|
PHP - Using System Users For A Given Site
I created a specific Linux user responsible to host a given site, created a postgresql user and database with the same name, and created a pool, and all is good... Almost. How can I make the user a system user (i.e. useradd -r my_user) without a home? Without a home, where should ssh keys go? Anything need to be changed when creating the postgresql user? Thanks Similar TutorialsI need some help with my commenting system. at the moment the code is like this: <div id="pagepannel"> <div id="ptop_small">Comments</div> <div id="pbottom_small"> <p> <?php // if ($allow_comments == "no") { ?> </p> <p>No Posting comments here!!!</p> <p> </p> <p> </p> <p> <?php } else ?> </p> <p> <?php $sql = "SELECT comment_id, blog_id, posted_by, comment, stamp, email, type FROM jscrgaming_newscomments WHERE blog_id='$blog_id' ORDER BY comment_id DESC"; $result = mysql_query($sql) or die('Error : ' . mysql_error()); while(list($comment_id, $blog_id_co, $username, $comment, $stamp, $email, $type) = mysql_fetch_array($result, MYSQL_NUM)) { if ($type == 'user'){ ?> </p> <table width="95%" border="0" cellpadding="0" cellspacing="0" class="full_border"> <tr> <td width="75" id="avatar"></td> <td><span class="capitalize"><a href="userinfo.php?user=<? echo $username ?>"><strong><? echo $username ?></strong></a></span><strong> posted</strong>: <? echo stripslashes($comment) ?></td> </tr> <tr> <td colspan="2" bgcolor="#CAE4FF" class="date"><? echo $stamp ?> </td> </tr> </table> <p> </p> <p> <? } else{ ?> </p> <table width="95%" border="0" cellpadding="0" cellspacing="0" class="full_border"> <tr> <td><strong> <? echo $username ?>posted</strong>: <? echo stripslashes($comment) ?></td> </tr> <tr> <td bgcolor="#CAE4FF" class="smalltext"><? echo $stamp ?>:: User Was Guest</td> </tr> </table> <p> </p> <p> <? } }?> </p> <p> <?php // if ($allow_comments == "restricted") { /** * User has already logged in, so display relavent links, including * a link to the admin center if the user is an administrator. */ if($session->logged_in){?> </p> <form id="form3" name="form3" method="post" action="user/admin/blog/comment_system/user.php"> <p> </p> <table width="95%" border="0" align="center" cellspacing="2" class="full_border"> <tr> <td colspan="2">You are commenting as <?php echo $session->username;?></td> </tr> <tr> <td width="75">Message</td> <td><textarea name="co_comment" cols="30" id="textfield10"></textarea></td> </tr> <tr> <td width="75"><span class="header"> <input name="co_username" type="hidden" id="co_username" value="<?php echo $session->username;?>" /> <input name="co_blog_id" type="hidden" id="co_blog_id" value="<?php echo $blog_id ?>" /> </span></td> <td><label> <input type="submit" class="blog_button" value=" Post " /> </label></td> </tr> <tr> <td> </td> <td class="smalltext">only 200 charaters can be used</td> </tr> </table> </form> <p> </p> <p> <? } else {?> </p> <p> </p> <table width="95%" border="0" align="center" cellspacing="2" class="full_border"> <tr> <td width="75"><span class="capitalize">Name</span></td> <td><label> <input name="textfield5" type="text" disabled="disabled" id="textfield5" size="35" /> </label></td> </tr> <tr> <td width="75">Email</td> <td><input name="textfield5" type="text" disabled="disabled" id="textfield6" size="35" /></td> </tr> <tr> <td width="75">Message</td> <td><textarea name="textfield5" cols="30" disabled="disabled" id="textfield7">You need to be logged in to comment.</textarea></td> </tr> <tr> <td width="75"> </td> <td><label> <input type="button" class="blog_button" value=" Post " /> </label></td> </tr> </table> <p> </p> <p> <?php } } else { if($session->logged_in){?> </p> <form id="form2" name="form2" method="post" action="user/admin/blog/comment_system/user.php"> <p> </p> <table width="95%" border="0" align="center" cellspacing="2" class="full_border"> <tr> <td colspan="2">You are commenting as <?php echo $session->username;?></td> </tr> <tr> <td width="75">Message</td> <td><textarea name="co_comment" cols="30" id="textfield8"></textarea></td> </tr> <tr> <td width="75"><input name="co_username" type="hidden" id="co_username" value="<?php echo $session->username;?