|
PHP - Incorrect Password?
The password ARE correct. My code keeps saying that the password is INCORRECT. The password is MD5'ed once a user registers, and when they type in a password at the login (as shown), the password is also MD5'ed.
Why is it that it's output is incorrect password? <?php session_start(); include("includes/mysql.php"); include("includes/config.php"); ?> <title><?php echo $title; ?></title> <?php if(!$_SESSION['user']) { $username = $_POST['username']; $password = $_POST['password']; $username = mysql_real_escape_string($username); $password = mysql_real_escape_string($password); if(!$password || !$username) { echo ' <h1>Login</h1> <center><p><form action="login.php" method="POST"> <table border="0"> <tr><th>Username:</th> <td><input type="text" name="username" maxlength="20"><br/></td></tr> <tr><th>Password:</th> <td><input type="password" name="password" maxlength="30"><br/></td></tr> <tr><th></th><td><input type="submit" value="Login"></td></tr> </table></form></p></center> </div> '; } else { $query = mysql_query("SELECT COUNT(username),password,username FROM users WHERE username='$username'"); $check = mysql_fetch_assoc($query); $db_username = $check['username']; $password = md5($password); if($check['COUNT(username)'] < 1) { echo ' <p>No account exists with this username. Please go back.</p> '; } elseif($check['password']==$password && $db_username==$username) { echo ' <h1>Login Successful</h1> <p>You have successfully logged in! Return home.</p> '; $_SESSION['user']=$username; } else { echo ' <p>The password you have enetered in is incorrect. Please go back.</p> '; } } } else { echo ' <p>Your already logged in!</p> '; } ?> Similar TutorialsSo I am trying to make an incorrect password message but the message never appears.
My code:
<?
require "./includes/config.php";
$LS->init();
if(isset($_POST['act_login'])){
$user=$_POST['login'];
$pass=$_POST['pass'];
if($user=="" || $pass==""){
$msg=array("Error", "Username / Password Wrong !");
}
else
{
if(!$LS->login($user, $pass)){
$msg=array("Error", "Username / Password Wrong !");
}
}
}
?>
I have a register page that MD5 Hash's the users password and a login which also does this. However, no matter what I try it always says incorrect password. Even when I remove the MD5. Register Code: Code: [Select] <?php error_reporting (E_ALL ^ E_NOTICE); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Member System - Register</title> </head> <body> <?php if ( $_POST['registerbtn'] ){ $getuser = $_POST['user']; $getemail = $_POST['email']; $getpass = $_POST['pass']; $getretypepass = $_POST['retypepass']; if ($getuser){ if ($getemail){ if ($getpass){ if ($getretypepass){ if ( $getpass === $getretypepass ){ if ( (strlen($getemail) >= 7) && (strstr($getemail, "@")) && (strstr($getemail, ".")) ){ require("./connect.php"); $query = mysql_query("SELECT * FROM users WHERE username='$getuser'"); $numrows = mysql_num_rows($query); if ($numrows == 0){ $query = mysql_query("SELECT * FROM users WHERE email='$getemail'"); $numrows = mysql_num_rows($query); if ($numrows == 0){ $password = md5(md5("kjfiufj".$password."Fj56fj")); $date = date("F d, Y"); $code = md5(rand()); mysql_query("INSERT INTO users VALUES ( '', '$getuser', '$password', '$getemail', '0', '$code', '$date' )"); $query = mysql_query("SELECT * FROM users WHERE username='$getuser'"); $numrows = mysql_num_rows($query); if ($numrows == 1){ $site = "http://c3221281.web44.net/"; $webmaster = "Simon <admin@simon.com>"; $headers = "From: $webmaster"; $subject = "Activate Your Account"; $message = "Thanks for registering. Click the link below to activate your account.\n"; $message .= "$site/activate.php?user=$getuser&code=$code\n"; $message .= "You must activate your account to login."; if ( mail($getemail, $subject, $message, $headers) ){ $errormsg = "You have been registered. You must activate your account from the activation link sent to <b>$getemail</b>."; $getuser = ""; $getemail = ""; } else $errormsg = "An error has occueed. Your activation email was not sent."; } else $errormsg = "An error has occured. Your account was not created."; } else $errormsg = "There is already a user with that email."; } else $errormsg = "There is already a user with that username."; mysql_close(); } else $errormsg = "You must enter a valid email address to register."; } else $errormsg = "Your passwords did not match."; } else $errormsg = "You must retype your password to register."; } else $errormsg = "You must enter your password to register."; } else $errrosmg = "You must enter your email to register."; } else $errormsg = "You must enter your username to register."; } $form = "<form action='./register.php' method='post'> <table> <tr> <td></td> <td><font color='red'>$errormsg</font></td> </tr> <tr> <td>Username:</td> <td><input type='text' name='user' value='$getuser' /></td> </tr> <tr> <td>Email:</td> <td><input type='text' name='email' value='$getemail' /></td> </tr> <tr> <td>Password:</td> <td><input type='password' name='pass' value='' /></td> </tr> <tr> <td>Retype:</td> <td><input type='password' name='retypepass' value='' /></td> </tr> <tr> <td></td> <td><input type='submit' name='registerbtn' value='Register' /></td> </tr> </table> </form>"; echo $form; ?