|
PHP - Why Is This Regex Failing?
I am building a whitelist based bbcode sanitiser that allows only permitted bbcode element (the
tag. All other bbcode elements will be rejected regardless of what they are. Also, this system should reject empty bbcode tag This is the function below:
$val = 'This is a post with code, [code]cmmcxm[/code]';
/* The negative lookahead regex contruct in the function below ensures all opening
square brackets must
be followed by this regex inside the lookahead(code\](.)+\[\/code\])
*/
function isSuspect($val)
{
// create a pattern to whitelist allowed bbcode phrase
$pattern = '/[(?!(code\](.)+\[\/code\]))/i';
// if one of the suspect phrases is found, reject \[(?!(code\]\[/code\]))
if (preg_match($pattern, $val))
{
return '<div id="login-alert" class="alert alert-danger col-sm-12">You can not post that, it appears you may have included banned words or code tags in your post.<br/>If you think this is not the case, kindly contact the portal administrator <a href="#"><img class="warning" src="assets/img/icons/mail-black.png" alt="" /> here</a></div>';
}
}
echo isSuspect($val);
This function is not validating $val = 'This is a post with code,
cmmcxm'; and I was thinking it should. I would appreciate inputs to finish this. Thanks. Similar TutorialsI'm now having a problem with PHP uploads on the test site I'm working on. There is a special page called "cart_import.php" that directs CSV files selected for uploading to the "files" directory in the same location as the the page mentioned, and from there works on updating the website's front end with the data in the CSV file. But, when I try and upload the file, the page reports that it's failing to receive the upload entirely. I've confirmed with the host that the php.ini file does allow uploads, the "files" directory is set to write access and upload size allowed is a little over 2MB. Is there perhaps another thing I'm missing to allow uploads, something that I haven't found yet with Google? Please help with this, it not going to the .html controller and returing the values need, it captures the email form values, bu then fails with a 406 error.
Please help
$('#newsletter').submit(function() {
//E-mail is passed
var values = $(this).serialize();
var formRef = $('form').attr('id');
var dataString = JSON.stringify(values);
//var values = $("#newsletter_email").val();
if($('#newsletter_tc_check').is(':checked')){
$.ajax({
type: 'POST',
url: "./saveNewsletterSignupEmailPost.html",
dataType: 'json',
data: dataString,
contentType: 'application/json',
mimeType: 'application/json',
success: function(data) {
var result = $.parseJSON(data);
if(result.form == formRef){
$('.success.message').contents().find('h4').text(success.text());
VanillaReload.notify.showNotification("success");
$("#newsletter_email").val("");
}else{
$('.error.message').contents().find('h4').text(error.text());
VanillaReload.notify.showNotification(".error");
}
}
});
return false;
}else{
$('.error.message').contents().find('h4').text(error.text());
vanillaeGift.notify.showNotification(".error");
}
return false;
});
Why is this line of code not sending an e-mail to my gmail account? Code: [Select] mail($email, ' Log-In Issue', $body, 'From: admin@MySite.com <admin@MySite.com>'); I stepped through my code, and $email = 'debbies_email_account@gmail.com' I'm confused?! Debbie Hello All,
I am working on a project where the client has provided me with the public key file and the private-key is being passed via url, along with 2 params that will be used on my end.
