php-general Digest 4 Aug 2011 16:03:02 -0000 Issue 7428
php-general Digest 4 Aug 2011 16:03:02 - Issue 7428 Topics (messages 314330 through 314349): Form Already Filled Out 314330 by: wil prim 314331 by: Thiago H. Pojda 314334 by: James Yerge 314336 by: Bálint Horváth 314349 by: jean-baptiste verrey Re: Best editor? 314332 by: Florian Müller 314333 by: Florian Müller 314339 by: Donovan Brooke Re: How do I enable $_SERVER['HTTP_X_WAP_PROFILE'] or $_SERVER['HTTP_PROFILE'] 314335 by: Stuart Dallas When is gettimeofday() or microtime() unavailable? 314337 by: Ivo F.A.C. Fokkema NuSOAP 314338 by: Kanishka Re: Studying mcrypt 314340 by: Donovan Brooke 314346 by: Alex Nikitin Re: testing 314341 by: Jim Giner 314342 by: Jim Giner 314343 by: Daniel Brown 314344 by: Jim Giner 314345 by: Daniel Brown 314347 by: Tim Streater 314348 by: Jim Giner Administrivia: To subscribe to the digest, e-mail: php-general-digest-subscr...@lists.php.net To unsubscribe from the digest, e-mail: php-general-digest-unsubscr...@lists.php.net To post to the list, e-mail: php-gene...@lists.php.net -- ---BeginMessage--- Hello, S i created a simple login system, and I am using sessions Everything seems to work fine, however; when I upload my files to my server and type my domain name my index.php page comes up and the form is automatically filled out with a username and password. How do i make it empty when I initially enter the site, and yes I did create a logout.php file that destroys a session. Please help, it is hard to explain this when I cant show it in person. Thanks in advance!Here is the login.php code, i didn't md5() the password yet: ?phpif ($_SESSION['user']){ header("Location: error.php"); exit();}include('connect.php');if ($_POST['login']){ $user=$_POST['user'];$pass=$_POST['pass'];$sql="SELECT * FROM members WHERE username='$_POST[user]' and password='$_POST[pass]'";$result=mysql_query($sql, $con);$count=mysql_num_rows($result);if ($count==1){ $_SESSION['user'] = $user; header('location: home.php');}else echo "p style='color:red'Wrong Username or Password/p";}?html head title/title link href="" rel="stylesheet" type="text/css" / /head body div id="main" div id="menu" ul li a href=""Home/a /li li a href=""Topix/a /li li a href=""Mission/a /li /ul /div div id='content' form method='post' action='' Username: br/ input type='text' name='user' maxlength='30'/br/ Password: br/ input type="password" name='pass' maxlength='30'/br/ input type="submit" value="Log In!" name="login"/ /form a href="" Register? /a /div /body/html---End Message--- ---BeginMessage--- Hmmm looks like you saved the password and your browser or OS may be filling it for you. Em 04/08/2011 01:42, wil prim wilp...@me.com escreveu: Hello, S i created a simple login system, and I am using sessions. Everything seems to work fine, however; when I upload my files to my server and type my domain name my index.php page comes up and the form is automatically filled out with a username and password. How do i make it empty when I initially enter the site, and yes I did create a logout.php file that destroys a session. Please help, it is hard to explain this when I cant show it in person. Thanks in advance! Here is the login.php code, i didn't md5() the password yet: ?php if ($_SESSION['user']) { header(Location: error.php); exit(); } include('connect.php'); if ($_POST['login']){ $user=$_POST['user']; $pass=$_POST['pass']; $sql=SELECT * FROM members WHERE username='$_POST[user]' and password='$_POST[pass]'; $result=mysql_query($sql, $con); $count=mysql_num_rows($result); if ($count==1){ $_SESSION['user'] = $user; header('location: home.php'); } else echo p style='color:red'Wrong Username or Password/p; } ? html head title/title link href=style.css rel=stylesheet type=text/css / /head body div id=main div id=menu ul li a href=#Home/a /li li a href=#Topix/a /li li a href=#Mission/a /li /ul /div div id='content' form method='post' action='index.php' Username: br/ input type='text' name='user' maxlength='30'/br/ Password: br/ input type=password name='pass' maxlength='30'/br/ input type=submit value=Log In! name=login/ /form a href=register.html Register? /a /div /body /html ---End Message--- ---BeginMessage--- On 08/05/2011 12:43 AM, wil prim wrote: Hello, S i created a simple login system, and I am using sessions Everything seems to work fine, however; when I upload my files to my server and type my domain name my index.php page comes up and the form is automatically filled out with a username and password. How do i make it empty when I initially enter the site, and yes I did create a logout.php file that destroys a session. Please help, it is hard to explain this when I
RE: [PHP] Best editor?
I don't think UltraEdit is a good editor, because it has some really great troubles with simple syntax highlighting... Well, my version can't even highlight a string on two rows ¬.¬ Date: Wed, 3 Aug 2011 17:04:01 +0200 From: hbal...@gmail.com To: php-general@lists.php.net Subject: Re: [PHP] Best editor? Hi, On Windows I used UltraEdit. On Linux Kate is simple and comfortable app. Actually I prefer NetBeans too. Eclipse could be faster but I think less comfortable... *Valentine* On Wed, Aug 3, 2011 at 4:45 PM, Matt Giddings mcgid...@gmail.com wrote: Notepad!!! LOL.. I use netbeans but eclipse is nice. A lot of it is personal opinion. On Wed, Aug 3, 2011 at 9:46 AM, Florian Müller florip...@hotmail.com wrote: Maybe an adittional information: PSPad is completely freeware and portable. You can download it right here: http://pspad.en.softonic.com/ This would be the best idea if you can't run a local server, because if there is an editor with this functionality built in, he'd have to bring a little local server with it, and I really don't know an editor which is able to do that without an external software. Regards and much fun ;) Flo From: florip...@hotmail.com To: msa...@gmail.com; sstap...@mnsi.net CC: php-general@lists.php.net Date: Wed, 3 Aug 2011 15:40:12 +0200 Subject: RE: [PHP] Best editor? I'm using PSPad since one year, and I'm very happy with it. With your description, I think it is the most simple way with it: Connect it with a webserver, and then you can edit all files right on the server, so if you save, they are live. PSPad is actually even a portable program, and there are lots of syntax highlighters, so this program is very nice! Date: Wed, 3 Aug 2011 09:32:34 -0400 From: msa...@gmail.com To: sstap...@mnsi.net CC: php-general@lists.php.net Subject: Re: [PHP] Best editor? Let me clarify a bit... I don't own my own machine - I'm using my work computer. I can install an editor, but installing a full fledged server would be verboten (like WAMP). And while its not hard to set up a VM in virtualbox, I'd prefer not to if I don't have to. I know the functionality of testing inside the editor used to be there, I'd just like to see if I can find it again :) If I have to, i'll just go the VM route. On Wed, Aug 3, 2011 at 9:26 AM, Steve Staples sstap...@mnsi.net wrote: On Wed, 2011-08-03 at 09:22 -0400, Matty Sarro wrote: Hey everyone, I am a super newbie just beginning to learn PHP. Awhile ago, I had used aptana for dabbling with php and was amazed to find out that it had a built in php interpreter so I could do some minor testing without having to upload everything to a web server, or have a web server locally. Flash forward to now, and it looks like that functionality doesn't exist anymore (at least not by default). So, I'm curious what editors are out there? Are there any out there which will let me test PHP files without having to upload everything every time I edit it? Any help would be greatly appreciated. Thanks! -Matty I personally use Komodo IDE, but there are lots out there. There is the Eclipse with PHP, or there was the way I learned, NotePad (then switched to EditPlus+) Steve -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Best editor?
