I have a website, and on it you can post a YouTube video link, and when you do, it gets the ID from it (the 11 characters) and puts it in the database. Then, you can view the video on a page and it gets the YouTube title and author with http://gdata.youtube.com/feeds/api/videos/ID and puts it onto a page with embed code. I would like to know how to not allow them to post private video links, like maybe there's a certain check I could do. This is what I have so far for posting the links:
if(isset($_POST['video'])){
$error = array();
if(filter_var($_POST['videourl'], FILTER_VALIDATE_URL) !== false){
if(strpos($_POST['videourl'],'youtube.com')){
preg_match('/[\\?\\&]v=([^\\?\\&]+)/',$_POST['videourl'],$video_embed);
$video_embed = $video_embed[1];
}elseif(strpos($_POST['videourl'],'youtu.be')){
$video_embed = substr( parse_url($_POST['videourl'], PHP_URL_PATH), 1 );
}else{
$error[] = 'Invalid link';
}
}else{
$error[] = 'Invalid link';
}
$video_exist = mysql_num_rows(mysql_query("SELECT interest_vid FROM interest_videos WHERE interest_vid = '$video_embed'"));
$interest_exist = mysql_query("SELECT name FROM interests WHERE name = '".$_POST['interest_for_video']."'");
if(!empty($_POST['interest_for_video']) && mysql_num_rows($interest_exist) != 0){
$interest = strtolower(mysql_real_escape_string(strip_tags($_POST['interest_for_video'])));
$interest_id = mysql_result(mysql_query("SELECT id FROM interests WHERE name = '$interest'"), 0);
}else{
$error[] = 'Must specify an interest. ';
}
if(empty($error)){
if($video_exist == 0){
$result2 = mysql_query(" INSERT INTO interest_videos (user_id,interest_id,interest_vid) VALUES ('".$_SESSION['id']."','$interest_id','$video_embed')") or die(mysql_error());
if(!$result2){
die('Could not delete from database: '.mysql_error());
}else{
//$error_message = '<div id="deletewebsite" class="success">Video Created</div>';
header("Location: /interest/video.php?interest=".$interest_id."&video=".$video_embed."");
}
}else{
$error_message = '<div id="deletewebsite" class="error">That video already exists</div>';
}
}else{
$error_message = '<a href="#" onclick="toggle2(\'deletewebsite\', this); return false;"><div id="deletewebsite" class="error">';
foreach($error as $key => $values){
$error_message.= "$values";
}
$error_message.="</div></a>";
}
}
Is there a check that I could put in there so they can't post private videos?
Just check to see if http://gdata.youtube.com/feeds/api/videos/ID is equal to "Private video" as that is what will be returned.
When it does not exist it will return "Video not found".
Edit:
Also, when it is an improper ID it will return "Invalid id".
You're going to have dive into youtube's API. Have a look at How do I check if a video exists on YouTube, using PHP?
I'm assuming that if a video is private the api should respond the same as when the video does not exist. But that link should definitely help.
I figured it out (it's been a long time since I've posted this question, and it's been a while since I have figured it out, but I thought I should answer it) and all I had to do was check if it could load the file with the boolean, like so:
if(#DOMDocument::load("http://gdata.youtube.com/feeds/api/videos/".$video_embed) === false){
$error[] = 'Invalid video';
}
And I put the # in front of it so it wouldn't display all of the errors it gives when it can't load it :)
Hope this will help someone in the future!
Related
I have used this tutorial to implement the steam login for a website I am creating: https://github.com/SmItH197/SteamAuthentication/blob/f47fc78056081d6a83d277ae447c5386dc0909fc/README.md . Problem is, when I log in, it does not display any info, only a logout button. Here is the code I am dealing with.
if(isset($_SESSION['steamid'])){
include("settings.php");
if (empty($_SESSION['steam_uptodate']) or $_SESSION['steam_uptodate'] == false or empty($_SESSION['steam_personaname'])) {
//We mute alerts from the following line because we do not want to give away our API key in case file_get_contents() throws a warning.
