|
PHP - Username Check Not Working For Me
I had this working at some point, but must have changed the code or messed up the login. Anyway the check no longer works to see if a username exist in the database and if it does, display an error. Right now I am just getting the generic error . "Duplicate entry 'SamJ' for key 'usr'".
<? // session_start(); //Print_r ($_SESSION); include('config.php'); // Passkey t from link $passkey=$_GET['passkey']; $tbl_name1="Profile_temp"; // Retrieve data from table where row matches passkey $sql1="SELECT * FROM $tbl_name1 WHERE confirm_code ='$passkey'"; $result1=mysql_query($sql1); // If successfully queried if($result1){ // Count how many row has this passkey $count=mysql_num_rows($result1); // if passkey is found retrieve info from temporary DB if($count==1){ $rows=mysql_fetch_array($result1); $FirstName=$rows['FirstName']; $LastName=$rows['LastName']; $UserName=$rows['UserName']; $Password= md5($rows['Password']); $Password2=md5($rows['Password2']); $email=$rows['email']; $Zip=$rows['Zip']; $Birthday=$rows['Birthday']; $Security=$rows['Security']; $Security2=$rows['Security2']; $tbl_name2="Profile"; // Insert data that retrieves from "temp_members_db" into table "registered_members" $sql2="INSERT INTO $tbl_name2(`FirstName`,`LastName`,`Username`,`Password`,`Password2`,`email`,`Zip`,`Birthday`,`Security`,`Security2`) VALUES ('$FirstName','$LastName','$UserName','$Password','$Password2','$email','$Zip','$Birthday','$Security','$Security2')"; //echo $sql2; $result2=mysql_query($sql2) or die(mysql_error()); } // if passkey is not found, display message "Wrong Confirmation code" else { echo "<h2>Sorry, Your passkey was not found.</h2>"; } $sql3="select * from $tbl_name2 where username = '$UserName'"; $result3=mysql_query($sql3) or die(mysql_error()); if ($_REQUEST['error'] == 1){ echo "Sorry, that user name already exist!"; } } else { } while ($row = mysql_fetch_assoc($result3)) { $_SESSION['id'] = $row['id']; $_SESSION['FirstName']=$row['FirstName']; } // if successfully moved data from table"temp_members_db" to table "registered_members" displays message "Your account has been activated" and don't forget to delete confirmation code from table "temp_members_db" if($result2){ echo "<h3>Welcome {$_SESSION['FirstName']} </h3>"; echo "<h2>Your account has been activated</h2>"; echo"<p>You may now upload a profile picture</p>"; //file upload echo " <form enctype='multipart/form-data' action='Profile.php' method='POST'> <fieldset> <legend>Upload your profile picture</legend> <ol> <li id='example3'> <label for='FileUpload'>Choose a file to upload:</label> <input name='myfile' id='FileUpload' type='file' /> <input type='submit' name='submit' value='Upload File' /> </li> </ol> </fieldset> </form> "; } } if($result3){ // Delete information of this user from table "temp_members_db" that has this passkey $sql4="DELETE FROM $tbl_name1 WHERE confirm_code = '$passkey'"; $result4=mysql_query($sql4) or die(mysql_error()); ?> can anyone see what is wrong? Similar Tutorials
Using Inline Php; <h1><font Color="000088">the Username <?php '.$username.' ?> Already Exists";</h1>
I'm working with a registration/login system from a tutorial. It's got email validation to make sure it does not exist but I'm struggling to add the same to the username field: Working code: Code: [Select] <?php include ('database_connection.php'); if (isset($_POST['formsubmitted'])) { $error = array();//Declare An Array to store any error message if (empty($_POST['name'])) {//if no name has been supplied $error[] = 'Please Enter a name ';//add to array "error" } else { $name = $_POST['name'];//else assign it a variable } if (empty($_POST['e-mail'])) { $error[] = 'Please Enter your Email '; } else { if (preg_match("/^([a-zA-Z0-9])+([a-zA-Z0-9\._-])*@([a-zA-Z0-9_-])+([a-zA-Z0-9\._-]+)+$/", $_POST['e-mail'])) { //regular expression for email validation $Email = $_POST['e-mail']; } else { $error[] = 'Your EMail Address is invalid '; } } if (empty($_POST['Password'])) { $error[] = 'Please Enter Your Password '; } else { $Password = $_POST['Password']; } if (empty($error)) //send to Database if there's no error ' { // If everything's OK... // Make sure the email address is available: $query_verify_email = "SELECT * FROM members WHERE Email ='$Email'"; $result_verify_email = mysqli_query($dbc, $query_verify_email); if (!$result_verify_email) {//if the Query Failed ,similar to if($result_verify_email==false) echo ' Database Error Occured '; } if (mysqli_num_rows($result_verify_email) == 0) { // IF no previous user is using this email . // Create a unique activation code: $activation = md5(uniqid(rand(), true)); $query_insert_user = "INSERT INTO `members` ( `Username`, `Email`, `Password`, `Activation`) VALUES ( '$name', '$Email', '$Password', '$activation')"; $result_insert_user = mysqli_query($dbc, $query_insert_user); if (!