PHP - Stop $end

hi i need some help . i see some person use bot traffic or proxey taffic software or script like jiggling and hitleap . they give a url of any sites then this software proxey view this websites.. i want asked can it possible stop these bot traffic its any procedure in php or javascript to stop this traffic..

Hi,

Was just wondering if I could get help with this programming problem, I am programming a diary system that people can use to book appointments within time slots on a current day. I have the below code reading from three database tables (one for appointment details, one for the profile of whom booked the appointment and lastly a LEFT JOIN table of times from 09:00:00 to 17:30:00). The functionality of this diary of time slots is where there is a booked slot, slip the appointment attendee into that slot so the avaible link is not seen so no one can book over the appointment.

This is where the problem comes into play, if there is an appointment expanding lets say 45 minutes which means other time slots will be taken, it just echos out the same appointment details so then I am getting it duplicating. for example down below;

09:00:00 - Booked Appointment (name) - Duration: 30 Minutes
09:15:00 - Booked Appointment (name) - Duration: 30 Minutes
09:30:00 - Booked Appointment (name) - Duration: 30 Minutes

Now what I would like the solution to is if there is a way to maybe stop the duplication by showing the first row of the start time of the appointment and then change the the next rows to unavailable? Or even collapsing the time rows so if an appointment is booked at 09:00:00 for 30 mnutes, then the next available time slot would be 09:45:00 so the record would not duplicate.

Here is a screenshot to help you a bit better - http://img185.imageshack.us/img185/7981/72314500.png

Here is my source code, would appreciate any suggestions on how I would do this!


<?php
include('connection.php'); 

//Query
$comment = "SELECT *
FROM timeslots
LEFT OUTER JOIN
  (SELECT time,endtime,status,firstname,secondname,duration
    FROM appointments
    INNER JOIN profile
    ON profile.id=appointments.id
    WHERE appointments.DATE = '" .$_GET['date']."') AS a
ON a.time <= timeslots.timeslot
AND a.endtime >= timeslots.timeslot";

$commentresult = mysql_query($comment);


// If commentresult = false then query return fail
if ($commentresult == false)
{
die("Your Query isn't working correctly! :-( ");

}

// If commentresult = true then echo below information with results
if (mysql_num_rows($commentresult) >= 1)
{ // Start Rows

 while($cr = mysql_fetch_array($commentresult)) 
 { // Start While Loop
{ // Process While Loop

$_GET['time'] = $cr['timeslot'];
$status = $cr['status'];  

if($status=="") { // Start IF Status

// echo Available
echo "<table border='0' width='800'>
<tr><td width='35'><div class='content'>".$cr['timeslot']."</div></td>
<td width='100'><div class='content'><a href='book_slot.php?date=".$_GET['date']."&id=".$_GET['id']."&time=".$_GET['time']."'>Available</a></div></td>
<td width='100'><div class='content'></div></td>
<td width='120'><div class='content'></div></td>
</tr></table>";

} // End IF Status

else { // Start ELSE status

// echo Appointment within Time Slot
echo "<table border='0' width='800'>
<tr><td width='35'><div class='content'>".$cr['timeslot']."</div></td>
<td width='100'><div class='content'>".$cr['status']."</div></td>
<td width='120'><div class='content'>".$cr['firstname']." ".$cr['secondname']."</div></td>
<td width='120'><div class='content'>".$cr['duration']." Minutes</div></td>
</tr></table>";
} // End ELSE Status


} // End Process While Loop
} // End Loop
} // End Row

// Else statement
else 
{ 
    echo "<img src='info.png'> There are no appointments for this day!"; 
}
// Close database connection
mysql_close($dbconnection);
/////////////////////////////

?>

I am trying to get information from a website and these information are seperated by <br>

Quote

Samsung ML-3310ND
<br>
AC Cable (UK)
<br>
CD/DVD (including Software/ Utilities/ Drivers and User Manuals)
<br>
Setup Guide
<br>
Black Toner Cartridge 2000 pages


When I import this to the database it becomes

Quote

Samsung ML-3310NDAC Cable (UK)CD/DVD (including Software/ Utilities/ Drivers and User Manuals)
Setup GuideBlack Toner Cartridge 2000 pages


How would I get it exactly how it looks. so it doesnt print in one paragraph.

this is the code I am using..

