PHP - Block Ip With Database

It's one of those days after a long weekend and a rainy morning.

Simply trying to get the correct message depending on the variable's value

if($a = 'one'){
echo "POOR";}
if($a = 'two'){
echo "GOOD";}
if($a = 'three'){
echo "VERY GOOD";}
if($a = 'four'){
echo "EXCELLENT";}

Not sure if I need to use ==, extra quotes, or ELSEIF for the best result.

 

I'm trying to clean up some past coding for a project of mine and this block keeps standing out like a sore thumb, but it works and i can understand it.

What it's doing is comparing each of the users submitted data to the admin-set data and then flagging if there any errors or not.

Any suggestions on a different approach?

Code: [Select]
foreach ($_SESSION['usersData'] as $k => $v) {
foreach ($this->info as $m => $n) {
if ($m == $k) {
if ( ($n['required'] && ( empty($v) || !isset($v) ) ) ) {
$_SESSION['errors'][$k] = TRUE;
} elseif ( (!$this->escape_data($v,$n['type'])) && ($n['required']) ){
$_SESSION['errors'][$k] = true;
} elseif ($n['required'] && ($v == $n['default'])) {
if ($n['readonly'] != true)
$_SESSION['errors'][$k] = true;
} elseif ($n['required'] && $n['readonly'] && ($v != $n['default']) ) {
# Box is required, set to readonly and has a default value, if this triggers then the user has tampered with our form.
$_SESSION['usersData'][$k] = $n['default'];
} elseif (isset($_SESSION['errors'][$k])) {
unset($_SESSION['errors'][$k]);# = false;
}
} elseif ( isset($this->info['file']) ) {
if ($this->info['file']['required'] && $_FILES['file']['size'] == 0) {
$_SESSION['errors']['file'] = TRUE;
} else {
unset($_SESSION['errors']['file']);
}
}
}
}

Hi the

I have a PDF form that generates an XFDF file (form field valies in XML form) and I am passing it to PHP for processing. I am having trouble pulling a specific value from the XML block because of the way that the XML data is generated and organized. Please see a sample of the XML block below:

'test.xml' file:
Code: [Select]
<?xml version="1.0" encoding="UTF-8"?>
<xfdf xmlns="http://ns.adobe.com/xfdf/" xml:space="preserve">
<annots/><fields>

<field name="Non">
<value>Off</value>
</field>

<field name="PayRequest">
<value>XYZ</value>
</field>


From the above XML snip it, once it's sent to PHP, I would like to somehow reference the "PayRequest" field value and retrieve the value "XYZ" and assign it to a variable. I have been kicking around some code that I thought should work, but doesn't appear to. If anyone could offer any insight to get it working that would be greatly appreciated.

PHP Code:
Code: [Select]
$prq_ret = simplexml_load_file('test.xml');
foreach($prq_ret->xpath("//field[@name='PayRequest']") as $item) {
 
 $row = simplexml_load_string($item->asXML());
 //print $item->value;
 print $row;
 }

I had a website running a XML script which worked perfectly but I have updated it by using XMLReader and PHP 5. However, there is a security update on PHP 5 which prevents me from accessing files on my server.

Someone has suggested I add a php.ini file with the following:

allow_url_fopen = on

allow_url_include = on

However I have also read that the whole purpose of the security update is to prevent this. Can someone advise me how I can get around this issue so that my server can read files and still operate by the PHP5 security update.

Any help would be greatly appreciated.

Hey   Need help i am having a mental block   when I fill in the form and click send it sends the form but looks like this

Name: , 
Email: , 
Subject: , 
Message:

the form data is 

<?php
$name = $_POST['name'];
$email = $_POST['email'];
$subject = $_POST['subject'];
$message = $_POST['message'];

$formContent = "From: $name, \n Email: $email, \n Subject: $subject, \n Message: $message";
$recipient = "email@email.com";
$subject = "Website Request";
$mailheader = "Website \r\n";
mail($recipient, $subject, $formContent, $mailheader);
echo "Your message was sent" . " - " . "<a href='index.html' style='text-decoration: none; color: #d03837;'>Return Home</a>";
?>

Anyone with any ideas

Hello,

Basically, What I'm looking for would be for a method of blocking certain email addresses from being submitted in a form, I need it to block certain emails that are on the list.

I think the best way to describe it would be a form submission blacklist that is checked before it gets submitted.

Many thanks

Hello,

I'm currently using this to block certain emails:

$blacklisted = Array("email@email.com", "email2@email.com", "email3@email.com");

in with:

if( !in_array( strtolower($email), $blacklisted ) ) {

Ok, What I want to do, is be able to specify a domain extension such as '*@email.com' So anything with 'something'@email.com is blocked. I still wish to keep manual email address's in place aswell.

Many thanks

James

Hey Guys,
 
Hope you are all having a great day

I was hoping somebody could help me with preventing my blog from being attacked by SQL Injection. I made a simple blog in using PHP and MySQL but I keep getting spam comments (even though I use re-captcha) and some files were overwritten on my web server. For all my input I use mysql_real_escape_string but I still get the problem.

I found a video on youtube that showed how to enter stuff on the address bar like "order by 2--" and "union all select...." after passing a variable etc, and all of the things in the video could be replicated on my site   I am guessing that is my problem, but the video did not tell me how to resolve the issue and I am sick of having to delete hundreds of spam comments per day and check my web server for uploaded files.
 
