php-general Digest 29 May 2010 18:42:25 -0000 Issue 6771
Topics (messages 305631 through 305638):
Re: authentication issue...
305631 by: Floyd Resler
305632 by: Ashley Sheridan
305633 by: Jason Pruim
Re: Convert UTF-8 to PHP defines
305634 by: tedd
Re: File Downloads
305635 by: tedd
Re: Select Values Didn't Get Passed in From Two Different Forms
305636 by: tedd
305637 by: Alice Wei
MVC logic
305638 by: Tanel Tammik
Administrivia:
To subscribe to the digest, e-mail:
php-general-digest-subscr...@lists.php.net
To unsubscribe from the digest, e-mail:
php-general-digest-unsubscr...@lists.php.net
To post to the list, e-mail:
php-gene...@lists.php.net
----------------------------------------------------------------------
--- Begin Message ---
On May 28, 2010, at 9:43 PM, Jason Pruim wrote:
Hey Everyone,
So I'm sitting here on a friday night trying to figure out how in
the world I'm going to fix an issue that should probably be simple
to me but is escaping me at the moment....
Take this authentication function:
<?PHP
function authentication($authUser, $authPass, $cfgtableAuth){
// Keep in mind, PASSWORD has meaning in MySQL
// Do your string sanitizing here
// (e.g. - $user = mysql_real_escape_string($_POST['user']);)
$authUser = mysql_real_escape_string($_POST['txtUser']);
$authPass = mysql_real_escape_string($_POST['txtPass']);
$md5pass = md5($authPass);
$loginQuery = "SELECT * FROM {$cfgtableAuth} WHERE
userLogin='".$authUser."' AND userPass='".$md5pass."' LIMIT 0,1;";
$loginResult = mysql_query($loginQuery) or die("Wrong
data supplied or database error" .mysql_error());
$row1 = mysql_fetch_assoc($loginResult);
if($row1['access'] == "5000000"){
foreach (array_keys($_SESSION) as $key)
unset($_SESSION[$key]);
die('account disabled');
}
if(is_array($row1)){
$_SESSION['userInfo'] = array( "userLogin" =>
$row1['userName'], "loggedin" => TRUE, "userName" =>
$row1['userName'], "userPermission" => $row1['userPermission']);
error_log("User has logged in: ".
$row1['userLogin']);
}else{
//$_SESSION['userInfo'] =array("loggedin" => FALSE);
die('authentication failed');
}
return TRUE;
}
?>
Here is how I am displaying the login form:
<?PHP
session_start();
$link = dbconnect($server, $username, $password, $database);
$page = $_GET['page'];
echo <<<CSS
<body>
<div class="contentwrapper">
CSS;
include("nav.php");
if ($_SESSION['userInfo']['loggedin'] == TRUE) {
MAIN PAGE DISPLAY HERE
}else{
//Display login info
echo <<<FORM
<div class="dark">
<form method="post">
<p>
You must login to proceed!<BR />
User Name: <input type="text" size="20" name="txtUser"><BR
/>
Password: <input type="password" size="20"
name="txtPass"><BR />
<input type="submit" value="Login"><BR />
</p>
</form>
</div>
FORM;
if(isset($_POST['txtUser'])) {
$authUser = $_POST['txtUser'];
$authPass = $_POST['txtPass'];
$auth = authentication($authUser, $authPass, $cfgtableAuth);
}
}
?>
Now... the authentication actually works, and it logs me in
properly, but I have to click the login button twice.... Ideally I
should just do it once, so I'm wondering if anyone can spot my
grievous misstep here?
Thanks in advance for the help and pointers I am bound to receive
from this list! :)
Your problem kind of made me laugh. Not because you're having this
problem but because the problem you're having that you want to correct
is something a co-worker of mine did by design. She writes in FoxPro
and on her login page you actually have to click the login button
twice in order to log in! She did it that way because she has a
profile button on the login page. Still, clicking on a login button
twice is annoying! :)
Take care,
Floyd
--- End Message ---
--- Begin Message ---
On Sat, 2010-05-29 at 07:40 -0400, Floyd Resler wrote:
> On May 28, 2010, at 9:43 PM, Jason Pruim wrote:
>
> > Hey Everyone,
> >
> > So I'm sitting here on a friday night trying to figure out how in
> > the world I'm going to fix an issue that should probably be simple
> > to me but is escaping me at the moment....
