Here is my code for "forget password" module in my website. I want to check on xampp server,before deploying to live server, whether mails are sent and received. Currently its not working at all. I have made required changes into php.ini and sendmail.ini. Can somebody plz let me know where am i going wrong..
<?php
#session_start();
require("includes/config.php");
require("classes/Database.class.php");
require("classes/security_functions.php");
include('classes/ps_pagination.php');
require_once('classes/validation.class.php');
require("classes/site_functions.php");
$obj = new validation();
$db = new Database(DB_SERVER, DB_USER, DB_PASS, DB_DATABASE);
$sec = new security_functions($db);
$fnc=new site_functions($db);
$errmsg = '' ;
$succmsg = '' ;
if(isset($_POST['btnRecovery']))
{
$email = mysqli_real_escape_string($db->link_id,(trim($_POST['email'])));
if(empty($email))
{
$errmsg .= 'Please Enter Email<br>';
}
if(!empty($email)){
if (!preg_match('/^[-._a-zA-Z0-9]+#[a-zA-Z0-9-._]+\\.[a-zA-Z]{2,4}$/', $email) || strlen($email) < 8 || strlen($email) > 100)
$errmsg .= 'Please Enter Valid Email ID<br>';
}
$check1= $fnc->fieldTocheckPassword("tbl_user","email",$email, 3);
if(!empty($check1))
{
$errmsg .= 'Please Enter your registered Email ID<br>';
}
if(empty($check1))
{
$password1 = time()+rand(0, 9) ;
$password = md5($password1) ;
$res = mysqli_query($db->link_id,"UPDATE tbl_user SET password = '$password', raw_password='$password1' WHERE email = '$email' AND type = 3");
$msg = '<table width="600" style="border:solid; color:#006200;">
<tr><td colspan="3" align="left">Dear User, <br>
Your Login Details are as given below:</td></tr>
<tr><td>Login Id:</td><td>:</td><td>'.$email.' </td></tr>
<tr><td>Password:</td><td>:</td><td>'.$password1.' </td></tr>
<tr><td style="height:40px;" colspan="3"></td></tr>
<tr><td colspan="3">Team</td></tr>
<tr><td colspan="3">AAFM</td></tr>
<tr><td style="height:40px;" colspan="3"></td></tr>
<tr><td colspan="3">Note: We recommend you to please reset your password while login.</td></tr>
</table>';
$subject = "Password Recovery from AAFM";
$headers ='MIME-Version: 1.0' . "\r\n".
'Content-type: text/html; charset=iso-8859-1' . "\r\n".
'From: no-reply#aafm.com"\r\n"' .
'Reply-To: ravinsoam#gmail.com' . "\r\n" .
'X-Mailer: PHP/' . phpversion();
ini_set('smtp_port',587);
mail($email, $subject, $msg, $headers) ;
$succmsg = "Please Check you Email.<br>Password has been send on your email id.<br>Please check your inbox/ spam folder." ;
}
}
?>
<!DOCTYPE html>
<html>
<head>
<!-- Meta -->
<title>AAFM</title>
<!-- CSS -->
<link href='http://fonts.googleapis.com/css?family=Open+Sans:300italic,400italic,600italic,700italic,800italic,300,400,600,700,800' rel='stylesheet' type='text/css'>
<link rel="stylesheet" type="text/css" href="engine1/style.css" />
<link rel="stylesheet" type="text/css" href="css/hover.css" />
<script type="text/javascript" src="engine1/jquery.js"></script>
</head>
<body>
<!-- Start WOWSlider.com BODY section -->
<div id="wowslider-cover"> </div>
<div id="wowslider-container1">
<div class="ws_images">
<ul>
<li><img src="data1/images/01.jpg" alt="167160841" title="167160841" id="wows1_1"/></li>
<li><img src="data1/images/02.jpg" alt="101698382" title="101698382" id="wows1_2"/></li>
<li><img src="data1/images/03.jpg" alt="146820126" title="146820126" id="wows1_3"/></li>
</ul>
</div>
<span class="wsl">DHTML Slideshow by WOWSlider.com v5.2</span>
<div class="ws_shadow"></div>
</div>
<script type="text/javascript" src="engine1/wowslider.js"></script>
<script type="text/javascript" src="engine1/script.js"></script>
<!-- End WOWSlider.com BODY section -->
<form action="" method="post">
<div class="loginPanel">
<div class="loginPanelContent FormDiv">
<div class="div_1_of_1"><img src="images/logo-1.png"></div>
<!--<div class="div_1_of_1 LH1">My Payroll Online</div>-->
<div class="div_1_of_1"><div class="error">
<?php
if($errmsg !="")
{
echo ucwords($errmsg );
}
?>
<?php
if($succmsg !="")
{
echo ucwords($succmsg );
}
?> </div>
<input type="text" placeholder="Email" name="email" required="email" id="username">
</div>
<div class="div_1_of_1" style=" margin-bottom:0;">
<ul class="loginUl">
<li><input name="btnRecovery" type="submit" class="button curl-top-right2" style="width:100%" value="Submit" /></li>
<li>Existing User ?</li>
</ul>
<div class="div_1_of_1" style="display:none;">
Forgot Password ?