Ahm . oh ^^ so, for the size of projects which I am realising, there is no problem of live editing. And even for learning PHP, it's a good idea to make it live on a server because if he wants to learn it, he does not have a website he edits on which has a really big traffic. So this would be the best choice I think... If I got bigger projects, I always edit in a single beta folder, just to say ^^ From: tamouse.li...@gmail.com To: php-general@lists.php.net Date: Wed, 3 Aug 2011 11:46:15 -0500 Subject: Re: [PHP] Best editor? On Aug 3, 2011, at 11:39 AM, David Harkness wrote: On Wed, Aug 3, 2011 at 9:36 AM, Tamara Temple tamouse.li...@gmail.com wrote: Not to hijack the thread, but I really, *really* hope you are not suggesting that someone do live edits on a production server I would never consider tinkering on test pages while learning PHP a production server. :) I think you missed my point -- that wasn't to the OP, that was to the respondent talking about how PSPad lets you edit files directly on the webserver
Re: [PHP] Form Already Filled Out
On 08/05/2011 12:43 AM, wil prim wrote: Hello, S i created a simple login system, and I am using sessions Everything seems to work fine, however; when I upload my files to my server and type my domain name my index.php page comes up and the form is automatically filled out with a username and password. How do i make it empty when I initially enter the site, and yes I did create a logout.php file that destroys a session. Please help, it is hard to explain this when I cant show it in person. Thanks in advance! Here is the login.php code, i didn't md5() the password yet: ?php if ($_SESSION['user']) { header(Location: error.php); exit(); } include('connect.php'); if ($_POST['login']){ $user=$_POST['user']; $pass=$_POST['pass']; $sql=SELECT * FROM members WHERE username='$_POST[user]' and password='$_POST[pass]'; $result=mysql_query($sql, $con); $count=mysql_num_rows($result); if ($count==1){ $_SESSION['user'] = $user; header('location: home.php'); } else echo p style='color:red'Wrong Username or Password/p; } ? html head title/title link href=style.css rel=stylesheet type=text/css / /head body div id=main div id=menu ul li a href=#Home/a /li li a href=#Topix/a /li li a href=#Mission/a /li /ul /div div id='content' form method='post' action='index.php' Username: br/ input type='text' name='user' maxlength='30'/br/ Password: br/ input type=password name='pass' maxlength='30'/br/ input type=submit value=Log In! name=login/ /form a href=register.html Register? /a /div /body /html Your browser is more than likely filling in the username and password fields for you, automatically. Most modern browsers offer this functionality by default. What you're looking for isn't relative to PHP. Have you tried visiting your page from multiple browsers, to see if you get the same results? You could set the value of the username and password fields in the form to NULL. e.g.; input type='text' name='user' value='' maxlength='30'/ input type=password name='pass' value='' maxlength='30'/ I doubt your visitors are going to encounter the same issue you are, unless they allow their browser or some other 3rd party software to automatically fill in the form values for them. Another method would consist of using JavaScript, once the DOM is ready (all elements rendered), have JavaScript reset the form values. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] How do I enable $_SERVER['HTTP_X_WAP_PROFILE'] or $_SERVER['HTTP_PROFILE']
On 3 Aug 2011, at 21:07, Daevid Vincent wrote: I'm working on a mobile site and from the various searches and reading (and even code fragments I've inherited for the project), they make reference to: $_SERVER['HTTP_X_WAP_PROFILE'] and a fallback $_SERVER['HTTP_PROFILE'] However, when I hit a phpinfo(); page using both an Android MyTouch 3G (2.2) and an Apple iPhone 3G, there are nothing even close to those. All of the 'HTTP_X_*' headers are absent and there is no HTTP_PROFILE either. http://www.dpinyc.com/literature/resources/code-bank/php-lightweight-device- detection/ http://mobiforge.com/developing/blog/useful-x-headers http://blog.svnlabs.com/tag/_serverhttp_x_wap_profile/ Do I need to enable something in Apache or PHP?? PHP Version 5.3.6 Zend Engine v2.3.0, Copyright (c) 1998-2011 Zend Technologies with Xdebug v2.0.5, Copyright (c) 2002-2008, by Derick Rethans and $ httpd -v Server version: Apache/2.2.17 (FreeBSD) I may be wrong, but as I understand it those headers are for older WAP browsers, not modern mobile-based browsers which are HTML-capable. The best way I've found to detect mobile devices is to examine the user agent header. While it's not 100% reliable it's the best method available. This is the function I've used in the past to detect mobile devices: https://gist.github.com/1124666. I haven't used it for a little while so there are probably new devices out there that it can't detect but it should give you a good starting point. -Stuart -- Stuart Dallas 3ft9 Ltd http://3ft9.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Form Already Filled Out
Hi, Use value=$_POST['user'] or sg like that because: before send value eq null, after if returned -cause of a fail- the inputs remain also set *autocomplete=off* (at form) and if it doesn't work use js to set null values to input boxes (add a name for ur form...) Another way, use Google: javascript turn off autofill be careful: http://www.php.net/manual/en/security.database.sql-injection.php http://php.net/manual/en/security.php *Valentine* On Thu, Aug 4, 2011 at 8:54 AM, James Yerge ja...@nixsecurity.org wrote: On 08/05/2011 12:43 AM, wil prim wrote: Hello, S i created a simple login system, and I am using sessions Everything seems to work fine, however; when I upload my files to my server and type my domain name my index.php page comes up and the form is automatically filled out with a username and password. How do i make it empty when I initially enter the site, and yes I did create a logout.php file that destroys a session. Please help, it is hard to explain this when I cant show it in person. Thanks in advance! Here is the login.php code, i didn't md5() the password yet: ?php if ($_SESSION['user']) { header(Location: error.php); exit(); } include('connect.php'); if ($_POST['login']){ $user=$_POST['user']; $pass=$_POST['pass']; $sql=SELECT * FROM members WHERE username='$_POST[user]' and password='$_POST[pass]'; $result=mysql_query($sql, $con); $count=mysql_num_rows($result); if ($count==1){ $_SESSION['user'] = $user; header('location: home.php'); } else echo p style='color:red'Wrong Username or Password/p; } ? html head title/title link href=style.css rel=stylesheet type=text/css / /head body div id=main div id=menu ul li a href=#Home/a /li li a href=#Topix/a /li li a href=#Mission/a /li /ul /div div id='content' form method='post' action='index.php' Username: br/ input type='text' name='user' maxlength='30'/br/ Password: br/ input type=password name='pass' maxlength='30'/br/ input type=submit value=Log In! name=login/ /form a href=register.html Register? /a /div /body /html Your browser is more than likely filling in the username and password fields for you, automatically. Most modern browsers offer this functionality by default. What you're looking for isn't relative to PHP. Have you tried visiting your page from multiple browsers, to see if you get the same results? You could set the value of the username and password fields in the form to NULL. e.g.; input type='text' name='user' value='' maxlength='30'/ input type=password name='pass' value='' maxlength='30'/ I doubt your visitors are going to encounter the same issue you are, unless they allow their browser or some other 3rd party software to automatically fill in the form values for them. Another method would consist of using JavaScript, once the DOM is ready (all elements rendered), have JavaScript reset the form values. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] When is gettimeofday() or microtime() unavailable?