> >
> > Take this authentication function:
> >
> > <?PHP
> >
> > function authentication($authUser, $authPass, $cfgtableAuth){
> >
> > // Keep in mind, PASSWORD has meaning in MySQL
> > // Do your string sanitizing here
> > // (e.g. - $user = mysql_real_escape_string($_POST['user']);)
> > $authUser = mysql_real_escape_string($_POST['txtUser']);
> > $authPass = mysql_real_escape_string($_POST['txtPass']);
> > $md5pass = md5($authPass);
> >
> > $loginQuery = "SELECT * FROM {$cfgtableAuth} WHERE
> > userLogin='".$authUser."' AND userPass='".$md5pass."' LIMIT 0,1;";
> >
> > $loginResult = mysql_query($loginQuery) or die("Wrong
> > data supplied or database error" .mysql_error());
> > $row1 = mysql_fetch_assoc($loginResult);
> > if($row1['access'] == "5000000"){
> > foreach (array_keys($_SESSION) as $key)
> > unset($_SESSION[$key]);
> >
> > die('account disabled');
> > }
> >
> > if(is_array($row1)){
> >
> > $_SESSION['userInfo'] = array( "userLogin" =>
> > $row1['userName'], "loggedin" => TRUE, "userName" =>
> > $row1['userName'], "userPermission" => $row1['userPermission']);
> >
> > error_log("User has logged in: ".
> > $row1['userLogin']);
> >
> > }else{
> > //$_SESSION['userInfo'] =array("loggedin" => FALSE);
> > die('authentication failed');
> >
> > }
> > return TRUE;
> >
> > }
> >
> > ?>
> >
> > Here is how I am displaying the login form:
> >
> > <?PHP
> > session_start();
> >
> > $link = dbconnect($server, $username, $password, $database);
> >
> > $page = $_GET['page'];
> >
> > echo <<<CSS
> > <body>
> > <div class="contentwrapper">
> >
> > CSS;
> > include("nav.php");
> >
> > if ($_SESSION['userInfo']['loggedin'] == TRUE) {
> >
> > MAIN PAGE DISPLAY HERE
> >
> > }else{
> >
> > //Display login info
> > echo <<<FORM
> > <div class="dark">
> > <form method="post">
> > <p>
> > You must login to proceed!<BR />
> > User Name: <input type="text" size="20"
> > name="txtUser"><BR />
> > Password: <input type="password" size="20"
> > name="txtPass"><BR />
> > <input type="submit" value="Login"><BR />
> > </p>
> > </form>
> > </div>
> > FORM;
> >
> > if(isset($_POST['txtUser'])) {
> > $authUser = $_POST['txtUser'];
> > $authPass = $_POST['txtPass'];
> > $auth = authentication($authUser, $authPass, $cfgtableAuth);
> >
> > }
> >
> > }
> >
> > ?>
> >
> > Now... the authentication actually works, and it logs me in
> > properly, but I have to click the login button twice.... Ideally I
> > should just do it once, so I'm wondering if anyone can spot my
> > grievous misstep here?
> >
> > Thanks in advance for the help and pointers I am bound to receive
> > from this list! :)
> >
>
> Your problem kind of made me laugh. Not because you're having this
> problem but because the problem you're having that you want to correct
> is something a co-worker of mine did by design. She writes in FoxPro
> and on her login page you actually have to click the login button
> twice in order to log in! She did it that way because she has a
> profile button on the login page. Still, clicking on a login button
> twice is annoying! :)
>
> Take care,
> Floyd
>
>
The problem I often see in this area is where the login check is
performed in an include file, and then included in every page, including
the login page itself. Takes a little while sometimes to figure out why
it is stuck in an eternal loop!
Thanks,
Ash
http://www.ashleysheridan.co.uk
--- End Message ---
--- Begin Message ---
On May 29, 2010, at 12:02 AM, Nathan Nobbe wrote:
On Fri, May 28, 2010 at 7:43 PM, Jason Pruim <li...@pruimphotography.com
> wrote:
Hey Everyone,
So I'm sitting here on a friday night trying to figure out how in
the world I'm going to fix an issue that should probably be simple
to me but is escaping me at the moment....
