Jump to content


Check out our Community Blogs

Orjan

Member Since 26 Sep 2007
Offline Last Active Feb 21 2017 01:28 AM
*****

#670440 Third Interview with Apple and Offer

Posted by Orjan on 26 April 2014 - 03:41 AM

Congrats to the job then, and I hope you'll keep hanging around here even if you are employed! :-)


  • 1


#669927 Creating A Simple Yet Secured Login/registration With Php5

Posted by Orjan on 09 April 2014 - 10:53 AM

Its normal for each site user to fill in the forms and the data will be carried to the database.

 

Kindly explain further.

 

change 

$sql = 'INSERT INTO employee (emp_name,emp_address, emp_salary, join_date) VALUES ( "", " " ," ", NOW() )';

to

$sql = "INSERT INTO employee (emp_name,emp_address, emp_salary, join_date) VALUES ( '".$emp_name."', '".$emp_address."', '".$emp_salary."',  NOW() )";

and the values from your POST will go into the database. Please note that this isn't secure enough (the variables needs to be more santitized), but it's a good start.


<?php 
} else {
	$usr = new Users;
	$usr->storeFormValues( $_POST );
	
	if( $usr->userLogin() ) {
		echo "Welcome";	
	} else {
		echo "Incorrect Username/Password";	
	}
}
?>

After good username/password we will be greeted with "Welcome".... How do I call the login name of the person echoed after the Welcome User1?

 

 

change that line to:

echo "Welcome ".$_POST['username'];

but as in my previous answer above, the $_POST['username'] needs to be sanitized for output, but it's a good start to learn.


  • 1


#659809 Thank you CodeCall!

Posted by Orjan on 06 June 2013 - 03:21 AM

You're welcome! I've actually just got a job as php developer :-)
  • 1


#659791 Thank you CodeCall!

Posted by Orjan on 05 June 2013 - 12:11 PM

Congratulations!
  • 1


#657914 Clean URLs with PHP

Posted by Orjan on 30 April 2013 - 05:08 PM

Excepting that in those cases what you have for code wouldn't work, so why would you even TRY to deploy THIS code there?

 
well, I see no problem in checking the availability of the data and exit if there is none to deal with... I think it's a good habit to learn.
 

Perhaps... but again since it would be non-functional and would need a rewrite for other systems of doing it, what's the point of adding that check to code that you wouldn't RUN on non-apache systems without a rewrite?
 
IMHO too complex for a tutorial version -- you're gonna confuse/lose people on that.

 
Maybe I am, I still don't think it's complex to put the code in a function. It isn't beginners level, but then the subject is a bit over beginners level to start with.
 

I think that loose/generic is where you lose people -- it's a lesson I learned the hard way back in the '90's writing tech manuals for Marstek. Assume the person learning knows nothing, fail to do that they'll learn nothing. "generic" code can be too case non-specific for the beginner to turn into a working example on their own -- which is where I think "lokilust" got lost. I'm pretty well... seasoned at this, and I'd have a hard time turning your tutorial into a working example!

 
really? strange. I pasted those two code blocks into the files and it ran right away. Where was the trouble, as you are looking with other eyes at my code?
 

Which is where we differ -- User friendly is good to a point, but not when it ends up leaving the barn door open. Is it REALLY so hard to whitelist allowed files? No, it isn't... anyone who can't manage that, probably has no business using these methods in the first place; and if that means "You have to be 'this' smart" to use it? OH WELL.

 
Well, my code don't execute anything either. It just parses the URL. Nothing else. So the security issues are to deal with in another part of the code. But, yes, it let all files and directories be as they are and be executable if they are. I should problably have informed of that! Good point!
 

Not 100% sure what that statement has to do with the block it was quoting -- only thing I can figure is my safename routine -- and you're passing values in the URL, a subset of US-ASCII (characters 32..127) is all that's valid there in the first place, you want other language characters you'd have to have them as entities ANYWAYS! Wait? Are you referring to getData, something mine doesn't need to parse? Yeah, your next part:
 
Don't have to with mine as $_GET is parsed normally regardless of how my redirect handles it. You send mine getdata, $_GET exists and is filled in properly. That's why I strip it clear off before parsing $_SERVER['REQUEST_URI'] as we don't need it!

You do /test/west?best=vest on mine, and $_GET['best'] will return 'vest', because of how my .htaccess method is crafted.

It might be cute to store the HASH if present though -- since you ARE correct there, more datapoints is a good thing... It's just yours seemed to be reinventing the wheel on a lot of things.
-- split -- too many quotes error? REALLY?

Having to switch to italics because of some stupid "too many quotes on merge" error in this forum software.


Well, true, $_GET will work as usual. Still, I see a point in showing the parsing of all parts of the URL. But you're right, that part isn't needed.

