PHP - Auction System Concepts?

This topic has been moved to Miscellaneous.

http://www.phpfreaks.com/forums/index.php?topic=319772.0

This topic has been moved to PHP Applications.

http://www.phpfreaks.com/forums/index.php?topic=348680.0

hello dear PHP-Fans - greetings to you - and a happy new year!!


i set up a WAMP-System on my openSuse 11.4 system.  In order to learn as much as i can bout PHP i want to do some tests and write some scripts.

Well the WAMP is allready up and running.  Now i try to give the writing access to the folder

mkdir /srv/www/

where the php-scripts should go in...

i want  to give write permission to all to all files in /srv/www

As root I generally:

mkdir /srv/www/
chown <webmaster usrername> /srv/www/

/srv/www/ should be readable and traversable by all, but only writeable by it's owner (the user designated as the webmaster.)

can i do this like mentioned above,...

Love to hear from you

greetings
db1

Hi all

I have been looking though loads of tutorials regarding log in method for websites (not APIs), and cant help find that they are outdated.

So I am asking what is the correct way to create a log in system using php?

Modern websites use JavaScript for asynchronous web requests so this requirement should also be catered for. APIs and mobile apps use access tokens which is very secure if implemented correctly.

Can we use the token principle for websites? As the way I see it that most php log in systems use php sessions and they create a session and save some data in this session when the user successfully authenticates, however the session id is held in a cookie so if the cookie is stolen then they have access to your account.

API access tokens are expired and refreshed periodically so is there such a implementation method for web sites too?

  Hi this is my login script i do have the html if you need to see it please ask & i was wondering if anyone would be kind enough to tell me how i can get my ban system to work Thanks

<?php

require 'connect.php';

if(isset($_POST['submit'])) {

	$username = $_POST['username'];
	$password = $_POST['password'];

	//Prevent hackers from using SQL Injection
	$username = stripslashes($username);
	$password = stripslashes($password);
	$username = mysql_real_escape_string($username);
	$password = mysql_real_escape_string($password);

	$sql = "SELECT * FROM $tbl_name WHERE username='$username' AND password='$password'";
	$result = mysql_query($sql);
	$count = mysql_num_rows($result);

	$user_level = $_GET['user_level'];

	$_SESSION['user_level'] = $user_level;

	if($count == 1) {

		$_SESSION['username'];
		$_SESSION['password'];
		header("Location: index.php");
	} else {

		echo "Please check the username and password you entered is correct.";
	} if($_SESSION['user_level'] == 0) {
		$_SESSION['username'];
		$_SESSION['password'];
		header("Location: index.php");
		
	} else if($_SESSION['user_level'] == -1) {

		die();
		header("Location: banned.php");

	} else if($_SESSION['user_level'] < -1) {
		die();
		echo "An error has occurred please contact your administrator.";

	} else if($_SESSION['user_level'] == 1) {
		$_SESSION['username'];
		$_SESSION['password'];
		header("Location: admin.php");

	}


}

?>

Edited by Tom8001, 23 November 2014 - 12:18 PM.

i am trying to add a like system to my forum similar to facebook where it shows how many people like a post.

this is my code so far:

$like_list = "";
            
            $likes = explode("|", $post_info['post_likes']);
            $amount_likes = count($likes);
            $ac_likes = ($amount_likes / 2);
            $slice = array_slice($likes, 0, 4, true);
            $remain = array_slice($likes, 4, $ac_likes, true);
            $remain_num = count($remain);
            
            if ($ac_likes >= 4)
            {
                for($i=0; $i<$ac_likes; $i+=2)
                {
                    $like_list .= $likes[$i].", ";
                }
                $like_list .= " and $remain_num others like this";
            }
            elseif ($amount_likes == 1    )
            {
                $like_list .= "0 people like this";
            }
            elseif ($ac_likes == 1)
            {
                $like_list = implode(", ", $likes);
                $like_list .= " likes this";
            }
            else
            {
                $like_list = implode(", ", $likes);
                $like_list .= " like this";
            }

$post_info['post_likes'] contains data like:

Code: [Select]
user1|123456789|user2|123456789
where the number is the timestamp.

unfortunatly $like_list prints the username and the timestamp when i would like it to only display the username. This means
printing every 2nd element in the array starting from 0. I have seen this done with for loops but i am not using one therefore i am stuck. Any ideas? and is this the best database setup for likes? the post_likes column is added on to the end of the post table.

