[PHP] Uploading files?
Hi list, I am having a little problem with the code below. It just won't seem to work? Even though I always select a jpeg my mime content type test is never true? Have I made a silly mistake somewhere? I also run the test to see if the 'mime_content_type()' function exists first before I do any checking. $uploaddir = 'Uploads/'; $basename = basename($_FILES['userfile']['name']); $uploadfile = $uploaddir . basename($_FILES['userfile']['name']); if (!function_exists('mime_content_type')) { function mime_content_type($f) { $f = escapeshellarg($f); return trim( `file -bi $f` ); } } if(mime_content_type($uploadfile)==image/jpeg) { if(move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile)) { $_SESSION['UPLOAD_STRING'] = \.$basename.\. is a valid file type and was successfully uploaded.; } else if(strlen($basename)1) { $_SESSION['UPLOAD_STRING'] = No file specified, please try again; } } else $_SESSION['UPLOAD_STRING'] = File extension not supported, please make sure you use a valid extension.; Cheers, Rory. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Passwords?
I want to create a simple as possible password script, how secure is it to have the password actually appear in the script? I only need one password so I thought that this would be more straightforward than having a file which contains the password. I am not using any database. Actually this leads me to another question, is there anyway people can view your script without having access to your server that is? Cheers, Rory. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Passwords?
Cheers, I'll give your suggestions a go. Jochem Maas wrote: [EMAIL PROTECTED] wrote: Hi Rory You can use crypt to encode a password, let say you want the password to be my password, create a new php file : echo crypt(my password); then you get a unique encoded string something like 'ABC12Fdfi654sdfkfpr67UPL' copy it and delete the php file in your password validation file write : $enc_pass = 'ABC12Fdfi654sdfkfpr67UPL'; if (@crypt($_POST['pass'], $enc_pass) == $enc_pass) /* password is o.k. */ I use the same technique to provide a 'superuser' login to intranets/cms - a login which nobody can change/break (+ it works even if lots of stuff is broken because it only relies on a hardcoded string). personally I use sha1() iso of crypt() - no idea which is better. that said you still don't want this file or this string to get into the hands of evilhaxors - best to keep this file (one with the encrypted pwd in it) outside of the docroot. Now even if someone will see the php script he won't knew your password Hope I've helped yaron -Original Message- From: rory walsh [mailto:[EMAIL PROTECTED] Sent: Sunday, March 06, 2005 1:35 PM To: php-general@lists.php.net Subject: [PHP] Passwords? I want to create a simple as possible password script, how secure is it to have the password actually appear in the script? I only need one password so I thought that this would be more straightforward than having a file which contains the password. I am not using any database. Actually this leads me to another question, is there anyway people can view your script without having access to your server that is? Cheers, Rory. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Newbie question: qutoes?
Can anyone tell me if there is a difference between double quotes and single quotes? Cheers, Rory. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Newbie question: qutoes?
Thanks guys, that clears up a lot! Cheers, actually I have to say goodbye to broadband for a while so I hope that I can make it on my own! That's why I have been asking all these obvious little questions! Cheers, Rory. Jochem Maas wrote: rory walsh wrote: Can anyone tell me if there is a difference between double quotes and single quotes? Cheers, Rory. apart from the visual difference :-)... yes. with double quotes string interpolation is done. whats that? run this code to see the difference: ?php $varA = 123; echo ' this is $varA'; echo this is $varA; ? basically use double quotes only when you need it... needing it includes times when using double quotes saves you having to escape _lots_ of single quotes, i.e. when it makes code easier to read (JMHO) e.g.: $str = '\'this\' \'is\' a \'stupidly\' \'quoted\' string'; $str = 'this' 'is' a 'stupidly' 'quoted' string; --- so now you have at least 2 things to google: 1. string interpolation (+ PHP) 2. string/char escaping (+ PHP) have fun :-) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Preventing data from being reposted?
Is there anyway I can prevent data from being reposted when I hit the back button on my browser? When I hit back I get a message from my browser asking do I want to repost the data, can I prevent this window from appearing? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Preventing data from being reposted?
