|
PHP - How To Construct A Log-in System With Multiple Usernames And Passwords
Hey All,
I'm tryin to make a log-in system for multiple usernames and passwords, but I don't really know how many if statements i'd need for it.. I'm also a noob.. Code: [Select] <?php session_start(); $users = array("user1" =>"3202", "user2" =>"2002", "user3" =>"1061", "user4"=>"1400", "user5"=>"1001"); if($_REQUEST['username'] == "infs" && $_REQUEST['password'] == "3202"){ $_SESSION['username'] = "user1" ; $_SESSION['password'] = "3202" ; $_SESSION['username'] = "user2" ; $_SESSION['password'] = "2002" ; $_SESSION['username'] = "user5" ; $_SESSION['password'] = "1001" ; $_SESSION['username'] = "user3" ; $_SESSION['password'] = "1061" ; $_SESSION['username'] = "user4" ; $_SESSION['password'] = "1400" ; header("Location: home.php "); }else{ After checking if the matching username and password exist in my array then save them in a session... What's the best way of doing it? Similar TutorialsHi I'm trying to make use of an array with usernames in it and want to make use of it to display users with those usernames in a certain color in this case Im trying red.
I've made an array with username in it
$admin = array("SYSOP","~cobusbo~");
and I've tried to print these messages with color with the If function without luck
if ($name == $admin) {
$name = print '<span style="color:red">' . $_SERVER["HTTP_X_MXIT_NICK"] . '</span>';
}
else
{
$name = print $_SERVER["HTTP_X_MXIT_NICK"];
}
Here is my full code
<?php
/*** begin the session ***/
session_start();
/*** create the form token ***/
$form_token = uniqid();
/*** add the form token to the session ***/
$_SESSION['form_token'] = $form_token;
define('TIMEZONE', 'Africa/Harare');
date_default_timezone_set(TIMEZONE);
// database connection info
$conn = mysql_connect('**********','********','**********') or trigger_error("SQL", E_USER_ERROR);
$db = mysql_select_db('u506124311_cobus',$conn) or trigger_error("SQL", E_USER_ERROR);
// find out how many rows are in the table
$sql = "SELECT COUNT(*) FROM StringyChat";
$result = mysql_query($sql, $conn) or trigger_error("SQL", E_USER_ERROR);
$r = mysql_fetch_row($result);
$numrows = $r[0];
// number of rows to show per page
$rowsperpage = 20;
// find out total pages
$totalpages = ceil($numrows / $rowsperpage);
// get the current page or set a default
if (isset($_GET['currentpage']) && is_numeric($_GET['currentpage'])) {
// cast var as int
$currentpage = (int) $_GET['currentpage'];
} else {
// default page num
$currentpage = 1;
} // end if
// if current page is greater than total pages...
if ($currentpage > $totalpages) {
// set current page to last page
$currentpage = $totalpages;
} // end if
// if current page is less than first page...
if ($currentpage < 1) {
// set current page to first page
$currentpage = 1;
} // end if
// the offset of the list, based on current page
$offset = ($currentpage - 1) * $rowsperpage;
/*
* StringyChat
*
* Please refer to readme.txt supplied with the StringyChat distribution for information on
* installing and configuring.
*
*/
define('TIMEZONE', 'Africa/Harare');
date_default_timezone_set(TIMEZONE);
include("chat_code_header.php");
$result = mysql_query("SELECT * FROM ".$ConfigTable, $db);
$myrow = mysql_fetch_array($result);
$domain_installed = $myrow["domain_installed"]; // The domain StringyChat is installed on
$install_url = $myrow["install_url"]; // URL to install dir of StringyChat
$name_size = $myrow["name_size"]; // Maximum size of the name
$message_size = $myrow["message_size"]; // Maximum message size. Do not exceed 250 as this is the database limit.
$line_length = $myrow["line_length"]; // Maximum length of words in a line. Anything above this value will be split.
$ShowPostNum = $myrow["show_posts"]; // The number of historic posts to load and display.
$email_notification = $myrow["email_notification"]; // Send email to administrator when new posts are made. 0 = No, 1 = Yes
$email_notification_to = $myrow["email_notification_to"]; // The email address to send notifications to
if ($_SERVER['REQUEST_METHOD'] == "POST" && !empty($_POST['StringyChat_name']))
{
$StringyChat_name = $_POST['StringyChat_name'];
$StringyChat_message = $_POST['StringyChat_message'];
}
?>
<div id="StringyChat">
<?
