Jump to content
xisto Community

HmmZ

Members
  • Content Count

    365
  • Joined

  • Last visited

Everything posted by HmmZ

  1. when you perform mysql querys and other things that call for the database, you seem to be always using die()? not needed, just store the query or whatever it is your using in a variable and check the query with an if...else statement. Instead of using: mysql_query("SELECT * FROM table") or die(mysql_error()); you should do: $qry = mysql_query("SELECT * FROM table"); if(!$qry){$db_status = 0;} else {$db_status = 1;} Continued from where i left off Hope this helps.
  2. Not too hard: print "<tr><td>Column 1</td><td>Column 2</td></tr>";$query = mysql_query("SELECT * FROM table");while($getArray = mysql_fetch_array($query)){print "<tr><td>$getArray[number]</td><td>$getArray[name]</td></tr>";} Note that while{} is an ongoing loop, it will load any number of records wich will display a full list* of each record, showing number and the name attached to it. * To limit the number of results change the query by: $query = mysql_query("SELECT * FROM table LIMIT 10the above code would limit the number of results (rows) to 10 * To order the number of results change the query by: $query = mysql_query("SELECT * FROM table ORDER BY number DESC");the above code would order the list by number descending * To do both: $query = mysql_query("SELECT * FROM table ORDER BY number DESC LIMIT 10"); any questions ill gladly answer
  3. id say this: db.php $sql_conn = mysql_connect("host","user","pass");if(!$sql_conn){$db_status = 0;} else {$db_status = 1;} Checks if a mysql connection was established, stored as a "0" or "1" Next step would be further developing that variable in the page where you want to show the status: Any other page include("db.php");#if db is onlineif($db_status=="1"){$db_status = "<img src='images/online.gif' border='0'>";}#else db is downelse {$db_status = "<img src='images/offline.gif' border='0'>";}print "Database Status: $db_status"; configure it to your own liking, once db.php is included you can make the $db_status variable anything you want Enjoy!
  4. Note that it's extremely easy to have multiple themes, letting the user choose himself as ive stated before with the get_theme() function, the get_theme() function is fairly small: function get_theme(){$get_pref=mysql_query("SELECT theme_pref FROM users WHERE username='".$_SESSION['user']."'");if(!$get_pref){$theme="themes/default";}else{$theme="themes/".mysql_fetch_object($get_pref)."";}} what my get_theme() function basically does is get the theme preference of a user in the users table, and change the $theme variable to the preferred one, this only changes the theme for the user itself and not the whole site. Making it very versatile even though it's just a small piece of code. Note that if the sql query is unable to be executed (its a guest or sql server is down (templating itself is not sql-based)) it chooses the default theme. Enjoy! Any questions or suggestions? dont hesitate and reply!
  5. Its hard to predict what the outcome will be in this war of titans. Google's influence in the industry is exponentially growing, although i think they'll eventually walk onto a brick wall. Dont forget, Microsoft is being screwed over by ALOT of companies, not because they suck, but because companys are trying to tear down the monopoly, if Microsoft wasnt attacked from every single side (AMD, GOOGLE, SUN MICROSYSTEMS, HACKERS/etc) they could bring new products on the market without hesitation or delay. People nowadays are too much influenced by media, everyone blames microsoft, but they all forget that microsoft (even though they ripped off dos) is the groundlayer of the computer of today, it could have taken a much longer time before the technology of now was developed. Microsoft made many things possible, had one of the leading roles in developing computers and their industry. Some people know that microsoft has, at one point, attempted to encourage some competition, simply because this is what the client/user needed. But the competitors are now combining forces to bring the groundlayers down? (sorry felt like doing that quote lol)
  6. Sorry for forgetting the url: tpl2 http://forums.xisto.com/no_longer_exists/ Notice from BuffaloHELP: Edited as requested.