# $url = file_get_contents("http://api.steampowered.com/ISteamUser/GetPlayerSummaries/v0002/?key=".$steamauth['apikey']."&steamids=".$_SESSION['steamid']);
if($url === FALSE) { die('Error: failed to fetch content form Steam. It may be down. Please, try again later.'); }
$content = json_decode($url, true);
$_SESSION['steam_steamid'] = $content['response']['players'][0]['steamid'];
$_SESSION['steam_communityvisibilitystate'] = $content['response']['players'][0]['communityvisibilitystate'];
$_SESSION['steam_profilestate'] = $content['response']['players'][0]['profilestate'];
$_SESSION['steam_personaname'] = $content['response']['players'][0]['personaname'];
$_SESSION['steam_lastlogoff'] = $content['response']['players'][0]['lastlogoff'];
$_SESSION['steam_profileurl'] = $content['response']['players'][0]['profileurl'];
$_SESSION['steam_avatar'] = $content['response']['players'][0]['avatar'];
$_SESSION['steam_avatarmedium'] = $content['response']['players'][0]['avatarmedium'];
$_SESSION['steam_avatarfull'] = $content['response']['players'][0]['avatarfull'];
$_SESSION['steam_personastate'] = $content['response']['players'][0]['personastate'];
if (isset($content['response']['players'][0]['realname'])) {
$_SESSION['steam_realname'] = $content['response']['players'][0]['realname'];
} else {
$_SESSION['steam_realname'] = "Real name not given";
}
$_SESSION['steam_primaryclanid'] = $content['response']['players'][0]['primaryclanid'];
$_SESSION['steam_timecreated'] = $content['response']['players'][0]['timecreated'];
$_SESSION['steam_uptodate'] = true;
}
$steamprofile['steamid'] = $_SESSION['steam_steamid'];
$steamprofile['communityvisibilitystate'] = $_SESSION['steam_communityvisibilitystate'];
$steamprofile['profilestate'] = $_SESSION['steam_profilestate'];
$steamprofile['personaname'] = $_SESSION['steam_personaname'];
$steamprofile['lastlogoff'] = $_SESSION['steam_lastlogoff'];
$steamprofile['profileurl'] = $_SESSION['steam_profileurl'];
$steamprofile['avatar'] = $_SESSION['steam_avatar'];
$steamprofile['avatarmedium'] = $_SESSION['steam_avatarmedium'];
$steamprofile['avatarfull'] = $_SESSION['steam_avatarfull'];
$steamprofile['personastate'] = $_SESSION['steam_personastate'];
$steamprofile['realname'] = $_SESSION['steam_realname'];
$steamprofile['primaryclanid'] = $_SESSION['steam_primaryclanid'];
$steamprofile['timecreated'] = $_SESSION['steam_timecreated'];
}
What I want to happen is when someone logs in, where the sign in button was, I want to show the steam name as well as the avatar of whoever signed in.
Did you read the documentation? To show avatar, do the following:
$steamprofile['avatar'] // 32x32 version of avatar
$steamprofile['avatarmedium'] // 64x64 version of avatar
$steamprofile['avatarfull'] // 184x184 version of avatar
To display the Steam username, do the following:
$steamprofile['personaname']
It's all written in the README.md file at the bottom.
EDIT: If you want to show the image, do something like this:
echo '<img src="' . $steamprofile['avatar'] . '" />';
That will put the image URL from $steamprofile['avatar'] into an <img> element.