$result_insert_user) { echo 'Query Failed '; } if (mysqli_affected_rows($dbc) == 1) { //If the Insert Query was successfull. // Send the email: $message = " To activate your account, please click on this link:\n\n"; $message .= WEBSITE_URL . '/activate.php?email=' . urlencode($Email) . "&key=$activation"; mail($Email, 'Registration Confirmation', $message, 'From: Admin@TheGameCo.Com'); // Flush the buffered output. // Finish the page: echo '<div class="success">Thank you for registering! A confirmation email has been sent to '.$Email.' Please click on the Activation Link to Activate your account </div>'; } else { // If it did not run OK. echo '<div class="errormsgbox">You could not be registered due to a system error. We apologize for any inconvenience.</div>'; } } else { // The email address is not available. echo '<div class="errormsgbox" >That email address has already been registered. </div>'; } } else {//If the "error" array contains error msg , display them echo '<div class="errormsgbox"> <ol>'; foreach ($error as $key => $values) { echo ' <li>'.$values.'</li>'; } echo '</ol></div>'; } mysqli_close($dbc);//Close the DB Connection } // End of the main Submit conditional. ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Game Name - Home</title> <link rel="stylesheet" type="text/css" href="style.css" /> </head> <body> <div id="container"> <div id="header"> <?php include("includes/header.php"); ?> </div> <div id="nav"> <?php include("includes/nav.php"); ?> </div> <div id="content"> <form action="index.php" method="post" class="registration_form"> <fieldset> <legend>Registration Form</legend> <p>Create A new Account<br />Already a member? <a href="login.php">Log in</a></p> <div class="elements"> <label for="name">Username:</label> <input type="text" id="name" name="name" size="25" /> </div> <div class="elements"> <label for="e-mail">E-mail:</label> <input type="text" id="e-mail" name="e-mail" size="25" /> </div> <div class="elements"> <label for="Password">Password:</label> <input type="password" id="Password" name="Password" size="25" /> </div> <div class="submit"> <input type="hidden" name="formsubmitted" value="TRUE" /> <input type="submit" value="Register" /> </div> </fieldset> </form> </div> <div id="footer"> <?php include("includes/footer.php"); ?> </div> </div> </body> </html> I've tried adding this after the email verification: Code: [Select] // Make sure the user is available: $query_verify_user = "SELECT * FROM members WHERE Username ='$name'"; $result_verify_user = mysqli_query($dbc, $query_verify_user); if (!$result_verify_user) { echo ' Database Error Occured '; } } if (mysqli_num_rows($result_verify_user) == 0) { // IF no previous user is using this user . But that just returns me with: It works to stop username/email duplication but now returns: Query Failed You could not be registered due to a system error. We apologize for any inconvenience. Not sure where I'm going wrong tbh. Hi all, i have a script which checks the username field of my register form as the user types it and checks to see if the username is either taken, is too short or availible using jquery, however it isn't working and i've been staring at it for ages trying to work out why. Due to the length of my code ive put it on codepad. Here is my register.php: http://codepad.org/8REOfI8q and here is my check.php: http://codepad.org/gXSkbnsf My form is just displaying "Choose a username" and not changing depending on my input etc... Any help would be great Hey all, In my user registration system I'm trying to figure something out. When the user puts in his information and hits submit it goes into a temporary user table while it waits for the user to click on the activation code in the email that is sent out. Once they click on it it's then transferred into the user table. Now, I have a few questions: 1. Should the user check on the registration screen check both tables for a username match? What if someone starts a registration but never activates it. That username, though not in use, is now taken up in the tempuser table. 2. Should the information in the temporary table be cleared after it is moved into the regular table? Thanks guys! is it possible to check a username or email address against a mysql database as the user types it in or when he changes to the next required input field, and if it is not already taken to place a symbol next to the username to show that it is either available or not. I am still quite new to php. Thanks I want to limit the number of incorrect login attempts within a specified time period (e.g. 15 minutes). I'm wondering what I should tie those attempts to. e.g. If too many attempts from one ip address for a specific username, lock them out for 15 minutes? Or too many attempts from any ip address for a specific username? Or too many attempts for an ip address matched loosely (i.e. 255.255.255.0 matching) with a specific username? What's the best choice? Just too many attempts for a username? Or also use the ip address? And should I store the attempts in the session, or the DB? Ok so I'm still having problems. This is what I need: I want a function to echo a message if a username does not pass my requirments. - Only letters and / or numbers - Must start with a letter (not a number) - No spaces The current code is not working for me. Please help Code: [Select] }else if (!