>" /> <input name="co_blog_id" type="hidden" id="co_blog_id" value="<?php echo $blog_id ?>" /></td> <td><label> <input type="submit" class="blog_button" value=" Post " /> </label></td> </tr> <tr> <td> </td> <td><span class="smalltext">only 200 charaters can be used</span></td> </tr> </table> </form> <p> </p> <p> <? } else { ?> </p> <form id="form1" name="form1" method="post" action="user/admin/blog/comment_system/guest.php"> <p> </p> <table width="95%" border="0" align="center" cellspacing="2" class="full_border"> <tr> <td width="75"><span class="capitalize">Name</span></td> <td><label> <input name="co_username" type="text" id="co_username" size="35" /> </label></td> </tr> <tr> <td width="75">Email</td> <td><input name="guest_email" type="text" id="guest_email" size="35" /></td> </tr> <tr> <td width="75">Message</td> <td><textarea name="co_comment" cols="30" id="co_comment"></textarea></td> </tr> <tr> <td width="75">Spam</td> <td> </td> </tr> <tr> <td colspan="2" align="center"><? require_once('user/captcha/recaptchalib.php'); $publickey = "6Ld_W7sSAAAAAPNTLWrUJLEClFpSSPu1d1Ry5zNR"; // you got this from the signup page echo recaptcha_get_html($publickey); ?></td> </tr> <tr> <td colspan="2" align="right"><span class="smalltext">only 200 charaters can be used</span> <input name="co_blog_id" type="hidden" id="co_blog_id" value="<?php echo $blog_id ?>" /> <input type="submit" class="blog_button" value=" Post " /></td> </tr> </table> </form> <p> </p> <p> <? } } ?> </p> <p> </p> <div></div> </div> </div> I, know its a bit messy but lets me see it and design it in Dreamweaver Any way, for the comment system for users, I want it to show their avatar as well, which is stored in the users table. How would one do this. I did think of it submitting the avatar along with the post but then it wouldnt update if the user would to change their avatars :\ Any helps??? Hello PHP mates! I am having some doubts and I am going to share them with you so maybe someone can help. Okay, I know how to make signup and login page. And here is the problem. How to make signup page for multiple types of users? For example, type A user has its own signup form, user type B also has its own and same goes for C type of user. How can I make that? Thanks in advance PHP freaks! Hello Guys, I would really appreciate some feedback on this one. Here's the basic simplified code for my bidding system site (querys for when a user sends a new valid bid): Its working fine but if 2 users send a bid at exactly the same precise moment (even same milliseconds), I have 2 problems (described below code, for better understanding) Please picture this code as if its happening 2 times at the same time (from 2 different users) Code: [Select] $time = microtime(true) * 10000; $result = mysql_query("UPDATE `AUCTIONS` SET Current_Price = Current_Price + '$increase_price', Bids = Bids + 1, Bidder = '$bidder', Bidder_Time = '$bidder_time' WHERE PId = '$id'"); //grab the current price to save on bidding history DB if($result) { $resultPrice = mysql_query("SELECT Current_Price FROM AUCTIONS WHERE PId = '$id'"); while($row=mysql_fetch_array($resultPrice)) { $current_price = $row['Current_Price']; } if($resultPrice) { $result = mysql_query("INSERT INTO `BIDDING_HISTORY_DB` (Id, Bidder, Bidder_Time, Raw_Time, Ip, Type, Bid_Amount) VALUES ('$id', '$last_bidder', '$last_bidder_time', '$time', '$client_ip', '$credit_type', '$current_price')"); } } If 2 users bid at exactly the same SAME moment, its possible that on BIDDING_HISTORY_DB... I get the Bid_Amount field with the same value (when it should be always 1 number higher than the previous) ( Bid_Amount is coming from $current_price) $current_price grabs the new updated value from the AUCTIONS DB on the first query (Current_Price = Current_Price + '$increase_price'). So its impossible to have 2 values that are the same (at least I am not expecting that), but I realized that if the query from 2 users are being processed at the same time and the UPDATE AUCTIONS query is processed 2 times and AFTER THAT then the SELECT