Posts by mmcdonald

Thanks diafol, I've already found and added the code. It works great, but your suggestion was still really appriciated. Thank you :)

See if this helps you. It's a good guide.

I don't know why you need to know this, but if it's for network engineering/administration then STOP. Don't touch a network if you don't know anything about network hehe

If it's for training then I'd recommend the foundation certification CompTIA Network+

If it's for a one off thing and you have nothing to do with networks, then Google is your friend, my friend.

Now - if you have a network or are on a network I'd imagine you have an outsourced IT service provider or an internal IT team; ask them. They'll probably ask you to vanish and might even beg you to never return but at least you'll know!

I'd be amazed if all of your answers weren't on this wikipedia page that is dedicated to network topologies.

As for infrastructure you need to add clarification. What are you looking to find out? How many physical hosts you have as well as how many virtual hosts you have? What technology you are using for virtualisation? Your physical and virtual specifications? If so - then the chances are you're not authorised to know.

They will close the browser, but you can still trap that with Javascript.

I had no idea you could detect and act upon a browser close in JavaScript! Thank You!! :D

Good'ay all,

I'm looking for a method of saving a users session (I.e. automatically logging them back into the same page they logged out from).

But I have a few things to consider:

1) Will they logout or will they just close the browser? This means I can't add the process to the logout script.

2) What if they log back in on another PC? This voids the idea of using cookies.

3) Sessions just won't do the trick imo?

Suggestions? I'm currently considering a SQL query that's executed with the path to the current file at the start of every page and storing it against their name in SQL, then calling on it when they log in. I'm not here for the code just the best method and some insight :)

Any recommendations would be welcomed with open arms :) In the mean time I'm going to flip around google looking for inspiration :3

The term isn't torture, it's educate. I'm quite content with everything in this discussion.

Cheers Atli :) Useful info

OMG I'm such an idiot (I blame the tiredness) I'd just use: substr($datetime, -Y, -Z);.. sorry

Cheers for the advice guys, really appricicated.

There is one other thing I'd like to point out. You seem to be storing the dates in two parts, both of which are strings. That's not ideal. You always want to try to use the database date/time types for dates. In MySQL, those are DATETIME, DATE, TIME and TIMESTAMP. In your case, you'd be better of using DATETIME. You can easily populate those types of fields from within MySQL itself:
INSERT INTO tbl VALUES(when_created) VALUES(NOW())
MySQL always returns date-time values in the string format: "YYYY-MM-DD HH:MM:SS", for example: 2013-07-15 11:45:30.

What if I want to call the date in one place and the time in another and they're both stored in one field? Would I just add SELECT LEFT('datetime', 10); and RIGHT('datetime', 4); to my queries?

Perhaps this may help.

Cheers Pritaeas, I ran a search on Daniweb before posting this no idea why I couldn't find that. Good guide.

And recommendations on the nested if ($stmt->execute()) { or is that already the most efficient way?

There has got to be a better way of doing this. First of all pay no attention to the lack of validation and error checking. I just want the core of the script to work first. Also, Block 1 and Block 2 execute, Block 3 does not. Whats the best way to check for errors on MySQLi preperation AND executions?

Ultimately what we're doing below is
1) creating the account
2) Adding a notification to the account
3) Sending a welcome message to the user via the in-site mailbox.

    //REGISTER PROCESSING
    if(isset($_POST['email'], $_POST["password"], $_POST['username'], $_POST['register'])){

            $passwordHash = hash("sha1", $_POST["password"]);
            $time = date('H:i');
            $date = date("d/m/Y");
            $title = "Welcome to Study Bubble!";
            $content = "This is our demo training platform. It has limited functionality and is less than 30% through its development period.";
            $show = "1";
            $from = "Study Bubble";
            $message = "We thought we should send you a test message. We can use these to engage with users and users can use the system to contact eachother."; 

