php - Detect session/cookie variable in wordpress to prevent access to documents -

-

hey guys, i've gotten far code below, trying create ajax search form 'safe' on wordpress blog, detecting session variable or cookie or something

<?php @session_start();  if (!array_key_exists(‘authed’, $_session)) {      include ‘not_authed.inc’;      exit(); }  // go business.  ?>

and i'm trying add this:

<?php  function checkvalues($value) {      // use function on values want check both sql injection , cross site scripting      //trim value      $value = trim($value);      // stripslashes     if (get_magic_quotes_gpc()) {         $value = stripslashes($value);     }       // convert &lt;, &gt; etc. normal html , strip these      $value = strtr($value,array_flip(get_html_translation_table(html_entities)));       // strip html tags      $value = strip_tags($value);      // quote value     $value = mysql_real_escape_string($value);     return $value;  }    mysql_connect ("mysql.*****.com", "****","$*****")  or die (mysql_error()); mysql_select_db ("***********");  $term = checkvalues($_request['val']); $term = mysql_real_escape_string($term);  $sql = mysql_query("select * patient_db id_number = '$term'");   if($row = mysql_fetch_array($sql)) {     echo "<img src=\"******\" class='leftfloat' border=0>";     echo '<p>';     echo '<br /> id number: '   .$row['id_number'];     echo '<br /> name: '        .$row['name'];     echo '<br /> exp. date: '   .$row['exp_date'];     echo '<br /> dob: '         .$row['dob'];     echo '</p>';     //echo "<a href='******' title='printer friendly version' alt='printer friendly version'><img src=\"*****\" class='rightfloat' border=0 height=33 width=33></a>"; } else {     echo "<img src=\"*****\" height=50 width=50 class='leftfloat' border=0>";     print "<h1>user id <br/>not found</h1><br />";     print "<strong>oops!! error</strong><br />";     print "<br />";     print "<div>*****</div>"; }  ?>

the problem going have ajax request separate session / cookie different process not tied browser.

so how go authenticating someone? token of sorts. create hash, need stored in database user, can regenerated upon login etc. use token validate user , allow ajax submission work.

hopefully gets ball rolling you. in ajax push script appened variable or post data called token , check on receiving php script. there other ways of doing it, 1 know of :)


Comments

Post a Comment

Popular posts from this blog

Cursor error with postgresql, pgpool and php -

-
hey, struggling bit determine exact cause of error has been popping in our release environment. there not seem dealing particular error on google. this error message getting: sqlstate[34000]: invalid cursor name: 7 error: portal "" not exist the error pops when using pdo prepared statements. this setup our release environment: pgpool 3.0.1 (the postgresql backend in streaming replication mode!) php 5.3.5 postgresql 9.0 edit: architecture 64bit. the same error not manifest in our test environment (edit: forgot mention, standard test environment uses postgresql 9.0 without pgpool). thus, led suspect pgpool @ least partly suspect. does know probable causes error are? edit: ok, here example of kind of code causes error. $sql = 'select * '; $sql .= 'from "mytable" "mystuff" '; $sql .= 'where "mytable"."status" = 1 '; $sql .= 'and "mytable"."mytableid" = :table...
Read more

delphi - ESC/P programming! -

-
why need use because printers using tprinter prints weird hieroglyph @ beginning of printable area. my problem if send commands, nothing happens. esc e (#27 #69) - sending escape sequence didn't work expected. removed first letter , rest of string made bold. eg. hello -> ello . after changed esc e esc (#27 #69 #27), worked fine. example managed figure out, but... trying select character table "esc t n" (#27 #116 n), make "õäöü" work. command doesn't work. nothing happens! , command supported esc/p, esc/p 2 , 9-pin esc/p, should work fine. manual can found here . if has ever needed use esc/p commands maybe 1 can shed light how work them! thanks in advance! edit: in previous post asked more or less same question though answers how did send commands printer. (i'll change question there according answers!) i accepted ken's answer, because claimed way transferred commands wasn't best , got work escape command. problem after t...
Read more

c++ - error: use of deleted function -

-
i've been working on c++ code friend has written , following error have never seen before when compiling gcc4.6: error: use of deleted function ‘gamefsm_<std::array<c, 2ul> >::hdealt::hdealt()’ implicitly deleted because default definition ill-formed: uninitialized non-static const member ‘const h_t floppokergamefsm_<std::array<c, 2ul> >::hdealt::h’ edit: comes part of code using boost msm: boost webpage edit2: there no = delete() used anywhere in sourcecode. generally speaking, error mean? should looking when type of error occurs? i don't think other answers mentioning =deleted; syntax correct. error message says default constructor has been deleted implicitly . says why: class contains non-static, const variable, not initialized default ctor. class x { const int x; }; since x::x const , must initialized -- default ctor wouldn't initialize (because it's pod type). therefore, default ctor, need define 1 (and must ...
Read more