// Check if visitor's IP is banned. If so, do not display the form,
// show a banned IP message instead.
$ip = $_SERVER["REMOTE_ADDR"];
$sql = "SELECT * FROM StringyChat_IPBan WHERE ip=\"$ip\"";
$result = mysql_query($sql);
$myrow = mysql_fetch_array($result);
if($myrow["ip"] == "") { // Checks if IP not found in banned list
?>
<html><form name="StringyChat_form" method="POST" action="<? echo $_SERVER['REQUEST_URI']; ?>">
<br>
<input type="hidden" name="StringyChat_name" class="StringyChatFrm" value="<?php $name ?>1" size="20">
<br>
<textarea name="StringyChat_message" class="StringyChatFrm" cols="20" rows="4"></textarea>
<br>
<input name="StringyChat_submit" class="StringyChatFrm" type="submit" value="Post Message">
</form>
</html>
<?
} else {
echo "Posting disabled - Your IP has been banned.";
}
// Should we try to create a post?
if (isset($StringyChat_name) && isset($StringyChat_message)) {
// Remove whitespaces and slashes.
$name = trim(stripslashes($StringyChat_name));
$message = trim(stripslashes($StringyChat_message));
// Check name and message have been entered.
if (strlen($name) > 0 && strlen($message) > 0) {
// Limit the size of the fields as per variable defnitions.
if (strlen($name) > $name_size) {
$name = substr($name, 0, $name_size);
}
if (strlen($message) > $message_size) {
$message = substr($message, 0, $message_size);
}
// Remove new lines from name.
$name = str_replace("\n", " ", $name);
// Stripping out \r's so email formattnig appears correctly.
$message = str_replace("\r", "", $message);
// Create an email-friendly version of the message.
$message_emailable = str_replace("<br>", "\n", $message);
$result_wordswap = mysql_query("SELECT * FROM ".$WordBanTable,$db);
while ($myrow_wordswap = mysql_fetch_array($result_wordswap)) {
$the_word = $myrow_wordswap["word"];
$message_emailable = ereg_replace($the_word, "!*#$%",$message_emailable);
}
// Replace the new lines with encoded line breaks for HTML (thanks milahu).
$message = str_replace("\n", "c#lb", $message);
// Use HTML encoding on ame and message so database doesn't misinterpret data.
$name = htmlentities($name);
$message = htmlentities($message, ENT_COMPAT);
// IP address of submitter and time of post.
$ip = $_SERVER["REMOTE_ADDR"];
$name = $_SERVER["HTTP_X_MXIT_NICK"];
$msg = $_POST['StringyChat_message'];
$post_time = date("U");
$admin = array("SYSOP","~cobusbo~");
$mxitid = $_SERVER["HTTP_X_MXIT_USERID_R"];
if ($name == $admin) {
$name = print '<span style="color:red">' . $_SERVER["HTTP_X_MXIT_NICK"] . '</span>';
}
else
{
$name = print $_SERVER["HTTP_X_MXIT_NICK"];
}
if(!isset($mxitid, $name ))
{
$mxitid = "DEFAULT";
$name = "SYSOP";
}
// check to see if a duplicate exists
$sql = "SELECT * FROM StringyChat WHERE StringyChat_ip=\"$ip\" AND StringyChat_message=\"$msg\" AND StringyChat_time>($post_time - 3600 )";
$result = mysql_query($sql);
$myrow = mysql_fetch_array($result);
if($myrow["StringyChat_message"] == "") { // Checks if record not matching in db
// Save the record
$sql = "INSERT INTO StringyChat (StringyChat_ip,StringyChat_name,StringyChat_message,StringyChat_time,mxit_id) VALUES (\"$ip\",\"$name\",\"$msg\",$post_time,$mxitid)";
$result = mysql_query($sql);
$theTo = $email_notification_to;
$theSubject = "New StringyChat post at ".$domain_installed;
$theMessage = "A new StringyChat post has been made.\n\n";
$theMessage .= $name . "\n";
$theMessage .= date("H:i - d/m/y", $post_time) . "\n";
$theMessage .= $message_emailable . "\n\n";
$theMessage .= "Visit ".$domain_installed." to view StringyChat and much more!";
$theHeaders = "From: StringyChat at ".$domain_installed." <".$email_notification_to.">\r\n";
mail($theTo,$theSubject,$theMessage,$theHeaders);
} else {
echo "Duplicate post detected<br>";
}
}
else {
echo "<font color=\"red\">You must Type a message</font><br><br>";
}
unset($_POST["StringyChat_name"]);
unset($_POST["StringyChat_message"]);
unset($StringyChat_ip);
unset($StringyChat_name);
unset($StringyChat_message);
unset($StringyChat_time);
}
// get the info from the db
$sql = "SELECT StringyChat_time, StringyChat_name, StringyChat_message FROM StringyChat ORDER BY id DESC LIMIT $offset, $rowsperpage";
$result = mysql_query($sql, $conn) or trigger_error("SQL", E_USER_ERROR);
function filterBadWords($str)
{
$result1 = mysql_query("SELECT word FROM StringyChat_WordBan") or die(mysql_error());
$replacements = ":-x";
while($row = mysql_fetch_assoc($result1))
{
$str = eregi_replace($row['word'], str_repeat(':-x', strlen($row['word'])), $str);
}
return $str;
}
// while there are rows to be fetched...