How can I stop people adding these commands to the address bar and getting data from my database?  I really need your help
 
Thanx,
 
Jen

So I'm debating whats the best method. I'm aware that catch/blocks should be used in exceptional cases but what if it saves me from having 4 nested if/else conditions? The following is code for an xbox registration site
Code: [Select]
try {
    // check code is valid
    $c1 = $this->input->post('code1',true);
    $c2 = $this->input->post('code2',true);
    $c3 = $this->input->post('code3',true);
    $gt = $this->input->post('gamertag',true);
    $pass = $this->input->post('password',true);
    if(
    $c1 == '' || $c2 == '' || $c3 == '') {
        throw new FormError("Authorization code invalid.");
    }
    // check db for code validation
    $q = $this->db->query("select * from `codes` where `activated` = 0 and `code` = ".$c1.$c2.$c3." limit 0,1");
    if($q->num_rows() != 1) {
        throw new FormError("Authorization code invalid.");
    }
    $r = $q->row_array();
    $email = $r["recipient_email"];
    $codeGt = $r["gamertag"];
    // check valid gamertag
    $q = $this->db->query("select * from `users` where `gamertag` = '".$gt."'");
    if($q->num_rows() > 0) {
        throw new FormError("Gamertag already exists.");
    }
    // validate gamertag /w inputted gamertag
    if(strtolower($codeGt) != strtolower($gt)) {
        throw new FormError("Gamertag Invalid");
    }
    $this->_createAccount($email,$pass,$gt);
    // show register-thanks screen
    $this->load->view("register-thanks",$data);
    $success = true;
} catch (Exception $e) {
    $data['error'] = $e->getMessage();
}

Can this be done easily enough with php? I've attached my current code below, but don't see how i could add this in.

Code: [Select]
$name = $_FILES['file']['name'];
$temp = $_FILES['file']['tmp_name'];
$size = $_FILES['file']['size'];

$random = md5(uniqid(rand(), true));
$random = substr($random, 0, 20);

if (!$name || !$temp || !$size)
{
   echo "Go back and select a file.";
   exit();
}

foreach ($_FILES as $file)
{
 if ($file['tmp_name'] != null)
 {
$thisext1=explode(".", strtolower($file['name']));
$thisext=$thisext1[count($thisext1)-1];
  if (!in_array($thisext, $extensions))
  {
    echo "That file type is not allowed.";
   exit();
  }
 }
}

In PHP?

Let's say I'm going off of:
width x height





So this is 2x1

2x1

2 blocks across, 1 block height.

How do I check this against other blocks in php to see if the 2x1 will overlap another set of dimensions dynamically?

Am I over thinking this?
Edited by Monkuar, 24 January 2015 - 12:08 PM.

I have the code below working perfectly, but I was wondering if there is a more eloquent way to write this, specifically handling the exceptions...

This creates an object of a Router Class that parses my clean URLs into a Controller name, method name and the rest are arguments.

So for example: www.domain.com/users/view/profile/bobsmith would route to the Users Controller, and find the viewUsers
method and pass the arguments "profile" and "bobsmith" to it, and the method would take it from there... works great.

That explains what this code does. My only question is if there is a cleaner way to handle the exceptions, so I don't have
"throw new exception" written four times. Thoughts? Or is it good to go?



$rawURL = getPageURL();
$router = new Router($rawURL,$rootDIR);
$controller = $router->getController();
$method = $router->getMethod();
$arguments = $router->getArguments();

try {
// check controller exists and set controller path //
if ((isset($controller) && ($controller != ''))) {
$controllerPath = APPLICATION_PATH . "controllers/" . $controller . ".class.php";

// check controller path exists //
if (file_exists($controllerPath)) {
    
// set method name and check method exists //
if ((isset($method) && ($method != ''))) {
$methodName = $method . ucfirst($controller);

if (method_exists($controller, $methodName)) {
// test it out //
$test = new $controller();
$response = $test->$methodName($arguments[0]);
echo $response;
}
else {
// method_exists failed //
throw new Exception("That method does not exist foo!");
}
}
else {
// method was not found in URL //
throw new Exception("No method name was given foo!");
}
}
else {
// file_exists failed //
throw new Exception("That controller does not exist foo!");
}
}
else {
// controller was not found in URL //
throw new Exception("No controller name was given foo!");
}
}
catch (Exception $e) {
// spit it out foo //
echo $e->getMessage();
}

Hi,
I want that user can only read my article but can't download it. neither with save page as or with view source, even not with selecting text. and copy and paste. is there any solution in php to do that.
Please help
Thanks

When I play a video (that is blocked from being downloaded as a file from a php web script player that I'm using) I can see the url address of the file from my PC in dev tools > networking > media, Is there a way to block or scramble the video's url from being available to be copied? If not, is there a way to have that url be available only if the potential viewer is 'logged-in' to the web site? Or some type of authentication based on checking for a user's PHP temp session file before allowing access from the video's url?

Guys/Gals;

This below block outputs a very simple progress bar, i'm curious if anyone would see a solution to perform a task when this bar reaches the end as you can see it's set to countinue until width<400 when that 400 is true I and in essence the process is done (even though nothing in reality) i want to display countinue but only when it's done

echo "<table width='100%' border='1' cellpadding='1' cellspacing='1' bgcolor='#666666'><tr><td width='506' height='52' valign='top'><script type='text/javascript'>function progress(){if(document.images['bar'].width<400){document.images['bar'].width+=5;document.images['bar'].height=5; 
   }else{clearInterval(ID);}}var ID;window.onload=function(){ID=setInterval('progress();',$cpuspeed);}</script><img src='images/white.gif' name='bar'/><br /><font color='#ffffff'>Cracking....</font></td></tr></table>";

any dideas