Posts by cereal

use is a reserved word so, or you use backticks around the word or you alter the table.

In addition: the methods available for the form are POST, GET, PUT and other methods. REQUEST is a generic method used to retrieve data in PHP, don't use it in the method attribute, and avoid $_REQUEST if you can, because it allows a client to submit data also through a cookie.

Some mail clients (Outlook) used to allow semi-colons, but only in the interface, when sending the application has to switch to commas.

Yes. The RFC cited in PHP documentation explains that the semicolon is used to separate groups of mails, for example:

To: list-a: abc@localhost.tld, cba@localhost.tld;, list-b: admin@localhost.tld, info@localhost.tld;

Hi,
so, the folder of the subdomain (dev) is inside the DocumentRoot of the main domain? Can you show the configuration?

The folder structure is something like below?

c:\sites\mysite
c:\sites\mysite\application
c:\sites\mysite\system
c:\sites\mysite\public_html\index.php
c:\sites\mysite\public_html\dev
c:\sites\mysite\public_html\dev\public_html\index.php
c:\sites\mysite\public_html\dev\application
c:\sites\mysite\public_html\dev\system

Hi, the config seems fine, so it can be a permission issue or the mime-type (each CGI needs the mime-type declaration at the top of the script), check this link for more information: http://httpd.apache.org/docs/2.2/howto/cgi.html#writing

Also, check Apache error logs to get more details about the issue. Hope it helps.

You're welcome! :)

The problem is given by Firefox Form Manager, if in the form there are the words Name and/or Address (and variants) it will try to autocomplete it.

Do you get the same effect with different browsers? I can think to an autofill issue here, if you're using HTML5 you can avoid it by adding autocomplete="off" to the input fields.

This is not related to PHP. Search for jquery sidebar or javascript sidebar in Google, there are many examples.

Ok, so the problem is that your script doesn't stop if you send a wrong captcha? In your conditional statment you are not stopping the action, just setting $msg variable, if you want to stop the execution the most immediate solution is to use die() as in the other statments:

if(empty($_SESSION['6_letters_code']) || strcasecmp($_SESSION['6_letters_code'], $_POST['6_letters_code']) != 0)
{
    die("The Validation code does not match!");
}

This will stop the script but it is not the best user experience. Also when you check if user already exists you should stop the execution:

if($user_count > 0)
{
    die("User exists.");
}

A better solution for handling the errors is to use an array and to check if it is populated, for example:

$errors = array();

$username = 'Shikha_1';
$password = 'p4ss';

if( ! ctype_alpha($username))
{
    $errors['username'] = 'Only alphanumeric characters are allowed for the username.';
}

if(count($password) < 8)
{
    $errors['password'] = 'Password too short';
}

if(count($errors) > 0)
{
    # redirect to form with error messages:
    $_SESSION['errors'] = $errors;
    header('Location: register.html');
}
else
{
    # insert query & other stuff
}

Can you explain better the problem? I've created a test with ajaxForm and it's working fine, here's the code:

<?php

class Test extends CI_Controller {

    protected $data;

    public function __construct()
    {
        parent::__construct();
    }

    public function index()
    {
        $this->load->helper('form');
        $this->load->library('form_validation');
        $this->form_validation->set_rules('name', 'name', 'trim|required|prep_for_form|xss_clean');
        $this->form_validation->set_rules('comment', 'comment', 'trim|required|prep_for_form|xss_clean');
        $this->data['last_comment'] = FALSE;

        if($this->input->server('REQUEST_METHOD') == 'POST')
        {
            if($this->form_validation->run() === FALSE)
            {
                $this->data['error'] = 'Ops!';
            }
            else
            {
                $this->data['error'] = 'POST Requests';
                $this->data['last_comment'] = array(
                    'name'      => $this->input->post('name'),
                    'comment'   => $this->input->post('comment')
                    );

                # empty the values retrieved by set_value()
                $this->form_validation->resetpostdata();
            }
        }
        else
        {
            $this->data['error'] = 'GET Request';
        }
        $this->load->view('test/test', $this->data);
    }