> </body> </html> Login Code: Code: [Select] <?php error_reporting (E_ALL ^ E_NOTICE); session_start(); $userid = $_SESSION['userid']; $username = $_SESSION['username']; ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Member System - Login</title> </head> <body> <?php if ($username && $userid){ echo "You are already logged in as <b>$username</b>. <a href='./member.php'>Click here</a> to go to the member page."; } else{ $form = "<form action='./login.php' method='post'> <table> <tr> <td>Username:</td> <td><input type='text' name='user' /></td> </tr> <tr> <td>Password:</td> <td><input type='password' name='password' /></td> </tr> <tr> <td></td> <td><input type='submit' name='loginbtn' value='Login' /></td> </tr> <tr> <td><a href='./register.php'>Register</a></td> <td><a href='./forgotpass.php'>Forgot your password?</a></td> </tr> </table> </form>"; if ($_POST['loginbtn']){ $user = $_POST['user']; $password = $_POST['password']; if ($user){ if ($password){ require("connect.php"); $password = md5(md5("kjfiufj".$password."Fj56fj")); // make sure login info correct $query = mysql_query("SELECT * FROM users WHERE username='$user'"); $numrows = mysql_num_rows($query); if ($numrows == 1){ $row = mysql_fetch_assoc($query); $dbid = $row['id']; $dbuser = $row['username']; $dbpass = $row['password']; $dbactive = $row['active']; if ($password == $dbpass){ if ($dbactive == 1){ // set session info $_SESSION['userid'] = $dbid; $_SESSION['username'] = $dbuser; echo "You have been logged in as <b>$dbuser</b>. <a href='./member.php'>Click here</a> to go to the member page."; } else echo "You must activate your account to login. $form"; } else echo "You did not enter the correct password. $form"; } else echo "The username you entered was not found. $form"; mysql_close(); } else echo "You must enter your password. $form"; } else echo "You must enter your username. $form"; } else echo $form; } ?> </body> </html> Many thanks for your time and help, Hello PhP Freaks forum In the past weeks ive been trying to make a website, where you can register. Everything seems to work except my cherished Change password feature. Everytime you try to change the password, it just resets it to nothing. Here is the code below. <?php if(isset($_SESSION['username'])) { $username = $_SESSION['username']; $lastname = $_SESSION['lastname']; $firstname = $_SESSION['firstname']; $email = $_SESSION['email']; echo " <h4>Options for:</h4> $username <br /> <br /> First name: $firstname <br />Last name: $lastname <br /><br /><h3>Want to change your password:</h3><br /> <form action='?do=option' method='post'> Old password <input type='password' placeholder='Has to be between 5-15 digits' name='password' size='30' value='' /><br /> <br /> New Password<input type='password' placeholder='Has to be between 5-15 digits' name='newpass' size='30' value='' /><br /> <br /> Confirm new password <input type='password' placeholder='Has to be between 5-15 digits' name='passconf' size='30' value='' /><br /> <center></div><input type='submit' value='Submit'/></center></form>"; }else{ echo 'Please login to view your options!'; } $password = $_REQUEST['password']; $pass_conf = $_REQUEST['newpass']; $email = $_REQUEST['passconf']; $connect = mysql_connect("Host", "User", "Password"); if(!$connect){ die(mysql_error()); } //Selecting database $select_db = mysql_select_db("My Database", $connect); if(!$select_db){ die(mysql_error()); } //Find if entered data is correct $result = mysql_query("SELECT * FROM users WHERE username='$username' AND password='$password'"); $row = mysql_fetch_array($result); $id = $row['id']; mysql_query("UPDATE users SET password='$newpass' WHERE username='$user'") ?> And i do know that i dont have a if(Empty($newpass)){ Die(Please fill out the new password) } Or any security on the others, but the problem just seems that it resets the password into nothing Hope i can get this fixed Best Regards William Pfaffe <?php
