Posts by petr.pavel

Hi Zack, the bug will probably lie in a piece of code that you haven't pasted.

It appears that the first piece of code you pasted isn't related to the second in any way. It doesn't show how values end up in $_SESSION or $_SESSION.

Please attach a complete source code and I will have a look.

A suggestion: name your variables in a way that reflects the plurality or singularity of their content. For example, $itemName sounds like this variable holds only one item name. I wouldn't expect an array of item names. For this you should name the variable $itemNames. Little details like this (called naming convention) will help you avoid bugs like assigning an array to a variable that is meant to hold a string (which is probably the core of your current bug).

Hi Anirban, please send a link to what you have already programmed and describe what issues you're having.

Hi Venom Rush,
please include a link to the project so that we don't have to search for it.
I would be surprised if they didn't have a usage example on their website.

Helo Bear,
I guess the immediate problem is that you reference $checkbox instead of $_POST. You use $_POST so you probably work in an environment with register_globals off.

There is a few other things that I would like to draw your attention to:
* I guess you wanted to use count($checkbox) in your for statement, instead of $count which is a # of your db records. Not that it wouldn't work like you have it now but it makes more sense to use count($checkbox) when you in fact want to traverse $checkbox.

* remove id="checkbox[]" - id must be unique so you can't have it the same for all checkboxes. Also, you don't need it at all if you don't reference the items with JavaScript or CSS.

* it's better to name variables in a way that suggest what information they carry. E.g. $deleteCarsIds[] for an array that holds ids of cars that should be deleted. Variable name $checkbox doesn't suggest anything. Also if you named your variables well you would probably choose $carsDbCount and then it would probably hint to you that using $carsDbCount while traversing $deleteCarsIds isn't right.

* <meta http-equi... works only if it's placed into HEAD part of your document. If it works in your browser then you really cannot believe it will work in other browsers as well.

* either use <?php or <? but choose one and use it consistently

Good luck

Hi there,
in HTML apply this

style="mso-number-format:'\@';"

to cells with your . values or define a CSS class with this style and apply the class.

Hi there,
the bug is in this if statement. Try using parentheses to make your intentions more clear:

if ( (!isset($filter)) && ($page == 1) )

Frankly I would just write this instead of the whole if/else if bunch:

if ($page == 1)
  imagegif($image, "user/" . $user . ".gif");
imagegif($image);

Also, you could make the initial testing a bit more simple:

$page = max(intval($_GET['page']), 1);

I guess you start paging with 1, which is a bit impractical.
If you start with zero you could do with a plain intval($_GET['page']);

I'm afraid it isn't possible. But if you tell us why would you ever want such a thing maybe someone will come up with a better solution.

Hi Anish, I don't quite understand your description. What do you mean by "pass null values to integer"?

PHP NULL values won't be passed to MySQL as NULL you have to explicitly type NULL.
Example:

if ($value === NULL)
  $sqlValue = "NULL";
else
  $sqlValue = "'".mysql_real_escape_string($value)."'";

mysql_query("INSERT INTO mytable (myattribute) VALUES ($sqlValue)");

Hi there, could you please let us know what isn't working? I.e. what is the behaviour you expect and what is it doing instead.

BTW: Are you sure you need all that JavaScript hassle with onClick on the checkboxes?

Maybe you don't know what is being submitted. For example here:

<input type="checkbox" onClick="document.myform2.w0.value = this.checked">
<input type="hidden" name="w0" value="50">

If clicked w0 will be assinged "true". Otherwise it will keep "50". Also if I click the checkbox and then click it again (to uncheck it), w0 will still hold "true".

Why don't you use just

<input type="checkbox" name="w0" value="50">

If checked w0 will contain "50". If unchecked then w0 will not be submitted - use if (isset($_POST)) in your script to test it.

To see what your script is getting put var_dump($_POST); somewhere into your script.

Hi, first let me suggest that you should think of some less complicated way of displaying the data. I guess you could achieve the same result with just about twenty lines of code.

But to answer you questions:

• The main problem probably is that you have echo '<tr>... inside of all your three loops. So it prints a row of all seven days for each day and term - which isn't what you want. There's no simple solution for this. I suggest you rewrite it into a single query for all days using SQL construct week_day IN (0,1,2,3,4,5,6) and then convert the results into two-dimmensional array: $data[$orderNumber][$row->weekDay] . Then traverse $data in two loops: one for each row of the array and second for each day of the week.
  
• for($wk_day =0; $wk_day < count($all_avail_days); and foreach($all_avail_days as $key => $avail) does the same only using a different construct. So you are basically looping the same thing twice.
  