Current_Price FROM AUCTIONS WHERE PId = '$id' is processed on both bids...that is when the Current_Price is grabbed with the same value for both USERS!! Any ideas on how I can find a solution to this ??? The other problem is that I am knowing which bid was made (by which user) before/after because of the $time variable. But sometimes when 2 bids are made at the SAME precise time with the same milliseconds (yes it happens) ... this is when problems arise (because 1 user could have as Current_Price 10.11 and the other one 10.12 and then on DB the user with 10.12 could be shown as if he made the bid first, any ideas/suggestions on how I can find a solution to this? Hiya! , I'm currently working on a script that will allow me to track the total users on my website, and how many of these user are logged in members, or guests. I need to be able to find out the total users, total logged in, and total guests within the last 15 minutes, and the total users, total logged in, and total guests for today. Ideally, I would like to user only one table for this, and would also like to group together records in the database that have the same users_id and ip_address, as there's not much point in storing this more than once. I currently have a table that contains the following fields. sid - Stores the users session ID. user_id - Stores the user id of a logged in user. 0 is stored if the user is a guest. ip_address - Stores the IP address of the user. last_updated - Stores a timestamp of when the user was last active. I look forward to reading your responses Cheers! This topic has been moved to Miscellaneous. http://www.phpfreaks.com/forums/index.php?topic=346529.0 Hi friends, I need assistance with making russian fonts displayable in the system emails that are being sent to my auction website users. Any reason the russian fonts I have entered below are displayed the way they are. Please also note I am brand new in PHP and simple llingo would be appreciated. Regards, <? ## Email File -> email an auction to a friend ## called only from the $item->auction_friend() function! ## File Version -> v6.10 if ( !defined('INCLUDED') ) { die("Access Denied"); } //$sender_details = $this->get_sql_row("SELECT u.name, u.email FROM " . DB_PREFIX . "users u WHERE u.user_id='" . $user_id . "'"); $send = true; // always sent; ## text message - editable $text_message = 'Dear %1$s, Your friend, %2$s, has forwarded an auction, posted on %3$s for you to look at. To view the details of the auction, please click on the URL below: %4$s Additional comments: %5%s Best regards, The %6$s staff'; ## html message - editable $html_message = 'Дорогой (ая) %1$s, <br> <br> Ваш друг, %2$s, отправил на Ваше рассмотрение Аукцион, выставленный на %3$s. <br> <br> [ <a href="%4$s">Нажмите здесь</a> ] чтобы просмотреть этот Аукцион. <br> <br> Дополнительные комментарии: %5$s <br> <br> С Уважением, <br> %6$s <br> <br> <br> Dorogoy (aya) %1$s, <br> <br> Vash drug, %2$s, otpravil na Vashe rassmotreniye Auktsion, vistavlenniy na %3$s. <br> <br> [ <a href="%4$s">Najmite zdes</a> ] chtobi prosmotret etot Auktsion. <br> <br> Dopolnitelniye kommentarii: %5$s <br> <br> S Uvajeniyem, <br> %6$s'; $auction_link = process_link('auction_details', array('name' => $item_details['name'], 'auction_id' => $item_details['auction_id'])); $text_message = sprintf($text_message, $friend_name, $sender_name, $this->setts['sitename'], $auction_link, $comments, $this->setts['sitename']); $html_message = sprintf($html_message, $friend_name, $sender_name, $this->setts['sitename'], $auction_link, $comments, $this->setts['sitename']); send_mail($friend_email, 'Проверьте этот Аукцион', $text_message, $this->setts['admin_email'], $html_message, $sender_name, $send); ?> Hello
I am trying to work out how many regular users I have to my site and how long those users tend to be users..
So, I have a table that logs every time a user visits my site and logs in, it stores the date / time as a unix timestamp and it logs their user id.
I started by getting the id's of any user who logs in more than 5 times in a specified period, but now I want to extend that...
