Currently, my site has a table in a database that contain user name and password. The front end has 2 textboxes and a login button. Once the user fills out those two fields and click login, it will check if user name and password is matched in the database, if so, let them in and set session variable to check through out the entier site. Is this secure enough? How do i convert this to form authentication? I don't want to throw out my login table. Can i still use it if i was to convert this to form authentication? Can anyone point me or show me how this could be done? Thanks
The standard login I use is somethig like this:
index.html:
<form action="login.php" method="post">
<table width="100%" border="0" style = "border-top: 2px solid #CCC; padding-top: 15px;">
<tr>
<td><input type="text" class="text_box" placeholder="Usuario" name="user" id="user"></td>
</tr>
<tr>
<td><input type="password" class="text_box" placeholder="ContraseƱa" name="pass" id="pass"></td>
</tr>
<tr>
<td>
<?php
show_message();
?>
<input type="submit" value="Ingresar" class="boton_submit">
</td>
</tr>
</table>
</form>
And the php...
<?php
if(isset($_POST["user"]) && isset($_POST["pass"])){
include('conect_to_database.php');
$user = $_POST["user"];
$pass = $_POST["pass"];
if(!filter_var($_POST["user"], FILTER_VALIDATE_EMAIL)) {
//Not a valid email ... sends back to login form
header( 'Location: index.php' ) ;
exit();
}
$query = "SELECT id FROM user where user = ? and pass = ? LIMIT 1";
$stmt = $mysqli->prepare($query);
$stmt->bind_param("ss", $user, $pass);
$stmt->execute();
$stmt->bind_result($id);
while ($stmt->fetch()) {
//set your session variable
header( 'Location: ../../control_panel.php' ) ;
exit();
}
//echo invalid user... sends back to login form
header( 'Location: index.php' ) ;
}
?>
I would also recommend checking for special chars in both user and password.
Also, you should never store passwords in your database. You should just store a hash of the real password using special algorithms.
Related
I am making user meta fields. I have to implement a field named business_profile and implement editor on it. I have implemented the editor but I can't seem to either save its value or retrieve it. Below is my code.
<tr>
<th>
<label for="address">Business Profile</label></th>
<td><?php
$content = get_the_author_meta('business_profile', $user->ID);
$editor_id = 'mycustomeditor';
wp_editor($content, $editor_id);
?>
</td>
</tr>
And for update:
update_usermeta($user_id, 'business_profile', $_POST['business_profile']);
Where am I wrong?
Your code should read
update_usermeta($user_id, 'business_profile', $_POST['mycustomeditor']);
since mycustomeditor is the $editor_id than this is how the $_POST variable would be named .
business_profile on the other hand is just the meta_data for user or user_meta name .
It appears you just confused the two .
I am using phpexcel library with zend framwork.
I want to send mail to user with excel file attachment, all are working good but mail send with two attachment one is duplicate, i dont know why.
here is my function which is used to export excel and send it to user
public function exportandmail($name = NULL) {
if ($name === NULL) {
$name = 'excel_' . date('Y_m_d');
}
$name = $name.'.xlsx';
$objWriter = PHPExcel_IOFactory::createWriter($this->_excel, 'Excel2007');
$objWriter->save("public/uploads/Mailexcel/".$name);
$message="<table width='90%' align='center' >
<tr>
<th height='15' style='background-color:#037296;padding:10px;color:#FFFFFF' align='left'>excel</th>
</tr>
<tr>
<td style='padding:10px'><strong>Please find the attachment. </strong>
</td>
<tr>
<td style='padding:10px'>
Thanks,
</td>
</tr>
</table>";
$mail = new Zend_Mail();
$mail->setBodyHtml($message);
$mail->setFrom('sender#gmail.com', 'sender');
$mail->addTo('user#gmail.com');
$mail->setSubject('find attachment');
$fileContents = file_get_contents("public/uploads/Mailexcel/".$name);
$file = $mail->createAttachment($fileContents);
$file->filename = "excel.xlsx";
$mail->addAttachment($file);
$mail->send();
exit;
}
Thanks in advance.
