|
PHP - Question About Md5?
I'm trying to secure my login system as much as possible from SQL injections and other attacks. I know that by using mysql_real_escape_string() you can prevent that and I'm using that on for example the username input, but I would like to know if you hash the password before you send it to the database with MD5, do you still need to use mysql_real_escape_string()?
A very quick and simple example: Code: [Select] <?php $un = $_POST['username']; $pass = $_POST['password']; $pass = md5($pass); mysql_query("SELECT * FROM users WHERE password='$pass' AND username='$un'"); ?> If someone wrote a possible SQL query in the password input, wouldn't that be rendered useless as the md5 will hash it before sending it and therefor "hide" it? Or is there any other reason you wouldn't want people to use sertain characters/symbols in their passwords? Similar Tutorialswhen in a form, I wish to build a conditional that if the response to a radio button is a value of 2 (female), it will display an input requesting for users maiden name. If not 2 goes to the next input statement. Here is code I was experimenting with: <html> <body> <form action="" name="test" method='POST'> <input type="radio" id="sex" value=1 checked><label>Male</label> <input type="radio" id="sex" value=2><label>Femaleale</label> <?php $result = "value"; if ($result == 2) echo "<input type='int' id='gradYear' size='3' required>"; else echo "Not a female!" ?> <input type="submit" value="GO"> </form> </body> </html> The code passes debug, however, Not a Female is displayed. My question is - Can I do this and if so, what value do I test against id='sex' or value. I tried each one but gave the same results. I realize that $_POST[sex] would be used after the submit button is clicked. But this has me stumped. Thanks for the assis in advance. U guys know in forums how at the top or bottom there links to the "1 2 3 4 5 next" and stuff? and how it loads a database? how would i do that exactly? or explain to me what it could be called. cause me i have no idea :/ On my login page i have a set a session when the user logs in called loggedIn and it = true
if($count == 1) {
$_SESSION['username'];
$_SESSION['password'];
$_SESSION['loggedIn'] = true;
header("Location: index.php");
and on my index page i have
session_start();
if(!isset($_SESSION['loggedIn'])) {
echo "You are not currently logged in and to view this page you must be logged in to have access.";
die();
}
but when the user logs in it comes up with the message above echo "You are not currently logged in and to view this page you must be logged in to have access."; which obviously it should not do.
Does anyone know how i can fix this?
Hey, I have a while that shows the rows(duh). What i want to do is: show 3 rows then echo float left or clear both. So basically 3 at a time, but it shows all the rows in a nice order. Can someone do this? Cheers. Hello, I have a 'strange' situtation. I have this string "Who Am I" that will be used as an header (site for a client) but the design shows that the word "Who" and the words "Am I" are in 2 different colors, in HTML this is a quick fix, but in PHP? What I was thinking was explode the string and fetch the first element put it in a var en then concat the 2 others. But what if the title is more then 3 elements after exploding? It needs to be more dynamic, but I don't know how to do it. Does anyone have an idea? i have took a test that i think it has some errors: can you please confirm or infirm that A is the right answer? Question: The default value for __FILE__ is _______________________________. A. the complete path of the currently executing script B. the relative path of the currently executing script C. a magical constant; it does not have a default value D. the complete path of the previous executed script E. the relative path of the previous executed script Correct Answer: C User Answer: A Explanation: The PHP engine stores the full path and filename of the currently executing script within the __FILE__ constant. I have been away from PHP for a long time and I was looking over my old scripts. I did PHP OOP at one time and I used a paticular method to connect all my methods up and load them. I have been looking at other peoples code and when I look at my code it does not even feel like OOP, I want to know how to you link all the methods (or is it called functions?) in a class up and return them? I use to do this: Code: [Select] <?php class quickFUNC { function note_pad() { // code for notepad } function quickAdminFunc() { // code for admin func $this->note_pad(); } } $quickFUNC = new quickFUNC; if(isset($_GET['id'])) { $act = $_GET['id']; } else { $act = NULL; } switch ($act) { case 1: //some random code to launch case 1 break; default: $quickFUNC ->quickAdminFunc(); ?