|
PHP - User Auth Problem
Hi, I have a problem with my code probably it's authorisation mistake or something. I bought a book PHP6, MySQL, Apache Web Development and I am copying every excercise like it's in the book. If u have this book it's chapter 2, page 63. And here is the exact code from the book. It always says that the user ID or pass is incorrect.
Code: [Select] <?php session_start (); $_SESSION['username'] = $_POST['user']; $_SESSION['userpass'] = $_POST['pass']; $_SESSION['authuser'] = 1; //over uzivatelske meno a heslo if ( ($_SESSION['username'] == 'Peter') and ($_SESSION['userpas'] == '12345')) { $_SESSION['authuser'] = 1; } else { echo "Unfortunately you do not have required authorisation to enter this site!"; exit(); } ?> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Najts oblubeny film!</title> </head> <body> <?php $oblubenyfilm = urlencode('Zivot Briana'); echo '<a href="moviesite.php?oblfilm=$oblubenyfilm\">'; echo 'Dalsie informacie o mojom oblubenom filme!'; echo '</a>' ?> </body> </html> The page is http://www.magicfoto.gigacast.net/test/login.php as you can see ID is "Peter" and pass "12345" If you know what should be wrong pls reply. PS.: I am a begginer so please be patient Thanks Similar TutorialsHi.
I am trying to authenticate a mail server from the wordpress user database. Wordpress now uses phpass for password hashing, but it has changed not so long ago. So I would like to use the WP functions, to stay compatible in future releases
There is a possibility in Dovecot, to run a shell script for authentication (checkpassword). So, I thought, this script could start a php scipt, and it would use the WP functions for authentications. I made the php script, and it worked. Then I made the bash script, which runs the php, and it worked too. But when the Dovecot starts the bash script, it gives a PHP error. I am stuck now.
It is a simple Debian Wheezy LAMP, with postfix, dovecot, wordpress.
The PHP code is:
<?php
define('WP_USE_THEMES', false);
require("wp-config.php");
$mail = $argv[1];
$pass = $argv[2];
$con=mysqli_connect(DB_HOST,DB_USER,DB_PASSWORD,DB_NAME);
$result = mysqli_query($con,"SELECT user_login FROM ".$table_prefix."users WHERE user_email='".$mail."'");
$row = mysqli_fetch_array($result);
$user = $row['user_login'];
mysqli_close($con);
$check = wp_authenticate_username_password(NULL, $user, $pass);
if ( is_wp_error($check) ) {
$ispassok = "1";
} else {
$ispassok = $user;
}
exit ($ispassok);
It gets the email address and the password as an argument, finds out the username, then uses a WP function to check out is it a valid user/pass combination. If it is, then it returns the username, if not, then returns "1".
The bash script is:
#!/bin/bash
# The first and only argument is path to checkpassword-reply binary.
# It should be executed at the end if authentication succeeds.
CHECKPASSWORD_REPLY_BINARY="$1"
# Messages to stderr will end up in mail log (prefixed with "dovecot: auth: Error:")
LOG=/dev/stderr
# User and password will be supplied on file descriptor 3.
INPUT_FD=3
export ISOK
read -d $'\0' -r -u $INPUT_FD USER
read -d $'\0' -r -u $INPUT_FD PASS
#USER=$1
#PASS=$2
ISOK=$(php /var/www/wordpress/proba.php $USER $PASS)
echo "User:"$USER" Pass:"$PASS" IsOK:"$ISOK > /etc/dovecot/out.txt
if [ "$ISOK" = "1" ]; then
exit 1
else
export password="{PLAIN}$PASS"
exec $CHECKPASSWORD_REPLY_BINARY
fi
There is a commented out lines, used for testing. When I run the script manually from shell with email address and cleartext password as arguments, it works as it should. But when the dovecot runs it, then I have an error message in mail log about php error:
Jun 2 21:45:09 NWVK001 dovecot: auth: Error: PHP Fatal error: Out of memory (allocated 5505024) (tried to allocate 12288 bytes) in /var/www/wordpress/wp-includes/link-template.php on line 2909 Jun 2 21:45:09 NWVK001 dovecot: auth: Error: Fatal error: Out of memory (allocated 5505024) (tried to allocate 12288 bytes) in /var/www/wordpress/wp-includes/link-template.php on line 2909I searched around, but couldn't find any help. If there is someone with an idea, I would gladly listen. Thanks. Hi I am using facebook auth but email id not fetching from facebook login please help me why is happening? I'm making a login/sign up page and the following pieces are not working together properly. When I set up the login page following a guide, it had me direct input the structure and I added a user (password is encrypted). When I log in with that password/username, it passes authentication.php perfectly. When I use my signup form (signup.php is simply called by a button on an HTML), it fails saying "Incorrect Password!". I'd say it's failing because of encryption but it passes with my old login that is encrypted so I'm thoroughly lost. Authentication.php
<?php
session_start();
// Change this to your connection info.
