|
PHP - Critique My Php Scripts | All Criticism/sggestions/improvements Appreciated
All criticism/suggestions/improvements appreciated
Registration.php Code: [Select] <?php $con = mysql_connect("localhost","","") or die(mysql_error()); mysql_select_db('Users'); if(isset($_COOKIE['ID_my_site'])) { $cookie_username = mysql_real_escape_string(filter_input(INPUT_COOKIE, 'ID_', FILTER_SANITIZE_FULL_SPECIAL_CHARS)); $cookie_password = sha1($_COOKIE['Key_']); $cookie_check = mysql_query("SELECT * FROM Users WHERE username = '$cookie_username'") or die(mysql_error()); $cookie_results = mysql_fetch_array($cookie_check); if ($cookie_password == $cookie_results['Password']) { echo "<div id=\"login_msg\">You are already logged on. Redirecting...</div><br />" && header("location:/index.php"); } } if(isset($_POST['submit'])) { $Username = mysql_real_escape_string(filter_input(INPUT_POST, 'Username', FILTER_SANITIZE_FULL_SPECIAL_CHARS)); $Email = mysql_real_escape_string(filter_input(INPUT_POST, 'Email', FILTER_SANITIZE_FULL_SPECIAL_CHARS)); $Password = sha1($_POST['Password']); $Password2 = sha1($_POST['Password2']); if (!$Username | !$Email | !$Password | !$Passord2) { echo "<div id=\"error_msg\">You did not complete all of the required fields, please try again.</div><br />"; } if ($Password != $Password2) { echo "<div id=\"error_msg\">Your passwords do not match, please try again.</div><br />"; } $check_username = mysql_query("SELECT * FROM Users WHERE (Username = $Username)"); $result_username = mysql_fetch_row($check_username); $check_email = mysql_query("SELECT * FROM Users WHERE (Email = $Email)"); $result_email = mysql_fetch_row($check_email); if ($result_username == true) { echo "<div id=\"error_msg\">The Username: '$Username', already exists. Please enter another username.</div><br />"; } if ($result_email == true) { echo "<div id=\"error_msg\">The Email Adress: '$Email', is already in our Database.</div><br />"; } $sql = "INSERT INTO Users (Id, Username, Email, Password) VALUES ('', '$Username','$Email','$Password')"; $add_member = mysql_query($sql) or die(mysql_error()); if (mysql_query($add_member)) { $week = time() + 604800; setcookie(ID_, $_POST['Username'], $week); setcookie(Key_, $_POST['Password'], $week); echo "<div id=\"login_msg\">Successfully added to our Database.</div><br />" && header ("location:/Login.php"); } else { echo "<div id=\"error_msg\">Invalid input.</div><br />"; } } ?> Login.php Code: [Select] <?php include("db.php"); if(isset($_COOKIE['ID_my_site'])) { $cookie_username = mysql_real_escape_string(filter_input(INPUT_COOKIE, 'ID_', FILTER_SANITIZE_FULL_SPECIAL_CHARS)); $cookie_password = sha1($_COOKIE['Key_']); $cookie_check = mysql_query("SELECT * FROM Users WHERE username = '$cookie_username'") or die(mysql_error()); $cookie_results = mysql_fetch_array($cookie_check); if ($cookie_password == $cookie_results['Password']) { echo "<div id=\"login_msg\">You are already logged on. Redirecting...</div><br />" && header("location:/index.php"); } } if(isset($_POST['submit'])) { $Username = mysql_real_escape_string(filter_input(INPUT_POST, 'Username', FILTER_SANITIZE_FULL_SPECIAL_CHARS)); $Password = sha1($_POST['Password']); if (!$Username | !$Password) { echo "<div id=\"error_msg\">You did not complete all of the required fields, please try again.</div><br />"; } $sql = "SELECT * FROM Users WHERE (Username, Password) = ('$Username', '$Password')"; $db_check = mysql_num_rows($sql) or die(mysql_error()); if (mysql_query($db_check)) { $week = time() + 604800; setcookie(ID_, $cookie_username, $week); setcookie(Key_, $cookie_password, $week); echo "<div id=\"login_msg\">Successfully Logged In.</div><br />" && header ("location:/index.php"); } elseif (($Username | $Password) != $db_check) { echo "<div id=\"error_msg\">Invalid username or password, please try again.</div><br />"; } } ?> Logout.php Code: [Select] <?php include("db.php"); if(isset($_COOKIE['ID_my_site'])) { $cookie_username = mysql_real_escape_string(filter_input(INPUT_COOKIE, 'ID_', FILTER_SANITIZE_FULL_SPECIAL_CHARS)); $cookie_password = sha1($_COOKIE['Key_']); $cookie_check = mysql_query("SELECT * FROM Users WHERE username = '$cookie_username'") or die(mysql_error()); $cookie_results = mysql_fetch_array($cookie_check); if ($cookie_password != $cookie_results['Password']) { header("location:/login.php"); } else { $past = time() - 604800; setcookie(ID_, gone, $past); setcookie(Key_, gone, $past); echo "<div id=\"error_msg\">Sucessfully logged out. Good Bye!</div><br />" && header ("location:/login.php"); } } ?> Similar TutorialsAs some of you know, I am still learning the fundamentals of good php code practice and have been working on a custom application for my own practice and personal schooling. My below code IS working as expected, but I wanted any ideas or critique on better, more secure, faster, etc methods of it.. Thanks for any input: <?php $id = mysqli_real_escape_string($cxn, $_GET['id']); $city_name = mysqli_real_escape_string($cxn, $_GET['city_name']); $posts_by_city_sql = "SELECT id, city_id, title FROM postings WHERE city_id='$id'"; $posts_by_city_results = (mysqli_query($cxn, $posts_by_city_sql)) or die("Was not able to grab the Postings!"); $row_cnt = mysqli_num_rows($posts_by_city_results); if ($row_cnt == 0) { printf("We're sorry. There are %d postings in: <strong>$city_name</strong>", $row_cnt); } else { printf("Congratulations! There are %d postings in: <strong>$city_name</strong>", $row_cnt); echo "<ul>"; while ($posts_by_city_row = mysqli_fetch_array($posts_by_city_results)) { echo "<li><a href='posting_details.php?id=$posts_by_city_row[id]'>$posts_by_city_row[title]</a></li>"; } // end while loop echo "</ul>"; } // end row_cnt if mysqli_free_result($posts_by_city_results); mysqli_close($cxn); ?> I need to parse some text similar to Twig templates, but MUCH more limited and error detection is not required. My reason for not using Twig is Twig seems overkill. All it needs to do is replace variables and simple ternary operators (unlike Twig, the ternary operators use ! instead of "not").
