php-general Digest 5 Aug 2011 19:09:09 -0000 Issue 7430
php-general Digest 5 Aug 2011 19:09:09 - Issue 7430
Topics (messages 314370 through 314390):
Re: Sending a message
314370 by: Negin Nickparsa
314371 by: wil prim
314372 by: Negin Nickparsa
314373 by: wil prim
314374 by: Negin Nickparsa
314375 by: Negin Nickparsa
314376 by: Negin Nickparsa
314377 by: David Holmes
314378 by: wil prim
314379 by: Negin Nickparsa
314380 by: Negin Nickparsa
314381 by: wil prim
314382 by: Negin Nickparsa
314383 by: Jim Lucas
314384 by: wil prim
314385 by: Negin Nickparsa
Re: saving sessions
314386 by: Florian Müller
314389 by: Jen Rasmussen
Re: testing
314387 by: David Robley
Re: You can play with PHP 5.4.0 alpha3 on Windows, EasyPHP 5.4 alpha3 is out!
314388 by: Sharl.Jimh.Tsin
using pg_query in a function not working
314390 by: Marc Fromm
Administrivia:
To subscribe to the digest, e-mail:
php-general-digest-subscr...@lists.php.net
To unsubscribe from the digest, e-mail:
php-general-digest-unsubscr...@lists.php.net
To post to the list, e-mail:
php-gene...@lists.php.net
--
---BeginMessage---
in previous pages you must have a login page and in login page you must
store the username and then in next steps you have username in
$_SESSION['user']
now if it is not your problem then what is the problem?
---End Message---
---BeginMessage---
Well my problem is when i click submit, the $_SESSION['user'] ('from' part of the table in my db) is blank, so im guessing the $_SESSION variable didnt pass through. On Aug 04, 2011, at 10:11 PM, Negin Nickparsa nickpa...@gmail.com wrote:in previous pages you must have a login page and in login page you must
store the username and then in next steps you have username in
$_SESSION['user']
now if it is not your problem then what is the problem?
---End Message---
---BeginMessage---
you must check setting your session with this one:
if(isset($_SESSION['user']))
{
// Identifying the user
$user = $_SESSION['user'];
// Information for the user.
}
tell me what you have done in login page?
---End Message---
---BeginMessage---
This is the login.php which checks the form on the login page.?phpsession_start();include('connect.php');$user=$_POST['user'];$pass=$_POST['pass'];$sql="SELECT * FROM members WHERE username='$_POST[user]' and password='$_POST[pass]'";$result=mysql_query($sql, $con);$count=mysql_num_rows($result);if ($count==1){ session_start(); $_SESSION['user'] = $user;}else{ echo 'Wrong Username or Password'; }?On Aug 04, 2011, at 10:23 PM, Negin Nickparsa nickpa...@gmail.com wrote:you must check setting your session with this one:
if(isset($_SESSION['user']))
{
// Identifying the user
$user = $_SESSION['user'];
// Information for the user.
}
tell me what you have done in login page?
---End Message---
---BeginMessage---
did you set the form method='post'
?
---End Message---
---BeginMessage---
in this line password='$_POST[pass]';
you have error change it to password='$_POST['pass']';
---End Message---
---BeginMessage---
well,sorry change it to password=$pass (better)
also check your errors by php yourpage.php
it is more better to not stock in errors like this one
---End Message---
---BeginMessage---
Your code is full of security errors .. You should use mysql escape
string(google it ) to protect your database from beiÿng hacked
David Holmes
twitter @mrstanfan
owner of the exclusive StanFan.com
Whats Your StanFan?
-Original Message-
From: wil prim wilp...@me.com
Date: Sat, 06 Aug 2011 04:49:32
To: PHP MAILINGLISTphp-gene...@lists.php.net; Philly
Holbrookpholbro...@gmail.com
Subject: [PHP] Sending a message
Ok so I have tried to create a sort of messaging system on my website and I
have run into some problems storing who the message is from, ill try to take
you through step by step what I am trying to do.
step #1 (messages.php): --This is where the member will view the recent
messages that have been posted
div id='messages'
?php
include 'connect.php';
session_start();
$_SESSION['user']=$user;
//store sql queries
$sql=SELECT * FROM entries;
$result=mysql_query($sql, $con);
$count=mysql_num_rows($result);
if ($count1){
echo 'There are no messages yet!';
}
while ($row=mysql_fetch_array($result)){
echo 'From: ' .$row['from'];
echo 'br/';
echo 'Subject: ' .$row['subject'];
echo 'br/';
echo 'Message: ' .$row['body'];
echo 'hr/';
}
?