$DATABASE_HOST = 'localhost';
$DATABASE_USER = 'root';
$DATABASE_PASS = 'test';
$DATABASE_NAME = 'login';
// Try and connect using the info above.
$con = mysqli_connect($DATABASE_HOST, $DATABASE_USER, $DATABASE_PASS, $DATABASE_NAME);
if ( mysqli_connect_errno() ) {
// If there is an error with the connection, stop the script and display the error.
die ('Failed to connect to MySQL: ' . mysqli_connect_error());
}
// Now we check if the data from the login form was submitted, isset() will check if the data exists.
if ( !isset($_POST['username'], $_POST['password']) ) {
// Could not get the data that should have been sent.
die ('Please fill both the username and password field!');
}
// Prepare our SQL, preparing the SQL statement will prevent SQL injection.
if ($stmt = $con->prepare('SELECT id, password FROM accounts WHERE username = ?')) {
// Bind parameters (s = string, i = int, b = blob, etc), in our case the username is a string so we use "s"
$stmt->bind_param('s', $_POST['username']);
$stmt->execute();
// Store the result so we can check if the account exists in the database.
$stmt->store_result();
if ($stmt->num_rows > 0) {
$stmt->bind_result($id, $password);
$stmt->fetch();
// Account exists, now we verify the password.
// Note: remember to use password_hash in your registration file to store the hashed passwords.
if (password_verify ($_POST['password'], $password)) {
// Verification success! User has loggedin!
// Create sessions so we know the user is logged in, they basically act like cookies but remember the data on the server.
session_regenerate_id();
$_SESSION['loggedin'] = TRUE;
$_SESSION['name'] = $_POST['username'];
$_SESSION['id'] = $id;
header('Location: dashboard.php');
} else {
echo 'Incorrect password!';
}
} else {
echo 'Incorrect username!';
}
$stmt->close();
}
?>
Signup.php
<?php
// get database connection
include_once '../config/database.php';
// instantiate user object
include_once '../objects/user.php';
$database = new Database();
$db = $database->getConnection();
$user = new User($db);
// set user property values
$user->username = $_POST['uname'];
$user->password = base64_encode($_POST['password']);
$user->created = date('Y-m-d H:i:s');
// create the user
if($user->signup()){
$user_arr=array(
"status" => true,
"message" => "Successfully Signup!",
"id" => $user->id,
"username" => $user->username
);
}
else{
$user_arr=array(
"status" => false,
"message" => "Username already exists!"
);
}
print_r(json_encode($user_arr));
?>
login.php
<?php
// include database and object files
include_once '../config/database.php';
include_once '../objects/user.php';
// get database connection
$database = new Database();
$db = $database->getConnection();
// prepare user object
$user = new User($db);
// set ID property of user to be edited
$user->username = isset($_GET['username']) ? $_GET['username'] : die();
$user->password = base64_encode(isset($_GET['password']) ? $_GET['password'] : die());
// read the details of user to be edited
$stmt = $user->login();
if($stmt->rowCount() > 0){
// get retrieved row
$row = $stmt->fetch(PDO::FETCH_ASSOC);
// create array
$user_arr=array(
"status" => true,
"message" => "Successfully Login!",
"id" => $row['id'],
"username" => $row['username']
);
}
else{
$user_arr=array(
"status" => false,
"message" => "Invalid Username or Password!",
);
}
// make it json format
// print_r(json_encode($user_arr));
if (in_array("Successfully Login!", $user_arr)) {
header('Location: ../../dashboard.html');
}
?>
Ok So the main purpose of this is: 1). User has to grab a OTP from the generator (work's) 2) the OTC updates in the database field (work's) via the person's user_email 3). it sends an email containing the OTP what it is not doing is, when they go and login, it just keeps saying invalid login credentials. I'm pasting my code below to see if anyone can help me out here. this is still a work in progress. do_login.php (not working here) Keep's saying invalid password. <?php if(empty($_POST)) exit; include 'config.php'; // declare post fields $post_user_email = trim($_POST['user_email']); $post_password = trim($_POST['authcode']); $post_autologin = $_POST['autologin']; if(($post_user_email == $config_email) && ($post_password == $config_password)) { $_SESSION['Site-Key'] = $config_email; // Autologin Requested? if($post_autologin == 1) { $password_hash = md5($config_password); // will result in a 32 characters hash setcookie ($cookie_name, 'usr='.$config_email.'&hash='.$password_hash, time() + $cookie_time); } exit('OK'); } else { echo '<div id="error_notification">The submitted login info is incorrect.</div>'; } ?> Index.php <?php require_once 'config.php'; if(isset($_SESSION['google-ads123123'])) { header("Location: http://forum.site1.com"); exit; } ?> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML> <HEAD> <TITLE>Access Required</TITLE> <script type="text/javascript" src="js/mootools-1.2.1-core-yc.js"></script> <script type="text/javascript" src="js/process.js"></script> <link rel="stylesheet" type="text/css" href="style.css" /> </HEAD> <BODY> <center> <div id="status"> <fieldset><legend align="center">Authentication</legend> <div id="login_response"><!-- spanner --></div> <form id="login" name="login" method="post" action="do_login.php"> <table align="center" width="200" border="0"> <tr> <td width="80">Email</td><td><input id="user_email" type="text" name="user_email"></td> </tr> <tr> <td>AuthCode:</td> <td><input type="password" name="authcode"></td> </tr> <tr> <td> </td> <td><input type="checkbox" name="autologin" value="1">Remember Me</td> </tr> <tr> <td> </td> <td><input id="submit" type="submit" name="submit" value="Login"> <br /> <a href="getcode.php"> Get Auth Code </a> <div id="ajax_loading"><img align="absmiddle" src="images/spinner.gif"> Processing...</div></td> </tr> </table> </form> </fieldset> </div> </center> </BODY> </HTML> getcode.php (generates a MD5 and adds into db) <?php $db_host = '123'; $db_username = '123'; $db_password = '123'; $db_name = '123'; @mysql_connect($db_host, $db_username, $db_password) or die(mysql_error()); @mysql_select_db($db_name) or die(mysql_error()); // This is displayed if all the fields are not filled in $empty_fields_message = "<p>Please go back and complete all the fields in the form.</p>Click <a class=\"two\" href=\"javascript:history.go(-1)\">here</a> to go back"; // Convert to simple variables $email_address = $_POST['user_email']; if (!isset($_POST['user_email'])) { ?> <h2>Generate your Auth Code</h2> <form method="post" action="<?php echo $_SERVER['REQUEST_URI']; ?>"> <p class="style3"><label for="user_email">Email:</label> <input type="text" title="Please enter your email address" name="user_email" size="30"/></p> <p class="style3"><label title="Generate Auth Code"> </label> <input type="submit" value="Submit" class="submit-button"/></p> </form> <?php } elseif (empty($email_address)) { echo $empty_fields_message; } else { $status = "OK"; $msg=""; //error_reporting(E_ERROR | E_PARSE | E_CORE_ERROR); if (!stristr($email_address,"@") OR !stristr($email_address,".")) { $msg="Your email address is not correct<BR>"; $status= "NOTOK";} echo "<br><br>"; if($status=="OK"){ $query="SELECT username FROM users WHERE user_email = '$email_address'"; $st=mysql_query($query); $recs=mysql_num_rows($st); $row=mysql_fetch_object($st); $em=$row->user_email;// email is stored to a variable if ($recs == 0) { echo "<center><font face='Verdana' size='2' color=red><b>No Auth Code</b><br> Sorry Your address is not in our database ."; exit;} function makeRandomPassword() { $salt = "abchefghjkmnpqrstuvwxyz0123456789"; srand((double)microtime()*1000000); $i = 0; while ($i <= 7) { $num = rand() % 33; $tmp = substr($salt, $num, 1); $pass = $pass . $tmp; $i++; } return $pass; } $random_password = makeRandomPassword(); $db2_password = md5($random_password); $sql = mysql_query("UPDATE users SET authcode='$db2_password' WHERE user_email='$email_address'"); $subject = "Auth Code Verification"; $message = " Here is your Auth Code, Auth Code: $random_password Auth Code: $db2_password This is an automated response, please do not reply!"; mail($email_address, $subject, $message, "From: Auth Server<theslcguy@safe-mail.net.com>"); echo "Your Auth Code has been sent! <br /> Please check your email! <br /> Also Allow up to 5 minutes to recieve your Code...<br />"; echo "<br><br>Click <a href='http://auth.site1.com'>here</a> to login"; } else { echo "<center><font face='Verdana' size='2' color=red >$msg <br><br><input type='button' value='Retry' onClick='history.go(-1)'></center></font>";} } ?> Config.php <?php session_start(); // Start Session header('Cache-control: private'); // IE 6 FIX // always modified header('Last-Modified: ' . gmdate("D, d M Y H:i:s") . ' GMT'); // HTTP/1.1 header('Cache-Control: no-store, no-cache, must-revalidate'); header('Cache-Control: post-check=0, pre-check=0', false); // HTTP/1.0 header('Pragma: no-cache'); // ---------- LOGIN INFO ---------- // $config_email = $POST["user_email"]; $config_authcode = $POST["authcode"]; $cookie_name = 'google-ads123123'; $cookie_time = (3600 * 24 * 30); // 30 days if(!$_SESSION['google-ads123123']) { include_once 'autologin.php'; } ?> I've got a little php script here at work that used to log into a SSH server and grab some log files and show them in a web browser. Simple stuff. Recently we've changed the login on the servers to use our VPN tokens instead of a password that I pick for my account. We can use authorized keys which works fine for me in putty and I'm trying to set that up because I keep getting prompted for user and password the "old" way.
