Before anyone points out my code is flawed in security or etc know that I am quite a PHP noob and wouldn't mind you forwarding some help to fix that rather than just yelling it is terrible.
Also I did try this below and it won't work for me because it stores it into the session (Unless session is more secure than I thought. I assume users can extract data from one, correct?):
http://tinyurl.com/myqx3xo
As for my question, how would I be able to access the variable $connectdb in my users function? When I do that it gives me 'Undefined variable' error, and isn't detecting that it exists whatsoever. Both are requires in main\folder\start.php that is loaded every page, and on those pages I attempted to call the function and it gave me a failure. The code works fine when I attempt to hardcode the $connectdb's varible into the functions but again there are good reasons not to. Will add additional details if required.
Undefined variable: connectdb in main\folder\folder1\users.php on the line that starts with $data
main\folder\folder1\users.php function:
function user_data($id) {
$data = array();
$user_id = (int)$id;
$func_num_args = func_num_args();
$func_get_args = func_get_args();
if ($func_num_args > 1) {
unset($func_get_args[0]);
$fields = '' . implode(', ', $func_get_args) . '';
$data = mysqli_fetch_assoc(mysqli_query($connectdb,"SELECT $fields FROM users WHERE id = $id"));
return $data;
}
}
main\folder\folder2\connect.php:
<?php
$connect_fail = 'Example connection failure.';
$dbhost = 'host';
$dbuser = 'user';
$dbpass = 'pass';
$db = 'database';
$connectdb = mysqli_connect($dbhost, $dbuser, $dbpass, $db) or die($connect_fail);
?>
include your connect.php into your user.php
include('../fodler2/connect.php');
function user_data($id) {
$data = array();
$user_id = (int)$id;
$func_num_args = func_num_args();
$func_get_args = func_get_args();
if ($func_num_args > 1) {
unset($func_get_args[0]);
$fields = '' . implode(', ', $func_get_args) . '';
$data = mysqli_fetch_assoc(mysqli_query($connectdb,"SELECT $fields FROM users WHERE id = $id"));
return $data;
}
}
in your users.php file you need to add
include "../folder2/connect.php";
Related
I have a form for a user to enter username and password. then I pass those creds to a script where I want to verify the user is in a specific AD group. I have tried several gitHub adLDAP projects but none have worked. the examples in the documentation on the php manual don't even work for me (something I'm doing wrong I'm sure). below is my code and at the moment it prints out Array([count] => 0) so I'm assuming that the search isn't working and I can't figure out why. I've tried so many different "solutions" from other posts on stack but none have been successful.
$username = $_POST['username'];
$password = $_POST['password'];
$admin = 'xxxx';
$adminpass = "xxxxxx";
$domain = "mydomain.com";
$baseDN = "OU=ManagedUsers,DC=mydomain,DC=com";
$attr = array("displayName","sAMAccountName");
$filter ="(&(objectClass=user)(objectCategory=person)(memberof=cn=WIFI-
Users,OU=ManagedUsers,DC=hennignt,DC=com))";
$conn = ldap_connect("hennigdc01.hennignt.com");
$bind = ldap_bind($conn,$admin.'#' .$domain,$adminpass);
if ($bind){//also tried ldap_search($conn,$baseDN,"memberof=CN=WIFI-Users,{$baseDN}",$attr);
$search = ldap_search($conn,$baseDN,$filter,$attr);
$results = ldap_get_entries($conn, $search);
var_dump ($results);
} else
echo "Error in Binding";
I solved this by the following and then a for loop to go through the results in $result:
$baseDN = "OU=ManagedUsers,DC=hennignt,DC=com";
$filter = "(memberOf=CN=WIFI-Users,OU=ManagedGroups,DC=hennignt,DC=com)";
$attr = array("sAMAccountName");
$bind = #ldap_bind($conn,$username.'#' .$domain,$password);
if ($bind){
$wifiUser = ldap_search($conn,$baseDN,$filter,$attr);
$result = #ldap_get_entries($conn,$wifiUser);
}
I had my old website so I've decided to change it from mysql_ to mysqli so I've managed to complete 40% and now i am stuck with this problem.Help Me!