</div>
</div>
</div>
</div>
</form>
<!-- Footer -->
<div id="footer" class="clearfix">© 2016 - AAFM India - All Rights Reserved.</div>
<!-- /Footer -->
</div>
<script language="javascript" type="text/javascript">
$(document).ready( function() {
$('#ForgotPassword').click( function() {
if( !$("#username").val() ) { alert("Please enter your username!") }
else { alert("Password has been sent to your email address!") }
});
});
</script>
</body>
</html>
What is your XAMP configuration ?
by default, the file xampp\sendmail\sendmail.ini, contains the line
smtp_server=mail.mydomain.com
You need to change to
smtp_server=localhost
Related
This question already exists:
How do I make my php not send form data to mysql if it doesn't meet criteria?
Closed 4 years ago.
As stated in the above title, I am completely perplexed as to why my site doesn't insert the data into my database (and yes I've made all the necessary columns and stuff). It is probably related to the radio buttons and the "Preke" tag so if you see anything I've messed up on, it'd help me out a lot!
Hese is my code:
<!DOCTYPE HTML>
<?php
// define variables and set to empty values
$VarErr = $PavErr = $AdErr = $PreErr = $PkErr = $KiekErr = "";
$Vardas = $Pavarde = $Adresas = $Preke = $Pk = $Kiekis = "";
?>
<html class="no-js" lang="en">
<head>
<title>Dailės parduotuvė</title>
<meta charset="UTF-8">
<meta http-equiv="x-ua-compatible" content="ie=edge">
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css" integrity="sha384-Gn5384xqQ1aoWXA+058RXPxPg6fy4IWvTNh0E263XmFcJlSAwiGgFAW/dAiS6JXm" crossorigin="anonymous">
<link rel="stylesheet" type="text/css" href="css/stilius.css">
</head>
<body class="content ">
<div class="container">
<nav class="navbar navbar-expand-lg navbar-dark ">
<a class="navbar-brand" href="index.html">Kauno dailė</a>
<button class="navbar-toggler" type="button" data-toggle="collapse" data-target="#navbarSupportedContent">
<span class="navbar-toggler-icon"></span>
</button>
<div class="collapse navbar-collapse" id="navbarSupportedContent">
<ul class="navbar-nav ml-auto">
<li class="nav-item">
<a class="nav-link" href="Visos.html">Visos prekės</a>
</li>
<li class="nav-item">
<a class="nav-link" href="Uzsakymas.php">Užsisakymas</a>
</li>
<li class="nav-item">
<a class="nav-link" href="#">Kontaktai</a>
</li>
</ul>
</div>
</nav>
<div>
<div class="content sm-4 text-center">
<h2>Užsisakymo forma</h2>
<p><span class="error">* privalomi laukai</span></p>
<form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>">
<p class="text-center">Vardas</p><br>
<input type="text" name="Vardas" value="<?php echo $Vardas;?>">
<span class="error">* <?php echo $VarErr;?></span>
<p class="text-center">Pavarde</p><br>
<input type="text" name="Pavarde" value="<?php echo $Pavarde;?>">
<span class="error">* <?php echo $PavErr;?></span>
<p class="text-center">Adresas</p><br>
<input type="text" name="Adresas" value="<?php echo $Adresas;?>">
<span class="error">* <?php echo $AdErr;?></span><br>
Prekės rūšis:<br>
<input type="radio" name="Preke" value="Vienišas(-a)" checked>Dažai(5€)<br>
<input type="radio" name="Preke" value="Susituokęs(-usi)">Teptukas(2€)<br>
<input type="radio" name="Preke" value="Išsiskyręs(-usi)">Pieštukas(2€)<br>
<input type="radio" name="Preke" value="Našlys(-ė)">Ofiso įrankis(1€)<br>
<span class="error">* <?php echo $PreErr;?></span>
<br>
<p class="text-center">Prekės kodas</p><br>
<input type="number" name="Pk" value="<?php echo $Pk;?>">
<span class="error">* <?php echo $PkErr;?></span>
<p class="text-center">Kiekis</p><br>
<input type="number" name="Kiekis" value="<?php echo $Kiekis;?>">
<span class="error">* <?php echo $KiekErr;?></span>
<br>
<!-- Input For Add Values To Database-->
<input type="submit" name="insert" value="Užsisakyti">
</div>
</div>
<div class="content py-5">
<?php
if ($_SERVER["REQUEST_METHOD"] == "POST") {
if (empty($_POST["Vardas"])) {
$VarErr = "Įveskite vardą";
} else {
$Vardas= test_input($_POST["Vardas"]);
// check if name only contains letters and whitespace
if (!preg_match("/^[a-zA-Z ]*$/",$Vardas)) {
$VarErr = "Galima vesti tik su raidėmis";
}
}
if (empty($_POST["Pavarde"])) {
$PavErr = "Įveskite pavardę";
} else {
$Pavarde = test_input($_POST["Pavarde"]);
// check if name only contains letters and whitespace
if (!preg_match("/^[a-zA-Z ]*$/",$Pavarde)) {
$PavErr = "Galima vesti tik su raidėmis";
}
}
if (empty($_POST["Adresas"])) {
$AdErr = "Įveskite adresą";
} else {
$Adresas= test_input($_POST["Adresas"]);
}
}
if (empty($_POST["Preke"])) {
$PreErr = "Pasirinkite prekės tipą";
} else {
