|
PHP - Setting Variables And White List And Security?
Hi all.
i am trying to use php to include a javascript onto different pages, and then "sort of " pass it a var.
The bulk of the code will be in an included footer php file.
The var will be set in the main page.
i have it working as follows: by just using echo 3 times.. the 1st with the first part of the script, the 2nd is the variable, and the 3rd is the rest of the script.
The same endcode.php file needs to also be used for pages that wont have a var set, and wont be using the script - hense the isset.
<!-- mainPage.php -->
<?php $sion_gallery_id = '450'; ?>
<?php include(endcode.php); ?>
<!-- endcode.php -->
<?php if (isset($sion_gallery_id))
{echo "start of javascript.......album/"; echo $sion_gallery_id; echo"/end of script"; }
else { echo "var not on set";} ?>
Similar TutorialsHi guys,
I would like to have a security measure in place to prevent unauthorized access to my site without a valid log on.
At the moment, it would let anyone in without destroying the session and redirecting to index page.
What would i "use" that's created in the session? what's the "best" practice
My understanding is that the session variable is stored in the browser, after a successful log in, that session variable is like baton or a key that's "passed" onto the next page.
- if someone tried to bypass the log on with the session then access is denied or redirected away.
So on my index page to start i have:
<?php session_start(); /* clear all session variable */ $_SESSION = array(); /* set a session variable for later use */ $_SESSION['what_page'] = "admin00"; ?>What do i need to have to use the session against unauthorized access? my guess is:
if(!isset($_SESSION['what_page']) || $_SESSION['what_page'] != "index.php") {
$_SESSION = array();
session_destroy();
header("Location: index.php");
exit();
}
So to me that means;
- if 'what_page' is not set from the index page, don't go any further, re-direct (back to index)
If i remove this and use a known username and password, i am able to log into the correct page, but this session validation is the bit that's not working
please could you help?
I have created a test account in my database with a user level of -1 and i think my code might be wrong but i am hoping someone can spot where i have gone wrong as i cannot, also a similar problem with another session variable loggedIn this is what i get when i login this is on the index page.
Notice: Undefined index: loggedIn in C:\xampp\htdocs\Login\index.php on line 11 Notice: Undefined index: loggedIn in C:\xampp\htdocs\Login\index.php on line 17 You must be logged in to view this page!Index page source code:
<?php
session_start();
error_reporting(E_ALL | E_NOTICE);
ini_set('display_errors', '1');
require 'connect.php';
if($_SESSION['loggedIn'] == 1) {
//Do Nothing
exit();
} else if($_SESSION['loggedIn'] != 1) {
echo "You must be logged in to view this page!";
exit();
}
if($_SESSION['user_level'] == -1) {
header("Location: banned.php");
} if(isset($_SESSION['username'])) {
echo "<div id='welcome'> Welcome, ". $_SESSION['username'] ." <br> </div> ";
}
?>
Also if you need my login source code:
<?php
error_reporting(E_ALL | E_NOTICE);
require 'connect.php';
session_start();
if (isset($_POST['submit'])) {
$username = trim($_POST['username']);
$password = trim($_POST['password']);
if (empty($username)) {
echo "You did not enter a username, Redirecting...";
echo "<meta http-equiv='refresh' content='2' URL='login.php'>";
exit();
}
if (empty($password)) {
echo "You did not enter a password, Redirecting...";
echo "<meta http-equiv='refresh' content='2' URL='login.php'>";
exit();
}
//Prevent hackers from using SQL Injection to hack into Database
$username = mysqli_real_escape_string($con, $_POST['username']);
$password = mysqli_real_escape_string($con, $_POST['password']);
$result = $con->query("SELECT * FROM $tbl_name WHERE username='$username' AND password='$password'");
$row = $result->fetch_array();
$user_level = $row['user_level'];
// check to make sure query did execute. If it did not then trigger error use mysqli::error to see why it failed
if($result->num_rows > 0)
{
//Set default user
$_SESSION['loggedIn'] == 1;
$_SESSION['user_level'] == 1;
$_SESSION['username'] == trim($_POST['username']);
header("Location: index.php");
