|
Thirteenth Step posted:got it (i think): Just to make sure you are thinking about this right, "username" is a session variable, not a session in and of itself. $_SESSION is "the session" ( the global session variable / object ) and you assign it session vars to keep track of data between pages: php:<? session_start(); // you have A ( one ) session $_SESSION['poop'] = 43; // same session, but now it has a variable named 'poop' attached $_SESSION['blah'] = 'daslkjdja'; // you still only have one session, but now it has another variable print_r( $_SESSION ); // see all the other stuff hiding in there! ?>
|
#
?
Mar 25, 2010 05:23
|
|
|
|
| # ? Jun 4, 2024 09:07 |
|
|
So, uh, not that anyone should ever do this, but why doesphp:<? $foo="bar"; $foo(); ?> php:<?
${"bar"}();
?>
|
|
#
?
Mar 25, 2010 06:16
|
|
|
I am having a problem with CodeIgniter. I searched google and there's help that's so close but no cigar. I am using XAMPP as my localhost and I have made no changes to it's configuration files. I am trying to work my way through this tutorial: http://net.tutsplus.com/videos/screencasts/codeigniter-from-scratch-day-3/ Anyway, I made a controller email.php. php:<?php class Email extends Controller{ function __construct() { parent::Controller(); } function index(){ $config=Array( 'protocol' => 'smtp', 'smpt_host'=> 'ssl://smtp.googlemail.com', 'smtp_port'=>465, 'smtp_user'=>'username@gmail.com', 'smtp_pass'=>'password' ); $this->load->library('email', $config); $this->email->set_newline("\r\n"); $this->email->from('username@gmail.com', 'Michael'); $this->email->to('username@gmail.com'); $this->email->subject('Email subject test'); $this->email->message('It works!'); if ($this->email->send()){ echo'YES!'; } else { show_error($this->email->print_debugger()); } } } ?> code:I noticed that SMTP is disabled in XAMPP's apache admin. How do I fix this problem?
|
|
#
?
Mar 25, 2010 06:19
|
|
|
FeloniousDrunk posted:
FeloniousDrunk posted:
|
|
#
?
Mar 25, 2010 08:51
|
|
|
Dargor posted:I am having a problem with CodeIgniter. I searched google and there's help that's so close but no cigar. I have yet to have any coffee this AM, so I might have mis-read everything, but this sounds like a web server / host configuration thing. Email their support and ask what you can do to allow PHP to send mail.
|
|
#
?
Mar 25, 2010 14:00
|
|
|
Dargor posted:I am having a problem with CodeIgniter. I searched google and there's help that's so close but no cigar. XAMPP does not include a mail server. You need a mail server set up and configured to be able to send email through php mail routines. I don't know what type of solutions there are for setting one up on your localhost, though.
|
|
#
?
Mar 25, 2010 15:33
|
|
|
I am attempting to setup two wiki's on the same server. The first wiki is all setup and has quite a few documents in place. I'm running mediawiki and followed this guide to setup the second: http://www.steverumberg.com/wiki/index.php?title=WikiHelp_-_Method_One It worked well and I have two valid wikis. The site sets a cookie so that you don't have to pass the 'w' variable in every page call. I'm having a really tough time getting the cookie part to work correctly. I can navigate the pages/wikis fine as long as I distinguish which wiki I want. There are several functions of the wikis that I can't perform though (such as login) because I can't pass the 'w' variable through the login process... which is where the cookie should come into play. Code from the LocalSettings.php file that directs which wiki to goto by way of pointing to another LocalSettings file. The only code that I changed is after the else statement so that my users do not have to enter the 'w' variable. Plan on removing that once the cookies are working. The site is an intranet site so I'm not sure if I can even accomplish this with cookies or not. php:<?