Take this authentication function:
<?PHP
function authentication($authUser, $authPass, $cfgtableAuth){
// Keep in mind, PASSWORD has meaning in MySQL
// Do your string sanitizing here
// (e.g. - $user = mysql_real_escape_string($_POST['user']);)
$authUser = mysql_real_escape_string($_POST['txtUser']);
$authPass = mysql_real_escape_string($_POST['txtPass']);
$md5pass = md5($authPass);
$loginQuery = "SELECT * FROM {$cfgtableAuth} WHERE
userLogin='".$authUser."' AND userPass='".$md5pass."' LIMIT 0,1;";
$loginResult = mysql_query($loginQuery) or die("Wrong
data supplied or database error" .mysql_error());
$row1 = mysql_fetch_assoc($loginResult);
if($row1['access'] == "5000000"){
foreach (array_keys($_SESSION) as $key)
unset($_SESSION[$key]);
die('account disabled');
}
if(is_array($row1)){
$_SESSION['userInfo'] = array( "userLogin" =>
$row1['userName'], "loggedin" => TRUE, "userName" =>
$row1['userName'], "userPermission" => $row1['userPermission']);
error_log("User has logged in: ".
$row1['userLogin']);
}else{
//$_SESSION['userInfo'] =array("loggedin" =>
FALSE);
die('authentication failed');
}
return TRUE;
}
?>
Here is how I am displaying the login form:
<?PHP
session_start();
$link = dbconnect($server, $username, $password, $database);
$page = $_GET['page'];
echo <<<CSS
<body>
<div class="contentwrapper">
CSS;
include("nav.php");
if ($_SESSION['userInfo']['loggedin'] == TRUE) {
MAIN PAGE DISPLAY HERE
}else{
//Display login info
echo <<<FORM
<div class="dark">
<form method="post">
<p>
You must login to proceed!<BR />
User Name: <input type="text" size="20"
name="txtUser"><BR />
Password: <input type="password" size="20"
name="txtPass"><BR />
<input type="submit" value="Login"><BR />
</p>
</form>
</div>
FORM;
if(isset($_POST['txtUser'])) {
$authUser = $_POST['txtUser'];
$authPass = $_POST['txtPass'];
$auth = authentication($authUser, $authPass, $cfgtableAuth);
}
}
?>
Now... the authentication actually works, and it logs me in
properly, but I have to click the login button twice.... Ideally I
should just do it once, so I'm wondering if anyone can spot my
grievous misstep here?
it looks to me like you need to move the authentication() call
if(isset($_POST['txtUser'])) {
$authUser = $_POST['txtUser'];
$authPass = $_POST['txtPass'];
$auth = authentication($authUser, $authPass, $cfgtableAuth);
}
above the check to see if the user has logged in, right after the
include("nav.php");
line. right now, when the user submits the form, your code is first
finding that the user isnt logged in, spitting out the 'please log
in' portion of the html then logging them in, so youre actually
already logged in when the form shows itself the second time!
Hey nathan,
You were close actually... :) If I moved just the $auth call it came
up and said that the auth failed... BUT if I moved that entire if
block to just below the include("nav.php"); line it works as it should!
Thanks for the pointer in the right direction! :)
--- End Message ---
--- Begin Message ---
At 7:15 AM +0200 5/29/10, Nisse =?utf-8?Q?Engstr=C3=B6m?= wrote:
No. There are no glyphs in Unicode. This is spelled out for
you in chapter 2, figure 2-2. "Characters versus Glyphs".
*blink* *blink* *blink*
I read it, but that's not addressing the issue here -- that's
something different.
You are not understanding the difference between characters, fonts,
glyphs, and code points.
Here are some definitions taken directly from a Unicode Standard that
might help:
-- quote
Character. The smallest component of written language that has
semantic-value; refers to the abstract meaning and/or shape, rather
than a specific shape (see also glyph), though in code tables some
form of visual representation is essential for members understanding.
Font. A collection of glyphs used for the visual depiction of
character data. A font is often associated with a set of parameters
(for example, size posture, weight, and serifness), which, when set
to particular values, generates a collection of imaginable glyphs.
Glyph. (1) An abstract for that represents one or more glyph images.
(2) A synonym for "glyph image". In displaying Unicode character
data, one or more glyphs may be selected to depict a particular
character. These glyphs are selected by a rendering engine during
composition and layout processing.