That's pretty bad. *sigh* I'll notify Roger and see if it's hard coded or a setting.
 

Well, that's not REALLY how I'd do it -- I'd have a singleton with getters, but that's a bit complicated for demo code for beginners.

 
True, true, but this code could be a method to run in that class.
 

Thing is this is a append in any case, might as well have a working demo they can integrate or work from -- Though IMHO (YMMV) this technique is too specific in function to be used as anything BUT the core of a system. Trying to mix and match or integrate it to existing code is just asking for it to be bloated, broken and insecure... Again though, YMMV. My experience says otherwise.

 
Well, yes, the core parts of the system is probably where you want this kind of functionality, That's why I wanted it to be as separated as possible while still working.
 

Which given the illegible colors, narrow little stripes, broken wordwraps of posting code on a forum, much less breaking up the code so you can't follow the logic or indents, it's HARDER to work from in my experience. That's why in addition to the .rar download there's the viewable source directory full of phps files:
http://www.cutcodedo...viewableSource/

with HEAVILY documenteds source:
http://www.cutcodedo...urce/index.phps

 
Hm. to striped? That's why I had the complete code blocks to start with, and then processing them line by line to try to explain what they do. I think that is a good way of showing what's happening, but maybe it's not so good? About colors, is it good or bad with syntax highlighting? I like it. especially in a tutorial so you can easily see the different parts of the code. But, maybe it gets the code harder to read?
 

I could see how lokilush could have had issues -- A lot of what you are doing over-complicates it -- I know how to do this, and I had trouble making sense of yours. It's... very different from what I'm used to seeing, especially all that futzing around with UTF-8 encode/decode and getData parsing; something my technique doesn't even need to bother with since $_GET is preserved/working... I didn't even figure out that's what you were doing until you mentioned it separately!

It is a good point about it polluting the global namespace though -- Was thinking it might make sense to put what I have as the $ACTION array into $_GET (you can add values to $_GET), or as you did wrap it in a function, but that's the sort of thing I'd expect people to be able to figure out on their own... again real world I'd have it in a singleton with getters, the only setter being the constructor -- so that if it's called more than once it only runs the parsing code once; but I wouldn't put that in THIS tutorial except as a 'lesson 2'... which might not be a bad idea.

Yes, the utf8 part is over-complicating things, you are right. but still, as I just said, I wanted to parse the whole URL. But still, $_GET does it for you (and even better), that's very true.

On the other hand, with just this part, it can be ran over and over again without doing any harm. just taking extra time. But of course, putting it into a initialization class will give the next level to it, as you say, lesson 2. Or 5.
 

I think that's a lot of it, we have different expectations of what people are able to figure out on their own. Comprehension varies from person to person, which is why it helps to have different views and approaches. Yours would work for some, mine others. Really there's room for both.

 
Different views on matters are always a good thing, but I believe they are better off discussed part by part like this, so each part can be discussed one by one. On the other hand, these long posts are somewhat hard to follow as well.


  • 1


#651187 Clean URLs with PHP

Posted by Orjan on 29 January 2013 - 07:01 PM

What is an URL and a Clean URL

Normally, a URL to a webpage could look something like this:

http://www.example.com/users/page.php?id=4578&do=edit

This is both user unfriendly, administrator unfriendly and SEO unfriendly, as it needs a lot to understand how it's working.

The url is divided into several parts:
  • http:// - scheme, protocol to be used
  • www.example.com - server address
  • /users - path
  • page.php - filename
  • ?id=4578&do=edit - parameter string
This isn't so nice. But you might have notices there are many sites out there whose don't look the same in the last three parts?

Many CMS as Wordpress and Drupal and many forum softwares provides something often called Clean URLs or SEO Friendly URLs
which could look like this:

http://www.example.com/users/4578/edit

Where all steering codes is removed, and only the real data is visible. It looks a lot nicer, isn't it? Say that we also replace the user id there with a user name, say "matthew", it could even look like this:

http://www.example.com/users/matthew/edit


How to achieve Clean URLs

You would need two things. First, you need a .htaccess file modifying how apache (and some other web server softwares, they might need extra addons to be able to run them)

Apache has a module named mod_rewrite which rewrites the URL from what is sent from the browser to what your PHP script actually gets. This is how the .htaccess should look like in this case:


<IfModule mod_rewrite.c>
  RewriteEngine on
  RewriteCond %{REQUEST_FILENAME} !-f
  RewriteCond %{REQUEST_FILENAME} !-d
  RewriteRule ^ index.php [L]
</IfModule>

Explaining the code:
  • First, check if the module is present, else, we can't do anything.
  • Turn on the Rewrite Engine
  • then it checks if the request filename isn't a file
  • and checks if it isn't a directory
  • Then, the RewriteRule makes a call to index.php, no matter what was written in the URL
  • Close the if statement
So, the effect is, that if the file or directory don't exist, we can let index.php deal with this call instead.