# The system determines which wiki to display based on either:
# W parameter passed to INDEX.PHP, or
# the cookie "wikiCode"
#
# First, test for the W parameter. Was it passed?
$sr_WikiCode = $_REQUEST['w'];
# Tip: this new variable is prefixed with my initials "sr_" in order
# to distinguish it from the variables that are standard within MediaWiki
if ($sr_WikiCode <> "") {
# Yes, W parameter was passed, so save it in a cookie until it gets changed.
# 2008-04-18 Note: MediaWiki sets its cookies using variables, like the following:
# setcookie($name,$value,$expire, $wgCookiePath, $wgCookieDomain, $wgCookieSecure);
# I haven't yet tested it using their variables, so I've hard-coded it:
setcookie('wikiCode', $sr_WikiCode, time()+60*60*24*365, '/', 'cedarpedia');
} elseif ($_COOKIE['wikiCode'] <> "") {
# the parameter "W" wasn't passed but the cookie wikiCode does have a value, so use it
$sr_WikiCode = $_COOKIE['wikiCode'];
} else {
# neither the W parameter was passed nor does the cookie wikiCode have a value, so
# we don't know which wiki to display. Let user know that we cannot continue.
$sr_WikiCode = 'cedarpedia';
}
# We know which wiki to display. Set the configuration variables specific
# to the individual wiki
require_once ('LocalSettings_' . $sr_WikiCode . '.php');
?>
|
|
#
?
Mar 25, 2010 16:01
|
|
|
FeloniousDrunk posted:So, uh, not that anyone should ever do this, but why does Works in 5.2.5 but I kind of wish it didn't anywhere because 
|
|
#
?
Mar 25, 2010 16:55
|
|
|
thedaian posted:XAMPP does not include a mail server. You need a mail server set up and configured to be able to send email through php mail routines. I don't know what type of solutions there are for setting one up on your localhost, though. This is completely false, of course XAMPP includes a mail server. It's called Mercury. It's right there in the control panel.
|
|
#
?
Mar 25, 2010 17:56
|
|
|
I have a combo box which populates from the DB, code is:php:<?php $query="SELECT forename,surname,dept FROM staff"; $result = mysql_query ($query); echo "<select name=staff value=''>Staff Name</option>"; while($nt=mysql_fetch_array($result)){ echo "<option value=select_user>$nt[forename] $nt[surname] - $nt[dept] Staff</option>"; } echo "</select>"; ?> Is it a lot of code? / complicated?
|
|
#
?
Mar 25, 2010 17:59
|
|
|
Thirteenth Step posted:I have a combo box which populates from the DB, code is: new form: php:<?php $query="SELECT id,forename,surname,dept FROM staff"; $result = mysql_query ($query); echo "<form type=\"post\" action=\"\">"; //This will post to itself echo "<select name=\"staff\">Staff Name</option>"; while($nt=mysql_fetch_array($result)){ echo "<option value=\"{$nt['id']}\">{$nt['forename']} {$nt['surname']} - {$nt['dept']} Staff</option>"; } echo "</select>"; echo "<input type=\"submit\" name=\"submit\" value=\"submit\" />"; echo "</form>"; ?> php:<?php // put this code at the top of your PHP file so when the form posts, it will run before your select list is created. if ($_POST['submit']) { $deleteID = mysql_real_escape_string($_POST['id']); $deleteQuery = "DELETE FROM staff WHERE id = '$deleteID' LIMIT 1"; $deleteResult = mysql_query($deleteQuery) or die(mysql_error()); } ?> DarkLotus fucked around with this message at 19:09 on Mar 25, 2010 |
|
#
?
Mar 25, 2010 18:40
|
|
|
Thirteenth Step posted:I have a combo box which populates from the DB, code is: You need some sort of unique identifier for each staff member, then it's easy. DELETE FROM staff WHERE id = someStaffId. Your html is lookin pretty messed up, may want to fix that as well.
|
|
#
?
Mar 25, 2010 18:47
|
|
|
What's the easiest way to match if statements containing a bunch of possibilities. For example, if $variable contains any one of 30 different possible strings return true otherwise return false?
|
|
#
?
Mar 25, 2010 21:01
|
|
|
revmoo posted:What's the easiest way to match if statements containing a bunch of possibilities. For example, if $variable contains any one of 30 different possible strings return true otherwise return false? put those strings in an array, then use php:<?
if (in_array($value, $array)) {
//do stuff
}
?>php:<?
switch ($i) {
case 0:
echo "i equals 0";
break;
case 1:
echo "i equals 1";
break;
case 2:
echo "i equals 2";
break;
}
?>php:<?
if ($i == 0) {
echo "i equals 0";
} elseif ($i == 1) {
echo "i equals 1";
} elseif ($i == 2) {
echo "i equals 2";
}
?>DarkLotus fucked around with this message at 21:06 on Mar 25, 2010 |
|
#
?
