We Keep Coding

multi_query not working when creating registers on tables

The thing is that I'm trying to create multiple tables with multi_query and right after two registers in two of those tables. When I run the code the tables are created in the DB but the registers cannot be created. Te thing is that when I do everything with a simple query then the code works perfectly. I don't know what I'm missing here... here is the code:
if (isset($_POST['usercp']) && !empty($_POST['usercp'])) {
if (isset($_POST['passlogin']) && !empty($_POST['passlogin'])) {
$conn = mysqli_connect($host, $user, $pw, $db);
if (!$conn) {
echo "<script language='javascript'>alert('Usuario de CPanel incorrecto!!');window.location.href = 'http://here-a-page.com/';</script>";
}
else {
$sql = "CREATE TABLE usercp (
id INT(6) UNSIGNED AUTO_INCREMENT PRIMARY KEY,
usuario VARCHAR(30) NOT NULL
);";
$sql = $sql . "CREATE TABLE numlink (
id INT(6) UNSIGNED AUTO_INCREMENT PRIMARY KEY,
Link VARCHAR(30) NOT NULL
);";
$sql = $sql . "CREATE TABLE login (
id INT(6) UNSIGNED AUTO_INCREMENT PRIMARY KEY,
Validacion_Pass VARCHAR(30) NOT NULL
);";
$file = fopen("UsuarioCpanel.txt", "w");
fwrite($file, $UserCp . PHP_EOL);
fclose($file);
if ($conn->multi_query($sql)) {
$PassLogin = $_POST['passlogin'];
$consulta = " INSERT INTO usercp(usuario) VALUES('$UserCp');";
$consulta = $consulta . "INSERT INTO login(Validacion_Pass) VALUES('$PassLogin');";
if ($conn->multi_query($consulta)) {
header('location: index.php');
}
else{
echo "Ocurrio un error creando los registros";
}
}
else{
echo "Error creating table: " . $conn->error;
}
}
}
else{
echo "<script language='javascript'>alert('Debes poner el Password que utilizaras con el Login del Cloaking System');window.location.href = 'http://here-a-page.com/';</script>";
}
}
else {
echo "<script language='javascript'>alert('Debes poner tu Usuario de CPanel');window.location.href = 'http://here-a-page.com/';</script>";
}
I've found a solution to my problem in a question similar to mine. #furas solved this problem with a "while(){}" after every multi_query you want to do. For some reason multi_query can't be run more than once naturally. To do that you need to write this lines after every multi_query:
while( mysqli_more_results($link) ){
$result = mysqli_store_result($link);
mysqli_next_result($link);
}

I've found a solution to my problem in a question similar to mine. #furas solved this problem with a "while(){}" after every multi_query you want to do. For some reason multi_query can't be run more than once naturally. To do that you need to write this lines after every multi_query:
while( mysqli_more_results($link) ){
$result = mysqli_store_result($link);
mysqli_next_result($link);
}

Password Hashing SELECT (PHP)

Is it possible to select a hashed and salted password from MySql DB only using the posted password? If so, how?
If I hash the password this way:
$password = "blabla";
$hash = password_hash($password, PASSWORD_DEFAULT);
$hash will be, for example, $2y$10$8zzd3lj6oIPlBPnCxsU7nOmtsEFlKw/BdqTXyMgbuojjVpiEe4rVm and it will be stored in the db.
How, during a login, do I check against the hashed password column only, and only table's column, if the passwords match, having only 'blabla' as data?

A properly salted and hashed password cannot be searched for with a database query. You will have to search for the hash by username/email/... and afterwards you can verify the entered password with the found hash.
1) First query for the stored hash
SELECT passwordhash FROM users WHERE email = ?
2) Verify the entered password with the found hash
$isPasswordCorrect = password_verify($password, $existingHashFromDb);
It is the salt who makes the search impossible, it must be extracted from the stored hash before you can verify the password. Such a query would have to read each hash, extract its salt and do the hashing. Because the hash function is very slow (on purpose) the query would need ways too long to execute.