$Preke = test_input($_POST["Preke"]);
}
if (empty($_POST["Pk"])) {
$Pk = "Įveskite prekės kodą";
} else {
$Pk = test_input($_POST["Pk"]);
}
if (empty($_POST["Kiekis"])) {
$KiekErr = "Įveskite kiekį";
} else {
$Kiekis = test_input($_POST["Kiekis"]);
}
function test_input($data) {
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
$host = "localhost";
$user = "root";
$password ="";
$database = "uzsakymas";
try{
$connect = mysqli_connect($host,$user,$password,$database);
}
catch(mysqli_sql_exception $ex){
echo 'database connection error';
}
//insert
if(isset($_POST['insert'])) {
$Vardas = $_POST['Vardas'];
$Pavarde = $_POST['Pavarde'];
$Adresas = $_POST['Adresas'];
$Preke = $_POST['Preke'];
$Pk = $_POST['Pk'];
$Kiekis = $_POST['Kiekis'];
$insert_query = "INSERT INTO uzsakymai (Vardas,Pavarde,Adresas,Preke,Pk,Kiekis,)VALUES('$Vardas','$Pavarde','$Adresas','$Preke','$Pk','$Kiekis')";
try {
$insert_result = mysqli_query($connect,$insert_query);
if($insert_result){
if(mysqli_affected_rows($connect) > 0)
{
echo 'Data Inserted';
}else{
echo'Data not Inserted';
}
}
} catch(Exception $ex) {
echo 'Error Insert'.$ex->getMessmessage();
}
}
?>
</div>
<div class = "footer py-5 bg-secondary">
</div>
<script src="https://code.jquery.com/jquery-3.2.1.slim.min.js" integrity="sha384-KJ3o2DKtIkvYIK3UENzmM7KCkRr/rE9/Qpg6aAZGJwFDMVNA/GpGFF93hXpG5KkN" crossorigin="anonymous"></script>
<script src="https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js" integrity="sha384-ApNbgh9B+Y1QKtv3Rn7W3mgPxhU9K/ScQsAP7hUibX39j7fakFPskvXusvfa0b4Q" crossorigin="anonymous"></script>
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js" integrity="sha384-JZR6Spejh4U02d8jOt6vLEHfe/JQGiRRSQQxSfFWpi1MquVdAyjUar5+76PVCmYl" crossorigin="anonymous"></script>
</body>
</html>
Your problem is in 'input value' properties. You set it to empty variables. Remove value from input tag like this:
<p class="text-center">Vardas</p><br><input type="text" name="Vardas" placeholder="Vardas">
it should work. About your MySQL queries, they are vulnerable for SQL Injections attack. Use PDO to protect against SQL Injections.
You have already inserted values and if you want to use values="". Then, in your SQL, you should UPDATE and not INSERT. Also,as rpm192 stated above you should use parameterized queries, otherwise you will face SQL injections. Good Luck!
Is post-redirect-get a new thing because there is not a lot of info on it that I could understand anyway...
My code is your basic php password script..
<?php
//put sha1() encrypted password here - example is 'hello'
$password = 'aaf4c61ddcc5e8a2dabede0f3b482cd9aea9434d';
session_start();
if (!isset($_SESSION['loggedIn'])) {
$_SESSION['loggedIn'] = false;
}
if (isset($_POST['password'])) {
if (sha1($_POST['password']) == $password) {
$_SESSION['loggedIn'] = true;
} else {
die ('Incorrect password');
}
}
if (!$_SESSION['loggedIn']): ?>
<html><head><title>Login</title>
<link href="mainstyle.css" rel="stylesheet" type="text/css" title="1">
<style>
#formenclosure {
width: 300px;
height:300px;
margin-top:50px;
margin-left:auto;
margin-right:auto;
color:fff;
}</style>
</head>
<div id="header">
<div id="logo">
<img src="images/zlogo1.png" width="36" height="42"
title=<?php echo '"' . $_SERVER['HTTP_USER_AGENT'] .'"' ?>"
>
</div>
<div id="enterprise">Palladium Z1 <span style="color:gold"> <?php echo $host ?></span></div> <p id='hmsg'></p>
</div>
<?php
// Check the browser level and warn users if it looks wrong (not chrome or FF or too old an FF)
// swap the beginning comments between the next two IF statements to see how the message looks.
if (strpos($_SERVER['HTTP_USER_AGENT'],'Firefox/3.')>0
||( strpos($_SERVER['HTTP_USER_AGENT'],'Firefox')==0
&& strpos($_SERVER['HTTP_USER_AGENT'],'Chrome' )==0
)
) {
// if (strpos($_SERVER['HTTP_USER_AGENT'],'Firefox/4')>0) { /* for testing */
// echo " Unsupported Browser:" . $_SERVER['HTTP_USER_AGENT'] . "\n\n";
echo " Page best viewed with Chrome or Firefox (38.5 or later).";
}
?>
</div>
<body>
<div id="formenclosure">
<fieldset>
<legend>You need to login</legend>
<form method="post">
Password: <input type="password" name="password"> <br />
<input type="submit" name="submit" value="Login">
</form>
</fieldset>
</div>
<div id="footer">
<div id='cadencelogo' title='Versions: <?php echo $verall ?>' >
<img src="images/logocadence.jpg" width="160" height="36">
</div>
</div>
</body>
</html>
<?php
exit();
endif;
?>
I've tried different methods but this seems to be the exact method I need but instead of a command it's more like a proceedure. Can anyone help?