while ($list = mysql_fetch_assoc($result))
//while (($pmsg = $list['StringyChat_message'] == $bwords) ? ":-x" : $list['StringyChat_message'])
{
// echo data
//echo ($pmsg = ($list['StringyChat_message'] == $bwords) ? ":-x" : $list['StringyChat_message'])
print '<span style="color:#828282">' . '(' . date( 'D H:i:s', $list['StringyChat_time'] ) . ') ' . '</span>' . '<b>' . $list['StringyChat_name'] . '</b>' . ' : ' . filterBadWords($list['StringyChat_message']) . '<br />';
}
// Load up the last few posts. The number to load is defined by the "ShowPostNum" variable.
$result = mysql_query("SELECT * FROM ".$dbTable." ORDER BY StringyChat_time DESC LIMIT " . $ShowPostNum,$db);
include("sort_widths.php");
while ($myrow = mysql_fetch_array($result)) {
$msg = $myrow["StringyChat_message"];
// Convert the encoded line break into an actual <br> tag (thanks milahu)
$msg = str_replace("c#lb", "<br>", $msg);
// Convert the encoded image tag into a html tag
$msg = eregi_replace("im#([a-z]{3})", "<img src=\"http://".$install_url."images/\\1.gif\" alt=\"emoticon\">",$msg);
// split the lines
$msg = htmlwrap($msg, $line_length);
$result_wordswap = mysql_query("SELECT * FROM ".$WordBanTable,$db);
while ($myrow_wordswap = mysql_fetch_array($result_wordswap)) {
$the_word = $myrow_wordswap["word"];
$msg = ereg_replace($the_word, ":-x",$msg);
}
}
?>
<?
// end while
/****** build the pagination links ******/
// range of num links to show
$range = 3;
// if not on page 1, don't show back links
if ($currentpage > 1) {
// show << link to go back to page 1
echo " <a href='{$_SERVER['PHP_SELF']}?currentpage=1'><<</a> ";
// get previous page num
$prevpage = $currentpage - 1;
// show < link to go back to 1 page
echo " <a href='{$_SERVER['PHP_SELF']}?currentpage=$prevpage'><</a> ";
} // end if
// loop to show links to range of pages around current page
for ($x = ($currentpage - $range); $x < (($currentpage + $range) + 1); $x++) {
// if it's a valid page number...
if (($x > 0) && ($x <= $totalpages)) {
// if we're on current page...
if ($x == $currentpage) {
// 'highlight' it but don't make a link
echo " [<b>$x</b>] ";
// if not current page...