/div
Step #2 (create_message.php):-- This is where the user creates a new
Re: [PHP] Sending a message
well,what is the problem with these manuals :) ? google these ones: security exploits that are SQL injection, Cross Site Scripting(xss) and Cross Site Request Forgery many security issues you can find also for your code problems try this site: stackoverflow.com previous times when I had these problems people in this list was too angry about me:D by posting emails about array like $_POST LOL! one of those angry people told me this site I am thankful to him:) I am happy on this Site be a member in there;) they will answer your code issues in just a second:)
RE: [PHP] saving sessions
But please do not use cookies to store a password as code! Cookies are human
readable with some add-ons
Check like this:
if someone registers, insert it into a table:
?php
$username = mysql_real_escape_string($_POST[username]);
$password = md5($_POST[password]);
mysql_query(INSERT INTO USER VALUES(' . $username . ',' . $password . '));
header('location: register_success.php');
?
Then, if someone wants to log in, use like this:
?php
$username = mysql_real_escape_string($_POST[username]);
$password = md5($_POST[password]);
$sel = SELECT * FROM USER WHERE USERNAME = ' . $username . ' AND PASSWORD =
' . $password . ';
$unf = mysql_query($sel);
$count = mysql_num_rows($unf);
if ($count == 1) {
header('location: login_success.php');
}
else {
echo Login not successful!;
}
?
If you want to store something into cookies, use a name which is not good
understandable, like a shortcut for a logical sentense:
Titcftmws (This is the cookie for the main webSite) or something ^^
In there, you can save username and password, but PLEASE save the password at
least md5()-encryptet, so not everyone can save it.
Now you can check like this:
?php
if ($_COOKIE['Titcftmws'] == mysql_real_escape_string($_POST[username]) . |
. md5($_POST[password])) {
//in the cookie is for the user with username 'jack' and password 'test'
this value: jack|098f6bcd4621d373cade4e832627b4f6
echo you are logged in;
}
else {
echo not logged in!;
}
?
This is as far as I know a quite high level of security, in comparisions with
other ways.
Regs, Flo
From: midhungir...@gmail.com
Date: Fri, 5 Aug 2011 08:20:11 +0530
To: wilp...@me.com
CC: php-general@lists.php.net
Subject: Re: [PHP] saving sessions
On Sat, Aug 6, 2011 at 7:56 AM, wil prim wilp...@me.com wrote:
Hello, im new to the whole storing sessions thing and I really dont know
how to ask this question, but here it goes. So on my site when someone logs
in the login.php file checks for a the username and password in the table i
created, then if it finds a match it will store a $_SESSION [] variable. To
be exact the code is as follows:
if ($count=='1')
{
session_start();
$_SESSION['user']=$user; // $user is the $_POST['user'] from the login
form
header('location: login_success.php');
}
Now what i would like to know is how do i make my website save new changes
the user made while in their account?
thanks!
You will have to store the user account related data in the database for
persistence Or if the site not having a 'user account system' you may
use cookies to store the settings...
Midhun Girish
Re: [PHP] Re: testing
Daniel Brown wrote: On Thu, Aug 4, 2011 at 10:39, Jim Giner jim.gi...@albanyhandball.com wrote: Mailing list, newsgroup, either one - something's changed in the last week or so to interrupt the smooth (or semi-smooth) functioning of it. The only messages I'm seeing currently are the ones in this single topic. Why is that??? Actually, we haven't changed anything at all. It's always been temperamental, but it's always just been a small additional offering. As Ash said, this is a mailing list, not a newsgroup. The fact that we offer a newsgroup interface at all is by all means eligible for discontinuation, since only about six people use it in any given year. /me wonders who the other five are :-) Cheers -- David Robley I've mixed up my gloves, Tom said intermittently. Today is Boomtime, the 71st day of Confusion in the YOLD 3177. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] You can play with PHP 5.4.0 alpha3 on Windows, EasyPHP 5.4 alpha3 is out!
在 2011-08-05五的 11:35 +0800,EasyPHP写道: Hi PHP 5.4 alpha 3 is now included in a the Wamp package EasyPHP 5.4 alpha3. Enjoy! Website : www.easyphp.org Screenshots : www.easyphp.org/screenshots.php Facebook page : www.facebook.com/easywamp Twitter : www.twitter.com/easyphp Woo,so quickly.i am using PHP alpha 1 on my CentOS server by compiling from source tarball. -- Best regards, Sharl.Jimh.Tsin (From China **Obviously Taiwan INCLUDED**) Using Gmail? Please read this important notice: http://www.fsf.org/campaigns/jstrap/gmail?10073. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
FW: [PHP] saving sessions
In addition to the info below, I would caution you to do some research on
password hashing.