exit();
} else if($row['user_level'] == 1) {
$_SESSION['user_level'] == 1;
//Location admin
header("Location: admin.php");
exit();
} else if($row['user_level'] == -1) {
$_SESSION['user_level'] == -1;
$_SESSION['username'] == trim($_POST['username']);
//Location banned
header("Location: banned.php");
exit();
} else if($_SESSION['loggedIn'] == true) {
//Location default user home page
header("index.php");
} else {
echo "Invalid Username/Password";
}
//Kill unwanted session
} if(isset($_POST['killsession'])) {
session_destroy();
echo "<br> <br> The Session Destroyed. (Basically means you have been logged out)";
exit();
}
?>
I appreciate all help
Two part question: 1) I have a MySql table called "lang_key", which will store all of the common text for a site, which will allow easy site modifications from the "non tech" admin. Now, I am creating a recordest that will pull the information from the table, and create a basic list of variables in php. For example: I connect to the database, and do a wildcard select. I can figure out how to set a basic php variable like the example below: Code: [Select] $query1 = "SELECT * FROM lang_key"; $result = mysql_query($query1); while($row = mysql_fetch_array($result)) { $template = $row['common_text']; } There are three fields in my lang_key table (unique_id, string_id, and common_text') What I want to do is take it a step further from the example and I want $template to be the value of "common_text" Where string_id = "curr_template" I hope this makes sense? I really just want to create my recordset and then populate the website with the recordset info. Part II Do you recommend that I use a lang_key database, or would it be simpler and more efficient to just create a lang page with static variables, and use the php file write option to update the page? Thanks!!! I have a long PHP script that I didn't write. I'd like to get a simple text list of all the unique variables from the script -- all variables within the script that begin with $, such as $_ADMIN $query $category $user $id $result, etc..... Any ideas how a PHP dabbler can go about this? I did a PHPFreaks search, but didn't find a thread on this. Thank you! so far I have:
$crawler->filter('li.date, dt > a, li.style')->each(function ($node) {
$output = $node->text()."\n";
$array = explode("\n", $output);
$data = array_chunk($array, 3);
// print_r($data);
foreach ($data as $row) {
[$date, $title, $type] = array_pad($row, 3, null);
// here you have your variables
print 'Date: '.$date;
print 'Title: '.$title;
print 'Type: '.$type;
}
});
and this outputs: QuoteDate: Saturday 13th Jun 2020Title: Type: Date: Alice in Chains UKTitle: Type: Date: Metal/ RockTitle: Type: Date: Monday 29th Jun 2020Title: Type: Date: Cage the ElephantTitle: Type: Date: Funk/ RockTitle: Type: Date: Friday 31st Jul 2020Title: Type: Date: The CureheadsTitle: Type: Date: Indie/ RockTitle: Type: Date: Thursday 20th Aug 2020Title: Type: Date: CreeperTitle: Type: Date: PunkTitle: Type: Date: Saturday 22nd Aug 2020Title: Type: Date: Fleetwood BacTitle: Type: Date: Pop/ RockTitle: Type: Date: Monday 31st Aug 2020Title: Type: Date: GZATitle: Type: Date: Hip HopTitle: Type: Date: Saturday 5th Sep 2020Title: Type: Date: Cock SparrerTitle: Type: Date: Only $date variable is set for each?! please help??
it should be: Date: Saturday 13th Jun 2020Title: Alice in Chains UKType: Metal/ Rock Date: Monday 29th Jun 2020Title: Cage the ElephantType: Funk/ Rock and so on.... does anyone know how to decode this XML variable value into string values? I also need to know the oposite way: creating variable values into xml. I've tried several code examples but they did filter the requested data. Code: [Select] $xml='<?xml version="1.0" encoding="utf-8"?> <elements> <text identifier="ed9cdd4c-ae8b-4ecb-bca7-e12a5153bc02"> <value/> </text> <textarea identifier="a77f06fc-1561-453c-a429-8dd05cdc29f5"> <value><![CDATA[<p style="text-align: justify;">Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod tempor invidunt ut labore et dolore magna aliquyam erat, sed diam voluptua. At vero eos et accusam et justo duo dolores et ea rebum. Stet clita kasd gubergren, no sea takimata sanctus est Lorem ipsum dolor sit amet.