            //BLOCK 1                                                
            $stmt = $mysqli->prepare("INSERT INTO users (authuser,authpass,authemail) VALUES (?, ?, ?)");
            $stmt->bind_param('sss', $_POST['username'], $passwordHash, $_POST['email']);
            $result = $stmt->execute();

            if ($stmt->execute()) {
                //BLOCK 2
                $stmt = $mysqli->prepare("INSERT INTO notifications (user,date,time,title,content) VALUES (?, ?, ?, ?, ?)");
                $stmt->bind_param('sssss', $_POST['username'], $date, $time, $title, $content);
                $result = $stmt->execute();

                if ($stmt->execute()) {
                    //BLOCK3
                    $stmt = $mysqli->prepare("INSERT INTO messages (to,from,date,time,message,show) VALUES (?, ?, ?, ?, ?, ?)");
                    $stmt->bind_param('ssssss', $_POST['username'], $from, $date, $time, $message, $show);
                    $result = $stmt->execute();

                    if ($stmt->execute()) {

            $_SESSION['auth'] = $_POST['email'];
            header('Location: …

First of all read the rules. Nothing is urgent. Secondly, what do you wish to validate? That surname is just characters, age is just digits, that all fields have more than 2 characters? Need more information.

Right I see and no; I don't think there is a way. And even if there is, a cronjob would still be required to execute the sql queries :)

I'm not aware of any tools that automate sql query executions based on arguments that arn't scripts :)

Good luck!

I'm really struggling to understand the styling here; all of your issues are down to the CCS you've used for the navigation links. That's a very broad response and it probably doesn't help much at all - sorry.

See this great insight: w3schools

This is also a good guide. Forget the boxes he's making and just focus on how he is laying out and structuring his menu with CSS.

I would see if each field has content and if they do I would store it as a variable and call on that variable within a standard MySQLi UPDATE query.

Probably not the best method but it would work and it's dead simple?

I have of course just assumed that you're using PHP and MySQLi, there wasn't any information provided.

In their FAQs it states:

Prior to the display of Ads, both parties will agree to a certain rate per impression or per click. Our rates are above industry standard and the best part is that we give weekly payments.

They have a live chat that's online too - why don't you just talk to them?

I was thinking I would have to use someone kind of system

I don't understand what you mean here? PHP + MySQLi + CronJobs = A system... What kind of solution are you looking for?

If this was my project I would store their username and a unix time stamp in a queries table. I would then execute a cronjob every few minutes to count the number of times the users username appears in the queries table. If the cronjob count exceeded 100 I would take 100 off of the result.

Lets say there are 120 rows meaning this user has executed 120 queries. I would take 100 off of the result ( The allowed total ) leaving me with 20.

I would then use a delete query to find the oldest 20 and delete them. Lets say we define that 20 in a variable called $overflow.

DELETE FROM table_name WHERE username=$username ORDER BY timestamp ASC LIMIT 0, $overflow

I hope this makes sense, and I hope it's along the right lines :)
M.

Okay I'll be more careful with my responses in the future. Thank you.

@peter_budo

I thought we had free speech? Now does this sound like an opinion to you?

Now I never use jsp but I'm 95% sure it's just a mix of Java and HTML? If it is then focus on Java, HTML is easy.

I believe I was just exploring the topic.

2) CENGAGE Learning is online university from what I seen and have very few books available publicly andI seen none for Java or JSP in that respect

That's not true. I have dozens of CENGAGE books from my university; perhaps they just deal with educational establishments? Who knows. But at the end of the day I was just putting something forward in case it helped.

3) Latest Java books on Amazon doesn't mean it gone be about JSP and it doesn't mean they would be useful to beginner

Very true

Need to see: navigation.php

Thanks! I had the script working above your response but your example has provided a lot of useful information. I've heard of salting before but never gave it time! Same goes with SHA. Working on them now.

+1

M.

