Against All Odds

First of all, I’m not PHP geek. But, PHP is my second expert language after CF. I’ve created some freelance projects with PHP . You can hire me if you have some freelance projects for low cost and full reliable.

When I surf website for cropping image, I found this site. It’s cool. Check it out.

http://deepliquid.com/projects/Jcrop/demos/crop.php

One of my friends gave a chance to me to do outsource PHP project for one training center. Her client want to advertise their trainings, their products and their news through internet. It’s simple project but their main point is use can know on the fly the total price of computer once he/she choose each device. It’s create by ajax.

Main website :  http://ppshein.freehostia.com/

Compare price : http://ppshein.freehostia.com/compare.php

I’ve found one website shows Upload jQuery, flash & PHP.

http://www.uploadify.com/demo/

Our GM assign me to do multiple file upload program. At that time, I was supposed to implement with Ajax. But, one of my friends told me that Ajax cannot handle completely if clients upload serveral files. That’s why I have an idea to implement this program with iFrame.

Index.php

<iframe src=”upload.php” style=”width:260px;height:100px;” frameborder=”0″></iframe><br />
<iframe src=”upload.php” style=”width:260px;height:25px;” frameborder=”0″></iframe><br />
<iframe src=”upload.php” style=”width:260px;height:25px;” frameborder=”0″></iframe><br />

Upload.php

<script type=”text/javascript”>
function startUpload(){
if (document.getElementById(‘message’) != undefined) {
document.getElementById(‘message’).style.display = ‘none’;
}
document.getElementById(‘process’).style.display = ‘block’;
document.getElementById(‘uploadfile’).style.visibility = ‘hidden’;
return true;
}
</script>

<form method=”post” name=”uploadform” enctype=”multipart/form-data”>
<div style=”text-align:center;”>
<?php
if ($_FILES){
if ($_FILES['file']['error'] > 0) {
echo “<p id=’message’ style=’display:block;’>Fout code: “.$_FILES['file']['error'].”
(<a href=’http://php.net/manual/nl/features.file-upload.errors.php’ target=’_blank’>php-error</a>)</p>”;
}
move_uploaded_file($_FILES['file']['tmp_name'],
“upload/” . $_FILES['file']['name']);
echo “<p id=’message’ style=’display:block;’>Upload!</p>”;
}
}
?>
<p id=”process” style=”display:none;”>
Uploaden…<br/>
<img src=”loader.gif” alt=”loading” />
</p>
<input type=”file” name=”file” id=”uploadfile” onchange=”startUpload();document.uploadform.submit();” />
</div>
</form>

It’s simple, isn’t it?

In these days jQuery and Ajax are so popular in web development. One of my clients told me that, they want to upload multiple files without clicking button. That’s why I have had an idea to integrate jQuery, Ajax and PHP.

Download jQuery Here

Download ajax jQuery plugin

Create Upload Button like

<div id="upload_button">Upload</div>

Write following simple coding in your upload form

// You must create it only after the DOM is ready for manipulations
// Use $(document).ready for jquery
// document.observe("dom:loaded" for prototype
new AjaxUpload('upload_button_id', {action: 'upload.php'});

Configure at Ajax Upload

new AjaxUpload('#upload_button_id', {
  // Location of the server-side upload script
  action: 'upload.php',
  // File upload name
  name: 'userfile',
  // Additional data to send
  data: {
    example_key1 : 'example_value',
    example_key2 : 'example_value2'
  },
  // Submit file after selection
  autoSubmit: true,
  // The type of data that you're expecting back from the server.
  // Html (text) and xml are detected automatically.
  // Only useful when you are using json data as a response.
  // Set to "json" in that case.
  responseType: false,
  // Fired after the file is selected
  // Useful when autoSubmit is disabled
  // You can return false to cancel upload
  // @param file basename of uploaded file
  // @param extension of that file
  onChange: function(file, extension){},
  // Fired before the file is uploaded
  // You can return false to cancel upload
  // @param file basename of uploaded file
  // @param extension of that file
  onSubmit: function(file, extension) {},
  // Fired when file upload is completed
  // WARNING! DO NOT USE "FALSE" STRING AS A RESPONSE!
  // @param file basename of uploaded file
  // @param response server response
  onComplete: function(file, response) {}
});

Add following coding in your upload form

//You can use these methods, to configure AJAX Upload later.
var upload = new AjaxUpload(‘#div_id’,{action: ‘upload.php’});
//For example when user selects something, set some data
upload.setData({‘example_key’: ‘value’});