These are the basics of the process that I am to use for verifying. Generate your own plaintext message matching the format of the string provided Create a SHA1withRSA hash of this message using the provided public key (UTF-16LE encode and pass this value) Base64 decode the signature Using a SHA1withRSA validator, verify your hashed message matches the Base64 decoded value in step 3 At this point I have performed steps 1-3 but am having an issue with step 4. The code is failing here. When I say failing I mean it is not being verified. $base64Sig = base64_decode($signature, true); $publickey = getPemKey(); I've got an autodownloader for a file that I want my users to download when they click a link and the file is right but when a user downloads the file, the file is corrupted. Code: [Select] <?php header('Content-Type: application/x-rar'); header('Content-Length: ' . strlen($data)); header('Content-Disposition: attachment; filename=Addypk.rar'); header('Content-type: application/octet-stream'); ?> It's not downloading the actual content of the file, rather, it's downloading the shell. Any ideas? I'm compiling and running C++ applications from PHP. I'm using backticks to capture the output of the applications ran. The output is just some simple text. In my case "Miles per gallon = x" where x is just a number. I cannot for the life of me get the comparison to return true. For example Code: [Select] $command1="./a.out1 <input1"; $a = `$command1`; $command2="./a.out2 <input2"; $b = `$command2`; if(strcmp($a,$b)==0){ ... } else{ // this is always executing ... } The two strings $a and $b are both "Miles per gallon = 10". I have checked both variables using var_dump(bin2hex($a)) and get dump1= string(42) "4d696c6573207065722067616c6c6f6e203d203130" dump2= string(42) "4d696c6573207065722067616c6c6f6e203d203130" Any idea on what's happening? OK, so I dont think this is a code issue as such, but I am completely stumped as to where the issue could be. I have a page with some standard include() functions at the top. When I access the page from home, everything operates as it should, when I access it from work (on multiple machines), I get the standard "unable to open stream" and "unable to access" warnings for the include statements. I have tried hard refreshing and deleting cache (not that it should make a shred of difference) etc, but the error is still there after a week or so. Does anyone know what could be causing this issue? My application just broke about 2 hours ago and for the life of me I don't know what I did to it?! (I was coding a different file, and when I tried to run the main - unrelated index.php - things stopped working?!) Here is a snippet of the suspect code... if ($rows == 0){ // Email and Username are available. // Add User to the database. $q = "INSERT INTO users(username, email, pass, first_name, last_name, date_expires) VALUES('$u', '$e', '" . get_password_hash($p) . "', '$fn', '$ln', ADDDATE(NOW()), INTERVAL 1 MONTH))"; $r = mysqli_query($dbc, $q); When I step through my code in NetBeans, the INSERT is failing and I don't know why because I haven't touched this code since this morning and it was working all day... Please help! TomTees Another bizzare thing that stopped working all of a sudden... I have a registration form and this code no longer works... // Check for First Name. // Allow letters, space, period, apostrophe, and hyphen. if (preg_match('/^[A-Z\'.-]{2-20}$/i', $_POST['first_name'])){ $fn = mysqli_real_escape_string($dbc, $_POST['first_name']); } else { // Add error-message to array. $reg_errors['first_name'] = 'Please enter your first name!'; } All day when I typed in a two letter answer - to speed up typing and testing - things worked fine, but now I get a built-in error message off to the side of the input box. I typed 'ee' and that always worked before but no luck now. The Reg Ex hasn't changed. Could it be that there is a database connectivity issue that is screwing up my RegEx?? If I comment out all of the RegEx stuff then it works and my INSERT works - thanks to AlexWD TomTees i have a simple class which sees if there are any members in the database with the supplied details, then returns a simple number to show how many results there are, but it isnt working and throwing the error: Code: [Select] Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given in C:\wamp\www\classTest\classes\user_process.php on line 52 here is the class: require_once("db_mysql.php"); require_once("./init.php"); class emptyArgs extends Exception { function __toString() { return "<strong>Empty Arguments</strong>"; } } class user_process { public $user_name; public $password; public function login($user_name, $password) { try { if (empty($user_name) || empty($password)) { throw new emptyArgs(); } if ($user_name == "") { throw new emptyArgs(); } } catch (emptyArgs $e) { echo $e; echo "<p>Please Supply All Details Marked *</p>"; } echo $user_name; echo $password; $query = <<<QUERY SELECT COUNT(*) FROM ".TBL_PREFIX."members WHERE user_username = '$user_name' AND user_password = '$password' QUERY; $process = mysql_query($query); $result = mysql_num_rows($process); // Line 52 where the error originates return $result; } } and here is the call: $user = new user_process(); $user->login("username", "password"); All of the database details are correct and the values do match in the database. Where am i going wrong? Note that this class is just for testing and not actually used. Hi I.m trying to load an RSS feed from a google calendar. I'm using a script from the w3schools website which works with the demo RSS feeds. I changed the URL to my google calendar and for some reason it can't open the feed. I get an error: Warning: DOMDocument::load() [domdocument.load]: I/O warning : failed to load external entity I changed the calendar to a shared one and tried that URL but same result. I found another script specifically for google calendar feed but same results. The scripts open with other feeds but not google calendar. ANy ideas? Code: [Select] <?php //get the q parameter from URL $q=$_GET["q"]; //find out which feed was selected if($q=="Google") { $xml=("https://www.google.com/calendar/feeds/...group.calendar.google.com/private-313f84595f6e8dbfc7dc80f450d3e8be/basic"); } elseif($q=="MSNBC") { $xml=("http://rss.msnbc.msn.com/id/3032091/device/rss/rss.xml"); } $xmlDoc = new DOMDocument(); $xmlDoc->load($xml); I removed the unique id for the calendar for now Any help appreciated Good evening! i am using PHRETS ( http://dangodesign.n...h-rets-for-php/ ) to pull data off of a MLS RETS server. i am successfully connecting to the server so the conditional is passing. but my queries are pulling no results. the provider tells me DMQL2 is the database. ive only ever worked with MySQL so im in the dark.