} else {
// make it a link
echo " <a href='{$_SERVER['PHP_SELF']}?currentpage=$x'>$x</a> ";
} // end else
} // end if
} // end for
// if not on last page, show forward and last page links
if ($currentpage != $totalpages) {
// get next page
$nextpage = $currentpage + 1;
// echo forward link for next page
echo " <a href='{$_SERVER['PHP_SELF']}?currentpage=$nextpage'>></a> ";
// echo forward link for lastpage
echo " <a href='{$_SERVER['PHP_SELF']}?currentpage=$totalpages'>>></a> ";
} // end if
/****** end build pagination links ******/
?><br>
<html> <i>Type your Message here...</i>:<br></html>
I'm looking to know the best way to process a search query that has multiple words in the search: Code: [Select] elseif(isset($_GET['search'])){ $search=$_GET['search']; $keyword=explode(" ",$search); //database query } Should I do a while loop query the database for each keyword? Hello PHP mates! I am having some doubts and I am going to share them with you so maybe someone can help. Okay, I know how to make signup and login page. And here is the problem. How to make signup page for multiple types of users? For example, type A user has its own signup form, user type B also has its own and same goes for C type of user. How can I make that? Thanks in advance PHP freaks! Hey. I just needed a little help with a voting system for articles I've put together in PHP. Essentially what happens is someone clicks the "Vote up" button which takes them to the "voteup.php" page. This is the "voteup.php" page where it updates the database for that given article and increments the "votes" column by one. This works perfectly. But the problem is people can do this infinite times and give articles infinite votes. I need it so that each IP address can only vote on each specific article once. Any ideas on how this could be done? Voteup.php Code: [Select] <?php include("connect.php"); $id2 = $_GET['id']; // Get the ID of the article that will be voted up $con = mysql_connect("localhost","lconditn_admin","hello"); if (!$con) { die('Could not connect: ' . mysql_error()); } mysql_select_db("lconditn_database", $con); mysql_query("UPDATE base SET votes = votes+1 // Add one vote to the article WHERE id2 = '$id2'"); mysql_close($con); ?> Thanks a lot for any help with this. I am looking at the following code snippet:
functioncall(array(),$variable)
I've looked everywhere, but cannot find what this is supposed to mean.
In the function that is called I see
function functioncall($var = array(), $var1 = array())
Is this some kind of cast??
Thanks!
hi, cane somebody please explain how to use the declare contruct of PHP some code snippets may help..thanks in advance Struggling to get my head round this, may be really simple and im just not seeing it because im tired, but why does the following code generate two files? <?php class x { var $val = ''; var $cfg = array(); public function __construct($somevalue) { $this->val = $somevalue; file_put_contents(rand(0,1000).'init','null'); } public function addcfg($name,$value) { $this->cfg[$name] = $value; } } //Create $somevalue = 'abc'; $x = new x($somevalue); //Add database config $x->addcfg('name','dbname'); $x->addcfg('user','dbuser'); $x->addcfg('pass','dbpass'); Hi Chaps, I have a while loop which produces a couple of variables: do { $L_NAME.$i = 'Item 1'; $L_NUMBER.$i = '0001'; $L_QTY.$i = '1'; $L_AMT.$i = 10.50; $NVP.$i = "L_NAME.$i.= .$L_NAME.$i.&L_NUMBER.$i. = .$L_NUMBER.$i.&"; } while($i == $items); Basically what I need to do is contruct a parameter made up of all the $NVP variables. I've a feeling that I would need to add each variable to an array and then use a foreach statement, but I'm not 100% sure. I'd be interested in the correct way to go about this, any comments welcome! Hi all. I'm just getting my feet wet with OOPHP. My question is "why have a setter method when you can just use the __construct method to set everything?" and "would you need a separate setter method for each attribute of an object?"(i.e. set_first, set_last, set_gender, etc.) The code... <?php class person{ var $first; var $last; var $gender; function __construct($first,$last,$gender){ $this->first=$first; $this->last=$last; $this->gender=$gender; } function set_first($new_name){ $this->first=$new_name; } function get_person(){ return $this->first . $this->last . $this->gender; } } ?> Hey all, I posted a few months ago trying out my first salted password and I utterly failed lol. This is a small snippet from my current attempt. Code: (php) [Select] $salt = md5(uniqid(rand())); $Pass_S = md5($pass.$salt); This is only the password and salt generation part. I'm sure the salt generation is probably too simple so please feel free to give your thoughts on that part. Also the salt is stored on the database to be pulled up later for login uses. Thanks all! I came across this amazing (not) blog to allow the user to reset their password. It basically does:
User submits their email to server and requests new password.
Server gets their users_id from the DB based on their email, and emails them with a link which contains ?encrypt=md5(1290*3+USERS_ID).
When clicked, server retrieves user where md5(90*13+USERS_ID)=$_GET['encrypt'], and display a form. I think the math is a typo.
When the form is submitted, the password is changed.