I'm trying to build a login system and alot of the code is similar to what i used to make my news cms. basically all i wanna accomplish right now is to get the user input inserted into my database. I've already tested it out, and I get no errors, but like with the cms, the database isn't getting queryed.

Here's the code:
(process.php)
Code: [Select]
<?php
 $first_name=$_POST['first_name']; 
 $last_name=$_POST['last_name']; 
 $age=$_POST['age']; 
 $city=$_POST['city']; 
 $state=$_POST['state']; 
 $country=$_POST['country']; 
 $zip=$_POST['zip']; 
 $birthdate=$_POST['birthdate']; 
 $gender=$_POST['gender']; 
 $sexuality=$_POST['sexuality']; 
 $race=$_POST['race']; 
 $religion=$_POST['religion']; 
 $status=$_POST['status']; 
 $about=$_POST['about']; 
 $website=$_POST['website']; 
 $user_name=$_POST['user_name']; 
 $password=$_POST['password']; 
 $email=$_POST['email']; 
 mysql_connect("your hostname", "your database name", "your password") or die(mysql_error()); 
 mysql_select_db("your database name") or die(mysql_error()); 
 
 $sql = sprintf("INSERT INTO Users (first_name, last_name, age, city, state, country, zip, birthdate, gender, sexuality, race, religion, status, about, website, user_name, password, email)
VALUES ('%s', '%s', '%s', '%s', '%s')",
mysql_real_escape_string($first_name),
mysql_real_escape_string($last_name),
mysql_real_escape_string($age),
mysql_real_escape_string($city),
mysql_real_escape_string($state),
mysql_real_escape_string($country),
mysql_real_escape_string($zip),
mysql_real_escape_string($birthdate),
mysql_real_escape_string($gender),
mysql_real_escape_string($sexuality),
mysql_real_escape_string($race),
mysql_real_escape_string($religion),
mysql_real_escape_string($status),
mysql_real_escape_string($about),
mysql_real_escape_string($website),
mysql_real_escape_string($user_name),
mysql_real_escape_string($password),
mysql_real_escape_string($email));
$result = mysql_query($sql); 
 
 
 Print "Congratulations! You are now a registered member on yourwebsite.com!"; 
 ?>
(register/index.php)
Code: [Select]
<script language = "Javascript">
 
function Validate()
{
    if (document.register.first_name.value == '')
    {
        alert('You have not specified your first name!');
        return false;
    }
if (document.register.last_name.value == '')
    {
        alert('You have not specified your last name!');
        return false;
    }
if (document.register.age.value == '')
    {
        alert('You have not specified your age!');
        return false;
    }
if (document.register.country.value == '')
    {
        alert('You have not entered a country!');
        return false;
    }
if (document.register.birthdate.value == '')
    {
        alert('You have not entered your date of birth!');
        return false;
    }
if (document.register.gender.value == '')
    {
        alert('You have not specified your gender!');
        return false;
    }
if (document.register.user_name.value == '')
    {
        alert('You have not entered a username!');
        return false;
    }
if (document.register.email.value == '')
    {
        alert('You have not entered an email!');
        return false;
    }
if (document.register.password.value == '')
    {
        alert('You have not entered a password!');
        return false;
    }
    return true;
}
</script>
      <form name="register" method="post" action="http://www.djsmiley.net/register/process.php" onsubmit="return Validate();">
                    <table width="100%" border="0">
                      <tr>
                        <td>First Name:</td>
                        <td><label>
                          <input type="text" name="first_name" id="first_name" />
                        </label></td>
                      </tr>
                      <tr>
                        <td>Last Name:</td>
                        <td><input type="text" name="last_name" id="last_name" /></td>
                      </tr>
                      <tr>
                        <td>Age:</td>
                        <td><input type="text" name="age" id="age" /></td>
                      </tr>
                      <tr>
                        <td>City:</td>
                        <td><input type="text" name="city" id="city" /></td>
                      </tr>
                      <tr>
                        <td>State:</td>
                        <td><input type="text" name="state" id="state" /></td>
                      </tr>
                      <tr>
                        <td>Country:</td>
                        <td><input type="text" name="country" id="country" /></td>
                      </tr>
                      <tr>
                        <td>Zip:</td>
                        <td><input type="text" name="zip" id="zip" /></td>
                      </tr>
                      <tr>
                        <td>Birthdate:</td>
                        <td><input type="text" name="birthdate" id="birthdate" /></td>
                      </tr>
                      <tr>
                        <td>Gender:</td>
                        <td><input type="text" name="gender" id="gender" /></td>
                      </tr>
                      <tr>
                        <td>Sexuality:</td>
                        <td><input type="text" name="sexuality" id="sexuality" /></td>
                      </tr>
                      <tr>
                        <td>Race:</td>
                        <td><input type="text" name="race" id="race" /></td>
                      </tr>
                      <tr>
                        <td>Religion:</td>
                        <td><input type="text" name="religion" id="religion" /></td>
                      </tr>
                      <tr>
                        <td>Marital Status:</td>
                        <td><input type="text" name="status" id="status" /></td>
                      </tr>
                      <tr>
                        <td>About You:</td>
                        <td><label>
                          <textarea name="about" id="about" cols="45" rows="5"></textarea>
                        </label></td>
                      </tr>
                      <tr>
                        <td>Website:</td>
                        <td><input type="text" name="website" id="website" /></td>
                      </tr>
                      <tr>
                        <td width="13%">Username: </td>
                        <td width="87%"><input type="text" name="user_name" id="user_name" /></td>
                      </tr>
                      <tr>
                        <td>Email: </td>
                        <td><input type="text" name="email" id="email" /></td>
                      </tr>
                      <tr>
                        <td>Password: </td>
                        <td><input type="password" name="password" id="password" /></td>
                      </tr>
                      <tr>
                        <td>&nbsp;</td>
                        <td><input name="Register Button" type="submit" class="Button1" id="Register Button" value="Register" />
                        <input name="Reset Button" type="reset" class="Button1" id="Reset Button" value="Clear" /></td>
                      </tr>
                    </table>
                    <label></label>
      </form>