-- unquote
As such, you cannot claim "There are no glyphs in Unicode" for that is silly.
Code points are simply unique numbers assigned to specific characters
in an approved char set. To better understand which character is
represented a representative Glyph is used -- what else would we use,
a chicken?
I may have been liberal in my use of the term "Glyph" in previous
brief email, but "Glyph" in Unicode has a special meaning. The Glyph
'A' is 'A' regardless of if it is Helvetical or Times, bold or
italic, 12pt or 24pt glyph. Likewise the Yin-Yang symbol is a Glyph
that has a single code point regardless of if it is red and black or
green and blue glyph. But the point is -- there is a unique code
point (041 HEX) for the Latin 'A' Glyph and one unique code point
(262F HEX) for the Miscellaneous Symbols Yin-Yang Glyph -- WITH -- a
representative Glyph in the Unicode table defining each code point!
So, when I say that just about every Glyph in the world has been
provided a code point I am basically and technically correct --
excepting of course those glyphs that are not considered appropriate
for inclusion or are variation glyphs of the representative Glyph
that is already included -- understand?
After all is said and done, what is Unicode all about? It is
assigning a universal and unique code point system to Glyphs that are
considered to be appropriate representative members of abstract
written forms of communication. But of course those are Glyphs for
what else could they be?
Cheers,
tedd
--
-------
http://sperling.com http://ancientstones.com http://earthstones.com
--- End Message ---
--- Begin Message ---
At 4:41 PM -0500 5/28/10, Karl DeSaulniers wrote:
On May 28, 2010, at 4:25 PM, tedd wrote:
At 3:39 PM -0500 5/28/10, Karl DeSaulniers wrote:
Hello,
How can I go about restricting the number of downloads of a file
on my server?
For Eg: if I want a music track to only be able to be downloaded
by 150 people and thats it.. ever,
how can I go about doing this?
Karl:
Just have the download pass through a script that counts, such as found here:
http://sperling.com/freeware.php
When someone click the link, it activates a script that provides
the download and saves a count. It would be trivial to stop the
download at a specific number.
Cheers,
tedd
Hey thanks Tedd.
Quick question. Were you referring me to this link to download one
of their demos or just to show that they count their downloads?
EG: Binary-Tree v1.1 Downloads: 2806
Karl:
What I was showing you was a working example of what you want.
The link simply calls a script that: 1) provides the download for the
user; 2) writes a count to a file.
You also said:
The users will have gone through a registration and login to get to
the downloads.
The files will be served from MySQL and output to HTML of Flash.
This is for a small project of limited edition audio or pictures or
scripts, etc.
Hens, "I'd like" to limit each user in the allotted 150 to be able
to download (whatever it is) only once.
But up to 150 users can get in on it kind of thing.
That's simply a two step problem. 1) filter the people who can access
the link (only approved members); 2) then have the protected link be
tied to a script that monitors the download count for that member.
It should be easy enough to create a table for each member having
their logon id, password, and download count for whatever item you
want to restrict download.
Cheers,
tedd
--
-------
http://sperling.com http://ancientstones.com http://earthstones.com
--- End Message ---
--- Begin Message ---
At 7:31 PM -0400 5/28/10, Alice Wei wrote:
Anything I want?
Seriously, I do know how to pass a "non-dynamic" element from one
page to another page, but when I started researching on how to
utilize dynamic menus based on user input, I found Ajax, until this
problem that I am running into hits me.
Is there some way that I could generate dynamic select menus without
using Ajax? Or, is that asking too much?
Thanks for your help.
Alice
Alice:
No offense, but considering what you posted when you started this
exchange, it did not appear that you knew how to use forms. But on
the other hand, I don't know what "non-dynamic" elements are.
Now on to your problem -- you want to "generate dynamic select menu"
-- I'm not sure what those are either. I think you need to start
using the terminology used in html, controls, and such. You can't
just throw terms together hoping that the person at the other end
knows what you're talking about.
In any event, here's something for you to consider:
http://www.webbytedd.com/a/ajax-controls/
It shows how to use javascript to detect user's actions in input
elements (i.e., text, radio, checkboxes, etc.) and select elements.
From those routines, you should be able to construct whatever
"dynamic select menus" you want. All the code is there -- just review
it.