  7. I've redone it a bit, took out the gradient as truefusion suggested (thanks didnt know that caused troubles on differents resolutions), changed the fonts, spiced up the logo a bit (or header...the way you like to put it).Thanks in advance for the feedback
  8. Thanks for the feedback,its more of a thumb picture, because its 800px * 500px. And ill think of something else for the gradient. And spice it up some more :]Thanks again for the feedback
  9. @KarloIt's avoiding the superglobals, wich are by default switched off in PHP4 and PHP5, but in my honest opinion i dont think falgor took that in his decision when using variables right away.Note that i dont know wich phpversion() Xisto has at the moment, so if they are still using cPanels default (PHP3) then you can use $_POST[] and $_GET[].@xJedixYou dont have to necessarily use quotes, in the end it can really speed up a script. however, it is one of the necessary functions when you want it just to be a LITTLE html validated, im not sure but it can be that some browsers can cause display errors when using no quotes, but dont hook me on that.
  10. I need some feedback on a template i would like to implement on a new products website. Requesting feedback on: - professionality - user-friendly degree - clean yet effective degree - your own personal opinion Please note that this is not a ps supertemplate, simply because the site will be needing fast loading and such, im also in development of a more ps supertemplatish site but after this is finished Thanks in advance sFinance template
  11. Pre-note Hello and welcome. if your website doesn't use a templating function, you may have noticed it's pretty hard to update your website (layout) unless you dig through many files to update the images and such. The solution is templates. If you ever got curious and looked into phpBB codes or any other template based forum/CMS, you saw the .tpl files they use. I am not at a point where i base everything on .tpl (simply because i havent taken the time to see how it all works). But i do can tell you that it's the same principle, template your site using an external .html file. That is the incentive of this tutorial Comments First i wanna say that this isn't a ripped tutorial. (ive been accused in the past aswell) Second, this is a custom and pretty easy way of templating, ill even explain (short) how to get a theme preference from a user. First off...functions file I'm making this look like a huge tutorial, but it isn't. If you use a functions file (where you have all functions() defined) you may want to place the template() function in there aswell. I will first show an example template function, and then explain: function template($content){global $title,$main,$bar,$nav,$right,$footer;get_theme();$file="$theme/theme.html";if(!$rf = fopen($file,"r")){$error=1;}else{$template=fread($rf,filesize($file));fclose($rf);$template=stripslashes($template);$template=eregi_replace("<% title %>","Solarity Gaming",$template);$template=eregi_replace("<% main %>","$main",$template);$template=eregi_replace("<% bar %>","$bar",$template);$template=eregi_replace("<% datetime %>","".date('d-m-Y H:i:s \G\M\T\+\0\1\0\0')."",$template);$template=eregi_replace("<% nav %>","$nav",$template);$template=eregi_replace("<% right %>","$right",$template);$template=eregi_replace("<% footer %>","$footer",$template);print "$template";}}This is the exact template() function i just copy pasted from my functions file, i wont edit it to make it easier, since it isnt that superhard explanation function template($content){global $title,$main,$bar,$nav,$right,$footer;This is the start of the function, later on, you will see that template($content) has a reason and that the globals are pretty important, as they fetch the variables from your include file. get_theme();Here i'm calling the get_theme() function, because we will be calling the theme.html later this file, it makes sure the right theme is stored in the $theme variable $file="$theme/theme.html";if(!