What is the correct way to do this?
Hey, I know this questions get asked a lot but here is a different version of it. What is a simple and secure method for storing data/passwords? I know there is a lot of debate in this subject but I run a browser game off my server and just want the data to be encrypted. is this good enough or is this easy to crack? Code: [Select] <?php $password = 'abcdefg'; $salt = 'whateversecrethash'; $pw_hash = md5($salt.$password); ?> or I just found this tutorial is this up to date and actually a good method? http://webhole.net/2010/10/30/php-password-encryption-with-salt/ What do I need to do to *safely* capture and store User Passwords in a Registration Form? There was a thread that I started a few months ago where someone had given a really good response talking about "Salt" and so on, but for the life of me I cannot find that info. Nonetheless, I need some help getting my head back into this topic! My Registration Form is complete, and the last thing I need to do is make sure Users enter a "Strong Password" and then I need to store that somewhere, somehow, in the most *secure* manner possible... Thanks, Debbie This is my code it's not working.
$username = $_POST['username'];
$password = $_POST['password'];
$encrypt_password = md5($password);
$email = $_POST['email'];
$usrsql = "SELECT * FROM $tbl_name WHERE username='$username' AND password='$encrypt_password'";
//--> Below is the INSERT Code
$query = "INSERT INTO `x_users` (username, password, email) VALUES ('$username', '$encrypt_password', '$email')";
$result = mysql_query($query);
if($result == 1) {
print("Thank you, your accout has been created!");
}
Can anyone tell me why the md5() function is not working?
Edited by Tom8001, 28 November 2014 - 07:49 PM. I'm incorporating a dynamic salt into my user system, but I'm not sure how to store the salt itself. The password is hashed and added to the database, but wouldn't you need to store the salt as plain text in the database in order to verify the login later? Also, I've read that using both a dynamic and static salt is good practice. If this is the case, is the static salt simply defined within the PHP? Or is there another method to storing it? Thanks for the help I'll start by apologizing for the stupid decision that led to this question. A few years ago, I created a PHP/Myysql site with a login system and I created a field in the MySQL called "password" and it stored literally the exact password people entered (I know, I know).
The site has proven to have nice traffic potential, so I am going to re-vamp everything, including storing passwords properly (i.e. hashed).
My first question... Is there a way to convert regular text passwords to hashed passwords? For example, I could create a new field in the "User" table for "hashedpassword" and write a script that takes all the insecure passwords and turns them into hashed passwords. Then deleted the previous "bad" password field from the database. This would allow me to do it without the customer every knowing anything changed.
Quick googling appears to support that it IS doable rather easily, with something like...
UPDATE mytable SET password = MD5(password)If not, I guess I would have to create a thing where the first time omeone logged in after I put hashing in place, the site would force them to change their password. I'd rather not annoy the visitors if it all possible. Second question, what is the proper/recommended hashing method to use? Some people seem to poo-poo MD5. If you agree, should I use: MD5 SHA MD5 with a salt SHA with a salt Something else i never heard of NOTE: My site is a fantasy sports site, so the data involved is not overly important. Maybe a salt is overkill? Or is being overly safe never a bad thing? Lastly, don't need to address this, but if anyone can explain it like I'm 5 that would be great because i must be missing something... if you can easily turn a regular password into a hashed password, couldn't hackers easily do the reverse, which would render the hashing almost useless? I get that salting helps, but before salting (i.e. doing ONLY MD5), I don't see how hashing helped that much (if you could reverese figure out the password). What am I missing? Thanks! Greg Edited by galvin, 13 November 2014 - 09:44 AM. hello dear PHP-Fans - greetings to you - and a happy new year!! i set up a WAMP-System on my openSuse 11.4 system. In order to learn as much as i can bout PHP i want to do some tests and write some scripts. Well the WAMP is allready up and running. Now