-
Posts
22 -
Joined
-
Last visited
About wjohn
- Birthday 11/19/1994
Profile Information
-
Gender
Male
-
Location
Sweden
wjohn's Achievements
Newbie (1/14)
0
Reputation
-
Hi, I have no problem to wait, I have loads of other stuff to do!
-
Hmm, I guess it need more edit.. Now: http://localhost/test/index.php/hej What I think is decent would be to get rid of index.php and when it's the default controller let's say index.php i don't think index would be needed, don't you agree? I mean http://localhost/test/hej = http://localhost/test/index/hej
-
This seem nice I've tried this, but it doesn't really work RewriteEngine On RewriteRule ^$2$ $1?action=$2 [NC,L] What I',m trying to achive is that i dynamically get it to look like http://localhost/hello http://localhost/wtf is http://localhost/index.php?action=hello http://localhost/index.php?action=wtf The $1 is that I simply want to have more controllers and if it doesnt exists it will just show index.php. But I guess I did something wrong. http://localhost/baby is http://localhost/admin.php?action=baby To avoid problems RewriteEngine On RewriteRule ^$1/$2$ $1?action=$2 [NC,L] Could be solid - but it doesnt work!!
-
Hello I'm looking to change my urls and generally I just want to have a going on how to do it. First url http://localhost/index.php?action=login I would like that to simply be http://localhost/login But is it then possible to make like http://localhost/admin/adduser And the real link would be http://localhost/admin.php?action=adduser And finally http://localhost/map/x/y would be http://localhost/map.php?x=&y= I'm not asking code for all urls, just a snippet for one of them, and hopefully a link to a good resource. But if someone feel like saving me some time, it's appreciated! (I do not ask for it tho)
-
Kraxzy can you give an example of how to secure basedirs and basepaths?
-
The only thing, I consider right now is to use htmlentities() on the outputs at the ban data, as if some "admin" would freak out and try to XSS inject.
-
function login(&$msg) { //Database injection fix $_POST = $this->db_escape($_POST); $username = $_POST['username']; $password = sha1($_POST['password']); $query = "SELECT id, username, userlevel FROM users " . "WHERE username = '" . $username . "' AND password = '" . $password . "'"; $result = mysql_query($query); if(mysql_num_rows($result) == 0) { $msg = 'Fel användarnamn eller lösenord!'; return false; } $user_data = mysql_fetch_assoc( $result ); if ($this->IsUserBanned($user_data["id"])) { $query = "SELECT * FROM bans WHERE uid = '" . $user_data['id'] . "'"; $result = mysql_query($query); $ban_data = mysql_fetch_assoc( $result ); $msg = '<strong>AVSTÄNGD</strong><br /> ANLEDNING: ' . $ban_data["reason"] . '<br /> BEVIS: ' . $ban_data["evidence"] . '<br /> TID: ' . $ban_data["time"] . '<br /> AV: ' . $ban_data["administrator"]; return false; } return true; } I came up with this, anything I can improve, security such. This is the db_escape function: function db_escape ($post) { if (is_string($post)) { if (get_magic_quotes_gpc()) { $post = stripslashes($post); } return mysql_real_escape_string($post); } foreach ($post as $key => $val) { $post[$key] = $this->db_escape($val); } return $post; }
-
Would you like it to stand like 2007-2011? And next year 2007-2012? <?php echo "2007-" . date("Y"); ?> Would display like above.
-
I don't really use MVC model, but I guess I could put away the CONSTRUCTOR and put it in just a plain login file, and then call if the data is valid. <?php if (isset($_POST['submit'])) { //validate data then call login() } ?>
-
What would you recommend? Is my method of login class even good? I want to optimise as much as I can, and by the way thanks a lot for the help! It's very appreciated.
-
Well, What about there was 2 options, you can get logged in, but what if you're banned, that is a second check, before Im going to set the sessions. As I clearly want to state if they login was fail because of username and password or banned.
-
Hi I'm working on a login method to my class and so far it look like this function login() { //Database injection fix $_POST = db_escape($_POST); $username = $_POST['username']; $password = sha1($_POST['password'] . $this->salt); $query = "SELECT id, username, userlevel FROM users " . "WHERE username = '" . $username . "' AND password = '" . $password . "')"; $result = mysql_query( $query ); $user_data = mysql_fetch_assoc( $result ); if( mysql_num_rows( $result ) == 1 ) { } The login method is triggered from my constructor function Auth() { if (isset($_POST['username']) && isset($_POST['password'])) { $this->login(); } else if (isset($_GET['logout'])) { $this->logout(); } } Now I wonder how I should return the data, Let's say Im on the login.php and the users doesn't exists or is banned, Something like this: function login() { //Database injection fix $_POST = db_escape($_POST); $username = $_POST['username']; $password = sha1($_POST['password'] . $this->salt); $query = "SELECT id, username, userlevel FROM users " . "WHERE username = '" . $username . "' AND password = '" . $password . "')"; $result = mysql_query( $query ); $user_data = mysql_fetch_assoc( $result ); if( mysql_num_rows( $result ) == 0 ) { //Oh noes the user doesn't exists I want to print this out to the user, What should I return ? and how I print it out? } Thanks in advance.
-
Hi I refer to my old topic http://www.killersites.com/community/index.php?/topic/4265-mysql-database-design/page__p__21707__fromsearch__1#entry21707 which was about my mysql database design. Now, I wonder how I am going to trigger an EVENT for a certain time, For example, let's say I want to add a new building, it's going to take about 20 minutes until it's "builded". If i want to upgrade it to "level 2" it will take a certain time, before it's updated, For example another 20 minutes. And when you upgrade, let's say you lose som resources like 200, 300, and so on. How do I trigger actions after a few time?
-
Thanks for the rather informative post :] I will look more at google.
-
I've been hearing about stealing seasions and stuff like that, How do I prevent session and make it safe?