> This was my code back in the days, as you can see the notepad was called in the admin function then made the admin function default in the case switch. I looked at all my script and the all are layed out like this :S.. Can I get some help please, thank you. Looking at a forum like PHPbb or similar. Wondering if anyone can tell me how the system (or scripts) manages to pull all the user information when viewing a thread without a massive amount of database calls? For example, lets say 1 thread has 10 different users associated to it. When you view the thread, on the left you see the username, their avatar, when the membership was created, maybe even the users level or amount of interaction. So, for each thread view (or page view) does the program do a SQL Select back to the user database for each user's information or is the users information being pulled from cache somewhere? Any insight into the logistics is greatly appreciated! say i have a mysql table with the following fileds user_id picture_category picture_title picture_description picture_thumb //small image size picture_normal //large image size. ok what I'm trying to do is this. if( user_id && picture_category == the same name show all the pictures in that category as one section) //show this category and all the images from this user_id and picture_category so if this user_id has a new category name and new images uploaded it would show the images in the right category. my php xml script is in the works and is looking like this so far. <?php include "../../connect.php"; Header('Cache-Control: no-cache'); Header('Pragma: no-cache'); $username = mysql_real_escape_string($_GET['username']); $user_folder = mysql_real_escape_string($_GET['user_folder']); //$password = mysql_real_escape_string($_GET['password']); $friend = (isset($_GET['friend'])) ? ' AND b.friend = \'' . mysql_real_escape_string($_GET['friend']) . '\' ' : NULL; $query = "SELECT * FROM accounts WHERE username = '$username'"; $results = mysql_query($query) or die("Data not found."); //Get the number of results from the query. $rows = mysql_num_rows($results); //If their is a match for the username, echo the the users xml data. if($rows == 1) { $query1 = "SELECT * FROM user_photo_gallery WHERE username = '$username'"; $query2 = "SELECT * FROM user_photo_gallery WHERE username = '$username' AND user_folder = '$user_folder'"; $results1 = mysql_query($query1) or die("Data not found."); $results2 = mysql_query($query2) or die("Data not found."); //$row = mysql_fetch_assoc($results1); $user_xml = "<?xml version=\"1.0\"?>\n"; $user_xml .= "<settings>\n"; $user_xml .= "<sceneHeight>600</sceneHeight>\n"; $user_xml .= "<sceneWidth>1000</sceneWidth>\n"; $user_xml .= "<titleColor>#000000</titleColor>\n"; $user_xml .= "<descriptionBgAlpha>70</descriptionBgAlpha>\n"; $user_xml .= "<showFullscreenBtn>no</showFullscreenBtn>\n"; $user_xml .= "<waterMark useImage=\"no\"><![CDATA[THIS]]></waterMark>\n"; $user_xml .= "</settings>\n"; $user_xml .="<galleries>\n"; //$sql = "SELECT a.username,a.user_folder,a.large_pic,a.small_pic,a.pic_title,a.pic_discription,b.username FROM (user_photo_gallery as a )JOIN `user_friends_list` as b ON (b.friend = a.username)WHERE (b.username = '$username' $friend AND b.status = 1) ORDER BY a.user_folder DESC"; //$result2 = mysql_query($sql); //if(mysql_num_rows($result2) > 0) //{ while ($row = mysql_fetch_assoc($results1)) { $user_xml .="<gallery theName=\"". $row['user_folder'] ."\" itemsPerRow=\"3\" autoStart=\"no\" playTime=\"5\" autoResize=\"yes\" xOffset=\"5\" yOffset=\"10\" showTitleOnThumbs=\"yes\" allowDownload=\"yes\">\n"; if($row['user_folder'] =="Demo_Photos") { //select all pictures where this folder name and username maybe? while ($row1 = mysql_fetch_assoc($results2)) { $user_xml .="<picture largePicture=\"". $row1['large_pic'] ."\" smallPicture=\"". $row1['small_pic'] ."\" theTitle=\"". $row1['pic_title'] ."\"><![CDATA[". $row1['pic_discription'] ."]]>\n"; $user_xml .="</picture>\n"; } } else { } $user_xml .="</gallery>\n"; } //} //else //{ //echo "Wiistream Eorror!\n"; //}; $user_xml .="</galleries>\n"; echo $user_xml; } else { echo "Wiistream Eorror!\n"; } ?> the real xml file should look like this. Code: [Select] <?xml version="1.0" encoding="utf-8"?