PHP - Direct To Hidden Link

I just finished a page of code that passes all the debug tests except for the very last line on the page. </html>. The page has php and html, java script and some SQL. (see I'm learning and hadn't placed a post until I exhausted my limited resources.

The Error Codeis:
PHP Parse error: syntax error, unexpected $end in C:\wamp\www\registerform.php on line 292

Here's my concern:

I read this error statement as an error()is missing. Please clarify something for me, You start the php code with <?php and end it with ?>.

 I also understand that the end() will stop all further operation. Correct. When you have a form call itself  for data checking,   and if the data is correct, send it to the appropriate database table, does one need to place the end() at the end of the php portion of the code? And if so, will it not stop any of the code from being read the first time the page is called?

Also since the FORMs action calls for the page to load itself for data verification, how at the end of the checking do I go call another page?
here's the page:

The page is attached:

Hi,

I found a code for  login page on web which would check against the database and login, I wanted to modify it so that once the password is verified the user will be directed to a new page with the session variables also active. I read about " header()" functionality which would achieve this so i added this to the code but my code seems to fail with the error

"Cannot modify header information - headers already sent by (output started at C:\xampp\phpMyAdmin\scripts\login1.php:7) in C:\xampp\phpMyAdmin\scripts\login1.php on line 10
"

The code for login1.php is as below- For quick understanding i have removed all the section related to DB validation ..so the below code must activate the next page "add_entry2.php" immediately after submit button is pressed. Please see below..

Thanks in advance.







Code: [Select]
<html>
<head>
<title>Login</title>
</head>
<body>
<?php
if (isset($_POST['submit'])) {if(!$_POST['uname'] | !$_POST['passwd']){die('You did not fill in a required field.');
    }
header('Location: add_entry2.php');} else {// if form hasn't been submitted
?>
<h1>Login</h1>
<form action="<?php echo $_SERVER['PHP_SELF']?>" method="post">
<table align="center" border="1" cellspacing="0" cellpadding="3">
<tr><td>Username:</td><td>
<input type="text" name="uname" maxlength="40">
</td></tr>
<tr><td>Password:</td><td>
<input type="password" name="passwd" maxlength="50">
</td></tr>
<tr><td colspan="2" align="right">
<input type="submit" name="submit" value="Login">
</td></tr>
</table>
</form>
<?php
}
?>
</body>
</html>

Hello,
I  want to prevent this page from being directly accessed by all via just putting its address in the address bar:
http://www.mysite.com/page1/page2/signup.php

I want to allow to be accessed this page only via clicking on a link in a particular page like:
http://www.mysite.com/activate/index.php

Please help me.

A shipping vendor (like Stamps.Com) provides me a Printable Shipping Label to display on my website for Visitors to print.

When Visitors come to my page, my PHP code:
1.) connects to Shipping Vendor via an API,
2.) downloads and converts the base64 data to image
3.) names the image to Customer Order Number.png
4.) saves image in directory
5.) then displays image to Visitor.

$Shipping_Label_Data = $LabelVendor->data[0]->contents; // vendor's API
file_put_contents('Label-Directory/'.$Order_Number.'.png',base64_decode($Shipping_Label_Data));

echo '<img src="/Label-Directory/'.$Order_Number.'.png" />';

Later I realized the security flaw: any snooper can fish for other Visitor's labels in my Label directory.

What is the best way to prevent the display of other people's labels?

Thank you!!

Hello everyone,

What is the best method of blocking direct access to certain files like functions, modules, and etc?

I was trying the
if ( ! defined('BASEPATH')) exit('No direct script access allowed');method but I feel like there must be a more convenient/better way.

Any suggestions are appreciated, thank you.

we have already see the facility in website gmail and facebook that when user log-in successfully then its redirects the page to another page automatically, can someone tell me how to redirect the page when log-in becomes successful ?   User tries to Log-in -> create session variable -> now redirect the page   I can verify user account details and set the session variable at the same time, but how to reload the page so that it finds the session and reload itself and then redirect the page to new page ??   Thanks for sparing your time here !!

