Category Archives: PHP

PHP session

Posted on by

Use both Session and cookie to keep security for the website
$_COOKIE[session_name()]
the session name is stored as cookie, other variables are stored as session var

auth.php

<?php
session_set_cookie_params(7200,’/’,”,true);
session_start();
if($_SESSION[‘auth’]!=’xxx’){
session_destroy();
header(“Location: ./login.php\n\n”);
exit;
}else{
//check fingerprint
$fp = $_SERVER[“HTTP_USER_AGENT”];
$fp .= $_SERVER[“REMOTE_ADDR”];

$fp = md5($fp);
if($_SESSION[‘par’] != $fp){
header(“Location: ./login.php\n\n”);
exit;
}
}
?>

login.php
check if ID, pass are matched with those in db….then

session_start();
$_SESSION[‘user_id’] = $uid;
$_SESSION[‘grp_id’] = $gid;
$_SESSION[‘auth’] = 1;

$fp = $_SERVER[“HTTP_USER_AGENT”];
$fp .= $_SERVER[“REMOTE_ADDR”];
$_SESSION[‘remote’] = md5($fp);
header(“Location: ./index.php”);

logout.php

session_set_cookie_params(7200,’/’,”,true);
session_start();
$_SESSION = array();
if(isset($_COOKIE[session_name()])){
$params = session_get_cookie_params();
setcookie(session_name(), ”, time()-3600,
$params[“path”], $params[“domain”],
$params[“secure”], $params[“httponly”]
);
}
session_destroy();
header(“Location: ./login.php\n\n”);
exit;

session_destroy() destroy the session, and cookie will be deleted as setting the cookie lifetime as a time past

MySQL interface — PHP

Posted on by

Connect and Close connection to DB

$DB_HOST = “localhost”;

$DB_NAME = “mysql”;

$DB_USER = “mysql”;

$DB_PASS = “password”;

function conn_db(){

global $DB_HOST;

global $DB_USER;

global $DB_PASS;

global $DB_NAME;

if(!($conn = mysql_connect($DB_HOST, $DB_USER, $DB_PASS))) {

echo “Failed to connect DB”;

echo mysql_error($conn);

die;

}

if(!(mysql_select_db($DB_NAME))) {

echo “Failed to select DB”;

echo mysql_error($conn);

die;

}

return $conn;

}

function close_db($conn){

mysql_close($conn);

}

$conn = conn_db();

$sql = “select * from users where date>’20081001′ order by id”;

if (!($rs=mysql_query($sql))) {

echo mysql_error($conn);

die;

}

while ($row = mysql_fetch_array($rs)) {

echo “$row[0] $row[1]\n”;

}

problem in search

Posted on by

problem when search for “V&R”
V%26amp%3BR
%26 -> &
%3B -> ;
%26amp%3B -> &amp;

Solution: change & to encoded code in query sent to html
Add:
$srch_name=eregi_replace(“&amp;”,”%26amp%3B”,$srch_name);
before the following code
if($srch_name !=”){ $req.=”&name=$srch_name”; }
if($srch_site !=”){ $req.=”&site=$srch_site”; }

Posted in PHP

missing ; before statement

Posted on by

To check Javascript error, use Firefox Web Developer Addon

Tool -> Error Console

Got javascript error as “missing ; before statement” although there was no missing “;”

Finally found the reason is that the javascript function used number at the beginning, like

2way_func = function(){ …..}

Posted in PHP

trim

Posted on by

trim

get rid of space, \n  and \r, etc

$login = trim($_POST[‘user_login’]);

Posted in PHP

Arrays in PHP

Posted on by

To define an Array

$prod = array();
$prod = array(“a”,”b”,”c”);

$prod = array(
“prod1” => array(“id”=>”prod001″,”date” => “111208”, “name”=>”aaa”);
“prod2” => array(“id”=>”prod002″,”date” => “111108”, “name”=>”bbb”);
“prod3 => array(“id”=>”prod003″,”date” => “111008”, “name”=>”ccc”);
);

$data=array();
$data[‘id’] = 1;
$data[‘name’] = ‘John’;

To read values out

foreach($SITE as $key1 => $val1){

foreach($sval1 as $key2 => $val2){

if($key2==”id”) echo “ID: $val2[0]\n”;

}

}

foreach($data as $value){

echo $value.”\n”;

}

Push elements into Array

Posted in PHP

PHP File access

Posted on by

Read by lines

$hd = fopen(“$file”, “r”);

if($hd){

while(!feof($hd)){

$line = fgets($hd);

}

}

fclose($hd);

Read the whole file in

$hd = fopen(“$file”, “r”);if($hd){

$contents = fread($hd, filesize($file));

}

fclose($hd);

Read image in binary

if(!($img = fopen(“$img_path”,”rb”))){

echo “couldn’t open $img_path”;

die;

}

while (!feof($img)) {

$contents .= fread($img, 1024);

}

fclose($img);

###Header for image
header(“Cache-Control: public”);

if(eregi(“\.[jpg|jpeg]”,$file)){

header (“Content-type: image/jpg”);

header(“Content-Disposition: inline; filename=$file”);

#header(‘Content-Length: ‘ . filesize($img));

print $contents;

}

Posted in PHP