(eregi('/[A-Za-z0-9-]+',($_POST["username"])))){ echo "<p> </p><p> </p><p> </p><br />Must only contain numbers and letters and cannot exceed 10 characters.<p> </p><p> </p><a href='javascript:javascript:history.go(-1)'>Click here to go back to previous page</a>"; Hi guys Can someone help me about this: The php code can be revise username and password with CURL then check database and if username & password is correct return true else false. Thanks Hi, I need to insert some code into my current form code which will check to see if a username exist and if so will display an echo message. If it does not exist will post the form (assuming everything else is filled in correctly). I have tried some code in a few places but it doesn't work correctly as I get the username message exist no matter what. I think I am inserting the code into the wrong area, so need assistance as to how to incorporate the username check code. $sql="select * from Profile where username = '$username'; $result = mysql_query( $sql, $conn ) or die( "ERR: SQL 1" ); if(mysql_num_rows($result)!=0) { process form } else { echo "That username already exist!"; } the current code of the form <?PHP //session_start(); require_once "formvalidator.php"; $show_form=true; if (!isset($_POST['Submit'])) { $human_number1 = rand(1, 12); $human_number2 = rand(1, 38); $human_answer = $human_number1 + $human_number2; $_SESSION['check_answer'] = $human_answer; } if(isset($_POST['Submit'])) { if (!isset($_SESSION['check_answer'])) { echo "<p>Error: Answer session not set</p>"; } if($_POST['math'] != $_SESSION['check_answer']) { echo "<p>You did not pass the human check.</p>"; exit(); } $validator = new FormValidator(); $validator->addValidation("FirstName","req","Please fill in FirstName"); $validator->addValidation("LastName","req","Please fill in LastName"); $validator->addValidation("UserName","req","Please fill in UserName"); $validator->addValidation("Password","req","Please fill in a Password"); $validator->addValidation("Password2","req","Please re-enter your password"); $validator->addValidation("Password2","eqelmnt=Password","Your passwords do not match!"); $validator->addValidation("email","email","The input for Email should be a valid email value"); $validator->addValidation("email","req","Please fill in Email"); $validator->addValidation("Zip","req","Please fill in your Zip Code"); $validator->addValidation("Security","req","Please fill in your Security Question"); $validator->addValidation("Security2","req","Please fill in your Security Answer"); if($validator->ValidateForm()) { $con = mysql_connect("localhost","uname","pw") or die('Could not connect: ' . mysql_error()); mysql_select_db("beatthis_beatthis") or die(mysql_error()); $FirstName=mysql_real_escape_string($_POST['FirstName']); //This value has to be the same as in the HTML form file $LastName=mysql_real_escape_string($_POST['LastName']); //This value has to be the same as in the HTML form file $UserName=mysql_real_escape_string($_POST['UserName']); //This value has to be the same as in the HTML form file $Password= md5($_POST['Password']); //This value has to be the same as in the HTML form file $Password2= md5($_POST['Password2']); //This value has to be the same as in the HTML form file $email=mysql_real_escape_string($_POST['email']); //This value has to be the same as in the HTML form file $Zip=mysql_real_escape_string($_POST['Zip']); //This value has to be the same as in the HTML form file $Birthday=mysql_real_escape_string($_POST['Birthday']); //This value has to be the same as in the HTML form file $Security=mysql_real_escape_string($_POST['Security']); //This value has to be the same as in the HTML form file $Security2=mysql_real_escape_string($_POST['Security2']); //This value has to be the same as in the HTML form file $sql="INSERT INTO Profile (`FirstName`,`LastName`,`Username`,`Password`,`Password2`,`email`,`Zip`,`Birthday`,`Security`,`Security2`) VALUES ('$FirstName','$LastName','$UserName','$Password','$Password2','$email','$Zip','$Birthday','$Security','$Security2')"; //echo $sql; if (!mysql_query($sql,$con)) { die('Error: ' . mysql_error()); } else{ mail('email@gmail.com','A profile has been submitted!',$FirstName.' has submitted their profile',$body); echo "<h3>Your profile information has been submitted successfully.