Just add header("Location: ".$_SERVER["PHP_SELF"]); after $_SESSION['loggedIn'] = true;
So I'm getting an error:
Parse error: syntax error, unexpected $end in C:\xampp\htdocs\CWoW\add.php on line 97 in my code.
<!DOCTYPE html>
<html>
<head>
<meta charset="utf8">
<link rel="stylesheet" href="main.css">
<link rel="stylesheet" href="default.css">
<link rel="stylesheet" href="cms.css">
<title>ACP</title>
</head>
<body>
<?php
if(isset($_POST['add']))
{
$dbhost = 'localhost:3306';
$dbuser = 'root';
$dbpass = '';
$mysqli = new mysqli('localhost','root','','meh') or die("Error " . mysqli_error($mysqli));
if(empty($_POST['title'])) {
echo 'The title must not be empty!<br/>';
} else if(empty($_POST['message'])) {
echo 'The message field must not be empty!<br/>';
} else if(empty($_POST['author'])) {
echo 'A poster name is required!<br/>';
} else {
if(! get_magic_quotes_gpc() )
{
$title = addslashes ($_POST['title']);
$message = addslashes ($_POST['message']);
$author = addslashes ($_POST['author']);
}
else
{
$title = $_POST['title'];
$message = $_POST['message'];
$author = $_POST['author'];
}
if ($query = $mysqli->query("INSERT INTO etl_articles (title, message, author) VALUES ('{$title}', '{$message}', '{$author}');")) {
echo "The post has successfully been added! <a href='add.php'>Click Here</a> to go back.";
} else {
echo 'Failed to add the post!';
$query->close;
}
}
}
else
{
?>
<div id="logo_div">
<a id="logo_anch" href="#" title="Project Hysteria">Project Hysteria</a>
</div>
<ul id="top_menu">
<li>Home</li>
</ul>
<div id="main">
<aside id="right">
<div id="main_sep"></div>
<div id="content_ajax">
<form method="post" action="<?php $_PHP_SELF ?>" class="custom2">
<article>
<div class="top"><input name="title" type="text" placeholder="» Title" /></div>
<section class="body">
<div class="clear"></div>
<div class="news_bottom">
<textarea name="message" placeholder="» Message"></textarea><br><br>
<select name="author">
<option value="Admin">Admin</option>
<option value="Moderator">Global Moderator</option>
<option value="Developer">Developer</option>
</select><br><br>
<input name="add" type="submit" value="Submit News" />
</div>
<div class="comments" id="comments_17"></div>
</section>
</article>
</div>
</aside>
<div class="clear"></div>
</div>
</form>
<footer>
<p>© Copyright 2013 Caustic WoW</p>
<p id="design"> <a target="_new" href=""></a></p>
</footer>
</section>
</body>
</html>
I can't seem to find the problem really.
If any of you guys can help me that would be great.
You have a syntax error in your code : there is an opening brace { after else statement but the closing } is missing.
Replace
else
{
?>
with
else;
?>
or
else{}
?>
This question is unlikely to help any future visitors; it is only relevant to a small geographic area, a specific moment in time, or an extraordinarily narrow situation that is not generally applicable to the worldwide audience of the internet. For help making this question more broadly applicable, visit the help center.
Closed 9 years ago.