Mar 25, 2010 21:04
|
|
|
revmoo posted:What's the easiest way to match if statements containing a bunch of possibilities. For example, if $variable contains any one of 30 different possible strings return true otherwise return false? A switch rather than an if, you can have multiple cases: php:<?
switch($var)
{
case "A":
case "B":
case "C":
doThis(0);
break
case "D":
case "E":
case "F":
doThis(1);
break;
}?>gwar3k1 fucked around with this message at 21:07 on Mar 25, 2010 |
|
#
?
Mar 25, 2010 21:04
|
|
|
^^I like this idea too, I might go with that. EDIT: Tried this idea and it works the best for what I'm actually trying to do.DarkLotus posted:put those strings in an array, then use if (in_array($value, $array)) { do stuff } Simple enough, thanks a bunch. I usually stick to the design side of things so I'm pretty novice when it comes to getting things done in PHP. revmoo fucked around with this message at 21:15 on Mar 25, 2010 |
|
#
?
Mar 25, 2010 21:05
|
|
|
In another exciting episode of 'weird ways to do things in PHP', you can also do this instead of using the array version. The point being that you cannot const or define an array, so you need to define/const a string instread: php:<?
class Muppet
{
const ACCEPTABLE_VALUES = '|1|2|3|'; // note leading and trailing |
function is_acceptable($a)
{
return (strpos(self::ACCEPTABLE_VALUES, "|{$a}|") !== FALSE);
}
}
?>
|
|
#
?
Mar 26, 2010 09:46
|
|
|
PHP associative arrays are really hash tables underneath, so if you have a lot of valid values or a lot of values to validate it's going to faster to search by key not by value:php:<? $acceptableValues=Array( "value1"=>1, "value2"=>1, "value3"=>1, "value4"=>1, "value5"=>1, ... ); ... $val=$_REQUEST["something"]; if (isset($acceptableValues[$val])) // valid else //invalid ...?> But if you only have few values to check and you're only calling it once then use whatever code is clearest.
|
|
#
?
Mar 26, 2010 10:41
|
|
|
Just did 1100 lines of case statements to translate zip codes into geographical price zones. My hands are tired. I probably could have done it a little bit smarter, but since the zip code zones were broke up into a ton of different regions there wasn't much that could have been shortened or automated. Thanks again for the help guys.
|
|
#
?
Mar 26, 2010 18:50
|
|
|
revmoo posted:Just did 1100 lines of case statements to translate zip codes into geographical price zones. My hands are tired. I bet if you post your code, minus all 1100 lines of zip codes, someone could help you optimize it better.
|
|
#
?
Mar 26, 2010 19:43
|
|
|
I know your zipcodes are numeric but there has to be some grouping going on with the numbers. For example: YO24 - YO would be Yorkshire, 2 would be York itself, 4 would then be a district of York... Is there a number patter you can exploit by using multiple selects with substr? php:<?
switch(substr(zip,0,2))
{
case "01" // Alaska
{
switch(substr(zip, 2, 2))
{
case "01" // Somewhere in alaska
{
// etc.
}
}
}
}?>
|
|
#
?
Mar 26, 2010 20:12
|
|
|
It's for a pricing engine with several different 'areas' depending on your geographical region. Fortunately the areas are broad enough that I only needed to deal with the first three digits of the zip code. Several states were just one area so all I had to do was get the ranges for those, for example Utah was 84XXX, so that was really easy. A lot of states only have 10 or so different 3-digit prefixes to deal with. I'm sure that the code could have been less than 1100 lines, but since there was a ton of small ranges, like 902-905, 907-915, etc etc etc it was easier to just put the exact numbers instead of trying to cover each range programatically. I did want to ask about this piece of code, just to make sure I have no security issues: code:I'm not concerned with performance at all, as this is going to be a rarely used site function, probably used less than once a day. Also, I do realize that the zip code checker isn't 100% perfect, for example 00000 is accepted as valid even though it's not. I'll deal with that later on in the code.
|
|
#
?