Dear list, I've tried Google, php.net and the list's archives, but I can't find what I'm looking for. Maybe it's obvious, or maybe nobody wonders about this... For years, I've used microtime() to get the current time including the microseconds. However, somebody pointed me at a sentence in the manual page: This function is only available on operating systems that support the gettimeofday() system call. And PHP's gettimeofday() suggests the same situation: This is an interface to gettimeofday(2). But... what kind of systems then don't have this system call available? Some googling around provided lots of C programmers trying to get a gettimeofday() implementation in C on Windows, since it doesn't seem to include it. But PHP's microtime() and gettimeofday() seem to work just fine on Windows (at least the boxes I could get to). Also, I just can't seem to find PHP code anywhere on the web that seems to check the existence of either microtime() or gettimeofday() before they call it, and there have to be lots of PHP programmers out there working on Windows boxes so... Should I ignore the sentence in the manual and just trust that both functions are always available? Or is there another cross-platform way to get to the system time, including the microseconds, without using microtime() or gettimeofday()? Or will both functions just always exist, but just not give me microseconds if there is no gettimeofday() system call available? Any help is highly appreciated. Thanks, Ivo -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] NuSOAP
NuSOAP Hi, I am learning “SOAP web services” using “NuSOAP” I tried to execute hello world program, but it didn’t work. When I execute the server script It generate the wsdl without giving any warning or error. But when I execute the client it gives following message. ” Warning: SoapClient::SoapClient(http://localhost/nusoap/server.php?wsdl) [soapclient.soapclient]: failed to open stream: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond. in E:\xampp\htdocs\nusoap\client.php on line 5 Warning: SoapClient::SoapClient() [soapclient.soapclient]: I/O warning : failed to load external entity http://localhost/nusoap/server.php?wsdl; in E:\xampp\htdocs\nusoap\client.php on line 5 Fatal error: Maximum execution time of 60 seconds exceeded in E:\xampp\htdocs\nusoap\client.php on line 10 * .I have attached “client.php” and “server.php”. server.php ** “?php // Pull in the NuSOAP code require_once('lib/nusoap.php'); // Create the server instance $server = new soap_server(); // Initialize WSDL support $server-configureWSDL('hellowsdl', 'urn:hellowsdl'); // Register the method to expose $server-register('hello',// method name array('name' = 'xsd:string'),// input parameters array('return' = 'xsd:string'), // output parameters 'urn:hellowsdl', // namespace 'urn:hellowsdl#hello',// soapaction 'rpc',// style 'encoded',// use 'Says hello to the caller'// documentation ); // Define the method as a PHP function function hello($name) { return 'Hello, ' . $name; } // Use the request to (try to) invoke the service $HTTP_RAW_POST_DATA = isset($HTTP_RAW_POST_DATA) ? $HTTP_RAW_POST_DATA : ''; $server-service($HTTP_RAW_POST_DATA); ? *” client.php * ?php // Pull in the NuSOAP code require_once('lib/nusoap.php'); // Create the client instance $client = new soapclient(http://localhost/nusoap/server.php?wsdl;); // Call the SOAP method $result = $client-call('hello', array('name' = 'Scott')); // Display the result print_r($result); ? *** This examples is taken from the http://www.scottnichol.com/nusoapprogwsdl.htm can anybody tell me what’s wrong with this code. Thank you attachment: client.php attachment: server.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Best editor?
Matty Sarro wrote: Hey everyone, I am a super newbie.. in the spirit of the super newbie.. :-) http://interrobang.jwgh.org/songs/editors.mp3 -- D Brooke -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Studying mcrypt
Alex Nikitin wrote: [snip] Also you shouldn't actually encrypt passwords, the proper way to store them is hashed, so that if someone grabs your database, they dont have your passwords, even if they have the key. Hello, since this thread is about studying mcrypt... In another language, for a top security with the ability to retrieve data situation, I use a method that stores an encrypted key, but then also, the entire pages are encrypted as well, with a separate utility, where I only know the key. Think of it as compiling your software, only it is not compiling, it's encrypting, and it's then able to run as if it were compiled. The end result is that the key to any encrypted sensitive info does not reside on the server, it resides with me on my local system... thus the passwords are safely encrypted, yet I can retrieve them manually. I don't know that PHP has the ability to run in compiled or encrypted form.. does it? If not, I guess a 1 way, non-key encryption would be the only way to be absolutely secure with saved data in PHP (such as a hash). Donovan -- D Brooke -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: testing
Jim Giner jim.gi...@albanyhandball.com wrote in message news:6d.60.30104.5b968...@pb1.pair.com... Don't seem to be getting any feeds thru the newsgroup mirror(?). Something's wrong. My OE still cannot connect to the news server for this list, it continues to show unread messages are available, but it cannot download them. Something has changed. PLUS - this 'testing' msg of mine DOES show up - whassup with that? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: testing
Aln...@ridersite.org wrote: On 8/2/2011 5:18 PM, Jim Giner wrote: Don't seem to be getting any feeds thru the newsgroup mirror(?). This newsgroup has been a mess for almost a year now. One big problem is that the server only accepts a small number of connections, for just some mail clients, eg Thunderbird; but works for others. My Thunderbird works flawlessly for numerous other newsgroups. I've posted 2 or 3 bug reports, no response! -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php This newsgroup is actually a mailing list. Thanks, Ash http://www.ashleysheridan.co.uk Oh, I thought news.php.net was a NNTP news server. And, news://news.php.net:119/php.general was a newsgroup on the server. My mistake. Mailing list, newsgroup, either one - something's changed in the last week or so to interrupt the smooth (or semi-smooth) functioning of it. The only messages I'm seeing currently are the ones in this single topic. Why is that??? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: testing
On Thu, Aug 4, 2011 at 10:39, Jim Giner jim.gi...@albanyhandball.com wrote: Mailing list, newsgroup, either one - something's changed in the last week or so to interrupt the smooth (or semi-smooth) functioning of it. The only messages I'm seeing currently are the ones in this single topic. Why is that??? Actually, we haven't changed anything at all. It's always been temperamental, but it's always just been a small additional offering. As Ash said, this is a mailing list, not a newsgroup. The fact that we offer a newsgroup interface at all is by all means eligible for discontinuation, since only about six people use it in any given year. -- /Daniel P. Brown Network Infrastructure Manager http://www.php.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: testing
Sounds like time for me to move on. Thanks for the info Dan. All the talent on this group, and a bug like this (according to posts I've read) has been going on for years? Daniel Brown danbr...@php.net wrote in message news:CAD9cneMicUmusc9Er7kOmLZKL_r-QORoYcMzGH5hQL=e4er...@mail.gmail.com... On Thu, Aug 4, 2011 at 10:39, Jim Giner jim.gi...@albanyhandball.com wrote: Actually, we haven't changed anything at all. It's always been temperamental, but it's always just been a small additional offering. As Ash said, this is a mailing list, not a newsgroup. The fact that we offer a newsgroup interface at all is by all means eligible for discontinuation, since only about six people use it in any given year. -- /Daniel P. Brown Network Infrastructure Manager http://www.php.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: testing
On Thu, Aug 4, 2011 at 10:48, Jim Giner jim.gi...@albanyhandball.com wrote: Sounds like time for me to move on. Thanks for the info Dan. All the talent on this group, and a bug like this (according to posts I've read) has been going on for years? Yeah, it's always been low-priority. I've started to add a dedicated NNTP box a number of times, but always wound up having to move on to higher-priority things. And, of course, being a completely volunteer effort, it loses even more priority status when work is busy. -- /Daniel P. Brown Network Infrastructure Manager http://www.php.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Studying mcrypt