I'm using ssh2_auth_pubkey_file and been reading the manual about it but I can't seem to get it to work
I make my connection as follows
$connection = ssh2_connect($serverHost, 22, array('hostkey'=>'ssh-rsa'));
Then setup the auth_pubkey. There is no passphrase or anything I use with putty so i left that part out
$result = ssh2_auth_pubkey_file($connection, 'username','/path/to/id_rsa.pub','/path/to/id_rsa');the information in my id_rsa.pub file matches what's in authorized_keys on the server in my username/.ssh dir I'm not 100% what else to check for? Anyone have any tips Thanks This topic has been moved to Application Frameworks. http://www.phpfreaks.com/forums/index.php?topic=353428.0 Hello,
I have been using cakePHP now for a couple projects now. My next projects involves creating a web service and the entire front-end be built in angularjs.
Now, I understand how 'Form' Authentication works, and have done some research and people tell me if I have an SSL to use Basic Auth, for a web service, which is what I am using. But I am having a problem hooking both up nicely. Now with angular, I have a call for a page and send over the username and password. If the credentials are correct, the server returns back the correct data. The problem is if the credentials are wrong, I get the normal 'Basic Auth' pop up, asking me for my username and password.
My question is, instead of the server trying to re access the same page, is there a way to return json data back?
Example : I have an angular call going to 'cakerest/projects.json' -> Credentials are ok -> Data is returned, and with javascript I console.log it and see it.
2nd time I send the incorrect user and password, and the server responds back with a popup asking for credentials.
How can I get rid of that popup and just return "{Error : 'Credential problem'};
I can post code if that would help as well.
Thank you
Hi Guys, This is my first post as part of the community. I am working on a personal project for myself and was trying to password protect some pages. Im newish to php and was wondering if HTTP AUTH headers work with MYSQL Databases for usernames and passwords. Any help or insight would be greatly appreciated! Thanks! Steve Hi everyone, this is my first post. i am starting to learn flash and other programs and haven't started on PHP yet. I have purchased a template that i am modifying and the problem i am having is that my server is a windows one and doesn't like the code that i have attached. It is very simple and doesn't offer any protection with strip slashes etc but the real problem is that i need to add the smpt auth. I have tried several lines of code but it doesnt seem to work. I cant change the headers so i am hoping i can get a little help from this community. It is greatly appreciated Hi there, Any help is greatly appreciated. I've commented out the code giving me trouble. Error = <br /> <b>Warning</b>: curl_setopt(): supplied argument is not a valid cURL handle resource in <b>/###.php</b> on line <b>34</b><br /> <br /> <b>Warning</b>: curl_setopt(): supplied argument is not a valid cURL handle resource in <b>/###.php</b> on line <b>35</b><br /> <?php $ch = curl_init(); $timeout = 30; $userAgent = $_SERVER['HTTP_USER_AGENT']; if ($_REQUEST['update']) { curl_setopt($ch, CURLOPT_URL, $_REQUEST['url']); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, $timeout); curl_setopt($ch, CURLOPT_USERPWD, $_REQUEST['username'] . ':' . $_REQUEST['password']); curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC); curl_setopt($ch, CURLOPT_USERAGENT, $userAgent); //curl_setopt($c, CURLOPT_POST, true); //curl_setopt($c, CURLOPT_POSTFIELDS, $_REQUEST['update']); curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_ANY); $response = curl_exec($ch); if (curl_errno($ch)) { echo curl_error($ch); } else { curl_close($ch); echo $response; } } Hey guys, I have an issue with my php code. After registering in my site, i (the user) can't login again. It displays a message: Quote The email and password combination you entered is incorrect. Code: [Select] <?php if(logged_in()) { $user_data = user_data('name'); echo 'Welcome, ', $user_data['name']; } else { ?