Mar 26, 2010 20:42
|
|
|
revmoo posted:I did want to ask about this piece of code, just to make sure I have no security issues: Just compare what they enter to a list of valid zip codes.
|
|
#
?
Mar 26, 2010 20:46
|
|
|
fletcher posted:Just compare what they enter to a list of valid zip codes. Yeah I figured I'd do something like that. That list is incomplete though! Just off the top of my head I noticed it's missing Puerto Rico entirely.
|
|
#
?
Mar 26, 2010 20:53
|
|
|
So I'm trying to come up with a way to get players to cat with each other while playing a game. I looked up some of those PHP/ajax/json scripts that are out for free but they all look like they'd kill my server if there were too many clients on. Any suggestions for a lightweight chat system? And I likely don't want to use IRC because my host doesn't allow that and I need to force players to keep their assigned name in chat.
|
|
#
?
Mar 29, 2010 20:45
|
|
|
drcru posted:So I'm trying to come up with a way to get players to cat with each other while playing a game. I looked up some of those PHP/ajax/json scripts that are out for free but they all look like they'd kill my server if there were too many clients on. Could you use a java applet instead? Or frames for the chat screen and reload the frame with each post (and refresh every 30 seconds).
|
|
#
?
Mar 29, 2010 21:06
|
|
|
I've got a PHP/MySQL app. Is there a way of bundling that with a WAMP server so that Windows users can download an .exe and install it? The exe would need to set up a mysql user too, obviously.
|
|
#
?
Mar 31, 2010 00:32
|
|
|
N.Z.'s Champion posted:I've got a PHP/MySQL app. Is there a way of bundling that with a WAMP server so that Windows users can download an .exe and install it?
|
|
#
?
Mar 31, 2010 00:49
|
|
|
N.Z.'s Champion posted:I've got a PHP/MySQL app. Is there a way of bundling that with a WAMP server so that Windows users can download an .exe and install it? What sort of app are you making that users need to download and install all that extra stuff to use it? Seems like you may be introducing unnecessary security headaches for people. Is SQLite an option?
|
|
#
?
Mar 31, 2010 01:57
|
|
|
What's the general consensus on CakePHP? It's got a lot of pretty hooks for jQuery stuff and seems to be well documented. I've tried symfony but the learning curve just seems like too much for me. Or Yii...that looks to be getting a lot of solid reviews lately. J. Elliot Razorledgeball fucked around with this message at 05:21 on Mar 31, 2010 |
|
#
?
Mar 31, 2010 03:51
|
|
|
fletcher posted:What sort of app are you making that users need to download and install all that extra stuff to use it? fletcher posted:Seems like you may be introducing unnecessary security headaches for people.
|
|
#
?
Mar 31, 2010 07:01
|
|
|
N.Z.'s Champion posted:This one. It's just a conventional webapp but some people don't know how to set up a personal webserver/php/mysql so I was looking to automate some of the steps; hence the question. I think it's a cool idea but if you're not going to invest the necessary resources to securely host it yourself I would rewrite it as a desktop application. Having people running their own WAMP stack to host their financial data (even without any account identifiers) sounds like a scary scenario.
|
|
#
?
Mar 31, 2010 07:25
|
|
|
fletcher posted:I think it's a cool idea but if you're not going to invest the necessary resources to securely host it yourself I would rewrite it as a desktop application. Having people running their own WAMP stack to host their financial data (even without any account identifiers) sounds like a scary scenario.
|
|
#
?
