PHP - Allowing Users To Upload Their Music?

I havent included the whole title as it wouldnt let me but I was wondering if someone could help me on this?

I know this is possible as torrentflux caters for this but unsure of where to start.

I dont want to allow file or directory uploads or creation in my /etc/php.ini file (this is turned off).

Yet then torrentflux allows me to link a torrent from an external source (using legal downloads of course  ) but then it uploads it on my server and creates folders on a per user basis.

How is this possible can someone give me some pointers please?

I look forward to any replies,
Jeremy.

I want people to be able to post images on to my page but i want them to be able to add a caption when they post their image This is the format I want the image and caption to be posted like

<div class="spacer">&nbsp;</div>
	<div class="jokestary-img" title="Siri will screw up your relationship">
	<img src="uploads/Siri will screw up your relationship.jpg" />
	<div class="caption"><div>Siri will screw up your relationship.</div></div></div> 
                       

The code for the upload form also wont work The page says "Upload complete!" before i even choose a file and doesnt send to my database

?php

// properties of the uploaded file
$name = $_FILES ["myfile"] ["name"];
$type = $_FILES ["myfile"] ["type"];
$size = $_FILES ["myfile"] ["size"];
$temp = $_FILES ["myfile"] ["tmp_name"];
$error= $_FILES ["myfile"] ["error"];

if ($error > 0)

	die ("Error uploading file! code $error.");
else
{
if ($type== "video/av/png || $size 1000000") //conditions for file
{
	die("That format is not allowed or file size too big");
}
else
	
	move_uploaded_file($temp,"uploads/".$name);	
	echo "Upload complete!";
}
?>

This topic has been moved to Miscellaneous.

http://www.phpfreaks.com/forums/index.php?topic=341970.0

Hello   I am trying to work out how many regular users I have to my site and how long those users tend to be users..   So, I have a table that logs every time a user visits my site and logs in, it stores the date / time as a unix timestamp and it logs their user id.   I started by getting the id's of any user who logs in more than 5 times in a specified period, but now I want to extend that...  

 
SELECT userID as user, count(userID) as logins FROM login_history where timestamp > UNIX_TIMESTAMP('2014-06-01 00:00:00') and timestamp < UNIX_TIMESTAMP('2014-07-01 00:00:00') group by user having logins > 5;
 

I just discovered that I have a major security flaw with my website.
Anyone who logs in to the website can easily access other users information as well as delete and edit other users information just by changing the ID variable in the address bar.
I have user ID Session started on these pages but still people can do anything they like with other users information just by editing the address bar.
For example if your logged in in the address bar of www.mywebsite.com/delete_mystuff.php?id=5 and change the "5" say to a "9" then you will have access to user#9 information.

Every important page that I have has this code:
Code: [Select]
 session_start();

if (!isset($_SESSION['user_id'])) {
// Start defining the URL.
         $url = 'http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']);
// Check for a trailing slash.
         if ((substr($url, -1) == '/') OR (substr($url, -1) == '\\') ) {
         $url = substr ($url, 0, -1); // Chop off the slash.
}
// Add the page.
$url .= '/index.php';
ob_end_clean(); // Delete the buffer.
header("Location: $url");
exit(); // Quit the script.
} else {
                //Else If Logged In Run The Script

if((isset($_GET['id'])) && (is_numeric($_GET['id']))) {
         $id = (int) $_GET['id'];
} elseif ((isset($_POST['id'])) && (is_numeric($_POST['id']))) {
         $id = (int) $_POST['id'];
} else {
         echo ' No valid ID found, passed in url or form element';
        
         exit();
}



What am I doing wrong?
Please help if you know how to correct this.

Many thanks in advance.

I was wondering if there was a way to allow users to input there own HTML and CSS in like a members only site using PHP? If so, how would it be done?

I've set up a staging server with Ubuntu 14.04, Apache, PHP, and MySQL, and I'm having a configuration issue that I need to resolve.   index.html uses a server side include.  I was required to change the shtml file it references to a php file, but it's not working properly.   When my webpage uses the code: <?php include ("footer.shtml"); ?> then the page loads correctly   However, when I change it to: <?php include ("footer.php"); ?> then I instead see a message stating, "This attachment was removed because it contains data that could pose a security risk."   I can't determine which configuration file I need to change, and what the change needs to be.

Would someone tell me how to allow foreign letters, normal english letters and numbers using the preg_replace php function?

Hey,

I've created a messaging system for my site and I'm trying to make it so that a copy of the original message is included and automatically put into the message content box when somebody clicks to reply.