MD5 and SHA-1 are both known to be compromised because they are too fast.
OWASP (Open Web Application Security Project) is a great resource for
security research.
There are many hashes available, if you have PHP 5.3+ look into bCrypt
(built into PHP 5.3+ as CRYPT).
The CRYPT_BLOWFISH option is the best choice.
A good article is here:
http://yorickpeterse.com/articles/use-bcrypt-fool/
Otherwise, use this code to see a list of your available algorithms. You
also want to make sure
to research salting and stretching of your hash if you are unable to use
bCrypt.
?php print_r(hash_algos()); ?
You might also want to look into PHPASS if you have a version of PHP
previous to 5.3.
Although it will default to using MD5 for older versions, the salting and
stretching of the hash are what make it more
secure, not the algorithm itself (seems to be a bit of controversy on this
point).
* Note that if you use PHPASS, once you do upgrade to 5.3+, it will default
to the CRYPT_BLOWFISH option.
Cheers!
Jen
-Original Message-
From: Florian Müller [mailto:florip...@hotmail.com]
Sent: Friday, August 05, 2011 1:35 AM
To: midhungir...@gmail.com; php-general@lists.php.net
Subject: RE: [PHP] saving sessions
But please do not use cookies to store a password as code! Cookies are human
readable with some add-ons
Check like this:
if someone registers, insert it into a table:
?php
$username = mysql_real_escape_string($_POST[username]);
$password = md5($_POST[password]);
mysql_query(INSERT INTO USER VALUES(' . $username . ',' . $password .
'));
header('location: register_success.php');
?
Then, if someone wants to log in, use like this:
?php
$username = mysql_real_escape_string($_POST[username]);
$password = md5($_POST[password]);
$sel = SELECT * FROM USER WHERE USERNAME = ' . $username . ' AND PASSWORD
= ' . $password . ';
$unf = mysql_query($sel);
$count = mysql_num_rows($unf);
if ($count == 1) {
header('location: login_success.php');
}
else {
echo Login not successful!;
}
?
If you want to store something into cookies, use a name which is not good
understandable, like a shortcut for a logical sentense:
Titcftmws (This is the cookie for the main webSite) or something ^^
In there, you can save username and password, but PLEASE save the password
at least md5()-encryptet, so not everyone can save it.
Now you can check like this:
?php
if ($_COOKIE['Titcftmws'] == mysql_real_escape_string($_POST[username]) .
| . md5($_POST[password])) {
//in the cookie is for the user with username 'jack' and password 'test'
this value: jack|098f6bcd4621d373cade4e832627b4f6
echo you are logged in;
}
else {
echo not logged in!;
}
?
This is as far as I know a quite high level of security, in comparisions
with other ways.
Regs, Flo
From: midhungir...@gmail.com
Date: Fri, 5 Aug 2011 08:20:11 +0530
To: wilp...@me.com
CC: php-general@lists.php.net
Subject: Re: [PHP] saving sessions
On Sat, Aug 6, 2011 at 7:56 AM, wil prim wilp...@me.com wrote:
Hello, im new to the whole storing sessions thing and I really dont know
how to ask this question, but here it goes. So on my site when someone
logs
in the login.php file checks for a the username and password in the
table i
created, then if it finds a match it will store a $_SESSION [] variable.
To
be exact the code is as follows:
if ($count=='1')
{
session_start();
$_SESSION['user']=$user; // $user is the $_POST['user'] from the login
form
header('location: login_success.php');
}
Now what i would like to know is how do i make my website save new
changes
the user made while in their account?
thanks!
You will have to store the user account related data in the database for
persistence Or if the site not having a 'user account system' you may
use cookies to store the settings...
Midhun Girish
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] using pg_query in a function not working
I have to sql statements in functions to use in my code. Even though the echo
statements show the sql is valid the sql does not seem to execute and I get the
error, PHP Warning: pg_fetch_object() expects parameter 1 to be resource,
boolean given in . . . line 154 . . .
Line 154: while($val = pg_fetch_object($student))
##
Function Calls:
$insert = recordSentList($empid, $list, printed); // No record gets inserted
into the table
$student = getStudent($list);
while($val = pg_fetch_object($student)) //No records get listed
{
##
Functions:
function recordSentList($empid, $list, $method){
$today = date(m/d/Y, strtotime(now));
$sql = INSERT INTO lists_sent (
lists_sent_employers_id,
lists_sent_type,
lists_sent_date,
lists_sent_method)
VALUES (
'$empid',
'$list',
'$today',
'$method');
echo $sqlbr /; // slq statement looks accurate
$result = pg_query($conn,$sql);
echo Insert Errors: . pg_errormessage($conn) . br /;
//No errors are reported
return $result;
}
function getStudent($list){
$removaldate = date(m/d/Y,mktime(0, 0, 0, date(m)-3,
date(d)-7, date(Y)));
$sql = SELECT * FROM students WHERE ;
if($list == child_care_list){
$sql .= child_care_list ' . $removaldate .