• maybe you're referencing the array items wrongly - use $all_avail_days["$wk_day"][$key]["start_time"] instead of $all_avail_days[$wk_day][$key][start_time] Reasoning: $all_avail_days["1"] is something else than $all_avail_days[1].
  
• $type_start_time7 -like variables aren't cleared after being used so you may be printing old values from previous loops. You should have else for each if($day == ...) where you clear the variables: $time_id7 = $type_start_time7 = $type_end_time7 = $colour7 = NULL; Or you can get rid of them completely and use the directly $all_avail_days["$wk_day"][$key]["start_time"] stuff with printf()
• You may also want to use ORDER BY in …

Hi Peter,
you could use your webhosting's SMTP server but PHP doesn't support SMTP authentication out of the box. You have two options:
a) Either you will use your Internet provider's SMTP server (your home/work ISP) because then I believe you won't have to use SMTP authentication (authentication is usually done by your IP address)
b) or you will use a library like XPertMailer http://www.xpertmailer.com/ instead of PHP built-in function mail(). Then you will be able to use SMTP authentication and a SMTP server of your choice.

Let me know if you need any more details.

check for viruses:

• your hosting must be allowed to execute files (which I seriously doubt)
• you have to know where the antivirus program is and what parameters it expects
• then use exec() to run it

ftp:

• your script can use FTP if PHP has been compiled with FTP support - but that's likely
• but it wouldn't solve your problem - you would need your users to use FTP instead of HTTP upload

To let your users upload files via FTP safely (safely for you, not for them), you need this:

• set up a separate FTP user with access only to a specified directory (so that he cannot mess with your scripts)
• this directory must not be allowed to run PHP scripts (best if it's outside httpdocs) otherwise someone will misuse it to run a spam-bot

If you are going to do only what you do now: move the file from temporary location to permanent location then yes, set only these three ini attributes.

If you are going to process the ROM files though, (extract something from it or rearrange it) then you will also have to set memory_limit and max_execution_time.

Hi Scottmandoo,
I'm a bit confused. Are you saying that the total file size of all files in your hosting must not be higher than 8 MB? Boy that's not much :-) Try http://pipni.cz/ - you get 1.5 GB there for free (it's a Czech server but you can switch the language to English).

If your limit for all files really is 8MB then you have to modify your script to check what the file size of already uploaded files is.

Let's assume that you want to limit max size of the file being uploaded to 7MB:
upload_max_filesize 7M
post_max_size 7M
(If you are going to read the file into memory then set memory_limit too.)

Now let me show you how you are going to calculate the other two:
We have to decide what is the slowest Internet connection that you will support. Let's make it 256 kpbs (uplink), for instance.
Here's the formula:
y = (256/8) speed in kilobytes per second
x = (7*1024 / y) how many seconds it would take to upload a 7MB file
Result is: 224 seconds
This would be true if your customer is able to use full this theoretical speed throughout the whole upload time which is impossible. So I suggest that you multiply it by 1.5 to provide some cushion.

Your value would be then 336 seconds:
max_input_time 336
You don't have to touch …

when user signs in keeps saying "Wrong Username or Password";

So what did you do to try to find out why? C'mon, we're not going to do your homework for you, we can just explain things if you ask specific questions.

Try to insert echo $sql; after $sql="SELECT * FROM members WHERE username='$myusername' and password='$encrypted_mypassword'"; to see what's being executed. Then you can execute the sql yourself and see if it returns something.
This way you will verify that:
* username and password is properly submitted
* a db record for this user really exist - and there's only one, not more of them
* the query is correct

My impression is that you're just starting with PHP and you're trying to jump right into the middle of a project without learning the basics first.

I'm sorry I got lost in your post so let me reword it.
Let's say that you have pages homepage.php, courses.php, students.php and you want to protect all three - valid username+password is required to access them.
So you put the session_start()... code into each.

When someone opens one of them and is not logged in, he will be redirected to locationtudentLogin.php - that's the page with $host=...
He will log in there and stay logged in even when he leaves the page. Then he can access one of the protected page and he will see their content.

Is it clearer now?

Hi there, I'm a bit confused:

• I don't see a reason for calling session_start(); session_destroy(); I'd say that you can safely ignore this
• The other "Put this code in first line of web page" is correct though. All your protected web pages must have .php extension and contain this as the first thing in the file

  <?php
  session_start();
  if (!session_is_registered("myusername")) {
    header("locationtudentLogin.php");
  }
  ?>

Otherwise the code seems to be ok, let me know if you're having any problems.

Hi there,
because you posted your database login info here you will have to change it. Otherwise the first hacker who happens to read this (e.g. using an automated search script) will either erase your database or fill it with malicious data.

Now back to bug hunting: I suggest you keep

ini_set("display_errors", true);
error_reporting(255);

at the top until you solve all problems.
This should show you what is the reason for getting a blank screen.

