Jump to content
Larry Ullman's Book Forums

Search the Community

Showing results for tags 'not including user expired'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Single Editions
    • Modern Javascript: Develop and Design
    • The Yii Book
    • Effortless Flex 4 Development
    • Building a Web Site with Ajax: Visual QuickProject
    • Ruby: Visual QuickStart Guide
    • C++ Programming: Visual QuickStart Guide
    • C Programming: Visual QuickStart Guide
    • Adobe AIR: Visual QuickPro Guide
  • PHP and MySQL for Dynamic Web Sites: Visual QuickPro Guide
    • PHP and MySQL for Dynamic Web Sites: Visual QuickPro Guide (5th Edition)
    • PHP and MySQL for Dynamic Web Sites: Visual QuickPro Guide (4th Edition)
    • PHP 6 and MySQL 5 for Dynamic Web Sites: Visual QuickPro Guide (3rd Edition)
    • PHP and MySQL for Dynamic Web Sites: Visual QuickPro Guide (2nd Edition)
    • PHP and MySQL for Dynamic Web Sites: Visual QuickPro Guide (1st Edition)
  • PHP for the Web: Visual QuickStart Guide
    • PHP for the Web: Visual QuickStart Guide (5th Edition)
    • PHP for the Web: Visual QuickStart Guide (4th Edition)
    • PHP for the Web: Visual QuickStart Guide (3rd Edition)
    • PHP for the World Wide Web: Visual QuickStart Guide (2nd Edition)
    • PHP for the World Wide Web: Visual QuickStart Guide (1st Edition)
  • Effortless E-commerce with PHP and MySQL
    • Effortless E-Commerce with PHP and MySQL (2nd Edition)
    • Effortless E-Commerce with PHP and MySQL
  • PHP Advanced: Visual QuickPro Guide
    • PHP Advanced and Object-Oriented Programming: Visual QuickPro Guide (3rd Edition)
    • PHP 5 Advanced: Visual QuickPro Guide (2nd Edition)
    • PHP Advanced: Visual QuickPro Guide
  • MySQL: Visual QuickStart Guide
    • MySQL: Visual QuickStart Guide (2nd Edition)
    • MySQL: Visual QuickStart Guide (1st Edition)
  • Other
    • Announcements
    • Newsletter, Blog, and Other Topics
    • Forum Issues
    • Social

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


Found 1 result

  1. here is the original code if(isset($_GET['id'])&&(strlen($_GET['id']) == 40)&&(substr($_GET['id'],0,1) !='.')){ $file =PDFS_DIR.$_GET['id']; // if all 3 conditons are true then the path is defined if(file_exists($file)&&(is_file($file))) { //SQL for the path to the pdf $q = 'SELECT title, description, file_name FROM pdfs WHERE tmp_name = "'.mysqli_real_escape_string($dbc, $_GET['id']) .'"'; $r = mysqli_query($dbc, $q); if(mysqli_num_rows($r) == 1) { // if everything is ok $row = mysqli_fetch_array($r, MYSQLI_ASSOC); $valid = true; [s]if(isset($_SESSION['user_not_expired'])){[/s] header('Content-type:application/pdf'); header('Content-Disposition:inline; filename="' .$row['file_name'] . '"'); $fs = filesize($file); header("Content-Length:$fs\n"); readfile($file); exit(); }else{ // inactive account $page_title = $row['title']; include('./includes/header.html'); echo "<h3>$page_title</h3>"; if(isset($_SESSION['user_id'])) { echo '<p class="error">Thank you for your interest in this content. Unfortunately your account has expired. Please <a href="renew.php">renew your account</a> in order to access this file</p>'; }else{ echo'<p class="error">Thank you for your interest in this content. You must be logged in as a registered user to view this file</p>'; } echo"<div>{$row['description']}</div>"; include('./includes/footer.html'); }//End of user IF-ELSE }// End of Mysqli_num_rows() IF }// End of file_exists() IF }// End of $_GET['id'] IF if(!$valid){ // if not VALID //Set $page_title to error and display an error message $page_title = "Error"; include('./includes/header.html'); echo '<p class="error">This page has been accessed in error.</p>'; include('./includes/footer.html'); } ?> the mark through code I did away with because I don't want people to pay to use this site and I have done away with this portion of the other pages so the only reason they couldn't access the pages is because they aren't logged in. I think the portion that has the line through it, which i removed or commented out is the right portion to remove to make sure that the only reason someone couldn't visit the page is because they aren't logged in. The question I guess I am asking did i think correctly or have I left a security loop hole of some sort. thanks for your help
×
×
  • Create New...