Got the bugger working! :D

SO this is now safe from injections?

    if(isset($_POST['login'])){

        $email = $_POST['email'];      
        $password = md5($_POST['password']);

        $stmt = $mysqli->prepare("SELECT `id` FROM `users` WHERE `authemail` = ? AND `authpass` = ?");
        $stmt->bind_param('ss', $email, $password);
        $stmt->execute();
        $stmt->store_result();

        $rows = $stmt->num_rows;

                    if ($rows != 1){
                        $_SESSION['login_state'] = "f";
                        header('Location: login.php');
                        exit();
                    }else{
                        unset($_SESSION['login_state']); 
                        $_SESSION['auth'] = $email;
                        header('Location: index.php');
                    }

            mysqli_free_result($stmt);
            mysqli_close($mysqli);
        }

Cheers :) I've got that locked in the book of tricks!

Here is my attempt, I'm troubleshooting now:

    if(isset($_POST['login'])){

        $email = $_POST['email'];      
        $password = md5($_POST['password']);

        $stmt = $mysqli->prepare("SELECT id FROM users WHERE authemail = '?' AND authpass = '?'");
        $stmt->bind_param('ss', $email, $password);
        $stmt->execute();
        $stmt->store_result();

        $rows = $stmt->num_rows;

                    if ($rows != '1'){
                        $_SESSION['login_state'] = "f";
                        header('Location: login.php');
                        exit();
                    }else{
                        unset($_SESSION['login_state']); 
                        $_SESSION['auth'] = $email;
                        header('Location: index.php');
                }
            mysqli_close($mysqli);
        }

Sorry to be a pain but would you mind rewriinge the following snippet using prepared statements in the simplest possible form? I'll use it to ensure I fully understand the method and then I'll apply it to the rest of my queries. I learn best by viewing a working example and then breaking it down and understanding it.

    if(isset($_POST['login'])){

        $email = $_POST['email'];      
        $password = md5($_POST['password']);

        if ($result = mysqli_query($mysqli, "SELECT id FROM users WHERE authemail = '$email' AND authpass = '$password'")) {

            $row_cnt = mysqli_num_rows($result);

                    if ($row_cnt != '1'){
                        $_SESSION['status'] = 3;
                        header('Location: login.php');
                    }else{
                        $_SESSION['auth'] = $email;
                        header('Location: index.php');
                    }

            mysqli_free_result($result);
        }
        mysqli_close($mysqli);
    }  

Many thanks!

Cheers Diafol that makes sense! Is that the same story with count and update queries? You just but the WHERE clause after the '?' placeholders closing bracket?

Sending the HTML before processing the form only really achieves one thing: locking the headers. You gain absolutely nothing.

I know this. That's why I am here asking - to learn :) I'll change it all now. Thank you!

BTW, your login is open to injection attacks.

How can I improve this? :) Using prepared statements? :

$stmt = $dbConnection->prepare('SELECT * FROM employees WHERE name = ?');
$stmt->bind_param('s', $name);

$stmt->execute();

?

What about form submissions? That's actually where the worst of it all occurs.

Lets take a login form for example.

I have the form submission code at the bottom of the page, and after checking against the DB and creating the session it redirects the user to the members area.

Here's what I mean:

   <form class="form-vertical login-form" action="<?php $_SERVER['PHP_SELF']; ?>" method="post" >
        <h3 class="form-title">Login to your account</h3>
        <div class="alert alert-error hide">
            <button class="close" data-dismiss="alert"></button>
            <span>Email and password required.</span>
        </div>
        <div class="control-group">
            <!--ie8, ie9 does not support html5 placeholder, so we just show field title for that-->
            <label class="control-label visible-ie8 visible-ie9">Email</label>
            <div class="controls">
                <div class="input-icon left">
                    <i class="icon-envelope"></i>
                    <input class="m-wrap placeholder-no-fix" type="text" placeholder="Email" name="email" maxlength="50"/>
                </div>
            </div>
        </div>
        <div class="control-group">
            <label class="control-label visible-ie8 visible-ie9">Password</label>
            <div class="controls">
                <div class="input-icon left">
                    <i class="icon-lock"></i>
                    <input class="m-wrap placeholder-no-fix" type="password" placeholder="Password" name="password" maxlength="50"/>
                </div>
            </div>
        </div>
    </form>