> <form action="" method="post" > <p> Email: <input type="email" name="login_email" /> Password: <input type="password" name="login_password" /> <input type="submit" value="Log in" /> </p> </form> <?php } if (isset($_POST['login_email'], $_POST['login_password'])) { $login_email = $_POST['login_email']; $login_password = $_POST['login_password']; $errors = array(); if(empty($login_email) || empty($login_password)){ $errors[] = 'Email and password are required!'; } else { $login = login_check($login_email, $login_password); if($login === false) { $errors[] = 'The email and password combination you entered is incorrect.'; } } if(!empty($errors)) { foreach ($errors as $error) { echo $error. '<br />'; } } else { $_SESSION['user_id'] = $login; header('Location: index.php'); exit(); } } ?> And here's the function where I call check the login: Code: [Select] <?php function login_check($email, $password) { $email = mysql_escape_string($email); $login_query = mysql_query("SELECT COUNT(`user_id`) as `count`, `user_id` FROM `users` WHERE `email`='$email' AND `password`='".md5($password) ."'"); return(mysql_result($login_query, 0) == 1) ? mysql_result($login_query, 0, 'user_id') : false; echo mysql_error(); } ?> Any clue of what this could be? Hey, i have a small problem with the logout part of my account system. When i click the logout link, it directs me to the index page with an error (custom error stuff i made). Heres my logout code <?php echo 'Behandler ...<br />'; if(isset($_SESSION['logged']) && isset($_SESSION['email']) && $_SESSION['logged'] == 1) { echo 'Logger ud, vent venligst...'; unset($_SESSION['logged']); unset($_SESSION['email']); header('location: index.php?p=success&ploca=login&pid=1'); exit(); } else { header('location: index.php?p=error&ploca=login&pid=5'); // This is where it jumps to directly. exit(); } ?> The weird thing is, that the sessions email and logged is set, as you can see here; //Printed with print_r($_SESSION); Array ( [psite] => index [logged] => 1 [email] => a@b.c ) Anyone sees my problem? Hello,
I am making a UCP to go along side a game server. The game server adds a mysql row when a account is created and places the password under Whirlpool encryption.
I am looking for someone who can help me make a basic login page that needs to enter a user name and password, with the password then encrypting to Whirlpool or whatever needs to be done for the login to be a success.
I am a total new guy to HTML / PHP scripting and looking to do this as a learning project.
In ubuntu 19.04 with php version 7.2 , i want to add mysql user with php when i run the code below get the error: SQLSTATE[HY000] [1698] Access denied for user 'root'@'localhost' I didn't set any password for root , this is php code:
<?php
$server = "localhost";
$dbuser = "root";
$dbpassword = "";
try {
$connection = new PDO("mysql:host=$server", $dbuser, $dbpassword);
$connection->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$user = 'test' . '@' . 'localhost';
$sqlQuery = "CREATE USER . $user . ";
$connection->exec($sqlQuery);
echo "User created successfully!";
}
catch(PDOException $e){
echo $sqlQuery . "<br>" . $e->getMessage();
}
$connection = null;
?>
I need help with this ASAP!!! I pretty sure my boss will fire me if I can not figure this out tonight... PLEASE HELP! I am a graphic designer and not a programmer... PLEASE HELP ME!!! My form will not display the echoed message ("Please fill in all required (*) feilds", "Maximum length for username is 25 characters", etc.) when I hit submit... It wouldn't even show the variables when I tried to just have the form only echo the various strings... nothing appeared... the only way I could get the string values to appear was through a array like this: if(is_array($_POST)){ echo '<pre>'; print_r($_POST); echo '</pre>'; } ^^This returned the data fine... but when I try to echo on particular string and not using the array, nothing appears... This is crucial as this is how the custom error messages are displayed... Here is my PHP code: <?php $submit = $_POST['submit']; //form data $username = strip_tags($_POST['username']); $password = strip_tags($_POST['password']); $passwordrepeat = strip_tags($_POST['passwordrepeat']); $email = strip_tags($_POST['email']); $emailrepeat = strip_tags($_POST['emailrepeat']); $career_status = strip_tags($_POST['career_status']); $name_title = strip_tags($_POST['name_title']); $first_name = strip_tags($_POST['first_name']); $middle_name = strip_tags($_POST['middle_name']); $last_name = strip_tags($_POST['last_name']); $suffix = strip_tags($_POST['suffix']); $current_address1 = strip_tags($_POST['current_address1']); $current_address2 = strip_tags($_POST['current_address2']); $current_city = strip_tags($_POST['current_city']); $current_state = strip_tags($_POST['current_state']); $current_zip = strip_tags($_POST['current_zip']); $phone_home = strip_tags($_POST['phone_home']); $phone_mobile = strip_tags($_POST['phone_mobile']); $preferred_contact = strip_tags($_POST['preferred_contact']); $school_name = strip_tags($_POST['school_name']); $school_city = strip_tags($_POST['school_city']); $school_state = strip_tags($_POST['school_state']); $school_gradYear = strip_tags($_POST['school_gradYear']); $med_school_debt = strip_tags($_POST['med_school_debt']); $monthly_debt_payment = strip_tags($_POST['monthly_debt_payment']); $credit_score = strip_tags($_POST['credit_score']); $marital_status = strip_tags($_POST['marital_status']); $current_employer_name = strip_tags($_POST['current_employer_name']); $current_employer_city = strip_tags($_POST['current_employer_city']); $current_employer_state = strip_tags($_POST['current_employer_state']); $current_position = strip_tags($_POST['current_position']); $current_specialty = strip_tags($_POST['current_specialty']); $current_employer_startDate_mm = strip_tags($_POST['current_employer_startDate_mm']); $current_employer_startDate_yyyy = strip_tags($_POST['current_employer_startDate_yyyy']); $changing_employer = strip_tags($_POST['changing_employer']); $current_employer_endDate_mm = strip_tags($_POST['current_employer_endDate_mm']); $current_employer_endDate_yyyy = strip_tags($_POST['current_employer_endDate_yyyy']); $future_employer_name = strip_tags($_POST['future_employer_name']); $future_employer_city = strip_tags($_POST['future_employer_city']); $future_employer_state = strip_tags($_POST['future_employer_state']); $future_position = strip_tags($_POST['future_position']); $future_specialty = strip_tags($_POST['future_specialty']); $future_employer_startDate_mm = strip_tags($_POST['future_employer_startDate_mm']); $future_employer_startDate_yyyy = strip_tags($_POST['future_employer_startDate_yyyy']); $destination_city = strip_tags($_POST['destination_city']); $destination_state = strip_tags($_POST['destination_state']); $move_date_mm = strip_tags($_POST['move_date_mm']); $move_date_yyyy = strip_tags($_POST['move_date_yyyy']); $prop_single_family = strip_tags($_POST['prop_single_family']); $prop_townhouse = strip_tags($_POST['prop_townhouse']); $prop_condo = strip_tags($_POST['prop_condo']); $prop_co_op = strip_tags($_POST['prop_co_op']); $prop_duplex = strip_tags($_POST['prop_duplex']); $prop_mobile = strip_tags($_POST['prop_mobile']); $prop_other = strip_tags($_POST['prop_other']); $num_bedrooms = strip_tags($_POST['num_bedrooms']); $num_bath = strip_tags($_POST['num_bath']); $price_low = strip_tags($_POST['price_low']); $price_high = strip_tags($_POST['price_high']); $prop_purpose = strip_tags($_POST['prop_purpose']); $need_realtor = strip_tags($_POST['need_realtor']); $need_lender = strip_tags($_POST['need_lender']); $need_refinance_NoCash = strip_tags($_POST['need_refinance_NoCash']); $need_refinance_TakeCash = strip_tags($_POST['need_refinance_TakeCash']); $need_home_equity = strip_tags($_POST['need_home_equity']); $need_commercial = strip_tags($_POST['need_commercial']); $need_practice = strip_tags($_POST['need_practice']); $mortgage_needs = strip_tags($_POST['mortgage_needs']); $most_important = strip_tags($_POST['most_important']); $keep_property_time = strip_tags($_POST['keep_property_time']); $keep_mortgage_time = strip_tags($_POST['keep_mortgage_time']); $program_foundHome_lowDown_NoPMI = strip_tags($_POST['program_foundHome_lowDown_NoPMI']); $program_foundHome_20down_bestRate = strip_tags($_POST['program_foundHome_20down_bestRate']); $program_foundHome_20down_specializedLender = strip_tags($_POST['program_foundHome_20down_specializedLender']); $program_preapproved_physLoan = strip_tags($_POST['program_preapproved_physLoan']); $program_preapproved_coventionalLoan = strip_tags($_POST['program_preapproved_coventionalLoan']); $program_lenderBailed = strip_tags($_POST['program_lenderBailed']); $program_poorCredit = strip_tags($_POST['program_poorCredit']); $referral_source = strip_tags($_POST['referral_source']); $registration_date = date("Y-m-d"); if ($submit) { //check that required fields are completed if ($username&&$password&&$passwordrepeat&&$email&&$emailrepeat&&$career_status&&$first_name&&$last_name) { //encrypt password $password = md5($password); $passwordrepeat = md5($passwordrepeat); if ($password==$passwordrepeat) { //check character length of username and if (strlen($username)>25) { echo "Maximum length for username is 25 characters."; } else { //check password length if (strlen($password)>25||(strlen($password)<6)) { echo "Password must be between 6 and 25 characters in length."; } else { //register the user echo "Success!"; } } } else echo "Your passwords do not match. Please re-enter and hit submit again."; } else echo "Please fill in all required (*) feilds."; } ?