On Thu, Aug 4, 2011 at 10:31 AM, Donovan Brooke li...@euca.us wrote: Alex Nikitin wrote: [snip] Also you shouldn't actually encrypt passwords, the proper way to store them is hashed, so that if someone grabs your database, they dont have your passwords, even if they have the key. Hello, since this thread is about studying mcrypt... In another language, for a top security with the ability to retrieve data situation, I use a method that stores an encrypted key, but then also, the entire pages are encrypted as well, with a separate utility, where I only know the key. Think of it as compiling your software, only it is not compiling, it's encrypting, and it's then able to run as if it were compiled. The end result is that the key to any encrypted sensitive info does not reside on the server, it resides with me on my local system... thus the passwords are safely encrypted, yet I can retrieve them manually. I don't know that PHP has the ability to run in compiled or encrypted form.. does it? If not, I guess a 1 way, non-key encryption would be the only way to be absolutely secure with saved data in PHP (such as a hash). Donovan -- D Brooke -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php You can have multiple ways to encrypt data and store it pretty securely. For example i had a system that would encrypt passwords for other services and store them in the database along with an iv, the key was hard coded into the application and salt came from the user and was never stored, this way even if someone got my database and code which would be a feat not for the faint of heart, they still wont be able to get the data decrypted... What makes your local system any less vulnerable of a point than your server, of anything, its more vulnerable and failure-prone, so unless i'm not getting something, that seems like a poor design decision (i'm sorry) There is code obfuscation with PHP, and you can compile it into C++ with HipHop for php for example... -- The trouble with programmers is that you can never tell what a programmer is doing until it’s too late. ~Seymour Cray
Re: Re: [PHP] Re: testing
On 04 Aug 2011 at 15:48, Jim Giner jim.gi...@albanyhandball.com wrote: Sounds like time for me to move on. Thanks for the info Dan. Say Jim, Why don't you pick it up as mail like the rest of us? -- Cheers -- Tim -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: Re: [PHP] Re: testing
Because I'm lazy. I LIKE the newsgroup method - all my mail in one place: email, newsgroups together yet separate so that I can read the news postings when I have time, and the email is purely mine. Tim Streater t...@clothears.org.uk wrote in message news:08.87.13433.b57ba...@pb1.pair.com... On 04 Aug 2011 at 15:48, Jim Giner jim.gi...@albanyhandball.com wrote: Sounds like time for me to move on. Thanks for the info Dan. Say Jim, Why don't you pick it up as mail like the rest of us? -- Cheers -- Tim -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Form Already Filled Out
if you want to force the browser to not be able to have this behaviour you need the name tag to always change a quick example would be that ?php // keep the name in session $_SESSION['formRandomName']=time(); ? input type=password name=?php echo $_SESSION['formRandomName'];?[password] / 2011/8/4 Bálint Horváth hbal...@gmail.com Hi, Use value=$_POST['user'] or sg like that because: before send value eq null, after if returned -cause of a fail- the inputs remain also set *autocomplete=off* (at form) and if it doesn't work use js to set null values to input boxes (add a name for ur form...) Another way, use Google: javascript turn off autofill be careful: http://www.php.net/manual/en/security.database.sql-injection.php http://php.net/manual/en/security.php *Valentine* On Thu, Aug 4, 2011 at 8:54 AM, James Yerge ja...@nixsecurity.org wrote: On 08/05/2011 12:43 AM, wil prim wrote: Hello, S i created a simple login system, and I am using sessions Everything seems to work fine, however; when I upload my files to my server and type my domain name my index.php page comes up and the form is automatically filled out with a username and password. How do i make it empty when I initially enter the site, and yes I did create a logout.php file that destroys a session. Please help, it is hard to explain this when I cant show it in person. Thanks in advance! Here is the login.php code, i didn't md5() the password yet: ?php if ($_SESSION['user']) { header(Location: error.php); exit(); } include('connect.php'); if ($_POST['login']){ $user=$_POST['user']; $pass=$_POST['pass']; $sql=SELECT * FROM members WHERE username='$_POST[user]' and password='$_POST[pass]'; $result=mysql_query($sql, $con); $count=mysql_num_rows($result); if ($count==1){ $_SESSION['user'] = $user; header('location: home.php'); } else echo p style='color:red'Wrong Username or Password/p; } ? html head title/title link href=style.css rel=stylesheet type=text/css / /head body div id=main div id=menu ul li a href=#Home/a /li li a href=#Topix/a /li li a href=#Mission/a /li /ul /div div id='content' form method='post' action='index.php' Username: br/ input type='text' name='user' maxlength='30'/br/ Password: br/ input type=password name='pass' maxlength='30'/br/ input type=submit value=Log In! name=login/ /form a href=register.html Register? /a /div /body /html Your browser is more than likely filling in the username and password fields for you, automatically. Most modern browsers offer this functionality by default. What you're looking for isn't relative to PHP. Have you tried visiting your page from multiple browsers, to see if you get the same results? You could set the value of the username and password fields in the form to NULL. e.g.; input type='text' name='user' value='' maxlength='30'/ input type=password name='pass' value='' maxlength='30'/ I doubt your visitors are going to encounter the same issue you are, unless they allow their browser or some other 3rd party software to automatically fill in the form values for them. Another method would consist of using JavaScript, once the DOM is ready (all elements rendered), have JavaScript reset the form values. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Keyword Constructor
hello everyone. thanks for the email re keyword constructor. but what exactly does it do? i.e its function. warmest regards Andreea -Original Message- From: Ren [mailto:lobbyjo...@gmail.com] Sent: 02 August 2011 06:29 To: php-general@lists.php.net Subject: [PHP] Keyword Constructor For a long time I wanted keyword parameters in PHP. But thanks to newer features like traits and reflection classes I have come up with something that looks pretty close. trait KeywordConstructor { public function __construct($members) { $class = new ReflectionClass($this); $properties = $class-getProperties(); foreach ($properties as $p) { $name = $p-getName(); if (isset($members[$name])) { $this-$name = $members[$name]; } } } } class User { use KeywordConstructor; private $name; private $age; } $lobby = new User(['name' = 'Lobby', 'age' = 36]); Right now this requires the trunk version of PHP to work. I just wanted to share this in case anyone finds it interesting and/or useful. -- ejmr 南無妙法蓮華經 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Studying mcrypt
Alex Nikitin wrote: [snip] What makes your local system any less vulnerable of a point than your server, of anything, its more vulnerable and failure-prone, so unless i'm not getting something, that seems like a poor design decision (i'm sorry) [snip] In the model I profiled, it is a system design that * requires * the ability to retrieve secured data. For my solution, they would have to have physical entry into the premises that hold the key/s (local encryption done offline). Donovan -- D Brooke -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Studying mcrypt
Alex Nikitin wrote: [snip] There is code obfuscation with PHP, and you can compile it into C++ with HipHop for php for example... [snip] Of course, obfuscation is never a great security solution. Compiling it into C++ is interesting... the question would be if the code could be de-compiled.. if so, then probably not a great solution either. Donovan -- D Brooke -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Studying mcrypt
On Thu, Aug 4, 2011 at 12:23 PM, Donovan Brooke li...@euca.us wrote: Alex Nikitin wrote: [snip] There is code obfuscation with PHP, and you can compile it into C++ with HipHop for php for example... [snip] Of course, obfuscation is never a great security solution. Compiling it into C++ is interesting... the question would be if the code could be de-compiled.. if so, then probably not a great solution either. Donovan -- D Brooke -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php It's never a good idea to store all your keys in code, that is why we have an iv, and a salt that you can use... neither is program encryption, since i can dump it in it's executing form out of memory fairly easily; this is why hard drive encryption without a controller that does crypto off the main system is fairly pointless... -- The trouble with programmers is that you can never tell what a programmer is doing until it’s too late. ~Seymour Cray
[PHP] Complex (or not so) array data form submission?