Code: [Select]
$inbox = $html->find( "#ctl00_placeholderMain_pnlInTheBox" );

if ( isset( $inbox[ 0 ] ) )
{

// Tidy it up - remove commas and weird Word chars
$box = strip_tags( $inbox[0] );
//$box = substr( $box, strpos( $box, ";" ) + 1 );
$box = strpos($box, ';') !== FALSE ? substr( $box, strpos( $box, ";" ) + 1 ) : $box; 
$box = str_replace("", "<br>", $box );

}
else
{
$box = "0";
}

I have a web app that uses an API that I wrote to communicate with my MySQL database that was written in PHP. Currently, each user of the API is required to authenticate before using the API with a username/password. Every API request is logged into a Requests_History table which stores the API request type, the timestamp and the userId of the requester.

How can I easily stop hammering of the API via too many requests in a given time period?

1. first violation within 24 hours, 2 minute ban
2. second violation within 24 hours, 10 minute ban
3. second violation within 24 hours, 1 hour ban

Hi all,

I've added bbcode to my forum on my website but I don't want users to be able to add javascript (or better put, I only want links to be http, https, ftp type links). How can I do this?

Regards,
Jason

I have made a script that allows a user to change their email address. It works BUT if the email address they have chosen is already registered the script does not cut off - it continues to the next if statement and changes the email address anyway.

I am trying to put a stop to it using exit() and exit; but it does not work.

Any tips?


<?php
//////////////////// checking new email is not already registered /////////////////
if ($_POST['newemail'] && $_POST['newemail1'] !="") {

if ($_POST['newemail'] == $_POST['newemail1']) {
$sql2 = "SELECT email FROM Members WHERE email='$_POST[newemail]'";
$result2 = mysqli_query($cxn,$sql)
or die ("Couldn't execute query 2");

$num2 = mysqli_num_rows($result2);

if ($num2 > 0) { $updateerror = "The email address you have chosen is already registered.";
 include("my-account.php")
 exit();  // TRYING TO STOP THE SCRIPT HERE (IF $num2 > 0)
 exit;
}
else { echo "You can have this new email address";}
}
else { echo "Your email addresses do not match. Please try again."; }
}
else {}

// THIS SCRIPT CONTINUES TO CHANGE THE EMAIL ADDRESS DESPITE IT ALREADY BEING REGISTERED.
if ($_POST['newemail'] == "") { $newemail = $_POST['currentemail']; }
else { $newemail = $_POST['newemail']; }
$newemail1 = $_POST['newemail1'];
?>

Hello friends,

I've php script that create files for example you enter
file name (ex : test.php)
file content (ex: any text )
it will create test.php file with the same content you entered.


but the problem it add back slah \ before " or '
how can i stop it and make it not add back slash before " and '


here is the code


<?php
function saveFile($filename,$filecontent){
if (strlen($filename)>0){
$file = @fopen($filename,"w");
if ($file != false){
fwrite($file,$filecontent);
fclose($file);
return 1;
}
return -2;
}
return -1;
}
?>

<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post" name="domain" id="domain">
File name: <input name="filename" type="text" value="<?php echo $domainbase; ?>" />
File content: <textarea name="filecontent" rows="15" cols="46"></textarea>
<input type="submit" name="submitBtn" value="Save file" />
</form>

<?php
if (isset($_POST['submitBtn'])){
$filename    = (isset($_POST['filename']))    ? $_POST['filename']    : '' ;
$filecontent = (isset($_POST['filecontent'])) ? $_POST['filecontent'] : '' ;
if (saveFile($filename,$filecontent) == 1){
echo "File was saved";
} else if (saveFile($filename,$filecontent) == -2){
echo "An error occured during saving file";
} else if (saveFile($filename,$filecontent) == -1){
echo "Wrong file name";
}
}
?>


thank you alot
it will really helps me alot 

This may not the best place to post this but I'm sure quite a few people here can help.  I have an a tag which uses the event trigger "onClick"  However when I click on this link the page refreshes.  Is there anyway I can stop this?  I have copied my code below. 

