artsyL
-
Posts
48 -
Joined
-
Last visited
Posts posted by artsyL
-
-
I'm not sure what I'm missing, but the bcrypt code I have been using is generating a blank page, though I have tested for syntax errors and firebug says there are no errors.
The php on the server is definitely set to php 5.5.; The db is set to varchar (60);
Here is the only code I have changed.
I added this:
//password hash function $hash = password_hash($pw, PASSWORD_BCRYPT); if (password_verify($pw, $hash)) { // password valid! } else { // wrong password echo "wrong password"; }and I changed $pw:
$q = 'INSERT INTO users (fn, ln, username, email, pw) VALUES (?, ?, ?, ?, ?)'; $stmt = mysqli_prepare($dbc, $q); mysqli_stmt_bind_param($stmt, 'ssssss', $fn, $ln, $username, $email, $pw); mysqli_stmt_execute($stmt);
to $hash:
$q = 'INSERT INTO users (fn, ln, username, email, pw) VALUES (?, ?, ?, ?, ?)'; $stmt = mysqli_prepare($dbc, $q); mysqli_stmt_bind_param($stmt, 'ssssss', $fn, $ln, $username, $email, $hash); mysqli_stmt_execute($stmt);
-
I ended up using Plupload, in case anyone is interested. It's pretty good, but the documentation is really sparse.
-
I'm rebuilding a registration system with the model from your book, but I keep coming across articles that say SHA1, SALT, and SHA256 are not very useful anymore. Therefore, I am thinking of using scrypt, or something like it to handle encryption. Is this an overblown issue? If it is a valid concern, do you have any advice on how to implement it with the code from the book? I am using a hosted server, in case that is important for downloading etc.
-
Welp, after four days on this, I'm done (for now anyway). Your next book (I have three - just started on the "advanced..." book) really should include a tutorial on this. It seems like it should be reasonably easy to figure out, but with all the loops, counts, and array issues, there are really too many things that could go wrong. It's difficult for a semi-beginner (me) to even identify a problem.
Thanks anyway.
-
I'm officially stumped. Now I'm getting a blank screen.
Here is the state of things. I feel like I'm close, but can't quite put my finger on the problem. I thought it was the code at first (and fooled around with it forever), but then I caught a problem with the form (no [] included, duh), then I started from scratch and something went wrong somewhere.
The form:
<p>Upload images: <input type="file" name="image[]" multiple/></p>
The process:
//Check for an image if (is_uploaded_file ($_FILES['image']['tmp_name'])){ for($i=0; $i<count($_FILES['image']['name']); $i++) { //Get the temp file path $tmp = $_FILES['image']['tmp_name'][$i]; //Make sure there is a filepath if ($tmp != ""){ //Setup new file path $temp = "../../uploads/" . $_FILES['image']['name'][$i]; //Move the file over. if (move_uploaded_file($tmp, $temp)){ echo '<p class="marked"><em>The file has been uploaded!</em></p>'; //set the $i variable to the image's name $i = $_FILES['image']['name'][$i]; } else {//couldn't move the file over $errors[] = 'the file could not be moved'; $temp = $_FILES['image']['tmp_name']; } } } }else{//no uploaded file $errors[] = 'No file was uploaded'; $temp = NULL; }The Insert:
//add the image to the database $q = 'INSERT INTO image (image_name) VALUES (?)'; $stmt = mysqli_prepare($dbc, $q); mysqli_stmt_bind_param($stmt, 's', $i); foreach($_FILES['image']['name'][$i] as $i){ mysqli_stmt_execute($stmt); $img_id = mysqli_stmt_insert_id($stmt); if (mysqli_stmt_affected_rows($stmt)>0) { //print a message echo '<p class="marked">the img has been added</p>'; }else{ echo 'the img could not be added'; //Check the results if (mysqli_stmt_affected_rows($stmt)>0) { //print a message echo '<p class="marked">the image has been added</p>'; //rename the image $id = mysqli_stmt_insert_id($stmt);//Get the image id rename($temp, "../../uploads/$id"); //Clear $_POST $_POST = array(); }else{//Error! echo '<p style="font-weight:bold; color: #C00">Your submission could not be processed due to a system error.</p>'; } mysqli_stmt_close($stmt); } -
Thanks for the advice!
-
I'm afraid that I'm barely beyond "monkey see, monkey do" when it comes to query loops and I can't find an adaptable example (did I miss something in the book? I'm not quite all the way through). Would you mind adding an example, please?
-
I already have three of your books (the most recent being effortless e-commerce...), and I'm looking to add a social media aspect to my current project.