}

<!DOCTYPE html>
<html lang="en">
<head> 

    <script type="text/javascript" src="http://code.jquery.com/jquery-latest.min.js"></script>
    <script src="http://malsup.github.com/jquery.form.js"></script>
    <script type="text/javascript" src="/js/bootstrap.min.js"></script>

    <link href="/css/bootstrap.min.css" rel='stylesheet' type='text/css' />

    <style type="text/css">
        body { padding:50px; }
    </style>

    <script>
        $(document).ready(function() { 
            var options = { target: '#commentAjax' };
            $('#commentForm').ajaxForm(options); 
        }); 
    </script> 
</head>
<body>
<?php

$data = array(
            array(
                'name'  => 'name',
                'id'    => 'name',
                'class' => 'input-xlarge',
                'value' => set_value('name', 'your name'),
            ),
            array(
                'name'  => 'comment',
                'id'    => 'comment',
                'class' => 'input-xlarge',
                'value' => set_value('comment', 'your comment'),
            ),
            array(
                'value' => 'Submit',
                'type'  => 'submit'
            )
        );

echo '<div id="commentAjax">';
echo "<h3>$error</h3>";
echo form_open('/test/index', array('id' => 'commentForm'));
echo '<label for="name">Name</label>'.form_input($data[0]);
echo '<label for="comment">Comment</label>'.form_textarea($data[1]).'<br />';
echo form_submit($data[2]);
echo form_close();
if($last_comment !== false)
{
    echo '<h4>'.$last_comment['name'].'<h4>';
    echo '<p>'.$last_comment['comment'].'</p>';
}
?>
</div>
</body>
</html>

public function resetpostdata($reset = false)
{

    if($reset === true)
    {
        $_POST = array();
    }

    $obj =& _get_validation_object();

    foreach($obj->_field_data as $key)
    { …

Ok, then move this to the top of register.php file:

echo 'POST: ';
print_r($_POST);
echo '<br />SESSION: ';
print_r($_SESSION);
die();

place it right after <?php session_start(); and check if the values sent by $_POST and saved in $_SESSION are the same.

You're welcome, if we are done, please mark it solved, it will be useful to others :)

Works fine for me, what error you get? Here's my test, based on your scripts:

<?php

session_start();

?>

<form method="post">
Validation code:
<img src="captcha.php?rand=<?php echo rand();?>" id='captchaimg'><br />
<label for='6_letters_code'>Enter the code above here:</label>
<input type="text" name="6_letters_code" />
</form>

<?php
if($_SERVER['REQUEST_METHOD'] == 'POST')
{
    echo 'POST: ';
    print_r($_POST);
    echo '<br />SESSION: ';
    print_r($_SESSION);
    echo '<br />Result: ';
    if(empty($_SESSION['6_letters_code']) || strcasecmp($_SESSION['6_letters_code'], $_POST['6_letters_code']) != 0)
    {
        echo 'false';
    }
    else
    {
        echo 'true';
    }
}

By the way: an ID cannot start by number, so id="6_letters_code" is wrong and will not work if you use JQuery & other javascript frameworks, also it's not a good idea to send an error message declaring that the user does or doesn't exits, it's better to return a generic message as user/password wrong, otherwise an attacker can understand if an account exists and try to find his specific password.

@Atli
One to take in account is this: http://www.php.net/archive/2012.php#id2012-05-03-1
It referes to 5.3 and previous versions. Here's some info: http://www.daniweb.com/web-development/php/threads/422387/vulnerability-in-php-cgi

Ok, the problem is that set_value() doesn't consider if the validation runs true or false, usually you redirect() and so the POST array is resetted automatically, here we can force this action by extending /system/libraries/Form_validation.php, create /application/libraries/MY_Form_validation.php and paste this:

<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
class My_Form_validation extends CI_Form_validation {

    public function __construct()
    {
        parent::__construct();
    }

    public function resetpostdata()
    {
        $obj =& _get_validation_object();
        foreach($obj->_field_data as $key)
        {
            $this->_field_data[$key['field']]['postdata'] = NULL;
        }
        return true;
    }

}
?>

After the validation runs true, call the method, as in this example:

if($this->form_validation->run() === FALSE)
{
    # . . .
}
else
{
    $this->form_validation->resetpostdata();

    # load view & other stuff
}

It should work fine, bye.

