protected function cleanAndPost() { for ($n = 0; $n < count($this->message_information); $n++) { //clean left and white white space, escape the string for the Database $this->message_information[$n] = Sanitize::prepForDatabase(Sanitize::clearWhiteSpaceLR($this->message_information[$n])); } $d = new Database(); $d->open('hacker_blog'); //check for duplicates $chx = $d->q("SELECT * FROM user_messages WHERE user_messages.message = '{$this->message_information[2]}'"); if ($chx && $d->numrows() <= 0) { // id in the messages field is for the user's uid or user_id, depending on how you are moving forward with your code $s = $d->q("INSERT into user_messages\n\t\t\t\t \t\t(user_message_id,first_name,last_name,id,message,type,added_on) VALUES\n\t\t\t\t\t\t(NULL,'{$this->message_information[0]}','{$this->message_information[1]}',NULL,'{$this->message_information[2]}','{$this->type}',now())"); if ($s) { //echo 'made it through gauntlet. Added info into Database.'; $this->passed = true; } else { $this->passed = false; } } else { //echo 'You have already made a comment like this.'; $this->passed = false; } $d->close(); //print_r($this->message_information); }
<?php require_once '../blog/includes/session.php'; require_once '../blog/classes/clsDatabase.php'; require_once '../blog/classes/clsSanitize.php'; if ($_POST['login']) { //print_r($_POST); // sanitize $login = Sanitize::clearWhiteSpaceLR($_POST['login']); //$password = Sanitize::clearWhiteSpaceLR($_POST['password']); $password = strtolower(Sanitize::clearWhiteSpaceLR($_POST['password'])); //echo $login.' '.$password; // test if in Database as well $d = new Database(); $d->open('hacker_blog'); $s = $d->q("SELECT * FROM user WHERE user.username = '******' AND user.password = sha1('{$password}') LIMIT 0,1"); if ($s && $d->numrows() > 0) { //mysql fetch assoc $info = $d->mfa(); //print_r($info); //$info = associative array $_SESSION['loggedin'] = true; // concat first and last name $name = $info['user_first_name'] . ' ' . $info['user_last_name']; //echo "NAME: $name"; $_SESSION['loggedin'] = true; $_SESSION['user_full_name'] = $name; $_SESSION['user_quick_name'] = $info['user_first_name']; $_SESSION['user_id'] = $info['id']; //echo '<a href="/week_eight/secret_loggedin_area.php">Manual Override</a>'; header("Location: /week_eight/secret_loggedin_area.php");
<?php //main application methods require_once 'classes/clsNavigation.php'; require_once 'classes/clsSanitize.php'; //require_once 'helpers/application_helper.php';//used for some neat tricks and what not (db side of things!) $nav = new Navigation(); $simple_navigation = "<ul><li><a href=\"javascript:void(0);\">Action</a></li></ul>"; //$new = $nav->createNavigation("Box Office", "/blog/box_office", 1,2); //use php to have gui access to your database $bad_string = " chicken little "; // good string $good = Sanitize::clearWhiteSpaceLR($bad_string); if (Sanitize::checkSize($good)) { echo 'Our Word has passed the length test'; } if (Sanitize::isEmailFormat('*****@*****.**')) { echo 'Your Email is valid'; }