> Here is my form: http://www.doctorbrownshoes.com/testPHP/registration.php I added some code last night that updates the "last_activity" field in the "member" table whenever the "body_header.inc.php" script is called, which means that pretty much whenever the User navigates to a new page or submits a form this field is updated. (I use this to kep my "User Online Status" up-to-date.) Everything was working fine until I suddenly started getting a "Cannot modify header" error before bed. Here is ONE sequence causing this error... - I am logged out - I am on http://local.debbie/index.php - I click on the "Log In" link - I am taken to http://local.debbie/members/log_in.php - I log in - I get this error... Quote Warning: Cannot modify header information - headers already sent by (output started at /Users/user1/Documents/DEV/++htdocs/05_Debbie/index.php:22) in /Users/user1/Documents/DEV/++htdocs/05_Debbie/components/body_header.inc.php on line 48 Here is part of my main index.php script... <?php //Build Date: 2012-03-08 // Initialize a session. session_start(); // Access Constants. require_once('config/config.inc.php'); // Set current Script Name. $_SESSION['returnToPage'] = $_SERVER['SCRIPT_NAME']; ?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <!-- ################## DEBBIE ##################### --> <!-- HTML Metadata --> <title>Double Dee, Inc.</title> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <!-- Page Stylesheets --> <link type="text/css" rel="stylesheet" href="css/_main.css" /> <link type="text/css" rel="stylesheet" href="css/_layout.css" /> <link type="text/css" rel="stylesheet" href="css/top_menu.css" /> <link type="text/css" rel="stylesheet" href="css/components.css" /> </head> <body> <div id="pageWrapper" class="clearfix"> <div id="pageInner"> <!-- BODY HEADER --> <?php require_once('components/body_header.inc.php'); ?> <!-- LEFT COLUMN --> <div id="pageLeftCol"> Here is a snippet from my body_header.inc.php script... <?php //Build Date: 2012-03-08 // ************************ // Update Last Activity. * // ************************ if ((isset($_SESSION['loggedIn'])) && ($_SESSION['loggedIn'] == TRUE)){ // Initialize Session. // session_start(); // Access Constants. // require_once('../config/config.inc.php'); // Initialize variables. $loggedIn = TRUE; $memberID = (isset($_SESSION['memberID']) ? $_SESSION['memberID'] : ''); // ************************ // Update Member Record. * // ************************ // Connect to the database. require_once(WEB_ROOT . 'private/mysqli_connect.php'); // Build query. $q1 = "UPDATE member SET logged_in=?, last_activity=now() WHERE id=? LIMIT 1"; // Prepare statement. $stmt1 = mysqli_prepare($dbc, $q1); // Bind variables to query. mysqli_stmt_bind_param($stmt1, 'si', $loggedIn, $memberID); // Execute query. mysqli_stmt_execute($stmt1); // Verify Update. if (mysqli_stmt_affected_rows($stmt1)!==1){ // Update Failed. $_SESSION['resultsCode'] = 'MEMBER_UPDATE_FAILED_2126'; // Redirect to Display Outcome. header("Location: " . BASE_URL . "members/results.php"); // End script. exit(); }//End of UPDATE MEMBER RECORD // Close prepared statement. mysqli_stmt_close($stmt1); // Close the connection. mysqli_close($dbc); /* */ }//End of UPDATE LAST ACTIVITY /* // Determine Current Script. $page = basename($_SERVER['REQUEST_URI']); if ($page == '') { $page = "index.php"; } */ // Determine Script Name. $scriptName = $_SERVER['SCRIPT_NAME']; ?> <!-- PAGE HEADER --> <div id="pageHeader"> <!-- COMPANY BRANDING --> <h1 id="companyLogo"> <!-- Display Logo if "Images On" --> <a href="/index.php"> <!-- Image Replacement Technique --> <span></span> </a> <!-- Display Text if "Images Off" --> DoubleDee, Inc: Tips on starting a Small-Business </h1> <!