require_once('upper.php'); require_once('database.php'); echo $error_msg=''; if(isset($_POST['submit'])) { $LoginId=mysqli_real_escape_string($dbc,trim($_POST['LoginId'])); $Password1=mysqli_real_escape_string($dbc,trim($_POST['Password1'])); $Password2=mysqli_real_escape_string($dbc,trim($_POST['Password2'])); $Name=mysqli_real_escape_string($dbc,trim($_POST['Name'])); $Age=mysqli_real_escape_string($dbc,trim($_POST['Age'])); $BloodGroup=mysqli_real_escape_string($dbc,trim($_POST['BloodGroup'])); if(!isset($_POST['Sex'])) { echo 'Please enter Sex<br>'; } else{ $Sex= mysqli_real_escape_string($dbc,trim($_POST['Sex'])); } $Qualification=mysqli_real_escape_string($dbc,trim($_POST['Qualification'])); $ContactNumber=mysqli_real_escape_string($dbc,trim($_POST['ContactNumber'])); $Email=mysqli_real_escape_string($dbc,trim($_POST['Email'])); $Address=mysqli_real_escape_string($dbc,trim($_POST['Address'])); $AboutYourself=mysqli_real_escape_string($dbc,trim($_POST['AboutYourself'])); //$countCheck=count($_POST['checkbox']); //echo $countCheck; //$checkbox=$_POST['checkbox']; //$countCheck=count($checkbox); if(empty($LoginId)){echo 'Please enter Login Id';} elseif(empty($Password1)){echo 'Please enter Password';} elseif(empty($Password2)){echo 'Please confirm Password';} elseif($Password1!==$Password2){echo 'Password didn\'t match';} elseif(empty($Name)){echo 'Please enter Name';} elseif(empty($Age)){echo 'Please enter Age';} elseif(!isset($_POST['Sex'])){} elseif(empty($Qualification)){echo 'Please enter Qualification';} elseif(empty($ContactNumber)){echo 'Please enter Contact Number';} elseif(empty($Email)){echo 'Please enter Email';} elseif(empty($Address)){echo 'Please enter Address';} elseif(empty($AboutYourself)){echo 'Please enter About Yourself';} elseif(!isset($_POST['checkbox'])){ echo 'You have to register at least one activity.';} elseif(!isset($_POST['TermsAndConditions'])){ echo 'You have to agree all Terms and Conditions of Elite Brigade.';} else { require_once('database.php'); $query="select * from registration where LoginId='$LoginId'"; $result=mysqli_query($dbc,$query); if(mysqli_num_rows($result)==0) { $checkbox=$_POST['checkbox']; $countCheck=count($_POST['checkbox']); $reg_id=' '; for($i=0;$i<$countCheck;$i++) { $reg_id=$reg_id.$checkbox[$i].','; $query="insert into activity_participation (LoginId,Title,Date) values ('$LoginId','$checkbox[$i]',CURDATE())"; $result=mysqli_query($dbc,$query) or die("Not Connected"); } $query="insert into registration (LoginId,Password,Name,Age,BloodGroup,Sex,Qualification,ContactNumber,Email,Address,AboutYourself,Activity)values ('$LoginId'[B],SHA('$Password1'),[/B]'$Name','$Age','$BloodGroup','$Sex','$Qualification','$ContactNumber','$Email','$Address','$AboutYourself',',$reg_id')"; $result=mysqli_query($dbc,$query) or die("Not Connect"); echo ' Dear '.$Name.'.<br>Your request has been mailed to admin.<br>Your account is waiting for approval<br>'; $from= 'Elite Brigade'; $to='ankitp@rsquareonline.com'; $subject='New User Registration'; $message="Dear admin,\n\nA new user request for registration. Please check it out.\n\nRegards\nMicro"; mail($to,$subject,$message,'From:'.$from); //header('Location: index.php'); // header('Location: Registration.php'); } else { echo 'Dear '.$Name. ', <br> An account already exist with login-id<b> '.$LoginId.'</b> <br>Please try another login-id'; }} } ?> <html> <head> <script src="jquery-latest.js"></script> <script type="text/javascript" src="jquery-validate.js"></script> <style type="text/css"> * { font-family: Verdana; } label.error { color: white; padding-left: .5em; } p { clear: both; } .submit { margin-left: 12em; } em { font-weight: bold; padding-right: 1em; vertical-align: top; } </style> <script> $(document).ready(function(){ $("#commentForm").validate(); }); </script> </head> <body> <?php echo $error_msg; ?> <form action='<?php echo $_SERVER['PHP_SELF'];?>' id="commentForm" method='post'> <div class="registration_and_activity"> <table border="0" width="380"> <tr><td colspan="2"> <h3>New User?</h3></td></tr> <tr><td width="120"> <em>*</em>Enter Login id</td><td width="150"><input type='text' name='LoginId' minlength="4" value='<?php if(!empty($LoginId))echo $LoginId;?>' /></td></tr> <tr><td> <em>*</em>Enter Password</td> <td><head> <div id="divMayus" style="visibility:hidden">Caps Lock is on.</div> <SCRIPT language=Javascript> function capLock(e){ kc = e.keyCode?e.keyCode:e.which; sk = e.shiftKey?e.shiftKey:((kc == 16)?true:false); if(((kc >= 65 && kc <= 90) && !sk)||((kc >= 97 && kc <= 122) && sk)) document.getElementById('divMayus').style.visibility = 'visible'; else document.getElementById('divMayus').style.visibility = 'hidden'; } </SCRIPT> </HEAD> <input onkeypress='return capLock(event)' type='password' name='Password1' value='<?php if(!empty($Password1))echo $Password1;?