The 2MB is default file upload PHP limit, that's why it didn't affect you when you used FTP.
It's very likely that you aren't allowed to change this settings unless you have a very benevolent hosting provider. If you are though, then you have these options:

• If you run the server yourself then locate php.ini and edit upload_max_filesize, post_max_filesize, max_execution_time, max_input_time and memory_limit. I'll explain them later.
  
• Or if your server runs web server Apache and .htaccess parsing is on then put file .htaccess into the same directory as your script. Its name really starts with a dot. Some FTP clients don't show unix hidden files by default - and hidden files = dot files. So don't be surprised if you upload the file and don't see it then in the listing. Check your FTP client settings. This should be in it (use your own values):

  php_value upload_max_filesize 100M
  php_value post_max_size 100M
  php_value max_execution_time 1800
  php_value max_input_time 1800
  php_value memory_limit 100M

  Note: I think you have to use Unix line …

Thanks for the syntax highlighting it's much better.
The errors you are getting aren't deadly. So why do you think there's something wrong with the script?

Looking at the script I have a few suggestions:
* don't use copy() for moving uploaded files as most hostings will not like it.
First test if the upload was successful:

if (is_uploaded_file($_FILES['rom']['tmp_name'])) {
}

and then move it with

move_uploaded_file ($_FILES['rom']['tmp_name'], $romName);

* $romName most likely doesn't contain a valid path
It should be
/www/10gbfreehost.com/b/l/a/blastburners/htdocs/gba_roms/files/....
not just
/gba_roms/files/...

Best if you use $_SERVER["DOCUMENT_ROOT"].'/gba_roms/files/'...

* you should move mysql_close() two lines higher just after mysql_query()
Now it attempts to close a non-existing connection if $error > 0.

* you shouldn't insert values taken from $_POST/$_GET directly into database without running it through mysql_real_escape_string(). A hacker could use this security hole to wipe out your database or replace its content with malicious data.

Hi Scottmandoo,
best if you place this at the top and run it:

ini_set("display_errors", true);
error_reporting(255);

Then you could post the error messages and I'll explain what they mean.

Also, could you please edit your post and add "=php" into the tag code (code=php)? It will tell this forum to use PHP language syntax highlighting and the source code will be much easier to read.

As a bonus, here's a simpler getExtension() function:

$extension = strtolower(substr(strrchr($file_name, "."), 1));

All right, I can see that you know what you're doing :-)

Since your hacking it anyway, we won't mind using eval(), will we? (yuck!)

$string = "level1.level2a.level3=10";

list($combinedKey, $value) = split('=', $string);
$keys = split('\.', $combinedKey);

$command = '$config["'.join('"]["', $keys).'"] = $value;';
eval($command);

var_dump($config);

That's it. You said you have a linux box so you have to locate sendmail - I assume that you have it installed. To find where your sendmail is run:

locate sendmail

then uncomment the sendmail_path row and enter the full path incl. the switches. For example:

sendmail_path = /usr/sbin/sendmail -t -i

That should do.

Just curious: are you able to send e-mails from the box using pine or mutt? PHP usually works with default settings just fine if sendmail isn't installed into some unusual location. What I mean is that you could in fact, be having a sendmail problem, not PHP configuration problem.

Hi JRSofty,
before I think about a solution to what you want, let me cast some doubts on it first:
Is it really so time saving to have your config code instead of good ol' php?

$config = array(
  "access" => array(
    'read' => array(1,2,3),
    'write' => array(1,2),
    'modify' => array(1,2)
    'manage' => 1
  ),
  "somethingelse" => 10101
);

With your method you have all strings. No NULL, boolean or other types.

Hi maydhyam,
if you use a professional hosting (someone has set up the server for you) you don't have to worry about anything. Just use mail().

If you're running your own server (e.g. development server) then you need to check php.ini section [mail function]. For Linux you have to verify that sendmail_path is correct.

Hi Dave,
you're not giving us the whole script, are you?
$sendmail should be defined somewhere. That's where your path to sendmail goes.

BTW: This method of sending e-mails is bad, read something about e-mail injection:
http://en.wikipedia.org/wiki/Email_injection

If you you're still having problems with sending through sendmail (it could be that -t is forbidden, for instance) and you cannot use built-in mail() function (the easiest way ever, although even there you have to care about e-mail injections) I recommend using XPertMailer library:
http://xpertmailer.sourceforge.net/

It may be a bit of a hard nut for you to crack at first as you are probably a PHP beginner, but the reward is worth it. You can for instance, send HTML e-mails with it like a breeze, or send e-mails using the recipient's mailserver (read from MX query).