> <settings> <sceneHeight>600</sceneHeight> <sceneWidth>1000</sceneWidth> <titleColor>#000000</titleColor> <descriptionBgAlpha>70</descriptionBgAlpha> <showFullscreenBtn>no</showFullscreenBtn> <waterMark useImage="yes"><![CDATA[<font size="20">Copyright (c) 2010</font> <font color="#000000"><Strong>WiiStream</Strong></font>]]></waterMark> </settings> <galleries> <gallery theName="USERS PERSONAL GALLERY TITLE" itemsPerRow="3" autoStart="no" playTime="5" autoResize="yes" xOffset="5" yOffset="10" showTitleOnThumbs="yes" allowDownload="yes"> <picture largePicture="http://acadianfury.files.wordpress.com/2007/01/mazda.jpeg" smallPicture="http://acadianfury.files.wordpress.com/2007/01/mazda.jpeg" theTitle="USERS TITLE OF PICTURE"><![CDATA[USERS DISCRIPTION OF PICTURE CAN USE TAGS]]></picture> </gallery> <gallery theName="USERS PERSONAL GALLERY TITLE1" itemsPerRow="3" autoStart="no" playTime="5" autoResize="yes" xOffset="5" yOffset="10" showTitleOnThumbs="yes" allowDownload="yes"> <picture largePicture="http://acadianfury.files.wordpress.com/2007/01/mazda.jpeg" smallPicture="http://acadianfury.files.wordpress.com/2007/01/mazda.jpeg" theTitle="USERS TITLE OF PICTURE"><![CDATA[USERS DISCRIPTION OF PICTURE CAN USE TAGS]]></picture> <picture largePicture="http://acadianfury.files.wordpress.com/2007/01/mazda.jpeg" smallPicture="http://acadianfury.files.wordpress.com/2007/01/mazda.jpeg" theTitle="USERS TITLE OF PICTURE"><![CDATA[USERS DISCRIPTION OF PICTURE CAN USE TAGS]]></picture> </gallery> <gallery theName="USERS PERSONAL GALLERY TITLE2" itemsPerRow="3" autoStart="no" playTime="5" autoResize="yes" xOffset="5" yOffset="10" showTitleOnThumbs="yes" allowDownload="yes"> <picture largePicture="http://acadianfury.files.wordpress.com/2007/01/mazda.jpeg" smallPicture="http://acadianfury.files.wordpress.com/2007/01/mazda.jpeg" theTitle="USERS TITLE OF PICTURE"><![CDATA[USERS DISCRIPTION OF PICTURE CAN USE TAGS]]></picture> <picture largePicture="http://acadianfury.files.wordpress.com/2007/01/mazda.jpeg" smallPicture="http://acadianfury.files.wordpress.com/2007/01/mazda.jpeg" theTitle="USERS TITLE OF PICTURE"><![CDATA[USERS DISCRIPTION OF PICTURE CAN USE TAGS]]></picture> <picture largePicture="http://acadianfury.files.wordpress.com/2007/01/mazda.jpeg" smallPicture="http://acadianfury.files.wordpress.com/2007/01/mazda.jpeg" theTitle="USERS TITLE OF PICTURE"><![CDATA[USERS DISCRIPTION OF PICTURE CAN USE TAGS]]></picture> <picture largePicture="http://acadianfury.files.wordpress.com/2007/01/mazda.jpeg" smallPicture="http://acadianfury.files.wordpress.com/2007/01/mazda.jpeg" theTitle="USERS TITLE OF PICTURE"><![CDATA[USERS DISCRIPTION OF PICTURE CAN USE TAGS]]></picture> </gallery> </galleries> but using it with mysql it only gets the user_id and the picture_category for this user and pulls back that users data only. I also have a join table included to join if this user has friendship with that user. and then you would see all your pictures upload and category's. and all your friends pictures and category's. hi php people, I am wondering will if the code below will work when I call $C->getafoo() will I get foo; I keep getting an error at this point return $this->A->a(); saying the method is not there Code: [Select] class A{ public function a(){ return "foo"; } } class B { public $A; function __construct($A) { $this->A = $A; } public function geta(){ return $this->A->a(); } } class C extends B{ public function getafoo(){ return geta(); } } $C = new C(new A()); echo $C->getafoo(); I am trying something simple, creating some horses and making them race using OOP, creating them is easy, how can i find out which one "won" based on the highest total. Here is what i got so far Code: [Select] <?php class Horse { public $strength; public $speed; public $agility; public function create($name,$age,$odds){ $this->name=$name; $this->odds=$odds; $this->strength=(rand(50,200) * $this->odds - $this->age); $this->speed=(rand(100,400) * $this->odds - $this->age); $this->agility=(rand(150,250) * $this->odds - $this->age); $all=array(0=>"$this->strength",1=>"$this->speed",2=>"$this->agility"); echo "<b>$this->name</b> has a strength of <b>$this->strength</b>, a speed of <b>$this->speed</b> and agility at <b>$this->agility</b>. --- <b>".array_sum($all)."</b><br>"; } } $mix=rand(2,6); $a=new Horse; $a->create("Dave", 2, $mix); $a->create("Dude", 3, $mix); $a->create("Evan", 3, $mix); $a->create("Jill", 15, $mix); $a->create("Flex", 10, $mix); ?