What it does $this->data['new_comment'] = $this->blog_comment_m->get_new(); ? I see it's used in two cases:

1. GET request, no form submit;
2. and when validation is true, rewriting a previous setting of $this->data['new_comment'].

In the first case the objects should return null/false, so that the default value for set_value('name', $default) is empty.

If you want something that runs on background you can consider a MySQL trigger and Gearman, check the example about URL Processing in these slides. Bye.

Maybe it's a connection problem? I don't see any evident issues, unless your server IP is banned or there is a DNS problem. If you have access to a terminal in your server, try to run this:

curl --head https://twitter.com/

It should return something like:

HTTP/1.1 200 OK
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
content-type: text/html; charset=utf-8
date: Sat, 13 Jul 2013 19:34:13 GMT
expires: Tue, 31 Mar 1981 05:00:00 GMT
last-modified: Sat, 13 Jul 2013 19:34:13 GMT
pragma: no-cache
server: tfe
...

Try also the dig command, to verify if this is a DNS issue, first run:

dig twitter.com

And then:

dig @8.8.8.8 twitter.com

The first will use default DNS settings, the second will query the DNS of Google.

Try this:

<?php

$url = 'https://twitter.com/darknille/status/355651101657280512';

$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);
curl_setopt($ch, CURLOPT_VERBOSE, FALSE);
curl_setopt($ch, CURLOPT_HEADER, true);
curl_setopt($ch, CURLOPT_NOBODY, true);

curl_exec($ch);


if(!curl_errno($ch))
{
    $info = curl_getinfo($ch);

    echo $intReturnCode = curl_getinfo($ch, CURLINFO_HTTP_CODE);

    curl_close($ch);

    switch($intReturnCode)
    {
        case 200:
        case 302:
        case 304:
            echo "true";
            break;
        default:
            echo "false";
            break;
    }
}

?>

The problem with your first function is the callback.

I think you have to change 3900 to 3300, and change the second statment to compare cases between red and orange limits, here's an example:

<?php

date_default_timezone_set('Asia/Manila');

$current_time = "17:05";
$serving_time = "18:00";


echo "result: \t";
if(
    strtotime($current_time) <= (strtotime($serving_time) - 3600)
)
{
    echo 'red';
}
elseif(
    strtotime($current_time) <= (strtotime($serving_time) - 3300)
    &&
    strtotime($current_time) >= (strtotime($serving_time) - 3600)
)
{
    echo 'orange';
}
else
{
    echo 'blue';
}

echo PHP_EOL;
echo 'red limit: '."\t". date('G:i:s', strtotime($serving_time) - 3600) . PHP_EOL;
echo 'orange limit: '."\t". date('G:i:s', strtotime($serving_time) - 3300) . PHP_EOL;
echo PHP_EOL;

Then switch $current_time between:

$current_time = "17:00"; # red
$current_time = "17:05"; # orange
$current_time = "17:06"; # default

GO:

package main
func main() {
    print("hello world")
}

If you add an equal sign it will work, but at 18.06 will change to default again. Is this the expected behaviour?

else if (strtotime($current_time) >= (strtotime($serving_time) - 3900 ))

You're welcome! In case of problems, post the error codes, we will try to help, bye!

I see that the values are set by your form:

$path_name = $_POST['selectloc'];
$file_name = $_POST['selectname'];

Are you sure the path of the file is correct? Consider that in linux paths are case sensitive, so Uploads and uploads are different for the system. You can verify the paths with file_exists().

Also remove ; from line 226.

Line 222. Full block in your code starts at line 200:

$message = Swift_Message::newInstance()
  ->setContentType("text/html")
    // Give the message a subject
  ->setSubject($subject)
    // Give it a body
  ->setBody($body)
    // Set the From address with an associative array
  ->setFrom($gmail_id)
    // Set the Sender address with an associative array
  ->setSender($gmail_id)
    // Set the To addresses with an associative array
  ->setTo($to)
    // Set the cc addresses with an associative array
  ->setcc($cc)
    // Set the Bcc addresses with an associative array
  ->setBcc($bcc);

foreach($attachment as $attach)
{
    $message->attach($attach); // end Message create  
}

If this doesn't help, please, post the errors codes, it will be easier for us to help you.