</h3>"; } mysql_close($con); $show_form=false; } else { echo "<h3 class='ErrorTitle'>Validation Errors:</h3>"; $error_hash = $validator->GetErrors(); foreach($error_hash as $inpname => $inp_err) { echo "<p class='errors'>$inpname : $inp_err</p>\n"; } } } if(true == $show_form) { ?> ISSUE. A User enters information into a form. If the 'username' is already taken, a 'message' in Red and with larger font-size will be returned, for example, "The username $username already exists." If the username is 'mattd' then the message should say, "The username mattd already exists." Within my php application, I have included 'inline html'. Here is part of the code: .... if (mysql_num_rows($query_run)==1) { // it will never = more than one because only //one user will or will not exist ?> <html> </body> <h1><font color="#FF0066">The username <?php echo $username; ?>already exists.</h1> </body> </html> <?php }else{ //start the registration process $query = "INSERT INTO `Names` VALUES .... 1. At one point I did get this: "The username mattd already exists." 2. But now I only get "The username already exists." I am not retrieving the $username variable. This screenshot is found he http://imgur.com/lIwLZ1G thanks. I have developed a code for a login and seems to work well (No syntax error according to https://phpcodechecker.com/ but when I enter a username and a password in the login form, I get an error HTTP 500. I think that everything is ok in the code but obviously there is something that I am not thinking about. The code (excluding db connection): $id="''"; $username = $_POST['username']; $password = md5($_POST['password']); $func = "SELECT contrasena FROM users WHERE username='$username'"; $realpassask = $conn->query($func); $realpassaskres = $realpassask->fetch_assoc(); $realpass= $realpassaskres[contrasena]; $func2 = "SELECT bloqueado FROM users WHERE username='$username'"; $blockedask = $conn->query($func2); $blockedres = $blockedask->fetch_assoc(); $bloqueado = $blockedres[bloqueado];
//Login if(!empty($username)) { // Check the email with database While we're on the subject, is there a way to ensure that the first letter of a name is captalized, and the rest lowercase? Or is this best handled later on, when the name is being used and called from the DB. PS: some of us comment are code as to WHAT we are doing because we're just not that good yet, and we need to explain it to ourselves. Hello friends, i want to check if a website url is working or not. Anyone can share the idea to do this ?? I am trying to check if a credit card has expired. My criterion is whether or not the date submitted is prior to this month if the year matches 2011. Code: [Select] // Check for Expired Card. if (($expYear = date('Y')) && ($expMonth < date('M'))){ $errors['expDate'] = 'Expiration Date cannot be in the past.'; } Why is this not working? I chose March 2011 and it fails. In fact, it fails for any date?! Debbie Hi all. Ok, I've been trying to fix this for 5 days straight. for some reason, i can't get this code to check the value for email, question and answer against the database. it either gives an error all the time or it allows incorrect data.. forgot.php: Code: [Select] <?php if ($_SERVER["REQUEST_METHOD"] == "POST") { print_r($_POST); } if ($_SERVER["REQUEST_METHOD"] == "GET") { print_r($_GET); } error_reporting(E_ALL); include 'dbc.php'; /******************* ACTIVATION BY FORM**************************/ if(isset($_POST['doReset'])){ if ($_POST['doReset']=='Reset') { $err = array(); $msg = array(); foreach($_POST as $key => $value) { $data[$key] = filter($value); } //check if activ code and user is valid as precaution if(isset($data['user_email'])){ $rs_check = mysql_query("select id from users where user_email='$data[user_email]'") or die (mysql_error()); $num = mysql_num_rows($rs_check); } // Match row found with more than 1 results - the user is authenticated. /* if ( $num <= 0 ) { $err[] = "Error - Sorry no such account exists or registered."; //header("Location: forgot.php?msg=$msg"); //exit(); }*/ if(isset($_POST['user_email'])){ if($_POST['user_email1'] != stripslashes(isEmail($data['user_email']))) { $err[] = "ERROR - Please enter a valid email"; } } if(isset($_POST['usr_question'])){ if($_POST['usr_question1'] != stripslashes($data['usr_question'])) { $err[] = "ERROR - Please enter a valid question"; } } if(isset($_POST['usr_answer'])){ if($_POST['usr_answer1'] != stripslashes($data['usr_answer'])) { $err[] = "ERROR - Please enter a valid answer"; } } if(empty($err)) { $new_pwd = GenPwd(); $pwd_reset = PwdHash($new_pwd); //$sha1_new = sha1($new); //set update sha1 of new password + salt if(isset($data['user_email']) && isset($data['usr_question']) && isset($data['usr_answer'])){ $rs_activ = mysql_query("update users set pwd='$pwd_reset' WHERE user_email='$data[user_email]' AND usr_question='$data[usr_question]' AND usr_answer='$data[usr_answer]'") or die(mysql_error()); $host = $_SERVER['HTTP_HOST']; $host_upper = strtoupper($host); echo "Here is your new password:<br>\r\n" .