Thanks Eoghan, I have tried the following but it still reposts the data from the form and goes back a page? header(Cache-control: private); header(Cache-Control: no-store, no-cache, must-revalidate); header(Cache-Control: post-check=0, pre-check=0, false); header(Pragma: no-cache); Am I write in assuming that the above headers should prevent the user from going back in the first place as no cache has been taken? Eoghan wrote: you can use header() http://ie.php.net/header rory walsh wrote: Is there anyway I can prevent data from being reposted when I hit the back button on my browser? When I hit back I get a message from my browser asking do I want to repost the data, can I prevent this window from appearing? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Preventing data from being reposted?
Cheers, I'll take a look, I had tried a search but thunderbird didn't find anything, even with the exact thread title I had to google it? Anyway I'll take a look. Jochem Maas wrote: rory walsh wrote: Thanks Eoghan, I have tried the following but it still reposts the data from the form and goes back a page? header(Cache-control: private); header(Cache-Control: no-store, no-cache, must-revalidate); header(Cache-Control: post-check=0, pre-check=0, false); header(Pragma: no-cache); Am I write in assuming that the above headers should prevent the user from going back in the first place as no cache has been taken? no - just that if they do then the page will have to be reloaded (under std conditions the user then gets the 'Are you sure you want to repost?' kind of message) before asking anything more on this topic, look up a thread on this lists archive entitled 'Clear POST variables on page refresh' this should give you headsup on the issues + a good suggestion by Richard Lynch on how to handle this (his idea uses md5 hashes to 'auth' specific POST actions, when the POST occurs the given hash is invalidated... read original thread for full info) Eoghan wrote: you can use header() http://ie.php.net/header rory walsh wrote: Is there anyway I can prevent data from being reposted when I hit the back button on my browser? When I hit back I get a message from my browser asking do I want to repost the data, can I prevent this window from appearing? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Preventing data from being reposted?
Yeah I got it, cheers. Actually the problem I am getting is more to do with my session variables I think? Here is the jist of the code. if(log out button has been pressed) { session_variable=no } if(log in button has been pressed) { session_variable=yes } if(session_variable==yes) { display the string you have logged in and place a button on the page so they can log out. } else display you are not logged in The problem is that I can always get back to the you have logged in display by simply pressing back, even though once the user hits the logout button the variable is no longer yes? I have to hit the back button a few times to get the you have logged in message. No doubt there are mistakes elsewhere in my code, but can anyone just verify that the above code should run without a problem? Jochem Maas wrote: eoghan wrote: i think ive missed a few mails there...? rory walsh wrote: Cheers, I'll take a look, I had tried a search but thunderbird didn't find anything, even with the exact thread title I had to google it? Anyway I'll take a look. my first google hit on search for the exact title gave me this: http://www.issociate.de/board/post/171234/Clear_POST_variables_on_page_refresh.html -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Preventing data from being reposted?
I'm pretty sure I am looking at cached pages but the problem with this seems to be that some browsers support these header directives and others don't, i.e. Firefox. The following work in IE but not Firefox header(Cache-control: private); header(Cache-Control: no-store, no-cache, must-revalidate); maybe you are looking at cached pages in your browser? if 'session_variable==yes' equates to true then you should send out headers that tell the browser not to cache the output (or make it private/force-revalidation) Jochem Maas wrote: eoghan wrote: i think ive missed a few mails there...? rory walsh wrote: Cheers, I'll take a look, I had tried a search but thunderbird didn't find anything, even with the exact thread title I had to google it? Anyway I'll take a look. my first google hit on search for the exact title gave me this: http://www.issociate.de/board/post/171234/Clear_POST_variables_on_page_refresh.html -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] PHP Sessions?
