Page 2 of 3

Re: header not working, Do you see why?

Posted: Wed May 22, 2013 8:18 am
by xwhitchx
xwhitchx wrote:So it looks like it did not like having this include('connect.php'); In this file it has no echos of text. but I have it inside the <?php ?> tabs So what im thinking is it didn't like this. What I did to fix it was took all the content of the connect.php and just made my login page have the connection code in it, and it works just fine. But I cant help but think that this will bite me in the ass latter. Should I take the <?php tabs out of my include files?

On a side note I was playing with the sha1() with my usernames, and It will turn the username into that odd code but then how do I make it back into the username when its needed..
I think I might understand the sha1() codes now. Like you said before you store the username, but not the password. Then you just have the script change the username and password to the sha1() code and have it look in the db for that. Then when you what to display the username you just have it get the stored name. as for the password you never really see it so there is no point in saving the real text of it in the db. Now If I'm right I have some script to recode later today after I get off work.

Re: header not working, Do you see why?

Posted: Wed May 22, 2013 3:04 pm
by mecha_godzilla
The sha1() function is referred to as a one-way hash - this means that you can't reverse the process after conversion, and if you don't know what the original value was you can't retrieve it from the hashed version. In other applications, similar functions such as md5() are used to calculate checksums for files, and the algorithms are sophisticated enough that even if you just change one character or byte out of (say) a 10GB file, a completely different checksum will be generated. The important concept to understand here is that if the data is unchanged, the output from the function will always be the same. This means that you can tell whether a file has been modified or not by running it through a hashing function when you first create the file, then asking someone to run it through the same function when they receive it - if the checksums are different, the file has been modified in transmission.

Just keep in mind for future reference that if you need to provide your users with a password reminder facility, your scripts will have no way to recover the existing password from the hashed version. This is why when you need to reset your password in other web sites, they generate a new password for you or ask you to confirm your request by email and then let you choose a new password.

M_G

Re: header not working, Do you see why?

Posted: Wed May 22, 2013 4:55 pm
by xwhitchx
I do thank you for the help and telling me about the stuff to do with the passwords and username. If I happen to have any questons I will post on here. Thank you again.

Re: header not working, Do you see why?

Posted: Wed May 22, 2013 9:23 pm
by xwhitchx
So I'm using this that stop any kind of attacks but Now I cant get the emails... its takes out the @ and the . how to I tell it to only let those two work?


$email = preg_replace('/[^a-z\d ]/i', '', $_POST['email']);

Re: header not working, Do you see why?

Posted: Thu May 23, 2013 2:48 pm
by mecha_godzilla
You might be better to validate the format of the email address after using functions like trim(), strip_tags() and html_entities() first, rather than trying to sanitise it by removing unsafe characters:

Code: Select all

function validate_email_address($email_address) {
	
	if (!eregi("^[_\\.0-9a-z-]+@([0-9a-z][0-9a-z-]+\\.)+[a-z]{2,6}$", $email_address)) {
		return FALSE;
	} else {
		return TRUE;
	}
	
}
Here is another way of doing the same thing, using the in-built validation routines (requires PHP 5.2.0 or later):

Code: Select all

if (filter_var($email_address, FILTER_VALIDATE_EMAIL) == TRUE) {
	
	return TRUE;
	
} else {
	
	return FALSE;
	
}
If the format is invalid don't even run the main login query, just display an error message.

M_G

Re: header not working, Do you see why?

Posted: Fri May 24, 2013 5:07 pm
by pickle
Likely your connect.php file had spaces before or after the PHP tags like so:

=========== Beginning of file =============
<-- empty lines like this get output to the browser
<?php
?> <-- possible to have a space after the closing bracket, or a few extra lines


======== End of file ========

Also, you really should have fully qualified URLs in your header() calls. It might not have any effect, but the standards state you need a full URL.

Re: header not working, Do you see why?

Posted: Sat May 25, 2013 11:13 pm
by xwhitchx
pickle wrote:Likely your connect.php file had spaces before or after the PHP tags like so:

=========== Beginning of file =============
<-- empty lines like this get output to the browser
<?php
?> <-- possible to have a space after the closing bracket, or a few extra lines


======== End of file ========

Also, you really should have fully qualified URLs in your header() calls. It might not have any effect, but the standards state you need a full URL.

It did have spaces in the connect.php file, After removing them it seems to work fine now. I would like to know how ../index.php is even working does the .. make it look out if the folder its in? because the login file is in a folder http://website.com/pages/login.php and all I had to do was use the .. to make it got to the right spot. Sorry If its a little dumb of a question but I have never seen this work before.

Re: header not working, Do you see why?