I know almost nothing about frameworks because I prefer doing things from scratch and never really looked into it. What I do know is that I would like to have it finished within a year (from scratch would take much more time); and that reviews tend to give Elgg the best reviews for what I want to accomplish. The only reason I am leaning toward Yii is that you are writing a book on it, so my question is: Would Yii be a good choice for an image heavy social media site?
-
This is where I got to since last night (adapted from http://stackoverflow.com/questions/12766035/php-upload-multiple-files):
I am getting an error from the insert query("system error"), so I think the multiple upload might actually be working. How do I loop the insert query? Should I include it in the first IF statement, or would this be hackish? Am I getting ahead of myself?
//Check for an image if(isset($_POST['image'])){ $count=0; foreach (($_FILES['image']['tmp_name']) as $file){ if (is_uploaded_file ($file)) { //create temporary file name $temp = '../../uploads/'. md5($_FILES['image']['name']); $tmp=$_FILES['image']['tmp_name'][$count]; $count=$count + 1; $temp=$temp.basename($file); //Move the file over. if (move_uploaded_file($file, $temp)){ //echo '<p class="marked"><em>The file has been uploaded!</em></p>'; //set the $i variable to the image's name $i = $_FILES['image']['name'][$count]; } else {//couldn't move the file over $errors[] = 'the file could not be moved'; $temp = $file; } } } }else{//no uploaded file $errors[] = 'No file was uploaded'; $temp = NULL; } if (empty($errors)){ //if everything is ok //add the image to the database $q = 'INSERT INTO image (image_name) VALUES (?)'; $stmt = mysqli_prepare($dbc, $q); mysqli_stmt_bind_param($stmt, 's', $i); mysqli_stmt_execute($stmt); $img_id = mysqli_stmt_insert_id($stmt); if (mysqli_stmt_affected_rows($stmt)== 1) { //print a message //echo '<p class="marked">the img has been added</p>'; }else{ echo 'the img could not be added'; } //Check the results if (mysqli_stmt_affected_rows($stmt)== 1) { //print a message //echo '<p class="marked">the image has been added</p>'; //rename the image $id = mysqli_stmt_insert_id($stmt);//Get the image id rename($temp, "../../uploads/$id"); //Clear $_POST $_POST = array(); }else{//Error! echo '<p style="font-weight:bold; color: #C00">Your submission could not be processed due to a system error.</p>'; } mysqli_stmt_close($stmt); -
HTML 5 allows this kind of multiple upload input
<p>Upload an image:</b> <input type="file" name="image" multiple/></p>
so I'm wondering, has anyone come up with a fancy fix for dealing with the extreme awkwardness of $_FILES arrays? I'm having way too much trouble figuring out a count/foreach method for this. What I have is comically incomplete because I keep trying new things, but I'm also afraid to break what I already have that works. Any suggestions?
if(isset($_POST['image'])){ $count=0 foreach (($_FILES['image']['tmp_name']) as $tmp) //This is as far as I get before becoming hopelessly confused as to what should be done next. //As you can see, the rest is pretty much from the book. if (is_uploaded_file ($_FILES['image']['tmp_name'])) { //create temporary file name $temp = '../../uploads/'. md5($_FILES['image']['name']); //Move the file over. if (move_uploaded_file($_FILES['image']['tmp_name'], $temp)){ //echo '<p class="marked"><em>The file has been uploaded!</em></p>'; //set the $i variable to the image's name $i = $_FILES['image']['name']; } else {//couldn't move the file over $errors[] = 'the file could not be moved'; $temp = $_FILES['image']['tmp_name']; } }else{//no uploaded file $errors[] = 'No file was uploaded'; $temp = NULL; } if (empty($errors)){ //if everything is ok //add the image to the database $q = 'INSERT INTO image (image_name, img_type, coll_id) VALUES (?, ?, ?)'; $stmt = mysqli_prepare($dbc, $q); mysqli_stmt_bind_param($stmt, 'ssi', $i, $it, $cid); mysqli_stmt_execute($stmt); $img_id = mysqli_stmt_insert_id($stmt); if (mysqli_stmt_affected_rows($stmt)== 1) { //print a message //echo '<p class="marked">the img has been added</p>'; }else{ echo 'the img could not be added'; } //Check the results if (mysqli_stmt_affected_rows($stmt)== 1) { //print a message //echo '<p class="marked">the image has been added</p>'; //rename the image $id = mysqli_stmt_insert_id($stmt);//Get the image id rename($temp, "../../uploads/$id"); //Clear $_POST $_POST = array(); }else{//Error! echo '<p>Your submission could not be processed due to a system error.</p>'; } mysqli_stmt_close($stmt); -
This my abridged script with an image instead of a file name, and without the file extensions, in case you are interested.