$new_pwd."<br>\r\n"; } } //send email /*$message = "Here are your new password details ...\n User Email: $user_email \n Passwd: $new_pwd \n Thank You Administrator $host_upper ______________________________________________________ THIS IS AN AUTOMATED RESPONSE. ***DO NOT RESPOND TO THIS EMAIL**** "; mail($user_email, "Reset Password", $message, "From: \"Member Registration\" <auto-reply@$host>\r\n" . "X-Mailer: PHP/" . phpversion()); $msg[] = "Your account password has been reset and a new password has been sent to your email address."; */ //$msg = urlencode(); //header("Location: forgot.php?msg=$msg"); //exit(); } } ?> <html> <head> <title>Forgot Password</title> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <script language="JavaScript" type="text/javascript" src="js/jquery-1.3.2.min.js"></script> <script language="JavaScript" type="text/javascript" src="js/jquery.validate.js"></script> <script> $(document).ready(function(){ $("#actForm").validate(); }); </script> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellspacing="0" cellpadding="5" class="main"> <tr> <td colspan="3"> </td> </tr> <tr> <td width="160" valign="top"><p> </p> <p> </p> <p> </p> <p> </p> <p> </p></td> <td width="732" valign="top"> <h3 class="titlehdr">Forgot Password</h3> <p> <?php /******************** ERROR MESSAGES************************************************* This code is to show error messages **************************************************************************/ if(!empty($err)) { echo "<div class=\"msg\">"; foreach ($err as $e) { echo "* $e <br>"; } echo "</div>"; } if(!empty($msg)) { echo "<div class=\"msg\">" . $msg[0] . "</div>"; } /******************************* END ********************************/ ?> </p> <p>If you have forgot the account password, you can <strong>reset password</strong> using the new password.</p> <form action="forgot.php" method="post" name="actForm" id="actForm" > <table width="65%" border="0" cellpadding="4" cellspacing="4" class="loginform"> <tr> <td colspan="2"> </td> </tr> <tr> <td width="36%">Your Email <font Color="#FF0000">*</font></td> <td width="64%"><input name="user_email1" type="text" class="required email" size="25"></td> </tr> <tr> <td width="38%">Your Secret Question <font Color="#FF0000">*</font></td> <td width="66%"><input name="usr_question1" type="text" class="required question" size="25"></td> </tr> <tr> <td width="38%">Your Secret Answer <font Color="#FF0000">*</font></td> <td width="66%"><input name="usr_answer1" type="text" class="required answer" size="25"></td> </tr> <tr> <td colspan="2"> <div align="center"> <p> <input name="doReset" type="submit" id="doLogin3" value="Reset"><br><br> <a href="./register.php">Register</a> | <a href="./login.php">Login</a> </p> </div></td> </tr> </table> <div align="center"></div> <p align="center"> </p> </form> <p> </p> <p align="left"> </p></td> <td width="196" valign="top"> </td> </tr> <tr> <td colspan="3"> </td> </tr> </table> </body> </html> dbc.php: Code: [Select] <?php /******************** MAIN SETTINGS - PHP LOGIN SCRIPT V2.1 ********************** Please complete wherever marked xxxxxxxxx /************* MYSQL DATABASE SETTINGS ***************** 1. Specify Database name in $dbname 2. MySQL host (localhost or remotehost) 3. MySQL user name with ALL previleges assigned. 4. MySQL password Note: If you use cpanel, the name will be like account_database *************************************************************/ define ("DB_HOST", "localhost"); // set database host define ("DB_USER", "root"); // set database user define ("DB_PASS","pass"); // set database password define ("DB_NAME","KOJ_Login"); // set database name $link = mysql_connect(DB_HOST, DB_USER, DB_PASS) or die("Couldn't make connection."); $db = mysql_select_db(DB_NAME, $link) or die("Couldn't select database"); /* Registration Type (Automatic or Manual) 1 -> Automatic Registration (Users will receive activation code and they will be automatically approved after clicking activation link) 0 -> Manual Approval (Users will not receive activation code and you will need to approve every user manually) */ $user_registration = 1; // set 0 or 1 define("COOKIE_TIME_OUT", 1); //specify cookie timeout in days (default is 10 days) define('SALT_LENGTH', 9); // salt for password //define ("ADMIN_NAME", "admin"); // sp /* Specify user levels */ define ("ADMIN_LEVEL", 6); define("GURU_CODE_CONSULTANT",5); define("GAME_CODER",4); define("GAME_BETATESTER",3); define("GAME_ARTIST",2); define ("USER_LEVEL", 1); define ("GUEST_LEVEL", 0); /*************** reCAPTCHA KEYS****************/ $publickey = "6LeEOLwSAAAAAIDSbmqnOpHk_EyMOQpitY526ePJ"; $privatekey = "6LeEOLwSAAAAAJe_5NTiwR0zNzCstCgIPBfpTO-n"; /**** PAGE PROTECT CODE ******************************** This code protects pages to only logged in users. If users have not logged in then it will redirect to login page. If you want to add a new page and want to login protect, COPY this from this to END marker. Remember this code must be placed on very top of any html or php page. ********************************************************/ function get_log($action){ $logfile= './log.php'; $IP = $_SERVER['REMOTE_ADDR']; $logdetails= date("F j, Y, g:i a") . ': ' . '<a href=http://dnsstuff.com/tools/city.ch?ip='.