SELECT userID as user, count(userID) as logins FROM login_history where timestamp > UNIX_TIMESTAMP('2014-06-01 00:00:00') and timestamp < UNIX_TIMESTAMP('2014-07-01 00:00:00') group by user having logins > 5;
I just discovered that I have a major security flaw with my website. Anyone who logs in to the website can easily access other users information as well as delete and edit other users information just by changing the ID variable in the address bar. I have user ID Session started on these pages but still people can do anything they like with other users information just by editing the address bar. For example if your logged in in the address bar of www.mywebsite.com/delete_mystuff.php?id=5 and change the "5" say to a "9" then you will have access to user#9 information. Every important page that I have has this code: Code: [Select] session_start(); if (!isset($_SESSION['user_id'])) { // Start defining the URL. $url = 'http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']); // Check for a trailing slash. if ((substr($url, -1) == '/') OR (substr($url, -1) == '\\') ) { $url = substr ($url, 0, -1); // Chop off the slash. } // Add the page. $url .= '/index.php'; ob_end_clean(); // Delete the buffer. header("Location: $url"); exit(); // Quit the script. } else { //Else If Logged In Run The Script if((isset($_GET['id'])) && (is_numeric($_GET['id']))) { $id = (int) $_GET['id']; } elseif ((isset($_POST['id'])) && (is_numeric($_POST['id']))) { $id = (int) $_POST['id']; } else { echo ' No valid ID found, passed in url or form element'; exit(); } What am I doing wrong? Please help if you know how to correct this. Many thanks in advance. hello dear PHP-Fans - greetings to you - and a happy new year!! i set up a WAMP-System on my openSuse 11.4 system. In order to learn as much as i can bout PHP i want to do some tests and write some scripts. Well the WAMP is allready up and running. Now i try to give the writing access to the folder mkdir /srv/www/ where the php-scripts should go in... i want to give write permission to all to all files in /srv/www As root I generally: mkdir /srv/www/ chown <webmaster usrername> /srv/www/ /srv/www/ should be readable and traversable by all, but only writeable by it's owner (the user designated as the webmaster.) can i do this like mentioned above,... Love to hear from you greetings db1 I have several "sites" located in my html directory, and each has a "general" access point and an "administrator" access point:
/var/www/html/site1/index.php /var/www/html/site1/administrator/index.php /var/www/html/site2/index.php /var/www/html/site2/administrator/index.php /var/www/html/site3/index.php /var/www/html/site3/administrator/index.phpAll sites are similar except that data will be specific to site1, site2, or site3, etc. Users who log onto /var/www/html/siteX/index.php are totally unrelated to those who logon to /var/www/html/siteX/administrator/index.php, will have different logon credentials, are stored in different DB tables, and each should have their own session. If a user logs off of either the general or administrator site, it should not effect the other site even if they were previously logged on to both on the same PC (and of course not effect other sites). When a user logs off, I would like to destroy their previous cookie and associated session. Users for either will only use https. I am using Apache to rewrite https://www.mysite.com/ to https://mysite.com/. While I named the administrator site "administrator" above, the administrator user has the ability to change the directory name. I am thinking I need to use session_set_cookie_params to specify where I wish the session cookie to be stored since /var/www/html/siteX/administrator/index.php is a sub-directory to /var/www/html/siteX/index.php, but am not really sure. Sorry for the cryptic post, but I am not very well versed in this subject. How would you recommend setting up cookies/sessions for this scenario? Thank you now i use this code to show where the visitors came from to my site. <?php $referer=$_SERVER['HTTP_REFERER']; echo $referer; ?> now, i want to show the 5 latest vistors referer's site url on my site ? Hi, My first post here is a cry for help I have a Windows 2003 server running IIS6/PHP5, the server hosts multiple web sites. The problem is include files that are for site A are showing on site B (each site having its own includes as part of the site files in its own site folder), though not every time, its very random, sometimes the correct includes show, sometimes ones from another site on the same server. This only occurs where the include files for both sites have the same name, such as 'inc-header.php' for example. I can only assume PHP is caching includes and because they have the same name is showing the wrong one on other sites sometimes, if I rename them to something unique then the problem goes away, but its not a practical solution to rename all include files to unique names so I find myself looking for a 'real' fix. I have a feeling its to do with the include_path in the php.ini, but right now its disabled with a semi-colon, and I don't want to set one as I have no global includes, all includes are site specific. Any help would be very much appreciated! Phil Not sure if I'm trying to achieve something totally crazy here, or if this is something pretty standard. Didn't have much luck with searching as I'm not fully down with all the terms. (A) I have one site providing an RSS feed. (B) I have one site I want to search, once for each of the items in the feed A. (C) I want the results of the search in (B) to be displayed on page (C). So for example, the feed on (A) says; apples bananas oranges cheese I want site (B) to search for each of those terms (by passing the item in the feed (A) to the ?search= part of the URL of that page) and then show the results from THAT search on page C. Bit of a complex one, let me know if you need me to clarify. Thanks for any help! I'm currently running a classified ads site and planning to display my own content from database combined with and external site rss. So here is what i got right now after the db query for the jobs ads (procedural php),
while ($row = mysqli_fetch_array($results, MYSQLI_ASSOC)){
echo '<div class="media margin-none">
<a class="pull-left bg-inverse innerAll text-center" href="#"><img src="'.$foto.'" share_alt="" width="100" height="100"></a>
<div class="media-body innerAll">
<h4 class="media-heading innerT">
<a href="' . $row['title'] .'-da' . $row['id_ad'] . '" class="text-inverse">'. $remuneracion .' ' . substr(ucfirst(strtolower($row['title'])), 0, 53) . '</a> <small class="pull-right label label-default"><i class="fa fa-fw fa-calendar-o"></i> ' . $row['date_created'] . '</small></h4>
<p>' . substr(ucfirst(strtolower($row['description'])), 0, 80) . ' ...</p>';
echo '</div>
</div>
<div class="col-separator-h"></div>';
}
echo pagination($statement,$per_page,$page, $url_filtros, $filtros);
?>
it is the while loop that i use to display ads from my database, what could be the best way to display (in this same loop?) other site's rss feed so i can show my content combined with the external rss?