Thanks again! Love the book and the forum site!
The Javascript
<script language="JavaScript"> <!-- // Hide from old browsers. // Make a pop-up window function: function create_window (image, width, height) { // Add some pixels to the width and height: width = width + 10; height = height + 10; // If the window is already open, // resize it to the new dimensions: if (window.popup && !window.popup.closed) { window.popup.resizeTo(width, height); } // Set the window properties: var specs = "location=no, scrollbars=no, menubars=no, toolbars=no, resizable=yes, left=0, top=0, width=" + width + ", height=" + height; // Set the URL: var url = "show_image.php?image=" + image; // Create the pop-up window: popup = window.open(url, "ImageWindow", specs); popup.focus(); } // End of function. //--></script>The rest from Images
//make the query $q = 'SELECT * FROM images $r = mysqli_query($dbc, $q); //count the number of returned rows $num = mysqli_num_rows($r); if ($num >0) {//if it ran ok display records //Print how many images there are echo "<p>There are currently $num objects/works in your collection.</p>\n"; echo '<table align="center" cellspacing="5" cellpadding="5" border="1" width="85%"> <tr> <td align="left"><b>Image</b></td> <td align="left"><b>Object/Work information</b></td> </tr>'; //fetch and print all the records: $dir = '../../uploads'; // Define the directory to view. while ($row = mysqli_fetch_array($r, MYSQLI_ASSOC)) { $image = $row['img_id']; //if (substr($image, 0, 1) != '.') { // Ignore anything starting with a period. // Get the image's size in pixels: $image_size = getimagesize ("$dir/$image"); // Calculate the image's size in kilobytes: $file_size = round ( (filesize ("$dir/$image")) / 1024) . "kb"; // Make the image's name URL-safe: $image = urlencode($image); echo '<tr>'; echo "<td align=\"left\" width=\"25%\"><figure><a href=\"javascript:create_window('$image',$image_size[0],$image_size[1])\"><img src='../../uploads/$image' />"; echo '<figcaption><p>Click on the image to view in a separate window.</p></figcaption></figure></td> <td align="left"> <div><table> <tr><td style="width: 20%">Title:</td><td> '.$row['title_display'].' </tr> echo '</table></div> </td> </tr>'; } echo '</table>'; mysqli_free_result ($r); }else{//if no records returned echo '<p class="error">there are currently no images.</p>'; } mysqli_close($dbc); ?>And show_images.php
<?php # Script 10.5 - show_image.php // This page displays an image. $name = FALSE; // Flag variable: // Check for an image name in the URL: if (isset($_GET['image'])) { // Full image path: $image = "../../uploads/{$_GET['image']}"; $name = $_GET['image']; } // If there was a problem, use the default image: if (!$name) { $image = 'images/unavailable.png'; $name = 'unavailable.png'; } // Get the image information: $info = getimagesize($image); $fs = filesize($image); // Send the content information: header ("Content-Type: {$info['mime']}\n"); header ("Content-Disposition: inline; filename=\"$name\"\n"); header ("Content-Length: $fs\n"); // Send the file: readfile ($image); ?> -
Thank you!
So, just for fun I stripped the file extension IF, and it now displays everything on my browser. If I decide to be lazy and leave it like this (If I apply this to my project I will have to change and test a bunch of pages to make it work everywhere), is it going to slow down the server/browser? Will it be a huge issue in lesser used browsers (so far it works in FF and Chrome)?
By the way, do you have a book that teaches how to include navigation features in the pop-up (like pan, zoom, etc)?
-
Totally by accident, I discovered that because the image names are id numbers without image extensions, the images will not show. So here's my question. For security, is it best to strip the "make sure there is an image extension" portion of the show_images script, or should I change my upload method to include the extensions? Why?
-
Here is the test site (I'm a freshly minted digital librarian and not so freshly minted archivist, so I'm learning new skills).
(removed by user)
It has the scripts from the book and my attempts (prefaced with JS).
Thanks!
-
Did I not understand your question?
-
The page source info page is completely blank. The address bar says: www/.../show_image.php?image=1. I'm using a hosted server.
The scripts I downloaded from the book site do not work either. They result in exactly the same page source info etc. as in my last post. Could this be a server issue? Also, my javascript skills are iffy. I'm having no problems displaying images with straight-up php.
-
Should I be including <img src="">... anywhere? Did I miss something (it feels like I have combed through this thing a dozen times)?