if($connect)
{
$sixmonths = date('Y-m-d\TH:i:s', time()-15778800); // get listings updated within last 6 months
/* Search RETS server */
$search = $rets->SearchQuery
(
'Property', // Resource
//6, // Class
'ResidentialProperty',
'((Lud='.$sixmonths.'+),(Status=A))', // DMQL, with SystemNames
array(
'Format' => 'COMPACT-DECODED',
'Select' => 'sysid,49,112,175,9,2302,2304',
'Count' => 1,
'Limit' => 20
)
);
/* If search returned results */
if($rets->TotalRecordsFound() > 0)
{
while($data = $rets->FetchRow($search))
{
print_r($data);
}
}
else
{ echo '0 Records Found'; }
$rets->FreeResult($search);
}
adding photo,Array ( [name] => profilepic.jpeg [type] => image/jpeg [tmp_name] => C:\xampp\tmp\phpB923.tmp [error] => 0 [size] => 152127 ) Hi, We have been using this code for ages, but suddenly for some reason we cannot upload an image using the code below. When we try to Print_r the $profilephoto variable, I get this error. The filename is correct, but what is that [error]?? And how do I resolve it? Oddly it does upload it locally, but LIVE, it won't This is the code.
if (isset($updatephoto))
{
echo "adding photo,";
print_r($profilephoto);
define ("MAX_SIZE","5000");
function getExtension($str) {
$i = strrpos($str,".");
if (!$i) { return ""; }
$l = strlen($str) - $i;
$ext = substr($str,$i+1,$l);
return $ext;
}
$errors=0;
if($_SERVER["REQUEST_METHOD"] == "POST")
{
$image =$_FILES["profilephoto"]["name"];
$uploadedfile = $_FILES['profilephoto']['tmp_name'];
if ($image)
{
$filename = stripslashes($_FILES['profilephoto']['name']);
$extension = getExtension($filename);
$extension = strtolower($extension);
if (($extension != "jpg") && ($extension != "jpeg") && ($extension != "png") && ($extension != "gif"))
{
echo "Unknown Extension..!";
}
else
{
$size=filesize($_FILES['profilephoto']['tmp_name']);
if ($size > MAX_SIZE*1024)
{
echo "File Size Excedeed..!!";
}
if($extension=="jpg" || $extension=="jpeg" )
{
$uploadedfile = $_FILES['profilephoto']['tmp_name'];
$src = imagecreatefromjpeg($uploadedfile);
}
else if($extension=="png")
{
$uploadedfile = $_FILES['profilephoto']['tmp_name'];
$src = imagecreatefrompng($uploadedfile);
}
else
{
$src = imagecreatefromgif($uploadedfile);
echo $scr;
}
list($width,$height)=getimagesize($uploadedfile);
$newwidth=600;
$newheight=($height/$width)*$newwidth;
$tmp=imagecreatetruecolor($newwidth,$newheight);
imagecopyresampled($tmp,$src,0,0,0,0,$newwidth,$newheight,$width,$height);
$pic=($_FILES['profilephoto']['name']);
$random = (rand()%99999999);
$newname="$random"."$pic";
$filename = "images/profiles/". $newname;
imagejpeg($tmp,$filename,100);
imagedestroy($src);
imagedestroy($tmp);
}}
}
$query = ("UPDATE users SET profilephoto =:newname WHERE id =:userid");
$result = $pdo->prepare($query);
$result->execute(array(':userid' => $userid, ':newname' => $newname));
echo "<script>
window.location.replace('/profile/')
</script>";}
Can anyone explain this? Warning: get_browser() [function.get-browser]: browscap ini directive not set in /home/albany/public_html/players_dir/dirupdate.php on ..... I'm trying to determine the browser so I can juggle my html a little bit. Hello everyone:
I'm having trouble with code that compares a Form value ($uname) to Field values (username) from my database. In testing, I'm using the same Form data over and over, and I now have several identical records instead of just one unique record for this user.
