Re: [PHP] Trying to understand sessions and using them to authenticate...
Daniel Brown schreef:
?
session_start();
if(!$_SESSION['user']) {
if($_POST['user'] $_POST['pass']) { // Keep in mind, PASSWORD
has meaning in MySQL
// Do your string sanitizing here
// (e.g. - $user = mysql_real_escape_string($_POST['user']);)
$sql = SELECT * FROM users WHERE user='.$user.' AND
pass='.$pass.' LIMIT 0,1;;
$result = mysql_query($sql) or die(Wrong data supplied or
database error);
while($row = mysql_fetch_array($result)) {
$_SESSION['user'] = $row['user'];
// Do whatever else you need to do here
}
} else {
// Show your login form here.
}
} else {
// The user is authenticated and logged in already.
}
?
Keep in mind that, as always, this hasn't been bug-checked,
re-read, or otherwise validated.
A warrant about your example not being validated, will most likely not
stop the OP from using this code as is, thereby subjecting himself to
SQL injection.
And all it needed was mysql_real_escape_string() in there.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Trying to understand sessions and using them to authenticate...
Daniel Brown schreef:
On 8/24/07, Borokov Smith [EMAIL PROTECTED] wrote:
[snip]
A warrant about your example not being validated, will most likely not
stop the OP from using this code as is, thereby subjecting himself to
SQL injection.
And all it needed was mysql_real_escape_string() in there.
Kinda' like this part, right?
[snip]
if($_POST['user'] $_POST['pass']) { // Keep in mind, PASSWORD
has meaning in MySQL
// Do your string sanitizing here
// (e.g. - $user = mysql_real_escape_string($_POST['user']);)
$sql = SELECT * FROM users WHERE user='.$user.' AND
pass='.$pass.' LIMIT 0,1;;
[/snip]
Exactly what I was talking about.
Sorry dude :)
greetz,
boro
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Server error
Hi dr Nick, The $_FILES autoglobal contains an error code if something went wrong. What is the code set to ? Regards, boro Humani Power schreef: Hi everybody. I have a Fedora Core 7 with php 5, and I want to upload an image. The funniest thing is that my script works fine in other computer but not in this one. I look for the error in /var/log/httpd/error.log and I found this [Tue Aug 21 15:52:46 2007] [notice] caught SIGTERM, shutting down [Tue Aug 21 15:55:32 2007] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec) [Tue Aug 21 15:55:32 2007] [notice] Digest: generating secret for digest authentication ... [Tue Aug 21 15:55:32 2007] [notice] Digest: done [Tue Aug 21 15:55:33 2007] [notice] mod_python: Creating 4 session mutexes based on 256 max processes and 0 max threads. [Tue Aug 21 15:55:33 2007] [notice] mod_python: using mutex_directory /tmp [Tue Aug 21 15:55:34 2007] [notice] Apache/2.2.4 (Unix) DAV/2 PHP/5.2.2 mod_python/3.3.1 Python/2.5 mod_ssl/2.2.4 OpenSSL/0.9.8b mod_perl/2.0.3 Perl/v5.8.8 configured -- resuming normal operations I know that this is PHP forum, but dont know if it is related. Thanks for your help -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] isset($a-b) even if $a-b = null
Olav Mørkrid schreef:
how do i test if a property of a stdclass object is set, even if its
value is null, similar to how array_key_exists() works for arrays.
the following method fails:
$a-b = null;
if(isset($a-b))
echo yes;
and property_exists() seems only to work for defined objects.
hope someone can help. thanks!
if (isset($a - b) $a - b != null) { echo yes; }
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: isset($a-b) even if $a-b = null
Maybe if you tell us exactly what you wish to achieve.
Class variables that are not created at object creation is bad design.
Olav Mørkrid schreef:
yes, but that assumes you have a defined class. if $a comes from
mysql_fetch_object() for instance you have just a stdobject, and this
method will produce an error.
On 17/08/07, Michael Preslar [EMAIL PROTECTED] wrote:
Found something.