-- WELCOME MESSAGE --> <?php $firstName = (isset($_SESSION['memberFirstName']) ? $_SESSION['memberFirstName'] : ''); I was mindful of extra white space possibly causing the issue, but I don't see where it is?! The "Update Last Activity" code was added to my Header last night and is likely the culprit... Any ideas what is wrong?? Thanks, Debbie Quote Hi guys, I have a question, I have a fairly large site wich we have resellers for, but in certain circumstances for admin purposes, we need to be able to login under the same credentials EG: I might be doing something on one machine and i need to log in on another machine to do something else but with my user name and pass At the moment when i try to to this It will log out the session already logged in when i try to log in from the other machine Is there away around this,, i suspect that when i log in from the other machine its ending the first session Any Idears Guys and Gals..... really stuck hi, i have made a website where people resgister their details of them and products. they have to enter the following details in form Name of company name of the product company address email id password mobile number contact and brief details about their company
user can then login with email id and pwd. now after login ..user will get a page where he can upload the photos of products images and their price, so now my question is that when he finishes uploading (|by clicking on upload button) the product images and price text box ..then on final uploaded webspage it should show all other things which he registerd before (company name , mobile number etc) along with images and price...hence the main question that user does not need to enter mobile and address while uploading images and filling proce ..but on the final page it should show mobile and address along with price and images..as user is not going to enter mobile and address again and again as he will have multiple products to upload.
I would appreciate your assistance, there are tons of login scripts and they work just fine. However I need my operators to login and then list their activities for the other operators who are logged in to see and if desired send their clients on the desired activity. I have the login working like a charm and the activities are listed just beautifully. How do I combine the two tables in the MySQL with PHP so the operator Logged in can only make changes to his listing but see the others. FIRST THE ONE script the member logges in here to the one table in MSQL: <?php session_start(); require_once('config.php'); $errmsg_arr = array(); $errflag = false; $link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD); if(!$link) { die('Failed to connect to server: ' . mysql_error()); } $db = mysql_select_db(DB_DATABASE); if(!$db) { die("Unable to select database"); } function clean($str) { $str = @trim($str); if(get_magic_quotes_gpc()) { $str = stripslashes($str); } return mysql_real_escape_string($str); } $login = clean($_POST['login']); $password = clean($_POST['password']); if($login == '') { $errmsg_arr[] = 'Login ID missing'; $errflag = true; } if($password == '') { $errmsg_arr[] = 'Password missing'; $errflag = true; } if($errflag) { $_SESSION['ERRMSG_ARR'] = $errmsg_arr; session_write_close(); header("location: login-form.php"); exit(); } $qry="SELECT * FROM members WHERE login='$login' AND passwd='".md5($_POST['password'])."'"; $result=mysql_query($qry); if($result) { if(mysql_num_rows($result) == 1) { session_regenerate_id(); $member = mysql_fetch_assoc($result); $_SESSION['SESS_MEMBER_ID'] = $member['member_id']; $_SESSION['SESS_FIRST_NAME'] = $member['firstname']; $_SESSION['SESS_LAST_NAME'] = $member['lastname']; session_write_close(); header("location: member-index.php"); exit(); }else { header("location: login-failed.php"); exit(); } }else { die("Query failed"); } ?> ................................................. ................................ Now I need the person who logged in to the table above to be able to make multiple entries to the table below <? $ID=$_POST['ID']; $title=$_POST['title']; $cost=$_POST['cost']; $activity=$_POST['activity']; $ayear=$_POST['aday']; $aday=$_POST['ayear']; $seats=$_POST['special']; $special=$_POST['seats']; mysql_connect("xxxxxx", "xxx350234427", "========") or die(mysql_error()); mysql_select_db("xxxx") or die(mysql_error()); mysql_query("INSERT INTO `activity` VALUES ('ID','$title', '$cost','$activity', '$aday', '$ayear', '$special', '$seats')"); Print "Your information has been successfully added to the database!" ?> Click <a href="member-profile.php">HERE</a> to return to the main menu <?php ?> |
|||||||