$rf = fopen($file,"r")){$error=1;}else{$template=fread($fd,filesize($file));fclose($fd);the variable $file defines the location of your theme.html, $theme was defined earlier through the get_theme() functionthe if...else function makes sure theme.html is readable, if its not readable, nothing much happens, if it is readable, then $template is defined, $template will later on make sure the template variable (for example <% main %>) is fetched from theme.html correctly, to configure it. $template=stripslashes($template);make sure $template doesn't have slashes as it will become unreadable then $template=eregi_replace("<% title %>","Solarity Gaming",$template);I won't display all theme variable defines, because it all is the same.the predefined $template is getting a new definition, its pretty double, because in the same line $template has 2 completely different meanings. Anyway, in this line, the theme variable <% title %> is replaced with "Solarity Gaming", wich means, once template() is called, the page would have the title Solarity Gaming, in other lines the theme variable is stored in a php variable (<% main %.,"$main") wich means that once template() is called later, all $main defines in the included file will replace <% main %> in the theme.html. print "$template";}end else}end functionwe have defined $template (with alot of info), so we print it, then we close the function, the function is ready to be used, lets make theme.html! theme.html If you followed me to this far, you are doing great, the hard part (atleast for me, took me ages to explain template() ) is done. <head><title><% title %></title><link rel="StyleSheet" href="themes/default/style.css" type="text/css"></head><body bgcolor="#E3E3E3"><center><table id="box" cellspacing="0" cellpadding="0"> <tr> <td> <table id="box2" cellpadding="0" cellspacing="0"> <tr> <td id="banner"> </td> </tr> <tr> <td id="bar"> <% bar %>&bsp;<% datetime %> </td> </tr> <tr> <td> <table id="box3" cellspacing="0" cellpadding="0"> <tr> <td id="Navigation" align="right" valign="top"> <% nav %> </td> <td style='background-color: #DCE5EE;' valign='top'> <% main %> </td> <td id="Right"> </td> </tr> </table> </td> </tr> <tr> <td id="Footer"> <% footer %> </td> </tr> </table> </td> </tr></table></center></body>ooo creepy huh? I though that bursting the code in your eyes would be less hurting in the long run i think it's all pretty self-explanatory, if not...ask calling template() Basically everything is done, you have defined template($content), enabling it to template anything you desire. you got your theme.html that defines the locations of where the variables should be placed...There is 2 things left that might need explaining...calling template() and the file you wish to template calling template is as easy as 1,2,3 function test(){global $title,$main,$bar,$nav,$right,$footer;include("test.php");template($data);}ive found my comfort way to call template() through functions, it gives an easy overview over files and is easy to edit or anything.Now, whenever test() is called, it will include test.php and then template the data found inside ($data is a more general way to get all the $variables) i don't think calling template needs more explaining, but please yell if you do need some more explaining test.php i made the function test() instead of copy pasting functions im using (simply because it would be too confusing). But i can tell you, once you get the hang of templating, you can do great stuff with your functions and maybe even learn new stuff, cause, as you can see, it's not that hard to create stuff ^^ Anyway, back on topic, we have included test.php, so what would it look like (o god now i gotta make that too, ) <?php#############test.php#######Xisto tut##################define $main variable##this would be anything in the middle##the REAL content such as news#$main .= "Hello this is a test";$main .= "<br> a test to see if i got this templating crap of the hmmz to work";$main .= "whoa im seeing it!? it must have gone great!";#define $nav variable##nav as in navigation##<% nav %> got defined to fit at the left of your page##so lets make some links!#$left .= "<a href=''>"; $left .= "<br> HAHA! links work too? AWESOME!";#define $bar variable##lets set it up with a login form?#$bar .= "<form method='post' action='index.php?action=login'>";$bar .= "Username : <input type='text' name='user'>";$bar .= "<br> Password: <input type='password' name='pass'>";$bar .= "<input type='submit' value='login'></form>";#define $footer variable##as its name says it will be at the foot of your page##so lets define it with a copyright?#$footer .= "Copyright © 2005 TheHmmZ";?>whoosh, finally done Anyway, i have defined all the variables in just 1 file, to make it a bit easier on your side, but you can use many different files, i do think that defining the same variable (for example $main) in multiple files would cause a lot of mayhem, so dont Note: the # is used for commenting, just like //. I just like # more this file will be included, and, as expected your file should be displaying everything on the right place, just try it. if you want a full example, get the codes at the of this tutorial. Conclusion Well, you got to be honest, it wasn't THAT hard to understand, not much needs to be done to prepare your website for a real templating engine (expensive word, low costs ). for existing websites with alot of files and such, it can get tough. but a tip would be to open the file you want to fix for templating in notepad, then ctrl+h type in print " or echo " and make the replacement word for example news $main .