I got the solution,
In my code, i use both createAttachment and addAttachment, thats why my mail send with duplicate attachment.
Remove addAttachment and its working fine.
$fileContents = file_get_contents("public/uploads/Mailexcel/".$name);
$file = $mail->createAttachment($fileContents);
$file->filename = "excel.xlsx";
$mail->addAttachment($file); // Remove this
$mail->send();
Wordpress Email Form
Hi all
I've been using this sort of email form in a number of sites and it's always worked.
I've tried to use it in a Wordpress site but it won't
Is there any obvious reason why this approach won't work in a Wordpress site.
I need an email form that doesn't reload the contact page as the form is at the bottom.
html
<form action="#" id="contact_form">
<input type="text" id="name" placeholder="Name:">
<input type="text" id="email" placeholder="Email:">
<textarea id="message" rows="8" cols="40" placeholder="Message:"></textarea>
<input type="submit" id="submit"/>
<div id="status">
<p></p>
</div>
</form>
Jquery
$('#submit').click(function(){
//
var nameVal = $('#contact_form #name').val();
var emailVal = $('#contact_form #email').val();
var messageVal = $('#contact_form #message').val();
//
$.post('/contact_form.php', {name: nameVal, email: emailVal, message: messageVal}, function(data){
$("#status p").html(data);
$("#status p").show().fadeOut(3500);
if(data.indexOf('Thank You')==0) {document.forms[0].reset();}
});
})
php
$errors = array();
$required_fields = array('name','email','message');
foreach($required_fields as $fieldname){
if(!isset($_POST[$fieldname]) || empty($_POST[$fieldname])){
$errors[] = $fieldname;
}
}
if(empty($errors)){
$name_field = Trim(stripslashes($_POST['name']));
$name = explode(' ', $name_field);
$firstname = ucfirst($name[0]);
$email_field = Trim(stripslashes($_POST['email']));
$message = Trim(stripslashes($_POST['message']));
//
$to = "info#ttmt.org.uk";
$subject = "Email from Website";
$body = "From: $name_field\n E-Mail: $email_field\n Message:\n $message";
//
mail($to, $subject, $body);
echo "Thank You $firstname";
}else{
echo "Please complete all.";
}
--- UPDATE ---
I've got part of it working now.
Part of the problem was the jquery couldn't find the php.
I created a 'code' folder inside wp-conntent and put the php there and the jquery looks like this.
$j.post('wp-content/code/contactEngine.php', { theName:nameVal, theEmail:emailVal, theMessage:messageVal }, function(data){
Now I'm getting the returned data form the php file but the email isn't sent.
Will this not work in WP
mail($to, $subject, $body);
You cannot use $_POST['name'] within Wordpress. Using other namings for input fields will fix your issue, eventually you could use the 'Contact Form 7' Wordpress-plugin for a better user experience :-)
i working on plugin that has in back-end to add url of of site or post and short description and in front end show then in a widget,i have button for small image of post to be uploaded but it didi't work out but same code work fine in normal php...
$upload_errors = array(
// http://www.php.net/manual/en/features.file-upload.errors.php
UPLOAD_ERR_OK => "No errors.",
UPLOAD_ERR_INI_SIZE => "Larger than upload_max_filesize.",
UPLOAD_ERR_FORM_SIZE => "Larger than form MAX_FILE_SIZE.",
UPLOAD_ERR_PARTIAL => "Partial upload.",
UPLOAD_ERR_NO_FILE => "No file.",
UPLOAD_ERR_NO_TMP_DIR => "No temporary directory.",
UPLOAD_ERR_CANT_WRITE => "Can't write to disk.",
UPLOAD_ERR_EXTENSION => "File upload stopped by extension."
);
// process the form data
$tmp_file = $_FILES['file_upload']['tmp_name'];
$target_file = basename($_FILES['file_upload']['name']);
$upload_dir = "uploads";
// You will probably want to first use file_exists() to make sure
// there isn't already a file by the same name.