Looking for the best way to set-up the db of a messaging system. Here's what I have so far (basically pulled from another forum), don't know if Table1 is even really necessary:

Table1:
id
user_message_id
recepient_id
recepient_read

Table2:
user_message_id
sender_id
sender_read
subject
message
created_at
updated_at



Basically it needs to function where, someone submits a message to the admin or moderator, the admin/moderators can review and reply, and then the user can submit another reply, and keeps going indefinitely. I want each reply to show up almost like a forum thread.

How would I chain the reply messages to the original messages?

Hi,
I'm trying to code a very basic commenting system, my only worries is how I'm going on about disabling the user from putting any html php etc.. in the comment so it gets displayed on the page.. I have on idea of what to look for, any help is much appreciated

I considdered this: strip_tags() but what i want is to display the comment just without actually executing the code if you get me?

Here are some script that i have been working on and i seems to not work so i want to make a select friend list that when they select the friend that they want to send the message to it sends it to them , that sounded stupid but ya. so here is my script , kinda big .
pm_inbox.php i did edit the code from its original state because its to big! so here is the sections where is most needed
Code: [Select]
<?php

// Start_session, check if user is logged in or not, and connect to the database all in one included file
include_once("scripts/checkuserlog.php");
?>
<?php
if (!isset($_SESSION['idx'])) {
echo  '<br /><br /><font color="#FF0000">Your session has timed out</font>
<p><a href="login.php">Please Click Here</a></p>';
exit(); 
}
//THIS IS WHERE I STARTED
$selecteduser = $_POST["selecteduser"];
$id = "";
$username = "";
$id = preg_replace('#[^0-9]#i', '', $id);
$sql = mysql_query("SELECT * FROM myMembers WHERE id='$id' LIMIT 1");
while($row = mysql_fetch_array($sql)){ 
    $username = $row["username"];
$friend_array = $row["friend_array"];
$check_pic = "members/$id/image01.jpg";
$default_pic = "members/0/image01.jpg";
if (file_exists($check_pic)) {
    $user_pic = "<img src=\"$check_pic?$cacheBuster\" width=\"218px\" />"; 
} else {
$user_pic = "<img src=\"$default_pic\" width=\"218px\" />"; 
}

$selecteduser .= "<option value='$friend_array'>Friends</option>";