Hey all, I get the basics of submitting a form and organizing the $_POST data within arrays (name[], name[key], etc). But if I wanted to submit something like multiple addresses and have it end up organized in array form like this from submission is this possible? $addresses = array( 0 = array( 'id' = '1', 'address1' = '...', 'address2' = '...', 'city' = '...', 'state'= '...', 'zip' = '...' ), 1 = array( 'id' = '2', 'address1' = '...', 'address2' = '...', 'city' = '...', 'state'= '...', 'zip' = '...' ) ); For some reason I can't seem to come up with the right naming schema in forms in order to get this structure. Jamie
Re: [PHP] Complex (or not so) array data form submission?
On Thu, Aug 4, 2011 at 1:18 PM, Jamie Krasnoo jkras...@gmail.com wrote: Hey all, I get the basics of submitting a form and organizing the $_POST data within arrays (name[], name[key], etc). But if I wanted to submit something like multiple addresses and have it end up organized in array form like this from submission is this possible? $addresses = array( 0 = array( 'id' = '1', 'address1' = '...', 'address2' = '...', 'city' = '...', 'state' = '...', 'zip' = '...' ), 1 = array( 'id' = '2', 'address1' = '...', 'address2' = '...', 'city' = '...', 'state' = '...', 'zip' = '...' ) ); For some reason I can't seem to come up with the right naming schema in forms in order to get this structure. Jamie It should be pretty straight foward. Your fields would have name such as these: name=addresses[0][id] name=addresses[0][address1] name=addresses[0][address2] name=addresses[0][city] name=addresses[0][state] name=addresses[0][zip] And so on. Andrew -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Complex (or not so) array data form submission?
Thanks. I think what I got hung up on was that I was trying this: name=addresses[][id] name=addresses[][address1] name=addresses[][address2] name=addresses[][city] name=addresses[][state] name=addresses[][zip] Which wouldn't have given the end result I sought, I don't think. Clear case of not seeing the forest for the trees. Jamie On Thu, Aug 4, 2011 at 10:31 AM, Andrew Ballard aball...@gmail.com wrote: On Thu, Aug 4, 2011 at 1:18 PM, Jamie Krasnoo jkras...@gmail.com wrote: Hey all, I get the basics of submitting a form and organizing the $_POST data within arrays (name[], name[key], etc). But if I wanted to submit something like multiple addresses and have it end up organized in array form like this from submission is this possible? $addresses = array( 0 = array( 'id' = '1', 'address1' = '...', 'address2' = '...', 'city' = '...', 'state'= '...', 'zip' = '...' ), 1 = array( 'id' = '2', 'address1' = '...', 'address2' = '...', 'city' = '...', 'state'= '...', 'zip' = '...' ) ); For some reason I can't seem to come up with the right naming schema in forms in order to get this structure. Jamie It should be pretty straight foward. Your fields would have name such as these: name=addresses[0][id] name=addresses[0][address1] name=addresses[0][address2] name=addresses[0][city] name=addresses[0][state] name=addresses[0][zip] And so on. Andrew
Re: [PHP] Form Already Filled Out
On Thu, 2011-08-04 at 17:02 +0100, jean-baptiste verrey wrote: if you want to force the browser to not be able to have this behaviour you need the name tag to always change a quick example would be that ?php // keep the name in session $_SESSION['formRandomName']=time(); ? input type=password name=?php echo $_SESSION['formRandomName'];?[password] / 2011/8/4 Bálint Horváth hbal...@gmail.com Hi, Use value=$_POST['user'] or sg like that because: before send value eq null, after if returned -cause of a fail- the inputs remain also set *autocomplete=off* (at form) and if it doesn't work use js to set null values to input boxes (add a name for ur form...) Another way, use Google: javascript turn off autofill be careful: http://www.php.net/manual/en/security.database.sql-injection.php http://php.net/manual/en/security.php *Valentine* On Thu, Aug 4, 2011 at 8:54 AM, James Yerge ja...@nixsecurity.org wrote: On 08/05/2011 12:43 AM, wil prim wrote: Hello, S i created a simple login system, and I am using sessions Everything seems to work fine, however; when I upload my files to my server and type my domain name my index.php page comes up and the form is automatically filled out with a username and password. How do i make it empty when I initially enter the site, and yes I did create a logout.php file that destroys a session. Please help, it is hard to explain this when I cant show it in person. Thanks in advance! Here is the login.php code, i didn't md5() the password yet: ?php if ($_SESSION['user']) { header(Location: error.php); exit(); } include('connect.php'); if ($_POST['login']){ $user=$_POST['user']; $pass=$_POST['pass']; $sql=SELECT * FROM members WHERE username='$_POST[user]' and password='$_POST[pass]'; $result=mysql_query($sql, $con); $count=mysql_num_rows($result); if ($count==1){ $_SESSION['user'] = $user; header('location: home.php'); } else echo p style='color:red'Wrong Username or Password/p; } ? html head title/title link href=style.css rel=stylesheet type=text/css / /head body div id=main div id=menu ul li a href=#Home/a /li li a href=#Topix/a /li li a href=#Mission/a /li /ul /div div id='content' form method='post' action='index.php' Username: br/ input type='text' name='user' maxlength='30'/br/ Password: br/ input type=password name='pass' maxlength='30'/br/ input type=submit value=Log In! name=login/ /form a href=register.html Register? /a /div /body /html Your browser is more than likely filling in the username and password fields for you, automatically. Most modern browsers offer this functionality by default. What you're looking for isn't relative to PHP. Have you tried visiting your page from multiple browsers, to see if you get the same results? You could set the value of the username and password fields in the form to NULL. e.g.; input type='text' name='user' value='' maxlength='30'/ input type=password name='pass' value='' maxlength='30'/ I doubt your visitors are going to encounter the same issue you are, unless they allow their browser or some other 3rd party software to automatically fill in the form values for them. Another method would consist of using JavaScript, once the DOM is ready (all elements rendered), have JavaScript reset the form values. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php Please don't top-post, the gremlins don't like it :) Going back to Bálint's post, the autocomplete=off can be set either at the form or form element (input) level. Bear in mind though that if you do this, the HTML will not validate. This isn't normally an issue, and may be an acceptable tradeoff for your website. -- Thanks, Ash http://www.ashleysheridan.co.uk
Re: [PHP] Studying mcrypt
Alex Nikitin wrote: [snip] It's never a good idea to store all your keys in code, True, but in the system I was referring to, only the closed source app knows how to see the key in the encrypted templates and there is no way for another to know how to decrypt the encrypted templates to see any of the other keys in the code... It's a unique solution for this type of topic. I don't want to go into too many details because it's not about PHP and my intention with bringing it up was to see if others knew of a similar solution within PHP.. which I'm thinking there is not. that is why we have an iv, and a salt that you can use... neither is program encryption, since i can dump it in it's executing form out of memory fairly easily; Well, not with the situation/app I was talking about.. this is why hard drive encryption without a controller that does crypto off the main system is fairly pointless... I'm not exactly sure what you are saying here.. but there are good reasons to have built the system that I was referring to... safe retrieval of secured data being the main idea. Look, I agree that in a typical online passphrase type of setup, creating a hash to be matched for access is a great solution under sensitive situations. You don't need to retrieve the pass as the owner can change it if they forget... however, encryption is absolutely not worth nothing and the O.P. stated he was trying to learn about PHP's mcrypt. Much of the time, a spec requires the access retrieval of secured data and a developer will have no choice anyway ;-). Not all sensitive data is at the same sensitivity level either... so mcrypt has its place. Cheers, Donovan -- D Brooke -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Complex (or not so) array data form submission?