For class variables..
http://us.php.net/manual/en/function.property-exists.php
class a {
var $b;
}
if (property_exists('a','b')) {
print yes\n;
}
On 8/17/07, Olav Mørkrid [EMAIL PROTECTED] wrote:
the test i need should give the following results:
- FALSE when $a-b does not exist at all
- TRUE when $a-b = null
- TRUE when $a-b = any value
empty() gives true for both $a-b = null and not setting any value, so
that's no good.
borokovs suggestion seems to miss the purpose.
anyone else?
On 17/08/07, Colin Guthrie [EMAIL PROTECTED] wrote:
Olav Mørkrid wrote:
how do i test if a property of a stdclass object is set, even if its
value is null, similar to how array_key_exists() works for arrays.
the following method fails:
$a-b = null;
if(isset($a-b))
echo yes;
and property_exists() seems only to work for defined objects.
hope someone can help. thanks!
You can try:
unset($a-b)
Or change isset() to empty().
empty() catches more than isset() e.g. '' (empty string), false, 0 etc.
are considered empty. Depending on your logic it can still be very
useful. It is a language construct rather than a function so it's also
efficient.
Col
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Friday morning brain farts....
if (isset($_GET['order'] in_array($_GET['order'], array('Last',
'First', ...))) { $requestedOrder = $_GET['order']; } else {
$requestedOrder = your default; }
Mind the in_array() call. Always sanitize user input.
greetz,
boro
Jason Pruim schreef:
Hi All :)
Hope you're not getting sick of my questions as of late, but I keep
getting closer and closer and thank you all who have helped me in the
past! The only reason I can see this far is I am standing on the
shoulders of giants don't know who said that but I like it :)
Anyway... Onto the question...
I think I'm just going crazy as it's been a busy week for me, but I
can't figure out how to do this. What I am attempting to do is, I have
a webpage(Don't we all?) that calls info to be displayed from a database,
I want to be able to sort that info so my sql query looks like:
Select * from current order by '$order'; and $order is populated by
a GET when they click on a link: A href=index.php?order='Last'Sort
by last name/A Now... the whole PHP page is being included in a
.shtml page to actually display it and make it look purrdee :)
How do I get it to resort the info and include the new sort on the page?
I'm not sure if this has anything to do with it but:
$order = $_GET['order']; --Line 6
[Fri Aug 10 10:42:04 2007] [error] PHP Notice: Undefined index:
order in /Volumes/RAIDer/webserver/Documents/tests/legion/index.php on
line 6
Any help will be greatly appreciated.. And if it solves the problem
I'll name some of my kids* after you!
*Subject to approval of the Wife :)
--
Jason Pruim
Raoset Inc.
Technology Manager
MQC Specialist
3251 132nd ave
Holland, MI, 49424
www.raoset.com
[EMAIL PROTECTED]
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] OT A public apology to Larry Garfield
Personally, I think Garfield is the worst comic in existence no matter how Larry Garfield feels about it ! greetz, boro tedd schreef: Hi gang: In the long winded debate over copyright infringement vs thievery, I made an unkind and untrue inference re Larry Garfield. So, as a matter of public apology, I hereby apologize to Larry publicly for my heated remark. I'm sorry Larry. As a point of notice, Larry has graciously accepted my apology off-list. I consider the matter settled unless someone wants to argue about my apology. :-) Cheers, tedd -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] javascript in head or in body ?
Yes. Just yes. regards, boro Greg Donald schreef: On 8/7/07, Robert Cummings [EMAIL PROTECTED] wrote: Yeah, the numbers really show Python and Ruby winning... NOT *LOL*. You mean how both Ruby and Python list serv traffic is way up while PHP's is way down? Even the PHP dev list is really slowed the past year or so.. just some guy named Richard bothering them about random stuff every once in a while, that's about it. Oh, and the occasional namespace discussion. To namespace or not to namespace, who really cares. But to clarify the obvious for those without their own clue bat with which to beat one's self, I was referring to language quality with regard to OO. PHP is a cluster-fuck in comparison to pretty much anything out there.. except maybe Perl's OO. And go look at PHP SPL, and tell me that's not Java by another name. PHP is the absolute worst language to do any sort of OO programming in. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] How to implement a plugin system?