I would welcome any constructive criticism and/or recommended changes on how I implemented it.
Thanks
<?php
date_default_timezone_set('America/Los_Angeles');
ini_set('display_errors', 1);
error_reporting(E_ALL);
/*
Replaces all values surrounded by {{ }} deliminators.
Handles direct variable.
Multiple variables can be separated by the ~ symbol.
Also does (non-nested) ternary operators: x?y, !x?y, x==1?y, x?'y', x?y:z
*/
$template='
Test1 Hello {{ firstname }} {{ lastname }}. Call me in {{ days_int }} or {{ days_string }} days.<br>
Test2 {{ flag_int?"do this2" }}<br>
Test3 {{ flag_int?"do this3":"do that3" }}<br>
Test4 {{ value_int==5?"do this4" }}<br>
Test5 {{ value_int==5?"do this5":"do that5" }}<br>
Test6 {{ value_int==4?"do this6" }}<br>
Test7 {{ value_int==4?"do this7":"do that7" }}<br>
Test8 {{ value_int!=5?"do this8" }}<br>
Test9 {{ value_int!=5?"do this9":"do that9" }}<br>
Test10 {{ value_int!=4?"do this10" }}<br>
Test11 {{ value_int!=4?"do this11":"do that11" }}<br>
Test12 {{ value_int!=4 bla "do this12":"do that12" }}<br>
Test13 {{ value_int==5?"do this5 to "~firstname:"do that5 to "~firstname }}<br>
Test14 {{ !flag_int?"do this14" }}<br>
Test15 Hello {{ firstname~" "~lastname~". How are things" }}.<br>
';
$values=array(
'firstname'=>'John',
'lastname'=>'Doe',
'days_int'=>5,
'days_string'=>6,
'flag_int'=>true,
'value_int'=>5
);
$parser=new parser();
echo($parser->parse($template,$values));
class parser
{
public function parse($template,$values)
{
return preg_replace_callback('/\{\{\ (.+?)\ \}\}/',function ($matches) use ($values) {
$ternary = explode("?", $matches[1]);
if(count($ternary)>1) {
//Ternary operator. $ternary[0] is the condition and $ternary[1] is the resulting value(s)
$conditions=explode("==", $ternary[0]);
if(count($conditions)>1){
//Equal Condition
$cond=($this->getVal($conditions[0],$values)==$this->getVal($conditions[1],$values));
}
else {
$conditions=explode("!=", $ternary[0]);
if(count($conditions)>1){
//Not Equal Condition
$cond=!($this->getVal($conditions[0],$values)==$this->getVal($conditions[1],$values));
}
else {
//A flag
$cond=($conditions[0]== "!") ? !($this->getVal(ltrim($conditions[0],'!'),$values)) : ($this->getVal($conditions[0],$values));
}
}
$options=(explode(':',$ternary[1]));
return $cond?$this->getValues($options[0],$values):(isset($options[1])?$this->getValues($options[1],$values):null);
}
else {return $this->getValues($matches[1],$values);}
},
$template);
}
private function getVal($s,$values)
{
return in_array($s[0],array('\'','"'))?substr($s,1,strlen($s)-2):(isset($values[$s])?$values[$s]:$s);
}
private function getValues($strings, $values){
$s=null;
foreach(explode('~',$strings) as $string){
$s.=$this->getVal($string,$values);
};
return $s;
}
}
?>
As a long time CodeIgniter user, I made the decision to move away from CodeIgniter a while back. I still maintain, and in some cases develop new features for websites that I made using CodeIgniter.
Still somewhat active in the CodeIgniter forum, I have seen a recent question, "How do we get CodeIgniter back to the PHP framework of choice?". I have offered my own criticism of the framework, but the thread is located on the CodeIgniter forum, so many just protect their beloved CI, not willing to accept that it is in great need of change.
I would appreciate if phpfreaks members would be critical, and hopefully specific in regards to CodeIgniter's problems. I intend to link to this thread, with the hopes that your opinions will help future development of CodeIgniter. Thank you.
I've written the script below to import a csv file into the database. I've tried to make this as secure as possible by sanitizing and validating the data, but is there anything else I could do to improve it? I'm happy with the way it works so far.
All I can think to add is a meme check via php but I can't find a way to check whether it's specifically a csv file (other than just checking the extension but that's not secure)
<?php
if ($_FILES[csv][size] > 0) {
//get the csv file
$file = $_FILES[csv][tmp_name];
$handle = fopen($file,"r");
//set the row counter
$csv_row = 0;
//loop through the csv file and insert into database
do {
// start the import
if ($data[0]) {
//add 1 the row counter
$csv_row++;
//clear errors
$errors = '';
//sanitize the inputs
$firstName = addslashes($data[0]);
$lastName = addslashes($data[1]);
$email = addslashes($data[2]);
//validate the inputs - set $errors as 'YES' if any fail
if(!ctype_alpha($firstName)){
$errors = 'YES';
}
if(!ctype_alpha($lastName)){
$errors = 'YES';
}
if(!filter_var($email, FILTER_VALIDATE_EMAIL)){
$errors = 'YES';
}
//check whether there were any errors in the validation
if($errors!=='YES'){
//insert into database
$stmt = $db->prepare("INSERT INTO test (firstName,lastName,email) VALUES (?,?,?)");
$stmt->bind_param('sss',$firstName,$lastName,$email);
$stmt->execute();
}
//there was an error, store the affected row number in the error array
else
{
$error_report[] = "There was an error on row $csv_row";
} //end error check
} //end single row import
} while ($data = fgetcsv($handle));
if($csv_row>0){
$success = 'YES';
}
} // end csv import
?>
Edited by paddyfields, 11 June 2014 - 01:06 PM. I have the following form (attached to this post as a Thumbnail).