On Thu, Aug 4, 2011 at 2:04 PM, Jamie Krasnoo jkras...@gmail.com wrote: Thanks. I think what I got hung up on was that I was trying this: name=addresses[][id] name=addresses[][address1] name=addresses[][address2] name=addresses[][city] name=addresses[][state] name=addresses[][zip] Which wouldn't have given the end result I sought, I don't think. Clear case of not seeing the forest for the trees. Jamie It probably would have worked just fine. Not specifying the numeric index means that PHP will depend on the order that the browser sends the values, but they are generally sent in the order they appear on the form. If the numeric index is important, it's better to provide it explicitly. Andrew -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Complex (or not so) array data form submission?
On 08/04/2011 01:56 PM, Andrew Ballard wrote: On Thu, Aug 4, 2011 at 2:04 PM, Jamie Krasnoo jkras...@gmail.com wrote: Thanks. I think what I got hung up on was that I was trying this: name=addresses[][id] name=addresses[][address1] name=addresses[][address2] name=addresses[][city] name=addresses[][state] name=addresses[][zip] Which wouldn't have given the end result I sought, I don't think. Clear case of not seeing the forest for the trees. Jamie It probably would have worked just fine. Not specifying the numeric index means that PHP will depend on the order that the browser sends the values, but they are generally sent in the order they appear on the form. If the numeric index is important, it's better to provide it explicitly. Andrew What Jamie posted is equivalent to this: name=addresses[0][id] name=addresses[1][address1] name=addresses[2][address2] name=addresses[3][city] name=addresses[4][state] name=addresses[5][zip] -- Thanks! -Shawn http://www.spidean.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: testing
On Aug 4, 2011, at 10:21 AM, Jim Giner wrote: Because I'm lazy. I LIKE the newsgroup method - all my mail in one place: email, newsgroups together yet separate so that I can read the news postings when I have time, and the email is purely mine. Tim Streater t...@clothears.org.uk wrote in message news:08.87.13433.b57ba...@pb1.pair.com... On 04 Aug 2011 at 15:48, Jim Giner jim.gi...@albanyhandball.com wrote: Sounds like time for me to move on. Thanks for the info Dan. Perhaps so, when to support your laziness you expect other to spend lots of uncompensated effort -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] memory overflow :/
hi i can't see anything wrong that will cause memory problem but parsing 1gb memory limit doesn't come enough for just parsing a 50 kb file but when i try to parse another file that is 24 kb 24 mb becomes enough memory here is the script http://pastebin.com/H9mG7ucU if you go to rss.php?id=175069119656titlebaslik=1 no problem when you try to parse rss.php?id=102741716484127titlebaslik=1 Allowed memory size of 25165824 bytes exhausted (tried to allocate 90564532 bytes) Just tried to increase with ini_set('memory_limit','2048M'); still same error Allowed memory size of -2147483648 bytes exhausted (tried to allocate 2137883596 bytes) in rss.php on line 24 any idea ?
[PHP] saving sessions
Hello, im new to the whole storing sessions thing and I really dont know how to ask this question, but here it goes. So on my site when someone logs in the login.php file checks for a the username and password in the table i created, then if it finds a match it will store a $_SESSION [] variable. To be exact the code is as follows: if ($count=='1'){session_start();$_SESSION['user']=$user; // $user is the $_POST['user'] from the login formheader('location: login_success.php');}Now what i would like to know is how do i make my website save new changes the user made while in their account? thanks!
Re: [PHP] saving sessions
On Sat, Aug 6, 2011 at 7:56 AM, wil prim wilp...@me.com wrote: Hello, im new to the whole storing sessions thing and I really dont know how to ask this question, but here it goes. So on my site when someone logs in the login.php file checks for a the username and password in the table i created, then if it finds a match it will store a $_SESSION [] variable. To be exact the code is as follows: if ($count=='1') { session_start(); $_SESSION['user']=$user; // $user is the $_POST['user'] from the login form header('location: login_success.php'); } Now what i would like to know is how do i make my website save new changes the user made while in their account? thanks! You will have to store the user account related data in the database for persistence Or if the site not having a 'user account system' you may use cookies to store the settings... Midhun Girish
[PHP] You can play with PHP 5.4.0 alpha3 on Windows, EasyPHP 5.4 alpha3 is out!
Hi PHP 5.4 alpha 3 is now included in a the Wamp package EasyPHP 5.4 alpha3. Enjoy! Website : www.easyphp.org Screenshots : www.easyphp.org/screenshots.php Facebook page : www.facebook.com/easywamp Twitter : www.twitter.com/easyphp -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] control structure
-Original Message- From: Chris Stinemetz [mailto:chrisstinem...@gmail.com] Sent: Thursday, August 04, 2011 11:34 PM To: PHP General Subject: [PHP] control structure I have a php script with a simple condition. If it is not satisfied I want to exit the script otherwise I want to continue. I am having difficulties getting it to work. The script is just exiting.. Please excuse my indention. Gmail tends to distort it. Thank you, Chris This is what i have so far: if (!session_id()) { session_start(); } if($_SESSION['signed_in'] == false | $_SESSION['user_level'] != 1 || $_SESSION['user_level'] != 2 ) { //the user is not an admin echo 'Sorry, you do not have sufficient rights to access this page.br/ You must be a technician or an engineer to create a store visit.'; exit; } else { continue; If I get it to continue I want to execute the rest of the script, but It will only exit. Current user has user_level of 1 so that is not an issue. Rest of script: $market = isset($_GET['market']) ? $_GET['market'] : $_SESSION['market']; $type = isset($_GET['type']) ? $_GET['type'] : $_SESSION['type']; $store = isset($_GET['store']) ? $_GET['store'] : $_SESSION['store']; $type = str_replace('-', ' ', $type); if($_SESSION['type'] != $type) { $_SESSION['type'] = $type; $store = ''; } if($_SESSION['market'] != $market) { $type = ''; $store = ''; } $_SESSION['market'] = $market; $_SESSION['type'] = $type; $_SESSION['store'] = $store; $market_name = array(); $market_prefix = array(); $type_name = array(); $market_prefix = array(); $store_name = array(); $query = SELECT * FROM marketcode ; $result = mysql_query($query) or die(report($query,__LINE__ ,__FILE__)); //(Something went wrong); while($row = mysql_fetch_array($result)) { $market_name[] = $row['market_name']; $market_prefix[] = $row['market_prefix']; } $query = SELECT store_type FROM store_type WHERE market_prefix = '$market' ; $result = mysql_query($query) or die(report($query,__LINE__ ,__FILE__)); while($row = mysql_fetch_array($result)) { $type_name[] = $row['store_type']; } $type_name = array_unique($type_name); sort($type_name); if($type == '') { $type = $type_name[0]; $_SESSION['type'] = $type; } $query = SELECT store_name FROM store_list WHERE store_type = '$type' AND market_prefix = '$market' ; $result = mysql_query($query) or die(report($query,__LINE__ ,__FILE__)); while($row = mysql_fetch_array($result)) { $store_name[] = $row['store_name']; } // include ('includes/closedb.php'); // close dB sort($store_name); } ? div id=myspan form action=index.php method=post table tr th class=marketMarket/th th class=typeStore Type/th th class=storeStore Name/th /tr tr td select name=market onchange=javascript:get(this.parentNode); option value=Choose.../option ?php foreach($market_prefix as $key = $value) { $selected = ''; if($value == $market) { $selected = 'selected'; } //echo(option value=$value $selected $value : $market_name[$key]); echo 'option value=', htmlspecialchars($value), ' ', $selected, '', htmlspecialchars($value.' : '.$market_name[$key]), '/option'; } ? /select /td td select name=type onchange=javascript:get(this.parentNode); option value=Choose.../option ?php foreach($type_name as $value) { $selected = ''; if($value == $type) { $selected = 'selected'; } $v = str_replace(' ', '-', $value); //echo(option value=$v $selected $value);