I've done this literally just by making the "reply" button into a form which also posts the content of the message from the previous page and puts it into the content box.

However I have some issues with it: firstly, wherever ' is used, it becomes \' and wherever " is used, the whole of the rest of the message is blanked out.

Can anybody point me in the direction of the solutions I might need to make it so that ' and " both appear normally without cutting the rest of the message off?

Thanks in advance & let me know if anything is missing!

Hy! Any help on this topic would be much appreciated.

Here is the deal. I need to redirect some countries to another URL. But I need to allow a free access for search engine's bots even if they come from those countries.

Here is what I did until now:

Used MaxMind PHP API and databases to establish redirect. And then tried to modify the code to redirect ONLY if user is from blocked country AND IS NOT allowed crawler... suprise suprise, it's not working as I imagined:)!

Here is the code so far:

#!/usr/bin/php -q
<?php

// This code demonstrates how to lookup the country by IP Address

include("geoip.inc");

// Uncomment if querying against GeoIP/Lite City.
// include("geoipcity.inc");

$gi = geoip_open("GeoIP.dat",GEOIP_STANDARD);
$country = geoip_country_code_by_addr($gi, $_SERVER['REMOTE_ADDR']);
geoip_close($gi);

$my_countries = array('de', 'se', 'no', 'ee', 'it', 'lv', 'cz', 'dk', 'sk', 'at', 'ch', 'lu', 'nl', 'es', 'hu', 'sg', 'gr', 'ua', 'fi', 'ru', 'cn', 'hk', 'my', 'id', 'us', 'ar', 'mx', 'ec', 'cr', 'py', 'br');
$allowed_spiders = array('Googlebot', 'Yammybot', 'Openbot', 'Yahoo', 'MSNbot', 'Ask Jeeves', 'Teoma', 'Architext spider', 'FAST-WebCrawler', 'Slurp', 'Yahoo Slurp', 'ia_archiver', 'Scooter', 'crawler@fast', 'Crawler', 'InfoSeek sidewinder', 'Lycos_Spider_(T-Rex)');
$agent_name = $_SERVER['HTTP_USER_AGENT'];


if (in_array(strtolower($country), $my_countries)) {
         foreach($allowed_spiders as $s){
                if(!strpos($s,$agent_name)){
                     header('Location: www.REDIRECT URL.com');
                }
        }
exit;
}


?>


How I imagined this code should work is: First check from where is user coming. Then compare GeoIP shortcode for country to shortcodes for banned countries. AND then if traffic is indeed from banned country also check if user agent name has anything in it from an array of allowed spider names (Googlebot can be Googlebot, or Googlebot/2.1 for an example). And if it's not allowed spider then redirect user to another address.

I tried many variations of this but nothing seems to work. Each time that I tried to fetch page as a googlebot in webmaster, I got 302 redirection. Any help or guidance here MUCH appreciated.

Thank you PHP JEDI in advance !!

Hey guys,


OK, so actually I have two questions that are kind of related. The first one is how I can allow users to use <i>, <b>, <strong> tags when submitting information in a form. I would like to allow certain tags so they can emphasize things in their text, but I still want to strip the rest for security reasons. I tried using strip_tags() with some exceptions as a second parameter, but as far as I understand, that just allows them to be displayed as text, not for the browser to make text bold for instance. Below is what I have now.


function stripdata($data) {
return trim(htmlentities(stripslashes($data), ENT_QUOTES));
}

echo stripdata($someDataFromMySQL);


I also want to ask if the solution above is 100% safe so that users can not submit malicious code that can execute when users' visit a page of mine that displays that code.


Thank you in advance.

I have text with an apostrophe (Bill's car) that has been encrypted and decrypted, then inserted into a database.  After it is decrypted but before inserting it, I process it with
$field1 = mysqli_real_escape_string($cxnA, $field1)

When I insert the field and view it in MySQL Query Browser, it shows the converted apostrophe: Bill&#39s car

When I select on the field
Code: [Select]
select * from table1 where field1='Bill\'s car'this returns no records

I have to use
Code: [Select]
select * from table1 where field1='Bill&#39s car'to get the record, which is very inconvenient

If I display this field in a browser using
<input type='text' name=field1 value='".htmlentities($field1Value, ENT_QUOTES, 'UTF-8')."' maxlength='50'>
I get - Bill&#39s car - in the browser, which is not what I want.

I have to use
<input type='text' name=field1 value='".htmlspecialchars_decode(htmlentities($field1Value, ENT_QUOTES, 'UTF-8'), ENT_QUOTES)."' maxlength='50'>
to get Bill's car to display.