</p>]]></value> </textarea> <textarea identifier="1a85a7a6-2aba-4480-925b-6b97d311ee6c"> <value><![CDATA[<p style="text-align: justify;">Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod tempor invidunt ut labore et dolore magna aliquyam erat, sed diam voluptua. At vero eos et accusam et justo duo dolores et ea rebum. Stet clita kasd gubergren, no sea takimata sanctus est Lorem ipsum dolor sit amet.</p>]]></value> </textarea> <image identifier="ffcc1c50-8dbd-4115-b463-b43bdcd44a57"> <file><![CDATA[images/stories/red/cars/autobedrijf.png]]></file> <title/> <link/> <target/> <rel/> <lightbox_image/> <width><![CDATA[250]]></width> <height><![CDATA[187]]></height> </image> <text identifier="4339a108-f907-4661-9aab-d6f3f00e736e"> <value><![CDATA[Kramer 5]]></value> </text> <text identifier="ea0666d7-51e3-4e52-8617-25e3ad61f8b8"> <value><![CDATA[6000 RS]]></value> </text> <text identifier="90a18889-884b-4d53-a302-4e6e4595efa0"> <value><![CDATA[Eindhoven]]></value> </text> <text identifier="410d72e0-29b3-4a92-b7d7-f01e828b1586"> <value><![CDATA[APK Pick up and return]]></value> </text> <text identifier="45b86f23-e656-4a81-bb8f-84e5ea76f71f"> <value><![CDATA[15% korting op grote beurt]]></value> </text> <text identifier="3dbbe1c6-15d6-4375-9f2f-f0e7287e29f3"> <value><![CDATA[Gratis opslag zomerbanden]]></value> </text> <text identifier="2e878db0-605d-4d58-9806-8e75bced67a4"> <value><![CDATA[Gratis abonnement of grote beurt]]></value> </text> <text identifier="94e3e08f-e008-487b-9cbd-25d108a9705e"> <value/> </text> <text identifier="73e74b73-f509-4de7-91cf-e919d14bdb0b"> <value/> </text> <text identifier="b870164b-fe78-45b0-b840-8ebceb9b9cb6"> <value><![CDATA[040 123 45 67]]></value> </text> <text identifier="8a91aab2-7862-4a04-bd28-07f1ff4acce5"> <value/> </text> <email identifier="3f15b5e4-0dea-4114-a870-1106b85248de"> <value/> <text/> <subject/> <body/> </email> <link identifier="0b3d983e-b2fa-4728-afa0-a0b640fa34dc"> <value/> <text/> <target/> <custom_title/> <rel/> </link> <relateditems identifier="7056f1d2-5253-40b6-8efd-d289b10a8c69"/> <rating identifier="cf6dd846-5774-47aa-8ca7-c1623c06e130"> <votes><![CDATA[1]]></votes> <value><![CDATA[1.0000]]></value> </rating> <googlemaps identifier="160bd40a-3e0e-48de-b6cd-56cdcc9db892"> <location><![CDATA[50.895711,5.955427]]></location> </googlemaps> </elements>'; Hi, In my mysql database i have a text input option, in the registration form and edit my details form i have a multiple select dropdown list, which user selects options to populate the text input box, which ultimately populates the text field in the mysql database. All works perfectly. The dropdownlist consists of 3 parts <optgroups> first is current selection (what is the usesr current selection)works fine, The second <optgroup> is existing words, what words we(the site) have given as options, and the third <optgroup> is the words that others have used. This is where im having a small problem. Because its a text field when i call the data from the database, it calls the entire text box as a single option in my select list.. I want to break the words in the text field (at the comma) and have them listed each one as an option in the select list. Example what i need: Words in text box:(my input allows the "comma") word1, word2, word3, word4, word5, word6, How i want them called/displayed: <option value=\"word1\">word1</option> <option value=\"word2\">word2</option> <option value=\"word3\">word3</option> <option value=\"word4\">word4</option> <option value=\"word5\">word5</option> <option value=\"word6\">word6</option> here's my code: $query = "SELECT allwords FROM #__functions_experience WHERE profile_id = '".(int)$profileId."' LIMIT 1"; $original_functionsexperience =doSelectSql($query,1); $query = "SELECT allwords FROM #__functions_experience WHERE profile_id = '".(int)$profileId."' LIMIT 1"; $functionsexperiencelist=doSelectSql($query); $funcexpList ="<select multiple=\"multiple\" onchange=\"setFunctionsexperience(this.options)\">"; foreach ($functionsexperiencelist as $functionsexperienceal) { $selected=""; if ($functionsexperienceals->allwords == $original_functionsexperience) $selected=' selected="selected"'; $allwords=$functionsexperienceal->allwords; $funcexpList .= "<optgroup label=\"Current selection\"> <option value=\"".$allwords."\" ".$selected." >".$allwords."