I want to make it user-friendly, specifically, bring it up to the modern web standards, namely, I am looking for things that that I think are modern and are user friendly and are great when considered by themselves, but together they may even conflict. And I need some help figuring out what will work best for my situation and what is technically possible.
Right now the user enteres fields into the form, into the editable fields on the left. Then user can save the fields by clicking Save, or click Del to delete the row. User can Add a new row at the bottom.
The things I think will improve the form a * implement a double-click feature on the editable fields to make them editable, and save them automatically upon `blur` event * user can use `Tab` key to navigate from one `<input>` field to the next, normally, as before, and edit values inside. * user can save all fields entered so far, and restore them via some mechanism (i.e. either to web page or to clipboard, and restore via direct paste for example, or file upload..) * Maybe I can use DataTables, but I have never used it so I don't know what could be done Can you help suggest form or UI improvements for the current form that I have? I may also have some questions on first steps or first examples of implementing particular ones (possibly making a separate post for those) Attached Files form.png 7.94KB 0 downloads Hi, I hope this is still a relevant topic here. I don't have a lot of coding experience and haven't studied it a college -- I'm just self taught hobbyist. I was wondering what your opinion is of the way I have structured my code and solved what I needed to do. Any tips or feedback is greatly appreciated. Thanks. Code: [Select] <?php $form_submission=$_POST["query"]; $lines = file('eo_dic.txt', FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES); preg_match_all('/[\w\'\ŝ\ĉ\ĵ\ŭ\ĥ\Ŝ\Ĉ\Ĵ\Ŭ\Ĥ]+|[,.;!"?-\s\\(\\)]/', $form_submission, $matches); foreach ($matches[0] as $value){ // Check if $value is a word or something else. if ($value == " " || $value == "," || $value == "." || $value == "(" || $value == ")" || $value == "!" || $value == "?" || $value == "-" || $value == ";" || $value == '"'){ echo $value; } else { // $value is a word. $titleText = array(); // store results in array. foreach ($lines as $line){ list($field1, $field2) = explode('=', $line); if (strcasecmp($field1, $value) == 0 || strcasecmp($field2, $value) == 0){ // Found string in DB. array_push($titleText, "$field1 = $field2"); // Store all finds in array before outputting. } } if (empty($titleText)) { // $value was not found -- array is empty. echo '<a name="translated" class="translated" title="Not found.">' . $value . '</a>'; } else { $arrayOut = implode(" / ", $titleText); // output the results found in the search. echo '<a name="translated" class="translated" title="' . $arrayOut . '">' . $value . '</a>'; } } } unset($value); ?> Hi,
I have a built a website and I want to get some feedback from the members at this forum. I can't seem to post this topic in the Website Critique forum.
Thanks
Moved by Ch0cu3r
Edited by Ch0cu3r, 10 December 2014 - 06:25 AM. I am in the process of building my own MVC framework (just to learn the concepts) and I decided to throw some libraries and helpers in the mix to make things more convenient. Below is my email helper in which I want to be able to use an array as the "to" part of the mail() function. I was wondering what everyone thought of my class and if I can improve upon it. Thanks! Code: [Select] <?php /** * To use this email class in it's most basic form: * * $to must be an array even if you are sending to only one recipient. * You declare it like so: * $to = array('recipient'); * or * $to = array('one', 'two', 'three'); * $sendMail = new Email($to, 'subject', 'message'); * if ($sendMail->send()) { * // success * } else { * // failure * } * * To add various features (declare these before using $sendMail-send()): * To add a CC address: * $sendMail->setCC('email address'); * To add a BCC address: * $sendMail->setBCC('email address'); * To set the from name: * $sendMail->setFromName('name of sender'); * To set the from email: * $sendMail->setFromEmail('email of sender'); * To set a content type (default is text/html): * $sendMail->setContentType('content type'); * To set a charset (default is iso-8859-1): * $sendMail->setCharset('charset'); */ class Email { public $to = array(); public $subject; public $message; public $fromName; public $fromEmail; public $cc; public $bcc; public $contentType; public $charset; private $_headers; public function __construct($to, $subject, $message) { if (!is_null($to) && !is_array($to)) { throw new Exception('The recipient names must be an array, even if there is only one recipient.'); } if (is_null($to) || is_null($subject) || is_null($message)) { throw new Exception('There must be at least one recipient, a subject, and a message.'); } $this->to = $to; $this->subject = $subject; $this->message = $message; } public function setCC($cc = NULL) { $this->cc = $cc; } public function setBCC($bcc = NULL) { $this->bcc = $bcc; } public function setFromName($fromName = 'Website Name') { $this->fromName = $fromName; } public function setFromEmail($fromEmail = 'admin@website.com') { $this->fromEmail = $fromEmail; } public function setContentType($contentType = 'text/html') { $this->contentType = $contentType; } public function setCharset($charset = 'iso-8859-1') { $this->charset = $charset; } private function _setHeaders() { $this->_headers = "Content-type: " . $this->contentType . "charset=" . $this->charset . "\r\n"; $this->_headers .= "From: " . $this->fromName . "<" . $this->fromEmail . "> \r\n"; if ($this->cc != NULL) { $this->_headers .= "CC: " . $this->cc . "\r\n"; } if ($this->bcc != NULL) { $this->_headers .