}






// Decode the Session IDX variable and extract the user's ID from it
$decryptedID = base64_decode($_SESSION['idx']);
$id_array = explode("p3h9xfn8sq03hs2234", $decryptedID);
$my_id = $id_array[1];
$my_uname = $_SESSION['username']; // Put user's first name into a local variable
// ------- ESTABLISH THE INTERACTION TOKEN ---------
$thisRandNum = rand(9999999999999,999999999999999999);
$_SESSION['wipit'] = base64_encode($thisRandNum); // Will always overwrite itself each time this script runs
// ------- END ESTABLISH THE INTERACTION TOKEN ---------
?>
<?php
// Mailbox Parsing for deleting inbox messages
if (isset($_POST['deleteBtn'])) {
    foreach ($_POST as $key => $value) {
        $value = urlencode(stripslashes($value));
if ($key != "deleteBtn") {
   $sql = mysql_query("UPDATE private_messages SET recipientDelete='1', opened='1' WHERE id='$value' AND to_id='$my_id' LIMIT 1");
   // Check to see if sender also removed from sent box, then it is safe to remove completely from system
}
    }
header("location: pm_inbox.php");
}
?>

// Start Private Messaging stuff
$('#pmForm').submit(function(){$('input[type=submit]', this).attr('disabled', 'disabled');});
function sendPM ( ) {
      var pmSubject = $("#pmSubject");
  var pmTextArea = $("#pmTextArea");
  var sendername = $("#pm_sender_name");
  var senderid = $("#pm_sender_id");
  var recName = $("#pm_rec_name");
  var recID = $("#pm_rec_id");
  var pm_wipit = $("#pmWipit");
  var url = "scripts_for_profile/private_msg_parse.php";
      if (pmSubject.val() == "") {
           $("#interactionResults").html('<img src="images/round_error.png" alt="Error" width="31" height="30" /> &nbsp; Please type a subject.').show().fadeOut(6000);
      } else if (pmTextArea.val() == "") {
   $("#interactionResults").html('<img src="images/round_error.png" alt="Error" width="31" height="30" /> &nbsp; Please type in your message.').show().fadeOut(6000);
      } else {
   $("#pmFormProcessGif").show();
   $.post(url,{ subject: pmSubject.val(), message: pmTextArea.val(), senderName: sendername.val(), senderID: senderid.val(), rcpntName: recName.val(), rcpntID: recID.val(), thisWipit: pm_wipit.val() } ,           function(data) {
   $('#private_message').slideUp("medium");
   $("#interactionResults").html(data).show().fadeOut(10000);
   document.pmForm.pmTextArea.value='';
   document.pmForm.pmSubject.value='';
   $("#pmFormProcessGif").hide();
           });
  }
}function toggleViewAllFriends(x) {
if ($('#'+x).is(":hidden")) {
$('#'+x).fadeIn(200);
} else {
$('#'+x).fadeOut(200);
}
}
// End Private Messaging stuff</script>
<style type="text/css">
.hiddenDiv{display:none}
#pmFormProcessGif{display:none}
.msgDefault {font-weight:bold;}
.msgRead {font-weight:100;color:#666;}
</style>
</head>
<body>
<div id="bg" class="stage"></div>
<div id="container">
<div id="sun" class="stage"></div>
<div id="clouds" class="stage">
<div id="stage" class="stage">
<?php include_once "header_template.php"; ?>

        <a href="#" onclick="return false" onmousedown="javascript:toggleInteractContainers('private_message');">Compose Message</a></div><div class="interactContainers" id="private_message">

<form action="javascript:sendPM();" name="pmForm" id="pmForm" method="post" type="hidden">
<font size="+1">Send A Private Message to <strong><em><?php echo "$selecteduser"; ?></em></strong></font><br /><br />
Subject:
<input name="pmSubject" id="pmSubject" type="text" maxlength="64" style="width:98%;" />
Message:
<textarea name="pmTextArea" id="pmTextArea" rows="8" style="width:98%;"></textarea>
  <input name="pm_sender_id" id="pm_sender_id" type="hidden" value="<?php echo $_SESSION['id']; ?>" />
  <input name="pm_sender_name" id="pm_sender_name" type="hidden" value="<?php echo $_SESSION['username']; ?>" />
  <input name="pm_rec_id" id="pm_rec_id" type="hidden" value="<?php echo $id; ?>" />
  <input name="pm_rec_name" id="pm_rec_name" type="hidden" value="<?php echo $username; ?>" />
  <input name="pmWipit" id="pmWipit" type="hidden" value="<?php echo $thisRandNum; ?>" />
  <span id="PMStatus" style="color:#F00;"></span>
  <br /><input name="pmSubmit" type="submit" value="Submit" /> or <a href="#" onclick="return false" onmousedown="javascript:toggleInteractContainers('private_message');">Close</a>
<span id="pmFormProcessGif" style="display:none;"><img src="images/loading.gif" width="28" height="10" alt="Loading" /></span></form>
      </div>
              <span id="jsbox" style="display:none"></span>
            </td>
          </tr>
      </table>
       