<?php
$site = site_url();
$tec = $site;
$tecget = $site . '/';
$tecgetwo = substr($site, 7);
$gett = get_option('FPMobileget');
if (strpos($gett, "http://www.") === 0) {
$gettt = substr($gett, 11);
$getttc = 'http://' . $gettt;
}
elseif (strpos($gett, "www.") === 0) {
$getwww = substr($gett, 4);
$getwwwc = 'http://' . $getwww;
}
elseif (strpos($gett, "http://") === 0) {
$gethttp = substr($gtt, 7);
}
if (($gett == $tec) || ($gett == $tecget) || ($getwwwc == $tec) || ($getttc == $tec) || ($gett == $tecgetwo)) {
echo "you entered the same url";
echo '<div class="error"><p style="color:#F00">Warning -error</p></div>';
delete_option('FPMobileget');
}
else {
echo "success";
}
?>
i want to check user url input with the current site url whether they are same or not,if it is same i want to throw a error message to the user in admin menu simultaneously i want to clear the text field.i used get_option('FPMobileget') to get user input from text-box. so i used delete_option to clear text field when condition satisfy(if url are same).Here user may enter url in different way so i have undergone some string function to take care of that.here all works fine but error messages were displayed on top, but not next to text-box. all works fine here but i want to display the error message next to textbox thats it.this is my first Question in stackoverflow,since i'm new to stackoverflow. Thanks in advance.
Make the whole thing a function, convert your error message a string (not use echo) and use return $errorstring; to send the string back to the form.
You can then put $errorstring on the form wherever you want.
I'm having issues to send an occuring error to another page.
I have already created the page the error will be sent to, and I've tried a header function. But that doesn't seem to work. Here is the php code that I am using for the page.
<?php
if(isset($_POST['username'], $_POST['password'])){
//login the user here
$connect = mysql_connect("","","")or die(mysql_error());
mysql_select_db("")or die(mysql_error());
$errors = array();
$username = strip_tags(mysql_real_escape_string($_POST['username']));
$password = strip_tags(mysql_real_escape_string($_POST['password']));
if (empty($Regi_Username) || empty($Regi_password)) {
$errors[] = 'All fields are requerid';
} else {
if (strlen($Regi_Username) > 25) {
$errors[] = 'Username is to long';
}
if (strlen($password) > 25) {
$errors[] = 'Password is to long';
}
}
$password = md5($_POST['password']);
$loginquery = "SELECT * FROM regi WHERE username='$username' and password='$password'" or die(mysql_error());
$result = mysql_query($loginquery);
$count = mysql_num_rows($result);
mysql_close();
if($count==1){
$seconds = 2000 + time();
setcookie(loggedin, date("F jS - g:i a"), $seconds);
header("location:member.php");
} else {
echo 'Wrong username and password please try agian.';
}
}
?>
Pass the GET variable in your URL like..
header('Location:page.php?err=1');
exit;
On the other page use this
if(isset($_GET['err'] && $_GET['err'] == 1) {
echo 'Error Occured';
}
Here is a session based approach. This is the best way to pass messages from one page to another as they are stored in the user's session (a piece of data related to each user and stored in the server side) and not in the browser (like cookies or URL GET parameters, which can be easily corrupted), so it is really quite harder to manipulate the messages from 3rd parties.
Page process.php:
<?php
// Very top of your page
session_start();
$_SESSION['errors'] = array();
// Do stuff now...
// ...
// Hey it's a X error!
$_SESSION['errors']['X'] = 'Message for X error';
// Continue doing stuff...
// ...
// OMG! It's a Y error now!
$_SESSION['errors']['Y'] = 'Message for Y error';
// Keep doing stuff till you're done...
// All right, process is finished. Any Errors?
if (count($_SESSION['errors']) > 0) {
// It seems there's been any errors
// time to redirect to error-displaying page
header('Location: error-page.php');
exit;
}
Page error-page.php:
<?php
// Very top of your page
session_start();
// Let's check if there is any error stored in the session.
// In the case no errors found, it is better to redirect to another page...