So, now, we need to deal with all this information in index.php instead:

To our help, PHP give us lots of information of the call in a special superglobal variable named $_SERVER

if you want to see what it contains, try to vardump($_SERVER) and you get a printout with much about the server and the call.

This is how a short index.php could look like, it contains the function parsing the path, and a short start code to create some good output


function parse_path() {
  $path = array();
  if (isset($_SERVER['REQUEST_URI'])) {
    $request_path = explode('?', $_SERVER['REQUEST_URI']);

    $path['base'] = rtrim(dirname($_SERVER['SCRIPT_NAME']), '\/');
    $path['call_utf8'] = substr(urldecode($request_path[0]), strlen($path['base']) + 1);
    $path['call'] = utf8_decode($path['call_utf8']);
    if ($path['call'] == basename($_SERVER['PHP_SELF'])) {
      $path['call'] = '';
    }
    $path['call_parts'] = explode('/', $path['call']);

    $path['query_utf8'] = urldecode($request_path[1]);
    $path['query'] = utf8_decode(urldecode($request_path[1]));
    $vars = explode('&', $path['query']);
    foreach ($vars as $var) {
      $t = explode('=', $var);
      $path['query_vars'][$t[0]] = $t[1];
    }
  }
return $path;
}

$path_info = parse_path();
echo '<pre>'.print_r($path_info, true).'</pre>';

First, we declare the function:

function parse_path() {

Then, make a clean variable as an empty array:
$path = array();
This is because if everything else fails, we can still return an empty array.

Check so the $_SERVER variable's post REQUEST_URI is set.
if (isset($_SERVER['REQUEST_URI'])) {
If it's not set, we can't use it, so then it would fail.

Now, we divide the variable on the questionmark, as that separates the "normal" URL from the parameters
$request_path = explode('?', $_SERVER['REQUEST_URI']);

Good, now, we read out the path to index.php for the script, say that your installation is under a directory, and not directly in the web root
$path['base'] = rtrim(dirname($_SERVER['SCRIPT_NAME']), '\/');
The info is saved in the array field named 'base', as it's the sites base path

substr takes out a part of the string, in this case everything after the base, which is followed by a slash ("/") which makes us add 1 to the length of the base
$path['call_utf8'] = substr(urldecode($request_path[0]), strlen($path['base']) + 1);
We save this names as utf8, as some non-ascii characters might be written

But the string to use, we decode the utf8 into ascii
$path['call'] = utf8_decode($path['call_utf8']);

As a safety precausion, if the call is the same thing as the script, we treat it as a blank call, returning the script name is usually not needed for the rest of the program, and if so, it can read it itself from the $_SERVER variable

if ($path['call'] == basename($_SERVER['PHP_SELF'])) {
$path['call'] = '';
}

We split the call into it's pieces for easy access:
$path['call_parts'] = explode('/', $path['call']);
Now, it's time to deal with the later part, the parameter list. We urldecode it:
$path['query_utf8'] = urldecode($request_path[1]);

And utf8 decode it
$path['query'] = utf8_decode(urldecode($request_path[1]));

The parameters is separated by an ampersand character, so we explode it into parts:
$vars = explode('&', $path['query']);

Now, we loop through each of the parameters
foreach ($vars as $var) {

With every parameter, we split it at the equal sign separating the key from the value:
$t = explode('=', $var);

Then, we save it as a normal array variable
$path['query_vars'][$t[0]] = $t[1];

Closing the foreach
}
closing the if
}

and now, let's return the whole array to the caller of the function:
return $path;

And we close the function declaration:
}

Now, we try our code:, call the function and store the returned info into an variable:
$path_info = parse_path();

Then, format it to a good readable output with <pre> tags and the print_r() function for a nice looking output
echo '<pre>'.print_r($path_info, true).'</pre>';

So, if we would call the web side using the URL
http://localhost/user/matthew/edit?language=en&hobbies=art&sport=football


The output should be:
Array
(
[base] => /
[call_utf8] => user/matthew/edit
[call] => user/matthew/edit
[call_parts] => Array
	 (
		 [0] => user
		 [1] => matthew
		 [2] => edit
	 )
[query_utf8] => language=en&hobbies=art&sport=football
[query] => language=en&hobbies=art&sport=football
[query_vars] => Array
	 (
		 [language] => en
		 [hobbies] => art
		 [sport] => football
	 )
)

see, now, we can use the 'call_parts' and the 'query_vars' wherever we want in our script instead of the $_GET and additional parameters you might have had before which isn't needed now, as the cleaner url can has it's fixed positions of the values instead.