<form action='index.php'  method='POST'  enctype='multipart/form-dat'>

<select name='votes'>
  <option>SEATOWN</option>
 <option>vote1</option>
 <option>vote2</option>
 <option>vote3</option>
</select>
<input type='submit' name='vote' value='Vote'>
</form>
<?php

$vote=$_GET['votes'];
if(isset($_POST['vote']))
{
echo "voted";
echo $vote;
}


?>

why would this not echo out anything for $vote???


cheers matt

Hi all
 
I am building a website for a restaurant where the registered user can do booking in the booking page where user finds the booking form. my problem is I created the log in system but cannot workout with the booking page.
 
I have this scenario -
 
Customer visits site & registers details (name, email etc) on a "registration page" (creating a username & password which goes into your database) - done that
 
Next day, customer visits site and logs in on a "log in page" using the username & password from the previous day which is now stored in your database. Can now make a booking based on this log in. (cannot do this)

I'm making a game where you earn points and lose points based on the actions that you take and the actions that your opponents take.  What's the best way to create this system.  Should I use mysql to store all the data and if so, should I set up the actions in a seperate table or should I just join the actions from all of my other tables.  I'm not quite sure what the best method is.

Hi, i have been thinking on ways to make an ordering system for my web site.

The code bellow shows how i populate the page. i desplay the pizza's from the data base. i want at the end of each line a box thati allows the user to pick howmany pizzas they want. from they when they click order i want it to send all the information of what they want so they can double check it and when they click the final order button it will send to a diffrent order table.

Code: [Select]
<?
session_start();

if ($_SESSION['userName'])

{}

else
{
header('location:../index.php');
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Deliver-Pizza Topping</title>
<link href="css/pizza-topping.css"  rel="stylesheet" type="text/css" />

</head>

<body>

<div id="container">

     <div id="header">
    <img src="images/logo.jpg" alt="logo" />
       
        <a href="log-off.php" id="logg-off" >log off</a>
       
    <ul id="nav">
    <li><a href="home.php" target="_self">Home</a></li> <span> | </span>
    <li><a href="Pizza-Topping.php" target="_self">Pizza Topping</a></li> <span> | </span>
    <li><a href="order.php" target="_self">Order</a></li> <span> | </span>
        <li><a href="Account.php" target="_self">Account Details</a></li> <span> | </span>
       </ul>
</div>
   
<div id="Featured">
<img src="images/banner1.jpg" alt="banner" name="banner"" ID="banner"></div><!--end Featured-->
<div class="featuredimage" id="main">
<div id="content" class="tiles">
    <h1>Pizza-Topping</h1><hr />
    <p>Please select the pizza you would like bellow</p>
   
    <div id ="staff"><div style="width:970px; height:300px; overflow:auto"

<left> <table>
<tr>
<th>Type</th>
<th>Size</th>
<th>Topping</th>
<th>Cost</th>
<th>Information</th>
<th>Order</th>
</tr>
<tr>
<form name="input" action="order.php" method="post">
<?php


mysql_connect("localhost", "root", "")or die("cannot connect"); 
    mysql_select_db("deliverpizza")or die("cannot select DB");

$sql="SELECT * FROM `pizzatopping` ";
$result= mysql_query($sql);

while($row =mysql_fetch_assoc($result)) {

?>

<td><?php echo $row['type'] ?></td>
<td><?php echo $row['size'] ?></td>
<td><?php echo $row['topping'] ?></td>
<td><?php echo $row['cost'] ?></td>
<td><?php echo $row['info'] ?></td>
<td>


<input type:"text" name:"pizza<?php echo $row['id'] ?>" /></td>


</tr></left>
<?php
}
?>
<input type="submit" value="Order" />
</table>
</div>
</div>
   
</div>
</div>
<!--end content-->

<div id="footer"><span><p>Created By Ryan Williams</p></span></div><!--end footer-->
</div><!--end container-->




</body>
</html>

Help please