I've an upload input field in a form. the problem that the name of the file is being inserted in the database but the file is not being uploaded to the server, and the same code is working on the same server in a different file in the same directory but in a different query. form is set to enctype="multipart/form-data",
here is the code where its not working
<!DOCTYPE html>
<html lang="en">
<head>
<?php require_once("includes/session.php"); ?>
<?php require_once("includes/dbc.php"); ?>
<?php require_once("includes/functions.php"); ?>
<?php confirm_logged_in(); ?>
<?php find_selected_post(); ?>
<?php
$target = "../upload/";
$target = $target . basename( $_FILES['post_photo']['name']);
if (intval($_GET['cat']) == 0) {
redirect_to('cat_posts.php');
}
include_once("includes/form_functions.php");
if (isset($_POST['submit'])) {
$errors = array();
$required_fields = array('post_title', 'position', 'visible', 'post_content');
$errors = array_merge($errors, check_required_fields($required_fields, $_POST));
$fields_with_lengths = array('post_title' => 30);
$errors = array_merge($errors, check_max_field_lengths($fields_with_lengths, $_POST));
$category_id = mysql_prep($_GET['cat']);
$post_title = trim(mysql_prep($_POST['post_title']));
$post_content = mysql_prep($_POST['post_content']);
$post_description = mysql_prep($_POST['post_description']);
$post_keywords = mysql_prep($_POST['post_keywords']);
$post_tags = mysql_prep($_POST['post_tags']);
$post_photo =($_FILES['post_photo']['name']);
$position = mysql_prep($_POST['position']);
$visible = mysql_prep($_POST['visible']);
if (empty($errors)) {
$query = "INSERT INTO ss_posts (
post_title, post_content, post_description, post_keywords, post_tags, post_photo, position, visible, category_id
) VALUES (
'{$post_title}', '{$post_content}', '{$post_description}', '{$post_keywords}', '{$post_tags}', '{$post_photo}', {$position}, {$visible}, {$category_id}
)";
if ($result = mysql_query($query, $connection)) {
$message = "Successfully Created.";
$new_post_id = mysql_insert_id();
redirect_to("cat_posts.php?post={$new_post_id}");
} else {
$message = "The Post Could Not Be Created.";
$message .= "<br />" . mysql_error();
}
} else {
if (count($errors) == 1) {
$message = "There was 1 error in the form.";
} else {
$message = "There were " . count($errors) . " errors in the form.";
}
}
}
?>
<?php
error_reporting(E_ALL);
echo "<pre>";
print_r($_FILES);
echo "</pre>";
echo "<br/>target: " . $target;
if (!move_uploaded_file($_FILES['post_photo']['tmp_name'], $target)) {
echo "<br/>Upload failed.";
} else {
echo "<br/>Upload done.";
}
?>
<meta charset="utf-8"/>
<title>New Post - Administration Panel</title>
<script src="js/ckeditor/ckeditor.js" type="text/javascript"></script>
<link rel="stylesheet" href="js/ckeditor/sample.css">
<link rel="stylesheet" href="css/layout.css" type="text/css" media="screen" />
<link rel="stylesheet" href="css/form.css" type="text/css" media="screen" />
<link rel="stylesheet" href="css/button.css" type="text/css" media="screen" /> <!--[if lt IE 9]>
<link rel="stylesheet" href="css/ie.css" type="text/css" media="screen" />
<script src="http://html5shim.googlecode.com/svn/trunk/html5.js"></script>
<![endif]-->
<script src="js/jquery-1.5.2.min.js" type="text/javascript"></script>
<script src="js/hideshow.js" type="text/javascript"></script>
<script src="js/jquery.tablesorter.min.js" type="text/javascript"></script>
<script type="text/javascript" src="js/jquery.equalHeight.js"></script>
<script type="text/javascript">
$(document).ready(function()
{
$(".tablesorter").tablesorter();
}
);
$(document).ready(function() {
//When page loads...
$(".tab_content").hide(); //Hide all content
$("ul.tabs li:first").addClass("active").show(); //Activate first tab
$(".tab_content:first").show(); //Show first tab content
//On Click Event
$("ul.tabs li").click(function() {
$("ul.tabs li").removeClass("active"); //Remove any "active" class
$(this).addClass("active"); //Add "active" class to selected tab
$(".tab_content").hide(); //Hide all tab content
var activeTab = $(this).find("a").attr("href"); //Find the href attribute value to identify the active tab + content
$(activeTab).fadeIn(); //Fade in the active ID content
return false;
});
});
</script>
<script type="text/javascript">
$(function(){
$('.column').equalHeight();
});
</script>
</head>
<body>
<header id="header">
<hgroup>
<h1 class="site_title">Administration Panel</h1>
<h2 class="section_title">New Post</h2><div class="btn_view_site">
View Site</div>
</hgroup>
</header>
<!-- end of header bar -->
<section id="secondary_bar">
<div class="user">
<p>Hello, <?php echo $_SESSION['username']; ?> (Logout)</p>
</div>
<div class="breadcrumbs_container">
<article class="breadcrumbs">Administration Panel
<div class="breadcrumb_divider"></div>
<a class="current">New Post</a></article>
</div>
</section>
<!-- end of secondary bar -->
<aside id="sidebar" class="column" style="height:160%;">
<hr/>
<h3>Pages</h3>
<ul class="toggle">
<li class="icn_new_article">Add a New Page</li>
<li class="icn_edit_article">Edit/Delete a Page</li>
</ul>
<hr/>
<h3>Users</h3>
<ul class="toggle">
<li class="icn_add_user">Add New User</li>
<li class="icn_view_users">View Users</li>
</ul>
<hr/>
<h3>Blog</h3>
<ul class="toggle">