I think you mean how to select a hashed and salted password from a database then verify it with a plaintext password? If so, here is how with bcrypt.
Keep in mind, this requires PHP 5 >= 5.5.0.
Also, I recommend scrypt over bcrypt, but you have to install scrypt manually.
SQL stuff
CREATE DATABASE `example`;
USE `example`;
CREATE TABLE `users` (
`id` INT(11) NOT NULL AUTO_INCREMENT PRIMARY KEY,
`username` VARCHAR(16),
`password` VARCHAR(255)
);
Hash Class (classes/Hash.class.php)
<?php
class Hash
{
public static function make($string)
{
$options = array('cost' => 11);
return password_hash($string, PASSWORD_BCRYPT, $options)
}
public static function check($password, $hash)
{
return password_verify($password, $hash);
}
}
Database Class (classes/DB.class.php)
<?php
class DB
{
private $dbhost = '127.0.0.1';
private $dbname = 'example';
private $dbuser = 'root';
private $dbpass = 'pass';
public function Connect()
{
return new PDO('mysql:host=' . $this->dbhost . ';dbname=' . $this->dbname, $this->dbuser, $this->pass);
}
}
User Class (classes/User.class.php)
<?php
require_once('DB.class.php');
require_once('Hash.class.php');
class User
{
private $db;
public function __construct()
{
$this->db = new DB();
$this->db = $this->db->Connect();
}
public function find($username)
{
$st = $this->db->prepare('SELECT * FROM `users` WHERE `username` = :username LIMIT 1');
$st->bindParam(':username', $username, PDO::PARAM_STR);
$st->execute();
if($st->rowCount())
{
return $st->fetch(PDO::FETCH_ASSOC);
}
return false;
}
public function create($username, $password)
{
$password = Hash::make($password);
$st = $this->db->prepare('INSERT INTO `users` (`username`, `password`) VALUES (:username, :password)');
$st->bindParam(':username', $username, PDO::PARAM_STR);
$st->bindParam(':password', $password, PDO::PARAM_STR);
$st->execute();
}
public function verify($username, $password)
{
$user = $this->find($username);
if($user)
{
if(Hash::check($password, $user['password']))
{
$_SESSION['isLoggedIn'] = true;
return true;
}
}
return false;
}
public function isLoggedIn()
{
if(isset($_SESSION['isLoggedIn']))
{
return true;
}
return false;
}
}
Registration (register.php)
<?php
require_once('classes/User.class.php');
$user = new User();
if($user->isLoggedIn())
{
header('Location: index.php');
die();
}
if($_SERVER['REQUEST_METHOD'] == 'POST')
{
$username = $_POST['username'];
$password = $_POST['password'];
// Check if username and password exist
if(!isset($username) || !isset($password))
{
die('Username and password required');
}
// Check if values are not empty
if(empty($username) || empty($password))
{
die('Blank fields not allowed');
}
// Check if username length is in between 4 and 16
if(strlen($username) < 4 && strlen($username) > 16)
{
die('Username must be in between 4 and 16 characters');
}
// Check if username is alphanumeric
if(!ctype_alnum($username))
{
die('Username must be alphanumeric');
}
// Check password length
if(strlen($password) < 8)
{
die('Passwords should be at least 8 characters long');
}
// Check if username exists
$exists = $user->find($username);
if($exists)
{
die('Username already in use');
}
// Create account
$user->create($username, $password);
header('Location: login.php');
die();
}
?>
// HTML goes here
Login (login.php)
<?php
require_once('classes/User.class.php');
$user = new User();
if($user->isLoggedIn())
{
header('Location: index.php');
die();
}
if($_SERVER['REQUEST_METHOD'] == 'POST')
{
$username = $_POST['username'];
$password = $_POST['password'];
// Check if username and password exist
if(!isset($username) || !isset($password))
{
die('Username and password required');
}
// Check if values are not empty
if(empty($username) || empty($password))
{
die('Blank fields not allowed');
}
// Check if username length is in between 4 and 16
if(strlen($username) < 4 && strlen($username) > 16)
{
die('Username must be in between 4 and 16 characters');
}
// Check if username is alphanumeric
if(!ctype_alnum($username))
{
die('Username must be alphanumeric');
}
// Check password length
if(strlen($password) < 8)
{
die('Passwords should be at least 8 characters long');
}
// Try to login
$verified = $user->verify($username, $password);
if($verified)
{
header('Location: index.php');
die();
} else {
die('Invalid username/password');
}
}
?>
// HTML goes here
Logout (logout.php)
<?php
require_once('classes/User.class.php');
$user = new User();
if($user->isLoggedIn())
{
unset($_SESSION['isLoggedIn']);
}
header('Location: login.php');
die();
Index (index.php)
<?php
require_once('classes/User.class.php');
if(!$user->isLoggedIn())
{
header('Location: login.php');
die();
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<title>Welcome</title>
</head>
<body>
<h1>Menu</h1>
<ul>
<li>Logout?</li>
</ul>
</body>
</html>