I am getting error on 'implode()' function
function user_data($user_id,$conn){
$data = array();
$user_id = (int)$user_id;
$func_num_args = func_num_args();
$func_get_args = func_get_args();
if ($func_num_args > 1){
unset($func_get_args[0]);
$fields = '`'.implode('`,`',$func_get_args).'`';
$query = "SELECT ".$fields." FROM users WHERE user_id = ".$user_id."";
$result = mysqli_query($conn,$query) or die(mysqli_error($conn));
while ($row = $result->fetch_assoc()) {
$data = $row['user_id'];
}
return $data;
}
}
In order to get below code to work properly
if (logged_in() === true){
$session_user_id = $_SESSION['user_id'];
$user_data = user_data($session_user_id,'user_id','username',
'password','first_name','last_name','email','type',$conn);
}
Any alternate way to perform same task will
You have not correct definition of user_data function,
In it's signature you have only two arguments:
function user_data($user_id, $conn)
So, these arguments are $user_id and $conn.
But when you call your user_data you pass more than 2 arguments:
user_data($session_user_id,'user_id','username', 'password','first_name','last_name','email','type',$conn);
See, you have 8 arguments here. And $conn is not the second one, it's eighth!
And when you do
$fields = '`'.implode('`,`',$func_get_args).'`';
last argument which holds your mysqli-connection is being added to $fields.
So, you have to rewrite your function, for example this way:
function user_data($user_id, $conn, $fields) {
$data = array();
$user_id = (int)$user_id;
$fields = '`'.implode('`,`', $fields).'`';
$query = "SELECT ".$fields." FROM users WHERE user_id = ".$user_id."";
$result = mysqli_query($conn, $query) or die(mysqli_error($conn));
while ($row = $result->fetch_assoc()) {
$data = $row['user_id'];
}
return $data;
}
And call it for example:
$user_data = user_data(
$session_user_id, // $user_id
$conn, // $conn
array('user_id','username','password','first_name','last_name','email','type') // fields as ARRAY
);
$func_get_args has $user_id, other string values and at last the mysqli connection object. You must unset last element of function parameters. Correct user_data function is that:
function user_data($user_id,$conn){
$data = array();
$user_id = (int)$user_id;
$func_num_args = func_num_args();
$func_get_args = func_get_args();
if ($func_num_args > 1){
unset($func_get_args[0]);
unset($func_get_args[ $func_num_args - 1]); // you must delete last element becouse this is mysqli object
$fields = '`'.implode('`,`',$func_get_args).'`';
$query = "SELECT ".$fields." FROM users WHERE user_id = ".$user_id."";
$result = mysqli_query($conn,$query) or die(mysqli_error($conn));
while ($row = $result->fetch_assoc()) {
$data = $row['user_id'];
}
return $data;
}
}
How can I make this function
public function get_all_summary($year_dummy){
$current_year = $this->session->userdata('curr_year');
$new_db = $this->load->database('budget_db', TRUE);
$q = "select * from budget where sy=$current_year
AND sy_dummy=$year_dummy";
$query = $new_db->query($q);
return $query->result();}
to somewhat like this.
public function get_all_summary($year_dummy){
$current_year = $this->session->userdata('curr_year');
$new_db = $this->load->database('budget_db', TRUE);
$this->db->select('*');
$this->db->from('budget');
$this->db->where("sy",$current_year);
$this->db->where("sy_dummy",$year_dummy);
$query = $this->db->get();
return $query->result();}
The top function is correct but the bottom function is obviously wrong(I don't know how to select table from other db). I'm also connecting to other database and I'm selecting table from the other database(budget_db).