i try to give the writing access to the folder mkdir /srv/www/ where the php-scripts should go in... i want to give write permission to all to all files in /srv/www As root I generally: mkdir /srv/www/ chown <webmaster usrername> /srv/www/ /srv/www/ should be readable and traversable by all, but only writeable by it's owner (the user designated as the webmaster.) can i do this like mentioned above,... Love to hear from you greetings db1 Hi there I have a problem here, I think I may know what it is but just wanted some guidance on this issue. I took the logic from a previous help from the people on this forum and here is my landing page: <?php // ini_set("display_errors", 1); // randomly starts a session! session_name("jeremyBasicLogin"); session_start(); if(isset($_SESSION['username'])) { // display whatever when the user is logged in: echo <<<ADDENTRY <html> <head> <title>User is now signed in:<title> </head> <body> <h1>You are now signed in!</h1> <p>You can do now what you want to do!</p> </body> </html> ADDENTRY; } else { // If anything else dont allow access and send back to original page! header("location: signin.php"); } ?> This is where the user goes to when they go to this system (not a functional system, ie it doesnt actually do anything its more for my own theory. As you wont have a session on the first turn to this page it goes to: signin.php which contains: <?php // ini_set("display_errors", 1); require_once('func.db.connect.php'); if(array_key_exists('submit',$_POST)) { dbConnect(); // connect to database anyways! // Do a procedure to log the user in: // Santize User Inputs $username = trim(stripslashes(mysql_real_escape_string($_POST['username']))); // cleans up with PHP first! $password = trim(stripslashes(mysql_real_escape_string(md5($_POST['password'])))); // cleans up with PHP first! $sql = "SELECT * FROM users WHERE username='$username' AND password='$password'"; $result = mysql_query($sql); if(mysql_num_rows($result) == 1) { session_name("jeremyBasicLogin"); session_start(); $_SESSION['is_logged_in'] = true; $_SESSION['username'] = $username; //print_r($_SESSION); // debug purposes only! $_SESSION['time_loggedin'] = time(); // this is adding to the array (have seen the output in the SESSION vars! // call function to update the time stamp in MySQL? header("location: index.php"); } else if(mysql_num_rows($result) != 1) { $message = "You typed the wrong password or Username Please retry!"; } } else { $message = ""; } // displays the login page: echo <<<LOGIN <html> <body> <h1>Example Login</h1> <form id="login" name="login" action="{$_SERVER['PHP_SELF']}" method="post"> <label for="username">Username: </label><input type="text" id="username" name="username" value="" /><br> <label for="password">Password: </label><input type="text" id="password" name="password" value="" /><br> <input type="submit" id="submit" name="submit" value="Login" /> </form> LOGIN; echo "<p>" . $message . "</p>"; echo <<<LOGIN <p>Please Login to View and Edit Your Entries</p> <p><a href="register.php">Click Here To Signup</a><p> </body> </html> LOGIN; ?> This checks through user inputs and hopefully logs them in, when Ive inserted the data into the database itself it works, if I try and login but if a user fills in this form: signup.php: <?php //ini_set("display_errors", 1); $message =''; require_once('func.db.connect.php'); if(array_key_exists('submit',$_POST)) { dbConnect(); // connect to database anyways! // do some safe protecting of the users variables, apply it to all details! $username = trim(stripslashes(mysql_real_escape_string($_POST['username']))); // cleans up with PHP first! $email = trim(stripslashes(mysql_real_escape_string($_POST['email']))); // cleans up with PHP first! $password = trim(stripslashes(mysql_real_escape_string(md5($_POST['password'])))); // does as above but also encrypts it using the md5 function! $password2 = trim(stripslashes(mysql_real_escape_string(md5($_POST['password2'])))); // does as above but also encrypts it using the md5 function! if($username != '' && $email != '' && $password != '' && $password2 != '') { // do whatever when not = to nothing/empty fields! if($password === $password2) { // do database stuff to enter users details $sql = "INSERT INTO `test`.