= "BCC: " . $this->bcc . "\r\n"; } } public function send() { $this->_setHeaders(); $this->setFromName(); $this->setFromName(); $sent = FALSE; foreach ($this->to as $recipient) { if (mail($recipient, $this->subject, $this->message, $this->_headers)) { $sent = TRUE; continue; } } if ($sent = TRUE) { return TRUE; } else { return FALSE; } } } I am fairly comfortable with procedural PHP but when it comes to classes and OO I am learning. I have written a small class to get all of the information from the URL. I am sure I have added my own style and broken about a million rules. I have already found places to improve this but I thought I would bounce it off everyone here before I started to make changes and started expanding it. I am also aware that there are classes that I can download that do this much better but I am trying to better understand how they work so I think this is a good start. Can you just look it over and point out things that I have done wrong and give me some general pointers on how to improve it. class uri extends mainframe{ private $path = null; private $pathParse = array(); private $component = null; private $view = null; private $host = null; private $dirDepth = null; public $queryString = array(); function __construct() { $this->getHost(); $this->getPath(); $this->getView(); $this->getQueryString(); } /* * Check to see if we are in the base folder */ function dirDepth($base) { $this->dirDepth = config::DDEPTH + $base; return $this->dirDepth; } /* * return the host address */ function getHost() { $this->host = $_SERVER['HTTP_HOST']; return $this->host; } /* * return the path information */ function getPath() { $this->path = $_SERVER['REQUEST_URI']; return $this->path; } /* * returns the query string in an array * * I am sure this isn't the right way to do this * but it is working. */ function getQueryString() { $this->getPath(); preg_match('/\?(.*)/', $this->path, $queryString); if ($queryString == true) { $queryPairs = array(); $queryString = (isset($queryString['1']) ? $queryString['1'] : null); $queryPairs = explode('&', $queryString); $queryStrings = array(); $pairs = array(); foreach ($queryPairs as $queryPairs) { preg_match('/(.*)=(.*)/', $queryPairs, $pairs); array_push($queryStrings, $pairs); } $key = array(); $value = array(); foreach ($queryStrings as $queryStrings) { array_push($value, (isset($queryStrings['2']) ? $queryStrings['2'] : null)); array_push($key, (isset($queryStrings['1']) ? $queryStrings['1'] : null)); } $this->queryString = array_combine($key, $value); return $this->queryString; }else{ unset($this->queryString); } } /* * returns the path in an array and removes the query string */ function pathParse() { self::getPath(); $this->pathParse = explode('/', $this->path); $endCheck = preg_replace('/\?(.*)/','', array_pop($this->pathParse)); array_push($this->pathParse, $endCheck); $this->pathParse = array_filter($this->pathParse); if(!empty($this->pathParse)) { return $this->pathParse; }else{ unset($this->pathParse); } } /* * returns the first part of the path */ function getComponent() { self::pathParse(); self::dirDepth('1'); if(!empty($this->pathParse[$this->dirDepth])) { $this->component = $this->pathParse[$this->dirDepth]; return $this->component; }else{ unset($this->component); } } /* * returns the second part of the path */ function getView() { self::pathParse(); self::dirDepth('2'); if(!empty($this->pathParse[$this->dirDepth])) { $this->view = $this->pathParse[$this->dirDepth]; return $this->view; }else{ unset($this->view); } } /* * Ummmmm need some help here for sure. */ function __destruct() { } } $uri = new uri(); Thank you in advance for your help! I'm developing my own CMS with a few functions and wanted to know how things are looking right now because I can't find a board for strickly CODING CRITIQUE so I put it in this board. There isn't a whole lot to go through. I know there is something wrong with my issets line but other than that just a general critique of how its shaping up? manager.php <?php session_start(); require "dbconfig.php"; require "functions.php"; if ((isset($_POST['username'])) && (isset($_POST['password']))) { $username = $_POST{'username'}; $password = SHA1($_POST{'password'}); validate($username, $password); } elseif ((!(isset('username'))) && (!(isset('password')))) { require_once "login.php"; } $username = stripslashes($username); $password = stripslashes($password); $username = mysql_real_escape_string($username); $password = mysql_real_escape_string($password); $sql="SELECT * FROM dbusers WHERE username='$username' and password='$password'"; $result = mysql_query($sql); ?> functions.php <?php // This page defines functions used by the login/logout process function validate($username, $password) { } ?> login.php <?php include_once ("globals.php"); ?> <html> <head> <title><?php echo $shortsitename; ?> EW Manager</title> <link rel="stylesheet" type="text/css" href="<?php echo "$stylesheet"; ?>" /> </head> <body> <p id="backtosite"><a href="#" title="Are you lost?">← Back to <?php echo $fedname ?></a></p> <div id="login"> <h1><?php echo $shortsitename; ?> Manager</h1> <form id="loginform" action="" method="POST"> <p><label>Username<br /><input type="text" name="username" id="user_login" class="input" size="15" /></label></p> <p><label>Password<br /><input type="password" name="password" id="user_pass" class="input" size="15" /></label></p> <p class="forgetmenot"><label><input name="rememberme" type="checkbox" id="rememberme" /> Remember Me</label></p> <p class="submit"> <input type="submit" value="Login" class="button-primary" /> </p> </form> </div> </body></html> This is just my software assignment. We have to create a functioning vending machine. How does it look so far? Code: [Select] <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Vending Machine Assignment</title> <link href="vending.css" rel="stylesheet" type="text/css" /> </head> <body> <div id="vending_machine_base"> <img src="vending_machine_base.gif" alt="Vending Machine Base" title="Vending Machine Base" /> </div> <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post"> <p>Coke<input type="radio" name="item" value="Coke" /></p> <p>Sprite<input type="radio" name="item" value="Sprite" /></p> <p>Fanta<input type="radio" name="item" value="Fanta" /></p> <input type="text" size="15" name="quantity" value="Enter quantity