= " this will remove print " and replace it with $main .= " Hope you enjoyed this tutorial and that it helps you, any questions i will gladly answer Full Example functions.php function template($content){global $title,$main,$navigation,$footer;$file="themes/theme.html";if(!$rf = fopen($file,"r")){$error=1;}else{$template=fread($rf,filesize($file));fclose($rf);$template=stripslashes($template);$template=eregi_replace("<% title %>","Example",$template);$template=eregi_replace("<% main %>","$main",$template);$template=eregi_replace("<% navigation %>","$navigation",$template);$template=eregi_replace("<% footer %>","$footer",$template);print "$template";}}theme.html <head><title><% title %></title></head><body><table> <tr> <td> <table> <tr> <td> <% navigation %> </td> <td> <% main %> </td> </tr> </table> </td> </tr> <tr> <td> <% footer %> </td> </tr></table></body>index.php <?phpfunction test(){global $title,$main,$navigation,$footer;include("example.php");template($data);}switch($action){ default: test(); break;}?>test.php <?php$main .= "This is an example<br>";$main .= "This is defined with the main variable"; $navigation .= ""; $navigation .= "This is defined with the navigation variable";$footer .= "Copyright © myself<br>";$footer .= "example made possible by TheHmmZ<br>";$footer .= "This is defined with the footer variable";?>filerootROOT/functions.php ROOT/index.php ROOT/themes/theme.html ROOT/test.php
  12. You see the bevel/emboss too well on homer, a bad finishing touch if you ask me :/
  13. Besides of phpmyadmin denying me, all my databases are gone, i would really appreciate some feedback on this, thank you in advance
  14. ive been able to get the memberlist going, but now ive come to the point where i wanted to get advanced with the list and be able to edit a user. Im not going to say much more, ill just show it <input type='hidden' name='editmember[$row[1]]' value='$row[1]'><input type='submit' name='action' value='edit'> this doesnt work, as soon as i print out the specific username, it displays Arrayeditmember[] gives the same and when i do: <input type='hidden' name='editmember' value='$row[1]'><input type='submit' name='action' value='edit'>it displays the username of the admin doing it (me), with any of the members i try to edit. im clueless, any help is appreciated Notice from BuffaloHELP: Topic title changed.
  15. i found a way to solve it all, it may look weird hehe $result=mysql_query("SELECT * FROM $usertable ORDER BY uid DESC");if(mysql_num_rows($result)){while($row=mysql_fetch_row($result)){$lvl="<img src='./images/level".$row[].".png' border='0'>";echo "<tr><td align='center'><font class='news_font'>$row[3]</td><td align='center'><font class='news_font'>$row[]</td><td align='center'><font class='news_font'>$row[]</td><td align='center'>$lvl</td><td align='center'><font class='news_font'>$row[]</td><td align='center'><a href='manmem.php?user=$row[]&req=edit'>Edit</a></tr>";}}where in row[] is the number of the field and not counting the primary key(so if your table looks like "id,username,password,email,realname" etc) it would be: username($row[1]),email($row[3],realname($row[4]), sounds weird but works Thank you for trying to help avalon
  16. I googled and found this: Unfortunately, it does not solve the problem of only one user being displayed multiple times...how can i make sure each row is equal to each unique user?
  17. I tried it just now, it didnt work ;_; i got something like the following (endless loop): Member Real Name Member Username Member Function Member Level Member E-mail Optionstester tester2 member tester Edittester tester2 member tester Edittester tester2 member tester Edittester tester2 member tester Edittester tester2 member tester Edittester tester2 member tester Edittester tester2 member tester Edittester tester2 member tester Edittester tester2 member tester Edittester tester2 member tester Edittester tester2 member tester Edittester tester2 member tester Edittester tester2 member tester Edittester tester2 member tester Edittester tester2 member tester Edittester tester2 member tester Edittester tester2 member tester Edittester tester2 member tester Edittester tester2 member tester Edittester tester2 member tester Edittester tester2 member tester Edittester tester2 member tester Edittester tester2 member tester Edittester tester2 member tester Edittester tester2 member tester Edittester tester2 member tester Edittester tester2 member tester Edittester tester2 member tester Edittester tester2 member tester Edittester tester2 member tester Edittester tester2 member tester Edittester tester2 member tester Edittester tester2 member tester Edittester tester2 member tester Edittester tester2 member tester Edittester tester2 member tester Edittester tester2 member tester Editand i dont think it ends anytime soon XD