Re: [PHP] control structure
// This part makes no sense they are not logged in and they have a level of 1 or 2 ? Yes. It might not be the best approach, but I am assigning the user a value: 1, 2, or 3 while they create an account. This will limit what they will be able to post. For example I only want users with user level of 1 or 2 to be able to complete the form in this script. Hence, the control structure I am trying to include. // And you was missing a Pipe after false. It will cause the If statement to fail. Thanks for pointing this out. I quess I have been staring at the computer way too long! Chris -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Sending a message
Ok so I have tried to create a sort of messaging system on my website and I have run into some problems storing who the message is from, ill try to take you through step by step what I am trying to do.step #1 (messages.php): --This is where the member will view the recent messages that have been posteddiv id='messages' ?php include 'connect.php'; session_start(); $_SESSION['user']=$user; //store sql queries $sql="SELECT * FROM entries"; $result=mysql_query($sql, $con); $count=mysql_num_rows($result); if ($count1){ echo 'There are no messages yet!'; } while ($row=mysql_fetch_array($result)){ echo 'From: ' .$row['from']; echo 'br/'; echo 'Subject: ' .$row['subject']; echo 'br/'; echo 'Message: ' .$row['body']; echo 'hr/'; } ? /divStep #2 (create_message.php):-- This is where the user creates a new messageh2 Create new message/h2 table border='0' width='100%' cellpadding='3px' style='text-align: top;' form method='post' action='' tr width='100%' height='30%' style='margin-top: 0px;' td Subject /td td input type='text' name='subject' maxlength='30'/td /tr tr width='100%' height='30%' td Body /td tdtextarea name='body' style='height: 200px; width: 400px;'/textarea/td /tr tr td colspan='2' align='center'input type='submit' name='new_message' value='Send!'/ /td /tr /form /tableStep #3 (insert_message.php)-- this is where my problem is (trying to insert $_SESSION['user'] into table ['from'])?phpinclude 'connect.php';session_start();$user=$_SESSION['user'];if ($_POST['new_message']){ include 'connect.php'; session_start(); $_SESSION['user']=$user; $body=$_POST['body']; $subject=$_POST['subject']; $date=' '; $sql="INSERT INTO `entries` ( `id` , `from` , `subject` , `body` , `date` ) VALUES ( NULL , '$user', '$subject', '$body', '$date' )"; if (mysql_query($sql,$con)){ echo 'Inserted!'; echo $user; } else echo 'Not Inserted'; }?Hope i dont piss anyone off with such a long message, I just really need help on this.Thanks!
Re: [PHP] Sending a message
in previous pages you must have a login page and in login page you must store the username and then in next steps you have username in $_SESSION['user'] now if it is not your problem then what is the problem?
Re: [PHP] Sending a message
Well my problem is when i click submit, the $_SESSION['user'] ('from' part of the table in my db) is blank, so im guessing the $_SESSION variable didnt pass through. On Aug 04, 2011, at 10:11 PM, Negin Nickparsa nickpa...@gmail.com wrote:in previous pages you must have a login page and in login page you must store the username and then in next steps you have username in $_SESSION['user'] now if it is not your problem then what is the problem?
Re: [PHP] Sending a message
you must check setting your session with this one: if(isset($_SESSION['user'])) { // Identifying the user $user = $_SESSION['user']; // Information for the user. } tell me what you have done in login page?
Re: [PHP] Sending a message
This is the login.php which checks the form on the login page.?phpsession_start();include('connect.php');$user=$_POST['user'];$pass=$_POST['pass'];$sql="SELECT * FROM members WHERE username='$_POST[user]' and password='$_POST[pass]'";$result=mysql_query($sql, $con);$count=mysql_num_rows($result);if ($count==1){ session_start(); $_SESSION['user'] = $user;}else{ echo 'Wrong Username or Password'; }?On Aug 04, 2011, at 10:23 PM, Negin Nickparsa nickpa...@gmail.com wrote:you must check setting your session with this one: if(isset($_SESSION['user'])) { // Identifying the user $user = $_SESSION['user']; // Information for the user. } tell me what you have done in login page?
Re: [PHP] Sending a message
did you set the form method='post' ?
Re: [PHP] Sending a message
in this line password='$_POST[pass]'; you have error change it to password='$_POST['pass']';
Re: [PHP] Sending a message
well,sorry change it to password=$pass (better) also check your errors by php yourpage.php it is more better to not stock in errors like this one
Re: [PHP] Sending a message
Your code is full of security errors .. You should use mysql escape string(google it ) to protect your database from beiÿng hacked David Holmes twitter @mrstanfan owner of the exclusive StanFan.com Whats Your StanFan? -Original Message- From: wil prim wilp...@me.com Date: Sat, 06 Aug 2011 04:49:32 To: PHP MAILINGLISTphp-general@lists.php.net; Philly Holbrookpholbro...@gmail.com Subject: [PHP] Sending a message Ok so I have tried to create a sort of messaging system on my website and I have run into some problems storing who the message is from, ill try to take you through step by step what I am trying to do. step #1 (messages.php): --This is where the member will view the recent messages that have been posted div id='messages' ?php include 'connect.php'; session_start(); $_SESSION['user']=$user; //store sql queries $sql=SELECT * FROM entries; $result=mysql_query($sql, $con); $count=mysql_num_rows($result); if ($count1){ echo 'There are no messages yet!'; } while ($row=mysql_fetch_array($result)){ echo 'From: ' .$row['from']; echo 'br/'; echo 'Subject: ' .$row['subject']; echo 'br/'; echo 'Message: ' .$row['body']; echo 'hr/'; } ? /div Step #2 (create_message.php):-- This is where the user creates a new message h2 Create new message/h2 table border='0' width='100%' cellpadding='3px' style='text-align: top;' form method='post' action='insert_message.php' tr width='100%' height='30%' style='margin-top: 0px;' td Subject /td td input type='text' name='subject' maxlength='30'/td /tr tr width='100%' height='30%' td Body /td tdtextarea name='body' style='height: 200px; width: 400px;'/textarea/td /tr tr td colspan='2' align='center'input type='submit' name='new_message' value='Send!'/ /td /tr /form /table Step #3 (insert_message.php)-- this is where my problem is (trying to insert $_SESSION['user'] into table ['from']) ?php include 'connect.php'; session_start(); $user=$_SESSION['user']; if ($_POST['new_message']){ include 'connect.php'; session_start(); $_SESSION['user']=$user; $body=$_POST['body']; $subject=$_POST['subject']; $date=' '; $sql=INSERT INTO `entries` ( `id` , `from` , `subject` , `body` , `date` ) VALUES ( NULL , '$user', '$subject', '$body', '$date' ); if (mysql_query($sql,$con)){ echo 'Inserted!'; echo $user; } else echo 'Not Inserted'; } ? Hope i dont piss anyone off with such a long message, I just really need help on this. Thanks!