here" /> $<input type="text" value="Enter your financial balance." name="credit_input" size="23" /> <input type="submit" value="Submit" /> </form> <?php error_reporting(E_ALL); // Cost of items $coke_price = "1.25"; $sprite_price = "1.50"; $fanta_price = "1.75"; // Quantity of items $coke_quantity = "7"; $sprite_quantity = "5"; $fanta_quantity = "3"; // Selected radio button into variable $selected_item = $_POST['item']; // Credit into variable $credit = $_POST['credit_input']; // If funds are less than price, dispay error message if (($_POST['submit']) && ($selected_radio = 'coke') && ($credit >= $coke_price)) { echo "You have purchased a $selected_item!"; } else { echo "You do not have sufficient funds to purchase a $selected_item."; } if (($_POST['submit']) && ($selected_radio = 'sprite') && ($credit >= $sprite_price)) { echo "You have purchased a $selected_item!"; } else { echo "You do not have sufficient funds to purchase a $selected_item."; } if (($_POST['submit']) && ($selected_radio = 'fanta') && ($credit >= $fanta_price)) { echo "You have purchased a $selected_item!"; } else { echo "You do not have sufficient funds to purchase a $selected_item."; } // Item quantity if (($_POST['submit']) && ($coke_quantity = 0)) { echo ""; } else { echo "Coke resources depleted."; } if (($_POST['submit']) && ($sprite_quantity = 0)) { echo ""; } else { echo "Sprite resources depleted."; } if (($_POST['submit']) && ($fanta_quantity = 0)) { echo ""; } else { echo "Fanta resources depleted."; } // Item cost subtracted from credit if (($coke_quantity >= 1) && ($credit >= $coke_price)) { $coke_price - $credit; } if (($sprite_quantity >= 1) && ($credit >= $sprite_price)) { $sprite_price - $credit; } if (($fanta_quantity >= 1) && ($credit >= $fanta_price)) { $fanta_price - $credit; } // Funds available echo "Your current funds accumlate to $credit "; ?> </body> </html> Hello, My script below IS finally working, but I was hoping for some aggressive, anal comments for critique. Keep in mind, I am developing for a php4 platform otherwise I would have used a newer php5 validation function. <?php if (isset($_POST['btnSubmit'])) { $first_name = mysql_real_escape_string($_POST['fname']); $last_name = mysql_real_escape_string($_POST['lname']); $title = mysql_real_escape_string($_POST['title']); $company = mysql_real_escape_string($_POST['company']); $address1 = mysql_real_escape_string($_POST['address1']); $address2 = mysql_real_escape_string($_POST['address2']); $city = mysql_real_escape_string($_POST['city']); $zip = mysql_real_escape_string($_POST['zip']); $phone = mysql_real_escape_string($_POST['phone']); $fax = mysql_real_escape_string($_POST['fax']); $email = mysql_real_escape_string($_POST['email']); if (!preg_match("/^[A-Za-z' -]{1,75}$/", $first_name)) { $error[] = "Please enter a valid first name."; } if (!preg_match("/^[A-Za-z' -]{1,75}$/", $last_name)) { $error[] = "Please enter a valid last name."; } if ($first_name === $last_name && $first_name != "") { $error[] = "First Name and Last Name cannot be the same."; } if (!preg_match("/^[A-Za-z' -]{1,150}$/", $company)) { $error[] = "Please enter a valid company name."; } if (!preg_match("/^[A-Za-z' -.]{1,150}$/", $title)) { $error[] = "Please enter a valid Title."; } if (!preg_match("/^[A-Za-z0-9' - . ]{1,150}$/", $address1)) { $error[] = "Please enter a valid mailing address."; } if (!preg_match("/^[A-Za-z0-9' - . ]{1,150}$/", $city)) { $error[] = "Please enter a valid city."; } if (!preg_match("/^[0-9' - . ( ) ]{1,150}$/", $phone)) { $error[] = "Please enter a valid phone number."; } if (!preg_match("/^[0-9' - . ( ) ]{1,150}$/", $fax)) { $error[] = "Please enter a valid fax number."; } if (!preg_match("/([a-z][a-z0-9_.-\/]*@[^\s\"\)\?<>]+\.[a-z]{2,6})/i", $email)) { $error[] = "Please enter a valid email address in the format: start@middle.end."; } if (is_array($error)) { echo "<div id='errorWrapper'><h2>There are errors in your input. Please correct the following fields:</h2>"; foreach ($error as $err_message) { echo "<span class='errorText'> >> $err_message" . "</span><br />"; } echo "</div>"; include('../includes/attendee_registration_form.php'); // this is the form exit(); } else { include('../includes/attendee_registration_mailer.php'); // this send the email and populates the table } } else { include('../includes/attendee_registration_form.php'); // this is the form exit(); } ?> I am after some advice about doing some rather basic things that wouldnt really be done in OOP and see if there's a better way of doing this. As I just said though I know this is not the required system just one displaying of a form but I think its really cool for just simplying OOP ( ), and I actually understand it, I always need to start off small, understand it all, before I start waffling will show you my code (in no way finished yet, as you can tell from some of the html elements but its principle works: <?php ini_set('display_errors',1); class Form{ public $to; public $user; public $email; public $subject; public $comment; function showForm(){ // displaying of form to the user: echo <<<userform <html> <head> <title>Jez's Contact Form</title> </head> <body> <form id="contact" name="contact" method="post" action="{$_SERVER['PHP_SELF']}"> <label for="">Enter something:</label><input type="text" id="user" </form> </body> </html> userform; } } if(!array_key_exists('submit',$_POST)) { $myForm = new Form; // now we construct the form: $myForm->showForm(); // print_r($myForm); } ?> If a submit button in the form hasnt been hit, then show form, later on going to do and try out some validation, just wanted some advice before I get too big for my boots as such. Any advice on improving it (obviously finishing my form off of course which is what I will do), but any further advice is greatly appreciated, Jez. Hi we had some software develops that needs to bulk upload from a mailbox. When we are setting up a Cron job within the Plesk control panel on the dedicated server our developer is getting the follow error and not sure of a solution? - Can anyone advise please - Thank you!