</option> </optgroup> <optgroup label=\"Existing Words\"> <option value=\"existing1,\">existing1</option> <option value=\"existing2,\">existing2</option> <option value=\"existing3,\">existing3</option> <option value=\"existing4,\">existing4</option> <option value=\"existing5,\">existing5</option> <option value=\"existing6,\">existing6</option> </optgroup> <optgroup label=\"Others added\"> //heres problem <option value=\"".$allwordsgeneral."\">".$allwordsgeneral."</option> </optgroup>"; } $funcexpList.="</select>"; $output['FUNCEXPLIST']=$funcexpList; The result im getting for optgroup others added: word1, word2, word3, word4, word5, how can i get it like this: <option value=\"word1\">word1</option> <option value=\"word2\">word2</option> <option value=\"word3\">word3</option> <option value=\"word4\">word4</option> <option value=\"word5\">word5</option> <option value=\"word6\">word6</option> Hi , I have one question .. Can I split showing of content of dynamic list in 2 parts , when I echo list in code .. Code: [Select] <?php // Run a select query to get my letest 8 items // Connect to the MySQL database include "../connect_to_mysql.php"; $dynamicList = ""; $sql = mysql_query("SELECT * FROM products ORDER BY date_added DESC LIMIT 8"); $productCount = mysql_num_rows($sql); // count the output amount if ($productCount > 0) { while($row = mysql_fetch_array($sql)){ $id = $row["id"]; $product_name = $row["product_name"]; $price = $row["price"]; $date_added = strftime("%b %d, %Y", strtotime($row["date_added"])); $dynamicList .= '<table width="100%" border="2" cellspacing="2" cellpadding="2"> <tr> <td width="17%" valign="top"><a href="product.php?id=' . $id . '"><img style="border:#666 1px solid;" src="inventory_images/' . $id . '.jpg" alt="' . $product_name . '" width="77" height="102" border="2" /></a></td> <td width="83%" valign="top">' . $product_name . '<br /> $' . $price . '<br /> <a href="product.php?id=' . $id . '">View Product Details</a></td> </tr> </table>'; } } else { $dynamicList = "We have no products listed in our store yet"; } mysql_close(); ?> Code: [Select] <p><?php echo $dynamicList; ?><br /> </p> It works ok, and putting my files, everything works, but when I put 8 pictures with price and other details, it just show one image with details and another image below with details, and the third image below and so on .. Can I split dynamic list to show 4 images with details on the left side and 4 on the right side? Thank you in advance for help , if is possible Hi, I use the following code to create a select menu from an array of options stored in LISTS.php: include 'LISTS.php'; print('<select id="from" name="from">'); foreach ($langList as $lang) {printf('<option %s>%s</option>', ($from1 == $lang ? 'selected="selected"' : ''), $lang); } echo '</select>'; where LISTS.php includes the following: $langList = array(' ','English', 'French', 'German', 'Dutch', 'Spanish'); This works great, but now I want to do something similar with a checkbox list, where each checkbox has an associated 'onchange' javascript function and I'm getting pretty stuck. My checkbox list is of the following form: Code: [Select] <html> <ul style="height: 95px; overflow: auto; width: 200px; border: 1px solid #480091; list-style-type: none; margin: 0; padding: 0;"> <li id="li1b"><label for="chk1b"><input name="chk1b" id="chk1b" type="checkbox" onchange="function1('chk1b','li1b')">Option1</label></li> <li id="li2b"><label for="chk2b"><input name="chk2b" id="chk2b" type="checkbox" onchange="function1('chk2b','li2b')">Option2</label></li> //etc. </ul> </html> What I want to do is have 'Option1', 'Option2', etc. stored in an array in LISTS.php and have a PHP script that populates the checkbox list accordingly, in a similar manner to my select menu above. I can't work out how to get the ID of the next <li> and the next <input> in the list to go up by one each time, e.g. 'li1b' then 'li2b', 'li3b', etc. Could someone pls help me out? Thanks! Is there a way to take data that is listed like a,b,c,d,e and turn that into an unordered list? Basically, I'm going to have a list of schools that will be listed with comma separators. I'll print that data out in two places, one will be printed as it's in the database. The other I would like to echo as an unordered list. Hello.
The first page works, but when form actioning to the next i just get a white screen.