How can this be used in a bigger, working web page?

The first of the call_parts is probably something deciding which part of the web page the user are on. Probably the name of the main menu title.
The second part is probably the second level menu title.

Say, your main menu has titles like
  • About us
  • Users
  • News
  • Products
Then you can very easily decide that each of these menus has a corresponding path in the call:
  • /about-us
  • /users
  • /news
  • /products
With a pretty easy switch statement, you can steer the code into a different include file:

switch($path_info['call_parts'][0]) {
  case 'about-us': include 'about.php';
    break;
  case 'users': include 'users.php';
    break;
  case 'news': include 'news.php';
    break;
  case 'products': include 'products.php';
    break;
  default:
    include 'front.php';
}
So in each of the different areas , we deal with the later parts of the call, if there are any..

This is hard coded now, but you could easily do a database select from a table, looking up which include file corresponds to which path.

And in, for example, the users.php, you can look up the $path_info['call_parts'][1] in the database to find information about the username, or id, if it's an id, to be displayed later on.
  • 6


#651182 See content of a webpage from a specific date

Posted by Orjan on 29 January 2013 - 03:44 PM

if you're lucky, http://archive.org/web/web.php might have indexed the site at that time. But it usually archives way more seldom than that.
  • 2


#650164 Interview: Orjan

Posted by Orjan on 17 January 2013 - 08:44 AM

I was intrigued by your phrase, "the more philosophical issues of system development." Could you expound on that?


System development isn't an exact science. You can develop the very same system using several methods ending up in a software that works the same, but has totally different solutions behind the screen. How and why you choose one method before another and personal or team/company preferences is very important in the decisions on why use a specific design method or even a slightly modified method from someone else. This often becomes, in my opinion, more philosophical issues than technical issues, you can discuss, argue and there is no perfect right or wrong.
  • 1


#649187 Interview: WingedPanther

Posted by Orjan on 04 January 2013 - 05:40 PM

Oh, you're a boardgamer as well? Cool. I don't own so many, but I'm in a student board game association at university where we gather and play board games every monday evening.
And about that wrestling game, after hearing what you said, I'll guess there will be two towels thrown into the ring before the bell goes off at the first rond...
  • 1


#648342 Creating login/registration forms with PHP

Posted by Orjan on 25 December 2012 - 07:09 AM

Is the target pages set for each user, random, or somehow organized?
  • 1


#647977 Creating A Simple Yet Secured Login/registration With Php5

Posted by Orjan on 19 December 2012 - 11:57 PM

It's pretty easy!

start every page with
session_start();

then on successful login, do
$_SESSION['login'] = true;
$_SESSION['uid'] = <the user's id from database>;

on logout, do


$_SESSION['login'] = false;
$_SESSION['uid'] = 0;

session_destroy();

then you need to start your usr variable by adding the current id to keep track of who's logged in
probably create a constructor in the Users class like

__construct($id = 0) {
// set a variable of kkeping the uid and read out the needed information from database
}

which you call with
$usr = new Users($_SESSION['uid']);
and then the main handling should work
  • 2


#644338 Graduated!

Posted by Orjan on 13 November 2012 - 06:39 AM

Today, i got my university diploma! Now' I've got a Degree of Bachelor of Science in Information Systems, three years studies is finally ended with success!examensbevis.jpg
  • 3


#644242 Creating A Simple Yet Secured Login/registration With Php5

Posted by Orjan on 12 November 2012 - 06:21 AM

yes, if following the database normalization userID must be the only primary key there... I haven't noticed that I also make the username primary key instead of making it a unique key, but this will work... my purpose is to have a unique username, I might have click the button in phpmyadmin wrong >_<

Having a primary key with both fields needs the combination to be unique, which means any username can be duplicate as long as the userID is changed, which it is if you use a autocounter for the key.

Thanks papabear and Orjan.

Any of you knows how to retrieve UserID from session or otherwise in a secure kind of way when user logs in?

I'll use UserID for MySQL INSERT statement to other table and then link table data to logged in user session for preview? TNX...


you need to store the userID in the session variable. $_SESSION['userid'] for example, then you can retrieve it from the same variable next time the page loads.
  • 1


#644236 Creating A Simple Yet Secured Login/registration With Php5

Posted by Orjan on 12 November 2012 - 04:47 AM

Sounds unnecessary to me, but both fields should be indexed unique, but only userID needs to be in primary in my opinion.
  • 2


#643944 Terminating a label in c

Posted by Orjan on 08 November 2012 - 05:53 AM

if you must use goto (which is highly disrecommended) they only do the jump. if you want to only do a certain row or part, you need to jump again later. Maybe that part should be a function instead?
  • 1




Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download