Getting the following message when I run the cron: PHP Warning: imap_open(): Couldn't open stream {localhost} in /var/www/vhosts/cvdatabase.management/httpdocs/send_email.php on line 116 PHP Warning: imap_num_msg() expects parameter 1 to be resource, boolean given in /var/www/vhosts/cvdatabase.management/httpdocs/send_email.php on line 151 PHP Notice: Unknown: Certificate failure for localhost: self signed certificate: /C=US/ST=Virginia/L=Herndon/O=Parallels/OU=Parallels Panel/CN=Parallels Panel/emailAddress=info@parallels.com (errflg=2) in Unknown on line 0 i've searched and searched on this and can find the answer that almost works every time but my situation is slightly different: all php register member login script advice on the web is set up with a join page, index, login page and a few scripts holding it all together. I need an index page that firstly checks to see if a member is logged on, and then either displays information for the member, or if not logged on, information for a non-member. all has to be on the same index page. i'm aware that using IF else statement I can achieve this, and i can get the form to log in to appear if non-member is detected, but i can't get anything to appear if a member logs in driving me a bit mad and any help would be greatly appreciated. Hi all, I hope I am in the right place. I'm new to php/mysql so please be patient with me. I am trying to create a login script to validate username and password against a database I have created. I am not getting an error message but even when I enter correct username/password details from the database to test the code I am getting the message at the bottom of the script. I can't figure out why as I thought I had all bases covered, but obviously not. Here is my code. Thanks for any help in advance. P.S. I have checked the names against my form and they are correct. <html> <html lang="en"> <head> <meta charset="utf-8" /> <title>USER LOGIN</title> </head> <body> <?php if(empty($_POST['name'])){ $name=NULL; echo "Sorry, you forgot to enter your username.</br>"; }else{ $name=$_POST['name']; } if(empty($_POST['password'])){ $password=NULL; echo "Sorry, you forgot to enter a password.</br>"; }else{ $password=$_POST['password']; } $connection = @mysqli_connect('localhost','root','','BLOG_PROJECT') OR die("Could not connect to server"); $username = stripslashes($name); $password = stripslashes($password); $username = mysql_real_escape_string($name); $password = mysql_real_escape_string($password); $info = "SELECT 'username', 'password' FROM USERS WHERE 'username'='$username' and 'password'='$password'"; $return=@mysql_query($info); $rows=@mysql_num_rows($return); if($rows==1){ session_register("username"); session_register("password"); header("location:admin.php"); echo "Hi $username. You are now logged in."; }else{ echo "You have entered incorrect details. Please check your login details and try again."; } ?> </body> </html> I'm having trouble with my code, any help would be appreciated. I'm trying to add an if statement that checks if $new =1, if it does it echos "new" else it echos "old". What is happening is if $new ="0 or 1 " it echos the same answer. Here is partial code: Code: [Select] $result = mysql_query("SELECT * FROM $dbname WHERE new = '1'") or die(mysql_error()); // store the record of the "" table into $row $current = ''; // keeps getting the next row until there are no more to get while($row = mysql_fetch_array( $result )) { $id = $row['id']; if (!$current) { echo "<center><div><table border='0' width='520'>"; $current = $id; echo "<img src='images/jewelry.png' alt='toveco'/><br/>"; echo "<div>"; echo "Questions about store items use link in menu.<br/>"; echo "Latest (".$rows5.") "; echo "Beads (".$rows4.") "; echo "Cabochons (".$rows3.") "; echo "Earrings (".$rows1.") "; echo "Pendants (".$rows2.") "; echo "Rings (".$rows0.") "; echo "</div>"; echo "<p><b>Click picture to enlarge.</b></p>"; echo "<hr width='520'>"; } elseif ($current != $id){ echo "</table></div><br><div><table border='0' width='520'>"; $current = $id; echo "<hr width='520'>"; } ?> <tr><td rowspan="9" width="110"><div class="image"><a href="<?= $row['image']; ?>" rel="lightbox" title="<?= $row['material']; ?>"><img src="<?= $row['image_th']; ?>" align="center" border="0"></a></div></td> <td rowspan="9" width="110"><div class="image"><a href="<?= $row['image2']; ?>" rel="lightbox" title="<?= $row['material']; ?>"><img src="<?= $row['image2_th']; ?>" width="75" border="0"></a></div></td> <tr><td> <?php if ($new=="0") echo "new"; else echo "old "; ?> </td></tr> <tr><th align="left">Item No.</th><td><?= $row['itemno']; ?></td></tr> <tr><th align="left">Description</th><td><?= $row['description']; ?></td></tr> <tr><th align="left">Cut</th><td><?= $row['cut']; ?></td></tr> <tr><th align="left">Carat</th><td><?= $row['carat']; ?></td></tr> <tr><th align="left">Material</th><td><?= $row['material']; ?></td></tr> <tr><th align="left">Price</th><td><?= $row['price']; ?></td></tr> <tr><th align="left">Availability</th><td><?= $row['availability']; ?