This is the white screen page:
<?php session_start(); include 'details.php'; $username = $_POST['username']; $password = $_POST['password']; $pwswdrd = md5($password); if(!empty($_POST['username'])) { $query = mysqli_query($con, "SELECT * FROM users where name = '$username' AND pass = '$pwswdrd'") or die(mysqli_connect_error()); $row = mysqli_fetch_array($query); if(!empty($row['name']) AND !empty($row['pass'])) { $_SESSION['username'] = $row['username']; $_SESSION['id'] = $row['id']; header('Location: index.php'); } } else { echo "You failed to log in."; } ?> - details.php <?php $one=mysqli_connect('.......webhost.com','aee','aaa') or die("Failed to connect to MySQL: " . mysqli_error() ); $db=mysqli_select_db($one,'aee') or die("Failed to connect to MySQL: " . mysqli_error() ); ?> -- What can possibly be wrong?! hello, here is what i have. i feel like im close. Code: [Select] $result4 = mysql_query("SELECT * FROM schedule WHERE eid = '$posteid' AND status = 1 OR 2"); How hard would something like this be? I have a database with all my users. I need an empty list and when a user clicks a button "Add me to the list" they are added to the first position in the list Slots 1. Tom 2. 3. 4. 5. Later, Jerry wants to be added to the list. So this happens Slots 1. Jerry 2. Tom 3. 4. 5. More people join the list 1. Bob 2. John 3. Jerry 4. Tom 5. Tom gets upset clicks the same button to join the list again, and he's bumped back up to first place. Slots 1. Tom 2. Bob 3. John 4. Jerry 5. Is this possible? And is so, how would I go about getting started on such a thing? I've been using PHP for about a year and a half. I have been working on a website for some time now. My work is now 95% finished and now I am starting to look at security, as I am using PHP. My webpage uses HTML FORMS. When most of these forms get send back to the server, 50% of the time PHP is inserting the value of the FORM inputs into MySQL. To give a basic run down, I have a newsletter sign up system. "Enter your e-mail address"... and then the user enters their e-mail and submits.. PHP runs a MySQL query to insert that FORM value into the database along the lines of this: Quote insert into newsletters (email) values ('.$POST['email'].') I fear this is very vulnerable to injection attack as it means a trouble maker can come along and enter anything they want into my database, potentially wiping it out. I believe I need to "sanitize" my input with a MySQL "real_escape_string" or something? Is there anything real obvious I should look out for when it comes to PHP security? Is there a way to forbid all strings/arguments except the few I need or something perhaps? I have nearly finished a website that i am making for my local community, they will be registering on the site and i am wandering what sort of security for the site i should be thinking about. I just dont want someone out there doing something to cause problem with the site and ruining it for everyone else. Hi, I am looking to create a directory that can not be accessed using .htaccess and neither can files directly. But I want to make it so when you are signed into joomla you can access the files via a mp3 player on the sight. My mp3 extention is joomline player flplayer. And I heard that if I cange the name of the file in joomla fomr lovelove.com/audio/love/abc.mp3 to lovelove.com/audio/love/abc.php?name=abc and then that abc.php script (inside the script it checks if you are logged in) will retrieve the file name, and the joomline will play it it will work. is this possible? Also, if not what can I do for this to work? Right now my script is not working as the joomline looks up all the mp3 files as one big string. this is the abc.php which on my site its calld psp.php
<?php
define( '_JEXEC', 1 );
define( 'JPATH_BASE', realpath(dirname(__FILE__).'/../../' ));
require_once ( JPATH_BASE .'/includes/defines.php' );
require_once ( JPATH_BASE .'/includes/framework.php' );
$mainframe =& JFactory::getApplication('site');
if( !empty( $_GET['name'] ) )
{
// check if user is logged
if(JFactory::getUser()->guest) {
die( "ERROR: invalid song or you don't have permissions to download it." );
}
else {
$psp = preg_replace( '#[^-\w]#', '', $_GET['name'] );
$psp_file = "{$_SERVER['DOCUMENT_ROOT']}/audio/live/{$psp}.mp3";