Mar 31, 2010 07:56
|
|
|
Here's a bit of a mad one which i'm sure shouldn't bee too hard for somebody in here. Im trying to set up a very quick demo on how SQL Injection works, I've never created an SQL Injection vulnerable form before (obviously) and i've been furiously pasting the common strings (1=1 and the like) into here and it's not working. However, 1=1 is creating a true result, and my form isn't searching for something thats 'true' as far i can tell, its searching for num_rows to equal 1. How would I go about injecting code into this form to allow access? Sorry about the horribly set out code.  code:php:<?php session_start(); @$username = $_POST['username']; @$password = $_POST['password']; if ($username && $password) { $connect = mysql_connect("localhost","MY_USERNAME","MY_PASSWORD") or die("Couldn't connect to database!"); mysql_select_db("MY_DATABASE") or die("Couldn't find DB!"); $query = mysql_query("SELECT * FROM users WHERE username='$username'"); $numrows = mysql_num_rows($query); if ($numrows!=0) { while ($row = mysql_fetch_assoc($query)) { $dbusername = $row['username']; $dbpassword = $row['password']; } if ($username==$dbusername&&$password==$dbpassword) { $_SESSION['username']=$username; header('Location: members.php'); } else echo "Incorrect Password!"; } else die("User does not exist!"); } else die("Please fill out the required fields!"); ?>
|
|
#
?
Mar 31, 2010 14:37
|
|
|
Thirteenth Step posted:Here's a bit of a mad one which i'm sure shouldn't bee too hard for somebody in here. Your convoluted PHP is actually protecting you somewhat. If you really want to gently caress things up, try putting in usernames with fun stuff like this: aaa';DELETE FROM users WHERE 1 or aaa';UPDATE users SET password = 'z' WHERE 1; What your code is doing in the event of a 1=1 "attack" would be to return ALL rows. Your crazy while loop then iterates over ALL of them, and at the end, $dbusername and $dbpass are set to the values of the last row returned form the query. Also, your script is NOT "searching for num_rows to equal 1", it's looking for number of rows not 0 or FALSE. A vulnerable script for your form would look like this: php:<?
session_start();
@$username = $_POST['username'];
@$password = $_POST['password'];
if ($username && $password)
{
$connect = mysql_connect("localhost","MY_USERNAME","MY_PASSWORD") or die("Couldn't connect to database!");
mysql_select_db("MY_DATABASE") or die("Couldn't find DB!");
$query = mysql_query("SELECT * FROM users WHERE username = '$username' AND password = '$password'");
if( mysql_num_rows( $query ) != 0 )
{
// hey it must have been a good log in!
$_SESSION['username']=$username;
header('Location: members.php');
}
}
?>Lumpy fucked around with this message at 16:13 on Mar 31, 2010 |
|
#
?
Mar 31, 2010 16:09
|
|
|
Quick question, admittedly, I am a new web developer that hasn't mastered PHP yet but I can definitely get around it. I am looking for a way to have Word documents converted to HTML or PDF or some type of readable form online and possibly cache it so every request doesn't convert the file every time. Basically, I have the worst user base ever that can't even be bothered to turn Word documents into PDFs on their own. I develop an intranet site for the company I work for and I need a way to read these Word documents off a network share that the users update. Is there a good way of doing this? Note: It is an Apache server running on Windows Server 2003.
|
|
#
?
Mar 31, 2010 16:12
|
|
|
Lumpy posted:Stuff " Welcome to the management system ' or 'a'='a! "  Thanks for the advice!
|
|
#
?
Mar 31, 2010 16:55
|
|
|
IT Guy posted:Quick question, admittedly, I am a new web developer that hasn't mastered PHP yet but I can definitely get around it. There are plenty of ways to do it, but I doubt they're all that easy: http://www.informatik.uni-frankfurt.de/~markus/antiword/ Go do Office interop in .Net to pull out the text yourself (or make office print to a PDF printer) Take your chances with this http://www.phpclasses.org/browse/package/3553.html.
|
|
#
?
Mar 31, 2010 17:37
|
|
|
Very basic issue that's driving me crazy. Just inputting very basic data from a mysql query. However, this will not create the newline at the end. php:<?
$myFile = "download/report.txt";
$fh = fopen($myFile, 'w') or die("can't open file");
while($row2 = mysql_fetch_array($resultsSELECT)) {
$stringData = $row2['id'] . " | " . $row2['name'] . " | " . $row2['branch'] . "\n";
fwrite($fh, $stringData);
}
fclose($fh);
?>
|
|
#
?
Mar 31, 2010 18:47
|
|
|
|
| # ? Jun 4, 2024 09:07 |
|
|
rotaryfun posted:Very basic issue that's driving me crazy. Are you writing or reading in a Windows environment? if so, you have so use \r\n
|
|
#
?
Mar 31, 2010 19:08
|
|