How, during a login, do I check against the hashed password column only, and only table's column, if the passwords match, having only 'blabla' as data?
You can't. Password storage is designed to make many operations impossible. If you want to find a match for a password without using the user name or some other key, you will need to call password_verify on every password until you get a match. By design, this will be very slow.
Being passwords don't need to be in unique, you may have one password that matches many entries.
My guess is that this is a bad idea and not what you want.

Prepare content does not work for Sourcerer and DirectPHP

In my Joomla website, I need to execute some custom SQL queries, that have to select different titles from related categories.
Problem I have it works like option Prepare Content is turned off, so all of my content is outside HTML tags.
Module content looks like this:
{source}
<?php
$var_result = '';
$var_categories = array();
$var_category_list = array();
$db =& JFactory::getDBO();
$query = 'select * from jneg_categories where parent_id = 9';
$db->setQuery($query,0,300);
$res = $db->loadObjectList();
foreach ( $res as $row ) {
$var_categories[($row->id)] = $row->title;
$var_category_list[] = $row->id;
}
$var_category_list = implode($var_category_list, ', ');
$sql = "select * from jneg_content where catid IN (".$var_category_list.") order by `catid`";
$db->setQuery($sql,0,30000);
$res = $db->loadObjectList();
$var_current_cat = 0;
foreach ( $res as $row ) {
if ($current_cat != $row->catid) {
$current_cat = $row->catid;
echo '<h2>'.$categories[($row->catid)] . '</h2>';
echo '<br>';
}
echo $row->title;
echo '<br>';
}
?>
{/source}
Can you help me how to get proper HTML as a result of this code please.

Sourcer or other php rendering plugins don't run in html modules unless you go under the module 'options' and select 'prepare content'...
...or you can use this module and just include your php file directly:
https://github.com/idea34/mod_show

Ok, I did it with Jumi plugin - http://2glux.com/projects/jumi/usage-for-j15
Thank you anyway.