Hope you understand my problem.
I think you just need to use $new_db which is instance of budget_db.
public function get_all_summary($year_dummy){
$current_year = $this->session->userdata('curr_year');
$new_db = $this->load->database('budget_db', TRUE);
$new_db->select('*');
$new_db->from('budget');
$new_db->where("sy",$current_year);
$new_db->where("sy_dummy",$year_dummy);
$query = $new_db->get();
return $query->result();
}
Hope this might be useful for you.
Supposedly, 'budget_db' is the other database you are trying to connect to, make sure it has its own group defined in the database config. Otherwise, you can connect to it using
public function get_all_summary($year_dummy){
$current_year = $this->session->userdata('curr_year');
$config['hostname'] = "hostname";
$config['username'] = "db_user";
$config['password'] = "db_pass";
$config['database'] = "budget_db";
$config['dbdriver'] = "mysql";
$new_db = $this->load->database($config, TRUE);
$new_db->select('*');
$new_db->from('budget');
$new_db->where("sy", $current_year);
$new_db->where("sy_dummy", $year_dummy);
$query = $new_db->get();
return $query->result();
}
By adding the parameter TRUE to the load database method, $new_db becomes the database object of budget_db.
I am converting this function:
function user_data($user_id) {
$data = array();
$user_id = (int)$user_id;
$func_num_args = func_num_args();
$func_get_args = func_get_args();
if ($func_num_args > 1) {
unset($func_get_args[0]);
$fields = '`' . implode('`, `', $func_get_args) . '`';
$data = mysql_fetch_assoc(mysql_query("SELECT $fields FROM `users` WHERE `user_id` = $user_id"));
return $data;
}
}
From mysql to mysqli however I am encountering difficulties wrapping my head around this and understanding why I'm not even getting any errors, here is my attempt at a mysqli version:
function user_data($user_id) {
global $link;
$data = array();
$user_id = (int)$user_id;
$func_num_args = func_num_args();
$func_get_args = func_get_args();
if ($func_num_args > 1) {
unset($func_get_args[0]);
$fields = '`' . implode('`, `', $func_get_args) . '`';
$result = $link->query("SELECT $fields FROM `users` WHERE `user_id` = $user_id");
if(!$result){
printf("Errormessage: %s\n", $link->error);
}else{
while($data = $result->fetch_assoc()){
print_r($data);
}
}
}
}
Any guidance or tips is much appreciated.
if ($func_num_args > 1) {
This line is preventing any of the enclosed code from being executed when you only pass one argument into the user_data() function. This function was designed to be passed a user id AND a list of columns to select data from in the users database table.
Instead of calling user_data(25);
try something like
user_data(25, 'column_name1', 'column_name2');
I came up with this piece of code from others work to gather data from database and display it the simplest and safest way without loop. However it doesn't really work and I would like to know why?
So my main question is how to make it work?
And the 2:nth how to make it as secure as possible?
Code to display data:
<?php echo $webdata['web_name']; ?>
Code in init.php:
$webdata = webdata('id', 'web_name');
Code for function:
function webdata($data) {
$web_data = array();
$func_num_args = func_num_args();
$func_get_args = func_get_args();
global $db_connect;
if ($func_num_args > 1) {
unset($func_get_args[0]);
$fields = '`' . implode('`, `', $func_get_args) . '`';
$query = "SELECT $fields FROM `settings` WHERE id = 1";
$result = $db_connect->query($query);
while ($web_data = $result->fetch_assoc()) {
return ($web_data);
}
}
}
You don't have a data variable from the query. You have a webdata variable however...
Instead:
while ($webdata = $result->fetch_assoc()) { return ($data); }
Use:
while ($webdata = $result->fetch_assoc()) { return ($webdata); }
You just return the first row, is this what you want?
You don't use the $data variable, what should it be for?
This is as secure as it gets: you don't have any means inject something into the query...