Hey Hamza, require_once($chosenPlugin . '.class.php'); $obj = new $chosenPlugin(); return $obj; And you can start from there. hth, boro Hamza Saglam schreef: Hello all, I am working on a project which needs to have some sort of plugins architecture and I am kinda stuck. Basically I want to give a list of items to the user, and according to his/her selection, I want to load relevant functionality into my application. I was thinking of having an abstract plugin class, and have the plugins implement that but then how would I actually load the plugins? Say for instance I want to load plugins X,Y,Z (and lets say i implemented them as [X|Y|Z].class.php) , should I just 'include' (or require) them? Or should I initialize all possible plugins and just pick the ones user has chosen (which sounds a bit pointless as it would load unnecessary stuff)? How would you go about doing something like this? Thanks. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] $_POST- Vars - Back-Button
Hey Chris, 1) Use sessions (read up on it if you don't know it; in short: session_start() at the very beginning of your script creates a $_SESSION array that is persistent through subsequent page calls) 2) Submit the form to the search page and preprocess it by putting the post vars into the session, then use header() to relocate to the actual processor 3) Have the actual processor work, i.e. the result list page script, with the session data. Do not destroy the session data afterwards. Now if a user uses the back-button from your result list, he will again reach the search page, without the 'wanna send form again' message box. I very strongly advise you not to break the browsers back button functionality. It's there for a reason and people rely on it to behave accordingly. Don't duplicate functionality that the browser already has. HTH, Stijn Christian Hänsel schreef: Hi guys, this might be a noob- question, but I simply do not care anymore. After a few hours of fiddling with this @/**%$ (screaming AAa), I would like to ask you. So what I have is this: I have a search engine for a car market, which has about 30 $_POST- vars. Now when the user clicks on a result link, it takes him to the car details page. Now when he hits the back button, he either gets the Page has expired (IE) or the Wanna send the form data again message box (FF). Now I would like to have kind of a back-button, so the user will see the reusult list again without having to deal with this. I guess what I'm asking for is a one-click re-submission of POST data... Do you have a clue on how to do this? Cheers for any answers! Chris -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] DOMDocument - loadHTML() cuts off html input
Hey, Thanks for your reply. Yes there are quotes and 'special characters' in the list: ... option value=181Acodev/option option value=85Africa Co-operative Action Trust/option option value=251Agence europeacute;enne pour le Deacute;veloppement et la Santeacute;/option option value=226Agecirc;ncia de Notiacute;cias Esperanccedil;a/option ... The list gets cut off after the 'Agence européenne pour le développement et la Santé'. What you're seeing is part of the raw html output. When passed through saveHTML(), the character entities dissapear though. Is this because of a configuration variable i need to set or unset on DOMDocument ? The docs are very unclear on those, and I'm no XML expert. I've tried both with resolveExternals set to true and false. How do you resolve those issues ? greetz, boro Bastien Koert schreef: Is there a quote in the data? That is the usual culprit in my situations like that... bastien Date: Wed, 1 Aug 2007 10:54:59 +0200 From: [EMAIL PROTECTED] To: php-general@lists.php.net Subject: [PHP] DOMDocument - loadHTML() cuts off html input Hey List, In my application, I am loading html content into a DOMDocument using loadHTML(). The DOMDocument is validated, then the element with a certain ID tag is extracted and loaded into a node in the main DOMDocument, which is then presented as html with saveHTML(). This works fine and has worked fine for relatively large pages (containing several select lists with up to 400 options in total). The problem I am now facing is a page with a single, relatively large select list, i.e. some 330 options. The html is generated as expected. However when I load it into a DOMDocument and saveHTML(), the select list is cut off to about 30 options. The remainder of the html content dissappears and instead, the remaining open tags are closed, presumably by DOMDocument's saveHTML() method. Any ideas as to why this behaviour is occurring and how to fix it ? Further information available if needed. Thanks in advance, Stijn -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php _ Explore the seven wonders of the world http://search.msn.com/results.aspx?q=7+wonders+worldmkt=en-USform=QBRE -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