// ...why anybody would end in this page if no errors were thrown?
if (!isset($_SESSION['errors']) || !is_array($_SESSION['errors']) || empty($_SESSION['errors'])) {
header('Location: home.php');
exit;
}
// If we reach this point it means there's at least an error
foreach ($_SESSION['errors'] as $errorCode => $errorMessage) {
// Here we can display the errors...
echo '<p>Error ', $errorCode, ': ', $errorMessage, '</p>', PHP_EOL;
}
// You can also do stuff only if a certain error is received
if (array_key_exists('X', $_SESSION['errors'])) {
// Error `X` was thrown
echo '<p>Oh no! It seems you suffered a X error!!</p>', PHP_EOL;
echo 'Click here to go back home.', PHP_EOL;
}
// At the end you should to remove errors from the session
$_SESSION['errors'] = array();
// or
unset($_SESSION['errors']);
You could use Alien's method, but it'd better if you use Session:
// Assume you init the session already; Use json_encode since you use array for $errors
$_SESSION['errors_msg'] = json_encode($errors);
header("location:member.php");
// Remember to exit here after we call header-redirect
exit;
Besides, there are a lot of problems is your currently code:
Use salt for hashing password
Use mysqli over mysql
Filtering input, escaping output
.. Read other recommendations here in this topic ..
Please read http://www.phptherightway.com/. There is a lot of right recommendation (of course not all) for PHP.
I am using php and yt API to determine if a video exists. I have implemented two functions two help me along this cause. The issues is with the function isYoutubeVideo is returning me null value when a video is valid or invalid. I have checked its paremeters but I am still not sure why is giving me null value. Do i have the isYoutubeVideo function set up wrong/missing something/needs change?
function isYoutubeVideo($formatted_url) {
$isValid = false;
if (isValidURL($formatted_url)) {
$idLength = 11;
$idStarts = strpos($formatted_url, "?v=");
if ($idStarts === FALSE) {
$idStarts = strpos($formatted_url, "&v=");
}
if ($idStarts !== FALSE) {
//there is a videoID present, now validate it
$v = substr($formatted_url, $idStarts, $idLength);
$headers = get_headers('http://gdata.youtube.com/feeds/api/videos/' . $videoID);
//did the request return a http code of 2xx?
if (!strpos($headers[0], '200')) {
$isValid = true;
}
}
}
return $isValid;
Why aren't your first two echo statements also echoing <span id="resultval"> ?;
With the current markup and jQuery code this is why jQuery populates #special with null.
You need to change you PHP code to:
echo('<div id="special"><span id="resultval">The YouTube video does not exist.</span></div>');
echo('<div id="special"><span id="resultval">that is a valid youtube video</span></div>');
Although, I do not understand why you used such a roundabout way to populate #special. You could have just started with a <p> inside <div id="#special"> and then use the selector $("#special > p")
Good luck!
I would like to check if a page exists. My file is article.php . The article's URLs are article.php?id=1 article.php?id=2 etc. But when I check it this way it doesn't work:
$filecheck = "article.php?id=$id";
if (file_exists($filecheck)) {
echo "This article exists.";
} else {
echo "Sorry this article does not exist.";
}
But it always returns "Sorry this article does not exist."
How could I fix this?
Don't pass the query string to it.
$filecheck = 'article.php';
The file "article.php?id=$id" will not exist as it is not a physical file.
I am assuming that you are using the $id to find an article that exists in a database. If this is the case then the file_exists function is not what you need.
What you will need to do is write a quick MySQL statement to check if the article exists and then go from there.
Something like this perhaps:
$query = "SELECT * FROM articles WHERE id='$id'";
$result = mysql_query($query);
// Check if result is there (ie article exists)
if ($result) {
echo "This article exists.";
} else {
echo "Sorry this article does not exist.";
}
I hope that helps. Let me know if you need anything else.
It's because there is no file called: article.php?id=$id
There probably is a file called: article.php though :)
If they are physical page instead of dynamically created content use this way:
$filecheck = "article_1.php"
if (file_exists($filecheck)) {
echo "This article exists.";
} else {
echo "Sorry this article does not exist.";
}
Otherwise check the ID whether it is in the DB.
Well the reason it is not finding the file is because you have a querystring in it. If you are by chance getting this data from some other source and can't control if a querystring is sent with it then you can do this:
$yourFile = 'article.php?id=$id'; // Or wherever you get this value from
$yourFile = strstr( $yourFile , '?' , TRUE );
echo $yourFile; // now has a value of article.php