$_SERVER['REMOTE_ADDR'].'>'.$_SERVER['REMOTE_ADDR'].'('.gethostbyaddr($_SERVER['REMOTE_ADDR']).')</a> - <b>'.$action.' - ('.basename("./").')'.'</b>\r\n'; $fp = fopen($logfile, "a"); fwrite($fp, $logdetails); fclose($fp); } function page_protect() { session_start(); global $db; /* Secure against Session Hijacking by checking user agent */ if (isset($_SESSION['HTTP_USER_AGENT'])) { if ($_SESSION['HTTP_USER_AGENT'] != md5($_SERVER['HTTP_USER_AGENT'])) { logout(); exit; } } // before we allow sessions, we need to check authentication key - ckey and ctime stored in database /* If session not set, check for cookies set by Remember me */ if (!isset($_SESSION['user_id']) && !isset($_SESSION['user_name']) ) { if(isset($_COOKIE['user_id']) && isset($_COOKIE['user_key'])){ /* we double check cookie expiry time against stored in database */ $cookie_user_id = filter($_COOKIE['user_id']); $rs_ctime = mysql_query("select `ckey`,`ctime` from `users` where `id` ='$cookie_user_id'") or die(mysql_error()); list($ckey,$ctime) = mysql_fetch_row($rs_ctime); // coookie expiry if( (time() - $ctime) > 60*60*24*COOKIE_TIME_OUT) { logout(); } /* Security check with untrusted cookies - dont trust value stored in cookie. /* We also do authentication check of the `ckey` stored in cookie matches that stored in database during login*/ if( !empty($ckey) && is_numeric($_COOKIE['user_id']) && isUserID($_COOKIE['user_name']) && $_COOKIE['user_key'] == sha1($ckey) ) { session_regenerate_id(); //against session fixation attacks. $_SESSION['user_id'] = $_COOKIE['user_id']; $_SESSION['user_name'] = $_COOKIE['user_name']; /* query user level from database instead of storing in cookies */ list($user_level) = mysql_fetch_row(mysql_query("select user_level from users where id='$_SESSION[user_id]'")); $_SESSION['user_level'] = $user_level; $_SESSION['HTTP_USER_AGENT'] = md5($_SERVER['HTTP_USER_AGENT']); } else { logout(); } } else { header("Location: login.php"); exit(); } } } function filter($data) { $data = trim(htmlentities(stripslashes(strip_tags($data)))); //htmlentities(strip_tags($data))); if (get_magic_quotes_gpc()) $data = stripslashes($data); $data = mysql_real_escape_string($data); return $data; } function EncodeURL($url) { $new = strtolower(ereg_replace(' ','_',$url)); return($new); } function DecodeURL($url) { $new = ucwords(ereg_replace('_',' ',$url)); return($new); } function ChopStr($str, $len) { if (strlen($str) < $len) return $str; $str = substr($str,0,$len); if ($spc_pos = strrpos($str," ")) $str = substr($str,0,$spc_pos); return $str . "..."; } function isEmail($email){ return preg_match('/^\S+@[\w\d.-]{2,}\.[\w]{2,6}$/iU', $email) ? TRUE : FALSE; } function isSecretQuestion($question){ if (preg_match('/^[a-z\d_]{5,20}$/i', $question)) { return true; } else { return false; } } function isSecretAnswer($answer){ if (preg_match('/^[a-z\d_]{5,20}$/i', $answer)) { return true; } else { return false; } } function isUserID($username) { if (preg_match('/^[a-z\d_]{5,20}$/i', $username)) { return true; } else { return false; } } function isURL($url) { if (preg_match('/^(http|https|ftp):\/\/([A-Z0-9][A-Z0-9_-]*(?:\.[A-Z0-9][A-Z0-9_-]*)+):?(\d+)?\/?/i', $url)) { return true; } else { return false; } } function checkPwd($x,$y) { if(empty($x) || empty($y) ) { return false; } if (strlen($x) < 4 || strlen($y) < 4) { return false; } if (strcmp($x,$y) != 0) { return false; } return true; } function GenPwd($length = 7) { $password = ""; $possible = "0123456789bcdfghjkmnpqrstvwxyz"; //no vowels $i = 0; while ($i < $length) { $char = substr($possible, mt_rand(0, strlen($possible)-1), 1); if (!strstr($password, $char)) { $password .= $char; $i++; } } return $password; } function GenKey($length = 7) { $password = ""; $possible = "0123456789abcdefghijkmnopqrstuvwxyz"; $i = 0; while ($i < $length) { $char = substr($possible, mt_rand(0, strlen($possible)-1), 1); if (!strstr($password, $char)) { $password .