<li class="icn_categories">Create a Category</li>
<li class="icn_new_article">Create/Edit a Post</li>
<li class="icn_settings">Home Blog Settings</li>
<li class="icn_settings">Blog Settings</li>
</ul>
<hr/>
<h3>Settings</h3>
<ul class="toggle">
<li class="icn_settings">Settings</li>
<li class="icn_settings">Site Logo</li>
<li class="icn_jump_back">Logout</li>
</ul>
<footer>
<hr />
<p><strong>Copyright © 2013 Sky Define</strong></p>
<p>Powered by Sky Define</p>
</br>
</br>
</footer>
</aside><!-- end of sidebar -->
<section id="main" class="column">
<?php
move_uploaded_file($_FILES['post_photo']['tmp_name'], $target);
// output a list of the fields that had errors
if (!empty($errors)) {
echo "<p class=\"errors\">";
echo "Please review the following fields:<br />";
foreach($errors as $error) {
echo " - " . $error . "<br />";
}
echo "</p>";
}
?>
<article class="module width_full">
<header><h3>New Post</h3></header>
<div class="module_content">
<h2>Adding New Post</h2>
<?php if (!empty($message)) {echo "<p class=\"message\">" . $message . "</p>";} ?>
<?php if (!empty($errors)) { display_errors($errors); } ?>
<div class="mws-panel grid_4">
<div class="mws-panel-header">
</div>
<div class="mws-panel-body">
<form class="mws-form" enctype="multipart/form-data" action="new_post.php?cat=<?php echo $sel_category['id']; ?>" method="post">
<div class="mws-form-inline">
<?php $new_post = true; ?>
<?php if (!isset($new_post)) {$new_post = false;} ?>
<div class="mws-form-row">
<label>Post Name:</label>
<div class="mws-form-item large">
<input type="text" name="post_title" id="post_title" class="mws-textinput" placeholder="Post Name Goes Here." />
</div>
</div>
<div class="mws-form-row">
<label>Post Description:</label>
<div class="mws-form-item large">
<input type="text" name="post_description" id="post_description" class="mws-textinput" placeholder="Post Description Goes Here." />
</div>
</div>
<div class="mws-form-row">
<label>Post Keywords:</label>
<div class="mws-form-item large">
<input type="text" name="post_keywords" id="post_keywords" class="mws-textinput" placeholder="Post Keywords Goes Here, Separated By Commas!" />
</div>
</div>
<div class="mws-form-row">
<label>Post Content:</label>
<div class="mws-form-item large">
<textarea name="post_content" id="post_content" class="ckeditor" > </textarea>
</div>
</div>
<div class="mws-form-row">
<label>Post Tags:</label>
<div class="mws-form-item large">
<input type="text" name="post_tags" id="post_tags" class="mws-textinput" placeholder="Post Tags Goes Here, Separated By Commas!" />
</div>
</div>
<div class="mws-form-row">
<label>Edit Post Photo:</label>
<div class="mws-form-item large">
<input type="file" name="post_photo" id="post_photo" />
</div>
</div>
<div class="mws-form-row">
<label>Position:</label>
<div class="mws-form-item large">
<select name="position">
<?php
if (!$new_post) {
$post_set = get_posts_for_category($sel_post['category_id']);
$post_count = mysql_num_rows($post_set);
} else {
$post_set = get_posts_for_category($sel_category['id']);
$post_count = mysql_num_rows($post_set) + 1;
}
for ($count=1; $count <= $post_count; $count++) {
echo "<option value=\"{$count}\"";
if ($sel_post['position'] == $count) { echo " selected"; }
echo ">{$count}</option>";
}
?>
</select>
</div>
</div>
<div class="mws-form-row">
<label>Visible:</label>
<div class="mws-form-item large">
<input type="radio" name="visible" value="0"<?php
if ($sel_post['visible'] == 0) { echo " checked"; }
?> /> No
<input type="radio" name="visible" value="1"<?php
if ($sel_post['visible'] == 1) { echo " checked"; }
?> /> Yes
</div>
</div>
</form>
<div class="mws-button-row">
<input type="submit" name="submit" value="Add Post" class="mws-button green" />
<a class="mws-button red" href="index.php">Cancel</a>
</div>
</div>
</div>
</div>
</article>
<div class="clear"></div>
</div>
</article><!-- end of stats article -->
<div class="spacer"></div>
</section>
</body>
</html>
The way I would try to find the error:
make your errors visible:
<?php error_reporting(E_ALL); ?>
$target should be a full path.
Check your HTML form. Did you add the enctype attribute?
<form enctype="multipart/form-data" method="POST" action="script.php">
Is your Input correct?
<input type="file" name="post_photo"/>
What does the $_FILES array contents?
<?php echo print_r($_FILES); ?>
Edit
Please let us know the data these lines return:
<?php
error_reporting(E_ALL);
echo "<pre>";
print_r($_FILES);
echo "</pre>";
echo "<br/>target: " . $target;
if (!move_uploaded_file($_FILES['post_photo']['tmp_name'], $target)) {
echo "<br/>Upload failed.";
} else {
echo "<br/>Upload done."
}
?>
Edit 2 (Solution):
Your submit-button is outside the form-Tag. That's why. Fix it like this:
<form>
<input type="submit" name="submit" value="Add Post" class="mws-button green" />
</form>
Your $target should contain the root path
$target = $_SERVER['DOCUMENT_ROOT']"/upload/";
$target = $target . basename( $_FILES['post_photo']['name']);
I'm using a CKEditor along with a CKFinder. Both work fine. When I browse (or copy directly) an image (or flash) to CKEditor, it's displayed within it and inserted into the MySql database.
Aafter inserting it into MySql database, I'm trying to display it in an HTML table where it isn't displayed and the alternate text is displayed.