Posted: Sun May 26, 2013 3:19 pm
by mecha_godzilla
The ".." refers to the directory below whatever directory the script is currently in (technically known as the "working directory"). So if (as you say) your login script is located at

http://website.com/pages/login.php

and you told it to redirect to

../index.php

then that should resolve to

http://website.com/index.php

Using this method, you are specifying a "relative" path to the script - this means that the location is relative to where the other script is running from. If you specify an "absolute" path to the script (as is recommended when redirecting) then you have to specify the full path.

If you had used

./index.php

instead then your script would have tried to redirect to

http://website.com/pages/index.php

because the "." refers to the current working directory. The ".." and "." symbols are easier to understand if you are familiar with MS-DOS, Un*x or Linux, because they are used at the command line when you need to change directories or run a script from the current directory.

M_G

Re: header not working, Do you see why?

Posted: Sun May 26, 2013 4:41 pm
by xwhitchx
Ok good that what I thought was going on. Is there any time that I should not do this?

Re: header not working, Do you see why?

Posted: Sun May 26, 2013 5:29 pm
by mecha_godzilla
It is good practice to use absolute paths (addresses) when you are using the header() method to redirect users to new pages, but for everything else it is better to use relative paths - if your application only uses absolute paths and you copy/move it to a different server, it might not work correctly because the domain name will be different or the location of the web root directory will be different.

If you do need to use absolute paths, what you can do is create a variable to hold the absolute path or address, like this:

Code: Select all

define('SITE_ROOT','http://website.com/');
You can then use this variable in your script like this:

Code: Select all

$page = 'index.php';
$redirected_address = 'Location: ' . SITE_ROOT . $page;
// $redirected_address now contains 'Location: http://website.com/index.php'
header ($redirected_address);
When PHP parses the script it will then replace every instance of "SITE_ROOT" with "http://website.com/". Some applications (such as WordPress) store this value in the database, whereas other applications will define this in a configuration file which is loaded by every script. Personally, I think it is better to store this type of value in a configuration file because it is easier and quicker to edit a file than it is to edit a record in a database.

M_G

Re: header not working, Do you see why?

Posted: Mon Jun 03, 2013 11:27 pm
by madhub_math
yeah header is not working some times then we need to use javascript code instead of header
<script>
window.location.href="../index.php?pages=login&login=fail";
</script>
100% it is working

Re: header not working, Do you see why?

Posted: Fri Jun 07, 2013 8:59 pm
by xwhitchx
madhub_math wrote:yeah header is not working some times then we need to use javascript code instead of header
<script>
window.location.href="../index.php?pages=login&login=fail";
</script>
100% it is working
This would work for what I'm doing very well. Also it might come in very handy in other parts of what I'm working on. Thank you for the input.

Re: header not working, Do you see why?

Posted: Fri Jun 07, 2013 9:27 pm
by xwhitchx
Things have been going good thanks to all your help. I have one bit of code that I would like to get work but sadly I don't know what to search to even try to find it. I will try to explain what I'm wanting to do and maybe you can point me to something or if the code is not as hard and long as I think its going to be you night be able to give me a sample.

I'm wanting to make it so when a user can change avatar picture by click on the options to change its face. The Thing is I don't what to make 5000 pictures of every combination that can be made. So I was thinking is there some kind of code that can take some png files what are the same size with no background and put them together and make a new picture.

eyes_1.png
Image

head.png
Image

and makes this and saves it to my server.

username_here.png
Image

Re: header not working, Do you see why?

Posted: Sat Jun 08, 2013 4:46 am
by mecha_godzilla
The easiest way to do this is just use CSS if the images can be managed in this way - the problem is that if you try and manage this with a server script you might either need to have 5000 combinations of images or you will need to manually collate these images using a graphics library *every time* that image is displayed. A better option would be to compile the custom graphics when the user creates their new account or edits their profile, and then save the custom image to your database. You could also save the images to your server provided that the filenames were unique and tied to the usernames (remembering to make sure you convert the usernames first in some way so that they are "safe" to use in the filenames).

M_G

Re: header not working, Do you see why?

Posted: Sat Jun 08, 2013 11:10 am
by xwhitchx
mecha_godzilla wrote:The easiest way to do this is just use CSS if the images can be managed in this way - the problem is that if you try and manage this with a server script you might either need to have 5000 combinations of images or you will need to manually collate these images using a graphics library *every time* that image is displayed. A better option would be to compile the custom graphics when the user creates their new account or edits their profile, and then save the custom image to your database. You could also save the images to your server provided that the filenames were unique and tied to the usernames (remembering to make sure you convert the usernames first in some way so that they are "safe" to use in the filenames).

M_G
I believe that last parts is what I was thinking of doing . so there would be a folder for the users pictures after they are saved, I'm wanting to know how to I make it so the user can make there own picture out of the png files, and then some how the code will make them into 1 file and have it save to the user_picture file. So in other words how would a compile a custom graphic?