if( file_exists( $psp_file ) )
{
header( 'Cache-Control: public' );
header( 'Content-Description: File Transfer' );
header( "Content-Disposition: attachment; filename={$psp_file}" );
header( 'Content-Type: application/mp3' );
header( 'Content-Transfer-Encoding: binary' );
readfile( $psp_file );
exit;
}
}
}
?>
then I have joomline player jlplayer
<?php
/**
* JoomLine mp3 player - Joomla mp3 player
*
* @version 1.5
* @package JoomLine mp3 player
* @author Anton Voynov (anton@joomline.ru), Sergii Gaievskiy (shturman.kh@gmail.com)
* @copyright (C) 2010 by Anton Voynov(http://www.joomline.ru)
* @license GNU/GPL: http://www.gnu.org/copyleft/gpl.html
*
* If you fork this to create your own project,
* please make a reference to JoomLine someplace in your code
* and provide a link to http://www.joomline.ru
**/
defined('_JEXEC') or die('Restricted access');
function ascii2hex($ascii, $reverse = false) {
$hex = array();
for ($i = 0; $i < strlen($ascii); $i++) {
$byte = strtoupper(dechex(ord($ascii{$i})));
$byte = str_repeat('0', 2 - strlen($byte)).$byte;
$hex[] = $byte;
}
if ($reverse) $hex = array_reverse($hex);
return implode(" ",$hex);
}
function read_frame (&$f, &$tagdata, $frame) {
$pos = strpos($tagdata,$frame);
if ( $pos !== FALSE) {
// frame found. read length of this frame
fseek($f, 10+$pos+4);
$frame2len = hexdec(ascii2hex(fread($f,4)));
if (($frame2len-1) > 0) {
// read frame data
fseek($f, 10+$pos+4+2+4+1);
$data = trim(fread($f,$frame2len-1));
$hexfdata = ascii2hex($data);
if ( substr($hexfdata,0,5) == 'FF FE' or substr($hexfdata,0,5) == 'FE FF' ) {
$data = iconv("UCS-2","UTF-8",$data);
} else {
if (!preg_match('//u', $data)) {
$data = iconv("cp1251", "UTF-8",$data);
}
}
return $data;
} else {
return false;
}
} else {
return false;
}
}
function readmp3tag($file) {
$f = fopen($file, 'rb');
rewind($f);
fseek($f, -128, SEEK_END);
$tmp = fread($f,128);
if ($tmp[125] == Chr(0) and $tmp[126] != Chr(0)) {
// ID3 v1.1
$format = 'a3TAG/a30NAME/a30ARTISTS/a30ALBUM/a4YEAR/a28COMMENT/x1/C1TRACK/C1GENRENO';
} else {
// ID3 v1
$format = 'a3TAG/a30NAME/a30ARTISTS/a30ALBUM/a4YEAR/a30COMMENT/C1GENRENO';
}
$id3v1tag = unpack($format, $tmp);
// read tag length
fseek($f, 8);
$tmp = fread($f,2);
$tmp = ascii2hex($tmp);
$taglen= hexdec($tmp);
$tagdata = "";
if ($taglen > 0) {
//read tag data
fseek($f, 10);
$tagdata = fread($f,$taglen);
}
// find song title frame
$title = read_frame ($f, $tagdata, "TIT2");
if (!$title) {
if ($id3v1tag['TAG']== 'TAG' && ascii2hex(substr($id3v1tag['NAME'],0,1)) != '00' ) {
$title = $id3v1tag['NAME'];
} else {
$title = explode(DS,$file);
$title = $title[count($title)-1];
$title = explode('.',$title);
$title=$title[0];
}
if (!preg_match('//u', $title)) $title = iconv("cp1251", "UTF-8",$title);
}
$artist = read_frame ($f, $tagdata, "TPE1");
if (!$artist) {
if ($id3v1tag['TAG']== 'TAG' && ascii2hex(substr($id3v1tag['ARTISTS'],0,1)) != '00') {
$artist = $id3v1tag['ARTISTS'];
} else {
$artist = "";
}
}
if (!preg_match('//u', $artist)) $artist = iconv("cp1251", "UTF-8//TRANSLIT",$artist);
$id3tag['NAME'] = $title;
$id3tag['ARTIST'] = $artist;
return $id3tag;
}
if (DS == "/")
$dir = str_replace("\\",DS,$music_dir);
else
$dir = str_replace("/",DS,$music_dir);
$dir = JPATH_ROOT.DS.$dir;
if (!is_dir($dir)) {
echo "Wrong dir in settings";
} else {
$files = glob($dir.DS."*.{mp3,MP3}",GLOB_BRACE);
if (count($files) > 0) {
sort($files);
$host = $base_uri;
foreach ($files as $file) {
$tags = readmp3tag($file);
$file = explode (DS, $file);
if ($server_utf8 == 1) {
$fname = rawurlencode($file[count($file)-1]);
} else {
$fname = rawurlencode($file[count($file)-1]);
}
$fname = substr($fname, 0, -4);
$file = $host."/".$music_dir."/psp.php?name=".$fname;
echo $file;
$artist = trim($tags['ARTIST']);
$artist = $artist == "" ? "" : "{$tags['ARTIST']} - ";
$playlist[] = '{name:"'.$artist.$tags['NAME'].'",mp3:"'.$file.'"}';
}
}
/*
*
//if(!window.jQuery) {
document.write(unescape('<script type="text/javascript" src="<?=$base_uri?>/modules/mod_jlplayer/js/jq.js">%3C/script%3E'));
document.write(unescape('<script type="text/javascript">jQuery.noConflict();%3C/script%3E'));
//}
*
*/
?>
<script type="text/javascript">
var myPlayList = [
<?php
echo implode(",\n ",$playlist)."\n";
?>
];
Array.prototype.find=function(v){