Difficulty with my form on IE

I have a website form, which works flawlessly. Except on IE 10 where it won't work at all, although strangely enough if I enable the compatibility mode, it works 90% fine.
With it on, it will submit the form and then give me an error saying there was an error (which is an internal message about the image which has not been uploaded - although the rest of the form gets uploaded).
*So, without compatibility mode on, it won't work (it will submit blank entry results without actually proceeding to the next screen).
As for with compatibility mode, it will not upload the user's image*
I assume the problem is with the process form.
<?php
include('config.php');
ini_set('error_reporting', E_ALL);
ini_set('display_errors', '1');
require_once('db.php');
$db = new db();
$cats = array();
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
if (isset($_POST['cats'])) {
$cats = implode(",", $_POST['cats']);
}
$categories = $_POST['categories'];
$str = $categories . ": " . $cats;
//echo $str;
}
$data = array();
$data[] = !empty($_POST['company']) ? $_POST['company'] : '';
$data[] = !empty($_POST['phone']) ? $_POST['phone'] : '';
$data[] = !empty($_POST['website']) ? $_POST['website'] : '';
$data[] = !empty($_POST['messagefr']) ? $_POST['messagefr'] : '';
$data[] = !empty($_POST['messageen']) ? $_POST['messageen'] : '';
$data[] = !empty($str) ? $str : '';
$data[] = !empty($_POST['profession']) ? $_POST['profession'] : '';
$data[] = !empty($_POST['manufacturiers_stand']) ? $_POST['manufacturiers_stand'] : '';
$data[] = !empty($_POST['percent_quebec']) ? $_POST['percent_quebec'] : '';
$data[] = !empty($_POST['percent_canada']) ? $_POST['percent_canada'] : '';
$data[] = !empty($_POST['percent_usa']) ? $_POST['percent_usa'] : '';
$data[] = !empty($_POST['percent_autre']) ? $_POST['percent_autre'] : '';
$data[] = !empty($_POST['bt_export']) ? $_POST['bt_export'] : '';
$data[] = !empty($_POST['bt_exporte_souhaite']) ? $_POST['bt_exporte_souhaite'] : '';
$data[] = !empty($_POST['bt_prod_verts']) ? $_POST['bt_prod_verts'] : '';
$data[] = !empty($_POST['bt_new_prod']) ? $_POST['bt_new_prod'] : '';
$data[] = !empty($_POST['name']) ? $_POST['name'] : '';
$data[] = !empty($_POST['email']) ? $_POST['email'] : '';
$data[] = !empty($_POST['resource_phone']) ? $_POST['resource_phone'] : '';
$data[] = !empty($_POST['personne_ressource']) ? $_POST['personne_ressource'] : '';
$data[] = !empty($_POST['backup_name']) ? $_POST['backup_name'] : '';
$data[] = !empty($_POST['backup_email']) ? $_POST['backup_email'] : '';
$data[] = !empty($_POST['backup_phone']) ? $_POST['backup_phone'] : '';
$result = $db->query("INSERT INTO form_corpo_test (compagnie,
telephone,
site_web,
texte_fr,
texte_en,
categories,
profil_exposant,
stands_du_manufacturier,
pourcentage_quebec,
pourcentage_canada,
pourcentage_usa,
pourcentage_autre,
exporte,
exporte_souhaite,
produits_vert,
nouveau_produits,
nom,
courriel,
telephone_ressource,
personne_ressource_c_toi,
autre_personne_ressource,
autre_courriel,
autre_telephone)
VALUES (?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?)", $data);
if (!$result) {
echo 'Veuillez nous contactez si vous voyez ce message';
}
$pic = ($_FILES['photo']['name']);
$pic = (mysql_real_escape_string($_FILES['photo']['name']));
$dirPath = $_POST['company'];
$dirExists = is_dir($dirPath);
if (#!dirExists)
$dirExists = mkdir($dirPath, 0755);
#$result = mkdir($dirPath, 0755);
if ($result == 1) {
echo '<br/>' . 'Le dossier ' . $dirPath . " a été créer" . '<br/>';
} else {
echo '<br/>' . "Le dossier " . $dirPath . " n'a PAS été créer car il existe déja" . '<br/>';
}
$folder_name = $dirPath;
$folder = $folder_name . '/';
$folder = $folder . basename($_FILES['photo']['name']);
if ($_FILES["photo"]["size"] >= 10485760) {
echo "F2";
die();
}
if (move_uploaded_file($_FILES['photo']['tmp_name'], $folder)) {
echo '<br/>' . "Le fichier " . basename($_FILES['photo']['name']) . " a été téléchargé" . '<br/>' . '<br/>' . "Et nous avons bien recu votre formulaire!" . '<br/>';
} else {
echo '<br/>' . "Désolé, mais il y a eu une erreur." . '<br/>';
}
?>
Upon the request of posting my form here (it was too long by 2,000 characters), so I posted it on a fiddle:
http://jsfiddle.net/NdRJV/
EDIT:
As Zeeba suggested, I forced the IE to read another browser:
I used
<meta http-equiv="X-UA-Compatible" content="IE=EmulateIE9">
But, to read more on the topic, anyone else in need of this can visit:
What does <meta http-equiv="X-UA-Compatible" content="IE=edge"> do?

try adding this to you meta tags
<meta http-equiv="X-UA-Compatible" content="IE=edge" >

using simple xml to read parts of an html page returns warning's / notice of non-object, and need to fix this [duplicate]