Re: [PHP] Sending a message
Woot! Got it! There was a page in between that stored $_SESSION['user']=$user rather than other way around! Thank you! and yea I will secure it!On Aug 04, 2011, at 10:37 PM, David Holmes dholmes1...@gmail.com wrote:Your code is full of security errors .. You should use mysql escape string(google it ) to protect your database from beiÿng hacked David Holmes twitter @mrstanfan owner of the exclusive StanFan.com Whats Your StanFan? -Original Message- From: wil prim wilp...@me.com Date: Sat, 06 Aug 2011 04:49:32 To: PHP MAILINGLISTphp-general@lists.php.net; Philly Holbrookpholbro...@gmail.com Subject: [PHP] Sending a message Ok so I have tried to create a sort of messaging system on my website and I have run into some problems storing who the message is from, ill try to take you through step by step what I am trying to do. step #1 (messages.php): --This is where the member will view the recent messages that have been posted div id='messages' ?php include 'connect.php'; session_start(); $_SESSION['user']=$user; //store sql queries $sql="SELECT * FROM entries"; $result=mysql_query($sql, $con); $count=mysql_num_rows($result); if ($count1){ echo 'There are no messages yet!'; } while ($row=mysql_fetch_array($result)){ echo 'From: ' .$row['from']; echo 'br/'; echo 'Subject: ' .$row['subject']; echo 'br/'; echo 'Message: ' .$row['body']; echo 'hr/'; } ? /div Step #2 (create_message.php):-- This is where the user creates a new message h2 Create new message/h2 table border='0' width='100%' cellpadding='3px' style='text-align: top;' form method='post' action='' tr width='100%' height='30%' style='margin-top: 0px;' td Subject /td td input type='text' name='subject' maxlength='30'/td /tr tr width='100%' height='30%' td Body /td tdtextarea name='body' style='height: 200px; width: 400px;'/textarea/td /tr tr td colspan='2' align='center'input type='submit' name='new_message' value='Send!'/ /td /tr /form /table Step #3 (insert_message.php)-- this is where my problem is (trying to insert $_SESSION['user'] into table ['from']) ?php include 'connect.php'; session_start(); $user=$_SESSION['user']; if ($_POST['new_message']){ include 'connect.php'; session_start(); $_SESSION['user']=$user; $body=$_POST['body']; $subject=$_POST['subject']; $date=' '; $sql="INSERT INTO `entries` ( `id` , `from` , `subject` , `body` , `date` ) VALUES ( NULL , '$user', '$subject', '$body', '$date' )"; if (mysql_query($sql,$con)){ echo 'Inserted!'; echo $user; } else echo 'Not Inserted'; } ? Hope i dont piss anyone off with such a long message, I just really need help on this. Thanks!
Re: [PHP] Sending a message
or if you want to do this risky and none secure thing try this: $query=select * from members where user='.$_POST['user'].'and pass=password('$pas'); well first you must check errors in mysql then storing in session also it is better to use: $user=mysql_real_escape_string($_POST['user']); then write the query
Re: [PHP] Sending a message
well I wonder! with error syntaxes now it is working? or without them?
Re: [PHP] Sending a message
I think Ill just use the better secured one, thanks!On Aug 04, 2011, at 10:41 PM, Negin Nickparsa nickpa...@gmail.com wrote:or if you want to do this risky and none secure thing try this:$query="select * frommemberswhere user='"$_POST['user']."'and pass=password('$pas')"; well first you must check errors in mysql then storing in session also it is better to use: $user=mysql_real_escape_string($_POST['user']); then write the query
Re: [PHP] Sending a message
it is better to use this one: http://www.php.net/mysql_real_escape_string if you don't use this by inputting just a qoute or this input '--' a hacker can easily hack your syntax in another steps your site will send a message like: error in mysql on this line lob lob .. in this part he will find your server that it is my sql:D he/she will try anither syntaxes and by errors he/she finds your table names and ...:D you know how bad:D then obey the security rules
Re: [PHP] Sending a message
On 8/5/2011 9:49 PM, wil prim wrote: Ok so I have tried to create a sort of messaging system on my website and I have run into some problems storing who the message is from, ill try to take you through step by step what I am trying to do. *step #1 *(messages.php):--This is where the member will view the recent messages that have been posted div id='messages' ?php include 'connect.php'; session_start() should be called before anything else on the page is done. move this to the first line after your opening ?php tag. session_start(); First... from one of your other emails, you explain that by the time you get to this page, your user has already logged in. But in the next line, you are AFAICT setting the $_SESSION['user'] to a null value. Try commenting this line out and see what happens. $_SESSION['user']=$user; //store sql queries $sql=SELECT * FROM entries; You should change this a little. I realize their isn't much to go wrong with this SQL statement, but you never know... $result=mysql_query($sql, $con); $result = mysql_query($sql, $con) OR die('SQL ERROR: '. mysql_errno($con) .'br /'. mysql_error($con)); $count=mysql_num_rows($result); if ($count1){ echo 'There are no messages yet!'; } I think you are missing an ELSE clause here... while ($row=mysql_fetch_array($result)){ echo 'From: ' .$row['from']; echo 'br/'; echo 'Subject: ' .$row['subject']; echo 'br/'; echo 'Message: ' .$row['body']; echo 'hr/'; } ? /div *Step #2* (create_message.php):-- This is where the user creates a new message h2 Create new message/h2 table border='0' width='100%' cellpadding='3px' style='text-align: top;' form method='post' action='insert_message.php' tr width='100%' height='30%' style='margin-top: 0px;' td Subject/td td input type='text' name='subject' maxlength='30'/td /tr tr width='100%' height='30%' td Body/td tdtextarea name='body' style='height: 200px; width: 400px;'/textarea/td /tr tr td colspan='2' align='center'input type='submit' name='new_message' value='Send!'/ /td /tr /form /table *Step #3 *(insert_message.php)-- this is where my problem is (trying to insert $_SESSION['user'] into table ['from']) This script is riddled with security issues and errors. ?php include 'connect.php'; Again with the session_start() thing. Move it to the top. session_start(); Why do this? Just use $_SESSION['user'] where you would use $user... $user=$_SESSION['user']; This is going to cause a NOTICE error. Check out isset() if ($_POST['new_message']){ You including this file for a second time. Does it need to? include 'connect.php'; Calling this a second time, just for good measure??? Remove it. session_start(); Again, you are clearing your $_SESSION['user'] variable. $_SESSION['user']=$user; If you are going to assign the values to new variables, I would suggest tossing htmlspecialchars() around each one. $body=$_POST['body']; $subject=$_POST['subject']; $date=' '; Also, before you go using those variables above in your SQL below, you should wrap a call to mysql_real_escape_string() around them. $sql=INSERT INTO `entries` ( `id` , `from` , `subject` , `body` , `date` ) VALUES ( NULL , '$user', '$subject', '$body', '$date' ); Refer to my suggestion about about adding the OR die() portion to the following command. if (mysql_query($sql,$con)){ echo 'Inserted!'; echo $user; } else echo 'Not Inserted'; } ? Hope i dont piss anyone off with such a long message, I just really need help on this. Thanks! -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Sending a message
lol wow ok thanks, Im very new to coding, started html about 2 months ago, so ty for letting me know the security of the language! is there any place where i can read (other than the php manual), about a tutorial on security?On Aug 04, 2011, at 10:49 PM, Negin Nickparsa nickpa...@gmail.com wrote:it is better to use this one:http://www.php.net/mysql_real_escape_stringif you don't use this by inputting just a qoute or this input '--' a hacker can easily hack your syntaxin another steps your site will send a message like:error in mysql on this line lob lob .. in this part he will find your server that it is my sql:Dhe/she will try anither syntaxes and by errors he/she finds your table namesand ...:Dyou know how bad:D then obey the security rules