Log and Error/Info Message class

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View

I would like to develop an independent class that will store Messages,  
Warnings and Errors.
Messages and Warnings Will be displayed to the user.
Errors will be loged in a database or/and emailed to the admin.

The part that Interests me at the moment is the messages that will be  
displayed to the user.

What is the best practice of doing such a thing ?
Is it correct to store them in a $_SESSION ?

The reason I would like to do that class is because at the moment I  
execute a Database Query and then I want to redirect and then display  
the message: Succesfull or Not. Otherwise I'll get headers already sent.

Do you know how I can overcome this problem and if what I am thinking is  
correct ?


Re: Log and Error/Info Message class

There is already a very robust logging class
http://pear.php.net/package/Log/ that I find very useful.

Other than that I am not sure what you are looking for, do you want to
show errors that php generates? Do you want to inform the user if a
query was successful or not? What are these errors that are being

Re: Log and Error/Info Message class

Quoted text here. Click to load it
What I want is to inform users that
- a query was succesfully competed
- the login details they entered were wrong
- that an image was uploaded succesfully
- And all this usefull messages that a script can generate.

Ofcourse I am able to do that really easy but if I want to redirect at  
the same time then I need to store that message somewhere and after the  
redirection, display it.
Also I need to display all the messages in a specific div inside my page.
That means that my index.php page has a div like that:
<div id="status">
    $log = new $log();

And my class that handles the queries look like that:

$result = mysql_query("SELECT * FROM cms_users WHERE cms_user_email =  
'".$email."' AND cms_user_passwd = '".$password."'") or die(mysql_error());
$num_rows = mysql_num_rows($result);
if($num_rows == 1)
    return true;
    $log=new log();
    $log->Log('Message','Invalid Login, please make sure you enter             your  
Email and Password.<br>If you forgot your password, enter your email and  
hit the forgot password button.');

Re: Log and Error/Info Message class

There are a few things to consider. From your story, I understand that  
you just want a message passed to the user. You could store it in the  
session, but I see no need. A log is more useful if you want to store  
the message to be seen by the admin at a later time.

If you want to display the message, I understand that the redirection  
cannot take place. So no redirection headers will be sent if you want to  
show the user the message. That is why I think there is no need to store  
anything if you only want to show it to the user. If you want to show it  
to the admin, it is off course wise to store or e-mail it.

If you use a META tag to do the redirection, you can give a time to wait  
before the redirection, so you can redirect and pass a message without  
much difficult programming.

I do not know what you want exactly, but if it is your own page you  
redirect to, you can consider posting to the same page that contained  
your form and show the form if no valid input was found, with messages  
if invalid input was present, and the results if the input was valid.

Best regards

Angelos wrote:
Quoted text here. Click to load it

Re: Log and Error/Info Message class

Just one thing. Look at what happens if the user types his email as:
' OR 1=1 LIMIT 1;-- haha@haha.com

I hope you use some addslashes function before passing it to the database.

Quoted text here. Click to load it

Re: Log and Error/Info Message class

Dikkie Dik wrote:
Quoted text here. Click to load it

I do not understand what you mean by that..
I don't use any addslashes, the only think I do is I check if the e-mail  
that the user enters is valid (valid syntax

Re: Log and Error/Info Message class

I hate to disappoint you, but the address:
' OR 1=1 LIMIT 1;-- haha@haha.com

IS a valid e-mail address. I tried it. Replaced haha.com with my own  
subdomain and I had absolutely no problem sending and recieving a  
message to that address.

But you e-mail validation will probably filter it out. If it doesn't, it  
gets part of your SQL statement, which then reads:

SELECT * FROM cms_users WHERE cms_user_email = '' OR 1=1 LIMIT 1;--  
haha@haha.com' AND cms_user_passwd = ''

Which just returns the first user from the table without any error  
messages. (cms_user_email = '' OR 1=1 is always TRUE and -- is a start  
of a comment and switches the rest off for parsing. I added the LIMIT  
clause to return exactly one record. From your code, I think you may  
have a problem when a user registers twice, as there will be 2 records  
found with his address)

When I think about it, I could probably better use the password for  
that. And I don't even have to know the database structure, as I will  
make the site simply tell me. First try:
User: john@someplace.com
Password 'BigUglyError

(Notice the single quote) If you dont filter out illegal passwords as  
well, your page now "dies" with a detailed error message containing the  
table names and the full WHERE clause.

Now I can try a password like:
' UNION SELECT * FROM cms_users LIMIT 1--
which basically does the same.

Angelos Devletoglou wrote:
Quoted text here. Click to load it

Site Timeline