= $char; $i++; } } return $password; } function logout() { global $db; session_start(); if(isset($_SESSION['user_id']) || isset($_COOKIE['user_id'])) { mysql_query("update `users` set `ckey`= '', `ctime`= '' where `id`='$_SESSION[user_id]' OR `id` = '$_COOKIE[user_id]'") or die(mysql_error()); } //header("Location: login.php"); /************ Delete the sessions****************/ unset($_SESSION['user_id']); unset($_SESSION['user_name']); unset($_SESSION['user_level']); unset($_SESSION['HTTP_USER_AGENT']); session_unset(); session_destroy(); /* Delete the cookies*******************/ setcookie("user_id", '', time()-60*60*24*COOKIE_TIME_OUT, "/"); setcookie("user_name", '', time()-60*60*24*COOKIE_TIME_OUT, "/"); setcookie("user_key", '', time()-60*60*24*COOKIE_TIME_OUT, "/"); echo "<html>\r\n" ."<head>\r\n" ."<title>Logout</title>\r\n" ."<link href=\"styles.css\" rel=\"stylesheet\" type=\"text/css\">\r\n" ."<meta http-equiv=\"Content-Type\" content=\"text/html; charset=iso-8859-1\">\r\n" ."</head>\r\n" ."<body>\r\n" ."<table width=\"100%\" border=\"0\" cellspacing=\"0\" cellpadding=\"5\" class=\"main\">\r\n" ." <tr> \r\n" ." <td colspan=\"3\"> </td>\r\n" ." </tr>\r\n" ." <tr> \r\n" ." <td width=\"160\" valign=\"top\">\r\n" ."<p>You have been successfully logged out!</p>\r\n" ."<p>Taking you to the main page</p>\r\n" ." </td>\r\n" ." <td width=\"196\" valign=\"top\"> </td>\r\n" ." </tr>\r\n" ." <tr> \r\n" ." <td colspan=\"3\"> </td>\r\n" ." </tr>\r\n" ."</table>\r\n" ."<meta http-equiv=\"refresh\" content=\"4;url=index.php\">\r\n" ."</body>\r\n" ."</html>"; } // Password and salt generation function PwdHash($pwd, $salt = null) { if ($salt === null) { $salt = substr(md5(uniqid(rand(), true)), 0, SALT_LENGTH); } else { $salt = substr($salt, 0, SALT_LENGTH); } return $salt . sha1($pwd . $salt); } function checkAdmin() { if($_SESSION['user_level'] == ADMIN_LEVEL) { return 1; } else { return 0 ; } } ?> EDIT: the prob is: Code: [Select] if(isset($_POST['user_email'])){ if($_POST['user_email1'] != stripslashes(isEmail($data['user_email']))) { $err[] = "ERROR - Please enter a valid email"; } } if(isset($_POST['usr_question'])){ if($_POST['usr_question1'] != stripslashes($data['usr_question'])) { $err[] = "ERROR - Please enter a valid question"; } } if(isset($_POST['usr_answer'])){ if($_POST['usr_answer1'] != stripslashes($data['usr_answer'])) { $err[] = "ERROR - Please enter a valid answer"; } } if(empty($err)) { $new_pwd = GenPwd(); $pwd_reset = PwdHash($new_pwd); //$sha1_new = sha1($new); //set update sha1 of new password + salt if(isset($data['user_email']) && isset($data['usr_question']) && isset($data['usr_answer'])){ $rs_activ = mysql_query("update users set pwd='$pwd_reset' WHERE user_email='$data[user_email]' AND usr_question='$data[usr_question]' AND usr_answer='$data[usr_answer]'") or die(mysql_error()); $host = $_SERVER['HTTP_HOST']; $host_upper = strtoupper($host); echo "Here is your new password:<br>\r\n" .$new_pwd."<br>\r\n"; } } I need to Web scrape a website I need to access from different ip addresses I've found a website that gives out ip numbers to use for free The problem is that they change + old ones don't work after a certain time Is there anyway I can test and make sure an ip address is working before using? What happens if I use an ip address that isn't working? Does the real ip address of my server get sent instead? Thanks OM Hi, I joined new here, and I am really having hard time figuring out what's wrong with the code below which isn't working. if (isset($_POST['privacy_submit'])) { if (($_SERVER['REQUEST_METHOD'] == "POST")) { $privacy_upd = mysql_query("UPDATE clf_privacy_terms SET 'p_bannerads' = '".$_POST['p_bannerads']."', 'p_shareinfo' = '".$_POST['p_shareinfo']."', 'p_crossmarketing' = '".$_POST['p_crossmarketing']."', 'p_tacking' = '".$_POST['p_tacking']."', 'p_sendcommunication' = '".$_POST['p_sendcommunication']."', 'p_under13' = '".$_POST['p_under13']."', 'p_internationally' = '".$_POST['p_internationally']."', 'p_discloselegal' = '".$_POST['p_discloselegal']."', 'p_server_country' = '".$_POST['p_server_country']."', 'p_forums' = '".$_POST['p_forums']."', 'p_newslettermodule' = '".$_POST['p_newslettermodule']."', 'p_membershipmodule' = '".$_POST['p_membershipmodule']."' ") or die(mysql_error()); $msg="Successfully Updated!"; } } else { $msg="<font color=\"red\">Incorrect method of submission.</font> Please try again."; } ?> <h2>Privacy Policy</h2> <?php if ($privacy_upd) { echo ($msg); } ?> <form class="box" name="privacy_upd" action="gen.php" method="post"> ......................................................................................... ........................ MySQL Error returns the following: Code: [Select] You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''p_bannerads' = 'do not', 'p_shareinfo' = 'do not', 'p_cross' at line 2 Let me know if any of your guys can solve it for me, I would appreciate since I am not able to solve it for last two days already. Thank you... Been trying to find an answer and keep running around in circles... I have: ( left test echos in there) if ($r['left_house_number'] != '') { /* Now see what they are supposed to get */ $left_customer_query = "SELECT * FROM customer WHERE house_number ='".