<a href=\"#\" class=\"" . $a[$i] . "\" onClick=\"locationValue('" . $a[$i] . "', '" . $_GET['search_type'] . "')\">

Hello.  Recently I've run into a bit of an issue with Path Traversal.  I was searching a bit on solutions to it, but all I could find were sites telling you to fix it, and not showing examples of how.  So, I've been running a few tests and seem to have the majority fixed.  At least, the ones on Owasp's examples don't work.   I am making a file manager, so they can browse the public_html all they want.  I just don't want anyone using ../, or the document root to browse through anything other than through the public_html.   So, here is the solution I have found that seems to work on everything I have seen:

<?php
// Seems to solve plain-text, encoded, and null bytes
$replace = array("%", "..");
$file = str_replace($replace, "", $_GET['file']);
 
// ./ at the beginning to stop DOCUMENT_ROOT travel
echo show_file_contents("./".$file);
?>

And this is how the path is set up for file_get_contents to access:

<?php
function show_file_contents($file) {
 
    $path = $_SERVER['DOCUMENT_ROOT']."/".$file;
 
}
?>

My question is:  Does this fully stop any directory traversal attempt?
Edited by SarahBear, 09 November 2014 - 08:29 AM.

I have a habit of doing stuff like such:

Code: [Select]
<div class="portal_box">
<h2>Welcome to ZombieCraft's Highscores!</h2>
<div class="portal_content">
Here you can sort the pros from the noobs, or just simply see whos on top of their game. The highscores will show the highsest scores, greatest to least.
If you want to see a certain user's score, then just use the search button!

<?php
$username = $_SESSION['loggedin'];
$extract_user_rank = mysql_query("SELECT rank FROM users WHERE username='$username'");
$grab = mysql_fetch_assoc($extract_user_rank);

if($grab['rank'] > 0)
{
echo "</br><br/><a href='control_panel.php'>Admin Control Panel</a>";
}
else
{
//return nothing
}
?>
</div>
</div>

I've been told a good bit of times that I need to stop using HTML and PHP in the same lines. How would one accomplish this?

Hello all.

Is it possible to have a link that can start and stop a service on the web server?  It is a windows 2003 server.

Thanks,
Mike

Ok I'm trying to make word replace but I'm have some problems ,  first I have in my database row "words" have the words it look for to replace row "wordsys" have the replacement word
the problem I'm have is let say the text I want to replace is "My friend is in here house" and row "words" has "My, In , here" in it and the replacement words are in wordsys has "In for My" "We for In" and "gone for here"

so first it going to replace "My" with "In" that good ,but then it going back and replacing "In" the we just replaced with "We" and so forth who do I stop it from re-replace a word that it already replace.
<?php
//connect to database

$textw = "My friend is in here house";
//load all replacements
$result = mysql_query("SELECT * FROM data");
//replace all words
$words = array();
$replacewords =array();
while ($row = mysql_fetch_assoc($result)) {
    $words[] = $row['words'];
    $replacewords[] = $row['wordsys'];
}
$text = str_replace($words,$replacewords,$textw);
echo $text;
?>


Thank you for your help

Hi I have an include page full of functions in a secure folder with htaccess. My problem is if the include file does not exsist, I get the following.

Warning: include(secure/SecureFunctions.php) [function.include]: failed to open stream: No such file or directory in /home/fhlinux190/d/otoole.co.uk/user/htdocs/streetangels/index.php on line 3

Warning: include(secure/SecureFunctions.php) [function.include]: failed to open stream: No such file or directory in /home/fhlinux190/d/otoole.co.uk/user/htdocs/streetangels/index.php on line 3

Warning: include() [function.include]: Failed opening 'secure/SecureFunctions.php' for inclusion (include_path='.:/usr/share/pear-php5') in /home/fhlinux190/d/otoole.co.uk/user/htdocs/streetangels/index.php on line 3

TIA

Desmond.
Fatal error: Call to undefined function session_init() in /home/fhlinux190/d/des-otoole.co.uk/user/htdocs/streetangels/index.php on line 6


Is there any way to suppress this as it is giving hackers information.

I need a way to start a program and store the PID, then manage to stop it at the users request later.

Im not sure how i would go about this. It has to work on Windows,

Any help?
Thanks.