> I cant figure out a way to find out who had the highest total, i would love to know what i am doing wrong. I am trying to make my database search only search where private = '$priiv'(Usually 0,1, or 2) but it does not work Code: [Select] $query_search = "SELECT * FROM users WHERE username LIKE '%$idea%' OR fname LIKE '%$idea%' OR lname LIKE '%$idea%' OR tags LIKE '%$idea%' AND private = '$priiv'"; What am i doing wrong? In php, which function is best used to act something like the sql "LIKE" command? and how would that function be used like? I am trying to make it so that it will load if the site if the site is online(EG. $siteonline = 1), and so on. I can't seem to think of how I could do this so it will work from the very top of the page's html, to the very bottom. Like the following code is meant to list all of the stuff in that database. <?php $list_q = mysql_query("SELECT * FROM settings") or die (mysql_error()); while($list_f = mysql_fetch_assoc($list_q)) { } ?> I have my page laid out like this.. <?php include "includes/connect.php"; include "includes/config.php"; ?> <?php $list_q = mysql_query("SELECT * FROM settings") or die (mysql_error()); while($list_f = mysql_fetch_assoc($list_q)) { ?> Html content etc.. <?php } include 'includes/footer.php'; ?> But if I do it that way, It only displays what is in footer.php. i am trying to understand, how a site like ebay can display content and be case insensitive? for example: The original url: http://www.ebay.co.uk/itm/Toshiba-Satellite-C50-AMD-E-Series-1-4GHz-Dual-Core-15-6-Inch-500GB-2GB-Laptop/151458954958the above works fine and go to the intended page. user editing the browser url into lowercase : http://www.ebay.co.uk/itm/toshiba-satellite-c50-amd-e-series-1-4ghz-dual-core-15-6-inch-500gb-2GB-laptop/151458954958random uppercase and lowercase. http://www.ebay.co.uk/itm/toshiba-sateLLite-c50-aMd-e-sERIes-1-4ghz-dual-core-15-6-inch-500gb-2GB-laptop/151458954958both the urls above also work fine and go to the intended page. How can such a thing can work? it is supposed to throw an error such as page not found and the like? any thoughts welcome. hi, im trying to say if field ARTIST = Eminem then do the following. here is my current code Code: [Select] $hmm = simplexml_load_file('http://localhost/1.0/?method=player.getPlayQueue'); foreach($hmm->tracks->track as $tracks) { $artist = $tracks->artist; $title = $tracks->title; $album = $tracks->album; $index = $tracks->index; $id = $tracks->id; //If we submitted the form if('.$artist.'="eminem") { echo '<table border="0" width="70%" align="center">'; echo '<tr>'; i just need to know how to do the if(***) part. thanks. Hi, I am looking into a way of adding addons to a class I made.. I thought something like this would work, but not sure how to implement it: Code: [Select] <?php class foo { function foobar($text) { $text = $text . 'b'; return $text; } } class bar extends foo { function foobar($text) { $text = $text . 'c'; return $text; } } $var = new bar(); $var->foobar('a'); // this would then return abc ?> Now i want to be able to call up foo, and it calls the foobar of foo, and the foobar of bar. is that possible? hosh Hi to all people, I just want to know if there a php script I can use using DRM. The scenario, once the user download the song from a website, he/she can't forward into other using bluetooth or file transfer. It is possible to do that scenario? Thanks in advance Sorry for the really, really basic CSS question. (I'm asking this in the PHP forum, because so far, you've all been nice to me and haven't made fun of some of my really dumb questions.)
Hello. I'm trying to pull information out of an xml file. However I'm a bit lost in getting the actual value. Code: [Select] $url="http://ws.audioscrobbler.com/2.0/?method=artist.getimages&artist=Dr%20Feelgood&limit=1&autocorrect=1&api_key=c107c9b5c09cb5693b6c19409dd984c1"; $xml = simpleXML_load_file($url,"SimpleXMLElement",LIBXML_NOCDATA); $largesquare=$xml->images->sizes->size[2]; Is what I have but its not pulling the information. The above url will give you the link to a set xml file for this example. And I want to get the info for the Code: [Select] <size name="largesquare" width="126" height="126">http://userserve-ak.last.fm/serve/126s/43173899.jpg</size> I'm sure I'm doing something wrong that's a simple fix but I am lost here. In the sizes there are 6 different size options each with different names and I have no idea how to pull the one with the correct name that I need. Thank you to who ever can help me sort this out. |
|||||||