This question already has answers here:
PHP SimpleXML: How can I load an HTML file?
(4 answers)
Closed 9 years ago.
Okay so I've been working on this little script which is bascially scrapping a page from ted.com everything works as i want it to (meaning I can print out all values that I am interested in), The problem is for some reason i get these warning when running the scraper but am unsure as to why as the values the notice / warning occer on are printed out properly
PHP Warning: dom_import_simplexml() expects parameter 1 to be object, null given in /var/www/ted/import_ted.php on line 23
PHP Notice: Trying to get property of non-object in /var/www/ted/import_ted.php on line 23
PHP Notice: Undefined offset: 1 in /var/www/ted/import_ted.php on line 25
PHP Notice: Trying to get property of non-object in /var/www/ted/import_ted.php on line 27
and this is my actually php script (I've commented lines where warning's and Notice)
<?php
$mysqli = mysqli_connect("localhost", "user", "password", "database");
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$html = file_get_contents('http://www.ted.com/talks/quick-list?sort=date&order=desc');
$doc = new DOMDocument();
$doc->loadHTML($html);
$sxml = simplexml_import_dom($doc);
$rows = $sxml->xpath('//tr');
$description="not_available";
$ted_link="none";
$i=0;
//$stmt = $mysqli->prepare("INSERT INTO `ted` VALUES( ?, ?, ?, ?, ?, ?, ?)");
foreach($rows as $row) {
$video = Array();
$video['pub_date']= $row->td[0];
$video['event'] = $row->td[1];
$sec_temp = explode(":" , dom_import_simplexml($row->td[2])->textContent );//line23
$video['speaker'] = $sec_temp[0];
$video['title'] = $sec_temp[1]; //line 25
$video['duration'] = $row->td[3];
$video['link'] = $row->td[4]->a[2]['href']; //line27
print( "\n line Number: " . $i . "title: " . $video['title']);
print ("link: " .$video['link']);
if($i != 0){
// $stmt->bind_param("sssssss", $video['event'], $video['speaker'], $video['title'], $description, $ted_link, $video['link'], $description, $video['pub_date'] );
// $stmt->execute();
}
$i++;
}
// $stmt->close();
?>
Okay so Like I said Everything prints out what I am expecting including $video['title'] which generates an undefined offset for some reason. The problem is until I can make these variable "objects" I cannnot bind them as parameters to mysqli query. However I can't seem to figure out how to do this?
also incase relevent here is a snippet of a table row incase this is the problem (which I do not think it is )
<tr>
<td>Jun 2013</td>
<td>TEDGlobal 2013</td>
<td>Manalal-Sharif: A Saudi woman who dared to drive </td>
<td>14:16</td>
<td>Low | Regular | High</td>
</tr>
Note also I have tried using settype($var, "object") before binding with no luckeither (though reurned true)
Anyways any help with how I can get this to work would be greatly appreciated!

<?php
$html = file_get_contents('http://www.ted.com/talks/quick-list?sort=date&order=desc');
$doc = new DOMDocument();
$doc->loadHTML($html);
$sxml = simplexml_import_dom($doc);
$rows = $sxml->xpath('//tr');
/* print_r($rows);
die(); */
$description="not_available";
$ted_link="none";
$i=0;
//$stmt = $mysqli->prepare("INSERT INTO `ted` VALUES( ?, ?, ?, ?, ?, ?, ?)");
foreach($rows as $row) {
//first object is th not an td
if(isset($row->th))
{
echo $row->th[1]->a;
echo $row->th[2]->a;
echo $row->th[3]->a;
echo $row->th[4];
}else{
$video['pub_date']= $row->td[0];
$video['event'] = $row->td[1];
$sec_temp = explode(":" , $row->td[2]->a);//line23
$video['speaker'] = $sec_temp[0];
$video['title'] = $sec_temp[1]; //line 25
$video['duration'] = $row->td[3];
$video['link'] = $row->td[4]->a[2]['href']; //line27
print( "\n line Number: " . $i . "title: " . $video['title']);
print ("link: " .$video['link']);
if($i != 0){
// $stmt->bind_param("sssssss", $video['event'], $video['speaker'], $video['title'], $description, $ted_link, $video['link'], $description, $video['pub_date'] );
// $stmt->execute();
}
$i++;
}
}