Thanks
Transferring data from sub-domain.site.com Reading sub-domain.site.com What is this all about? I'm going to put all .. images into a separate sub-domain eg: images.site.com. This would create a folder inside my public_HTML called "images" Now when sites have that Transferring data, and Reading... is this .. something relating to what I want. Facebook also does it, and they get their images for the site from a sub domain, how is it all done? I'm not sure if its entirely PHP, but I hope someone can help. Thanks Hi I made a new design for my website and I made some changes. I want to use layout for my second site.
I'll like to know if my site is easier to browse through now and if you like the design better?. I test my site on internet explorer, chrome, and firefox. It is best to use site on better browsers like firefox and chrome to get a better experience of site. Thanks.
http://adjade.com
im new , and ... i hate tutorials .. books .. anything that does not make u part of the deal - .. thats why i started by creating something and learning from my mistakes at the same time .. i like this way of learning .. soo , while im building and trying things out .. i started thinking how the server know the person with this link is really U ? .. when u start just linking pages to each other its just a matter of finding out what is the link to do what ever u want with the users personal pages ! .. i know my questions r stupid but i just hate to go and write lessons without any effort im confused with the concept of SESSIONS and COOKIES , r they the unswer to this security problem ? how u can work with them .. ? im not asking for codes .. just general ideas about users and how they control their profiles and stuff with full security ? ill be very thankful if i get any answer ^^ I have used
$sql = "SELECT id, username FROM $tbl_name ORDER BY username";
$result = $con->query($sql);
while ($row = $result->fetch_assoc())
{
echo "<a href='editUser.php?id={$row['id']}'>{$row['username']}</a><br><br>\n";
echo "<style>a {color: blue; text-decoration: none;} a:hover {color: #ff0000} body {background-color: #000;} </style>";
}
in euser.php which echo's out all the users in the database via an anchor tag and includes their id in the url.
but when i click on their name i want to have options like:
- change password
- ban user
e.t.c
and i have tried
$sql = "SELECT id FROM $tbl_name";
$result = $con->query($sql);
while ($row = $result->fetch_assoc()) {
echo "<a href='editUser.php?id={$row['id']}'> Change Password </a>
in my other page editUser.php
it posts Change Password Change Password Change Password and each change password has the 3 ids of the users
this is confusing me.
Hi. my browser ist telling me there are errors on line 3 and 4 for my code. It says summin like Notice: HTTP_CLIENT_IP and HTTP_X_FORWARDED_FOR are unidentified: below is the code see if you can spot anything btw i copied down the code from beginner php tutorial 66 if you type that into youtube . Code: [Select] <?php $http_client_ip = $_SERVER['HTTP_CLIENT_IP']; $http_x_forwarded_for = $_SERVER['HTTP_X_FORWARDED_FOR']; $remote_addr = $_SERVER['REMOTE_ADDR']; if (!empty($http_client_ip)){ $ip_addr = $http_client_ip; }else if(!empty($http_x_forwarded_for)){ $ip_addr = $http_x_forwarded_for; }else{ $ip_addr = $remote_addr; } echo $ip_addr; ?> Thanks MOD EDIT: code tags added. Hi guys, I am trying to get a admin panel, which when the user is logged in, it will check if there user access is(say for this post) 9... If there access is 9 in the database then direct to admin panel if not return them home. Thanks guys |
|||||||