    //THE PROCESSING SNIPPET:

        if(isset($_POST['login'])){

        $email = $_POST['email'];      
        $password = md5($_POST['password']);

        if ($result = mysqli_query($mysqli, "SELECT id FROM users WHERE authemail = '$email' AND authpass = '$password'")) {

            $row_cnt = mysqli_num_rows($result);

                    if ($row_cnt != '1'){
                        $_SESSION['login_state'] = "f";
                        echo'<meta http-equiv="refresh" content="0">';
                        exit();
                    }else{
                        unset($_SESSION['login_state']); 
                        $_SESSION['auth'] = $email;
                        header('Location: index.php');
                    }

            mysqli_free_result($result);
        }
        mysqli_close($mysqli);
    }  

Now that header redirect to index.php often causes issues. Any ideas? I was always told to put the form processing code below the form (at the bottom of the page). Please advise :)

Forget jsp... just study Java and ensure you're confident in HTML. Now I never use jsp but I'm 95% sure it's just a mix of Java and HTML? If it is then focus on Java, HTML is easy.

Search for the latest Java books on Amazon.

I would recommend course technology books by CENGAGE Learning.

@Atli,

Yeah I know my PHP is poor, very poor. I've purchased a book and booked a course, it's a personal goal to get much better.

I will start looking into MVC and I'll also revise output buffering.

Thanks for your advice!

M.

Need to see the code otherwise how can we help?

Could be an issue with your CSS. Could be the incorrect setup of your <div> tags. Could be a million things. Give us some more information.

Welcome Ruby. This is the most valuable resource I've ever found online and I've learnt a lot; I'm sure you will too :)

You can use sc.exe:

sc create newservice binpath= <path_to_the_executable>

I like the idea of storing redirects as variables but I think that's only better for larger checks in one go, right? But lets see if anyone has any advice on the snippets above. Thanks peeps.

This is one example. It says if user isn't on the account wizard then check that they have completed their first name and surname. If first name or surname is blank in their profile they are pushed to the account wizard.

if (basename($_SERVER['PHP_SELF']) != "account-wizard.php"){

if ($userInfo['fn'] == null || $userInfo['ln'] == null || $userInfo['authemail'] == null){
    header('Location: account-wizard.php');
    }   
}

This checks if a session exists regarding the users login, if not then they are redirected to login.php. It only runs if they are not on login.php.

    if (basename($_SERVER['PHP_SELF']) != "login.php"){
        if (!isset($_SESSION['auth'])){
            header('Location: login.php');
            exit();
            }
        }

There are many more... Is there not a better way?

I'm a little confused by this discussion thread - just a cheap effort to expose the links in your sig?

1. Go for the strong and unique Contents
This makes no sense at all.

2. Make a strong Keyword Phrase
Care to elaborate?

3. Choose best Title Tag
How would a user know what's best? Can you explain further?

4. Make SEO Friendly URL
How do you mean? Using hyphens instead of underscores and so forth?

5. Go for the strong Meta Tags
Yeah this is just as poor as number 1.

6. Build always strong Links
Just as bad as 1 and 5...

7. Make SEO friendly URLs
EXACTLY the same as number 4...

8. Put the Sitemap
I think you mean create, upload and present an XML sitemap to assist crawlers?

9. Alt Attributes on images
Oooo here we go, a good one! Example below:

Instead of this:
<img src="place/place/image.jpg"/>

Use this:
<img alt="This will show if the picture fails to load!" src="place/place/image.jpg"/>

10. Works on the Social Media too
This makes no sense. Do you mean actively update your social network accounts?

I hope my 'investigation' above helps someone! :D

1. Have you run your scans whilst disconnected from the interweb?
2. Have you run your scans in safemode?
3. Have you checked for extensions installed in your browser?

Keep me updated

Now this one always bugs me!