for (i=0;i<this.length;i++){
if (this[i]==v) return i;
}
return 0;
}
var plIndex = [];
for (i=0;i<myPlayList.length;i++) {
plIndex[i] = i;
}
<?php if ($shfl == 1) : ?>
//shuffle
function randOrd(){
return (Math.round(Math.random())-0.5);
}
plIndex.sort(randOrd);
<?php endif; ?>
function setCookie (name, value) {
document.cookie = name + "=" + escape(value) + "; expires=Thu, 01-Jan-2055 00:00:01 GMT; path=/";
}
function getCookie(name) {
var cookie = " " + document.cookie;
var search = " " + name + "=";
var setStr = null;
var offset = 0;
var end = 0;
if (cookie.length > 0) {
offset = cookie.indexOf(search);
if (offset != -1) {
offset += search.length;
end = cookie.indexOf(";", offset)
if (end == -1) {
end = cookie.length;
}
setStr = unescape(cookie.substring(offset, end));
}
}
return(setStr);
}
function changeShflStatus(el) {
nowPlay = plIndex[playItem];
if (el.checked) {
setCookie("jlp_shfl","shuffle");
plIndex.sort(randOrd);
} else {
setCookie("jlp_shfl","notshuffle");
plIndex.sort();
}
playItem = plIndex.find(nowPlay);
}
</script>
<script type="text/javascript" src="<?=$base_uri?>/modules/mod_jlplayer/js/jq.js"></script>
<script type="text/javascript">jQuery.noConflict();</script>
<link href="<?=$base_uri?>/modules/mod_jlplayer/skin/skin.css" rel="stylesheet" type="text/css" />
<script type="text/javascript" src="<?=$base_uri?>/modules/mod_jlplayer/js/jquery.jplayer.min.js"></script>
<script type="text/javascript">
var playItem = 0;
jQuery(function(){
var jpPlayTime = jQuery("#jplayer_play_time");
var jpTotalTime = jQuery("#jplayer_total_time");
var jlp_shfl = getCookie("jlp_shfl");
if (jlp_shfl == "shuffle") {
document.getElementById('jlp_shfl').checked = true;
} else if (jlp_shfl == "notshuffle") {
document.getElementById('jlp_shfl').checked = false;
}
jsuri = baseuri+"/modules/mod_jlplayer/js/";
jQuery("#jquery_jplayer").jPlayer({
ready: function() {
displayPlayList();
playListInit(enable_autoplay); // Parameter is a boolean for autoplay.
},
errorAlerts:true,
warningAlerts:true,
swfPath: jsuri
})
.jPlayer("onProgressChange", function(loadPercent, playedPercentRelative, playedPercentAbsolute, playedTime, totalTime) {
jpPlayTime.text(jQuery.jPlayer.convertTime(playedTime));
jpTotalTime.text(jQuery.jPlayer.convertTime(totalTime));
})
.jPlayer("onSoundComplete", function() {
playListNext();
});
jQuery("#jplayer_previous").click( function() {
playListPrev();
return false;
});
jQuery("#jplayer_next").click( function() {
playListNext();
return false;
});
});
function displayPlayList() {
for (i=0; i < myPlayList.length; i++) {
jQuery("#jplayer_playlist").append("<div id='jplayer_playlist_item_"+i+"'>"+ myPlayList[i].name +"</div>");
jQuery("#jplayer_playlist_item_"+i).data( "index", i ).click( function() {
var index = jQuery(this).data("index");
if (plIndex[playItem] != index) {
_index = plIndex.find(index);
playListChange( _index, index );
} else {
jQuery("#jquery_jplayer").jPlayer("play");
}
});
}
}
function playListInit(autoplay) {
if(autoplay) {
playListChange(0, plIndex[0] );
} else {
playListConfig(0, plIndex[0] );
}
}
function playListConfig(_index, index ) {
jQuery("#jplayer_playlist_item_"+plIndex[playItem]).removeClass("jplayer_playlist_current");
jQuery("#jplayer_playlist_item_"+index).addClass("jplayer_playlist_current");
playItem = _index;
jQuery("#jquery_jplayer").jPlayer("setFile", myPlayList[plIndex[playItem]].mp3);
}
function playListChange(_index, index ) {
playListConfig(_index, index );
jQuery("#jquery_jplayer").jPlayer("play");
}
function playListNext() {
var _index = (playItem+1 < myPlayList.length) ? playItem+1 : 0;
var index = plIndex[_index];
playListChange(_index, index );
}
function playListPrev() {
var _index = (playItem-1 >= 0) ? playItem-1 : myPlayList.length-1;
var index = plIndex[_index];
playListChange(_index, index );
}
</script>
<?php include_once(JPATH_ROOT.DS.'modules/mod_jlplayer/skin/tpl.php'); ?>
<?php
}
I was messing around in there with $file
if ($server_utf8 == 1) {
$fname = rawurlencode($file[count($file)-1]);
} else {
$fname = rawurlencode($file[count($file)-1]);
}
$fname = substr($fname, 0, -4);
$file = $host."/".$music_dir."/psp.php?name=".$fname;
echo $file;