Hello! I checked rapidly your code, I didn't tested but it seems fine, just few notes:

At line 78 you wrote:

$file = "Swift_Attachment::fromPath('" . $path . "')->setFilename=('" . $name . "', 'application/pdf'),";

fromPath() method supports two arguments (path and mime and the second is optional), while setFilename() supports only one argument, so the above needs to be changed to:

$file = "Swift_Attachment::fromPath('" . $path . "', 'application/pdf')->setFilename('" . $name . "')";

Note also that I've removed = character from setFilename and the comma at the end of the string. The main problem is that you're sending this as string but you have to feed the output, to the attach() method, not the command to execute, so remove the double quotes from the line:

$file = Swift_Attachment::fromPath('" . $path . "', 'application/pdf')->setFilename('" . $name . "');

This can also be rewritten as:

$file = Swift_Attachment::fromPath($path, 'application/pdf')->setFilename($name);

You can avoid array_push and use directly this solution:

$attachment[] = Swift_Attachment::fromPath($path, 'application/pdf')->setFilename($name);

Last note, the attach method doesn't seem to support arrays as arguments, so you should loop the above array as:

foreach($attachment as $attach)
{
    $message->attach($attach);
}

Hope it helps.

It's about the tag </table> being in between the PHP code tags (<?php and ?>).

@pritaeas, ardav & Squidge: totally right, for some reason I confused the previouses lines of code, my apologies.

Replace <? with <?php from line 44 to 47.
Note also that short tags are enabled by your php.ini config - http://php.net/manual/en/language.basic-syntax.phptags.php

Change last line to:

echo ${$mystring}[0];

And it will work, otherwise it will refer to the name of the string myarray.

You have to install this class, check the documentation: http://www.php.net/manual/en/runkit.installation.php

Also, disable base64_* because it's possible to run javascript through a decode.

Sorry for the update, but finally I remembered the name of the library, consider to move the app to runkit:

• http://php.net/manual/en/runkit.sandbox.php

You can create a sandbox and so you can limit most of the problems.

Ok, I see now it's fixed, disable also dir() function: http://www.php.net/manual/en/function.dir.php
Same goes for include, require, error_log (this gives the ability to send emails).

You should disable system() and similar functions. At the moment I can list root of the server. Also consider to run this into a jail root.

Check this: http://www.php.net/manual/en/features.file-upload.post-method.php

You can do that throught the attach() method: http://swiftmailer.org/docs/messages.html#attaching-files
If you still don't solve the problem post an example of the code here, bye.

It's a nice restyle, but I would really like a bit more contrast on text.

Hello, please provide the queries you're trying to perform, table structures and an example of data, at the moment (at least for me) it's difficult to understand the issue.

On live server you can use the Document Root to get an idea of the correct path, for example:

echo $_SERVER['DOCUMENT_ROOT'];

returns the server root, if this is something like /var/www/mysite/public_html/ and your upload directory is at the same level of public_html, then you can set:

$pdfFilePath = "/var/www/mysite/uploads/$filename";

Set an absolute path, absolute to the system not to the web root, so change this:

$pdfFilePath = "../uploads/$filename";

to:

$pdfFilePath = "c:/mysite/uploads/$filename";

Inside $data2 change:

'name' >= 'pw',

to:

'name' => 'pw',

The same goes for value in the same array and type in $data3. By the way, this is Daniweb not SO.

I think he is referring to an in-site notification system, as google-plus or fb: when a watched article is updated the subscribed users get an event notification, so they can click on the icon, select the thread and jump to the discussion.

When you write "path": "/D/projektai/glab" the segment /D/ stands for D:\?

I see also a call to /tmp/ but this is a *nix path, not windows; if you have a tmp folder, for example in C:, you will have to set: C:/tmp/xdebug.log but check with documentation, in Windows I'm not sure if you can use backslashes \ or slahes /.