I'm dealing with a lot of checks that result in redirection dependant on certain results.

Example:

1) If session exists and users lands on login.php they are pointed to index.php.

2) When landing on any page after loggining in, if their account isn't complete they're redirected to account-wizard.php to complete their profile.

3) When they land on a page it checks if they're authorised for that particular content. If not they are redirected to an upgrade page.

The list goes on...

I HATE USING <meta http-equiv="refresh" content="0; url=http://example.com/">!!! It's slow, and only redirects after loading all of the page, even when I use exit(); after.

I can't use header('Location: a-place.php'); because headers have already been called and with lots of them you end up with redirect errors and endless loops.

My PHP programming is VERY far from good but I'm sick of having poor code when it comes to these redirects.

What do you do!??! Thanks in advance for any support.

You're very welcome :) If it helped can you please make the thread as solved.

That style of querying is very new to me so thank you for introducing it. Would you mind explaining how I would use the result when querying like this?

'courses' table:
* id
* vendorid
* course_title
* date_added
* last_updated
* author

'vendors' table:
* id
* vendor_name

vendorid in 'courses' table is the same as id in the 'vendors' table. That is their link.

I'm struggling to see how I could use that to seperate accordian titles from the collapsable sections? Wouldn't I still be in the same situation but with just one query? Or am I not thinking hard enough.. Probably the latter

Kill me now!

I have two tables in my DB. One has a list of certifications and one has a list of exam boards.

I need to list the exam boards in a foreach loop giving each one an accordion. The certifications must be listed under their correct exam board. I have the code below but it of course lists things all over the shop. Any help would be appriciated. I can't figure out the best method to list the correct courses under their correct exam boards using a nested foreach loop. Thanks for any help!

<div class="row-fluid ">
<div class="span12">
    <?php
    $mysqli = mysqli_connect('localhost', 'root', '', 'studybubble');
    $query = "SELECT * FROM `vendors` ORDER BY `vendor` ASC";
    $result = $mysqli->query($query);

    $accordionNum = 1;
    $collapseNum = 1;

    while($vendorInfo = $result->fetch_array())
        {$vendors[] = $vendorInfo;}

        foreach($vendors as $vendorInfo){
            echo'
            <div class="portlet box blue">
                    <div class="portlet-title">
                        <div class="caption">
                        <i style="margin-right: 10px;" class="icon-check"></i>'.$vendorInfo['vendor'].'</div>
                        <div class="tools">
                            <a href="javascript:;" class="collapse"></a>
                        </div>
                    </div>
                    <div class="portlet-body">
                        <div class="accordion" id="accordion'.$accordionNum.'">
                            <div class="accordion-group">';

        $query2 = "SELECT * FROM `courses` WHERE `vendorid` = '".$vendorInfo['id']."' ORDER BY `title` ASC";
        $result2 = $mysqli->query($query2);

        while($courseInfo = $result2->fetch_array()){$courses[] = $courseInfo;}

foreach($courses as $courseInfo){
    echo'    
        <div class="accordion-heading">
            <a class="accordion-toggle collapsed" data-toggle="collapse" data-parent="#accordion" href="#collapse_'.$collapseNum.'">
            <i style="margin-right: 12px;" class="icon-plus"></i>'.$courseInfo['title'].'</a>
                        </div>

                        <div id="collapse_'.$collapseNum.'" class="accordion-body collapse">
                            <div class="accordion-inner">
                                <p>
                                    Content
                                </p>
                            </div>
                        </div>
                    </div>
                </div>';

            $collapseNum++;}

            $accordionNum++; }

            echo('</div>');

            ?>

            </div> 
        </div>

Okay first of all you need a foundation certification - stick to vendor certifications (Those provided by vendors in the IT industry such as Cisco and Microsoft.