There is no text or error message in the pop up window (I did download the "image not available" png). The page source info for the pop up window is absolutely nothing.
This is the page source info from images.php:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>JS Images</title> <script language="javascript"> <!-- //hide from old browsers //Make a pop-up window function: function create_window (image, width, height) { //Add some pixels to the width and height: width = width + 10; height = height + 10; //if the window is already open, resize it to new dimensions if (window.popup && !window.popup.closed) { window.popup.resizeTo(width, height); } //Set the window properties var specs = "location = no, scrollbars = no, menubars = no, toolbars = no,resizable = yes,left=0,top=0, width=" + width + ", height=" + height; //set the URL: var url = "show_image.php?image=" + image; //Creat the pop-up window: popup = window.open(url,"ImageWindow",specs); popup.focus(); }//end of function: //--></script> </head> <body> <p>Click on an image to view it in a separate window</p> <table align="center" cellspacing="5" cellpadding="5" border="1"> <tr> <td align="center"><b>Image Name</b></td> <td align="center"><b>Image Size</b></td> </tr> <tr> <td><a href="javascript:create_window('1',640,480)">1</a></td> <td>110kb</td> </tr> <tr> <td><a href="javascript:create_window('10',48,48)">10</a></td> <td>7kb</td> </tr> <tr> <td><a href="javascript:create_window('100',492,420)">100</a></td> <td>58kb</td> </tr> <tr> <td><a href="javascript:create_window('101',492,420)">101</a></td> <td>58kb</td> </tr> <tr> <td><a href="javascript:create_window('102',492,420)">102</a></td> <td>58kb</td> </tr> <tr> <td><a href="javascript:create_window('103',1024,768)">103</a></td> <td>606kb</td> </tr> <tr> <td><a href="javascript:create_window('11',48,48)">11</a></td> <td>7kb</td> </tr> <tr> <td><a href="javascript:create_window('12',48,48)">12</a></td> <td>7kb</td> </tr> </table> </body> </html> -
Yes, that is correct.
I have been able to get the images to display in a table, so I'm sure that the directory is correct and that the images are there.
(my php skills have strange and wild strengths and weaknesses)
-
Spoke too soon. Still having issues with the image retrieval. I has a dumb today.
Here is the show_image script:
<?php # Script 10.5 show_image.php //this page displays an image $name = FALSE; //flag variable: //Check for an image name in the URL: if(isset($_GET['image'])) { //full image path $image = "../../uploads/{$_GET['image']}"; //Check that the image exists and is a file if (file_exists($image) &&(is_file($image))) { //make sure it has an image's extension $ext = strtolower ( substr ($_GET['image'], -4)); if(($ext == '.jpg') OR ($ext == 'jpeg') OR ($ext == '.png')) { //set the name as this image $name = $_GET['image']; }//end of $ext IF }//end of file_exists IF }//end of isset($_GET[image) IF //If there was a problem, use the default image if (!$name) { $image = 'images/unavailable.png'; $name = 'unavailable.png'; } //Get the image information $info = getimagesize($image); $fs = filesize($image); //Send the content information header("Content-Type:{$info['mime']}\n"); header("Content-Disposition: inline; filename=\"$name\"\n"); header("Content-Length: $fs\n"); //send the file readfile($image); ?> -
-
Hi,
My web console (firebug) is not catching any errors (I also tried it in Chrome console), so I can't figure out why images are not loading. The pop-up window seems to be working (no errors, it pops up in different sizes according to the file).
Here is the script: it's exactly what is in the book (though the charset is utf-8 for various reasons, and the upload folder is actually two levels up).
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>JS Images</title> <script language="javascript"> <!-- //hide from old browsers //Make a pop-up window function: function create_window (image, width, height) { //Add some pixels to the width and height: width = width + 10; height = height + 10; //if the window is already open, resize it to new dimensions if (window.popup && !window.popup.closed) { window.popup.resizeTo(width, height); } //Set the window properties var specs = "location = no, scrollbars = no, menubars = no, toolbars = no,resizable = yes,left=0,top=0, width=" + width + ", height=" + height; //set the URL: var url = "show_image.php?image=" + image; //Creat the pop-up window: popup = window.open(url,"ImageWindow",specs); popup.focus(); }//end of function: //--></script> </head> <body> <p>Click on an image to view it in a separate window</p> <table align="center" cellspacing="5" cellpadding="5" border="1"> <tr> <td align="center"><b>Image Name</b></td> <td align="center"><b>Image Size</b></td> </tr> <?php #Script 10.4 - Images.php //This script lists the images in the uploads directory. $dir = '../../uploads';//Define the directory to view $files = scandir($dir);//read all the images in an array //Display each image caption as a link to the JavaScript function foreach ($files as $image) { if(substr($image, 0, 1) !='.'){//Ignore anything starting with a period //Get the image's size in pixels: $image_size = getimagesize ("$dir/$image"); //Calculate the image's size in kilobytes: $file_size = round ( (filesize("$dir/$image"))/1024) . "kb"; //Make the image's name URL-safe: $image = urlencode($image); //Print the information echo "\t<tr> \t\t<td><a href=\"javascript:create_window('$image',$image_size[0],$image_size[1])\">$image</a></td> \t\t<td>$file_size</td> \t</tr>\n"; }//end of the IF }//end of the FOREACH loop ?> </table> </body> </html> -
It turns out that it wouldn't post because $c is declared later on. I have the page organized with a validation section and a query section, so I ended up having to stick it all in the query section to get all the parts moving. If you hadn't suggested checking $stmt I would have never figured it out because I cut and pasted the query directly into the loop, so I knew it worked!