' ;
$sql .= AND child_care_list IS NOT NULL ;
$sql .= ORDER BY student_lname ASC,
student_fname ASC;
} elseif ($list == day_labor_list) {
$sql .= day_labor_list ' . $removaldate .
' ;
$sql .= AND day_labor_list IS NOT NULL ;
$sql .= ORDER BY student_lname ASC,
student_fname ASC;
} else {
$sql .= tutor_list ' . $removaldate . ' ;
$sql .= AND tutor_list IS NOT NULL ;
$sql .= ORDER BY student_lname ASC,
student_fname ASC;
}
echo $sqlbr /; // slq statement looks accurate
$result = pg_query($conn,$sql);
echo Select Errors: . pg_errormessage($conn) . br /;//No
errors are reported
echo Rows: . pg_num_rows($result) . br /;//No number is
displayed
if ((!$result) or (empty($result))){
return false;
}
return $result;
}
Marc Fromm
Information Technology Specialist II
Financial Aid Department
Western Washington University
Phone: 360-650-3351
Fax: 360-788-0251
Re: [PHP] using pg_query in a function not working
On 8/5/2011 12:08 PM, Marc Fromm wrote: I have to sql statements in functions to use in my code. Even though the echo statements show the sql is valid the sql does not seem to execute and I get the error, PHP Warning: pg_fetch_object() expects parameter 1 to be resource, boolean given in . . . line 154 . . . Line 154: while($val = pg_fetch_object($student)) $conn is not in scope Marc Fromm Information Technology Specialist II Financial Aid Department Western Washington University Phone: 360-650-3351 Fax: 360-788-0251 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] using pg_query in a function not working
Thanks! Sometimes I'm blind. -Original Message- From: Jim Lucas [mailto:li...@cmsws.com] Sent: Friday, August 05, 2011 1:01 PM To: Marc Fromm Cc: php-general@lists.php.net Subject: Re: [PHP] using pg_query in a function not working On 8/5/2011 12:08 PM, Marc Fromm wrote: I have to sql statements in functions to use in my code. Even though the echo statements show the sql is valid the sql does not seem to execute and I get the error, PHP Warning: pg_fetch_object() expects parameter 1 to be resource, boolean given in . . . line 154 . . . Line 154: while($val = pg_fetch_object($student)) $conn is not in scope Marc Fromm Information Technology Specialist II Financial Aid Department Western Washington University Phone: 360-650-3351 Fax: 360-788-0251 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] PHP frameworks
Hello, I am new to PHP and wanted to ask a question which I think is related to this discussion thread. What are you referring to when using the term PHP Framework? I downloaded Eclipse-JEE with PHP Development Tools. Would this development environment constitute a PHP Framework? Best, Christopher From: Laruence [larue...@baidu.com] Sent: Sunday, July 24, 2011 11:19 PM To: Floyd Resler Cc: PHP Subject: Re: [PHP] PHP frameworks Hi: if you have high performance need, you can considering Yaf( a PHP framework which is build in PHP extension) http://pecl.php.net/package/Yaf thanks Best regards 惠新宸 Xinchen Hui http://www.laruence.com/ On 2011/7/22 20:38, Floyd Resler wrote: On Jul 22, 2011, at 8:33 AM, Richard Quadling wrote: On 22 July 2011 13:26, Floyd Reslerfres...@adex-intl.com wrote: On Jul 21, 2011, at 11:41 PM, Micky Hulse wrote: On Thu, Jul 21, 2011 at 6:44 PM, Shawn McKenzienos...@mckenzies.net wrote: A la CakePHP. Will automagically build controllers and views for the admin of your tables/models if you wish. Oooh, interesting! I will check out CakePHP! Thanks for tip! :) I actually use my own framework. I needed a very light weight, flexible framework. I designed it from the ground up to be very flexible and to use AJAX and jQuery on the client side. If you'd be interested in check it out, just let me know and I'll give you a link to the source code. Take care, Floyd http://www.brandonsavage.net/why-every-developer-should-write-their-own-framework/ Good article! I knew there was a reason why I never released mine but just offer it up on occasion to someone who might find it useful! :) Take care, Floyd -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php This message is for the designated recipient only and may contain privileged, proprietary, or otherwise private information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the email by you is prohibited. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