Get these first (only if you don't have foundation knowledge):
- CompTIA A+
- CompTIA Network+
- ITIL Foundation (Information Technology Infrastructure Library)
- CompTIA Strata Green IT
- CompTIA Security+

But if you have foundation knowledge you then need to choose from the following:

1) Database Administrator
You support database nodes and specilise in the security and management of stored data. 99% of specialised database admins work in financial institutes such as banks and insurance companies. I've personally managed the databases at QBE as a contractor in the UK. I thought I'd be doing a lot of work until I found out they have over 100 database specialists in their India office!

2) Linux Administrator
Much more complex, much more rewarding, much more skillful and much better paid! Dedicated to Linux networks ofcourse. Focus on Red Hat certifications and practise by playing around with Linux distributions. I'd recommend you train VERY hard on CentOS, RedHat and Ubuntu. Linux admins (good ones) can easily land a job earning £60,000 - £80,000. I have three friends working at the BBC who earn a similar salary.

3) Windows Network Administrator
This one is simple - but that's caused the industry to become saturated. Get yourself a foundation networking certification such as the CompTIA Network+ if you haven't …

Solved! Thank you all :)

The problem was calling $userInfo = array(); after calling the function userInfo(); as it of course destroyed the variables stored value. It was left voer from old code. Unbelieveable! Thanks for all your help.

Woo progress!

new error:

Fatal error: Call to a member function fetch_array() on a non-object in C:\xampp\htdocs\sb\inc\config.php on line 37

Line 37:
$userInfo = $result->fetch_array(MYSQLI_ASSOC);

I am working on this intensely but posting here incase the answer is obvious to someone with greater exeprience.

There is nothing being reported? All I have is Fatal error: Call to a member function execute() on a non-object in C:\xampp\htdocs\sb\inc\config.php on line 36.

I have change the code by adding a prepare the the query and then executing it. Reports same error.

        function userInfo() {
        global $userInfo;

        $user_email_ident = $_SESSION['auth'];

        $mysqli = new mysqli("localhost", "root", "", "studybubble");

            if (!$mysqli->query("SET @a:='this will not work'")) {
                printf("Error: %s\n", $mysqli->error);
                }

        $query = $mysqli->prepare("SELECT * FROM `users` WHERE `email` = '$user_email_ident'");
        $result = $query->execute();
        $userInfo = $result->fetch_array(MYSQLI_ASSOC);
        $result->free();
        $mysqli->close();
        }

Sorry - I had to run out for a while.

Okay I'll try this now, I understand where you're coming from and will see if I have any luck.

M.

Hi all,

I was already getting the error - mentioned it above?

[12-Jul-2013 12:27:12 UTC] PHP Fatal error: Call to a member function fetch_array() on a non-object in C:\xampp\htdocs\sb\inc\config.php on line 31.

Line 31 is: $userInfo = $result->fetch_array(MYSQLI_ASSOC);

I'm currently researching Call to a member function fetch_array() on a non-object in C:\xampp\htdocs\sb\inc\config.php on line 31

I've never applied code like this before I'm afraid @Unimportant. I think my issue here is no experience with OOP, poor experience with functions and no experience with classes! (Shocking... i know.).

I currently have this function in config.php:

function userInfo() {
global $userInfo;
$mysqli = new mysqli("localhost", "root", "", "studybubble");
$query = "SELECT * FROM users WHERE email = '".$_SESSION['auth']."'";
$result = $mysqli->query($query);
$userInfo = $result->fetch_array(MYSQLI_ASSOC);
$result->free();
$mysqli->close();
}

I've included config.php into index.php. In index.php I have called the function userInfo(); and I have echoed this variable: $userInfo['authuser'], which should print the current visitors username. Instead I'm getting this error:

[12-Jul-2013 12:27:12 UTC] PHP Fatal error: Call to a member function fetch_array() on a non-object in C:\xampp\htdocs\sb\inc\config.php on line 31

Line 31 is: $userInfo = $result->fetch_array(MYSQLI_ASSOC);

Any ideas? I've played around with it but just got a series of different errors.

I'm not lazy though! I just purchased a book on MySQLi!