Hi everyone, I am trying to work with the idea of sessions in PHP. Basically I have a self-processing script called index.php but somehow I keep losing my session variable, it works the first time around but when I call it the second time around its gone? I do not reset the variable or destroy the session are there any other reasons why this might occur? The basic layout of the script is this(note this is not the full script, I've just posted the relevant code and left out the other stuff.) ?php if($_POST[username]==rory){//if user logs in as rory start session session_start(); header(Cache-control: private); $_SESSION['loggedin'] = yes; } /*It enters the first time but when I call the script again from the form below this one the session variable is empty?*/ if(strlen($_SESSION['loggedin'])2){ if($_POST[verify]==yes){ die(test); $CONTENT .= font color = \red\Your changes have been made./fontbr; } $CONTENT = You are currently logged in as .$_POST[username]. form action=\index.php\ method=\POST\ input type=\submit\ value=\Log out\ / input type=\hidden\ name=\logout\ value=\yes\//form hrIf you would like to change the text on the main page please click here a href=\index.php?page=$PAGE_TITLEaction=edit\font color=\blue\Edit intro page/afont color =\#136863\hrh3File Upload./h1hr Any files will appear in the 'students' page of the website. Files that uploaded here are not availablre to the public and can only be acccessed by students who have logged in. Because of security issues only well know file types such as word, acrobat and text files are legible for upload. form enctype=\multipart/form-data\ action=\index.php\ method=\POST\ !-- MAX_FILE_SIZE must precede the file input field -- input type=\hidden\ name=\MAX_FILE_SIZE\ value=\3\ / !-- Name of input element determines name in $_FILES array -- Send this file: input name=\userfile\ type=\file\ / input type=\submit\ value=\Upload\ / input type=\hidden\ name=\arg1\ value=\yes\ /form; } if ($action == edit) /*when user submits this is should call teh script again and enter the test above but it doesn't?*/ { $CONTENT = form method=\post\ action=\index.php\ textarea name=\content\ cols=\60\ rows=\20\$CONTENT/textarea input type=\hidden\ name=\page\ value=\$PAGE_TITLE\ /br/ input type=\submit\ value=\$DONE_BUTTON\ / input type=\hidden\ name=\verify\ value=\yes\//form; } Cheers, Rory. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP Sessions?
The problem there is that I have to test if the user has logged on so I need to include the if statement? Can the session_start not be called from within an if statement? Does it really have to be the very first thing in the script, if so I imagine that this means a single script cannot be used to manage a complete website? Chris W. Parker wrote: rory walsh mailto:[EMAIL PROTECTED] on Wednesday, March 02, 2005 11:19 AM said: ?php if($_POST[username]==rory){//if user logs in as rory start session session_start(); header(Cache-control: private); $_SESSION['loggedin'] = yes; } Put session_start(); at the *very* beginning of your script. See if that helps. Chris. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP Sessions?
Yes I see what you mean. I only wanted to start a session IF the user logged in, but I see your point, the session can be started as soon as anyone opens the main page. I'll give it a go and see if that helps, cheers, Rory. Chris W. Parker wrote: rory walsh mailto:[EMAIL PROTECTED] on Wednesday, March 02, 2005 1:26 PM said: The problem there is that I have to test if the user has logged on so I need to include the if statement? Can the session_start not be called from within an if statement? Does it really have to be the very first thing in the script, if so I imagine that this means a single script cannot be used to manage a complete website? No session_start(); can go anywhere. It's just that it appears that your logic is setup in such a way that session_start(); is not being called when you need it be. By putting it before everything else you can avoid this. And as well, is there a reason you wouldn't want to just start the session at the beginning of the page? I mean, why wait till the user has submitted the form to start the session? Chris. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP Sessions?
Thanks everyone, I'm getting closer. The only problem I have not is that I keep entering that test, I modified it to change the session variable once we enter the test but it somehow does not seem to change it? This is the code, if(strlen($_SESSION['loggedin']==yes)){ $_SESSION['loggedin']=no; $CONTENT = You are currently logged in as .$_POST[username]. form action=\index.php\ method=\POST\ input type=\submit\ value=\Log out\ / input type=\hidden\ name=\logout\ value=\yes\//form hrIf you would like to change the text on the main page please click here a href=\index.php?action=edit\font color=\blue\Edit intro page/afont color =\#136863\hrh3File Upload./h1hr Any files will appear in the 'students' page of the website. Files that uploaded here are not availablre to the public and can only be acccessed by students who have logged in. Because of security issues only well know file types such as word, acrobat and text files are legible for upload. form enctype=\multipart/form-data\ action=\index.php\ method=\POST\ !-- MAX_FILE_SIZE must precede the file input field -- input type=\hidden\ name=\MAX_FILE_SIZE\ value=\3\ / !-- Name of input element determines name in $_FILES array -- Send this file: input name=\userfile\ type=\file\ / input type=\submit\ value=\Upload\ / input type=\hidden\ name=\arg1\ value=\yes\ /form; } When I click the logout button it works fine, but when I click on the link inside the page it simply reloads the same page as if the session variable has not changed at all? If I link to a page like this does it call the script again, or does this need to be done with a form submit? I must apologise for my lack of knowledge here! I program in other languages and as a result I have that I can get really deep in code I don't understand very fast! Rory Walsh wrote: Yes I see what you mean. I only wanted to start a session IF the user logged in, but I see your point, the session can be started as soon as anyone opens the main page. I'll give it a go and see if that helps, cheers, Rory. Chris W. Parker wrote: rory walsh mailto:[EMAIL PROTECTED] on Wednesday, March 02, 2005 1:26 PM said: The problem there is that I have to test if the user has logged on so I need to include the if statement? Can the session_start not be called from within an if statement? Does it really have to be the very first thing in the script, if so I imagine that this means a single script cannot be used to manage a complete website? No session_start(); can go anywhere. It's just that it appears that your logic is setup in such a way that session_start(); is not being called when you need it be. By putting it before everything else you can avoid this. And as well, is there a reason you wouldn't want to just start the session at the beginning of the page? I mean, why wait till the user has submitted the form to start the session? Chris. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP Sessions?