Thanks again!!!
Here is the final code:
//check for tags if (isset($_POST['tag'])) { $input = $_POST['tag']; $tags = explode(',', $input); foreach($tags as $tag) { $tag = trim($tag); //echo $tag; $q = 'INSERT INTO tag (tag_display, tag, coll_id) VALUES (?, ?, ?)'; $stmt = mysqli_prepare($dbc, $q); mysqli_stmt_bind_param($stmt, 'ssi', $input, $tag, $c); mysqli_stmt_execute($stmt); } }else{ if (isset($_POST['tag'])){//if empty $tag = NULL; $q = 'INSERT INTO tag (tag_display, tag, coll_id) VALUES (?, ?, ?)'; $stmt = mysqli_prepare($dbc, $q); mysqli_stmt_bind_param($stmt, 'ssi', $input, $tag, $c); mysqli_stmt_execute($stmt); } } -
Now it is not posting at all to the database. Do I need to create a separate variable for each loop?
Here is the updated code (switched to isset - thanks for the tip!). Here is the var_dump($input, $tags, $tag);
string(18) "Hey, ho, let's, go" array(4) { [0]=> string(3) "Hey" [1]=> string(3) " ho" [2]=> string(6) " let's" [3]=> string(3) " go" } string(3) "Hey" string(18) "Hey, ho, let's, go" array(4) { [0]=> string(3) "Hey" [1]=> string(3) " ho" [2]=> string(6) " let's" [3]=> string(3) " go" } string(2) "ho" string(18) "Hey, ho, let's, go" array(4) { [0]=> string(3) "Hey" [1]=> string(3) " ho" [2]=> string(6) " let's" [3]=> string(3) " go" } string(5) "let's" string(18) "Hey, ho, let's, go" array(4) { [0]=> string(3) "Hey" [1]=> string(3) " ho" [2]=> string(6) " let's" [3]=> string(3) " go" } string(2) "go"
//check for tags if (isset($_POST['tag'])) { $input = $_POST['tag']; $tags = explode(',', $input); }else { //if empty $tag = NULL; } if (isset ($tags)) { foreach($tags as $tag) { $tag = trim($tag); $q = 'INSERT INTO tag (tag_display, tag, coll_id) VALUES (?, ?, ?)'; $stmt = mysqli_prepare($dbc, $q); mysqli_stmt_bind_param($stmt, 'ssi', $input, $tag, $c); mysqli_stmt_execute($stmt); //var_dump($input, $tags, $tag); } } -
Here is the form input
<p><b>(optional) Add tags (separate with commas):</b> <input class="box" type="text" name="tag" size="30" maxlength="255" value="<?php if (isset($_POST['tag'])) echo htmlspecialchars($_POST['tag']); ?>"/></p> </div>
Here is the validation
//check for tags if (!empty($_POST['tag'])) { $input = $_POST['tag']; $tags = explode(',', $input); }else { //if empty $tag = NULL; } if (isset ($tags)){ foreach($tags as $tag) { $tag = trim($tag); var_dump($input, $tags, $tag); } }Here is the insert statement
$q = 'INSERT INTO tag (tag_display, tag, coll_id) VALUES (?, ?, ?)'; $stmt = mysqli_prepare($dbc, $q); mysqli_stmt_bind_param($stmt, 'ssi', $input, $tag, $c); mysqli_stmt_execute($stmt);
Encryption For Registration, Database Storage Etc.
in Effortless E-Commerce with PHP and MySQL
Posted
Thanks!
The error was "Call to undefined function password_hash()."
I had to call the hosting service to find out why it was reverting to 5.4.