//Or you can use these methods directly inside event function
new AjaxUpload(‘div_id’, {
action: ‘upload.php’,
onSubmit: function() {
// allow only 1 upload
this.disable();
}
});
});

Here is server-side script, upload.php

move_uploaded_file($_FILES["file"]["tmp_name"],
“upload/” . $_FILES["file"]["name"]);

Best Credit To : http://valums.com/ajax-upload

In these days, one of my clients complaint me that he received a lot of spams from reservation form which I created without preventing spams. That’s why I need to put image captcha on it with PHP. For this, I don’t want to use complicated coding, and want to use simple way. That’s why I got suitable solutions from this website.

http://www.phpjabbers.com/captcha-image-verification-php19.html

<?php
session_start();
$text = rand(10000,99999);
$_SESSION["vercode"] = $text;
$height = 25;
$width = 65;

$image_p = imagecreate($width, $height);
$black = imagecolorallocate($image_p, 0, 0, 0);
$white = imagecolorallocate($image_p, 255, 255, 255);
$font_size = 14;

imagestring($image_p, $font_size, 5, 5, $text, $white);
imagejpeg($image_p, null, 80);
?>

Save this code in a file called captcha.php. Next we need to create our web form like register.html or reservation.html.

<form action=”submit.php” method=”post”>
Comment: <textarea name=”coment”></textarea><br>
Enter Code <img src=”captcha.php”><input type=”text” name=”vercode” /><br>
<input type=”submit” name=”Submit” value=”Submit” />
</form>

All we have to do now is to make the submit.php script which will check if the verification code you enter matches the one that has been randomly generated.

<?php
session_start();
if ($_POST["vercode"] != $_SESSION["vercode"] OR $_SESSION["vercode"]==”)  {
echo  ‘<strong>Incorrect verification code.</strong><br>’;
} else {
// add form data processing code here
echo  ‘<strong>Verification successful.</strong><br>’;
};
?>

Best Credit to : http://www.phpjabbers.com/captcha-image-verification-php19.html

This site is open-source dictionary project based on PHP. Glossword helps you to create and publish online multilingual dictionary, glossary, or reference. It features installation wizard, UTF-8 support, visual themes, export/import dictionaries in XML/CSV format, delayed postings.

Basic features

• Adding terms to dictionary by several people at the same time.
• UTF-8 encoding. More than 400 languages can be used in a one dictionary at the same time.
• Special mode for SEF links and other SEO enhancements.
• Fast search engine can search cross words typed in any language, including Chinese.
• Indexing and searching through millions of definitions.
• Advanced search capabilities, stop words, query language.
• Query words highlighting in the search results.
• Support for a true transcription (e.g. ‘dikʃ(ə)nri, IPA standard). No self-made emulations needed.
• Defining accents for words (e.g. fábrika).
• Printer-friendly version for a term.
• Architecture is optimized for creating multiple dictionaries with one installation.
• Multifunctional feedback form with CAPTCHA.
• The ultimate guarantee of displaying webpages in any browser due to certified W3C XHTML 1.1 code and CSS 2.1 compliance.
• Glossword is free of charge and distributed under GPL license.

For authors and editors

• Installation wizard. Installs, updates and even uninstalls the software.
• The history of editing for terms.
• Delayed postings.
• Virtual keyboards.
• Customizable alphabetic sorting.
• Customizable visual themes with HTML-templates, CSS style sheets and additional multicolumn rendering mode for the list of terms.
• Automatically generated alphabetical index for dictionary.
• Export/Import dictionaries in XML and CSV format.

For administrators

• Configurable 2-level cache engine improves productivity for an HTML-output.
• Invisible links to e-mails against mail robots.
• Internal logging system.
• Built-in maintenance tasks.
• Every comprehensive task such as recounting the number of added terms per user, runs separately and it helps to balance server load.

Big Credit to : http://glossword.biz/

Above posts, I’ve described the figure of SQL ASCII Injections and the solutions of this prevented by asp, asp.net and cfmx. In this post, I’ll show how to prevent SQL ASCII Injection attacks by the way of inserting ASCII codes in PHP.

function clean_header($string)
{
$string = trim($string);

// From RFC 822: “The field-body may be composed of any ASCII
// characters, except CR or LF.”
if (strpos($string, “\n“) !== false) {
$string = substr($string, 0, strpos($string, “\n“));
}
if (strpos($string, “\r“) !== false) {
$string = substr($string, 0, strpos($string, “\r“));
}

return $string;
}

This is just a class, and you always need to call this class before saving data into database from input box. It’s simple though.

Big Credit to : http://xtian.goelette.info/archives/38-Email-injection-attack.html