The image path after browsing an image through the CKFinder is something like the following.
<img alt="" src="/ckfinder/userfiles/images/1243_SS_2502.jpg" style="width: 490px; height: 618px;" />
The contents inserted into the database is as follows.
<img alt="\"\"" data-cke-saved-src="\"
src="\"/ckfinder/userfiles/images/1243_SS_2502.jpg\"" st yle=&
quot;\"width:" 490px;="" height:="" 618px;\"= quot;">
Tried with htmlentities() still it doesn't work. While dealing the same with JSP using JSTL/EL, I had to do the following.
<c:out value="${str}" default="No content found." escapeXml="false"/>
escapeXml="false", where str written in EL was a java.lang.String holding the Oracle clob data after conversion.
What is the way to get around the situation in PHP? Both CKEditor and CKFinder work fine for me.
$ckeditor = new CKEditor();
$ckeditor->basePath = 'ckeditor/';
$ckeditor->config['filebrowserBrowseUrl'] = 'ckfinder/ckfinder.html';
$ckeditor->config['filebrowserImageBrowseUrl'] = 'ckfinder/ckfinder.html?type=Images';
$ckeditor->config['filebrowserFlashBrowseUrl'] = 'ckfinder/ckfinder.html?type=Flash';
$ckeditor->config['filebrowserUploadUrl'] = 'ckfinder/core/connector/php/connector.php?command=QuickUpload&type=Files';
$ckeditor->config['filebrowserImageUploadUrl'] = 'ckfinder/core/connector/php/connector.php?command=QuickUpload&type=Images';
$ckeditor->config['filebrowserFlashUploadUrl'] = 'ckfinder/core/connector/php/connector.php?command=QuickUpload&type=Flash';
$ckeditor->editor('description', $ed_about_us);
Edit:
<?php include_once("Lock.php");?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Wagafashion</title>
<link rel="stylesheet" href="css/validationEngine.jquery.css" type="text/css"/>
<link rel="stylesheet" href="css/template.css" type="text/css"/>
<!--<script type="text/javascript" language="javascript" src="ckeditor/ckeditor.js"></script>-->
<script src="js/jquery-1.6.min.js" type="text/javascript"></script>
<script src="js/languages/jquery.validationEngine-en.js" type="text/javascript" charset="utf-8"></script>
<script src="js/jquery.validationEngine.js" type="text/javascript" charset="utf-8"></script><script>
jQuery(document).ready(function(){
// binds form submission and fields to the validation engine
jQuery("#dataForm").validationEngine();
});
</script>
<script language="javascript" type="text/javascript">
function deleteSingle(id)
{
var delId=confirm("About us with the id "+id+" is about to be deleted permanently.\n\nAttention : This action will never be undone!\n\nAre you sure...???");
return(delId==true?true:false);
}
</script>
</head>
<body>
<?php
include_once("Connection.php");
include_once("ckeditor/ckeditor.php");
$con=new Connection();
$con->get_connection();
$ed_about_us="";
$flag=-1;
$msg="";
if(isset($_POST['btnSubmit']))
{
$act=trim($_POST['param_action']);
$about_us=$_POST['cms_description'];
if($act=="add")
{
$res=$con->get_data("select count(*) as cnt from cms");
$cnt_cmt=mysql_result($res, 'cnt');
if($cnt_cmt==0)
{
$flag=$con->iud("insert into cms (about_us)values('".mysql_real_escape_string(urlencode($about_us))."')");
}
else
{
$flag=$con->iud("update cms set about_us='".mysql_real_escape_string(urlencode($about_us))."'");
}
if($flag==1)
{
$msg="Insertion done successfully.";
}
else if($flag==0)
{
$msg="Insertion failed - reason : ".mysql_errno()." : ".mysql_error();
}
}
else if($act=="edit")
{
$cms_id=$_POST['cms_id'];
$flag=$con->iud("update cms set about_us='".mysql_real_escape_string(urlencode($about_us))."' where id=".$cms_id."");
if($flag==1)
{
$msg="About us has been updated successfully.";
}
else if($flag==0)
{
$msg="Updation failed - reason : ".mysql_errno()." : ".mysql_error();
}
}
}
else if(isset($_GET['ed_id']))
{
$ed_res=$con->get_data("select about_us from cms where id=".$_GET['ed_id']."");
while($row=mysql_fetch_assoc($ed_res))
{
$ed_about_us=$row['about_us'];
}
}
else if(isset($_GET['del_id']))
{
$flag=$con->iud("update cms set about_us='' where id=".$_GET['del_id']);
if($flag==1)
{
$msg="About us been deleted successfully.";
}
else if($flag==0)
{
$msg="Can not delete - reason : ".mysql_errno()." : ".mysql_error();
}
}
else if(isset($_POST['btnDelete']))
{
$set_del=$_POST['setDel'];
$flag=$con->iud("update cms set about_us='' where id in($set_del)");
$size=sizeof(split(",", $set_del));