// move_uploaded_file will return false if $tmp_file is not a valid upload file
// or if it cannot be moved for any other reason
if(move_uploaded_file($tmp_file, $upload_dir."/".$target_file)) {
$message = "File uploaded successfully.";
} else {
$error = $_FILES['file_upload']['error'];
$message = $upload_errors[$error];
}
this is the form used to upload image
<form action='' method='post' name="text_form" onsubmit="return Blank_TextField_Validator()" enctype="multipart/form-data">
<table class='form-table'><tr valign='top'>
<th scope='row'><lable for='new_Directory_name'>Enter the Title:</lable></th>
<td><input type='text' id='newtextchange' name='newtextchange' size="100" /></br></td>
</tr>
<tr>
<th scope='row'><lable for='new_Directory_name'>Enter the Description:</lable></th>
<td><textarea rows="4" cols="50" name='textarea1'>
</textarea></br></td>
</tr>
<tr>
<th scope='row'><lable for='new_Directory_name'>Enter the URL:</lable></th>
<td><input type='text' id='newtextchange1' name='newtextchange1' size="100" /></br></td>
</tr>
<tr>
<th scope='row'><lable for='new_Directory_name'>Upload image:</lable></th>
<td> <input type="hidden" name="MAX_FILE_SIZE" value="1000000" /><input type="file" name="file_upload" /><br><br><input id='addtobow' class='button-secondary action' type='submit' value='Add to Best of web' name='submit'/></td>
</tr>
</table>
</form>
You should look at wp_handle_upload for this one.
The example given there is very usefull.
To save the url you can use the following lines:
$upload_overrides = array( 'test_form' => false );
$source = wp_handle_upload( $_FILES['file'], $upload_overrides );
if ( $source )
$input = serialize( $source );
Hope it helps!
problem is with the file upload url and this is how i fix it..,now it is working fine...
$tmp_file = $_FILES['file_upload']['tmp_name'];
$target_file = basename($_FILES['file_upload']['name']);
//$upload_dir = "D:\softwares_installed\wamp\www\wordpress\wp-content\plugins\bestofweb\uploads";
$upload_dir =ABSPATH . "wp-content/plugins/bestofweb/uploads";
$up_urlp1="/wp-content/plugins/bestofweb/uploads";
// You will probably want to first use file_exists() to make sure
// there isn't already a file by the same name.
// move_uploaded_file will return false if $tmp_file is not a valid upload file
// or if it cannot be moved for any other reason
if(move_uploaded_file($tmp_file, $upload_dir."/".$target_file)) {
//$message = "File uploaded successfully.";
//echo $upload_dir."/".$target_file;
//echo bloginfo('wpurl');
$up_url= $up_urlp1."/".$target_file;
//echo $up_url;
//if($message == "File uploaded successfully.")
// {
// $imgpath=$upload_dir.
// }
} else {
$error = $_FILES['file_upload']['error'];
// $message = $upload_errors[$error];
}
This is somewhat related to another question I've asked but I figure why not ask it seperately.
If I were to place something like the following in a view
<td><img src='<%= Url.Action( "DisplayImage" , "User" , new { id = item.id} ) %>' alt="" /></td>
Is it supposed to display this?
<td>
<img src='/User.mvc/DisplayImage?id=U00915441' alt="" />
</td>
Or would the value of the src-attribute actually be replaced with the results of the UserController GetImage Action?
It will construct the path to the action, returning a url, not the results of executing the action.
The results will be:
<td>
<img src='/User.mvc/DisplayImage?id=U00915441' alt="" />
</td>
Example code. assumes your user model has the image stored in a byte array. If you are using LINQ and the property is a Binary, then use the ToArray() method to convert it to a byte array. Note the attributes which will require that the user be logged in and using a GET request.
[Authorize]
[AcceptVerbs( HttpVerbs.Get )]
public ActionResult DisplayImage( string id )
{
var user = ...get user from database...
return File( user.Image, "image/jpeg" );
}
}