if (empty($_POST["uname"])) {
$unameErr = "* Username is required";
} else {
$uname = test_input($_POST["uname"]);
if (!preg_match("/^[a-zA-Z0-9]*$/",$uname)) {
$unameErr = "* Only letters and numerals are allowed";
} else {
// Now sure the username is legit, we check to see if it's a
// unique username by comparing it to all usernames already in member table.
require_once 'login.php'; // This file contains database access credentials
$db_conn = new mysqli($db_hostname, $db_username, $db_password, 'login');
if($db_conn->connect_error) die ('Connect Error: ('.$db_conn->connect_errno.')'.$db_conn->connect_error);
$query = "select username from member"; // Only selecting the field to compare to
$result = $db_conn->query($query);
if(!$result) die ('Database access failed: ('.$db_conn->connect_errno.')'.$db_conn->connect_error);
$rows = $result->num_rows;
for($i = 0; $i <= $rows; $i++) {
if(mysqli_fetch_assoc($result) == $uname) {
$unameErr = "* Username already in use. Please choose another.";
mysql_close($db_conn);
exit;
}
}
$query = "insert into member values(NULL, '$uname', '$pwd1', '$fname', '$lname')";
$result = $db_conn->query($query);
if(!$result) die ("Database insertion failed: ".mysql_error());
}
}
This is my first attempt at this using PHP and am pleased that I can at least access my db. But I just can't figure out how to make this comparison check.
Thanks in advance for any help you offer.
~Landslyde
Morning all, I'm trying to query a user table and am receiving errors. In the mysql statement I am trying to SELECT all data from the table that matches the username of the person logged in. The error I am receiving is this: Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given in C:\xampp\htdocs\123\myaccount.php The database query is written correctly, if I am logged in as the user Admin then I recieve this message as well: Unknown column 'Admin' in 'where clause' from the or die(mysql_error());. In the database the username is: admin but I can login using Admin, is this an issue of upper and lowercase? The PHP code is below: Code: [Select] <?php require_once('connect.php'); $query = mysql_query("SELECT * FROM user WHERE username = $_SESSION[gatekeeper]"); while ($row = mysql_fetch_array($query) or die(mysql_error())); { echo"<div class='BlockContent'>"; echo" <table id='UserList'>"; echo" <tr>"; echo" <th>My Account</th>"; echo" </tr>"; echo" <tr>"; echo" <td id='left'>"; echo" </td>"; echo" </tr>"; echo" </table>"; echo"</div>"; } ?> This works: $result = mysql_query("SELECT * FROM mydatabase WHERE username = 'billybob'"); This does not: $user = "billybob" $result = mysql_query("SELECT * FROM mydatabase WHERE username = $user"); Shouldn't these be identical? If I echo $user, I get, of course, "billybob", so does anyone know why the variable isn't working in the query itself? Hi there I have a PHP file that works perfectly when I run it in my browser (compiles a report and saves it to my server), however when run from Cron gives a totally different output. Below is the code, and below that is the output I get when run from Cron. <?php include("db_conn.php"); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Customer Appreciation Project</title> </head> <body> <?php $date = date("Y-m-d"); $time = date("h:i:s",time()); $file = $date.".html"; $fp=@fopen("active_members/".$file, 'w'); $content = "<html><head><title>Active Members Report</title></head><body>"; $content = $content . "<h1>Active Members</h1>"; $content = $content . "<p><font size=1>Report run on ". $date . " at ". $time."