>' /></td></tr> <tr><td> <em>*</em>Confirm Password</td><td><input type='password' name='Password2' value='<?php if(!empty($Password2))echo $Password2;?>' /></td></tr> <tr><td width="120"> <em>*</em>Enter Name</td> <td><input type='text' name='Name' value='<?php if(!empty($Name))echo $Name;?>' /></td></tr> <tr><td> <em>*</em>Enter Age</td><HEAD> <SCRIPT language=Javascript> function isNumberKey(evt) { var charCode = (evt.which) ? evt.which : event.keyCode if (charCode > 31 && (charCode < 48 || charCode > 57)) return false; return true; } </SCRIPT> </HEAD> <td><INPUT onkeypress='return isNumberKey(event)' type='text' name='Age' value='<?php if(!empty($Age))echo $Age;?>'/></td></tr> <tr><td> <em>*</em>Enter Blood</td><td><input type='text' name='BloodGroup' value='<?php if(!empty($BloodGroup))echo $BloodGroup;?>' /></td></tr> <tr><td> <em>*</em>Enter Sex</td><td><input type='radio' name='Sex' style='width:16px; border:0;' 'value='Male' />Male <input type='radio' name='Sex' style='width:16px; border:0;' 'value='Female' />Female</td></tr> <tr><td> <em>*</em>Enter Qualification</td><td><input type='text' name='Qualification' value='<?php if(!empty($Qualification))echo $Qualification;?>' /></td></tr> <tr><td> <em>*</em>Contact Number </td><td><input onkeypress='return isNumberKey(event)'type='text' name='ContactNumber' value='<?php if(!empty($ContactNumber))echo $ContactNumber;?>' /></td></tr> <tr><td> <em>*</em>Enter Email</td><td><input type='text' name='Email'class="email" value='<?php if(!empty($Email))echo $Email;?>' /></td></tr> <tr><td> <em>*</em>Enter Address</td><td><input type='text' name='Address' value='<?php if(!empty($Address))echo $Address;?>' /></td></tr> <tr ><td > <em>*</em>About Yourself </td></tr> <tr><td colspan="2"><textarea rows='10' cols='40' name='AboutYourself' /><?php if(!empty($Address))echo $Address;?></textarea></td></tr> <tr><td> <?php echo" <tr><td colspan='2'><em>*</em><b>Select fields for which you want to register</b></td></tr>"; require_once('database.php'); $query="select * from activity"; $result=mysqli_query($dbc,$query); while($row=mysqli_fetch_array($result)){ $Title=$row['Title']; $ActivityId=$row['ActivityId']; echo "<tr><td>$Title</td>"; echo "<td><input type='checkbox' name='checkbox[]' value='$Title' style='width:14px; text-align:right;'/></td></tr>";//value=$ActivityId tells ActivityId variable extracts with name="checkbox" echo "<br/>"; } echo "<td><em>*</em><input type='checkbox' name='TermsAndConditions' style='width:14px; text-align:right;'/></td><td> I agree all <a href='TermsAndConditions.php'>Terms and conditions </a>of Elite Brigade</td></tr>"; echo "<tr><td colspan='2' align='center'><input type='submit' value='Register' name='submit' style='background:url(./images/button_img2.png) no-repeat 10px 0px; width:100px; padding:3px 0 10px 0; color:#FEFBC4; border:0;'/></td></tr><br>"; echo " </td></tr></table> </div> </form> </body> </html>"; require_once('lower.php'); ?> Hi Friends .... I encrypt user password by SHA('$Password') method but now i want to add "Forget Password Module" for which I need to decrypt it first before tell my user but I don't Know how to decrypt it. Please help me........ This topic has been moved to Application Design. http://www.phpfreaks.com/forums/index.php?topic=353345.0 Ever since I switched over to pagination, the ranks for the sites have been off. I use to have an $i++ increment that kept the ranks, but now with pagination, it just ranks those on the current page. Is there a way to bypass this? public function grabSites() { //amount of sites $amount = mysql_num_rows(mysql_query("SELECT * FROM sites")); if($amount > 0) { //amount per page $p_page = 13; //track page $start = $_GET['page']; //max_pages $max_pages = $amount / $p_page; //set default if(!$start) $start = 0; //new query $query = mysql_query("SELECT id,title,description,votes,date,outl,site_url FROM sites ORDER BY votes DESC LIMIT $start, $p_page"); while($fetch = mysql_fetch_assoc($query)) { ++$i; $i = $i + $p_page; echo " <div id='post-1' class='post'> <h2 class='title'><font color='white'>#". $i." ".$fetch['title'] ."</font></h2> <div class='entry'> <b>". $fetch['title'] ." currently has ". $fetch['votes'] ." votes. <a href='vote.php?id=". $fetch['id'] ."'>Vote now</a>.</b> <br/><br/> <p>". nl2br(stripslashes($fetch['description'])) ."</p> </div> <p class='meta'><a href='". $fetch['site_url'] ."'>Visit</a></p> </div> "; } //set back and forth variables $previous = $start - $p_page; $next = $start + $p_page; ?> <hr> <center> <?php if(!($start<=0)) echo "<a href='index.php?page=". $previous ."'><<</a>"; $i = 1; for($x = 0; $x < $amount; $x = $x + $p_page) { echo "<a href='index.php?page=". $x ."'> ". $i ." </a>"; $i++; } if(!