Posts by mexabet

I've resolved the issue.

@rproffitt,
During my quick research, I saw a recommendation of PBKDF2 and HMAC-SHA-256, but no programmatic example I can easily understand. Please, do you have an example code for that?

Coming back to my original post regarding redirection, can you please, take a look at my "config.php" file and help me to understand why the redirection is going into endless loops, until terminated by browser:

    // require authentication for most pages
    if (!preg_match("{(admin/login|logout|register)\.php$}", $_SERVER["PHP_SELF"]))
    {
       if (empty($_SESSION["aid"]))
        {
           header("Location: login.php");
        }
    }
    elseif (!preg_match("{(?:index|login|logout|register)\.php$}", $_SERVER["PHP_SELF"]))
    {
        if (empty($_SESSION["user_id"]))
        {
           header("Location: login.php");
        }
    }

@AndreRet,
Thanks for your input.

There's already session_start() call in the config.php file:

<?php

    // display errors, warnings, and notices
    ini_set("display_errors", true);
    error_reporting(E_ALL);

    // requirements
    require("constants.php");
    require("functions.php");

    // enable sessions
    session_start();

    // require authentication for most pages
    if (!preg_match("{(admin/login|logout|register)\.php$}", $_SERVER["PHP_SELF"]))
    {
       if (empty($_SESSION["aid"]))
        {
           header("Location: login.php");
        }
    }
    }

?>

With the code in the config.php, is it proper to have the following in another file, add-course.php?

    // query users table to retrieve current admin's profile
    if(isset($_POST['aid'])) {

    // select a particular admin by id
    $stmt = $pdo->prepare("SELECT * FROM admin WHERE aid=?", $_SESSION["aid"]);
    $stmt->execute([$aid]); 
    $admin = $stmt->fetch(); # get admin data

@AndreRet , Thanks, I've managed to fix the issue.

Thanks for the link. I'm going through the resource to see if I can pull it.

Try to get targeted back links from high PR websites with contents that relate to what your website is offering. And make sure you update your site's contents regularly.

Helpful links about Mod rewrite:
http://www.workingwith.me.uk/articles/scripting/mod_rewrite
http://www.addedbytes.com/apache/url-rewriting-for-beginners/

R0bb0b,

No offenses taken! Instead, we are working together to get a good working script for our fellow community member.

See if this helps. To use this script, you need to create a folder named uploads where the uploaded files would be stored.

<?php
$maxsize=28480; // Set the maximum upload size in bytes
if (!$_POST['submit']) {
    //print_r($_FILES);
	$error=" ";
	// This will cause the rest of the process to be skipped
	//and the upload form displays
}
if (!is_uploaded_file($_FILES['upload_file']['tmp_name']) AND
!isset($error)) {
    $error = "<b>You must upload a file!</b><br /><br />";
	unlink($_FILES['upload_file']['tmp_name']);
}
if ($_FILES['upload_file']['size'] > $maxsize AND !isset($error)) {
    $error = "<b>Error, file must be less than $maxsize bytes.</b><br /><br />";
	unlink($_FILES['upload_file']['tmp_name']);
}
if($_FILES['upload_file']['type'] != "image/gif" AND
$_FILES['upload_file']['type'] != "image/pjpeg" AND
$_FILES['upload_file']['type'] !="image/jpeg" AND !isset($error)) {
    $error = "<b>You may only upload .gif or .jpeg files.<b><br /><br />";
	unlink($_FILES['upload_file']['tmp_name']);
}
if (!isset($error)) {
    move_uploaded_file($_FILES['upload_file']['tmp_name'],
	                   "uploads/".$_FILES['upload_file']['name']);
	print "Thank you for your upload.";
	exit;
}
else
{
    echo ("$error");
}
?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>PHP File Upload Script</title>
</head>

<body>
<form action="<?php echo(htmlspecialchars($_SERVER['PHP_SELF']))?>" method="post"
enctype="multipart/form-data">
    Choose a file to upload:<br />
	<input type="file" name="upload_file" size="50" />
	<br />
	<input type="submit" name="submit" value="Submit" />
	<input type="reset" name="Reset" value="Reset" />
</form>
</body>
</html>

This bit of code moves the uploaded file from a temporary directory into the uploads directory:

move_uploaded_file($_FILES['upload_file']['tmp_name'],
	                   "uploads/".$_FILES['upload_file']['name']);

The MIME types included here are: .gif, .pjpeg and .jpeg but you may like to add more file formats.
This first line of the code defines the maximum file size:

$maxsize=28480; // Set the …

Since you didn't explain in details, I can only guess. If structuring the three text fields with a table is your need, see if this modification helps:

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Untitled Document</title>
</head>

<body>
<div id="myDiv" style="display: none">
<table width="100%" border="0" align="center" cellpadding="0" cellspacing="4">
    <tr>
      <td>Text 1</td>
      <td><input type="text" name="textfield" /></td>
    </tr>
    <tr>
      <td>Text 2</td>
      <td><input type="text" name="textfield2" /></td>
    </tr>
    <tr>
      <td>Text 3</td>
      <td><input type="text" name="textfield3" /></td>
    </tr>
  </table>
</div>
<a href="#" onclick="if(document.getElementById('myDiv').style.display=='block'){ document.getElementById('myDiv').style.display='hidden'; } else{ document.getElementById('myDiv').style.display='block';}">Show</a>
</body>
</html>