php - Detect session/cookie variable in wordpress to prevent access to documents -

-

hey guys, i've gotten far code below, trying create ajax search form 'safe' on wordpress blog, detecting session variable or cookie or something

<?php @session_start();  if (!array_key_exists(‘authed’, $_session)) {      include ‘not_authed.inc’;      exit(); }  // go business.  ?>

and i'm trying add this:

<?php  function checkvalues($value) {      // use function on values want check both sql injection , cross site scripting      //trim value      $value = trim($value);      // stripslashes     if (get_magic_quotes_gpc()) {         $value = stripslashes($value);     }       // convert &lt;, &gt; etc. normal html , strip these      $value = strtr($value,array_flip(get_html_translation_table(html_entities)));       // strip html tags      $value = strip_tags($value);      // quote value     $value = mysql_real_escape_string($value);     return $value;  }    mysql_connect ("mysql.*****.com", "****","$*****")  or die (mysql_error()); mysql_select_db ("***********");  $term = checkvalues($_request['val']); $term = mysql_real_escape_string($term);  $sql = mysql_query("select * patient_db id_number = '$term'");   if($row = mysql_fetch_array($sql)) {     echo "<img src=\"******\" class='leftfloat' border=0>";     echo '<p>';     echo '<br /> id number: '   .$row['id_number'];     echo '<br /> name: '        .$row['name'];     echo '<br /> exp. date: '   .$row['exp_date'];     echo '<br /> dob: '         .$row['dob'];     echo '</p>';     //echo "<a href='******' title='printer friendly version' alt='printer friendly version'><img src=\"*****\" class='rightfloat' border=0 height=33 width=33></a>"; } else {     echo "<img src=\"*****\" height=50 width=50 class='leftfloat' border=0>";     print "<h1>user id <br/>not found</h1><br />";     print "<strong>oops!! error</strong><br />";     print "<br />";     print "<div>*****</div>"; }  ?>

the problem going have ajax request separate session / cookie different process not tied browser.

so how go authenticating someone? token of sorts. create hash, need stored in database user, can regenerated upon login etc. use token validate user , allow ajax submission work.

hopefully gets ball rolling you. in ajax push script appened variable or post data called token , check on receiving php script. there other ways of doing it, 1 know of :)


Comments

Post a Comment

Popular posts from this blog

c# - how to write client side events functions for the combobox items -

-
<dx:aspxcombobox id="aspxcombobox2" runat="server" clientidmode="autoid" selectedindex="-1" onselectedindexchanged="aspxcombobox1_selectedindexchanged1" > <clientsideevents selectedindexchanged="function(s, e) { grid.selectrows();}" /> <items> <dx:listedititem text="selecte rows" /> <dx:listedititem text="unselectall" /> </items> </dx:aspxcombobox> i want write event "unselect all" item in combobox. how can this? you'll need write javascript function iterates thru combo-box , marks selected items false. see select/unselect checkbox fields using pure javascript , html sample code msdn:
Read more

exception - Python, pyPdf OCR error: pyPdf.utils.PdfReadError: EOF marker not found -

-
pypdf throws exception: pypdf.utils.pdfreaderror: eof marker not found i don't need fix pypdf, need eof error cause "except" block execute , skip on file, doesn't work. still causes program stop running. background: batch ocr program pdfs python, pypdf, adobe pdf ocr error: unsupported filter /lzwdecode ... saga continues. i got 10,000 pdfs in folder. ocrd, not. can't tell 'em apart. step 1 figure out ones not ocrd , ocr (see other threads details). so i'm using pypdf. exceptions related unrecognized characters , unsupported filters when try read text. guestimated if throws exception, it's got text in , doens't go in list. problem solved, right? so: pypdf import pdffilewriter, pdffilereader import sys, os, pypdf, re path = 'c:\users\homer\documents\my pdfs' filelist = os.listdir(path) has_text_list = [] does_not_have_text_list = [] pdf_name in filelist: pdf_file
Read more