I've got a question, I thought I'd be able to do this fairly easily. I don't want to do an .htaccess solution also.

I tried this,

define('ACCESS', TRUE);


// then on other page 
 if(!defined('ACCESS'){die('Direct access not allowed.');}


Need some assistance, appreciated.

I want to perform a php process initiated by AJAX according to the method described in http://www.w3schools.com/PHP/php_ajax_database.asp

with this line
Code: [Select]
xmlhttp.open("GET","getuser.php?q="+str,true);
the php process in getuser.php is initiated. But how I can restrict direct access to getuser.php?

If someone visit getuser.php?q=something; the process will be started for "something". I want to run the getuser.php process only and only when it is initiated from my main page.

Hello,

I'm having some major major issues, with a web hosting / PHP / MySQL database issue and if anyone can help that would be amazing! Okay first I have a MySQL database setup, with a table called "staff", within that there is a "username" and "password" field pretty self explanatory. I have a login in page (login.php) see first set of coding and a loginaction (loginaction.php) and what is suppose to happen is the loginaction checks the posted data against the database and if correct relocate to another page. I have had this coding and much more complex coding working on various other servers, but this is the first time I've ever dealt with BT Business webhosting, which is pretty useless right now and poor help to date from technicians who say it is a purely a coding issue. 

From what I have established I believe that the issue is occuring because BT don't have the apache server setup correctly for what I'm trying to do or that the browser is seeing the "$result" on "loginaction.php" and data, resulting in a white page of  certain doom!

Please help!!


login.php
[<?php include "sections/phparea.php";?>
<?php include "sections/header.php";?>
<?php include "sections/left.php";?>
    <!-- start content -->
        <div id="content">
                          <?php
                              // Include the formatted error message
                              if (isset($_SESSION['message']))
                            echo
                              "<h4>".$_SESSION['message']."</h4>";
                              // Generate the login <form> layout

                         ?>                 
                         <form action="loginaction.php" method="post" enctype="multipart/form-data">
                         <table class="tablelogin" >
                                 <tr>
                                 <td>
                                    <label for="email">E-mail Address</label>                               
                                </td>
                                 <td>
                                    <input type="text" name="email" id="email" />                               
                                </td>
                            </tr>
                            <tr>
                                <td>
                                    <label for="password">Password</label>                               
                                </td>
                                <td>
                                    <input type="password" name="password" id="password" />                               
                               </td>
                            </tr>
                            <tr>
                                <td>&nbsp;
                                   
                                </td>
                                <td>
                                    <a href="../ambustar/accountrecovery.php">Forgotten Password?</a>   
                                </td>
                            </tr>
                            <tr>
                                <td>&nbsp;
                                   
                                </td>
                                <td>&nbsp;
                                   
                                </td>
                            </tr>
                            <tr>
                                <td>
                                </td>
                                <td>
                                    <input type="hidden" name="count" id="count" value="1" />
                                    <input type="reset" name="reset" id="reset" value="Clear" />   
                                    <input type="submit" name="submit" id="submit" value="Log in" />   
                                </td>
                            </tr>
                          </table>
                         </form> 
        </div>
        <!-- end content -->
<?php include "sections/right.php";?>
<?php include "sections/footer.php";?>


                ]
loginaction.php
[<?php
    session_start();
   
    include "dbconnect.php";
   
    $email =$_POST["email"];
    $password =$_POST["password"];
    $query = "SELECT * FROM staff WHERE username = '$email' AND  password = '$password'";
    $result = mysql_query($query) or die ("Error in query: $query. ".mysql_error());
    // see if any rows were returned
    if (mysql_num_rows($result) > 0)
    {
        header("Location: test.php");
    }
    else
    {
        header("Location: login.php");
    }
?>
       
]
dbconnect.php
[<?php
    $hostname = "sql5c30a.carrierzone.com";
    $username = "user";
    $password = "password";
    $databaseName = "main_bikescarsandvans_co_uk";
    $connection = mysql_connect($hostname, $username, $password);   // or die ("Unable to connect!")
    mysql_select_db($databaseName) or die ("Unable to select database!");           
?> ]

I have solved this now.