  18. SQL Injections are hard to prevent, because there are so many things you would have to think about when creating your pages, it is hard to memorize every time, here are some methods i advice you to do.. Method 1 [Functions] A good way to implement any security is functions, make a new page and think about every way of preventing SQL Injections and malicious attacks, code it all into functions and all you have to do with any form you use is call the functions, it prevents you from forgetting a way of prevention, but also makes forms easier to overview for you, since all you do is make a form and call up functions. Method 2 [be the attacker] Another good way of preventing malicious moves from attackers is to pretend to be the attacker yourself, what would you do? Example[register form] You see a register form and what would an attacker do first? Analyze. The first thing he would do is view the source and construct a mysql query based on his view. Lets look into the source of a register form <form action="./register.php" method="post"> <p>Username: <input type="text" name="username" /></p> <p>Email: <input type="text" name="email" /></p> <p><input type="submit" value="Register" /></p> </form> an attacker could easily decide what kind of SQL Statement this brings, since most forms that communicate with mysql use about the same type to insert into a database. A quick guess of an attacker could show (note that passwords are usually not shown in page sources): <?php $sql = "INSERT INTO users (username, password, email) VALUES ('{$_POST['username']}', '$password', '{$_POST['email']}')"; ?>Does this look equal to your statement? then you have a flaw if you dont have countermeasures, look at the following: user', 'pass', ''), ('user2he uses the password "99999" and e-mail "yourname@hotmail.com"with no security, that is something you can create as username, now look what it does to your sql query: INSERTINTO users (username, password, email)VALUES ('user', 'pass', ''), ('user2', '99999', 'yourname@hotmail.com')because of the used "username" your sql query will be making 2 accounts instead of 1, user will have no e-mail, so he could get a refuse to his register apply, but user2 is added to the database, so he got an account through wich now enables him to look for more sensitive information as registered member. And that is just one of MANY ways they can manipulate your sql querys possible solutions to this problem So, what minimizes this attacker to get through? Let me sum the current flaws up: - the table field names matched the names used in the form - the register form accepts characters as ()', and many more - the sql query did not stop when an error with the query occured First, make sure the form names will not match the table field names, using php you can do this through variables: <form action="./register.php" method="post"> <p>Username: <input type="text" name="username" /></p> <p>Email: <input type="text" name="email" /></p> <p><input type="submit" value="Register" /></p> </form> <?php$thename = $_POST['username'];$thepass = $_POST['password'];$theemail = $_POST['email'];?>you can name the variables anything you want, as long as it wont match the table field names nor the form names. Then the query becomes the following: <?php $sql = "INSERT INTO users (username, password, email) VALUES ('$thename', '$thepass', '$theemail')"; ?>Next, make sure your script either eliminates the use of strange characters or return an error on their use <?php$thename = strip_slashes($thename);$strip="/^[/\()<>,'";:{}^%#!&-*+$]+$/";//characters that username and/or password can be matched with..if(preg_match(($strip,$thename)||($strip,$thepass)||($strip,$theemail)){ print "You may only use characters a-z and 0-9";}else {}//all strange characters have been checked... continue furtherAll strange characters are checked and if there was a strange character, your script returns an error, using the 2 methods ive shown you, is to my opinion a great way of preventing those nasty attackers from getting through there are many more ways but discussing all of them would take me a few more hours . Just google and see what comes along, anything you find about sql injections is usually very helpful. Hope this helps..