The following code works. The user checks off what foods they want to be added. Then the foods and their nutrient values get added into the database. However, if the user refreshes, it updates the database with the values they selected before - thus doubling the amount of foods stored in the database. How do I stop this from happening?

Right now i'm taking values from the POST array and running an INSERT SQL query to put them into the database. (look for the following comment below: //Look here PHPFREAKS.COM)

Code: [Select]
<?php include 'top.php'; ?>
<?php

if (!loggedin())
{//1 if start
header('Location: need-to-log-in-mmp.php');
}//1 if end
?>
    <title>My Meal Planner - Vitamin K Tracker</title>
</head>

<div id="container">

<?php include 'header.php'; ?>

<?php include 'nav.php'; ?>



<div id="content-container">

<div id="content_for_site">
<h2>My Meal Planner</h2> <br />
                     
     


     
       
                        My Meal Que:
<br />
<ul>
<form action="my-meal-planner.php" method="POST">
<?php
//do sql query to return the foods and nutrients that a person added to their que

$query = "SELECT DISTINCT
foods.id, `name`, `source`,`vit_k`, `cal`,`protein`, `fiber`, `carbs`, `sugar`, `sodium`, `chol`, `total_servings`
 FROM `foods`
 LEFT JOIN users_foods
 ON foods.id=users_foods.food_id

WHERE users_foods.user_id =". $_SESSION['user_id']."
 ORDER BY users_foods.id";



$query_run = mysql_query($query, $link);
//echo mysql_errno($link) . ": " . mysql_error($link). "\n";
while ($row = mysql_fetch_array($query_run)){
?> <input type="checkbox" name="<?php
echo $row["id"];
?>"<?php
    echo ' value="'.$row["id"].'" />';
echo ' Food Name: '. $row["name"]." | Vitamin K: ".
    $row["vit_k"]." | Fiber: ".
    $row["fiber"]." | Calories: ".
    $row["cal"]." | Protein: ".
    $row["protein"]." | Carbs:".
    $row["carbs"]." | Sugar: ".
    $row["sugar"]." | Sodium: ".
    $row["sodium"]." | Cholesterol: ".
    $row["chol"]." | Source: ".
    $row["source"]." | Total Servings: ".
    $row["total_servings"]. "<br />How many servings will you have? "?><input type="text" name="<?php
echo $row["id"]."serving";
?>"<?php
    echo ' />';
   echo '<br /><br />';
}
     

?>
</ul>
Select a date: <input id="date" type="text" name="add_to_calendar"><br />
<input type="submit" value="add to calendar" ><br />





<input type="button" value="delete" name="delete">

</form>

<?php
//updates the date of the food 
if (isset($_POST['add_to_calendar']) && !empty($_POST['add_to_calendar'])){

$add_to_calendar = $_POST['add_to_calendar'];
$date_array = explode("/", $add_to_calendar);
                   

//Look here PHPFREAKS.COM
for ($i=1; $i<1000; $i++){
if (!empty($_POST[$i])){
$id = $_POST[$i];
$serv = $id. "serving";
$serving = $_POST[$serv];
$month = $date_array[0];
$day = $date_array[1];
$year = $date_array[2];
//echo 'month: '. $month . ' day: ' . $day . ' year: ' . $year . "<br />"; 

if (substr($month,0,1) == '0'){
//takes out a zero in front of month if it exists
$month = substr($month,1,1);}

if (substr($day,0,1) == '0'){
//takes out a zero in front of day if it exists
$day = substr($day,1,1);}

//echo 'POST ARRAY READS AS: <br />';
//print_r($_POST);
//echo '<br />';
$query = "INSERT INTO `users_calendar` VALUES ('','".$_SESSION['user_id']."','".$id."','".$month."','".$day."','".$year."','".$serving."')";
//echo '<br /> The query reads as: ' . $query;
$query_run = mysql_query($query) or die(mysql_error());
//columns in users_calendar:
//DONEid    DONEuser__id   DONEfood_id    DONEcalendar_month   DONElendar_day    DONEcalendar_year    servings
  }
}




}
?>

<br />


</div>



<script type="text/javascript" src="js/datepicker.js"></script>
<div id="clear"></div>
<?php //include 'footer.php'; ?>


</div>
</div>
</body>
</html>