I am unsure how to retreive a file title only, with out the whole path, just the name and not even the file ext.It comes up with all the files names in the echo. Also I am not sure how joomline chooses just one file. I am not a php designer and I am quite confused lol Any help would be appreciated! Thank you. I really have less idea about website security. Yesterday for the first time I learned website hacking and applied that method to my web page. My webpage was completely down after applying that. Q) To free a site from hacking what techniques are followed? I want to create an ADMIN directory with several directory under that. I want to be certain that the user cannot log into any of the directory unless they have confirmed login. Is $_session id's the best way to go? Should I create on the flyer and attached to username? What is the best practice for this? Regards, DED Hi there, I'm in serious need to find a way to block people from a website I code for. The thing is, we have a jailing system, nice and simple, and IP/email ban system too. But with proxies, advertisers and repeated troublemakers keep coming back because we just get the new proxy IP each time and it's a losing battle. What I need is a way to ban them properly from the site, like somehow stopping the computer they use from accesing the site. someone once said you can use a cookie to stop a browser getting on the site, but I don't know how to set it up to give the cookies out upon login and find the one associated to an account we don't want (by "cookie" banning I guess?") and stop them from logging in. Hi everyone, So, like my name says, I'm just a hobbyist PHPer, but I write the occassional PHP application for people, I've been doing it for quite a while and I fear that perhaps my way of securing my applications may be a bit antiquated... I was hoping that you guys/gals might be able to take a look and give me some help with perhaps how I could go about making these apps more secure... So, without further ado, here it is... standard application page, e.g. index.php Code: [Select] <? session_start(); if(!$_SESSION['Condition'] == 'Logged') { header("Location: login.php"); } elseif($_SESSION['Condition'] == 'Logged') { require "connection.inc"; ?> <? } ?> login.php page Code: [Select] <? if(isset($_POST['Login'])) { include_once 'connection.inc'; $count = 0; $query = "SELECT UserID FROM Users WHERE UserName = '$_POST[username]' AND UserPassword = '$_POST[password]'"; $results = mysql_query($query)or die(mysql_error()); $count = mysql_num_rows($results); while($row = mysql_fetch_array($results)) { $UserID = $row['UserID']; } if ($count == 1) { header("Location: loginaction.php?UserID=$UserID"); } } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" > <head> <title></title> <link rel="stylesheet" type="text/css" href="StyleSheet.css" /> <script language="javascript" type="text/javascript"> function loginValidate(form) { if (form.username.value == '') { alert('You must supply a Username.'); form.username.focus(); return false; } if (form.password.value == '') { alert('You must supply a Password.'); form.password.focus(); return false; } else { return true; } } </script> </head> <body> <? include_once 'header.inc'; ?> <div id="LoginBox"> <div id="SubFormBoxHeading"> Log In </div> <form id="thisform" action="<? echo $_SERVER['PHP_SELF']; ?>" onsubmit="return loginValidate(this)" method="post"> <table> <tr> <td colspan="2"> <? if (isset($_POST['Login']) && !$count == 1) { echo '<h3>Wrong Username and/or Password</h3>'; } ?> </td> </tr> <tr> <td class="Labels">Username:</td> <td><input type="input" id="username" name="username" size="20" /></td> </tr> <tr> <td class="Labels">Password:</td> <td><input type="password" id="password" name="password" size="20" /></td> </tr> <tr> <td colspan="2"> <div style="text-align: center; margin-top: 20px; margin-bottom: 20px;"> <input type="submit" id="Login" name="Login" value="Log In" /> </div> </td> </tr> </table> </form> </div> <? include_once 'footer.inc'; ?> </body> </html> loginaction.php page Code: [Select] <? session_start(); $_SESSION['Condition'] = 'Logged'; $_SESSION['UserID'] = $_GET['UserID']; header("Location: index.php"); ?> and finally, the logout.php page Code: [Select] <? session_start(); unset($_SESSION['Condition']); unset($_SESSION['UserID']); session_destroy(); header("Location: index.php"); ?> |
|||||||