  19. Hello, it's been a while since i've been active in the PHP Board ( i used to be really active in here ), not only to help others but also to request help ( people knowing those requests, dont share your bad experience with my requests ) Anyway, i am requesting help on a listing of members, i totally forgot about how to fetch the rows from a table and display each row, i thought it was: $result=mysql_query("SELECT * FROM $usertable ORDER BY id DESC") or die();$num=mysql_num_rows($result);$array=mysql_fetch_array($result);for($i=0;$i<$num;$i++){print "";} where print "" should display name, username, email, grade(member/mod/admin) and an option to edit. And where the list is categorized on user id, descending This didn't work out, so ive been experimenting, but so far no good, this is why i am requesting help in this matter. The current code i have for the list is: $result=mysql_query("SELECT * FROM $usertable ORDER BY uid DESC");$num=mysql_num_rows($result);$array=mysql_fetch_array($result);$lvl="<img src='./images/level".$put[permit].".png' border='0'>";for(; list(,$listname)=each($array['name']), list(,$listuname)=each($array['username']), list(,$listfunction)=each($array['function']), list(,$listpermit)=each($array['permit']), list(,$listemail)=each($array['email']);) { for($i=0;$i<$num;$i++) { print "<tr><td align='center'><font class='news_font'>$listname</td><td align='center'><font class='news_font'>$listuname</td><td align='center'><font class='news_font'>$listfunction</td><td align='center'>$lvl</td><td align='center'><font class='news_font'>$listemail</td><td align='center'><a href='manmem.php?user=$listuname&req=edit'>Edit</a></tr>"; } } It does not display anything unfortunately and i just cant find a way to get it all displayed right, at one point i did have a result (dont ask me wich method, ive tried/used many methods) but it displayed every row 4 times, wich i have the term 'weird ' for Anyway, any help is greatly appreciated Notice from BuffaloHELP: Topic title changed. Next time using "Requesting Help" as your only title will result in warning adjustment.
  20. This story gave me goosebumps, what a great story.This may be my negative feeling again towards the human race, but, too bad its one of those exceptions in the world, because this really doesnt happen much unfortunately, people are too much on money, where they forget the term peace&harmony
  21. ive looked up my .htaccess file and this is what it had as content: RedirectMatch .* http://xisto.com/suspended.page/Options -Includes -Indexes -ExecCGI ive backed up the page and put a clean (since youre saying records are saying im not suspended) .htaccess file back, site seems to be working again.. If i am NOT allowed to edit my .htaccess file, please say so, i will then put the backup back in place.
  22. OpaQue,that almost seemed like an accusation of me trying to rig the system...ive been with Xisto long enough, i would never do such a thing, the only thing we have to do for great free hosting is posting in an active forum.Ive never given away my password NOR username so im going to assume that's not the case either, how can my .htaccess file be edited so that i dont get redirected to the suspended page?-.-im trying to show alot of patience but this is going to get annoying in the long term, but im also hoping the problem can be found to prevent it for next times =/
  23. I cleared literally all my cookies and cache and it still wont work...but i dont think the problem is on my side, when i point to my subdomain online.trap17.com it gives me the xisto suspended page, wich is clearly not an error on my side dont you think? But thanks for the tip, glad to see such a fast reply
  24. i have been inactive for a few weeks i admit, my hosting credits were at -10.49 when i came back...ive made some posts and i was at 4+ (12 at that time), now, a few days later, my account is still suspended? i am still around 12 hosting credits but it doesnt appear the script has recognized it or something, could this maybe be fixed, even though ive been inactive ive worked my credits up again to a fine creditamount and my account has not been reinstated. If there's something i forgot to do or anything, please let me know :|
  25. In the current world negotations have a description that is not what is really the point in this discussion, nowadays it's seen as business, pure business, if not bribery ("If you buy our shares, we'll have a deal here!"). Take the example of the governor of California, mister austria itself, Arnold Schwarzenegger, this so called muscled brain wasnt the perfect governor some thought him of, after he was governor for a while, apparently he was strangled in the world of commercial politics and took it a bit too far, while being uncautious, his negotations may have went fine, there's not much to negotiate if everyone knows about it. What exactly was my point of that above...to be honest, i dont know. When i think of the word negotation it gives me more of a negative feeling then a positive feeling (negotation is ideally meant positive), but in the world we live in today, the positive feeling has been ripped off, and i bet im not the only one. Negotiating is however a daily thing that will never disappear from our habits, negotiating on the market for some vegetables, negotiating about what to have for dinner, negotiating about prices,negotiating about laws, rules and some more. It's a daily habit and has secretly snuck up into our lives, the smallest things are about discussions and negotiating. Ok, seriously, i may sound a bit negative about this subject and stating weird things, but it's all part of the term negotation, try paying attention to it, anywhere, try not to negotiate one day and see how it goes, i can tell you it wont be easy. That's my opinion
×
×
  • Create New...

Important Information

Terms of Use | Privacy Policy | Guidelines | We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.