($start>=$amount-$p_page)) echo "<a href='index.php?page=". $next ."'>>></a></center>"; ?> </center> <?php } else { echo " <div id='post-1' class='post'> <h2 class='title'><a href='#'>Oh NOEZ!</a></h2> <h3 class='date'>". date("M-d-Y") ."</h3> <div class='entry'> <p>There are currently no sites to display!</p> </div> <p class='meta'>View</p> </div> "; } } Hi all My site is build using php includes. the index.php file contains code like <?php if(@$_GET['page'] == "web-design"){ include("includes/web-design.php"); } else if(@$_GET['page'] == "hosting"){ include("includes/hosting.php"); } else { include("includes/home.php"); } ?> I have created a sub domain blog.maplewebdesign.co.uk and a sub dircetory named blog. The link to this part of my site doesn't use includes, I want it to link directly to that sub directories index.php page. This works fine, but then when I click on a different link anywhere on the site my url is as follows www.maplewebdesign.co.uk/blog/index.php?page=home For some reason it is keeping the blog/ in the URL If you want to see go to http://www.maplewebdesign.co.uk/blog/ then click on a differnt link and check out the URL What am I doing wrong? Thanks Adi It's been a while since I've used my queries, can anyone tell me what's wrong with this mysql query? Code: [Select] $query = mysql_query("SELECT * FROM `chicken_names` WHERE `gender` = 'Hen' AND `name` LIKE '%$s_terms%' ORDER BY `likes` DESC") or die(mysql_error()); I have a small bit of jquery code that is not working:
$(function() {
$(‘’[name=\'pet_type\']”).change(function() {
$(‘’[name=\'breed\']”).removeAttr(‘disabled’);
$(‘’[name=\'breed\']”).children(‘data-pet-type[name!=\'’ + $(this).val() + ‘\']’).hide();
$(‘’[name=\'breed\']”).children(‘data-pet-type[name=\'’ + $(this).val() + ‘\']’).show();
});
});
My javascript is not good at all, so cannot spot errors?
Any help would be much appreciated!
Thanks
hello in the attached code, how do i add another field to the query? ie, i have all the code to create the result and would like to add further values such as $dept? what is the correct way to code query? i must stress that i am using php 4.4.7 so json_encode is out. the code is working but just need to find a way to add the $dept to the qeury? many thanks $dept = array(); $box = array(); while ($row = mysql_fetch_array($result)) { $dept[] = $row['department']; $box[] = $row['custref']; } /*$items = rtrim($_POST['items'],","); $sql = "UPDATE `boxes` SET status = 'Out' WHERE Id IN ($items)"; $result = runSQL($sql);*/ $total = count(explode(",",$items)); $result = runSQL($sql); $total = mysql_affected_rows(); /// Line 18/19 commented for demo purposes. The MySQL query is not executed in this case. When line 18 and 19 are uncommented, the MySQL query will be executed. header("Expires: Mon, 26 Jul 1997 05:00:00 GMT" ); header("Last-Modified: " . gmdate( "D, d M Y H:i:s" ) . "GMT" ); header("Cache-Control: no-cache, must-revalidate" ); header("Pragma: no-cache" ); header("Content-type: text/x-json"); $json = ""; $json .= "{\n"; $json .= "box: [\"". implode('","', $box) ."\"]\n"; $json .= "}\n"; echo $json; $sql = "INSERT INTO `act` (`item`) VALUES ('". implode("'),('", $box) . "')"; $result = runSQL($sql); Currently I have 5 entries in my table. Entring this query displays all five in the correct order. Code: [Select] SELECT * FROM products ORDER BY count DESC LIMIT 16 However, using this code, the first result is omitted and the last four are displayed. $query="SELECT * FROM products ORDER BY count DESC LIMIT 16"; $result = mysql_query($query); $row = mysql_fetch_array($result); echo '<div>'; while ($row = mysql_fetch_array($result)) { echo '<div>'.$row[product].'</div> <div>'.$row[count].'</div>'; } echo '</div>'; Can someone help me find my error? Thanks i am writing this script for use as an include in joomla and the directphp plugin so in my joomla article i have: Code: [Select] <?php include 'test/conducttest.php'; conducttest(); ?> Ok now my issue! the form in this function is passing only the values for the last item in the loop rather than for the selected radio item when submitted. so when say for example the radio selected is: ID TEST TYPE UNIQUE TEST ID AVAILABLE 5 Adolescent Clinical 50021629 1 and the last item in the list is: ID TEST TYPE UNIQUE TEST ID AVAILABLE 4 Adult Clinical 12341629 1 When the form is submitted even if the 1st item is selected, it returns the value for the second one. I am sorta new to php so any suggestions will be appreciated. Here is my full code: Code: [Select] <?php function conducttest() { //GET JOOMLA USER ID & USERNAME FOR LOGGED USER $user =& JFactory::getUser(); $userID = $user->id; //GET JOOMLA DATABASE OBJECTS $db =& JFactory::getDBO(); //NEW TESTS QUERY (what purchased test are available for use with 'item_available' == '1' {unused test} and matching current 'user_id') $new_query = " SELECT * FROM crt_transactionHistory WHERE user_id = ".