if($flag==1)
{
if($size==1)
{
$msg="1 row deleted.";
}
else
{
$msg=$size." rows deleted.";
}
}
else if($flag==0)
{
$msg="Can not perform deletion - reason : ".mysql_errno()." : ".mysql_error();
}
}
?>
<?php include("tamplate/Template1.php");?>
<h2>About Us</h2>
<?php include("tamplate/NewTemplate.php");?>
<?php
if($flag==1)
{
echo "<p>";
?>
<!--[if !IE]>start system messages<![endif]-->
<ul class="system_messages">
<li class="green"><span class="ico"></span><strong class="system_title"><?php echo $msg; ?></strong></li>
</ul>
<!--[if !IE]>end system messages<![endif]-->
<?php
echo "</p>";
}
else if($flag==0)
{
echo "<p>";
?>
<!--[if !IE]>start system messages<![endif]-->
<ul class="system_messages">
<li class="red"><span class="ico"></span><strong class="system_title"><?php echo $msg; ?></strong></li>
</ul>
<!--[if !IE]>end system messages<![endif]-->
<?php
echo "</p>";
}
?>
<img alt=\"\" src="/ckfinder/userfiles/images/1243_SS_2502.jpg" style=\"width: 490px; height: 618px;\" />
<!--[if !IE]>start forms<![endif]-->
<form action="<?php $_SERVER['PHP_SELF']; ?>" id="dataForm" name="dataForm" method="post" class="search_form general_form">
<!--[if !IE]>start fieldset<![endif]-->
<fieldset>
<!--[if !IE]>start forms<![endif]-->
<div class="forms">
<!--[if !IE]>start row<![endif]-->
<div class="row">
<?php
$ckeditor = new CKEditor();
$ckeditor->basePath = 'ckeditor/';
$ckeditor->config['filebrowserBrowseUrl'] = 'ckfinder/ckfinder.html';
$ckeditor->config['filebrowserImageBrowseUrl'] = 'ckfinder/ckfinder.html?type=Images';
$ckeditor->config['filebrowserFlashBrowseUrl'] = 'ckfinder/ckfinder.html?type=Flash';
$ckeditor->config['filebrowserUploadUrl'] = 'ckfinder/core/connector/php/connector.php?command=QuickUpload&type=Files';
$ckeditor->config['filebrowserImageUploadUrl'] = 'ckfinder/core/connector/php/connector.php?command=QuickUpload&type=Images';
$ckeditor->config['filebrowserFlashUploadUrl'] = 'ckfinder/core/connector/php/connector.php?command=QuickUpload&type=Flash';
$ckeditor->editor('cms_description', urldecode($ed_about_us));
?>
<!--[if !IE]>start row<![endif]-->
<div class="row">
<div class="buttons">
<span class="button send_form_btn"><span><span>Submit</span></span><input type="submit" value="Submit" id="btnSubmit" name="btnSubmit" onclick="return validate();"></span>
</div>
</div>
<!--[if !IE]>end row<![endif]-->
</div>
</fieldset>
<!--[if !IE]>end fieldset<![endif]-->
<input type="hidden" id="param_action" name="param_action" value="
<?php
if(isset($_GET['ed_id']))
{
echo "edit";
}
else
{
echo "add";
}
?>
" />
<input type="hidden" id="cms_id" name="cms_id" value="<?php echo isset($_GET['ed_id'])?$_GET['ed_id']:"";?>" />
</form>
<?php include("tamplate/Template2.php");?>
<h2>About Us</h2>
<?php include("tamplate/NewTemplate1.php");?>
<form action="<?php echo $_SERVER['PHP_SELF'];?>" id="mainForm" name="mainForm" method="post">
<?php include("tamplate/ExtraTemplate.php");?>
<table cellpadding="0" cellspacing="0" width="100%">
<tbody>
<th style="width: 10px;">Check</th>
<th style="width: 450px;">About Us</th>
<th style="width: 10px;">Actions</th>
<?php
$get_data=$con->get_data("select id, about_us from cms order by id");
$cnt=1;$flag='';
while($data_row=mysql_fetch_assoc($get_data))
{
extract($data_row);
$cnt%2==0?$flag="second":$flag="first";
++$cnt;
echo "<tr class='$flag'>";
echo "<td><input type='checkbox' name='chk' value='$id'></td>";
echo "<td>".urldecode($about_us)."</td>";
echo "<td><div class='actions'><ul><li><a href='".$_SERVER['PHP_SELF']."?ed_id=$id' class='action2'></a></li>";
echo "<li><a href='".$_SERVER['PHP_SELF']."?del_id=$id&table_name=cms&pri=id' onclick='return deleteSingle($id);' class='action4'></a></li></ul></div></td>";
echo "</tr>";
}
?>
</tbody>
</table>
<input type='hidden' id='setDel' name='setDel'/>
<?php include("tamplate/Template3.php");?>
</form>
<?php include("tamplate/Template4.php");?>
</body>
</html>
Did you try to use html_entity_decode() to display the contents ? It will decode the encoded html for better output. Reference here
Edit
Change your query to the following
insert into cms (about_us) values ('".mysql_real_escape_string(urlecode(stripslashes($about_us)))."')
When you get it from database it use
urldecode($value)
Where $value is the block you got from database.