</font></p>"; $fetch_members = mysql_query("SELECT * FROM membership_periods WHERE (membership_periods.Start_Date <= Now() AND membership_periods.End_Date >= Now()) ORDER BY Member_Number"); if (mysql_num_rows($fetch_members) == "0") { $content = $content . "<p>No results were found.</p>"; } else { $content = $content . "<table border=0 cellpadding=2 width=100%>"; $content = $content . "<tr><td><b>Member Number</b></td><td><b>Start Date</b></td><td><b>End Date</b></td><td><b>Affiliation</b></td><td><b>Voucher</b></td></tr>"; while($row = mysql_fetch_array($fetch_members)) { $content = $content . "<tr><td>". $row['Member_Number'] ."</td><td>". $row['Start_Date']."</td><td>". $row['End_Date'] ."</td>"; $Affiliation_ID = $row['Affiliation_Group_ID']; if (Affiliation_ID > 0) { $fetch_affiliation= mysql_query("SELECT * FROM affiliation_groups WHERE ID = '$Affiliation_ID'"); $Affiliation_Group_Name = mysql_result($fetch_affiliation, 0, "Affiliation_Group_Name"); $content = $content . "<td>". $Affiliation_Group_Name ."</td>"; } else { $content = $content . "<td> </td>"; } $Member_Number = $row['Member_Number']; $fetch_member_id = mysql_query("SELECT ID FROM members WHERE Member_Number = '$Member_Number'"); $Member_ID = mysql_result($fetch_member_id, 0, "ID"); $fetch_voucher = mysql_query("SELECT Voucher_ID FROM reward_assignments WHERE Member_ID = '$Member_ID' AND Reward_Valid_To >= Now()"); if (mysql_num_rows($fetch_voucher) > 0) { $Voucher_ID = mysql_result($fetch_voucher, 0, "Voucher_ID"); $fetch_voucher_no = mysql_query("SELECT Voucher_Number FROM reward_vouchers WHERE ID = '$Voucher_ID'"); $Voucher_Number = mysql_result($fetch_voucher_no, 0, "Voucher_Number"); } $content = $content . "<td>". $Voucher_Number ."</td></tr>"; $Affiliation_Group_Name = ""; $Voucher_Number = ""; } $content = $content . "</table>"; } $content = $content . "</body></html>"; fwrite($fp, $content); fclose($fp); ?> </body> </html> And this is the Output I get mailed to me when Cron job runs: PHP Deprecated: Comments starting with '#' are deprecated in /etc/php5/cli/conf.d/mcrypt.ini on line 1 in Unknown on line 0 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Customer Appreciation Project</title> </head> <body> PHP Notice: Use of undefined constant Affiliation_ID - assumed 'Affiliation_ID' in /var/www/reports/active_members.php on line 40 PHP Notice: Undefined variable: Voucher_Number in /var/www/reports/active_members.php on line 63 PHP Notice: Use of undefined constant Affiliation_ID - assumed 'Affiliation_ID' in /var/www/reports/active_members.php on line 40 PHP Notice: Use of undefined constant Affiliation_ID - assumed 'Affiliation_ID' in /var/www/reports/active_members.php on line 40 PHP Notice: Use of undefined constant Affiliation_ID - assumed 'Affiliation_ID' in /var/www/reports/active_members.php on line 40 PHP Notice: Use of undefined constant Affiliation_ID - assumed 'Affiliation_ID' in /var/www/reports/active_members.php on line 40 PHP Notice: Use of undefined constant Affiliation_ID - assumed 'Affiliation_ID' in /var/www/reports/active_members.php on line 40 PHP Notice: Use of undefined constant Affiliation_ID - assumed 'Affiliation_ID' in /var/www/reports/active_members.php on line 40 PHP Warning: fwrite() expects parameter 1 to be resource, boolean given in /var/www/reports/active_members.php on line 75 PHP Warning: fclose() expects parameter 1 to be resource, boolean given in /var/www/reports/active_members.php on line 76 </body> </html> Any assistance would be much appreciated. |
|||||||