></td></tr> <tr><th></th> <td></td> Hi all, I've been trying to improve the speed of my file download script and was wondering if anyone could advise me which of the following is more efficient (Don't worry its not the whole script, just one segment), in terms of speed and server load? The way I have the segment currently: //if file exists need to check authorision levels //set access to no $access = NULL; //retrieve current user levels $cpm = $_SESSION['MM_CPMGroup']; $cpmh = $_SESSION['MM_CPMHGroup']; $cm = $_SESSION['MM_CMGroup']; $cj200 = $_SESSION['MM_CJ200Group']; $cj = $_SESSION['MM_CJGroup']; //set file category type & set access if allowed if ($category == 'cpm') { if ($cpm == '1') { $access = 1; if ($subcategory == 'techdata') { $path = "files/techdata/cpm/"; } elseif ($subcategory == 'msds') { $path = "files/techdata/cpm/msds/"; } elseif ($subcategory == 'symbols') { $path = "files/symbols/cpm/"; } else { $path = "files/cpm/"; } } } elseif ($category == 'cpmh') { if ($cpmh == '1') { $access = 1; if ($subcategory == 'techdata') { $path = "files/techdata/cpmh/"; } elseif ($subcategory == 'msds') { $path = "files/techdata/cpmh/msds/"; } elseif ($subcategory == 'symbols') { $path = "files/symbols/cpmh/"; } else { $path = "files/cpmh/"; } } } elseif ($category == 'cm') { if ($cm == '1') { $access = 1; if ($subcategory == 'techdata') { $path = "files/techdata/cm/"; } elseif ($subcategory == 'msds') { $path = "files/techdata/cm/msds/"; } elseif ($subcategory == 'symbols') { $path = "files/symbols/cm/"; } else { $path = "files/cm/"; } } } elseif ($category == 'cj200') { if ($cj200 == '1') { $access = 1; if ($subcategory == 'techdata') { $path = "files/techdata/cj200/"; } elseif ($subcategory == 'msds') { $path = "files/techdata/cj200/msds/"; } elseif ($subcategory == 'symbols') { $path = "files/symbols/cj200/"; } else { $path = "files/cj200/"; } } } elseif ($category == 'cj') { if ($cj == '1') { $access = 1; if ($subcategory == 'techdata') { $path = "files/techdata/cj/"; } elseif ($subcategory == 'msds') { $path = "files/techdata/cj/msds/"; } elseif ($subcategory == 'symbols') { $path = "files/symbols/cj/"; } else { $path = "files/cj/"; } } } if ($access < 1) { // if user access not granted to file category return message if($logging > 0){ $status = "Wrong Permissions"; include('logit.php'); } if (! $_SESSION['PrevUrl']) { //header("Location: ". $loginpage ); exit; } $redirect = $_SESSION['PrevUrl']; header("Location: ". $redirect ); exit; } // if file exists and user access granted continue Obviously the above is a lot of lines of code... So I have rewritten the above to look like: //if file exists need to check authorision levels & retrieve current user levels if ($category == 'cpm' && $_SESSION['MM_CPMGroup'] == '1') { $access = 1; } elseif ($category == 'cpmh' && $cpmh = $_SESSION['MM_CPMHGroup'] == '1') { $access = 1; } elseif ($category == 'cm' && $cm = $_SESSION['MM_CMGroup'] == '1') { $access = 1; } elseif ($category == 'cj200' && $_SESSION['MM_CJ200Group'] == '1') { $access = 1; } elseif ($category == 'cj' && $_SESSION['MM_CJGroup'] == '1') { $access = 1; } else { $access = NULL; } if ($access == NULL) { // if user access not granted to file category return message $status = "Unauthorised"; include('logit.php'); header("Location: ".$_SESSION['PrevUrl']); exit; } // if file exists and user access granted continue switch($subcategory) { case "techdata":$path="files/techdata/".$category."/".$filename; break; case "msds": $path="files/techdata/".$category."/msds/".$filename; break; case "symbols": $path="files/symbols/".$category."/".$filename; break; default: $path="files/".$category."/".$filename; } The second version is a lot shorter, but is it better? And could I shorten the if statement further so its more like: //if file exists need to check authorision levels & retrieve current user levels if (($category == 'cpm' && $_SESSION['MM_CPMGroup'] == '1') || ($category == 'cpmh' && $cpmh = $_SESSION['MM_CPMHGroup'] == '1') || ($category == 'cm' && $cm = $_SESSION['MM_CMGroup'] == '1') || ($category == 'cj200' && $_SESSION['MM_CJ200Group'] == '1') || ($category == 'cj' && $_SESSION['MM_CJGroup'] == '1') { $access = 1; } else { $access = NULL; } if ($access == NULL) { // if user access not granted to file category return message $status = "Unauthorised"; include('logit.php'); header("Location: ".$_SESSION['PrevUrl']); exit; } // if file exists and user access granted continue switch($subcategory) { case "techdata":$path="files/techdata/".$category."/".$filename; break; case "msds": $path="files/techdata/".$category."/msds/".$filename; break; case "symbols": $path="files/symbols/".$category."/".$filename; break; default: $path="files/".$category."/".$filename; } Any advice would be appreciated! Thanks!! Hello there everyone. I'll try to explain as thorough as I can so please bare with me a bit. One you want to surf the web through a proxy in firefox, you go to tools > options > network > settings and enter proxy details which for example are like this. 173.123.123.4 and port 8080. I want to do pretty much the same thing with php for my visitors. I have www.site1.com which will have all my scripts and stuff. I want it to somehow redirect or load to www.site2.com USING A PROXY so that when the visitor reach site2, it's as if they have edited their firefox settings to view site2 using a proxy. That way visitors will always be anonymous on www.site2.com. While searching, I found this: http://stackoverflow.com/questions/3889715/php-requests-through-proxy Which seems simple enough but does not work unfortunately. Not that I'm even sure that it's indeed what I want to do but it seems like it...lol. Thanks a lot for any help provided. Hi, I recently attempted to install a refer-a-friend script into my website but I really don't use PHP at all and even my html is very sloppy so it didn't get installed as planned. It currently cuts out the bottom half of my website like so: http://www.returntherake.com/refer.php Basically everything before the script is called is fine but everything after doesn't work. Heres the code from the point its installed till the end of my website. Any help would be great. Thank you so much. Quote <script language="php"> // Number of friend feilds to put on the page $tellnumber = "3"; // Subject of email $subject = "Great Poker Rakeback Site"; // Message sent in the email $message = "Look at this great site I found. I think you'll like it. It will boost your profits while playing online poker by getting you some of your rake back. http://www.ReturnTheRake.com/ When signing up with a website remember to say $_POST[name] referred you in the proper section. As you will recieve a 25% bonus on your first $20 rakeback recieved."; // Url to redirect user to once they click submit $thankyouurl = "http://www.returntherake.com/thankyou_refer.html"; ////////////////////////////////////////////////////////////////////////////////// // DO NOT EDIT ANYTHING BELOW THIS LINE // ////////////////////////////////////////////////////////////////////////////////// if($_POST[submitform] == "Submit") { $error = ""; $num=0; while($num < $tellnumber) { $num++; $temail = "femail"."