`users` (`id` ,`username` ,`password`) VALUES ('' , '$username', MD5( '$password' ));"; $result = mysql_query($sql); if($result) { $message = 'You may now login by clicking <a href="index.php">here</a>'; } } else { // echo out a user message says they got their 2 passwords incorrectly typed: $message = 'Pleae re enter your password'; } } else { // they where obviously where empty $message = 'You missed out some required fields, please try again'; } } echo <<<REGISTER <html> <body> <h1>Register Form</h1> <p>Please fill in this form to register</p> <form id="register" name="register" action="{$_SERVER['PHP_SELF']}" method="post"> <table> <tr> <td><label for="username">Username: </label></td> <td><input type="text" id="username" name="username" value="" /></td> </tr> <tr> <td><label for="email">Email: </label></td> <td><input type="text" id="email" name="email" value="" /></td> </tr> <tr> <td><label for="password">Password: </label></td> <td><input type="text" id="password" name="password" value="" /></td> </tr> <tr> <td><label for="password">Confirm Password: </label></td> <td><input type="text" id="password2" name="password2" value="" /></td> </tr> <tr> <td><input type="submit" id="submit" name="submit" value="Register" /></td> </tr> <table> REGISTER; echo "<p>" . $message . "</p>"; echo <<<REGISTER </form> </body> </html> REGISTER; ?> As I said when the user signs up when submitting the above form, it doesnt work, keeps coming up with a different value for the password, so I am about 99% certain its the password, but I have been maticulous about copying in the sanitize function for SQL injections and it just doesnt still work, really puzzled now. Any helps appreciated, Jeremy. This topic has been moved to MySQL Help. http://www.phpfreaks.com/forums/index.php?topic=351561.0 Ok I'm trying to insert multiple rows by using a while loop but having problems. At the same time, need to open a new mysql connection while running the insert query, close it then open the previous mysql connection. I managed to insert multiple queries before using a loop, but for this time, the loop does not work? I think it is because I am opening another connection... yh that would make sense actually? Here is the code: $users = safe_query("SELECT * FROM ".PREFIX."user"); while($dp=mysql_fetch_array($users)) { $username = $dp['username']; $nickname = $dp['nickname']; $pwd1 = $dp['password']; $mail = $dp['email']; $ip_add = $dp['ip']; $wsID = $dp['userID']; $registerdate = $dp['registerdate']; $birthday = $dp['birthday']; $avatar = $dp['avatar']; $icq = $dp['icq']; $hp = $dp['homepage']; echo $username." = 1 username only? :("; // ----- Forum Bridge user insert ----- $result = safe_query("SELECT * FROM `".PREFIX."forum`"); $ds=mysql_fetch_array($result); $forum_prefix = $ds['prefix']; define(PREFIX_FORUM, $forum_prefix); define(FORUMREG_DEBUG, 0); $con = mysql_connect($ds['host'], $ds['user'], $ds['password']) or system_error('ERROR: Can not connect to MySQL-Server'); $condb = mysql_select_db($ds['db'], $con) or system_error('ERROR: Can not connect to database "'.$ds['db'].'"'); include('../_phpbb_func.php'); $phpbbpass = phpbb_hash($pwd1); $phpbbmailhash = phpbb_email_hash($mail); $phpbbsalt = unique_id(); safe_query("INSERT INTO `".PREFIX_FORUM."users` (`username`, `username_clean`, `user_password`, `user_pass_convert`, `user_email`, `user_email_hash`, `group_id`, `user_type`, `user_regdate`, `user_passchg`, `user_lastvisit`, `user_lastmark`, `user_new`, `user_options`, `user_form_salt`, `user_ip`, `wsID`, `user_birthday`, `user_avatar`, `user_icq`, `user_website`) VALUES ('$username', '$username', '$phpbbpass', '0', '$mail', '$phpbbmailhash', '2', '0', '$registerdate', '$registerdate', '$registerdate', '$registerdate', '1', '230271', '$phpbbsalt', '$ip_add', '$wsID', '$birthday', '$avatar', '$icq', '$hp')"); if (FORUMREG_DEBUG == '1') { echo "<p><b>-- DEBUG -- : User added: ".mysql_affected_rows($con)."<br />"; echo "<br />-- DEBUG -- : Query used: ".end($_mysql_querys)."</b></p><br />"; $result = safe_query("SELECT user_id from ".PREFIX_FORUM."users WHERE username = '$username'"); $phpbbid = mysql_fetch_row($result); safe_query("INSERT INTO `".PREFIX_FORUM."user_group` (`group_id`, `user_id`, `group_leader`, `user_pending`) VALUES ('2', '$phpbbid[0]', '0', '0')"); safe_query("INSERT INTO `".PREFIX_FORUM."user_group` (`group_id`, `user_id`, `group_leader`, `user_pending`) VALUES ('7', '$phpbbid[0]', '0', '0')"); mysql_close($con); } include('../_mysql.php'); mysql_connect($host, $user, $pwd) or system_error('ERROR: Can not connect to MySQL-Server'); mysql_select_db($db) or system_error('ERROR: Can not connect to database "'.$db.'"'); } So I need to be able to insert these rows using the while loop.. how can I do this? I really appreciate any help. |
|||||||