You can also get custom installation instructions by submitting the output of php -i > output.txt to this page: http://xdebug.org/wizard.php

I think Common.php cannot be extended as the other core files because it is statically loaded by /system/core/CodeIgniter.php:

 /*
 * ------------------------------------------------------
 *  Load the global functions
 * ------------------------------------------------------
 */
    require(BASEPATH.'core/Common.php');

Before checking system/core/CodeIgniter.php, I've also tried to overwrite that function through hooks, but obviously it doesn't work, even setting pre_system because it's loaded right after that require() call and because it's loaded exactly by system/core/Common.php.

So a part a direct edit, I agree with the solution provided by diafol, i.e. extending Exceptions library, although I'm not sure it's exactly what you want.

You're welcome. When you close the browser the access permission will expire. Has security measure the .htpasswd file should be placed out of the web root, i.e. outside the DocumentRoot. Although this is "secure" it does not prevent brute-force attacks, to do that you should consider solutions like fail2ban:

• http://www.fail2ban.org/wiki/index.php/Apache

But I don't know what kind of hosting plan are you using.

To check Apache config browse to /etc/apache2 and check the available files. If you don't have access to that directory check with your hosting documentation.

Consider this howto: http://httpd.apache.org/docs/current/howto/auth.html

To get the full path you can run pwd from the command line or run a PHP command as:

php -r 'echo __DIR__; echo PHP_EOL;'

It can be also a script file:

<?php
    echo __DIR__;
?>

Running this from the path in which is saved the .htpasswd file, will return the correct path to set. Another alternative is check the DocumentRoot value in your Apache config or by PHP:

<?php
    echo $_SERVER['DOCUMENT_ROOT'];

A relative path can be used in relation to the ServerRoot:

The AuthUserFile directive sets the name of a textual file containing the list of users and passwords for user authentication. File-path is the path to the user file. If it is not absolute (i.e., if it doesn't begin with a slash), it is treated as relative to the ServerRoot.

Note that DocumentRoot and ServerRoot are different, the first is for your files, the second refers the server installation.

The hash generated automatically by htpasswd is a MD5 digest, it starts by $apr1$, and is not the same of the typical MD5 hash, the result will be always different, for more information: http://httpd.apache.org/docs/current/misc/password_encryptions.html
So, it's not a problem to run the command in different systems and uploading the file. It will work.

AuthGroupFile /dev/null refers to a group of users, in this case is pointing to /dev/null, i.e. it's referring to an empty value. Unless there is a specific setup in your hosting company, AuthGroupFile is …

Ok, change it to:

AuthType Basic
AuthUserFile /absolute/path/to/.htpasswd
AuthName "Secure area. Please enter admin password."
Require user secure

For the AuthUserFile directive you have to set an absolute path to the file, as example: /srv/auth/.htpasswd, not an url. Then as Require user set the one used with the htpasswd command, in you example is secure, so secure will be the username.

Regarding the link provided check also the documentation regarding the new versions of Apache, there are more modules and settings that can be used.

First argument of where() method is a string, at the moment it seems to be a constant, so change them to:

$this->db->where('Interior_house_id', $Interior_house_id);
$this->db->where('Interior_room_id', $Interior_room_id);

Can you show the .htaccess code? Apache offers three different modules:

• mod_auth
• mod_auth_digest
• mod_aut_dbm

are these enabled? Have you used htpasswd or htdigest to generate the password file? You wrote about htaccess command but this does not exists. For more information check this: http://httpd.apache.org/docs/2.0/howto/auth.html

To "move" the thread you can add the tag Apache to the current thread, check at bottom-left of this page.

Inside the .htaccess file write:

order allow,deny
deny from all
allow from env=ALLOW_ME

And then inside a PHP file:

<?php
apache_setenv('ALLOW_ME', true);

It should work if PHP is managed as module by Apache (I cannot test it right now). It can work also by checking the referer:

SetEnvIF Referer "http://youwebsite\.tld/page\.php" allowme
order allow,deny
deny from all
allow from env=allowme

But this last example is not safe because the referer can be spoofed easily.

Reference for more options:

• http://httpd.apache.org/docs/2.2/mod/mod_setenvif.html#setenvif

Otherwise with PHP: use glob() function to list the files of the restricted path and sessions to limit the access to the listings.

$txt2 is considered a string, so you have to use quotes:

"SELECT * FROM table FIND_IN_SET('$txt2', field)"

And it should work.