The strange thing is that when I echo field1 before it is inserted, it shows Bill's car.

I have even tried the following to get it to insert the proper value:
$field1 = htmlspecialchars_decode(mysqli_real_escape_string($cxnA, $field1), ENT_QUOTES);
but this doesn't work either.

How do you prevent this from happening?

Thanks.

I would like to allow special characters in my script like:

ஆஇஊஎஐஓ

But I don't want to allow HTML like:
<b>bold</b>

At first I was using htmlentities() when PRINTING OUT (NOT when or before inserting in the query) .

Data shows up in MySQL as &#4555;&#4548;&#4573;&#4576;&#4580;&#4578;&#4582;

And it was also printed out that way, I'd like to have it translated into it's actual form (ஆஇஊஎஐஓ), yet 
I don't want <b>bold</b> to be translated as well, I want it to stay <b>bold</b>

Is there any way I can do this?

I also tried htmlspecialchars() but that didn't do the trick either.

If you need script examples let me know.


EDIT: To bring it to the point, I want it to be just like in this forum post.

The special chars are showing up, and the html is just being printed as <b></b>.

.dropbtn {
    background-color: #4CAF50;
    color: white;
    padding: 10px;
    font-size: 16px;
    border: none;
}

.dropdown {
    position: relative;
    display: inline-block;
}

.dropdown-content {
    display: none;
    position: absolute;
    background-color: #f1f1f1;
    min-width: 800px;
    box-shadow: 0px 8px 16px 0px rgba(0,0,0,0.2);
    z-index: 1;
}

.dropdown-content img {
  width: 32px;
  height: 32px;
  margin: 3px;
  position: relative;
  float: left;
}

.dropdown-content a {
    color: black;
    padding: 12px 16px;
    text-decoration: none;
    display: block;
}

.dropdown-content a:hover {background-color: #ddd;}

.dropdown:hover .dropdown-content {display: block;}

.dropdown:hover .dropbtn {background-color: #3e8e41;}

/* HIDE RADIO */
[type=radio] { 
  position: absolute;
  opacity: 0;
  width: 0;
  height: 0;
}

/* IMAGE STYLES */
[type=radio] + img {
  cursor: pointer;
}

/* CHECKED STYLES */
[type=radio]:checked + img {
  outline: 2px solid #f00;
}

<div class="dropdown">
  <button class="dropbtn">Dropdown</button>
  <div class="dropdown-content">

<form name="form" action="icons-submit/submit_icon-default.php" method="post">
  <input type="radio" id="icon_default" name="icon_default"  value="icons/default.jpg" onchange='if(this.value != 0) { this.form.submit(); }'>
  <img src="icons/default.jpg">
<input type="text" id="id" name="id" value=" . $row['id'] . " style="background: transparent;border: none;font-size: 0;">
</form>

<form name="form" action="icons-submit/submit_icon-default.php" method="post">
  <input type="radio" id="icon_default" name="icon_default"  value="icons/default.jpg" onchange='if(this.value != 0) { this.form.submit(); }'>
  <img src="icons/default.jpg">
<input type="text" id="id" name="id" value=" . $row['id'] . " style="background: transparent;border: none;font-size: 0;">
</form>

<form name="form" action="icons-submit/submit_icon-Grass_Block.php" method="post">
<label>
  <input type="radio" id="icon_grass-block" name="icon_grass-block" value="icons/Grass_Block.png"onchange='if(this.value != 0) { this.form.submit(); }'>
  <img src="icons/Grass_Block.png">
</label>
<input type="text" id="id" name="id" value=" . $row['id'] . " style="background: transparent;border: none;font-size: 0;">
</form>
<form name="form" action="icons-submit/submit_icon-gear.php" method="post">
<label>
  <input type="radio" id="icon_gear" name="icon_gear" value="icons/Gear.png"onchange='if(this.value != 0) { this.form.submit(); }'>
  <img src="icons/Gear.png">
</label>
<input type="text" id="id" name="id" value=" . $row['id'] . " style="background: transparent;border: none;font-size: 0;">
</form>
  </div>
</div>

 

Hello Guys,

I check the price field on the server side and I am trying to figure out how to allow a comma in the price field

example 2,300

Here is the code I use to check the price.
Code: [Select]
function check_Price($price,$member_id,$description,$ip){
if (isset($price) && (!is_numeric($price)))
{
      do something here
}

}
Thanks in Advance!
Dan