}
</style>
</head>
<body>
<div id="my-data" class="hidden">
<?php
$json_object = json_encode(array(
'foo' => $input,
));
// HTML-escape the JSON object
echo htmlspecialchars($json_object, ENT_QUOTES | ENT_SUBSTITUTE | ENT_HTML5, 'UTF-8');
?>
</div>
<script>
var data = JSON.parse(document.getElementById('my-data').innerHTML);
alert('The following value has been safely passed to JavaScript: ' + data.foo);
</script>
</body>
</html>
Hi,I used bootstrap to create a webpage and one of the special effects is when you scroll down the page the section you are at is highlighted in the menu. This seems to work ok for all of my sections except the About Me section in which case the next section down (resume) is highlighted instead.
Here is the specific area on the page (http://www.inspired-...p#section-about).
I was wondering if anyone familiar with Boostrap and the Amoeba theme had any suggestions on a fix for this.
thanks in advance.
|
|||||||