$userID." AND item_available = '1' ORDER BY item_name, id "; $db->setQuery($new_query); $new = $db->loadAssocList(); //OPEN TESTS QUERY (what purchased test are available for use with 'item_available' == '2' {resume test} and matching current 'user_id') $resume_query = " SELECT * FROM crt_transactionHistory WHERE user_id = ".$userID." AND item_available = '2' ORDER BY item_name, id "; $db->setQuery($resume_query); $resume = $db->loadAssocList(); //DISPLAY use_test FORM if(!isset($_POST['test'])) { //SELECT FORM: WHICH TEST WOULD YOU LIKE TO USE? echo ' <fieldset> <table> <form method="post" action="'.$PHP_SELF.'">'; if (empty($new)) { echo ' <th colspan="3"align="left">NO NEW TESTS AVAILABLE</th>'; } else { echo ' <th colspan="3"align="left">NEW TESTS AVAILABLE</th> <tr> <td width="75px">SELECT</td> <td width="50px">ID</td> <td width="150px">TEST TYPE</td> <td width="150px">UNIQUE TEST ID</td> <tr>'; foreach ($new as $result1) { echo ' <tr> <td><input type="radio" value="' .$result1['id']. '" name="test_id"></td> <td>'.$result1['id'].'</td> <td><input type="hidden" value="'.$result1['item_name'].'" name="item_name">'.$result1['item_name'].'</td> <td><input type="hidden" value="'.$result1['item_number'].'" name="item_number">'.$result1['item_number'].'</td> <input type="hidden" value="'.$result1['item_available'].'" name="item_available"> <input type="hidden" value="'.$userID.'" name="userID"> <tr>'; } } echo ' </table> <hr /> <table>'; if (empty($resume)) { echo ' <th colspan="3"align="left">NO TESTS TO RESUME</th>'; } else { echo ' <th colspan="3"align="left">RESUME TEST</th> <tr> <td width="75px">SELECT</td> <td width="50px">ID</td> <td width="150px">TEST TYPE</td> <td width="150px">UNIQUE TEST ID</td> <tr>'; foreach ($resume as $result2) { echo ' <tr> <td><input type="radio" value="' .$result2['id']. '" name="test_id"></td> <td>'.$result2['id'].'</td> <td><input type="hidden" value="'.$result2['item_name'].'" name="item_name">'.$result2['item_name'].'</td> <td><input type="hidden" value="'.$result2['item_number'].'" name="item_number">'.$result2['item_number'].'</td> <input type="hidden" value="'.$result2['item_available'].'" name="item_available"> <input type="hidden" value="'.$userID.'" name="userID"> <tr>'; } } echo ' </table> </fieldset> <input type="submit" name="test" value="Conduct Test" /> </form> '; } //NOW A TEST HAS BEEN SELECTED FOR USE if(isset($_POST['test'])) { $test_id = $_POST['test_id']; $item_name = $_POST['item_name']; $item_number = $_POST['item_number']; $item_available = $_POST['item_available']; $userID = $_POST['userID']; echo $test_id.'<br />'; echo $item_name.'<br />'; echo $item_number.'<br />'; echo $item_available.'<br />'; echo $userID.'<br />'; //IF THIS IS A NEW TEST... if ($item_available == "1") { echo 'new test'; } //IF WE ARE RESUMING A TEST... elseif ($item_available == "2") { echo 'resume test'; } } } ?> I have the following query: $getVideos = mysql_query("SELECT catergory, COUNT(catergory) as 'catCount' FROM videos GROUP BY catergory"); Using this in PHPMyAdmin returns the correct results of: catergory | catCount 0 | 7 1 | 1 10 | 2 How would get those results into a PHP array or what not...I have done this before but along time ago and cannot for the life of me remember how to do it. Hopefully someone can point me in the right direction? Regards, PaulRyan. Incorrect login attempt 1 \/ Incorrect login attempt 2 \/ Incorrect login attempt 3 -->> ?forgot your login details? What's the most effecient way of achieving this? Is it to: 1. create a session for the user who hasn't logged in 2. the user login fails once, session['fail']=1 3. the user login fails twice, session['fail']=2 4. the user login fails for a third time pushing the session['fail'] count to three: this triggers an 'if' on the index.php prompting the user to retrieve their details through the "forgot login details system" However if the session['fail'] count never reaches 3 then this temp session is destroyed and the proper one created allowing the user into the site?? As usual any pointers into the correct direction here would be very much appreciated (and i try to repay by answering other peoples questions [where i can ]) this is the query: $query = "INSERT INTO kamerleden VALUES ('', '$twitter_id', '$name', '$nickname', '$fraction', '$residence', '$age', '$gender', '', '', '', '')"; it used to work but i switched to a different hosting. The first '' is the id which gives this error: query failed: Incorrect