After searching postings on multiple forums, I am officially now "Freaking OUT" trying to understand something that is probably very simple, but cannot seem to grasp.

I simply want to read basic .csv data that is sent/uploaded directly to a PHP page, and to then append each record that shows up to a single .csv file on  the server.  

The incoming data is supposed incoming via $_POST['csv'] ... at least that's what I was told.

Each.csv  record line being sent/uploaded is very simple (either single or multiple records in one small file):

text1,text2,text3,text4,text5

For additional processing I know about 'explode', etc., but right now I am stuck even trying to do an 'echo' to display the simple incoming data "as is".

One option I tried was:

$postdata = file_get_contents("php://input");

echo $postdata;

In the Java App monitoring I get the following after 3 records are sent/uploaded to the PHP URL:

Server response status line: HTTP/1.1 200 OK

I find this strange since I did not include...  http_response_code(200); ... in the page code.

Obviously, I do NOT know what I am doing here {SIGH}.

Any assistance or guidance is appreciated.

Thank you !

- FreakingOUT

 

 

 

 

 

I have no clue why my  DB connection does not work when I try to use constants but does work with I use direct values,   ie If I do a mysql_connect=(localhost, vincej, secretpwd); is works.

If I do a connection with a config.php where I define the constants it fails with the error message
Unknown MySQL server host 'DB_SERVER' (11001)


Config.php :
Code: [Select]
<?php

// Database Constants
defined('DB_SERVER') ? null : define("DB_SERVER", "localhost");
defined('DB_USER')   ? null : define("DB_USER", "vincej");
defined('DB_PASS')   ? null : define("DB_PASS", "secretpwd");
defined('DB_NAME')   ? null : define("DB_NAME", "sales");

?>


Then my DB class is:

Code: [Select]
require_once("config.php");
<?php
class MySQLDatabase{

private $connection;

// Runs function open_connection upon creation of class. 
function __construct() {
$this->open_connection();
}

// Opens connection nad selects DB 
public function open_connection() {
$this->connection = mysql_connect(DB_SERVER, DB_USER, DB_PASS);
if (!$this->connection) {
die("Database connection failed: " . mysql_error());
} else {
$db_select = mysql_select_db(DB_NAME, $this->connection);
if (!$db_select) {die("Database selection failed: " . mysql_error());
}
}
}
}
?>

I'm new to OOP and all help is VERY  gratefully received !

thansk VJ

I know that magic __get and __set are invoked automatically when an object is instantiated, but what about stuff like getName() and setName()

Code: [Select]
class NameClass {
private $_name;
public function getName() {
return $this->_name;
    }
public function setName($value) {
$this->_name = $value;
    }
}

$someName = new NameClass();
$someName->setName('Bob');
echo $someName->getName();
1. Could the setName() and getName() just as easily be named something generic like:

hotName()
coldName()

Code: [Select]
class NameClass {
private $_name;
public function hotName() {
return $this->_name;
    }
public function coldName($value) {
$this->_name = $value;
    }
}

$someName = new NameClass();
$someName->coldName('Bob');
echo $someName->hotName();
2. Also, the setName() and getName() methods must be called manually, right? Unless they are manually called, they just sit there, do nothing, am I correct?

Thanks

I am using the debug_backtrace() php function to prevent direct access to admin files. i simply place the code below at the top of a page eg config.php and direct access via the browser is prevented.   Is it a safe practice or is there a better way of doing it?

<?php

debug_backtrace() || die ("Direct access to this resource is  forbidden");

?>

Thanks