Sorry bout that little mistake. You right I mean to check to see if $_SESSION['loggedin'] == yes; That doesn't make a difference as it turns out. The reason that I immediately change this is that I want the content of the page to change, and in order to do that I want to stop it from going into this code? Actually I am not going to do this, I will use another variable, but by setting $_SESSION['loggedin'] to 'no' it should not go into this test, but it somehow does? Is it to do with the link: a href=\index.php?action=edit\ does this call the script again, just as an action=script.php in a form would? Cheers for the help on this. Chris W. Parker wrote: rory walsh mailto:[EMAIL PROTECTED] on Wednesday, March 02, 2005 2:08 PM said: Thanks everyone, I'm getting closer. The only problem I have not is that I keep entering that test, I modified it to change the session variable once we enter the test but it somehow does not seem to change it? This is the code, Immediately I see: if(strlen($_SESSION['loggedin']==yes)){ That doesn't make sense. Do you mean?: if($_SESSION['loggedin'] == yes) { And the next line: $_SESSION['loggedin']=no; Why are you reversing the value of 'loggedin'? Once the person is logged in shouldn't they stay that way until session timeout or they log out? When I click the logout button it works fine, but when I click on the link inside the page it simply reloads the same page as if the session variable has not changed at all? If I link to a page like this does it call the script again, or does this need to be done with a form submit? I must apologise for my lack of knowledge here! I program in other languages and as a result I have that I can get really deep in code I don't understand very fast! Maybe you've already stated this in a previous email and I just don't remember, what exactly is it that you're trying to accomplish? Chris. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP Sessions?
Yeah your right, I'm trying to walk before I can crawl! Cheers for the help, Rory. Chris W. Parker wrote: rory walsh mailto:[EMAIL PROTECTED] on Wednesday, March 02, 2005 2:08 PM said: Thanks everyone, I'm getting closer. The only problem I have not is that I keep entering that test, I modified it to change the session variable once we enter the test but it somehow does not seem to change it? This is the code, Immediately I see: if(strlen($_SESSION['loggedin']==yes)){ That doesn't make sense. Do you mean?: if($_SESSION['loggedin'] == yes) { And the next line: $_SESSION['loggedin']=no; Why are you reversing the value of 'loggedin'? Once the person is logged in shouldn't they stay that way until session timeout or they log out? When I click the logout button it works fine, but when I click on the link inside the page it simply reloads the same page as if the session variable has not changed at all? If I link to a page like this does it call the script again, or does this need to be done with a form submit? I must apologise for my lack of knowledge here! I program in other languages and as a result I have that I can get really deep in code I don't understand very fast! Maybe you've already stated this in a previous email and I just don't remember, what exactly is it that you're trying to accomplish? Chris. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Program flow?
Hi I have a one simple question that I need to sort out before I continue writing any PHP scripts. Every time I call a script are the variables reset to the default values? If for example I call action.php from a form with a hidden value test, I set $NUMBER to 5. If I then call action.php again from another form with another hidden value which means that I do not assign any number to $NUMBER, will $NUMBER now go back to being its default value or will it stay at 5? So basically I think my question is, each time one runs a script is it the same as starting the application all over again? Cheers, Rory. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php