It would be a trivial matter to add a Submit button to the form to
pass these values to the server via traditional means and thus the
Submit was omitted to show how Ajax Controls work.
However, it is important to note that the example provided above is
not unobtrusive -- it is an early example of how all of this was
done. There are more appropriate ways to accomplish this, but they
require more abstraction, which would probably lead to more confusion
on your part -- no offense meant.
I suggest you read "DOM Scripting" and "Advance DOM Scripting" both
published by Friends of ED. They are well worth the cost/effort to
read and would give you a better understanding of the processes
involved.
Cheers,
tedd
--
-------
http://sperling.com http://ancientstones.com http://earthstones.com
--- End Message ---
--- Begin Message ---
> Date: Sat, 29 May 2010 11:50:50 -0400
> To: php-gene...@lists.php.net; aj...@alumni.iu.edu
> From: tedd.sperl...@gmail.com
> Subject: RE: [PHP] Select Values Didn't Get Passed in From Two Different
> Forms
>
> At 7:31 PM -0400 5/28/10, Alice Wei wrote:
> >
> >Anything I want?
> >
> >Seriously, I do know how to pass a "non-dynamic" element from one
> >page to another page, but when I started researching on how to
> >utilize dynamic menus based on user input, I found Ajax, until this
> >problem that I am running into hits me.
> >
> >Is there some way that I could generate dynamic select menus without
> >using Ajax? Or, is that asking too much?
> >
> >Thanks for your help.
> >
> >Alice
>
> Alice:
>
> No offense, but considering what you posted when you started this
> exchange, it did not appear that you knew how to use forms. But on
> the other hand, I don't know what "non-dynamic" elements are.
>
> Now on to your problem -- you want to "generate dynamic select menu"
> -- I'm not sure what those are either. I think you need to start
> using the terminology used in html, controls, and such. You can't
> just throw terms together hoping that the person at the other end
> knows what you're talking about.
>
> In any event, here's something for you to consider:
>
> http://www.webbytedd.com/a/ajax-controls/
>
> It shows how to use javascript to detect user's actions in input
> elements (i.e., text, radio, checkboxes, etc.) and select elements.
> From those routines, you should be able to construct whatever
> "dynamic select menus" you want. All the code is there -- just review
> it.
>
> It would be a trivial matter to add a Submit button to the form to
> pass these values to the server via traditional means and thus the
> Submit was omitted to show how Ajax Controls work.
>
> However, it is important to note that the example provided above is
> not unobtrusive -- it is an early example of how all of this was
> done. There are more appropriate ways to accomplish this, but they
> require more abstraction, which would probably lead to more confusion
> on your part -- no offense meant.
>
> I suggest you read "DOM Scripting" and "Advance DOM Scripting" both
> published by Friends of ED. They are well worth the cost/effort to
> read and would give you a better understanding of the processes
> involved.
>
> Cheers,
>
> tedd
>
At the time of writing this, I got all the functionality I wanted, only that it
takes 3 submits, which is 4 pages in total, which includes two dependent select
menus based on user input by clicking on the radio button and some other static
drop downs and text inputs.
I am not sure if it is possible to cut it down two only two submits, I just
went online and found this,
http://www.w3schools.com/dhtml/tryit.asp?filename=trydhtml_event_onchange. If I
could change this function to using the radio button, and process the other
searching for the dependent drop downs using case statements with PHP , do you
think this is a good idea?
Anyway, I found this method is kind of ugly for the time being, but less
daunting with what I was doing before. Thanks.
Alice
> -------
> http://sperling.com http://ancientstones.com http://earthstones.com
_________________________________________________________________
The New Busy think 9 to 5 is a cute idea. Combine multiple calendars with
Hotmail.
http://www.windowslive.com/campaign/thenewbusy?tile=multicalendar&ocid=PID28326::T:WLMTAGL:ON:WL:en-US:WM_HMP:042010_5
--- End Message ---
--- Begin Message ---
Hello,
i'm trying to break this thing down for my self. i made little application
for that. could someone please take a look and let me know if what i wrote
resembles MVC inviroment or not.
http://keevitaja.com/kool
http://keevitaja.com/kool/kool.rar
Idea is to create it from scratch for educational purpose!
Br
Tanel
--- End Message ---