$num"; $tname = "fname"."$num"; if($_POST[$tname] OR $_POST[$temail]) { if(!$_POST[$tname]) { $error .= "Missing Friends Name, Friend $num<BR>"; } if(!$_POST[$temail]) { $error .= "Missing Friends Email, Friend $num<BR>"; } } if($_POST[$temail]) { if(!ereg("@",$_POST[$temail])) { $error .= "Invalid Email Address, Friend $num<BR>"; } if(!ereg("\.",$_POST[$temail])) { $error .= "Invalid Email Address, Friend $num<BR>"; } } } if(!$_POST["name"]) { $error .= "Missing your name<BR>"; } if(!ereg("@",$_POST[email])) { $error .= "Invalid Email Address<BR>"; } if(!ereg("\.",$_POST[email])) { $error .= "Invalid Email Address<BR>"; } if($error) { ?> <BODY BGCOLOR="#ffffff"> <P><CENTER><TABLE BORDER="0" CELLSPACING="0" CELLPADDING="0"> <TR> <TD WIDTH="100%" BGCOLOR="#01864E"> <TABLE WIDTH="340" BORDER="0" CELLSPACING="1" CELLPADDING="2"> <TR> <TD WIDTH="26%" BGCOLOR="#01864E"> <B><FONT COLOR="#ffffff" SIZE="-3" FACE="Verdana">Error</FONT></B></TD> </TR> <TR> <TD WIDTH="26%" BGCOLOR="#ffffff"> <FONT COLOR="#000000" SIZE="-3" FACE="Verdana"><? echo $error; ?></FONT></TD> </TR> </TABLE></TD> </TR> </TABLE></CENTER> <? exit(); } $extra ="\r\n"; $headers = ""; $headers .= "From: $_POST[name] <$_POST[email]>".$extra; $headers .= "Reply-To: $_POST[name] <$_POST[email]>".$extra; $headers .= "Return-Path: $_POST[name] <$_POST[email]>".$extra; $headers .= "Message-ID: <".time()." - $_POST[email]>".$extra; $headers .= "X-Mailer: PHP v".phpversion().$extra; $headers .= 'MIME-Version: 1.0'.$extra.$extra; $num=0; while($num < $tellnumber) { $num++; $temail = "femail".$num; $tname = "fname".$num; $print_f_name = $_POST[$tname]; $print_f_email = $_POST[$temail]; if($_POST[$temail] AND $_POST[$tname]) { mail($print_f_email,"$subject"," Hi, $print_f_name $message From $_POST[name] ",$headers); } } header("Location: $thankyouurl"); exit(); } else { $num=0; while($num < $tellnumber) { $num++; $theboxes .= " <TR> <TD WIDTH=\"49%\" BGCOLOR=\"#ffffff\"> <CENTER><B><FONT COLOR=\"#000000\" SIZE=\"-3\" FACE=\"Verdana\">$num</FONT></B></CENTER></TD> <TD WIDTH=\"26%\" BGCOLOR=\"#ffffff\"> <CENTER><INPUT NAME=\"fname$num\" TYPE=\"text\" SIZE=\"-3\"></CENTER></TD> <TD WIDTH=\"25%\" BGCOLOR=\"#ffffff\"> <INPUT NAME=\"femail$num\" TYPE=\"text\" SIZE=\"-3\"> </TD> </TR>"; } ?> <BODY BGCOLOR="#ffffff"> <P><CENTER><FONT FACE="Verdana"><B>Tell your friend about our site</B></FONT></CENTER></P> <FORM ACTION="tellfriend.php" METHOD="POST"><P><CENTER><TABLE BORDER="0" CELLSPACING="0" CELLPADDING="0"> <TR> <TD WIDTH="100%" BGCOLOR="#01864E"> <TABLE WIDTH="340" BORDER="0" CELLSPACING="1" CELLPADDING="2"> <TR> <TD WIDTH="26%" BGCOLOR="#01864E"> <CENTER><B><FONT COLOR="#ffffff" SIZE="-3" FACE="Verdana">Your Poker Account</FONT></B></CENTER></TD> <TD WIDTH="25%"> <CENTER><B><FONT COLOR="#ffffff" SIZE="-3" FACE="Verdana">Your Email</FONT></B></CENTER></TD> </TR> <TR> <TD WIDTH="150" BGCOLOR="#ffffff"> <CENTER><INPUT NAME="name" TYPE="text" SIZE="12px"></CENTER></TD> <TD WIDTH="200" BGCOLOR="#ffffff"> <INPUT NAME="email" TYPE="text" SIZE="-3"> </TD> </TR> </TABLE></TD> </TR> </TABLE></CENTER></P><P><CENTER><TABLE BORDER="0" CELLSPACING="0" CELLPADDING="0"> <TR> <TD WIDTH="100%" BGCOLOR="#01864E"> <TABLE WIDTH="340" BORDER="0" CELLSPACING="1" CELLPADDING="2"> <TR> <TD WIDTH="49%" BGCOLOR="#01864E"></TD> <TD WIDTH="26%" BGCOLOR="#01864E"> <CENTER><B><FONT COLOR="#ffffff" SIZE="-3" FACE="Verdana">Friends name</FONT></B></CENTER></TD> <TD WIDTH="25%"> <CENTER><B><FONT COLOR="#ffffff" SIZE="-3" FACE="Verdana">Friends email</FONT></B></CENTER></TD> </TR><? echo $theboxes; ?></TABLE></TD> </TR> </TABLE></CENTER></P> <P><CENTER><INPUT NAME="submitform" TYPE="submit" VALUE="Submit"></CENTER></FORM> <? exit(); } ?> </h3> </td> </tr> </table></td> <td width="1" bgcolor="#CCCCCC"></td> </tr> <tr> <td height="1" colspan="3" bgcolor="#CCCCCC"></td> </tr> </table></td> </tr> </table></td> </tr> <tr> <td height="10" align="center" valign="top"></td> </tr> </table> </td> </tr> </table> </td> </tr> <tr> <td align="left" height="17" valign="top" class="style19"> </td> </tr> <tr> <td align="left" height="17" valign="top" class="style19"> </td> </tr> </tbody> </table> </td> </tr> </tbody> </table> </td> </tr> <tr> <td align="left" valign="top"> </td> </tr> <tr> <td align="left" valign="top"> <table border="0" cellpadding="0" cellspacing="0" width="100%"> <tbody> <tr> <td align="left" valign="top" width="11"><img src="images/footer_bg_left.gif" alt="" height="120" width="11" /></td> <td class="footer" align="left" valign="middle"> <table border="0" cellpadding="0" cellspacing="0" width="100%"> <tbody> <tr> <td style="padding-left: 12px;" align="left" valign="top" width="260"><img src="images/footer_img.gif" alt="" height="110" width="249" /></td> <td align="left" valign="middle"> <table border="0" cellpadding="0" cellspacing="0" width="100%"> <tbody> <tr> <td class="footer_border" align="left" valign="top"> <a href="index.php">Homea> | <a href="#">Terms & Conditions</a> | <a href="#"> Privacy Policy</a> | <a href="#">Site Map</a> | <a href="#">Contact Us</a></td> </tr> <tr> <td class="footer_border" style="font-size: 10px; line-height: 22px;" align="left" valign="top">ReturnTheRake.com Copyright © 2010, All Rights Reserved.</td> </tr> </tbody> </table> </td> </tr> </tbody> </table> </td> <td align="left" valign="top" width="11"><img src="images/footer_bg_right.gif" alt="" height="120" width="11" /></td> </tr> </tbody> </table> </td> </tr> <tr> <td align="left" valign="top"> </td> </tr> </tbody> </table> <br /> </body> </html> |
|||||||