integer value: '' for column 'id' at row 1 in the database id is a int, with a length of 2 and with auto increment. How can i fix it? As expected when a die statement is triggered, my script is exited and ALL of the fields that have been filled in on my form are wiped clean. This however is proving to be annoying for users making mistakes. Is there a way to keep the data in the correctly filled in fields, and to just wipe or highlight the incorrectly filled in fields? Code: [Select] <?php function checkPostcode (&$toCheck) { $alpha1 = "[abcdefghijklmnoprstuwyz]"; $alpha2 = "[abcdefghklmnopqrstuvwxy]"; $alpha3 = "[abcdefghjkstuw]"; $alpha4 = "[abehmnprvwxy]"; $alpha5 = "[abdefghjlnpqrstuwxyz]"; $pcexp[0] = '^('.$alpha1.'{1}'.$alpha2.'{0,1}[0-9]{1,2})([0-9]{1}'.$alpha5.'{2})$'; $pcexp[1] = '^('.$alpha1.'{1}[0-9]{1}'.$alpha3.'{1})([0-9]{1}'.$alpha5.'{2})$'; $pcexp[2] = '^('.$alpha1.'{1}'.$alpha2.'[0-9]{1}'.$alpha4.')([0-9]{1}'.$alpha5.'{2})$'; $pcexp[3] = '^(gir)(0aa)$'; $pcexp[4] = '^(bfpo)([0-9]{1,4})$'; $pcexp[5] = '^(bfpo)(c\/o[0-9]{1,3})$'; $Postcode = strtolower($toCheck); $Postcode = str_replace (' ', '', $Postcode); $valid = false; foreach ($pcexp as $regexp) { if (ereg($regexp,$Postcode, $matches)) { $toCheck = strtoupper ($matches[1] . ' ' . $matches [2]); $toCheck = ereg_replace ('C\/O', 'c/o ', $toCheck); $valid = true; break; } } if ($valid){return true;} else {return false;}; } if(isset($_POST['submit'])) { $drop = mysql_real_escape_string($_POST['drop_1']); $tier_two = mysql_real_escape_string($_POST['Subtype']); $Name = mysql_real_escape_string($_POST["Name"]); $Phone = mysql_real_escape_string($_POST["Phone"]); $Email = mysql_real_escape_string($_POST["Email"]); $Postcode = mysql_real_escape_string($_POST["Postcode"]); $Website = mysql_real_escape_string($_POST["Website"]); if($Name == '') { die ("<div class=\"form\">You did not complete the name field, please try again</div>"); } elseif ($Phone == '' or (preg_match("/^([1]-)?[0-9]{3}-[0-9]{3}-[0-9]{4}$/i", $Phone))) { die("<div class=\"form\"> You completed the telephone field incorrectly, please try again</div>"); } elseif ($Email == '' or (!filter_var($Email, FILTER_VALIDATE_EMAIL))) { die("<div class=\"form\"> You completed the Email field incorrectly, please try again</div>"); } elseif ($Postcode == '' or (!checkPostcode($Postcode))) { die("<div class=\"form\"> You did not complete the Postcode field correctly, please try again</div>"); } elseif ($Website == '' or (!preg_match("~^[a-z0-9.-]+\.(com|org|net|edu|co.uk)~i", $Website))) { die("<div class=\"form\">You completed the website field incorrectly, please try again</div>"); } else { echo("<div id=\"formtwo\">Thankyou for submiting your details, you will be added to our directory shortly</div>"); } $query = ("INSERT INTO business (`id`, `Name`, `Type`, `Subtype`, `Phone`, `Email`, `Postcode`, `WebAddress`, `Confirmed`) VALUES ('NULL', '$Name', '$drop', '$tier_two' , '$Phone', '$Email', '$Postcode', '$Website', 'Yes')"); mysql_query($query) or die ( "<br>Query: $query<br>Error: " .mysql_error()); } ?> Hello folks, I've got a problem with a search script. It's searching a db containing various properties (as in buildings) and it's not quite returning the correct results. The search form asks that you select a house type (4 options, all of which are tick boxes) and then the last part of the form is select how many bedrooms you'd like (which is a drop-down list featuring numbers 2-5) What should happen is someone selects one or more of the tick boxes and then the number of bedrooms and it returns all the house types that were ticked but only those with the number of bedrooms that were specified in the original search. Currently the results are correct in that they're showing the correct house types, but the number of bedrooms isn't right. e.g. if you chose 2 bedrooms in the search it shows those, as well as 3, 4 and 5 bedrooms in the results. Can't figure it out but it will be something to do with && and OR in my search script. Can anyone suggest a tweak to this that might work? (I'm using the $_GET function because the search form is in a Flash movie) $Result = mysql_query("select * from property_names where TownHouse = '$_GET[TownHouse]' OR Apartment = '$_GET[Apartment]' OR Detached = '$_GET[Detached]' OR SemiDetached = '$_GET[SemiDetached]' && visible= 'Yes' && bedrooms = '$_GET[Bedrooms]' && bedrooms = '$_GET[Bedrooms]'") I am having some trouble getting this to pull the password correctly from the database. I believe the problem is from the password being in md5 format. I am not sure how to fix the issue. Much thanks Code: [Select] <?php //signin.php include 'connect.php'; include 'header.php'; echo '<h3>Sign in</h3><br />'; //first, check if the user is already signed in. If that is the case, there is no need to display this page if(isset($_SESSION['signed_in']) && $_SESSION['signed_in'] == true) { echo 'You are already signed in, you can <a href="signout.php">sign out</a> if you want.'; } else { if($_SERVER['REQUEST_METHOD'] != 'POST') { /*the form hasn't been posted yet, display it note that the action="" will cause the form to post to the same page it is on */ echo '<form method="post" action=""> Username: <input type="text" name="username" /><br /> Password: <input type="password" name="password"><br /> <input type="submit" value="Sign in" /> </form>'; } else { /* so, the form has been posted, we'll process the data in three steps: 1. Check the data 2. Let the user refill the wrong fields (if necessary) 3. Varify if the data is correct and return the correct response */ $errors = array(); /* declare the array for later use */ if(!isset($_POST['username'])) { $errors[] = 'The username field must not be empty.'; } if(!isset($_POST['password'])) { $errors[] = 'The password field must not be empty.'; } if(!empty($errors)) /*check for an empty array, if there are errors, they're in this array (note the ! operator)*/ { echo 'Uh-oh.. a couple of fields are not filled in correctly..<br /><br />'; echo '<ul>'; foreach($errors as $key => $value) /* walk through the array so all the errors get displayed */ { echo '<li>' . $value . '</li>'; /* this generates a nice error list */ } echo '</ul>'; } else { //the form has been posted without errors, so save it //notice the use of mysql_real_escape_string, keep everything safe! //also notice the sha1 function which hashes the password $sql = "SELECT userid, username, userlevel FROM users WHERE username = '" . mysql_real_escape_string($_POST['username']) . "' AND password = '" . sha1($_POST['password']) . "'"; $result = mysql_query($sql); if(!$result) { //something went wrong, display the error echo 'Something went wrong while signing in. Please try again later.'; //echo mysql_error(); //debugging purposes, uncomment when needed } else { //the query was successfully executed, there are 2 possibilities //1. the query returned data, the user can be signed in //2. the query returned an empty result set, the credentials were wrong if(mysql_num_rows($result) == 0) { echo 'You have supplied a wrong user/password combination. Please try again.'; } else { //set the $_SESSION['signed_in'] variable to TRUE $_SESSION['signed_in'] = true; //we also put the user_id and user_name values in the $_SESSION, so we can use it at various pages while($row = mysql_fetch_assoc($result)) { $_SESSION['userid'] = $row['userid']; $_SESSION['username'] = $row['username']; $_SESSION['userlevel'] = $row['userlevel']; } echo 'Welcome, ' . $_SESSION['username'] . '. <br /><a href="index.php">Proceed to the forum overview</a>.'; } } } } } include 'footer.php'; ?> Hi all, I am trying to make a 'forgot password' script. The passwords in the database are md5 encrypted. Is there a way to reverse this md5 password and send the forgotten password in its orginal for to the user through email? Thanks. <?PHP include("cxn.php"); $sql = "SELECT password FROM Members WHERE email='$_POST[email]'"; $result = mysqli_query($cxn,$sql) or die ("Couldn't execute query"); $num = mysqli_num_rows($result); if ($num >0) // Email Address Found { $password = md5($_POST['password']); // Trying to take the md5 off the password here. $to = "$_POST[email]"; $subj = "Password for website.co.uk"; $mess = "Your password for www.website.co.uk is: \n $_POST['password'] \n Please login with your email address and this password. Thank you."; $mailsend = mail($to,$subj,$mess,$headers); $update= "An email containing your password has been sent to". $_POST['email']."."; include("signin-redirect.php"); } else // Email Address Not Found { $registrationerror = "The email address '$_POST[email]' is already registered!"; include("signin-redirect.php"); } ?> Having a little problem with passwords, they are stored clear text and not encrypted because its for an assignment and I need to prove in the write up that users can change their passwords. Anyway when I register a user with a username and a password of say Password1, I can still login with PASSword1 or any other variation of upper and lower case characters! This is my select statement: Code: [Select] $qry = "SELECT * FROM users WHERE username='$username' AND password='$password'"; Just wondering if there is anything that can be done to this, I read somewhere about using === but that doesn't seem to be fixing the problem, it just causes the query to fail! Using MySQL if thats any help. Thanks |
|||||||