$r['left_house_number']."' AND street = '".$r['left_house_street']."' AND route_number = '".$_SESSION['route_number']."'"; // echo "SELECT * FROM customer WHERE house_number ='".$r['left_house_number']."' AND street = '".$r['left_house_street']."' AND route_number = '".$_SESSION['route_number']."'"; $left_customer_result = mysql_query($left_customer_query) or die(mysql_error()); $left_customer_result_count = mysql_num_rows($left_customer_result); echo $r['left_house_number'].' =lhn1'; while ($lrow = mysql_fetch_array($left_customer_result)) { echo $r['left_house_number'].' =lhn2'; /* See if there is any customer if not display blank row */ echo $left_customer_result_count.' = count '; if ($left_customer_result_count < 1) { echo $r['left_house_number'].' =lhn3'; echo '<span class="delivery_nothing">'.$r['left_house_number'].' </span> 1<span class="delivery_nothing">'.$r['left_house_street'].' '; } else { /* Have a customer, now check to see if they are supposed to get something */ if ($lrow['status'] != "AC" && $lrow['status'] != "VH") { /* Customer is stopped or on vacation so show house number and street not bolded */ echo '<span class="delivery_nothing">'.$r['left_house_number'].'</span>2<span class="delivery_nothing">'.$r['left_house_street']; echo $r['left_house_number'].' =lhn4'; } else { /* Now check for correct delivery day and return data */ if (Show_Product($lrow['product']) == '1') { echo $r['left_house_number'].' =lhn5'; echo '<span class="delivery_bold">'.$lrow['house_number'].'</span><span class="delivery_bold">'.$lrow['placement'].'</span><span class="delivery_bold">'.$lrow['street'].'</span>'; echo Product_Formater($lrow['product']); } I have tried... if ($left_customer_result_count < 1) { if ($left_customer_result_count == 0) { if ($left_customer_result_count == '') { if ($left_customer_result_count === 0) { And I can't get it to work. the count "test echo" is either blank or 1 If I echo the sql statement with values I know aren't in the db and paste it into phpmyadmin: SELECT * FROM customer WHERE house_number = '3333' AND street = 'Chili Avenue' AND route_number = '68-24-630' I get: "MySQL returned an empty result set" And if I change it to something that is in the db: SELECT * FROM customer WHERE house_number = '3019' AND street = 'Chili Avenue' AND route_number = '68-24-630' I get: "Showing rows 0 - 0 (1 total, Query took 0.0012 sec)" So what do I have to do to get this to work right? What does it actually output when there are no results returned? thanks,
//database
create table mydata (
id int(11) NOT NULL PRIMARY KEY AUTO_INCREMENT,
fname varchar(20),
phoneno int(12) NOT NULL
/*......*/
);
//class my data php
<?php
include('connect.php');
class InsertMydata {
public function insertnow($fname, $phoneno) {
$connect = new Connect;
$insrt = $db -> prepare('INSERT INTO mydata (fname, phoneno) VALUES (?,?)');
$insrt -> execute(array($fname, $phoneno));
}
}
?>
//insernow validate form
<?php
include('../classs/mydata.php');
//Declare data and error arrays
$errors = [];
$mydara = [];
if(!preg_match('/^[a-zA-Z]{4,15}$/', $_POST['fname'])) {
$errors['fname'] = 'Enter full name!';
}
//this block not working even the phone exist
$connect = new Connect;
$phoneno = $_POST['phoneno'];
$checkiexist = $connect -> prepare('SELECT * FROM mydata WHERE phoneno = ?');
$checkiexist -> execute([$phoneno]);
if($checkiexist->rowCount() > 0) {
$errors['phonenoexist'] = 'Try another phone number!';
}
if(!empty($errors)){
$data['success'] = false;
$data['errors'] = $errors;
}else{
$data['success'] = true;
$data['message'] = 'success message!';
$mydata = new InsertMydata;
$mydata -> insertnow($fname, $phoneno);
}
echo json_encode($data);
?>
//my ajax
$("#insertbtn").click( function(e) {
var fname = $('#fname').val(),
phoneno = $('#phoneno').val(),
$.ajax({
url: 'insertnow.php',
type: 'POST',
data: {fname:fname, phoneno:phoneno},
dataType: "JSON",
encode: true,
}).done( function (data) {
if (data.success == false) {
if (data.errors.fname) {
$('#fname').append('<p class="text-danger">' + data.errors.fname + '</p>');
}
if (data.errors.phonenoexist) {
$('.card-header').append('<div class="alert alert-info alert-dismissible" role="alert">
<button type="button" class="close" data-dismiss="alert" aria-label="Close"><span aria-hidden="true">×</span></button>'+data.errors.phonenoexist+'</div>');
}
} else {
$('.card-header').append('<div class="alert alert-success alert-dismissible" role="alert"><button type="button" class="close" data-dismiss="alert" aria-label="Close"><span aria-hidden="true">×</span></button>'+data.message+'</div>');
}
});
e.preventDefault();
});
//the problem is, the code insert data even if the phone exist why?
the problem is, the code insert data even if the phone exist why? Edited April 8 by mahendaHi, there is probably a straightforward solution to my problem, but I can't quite work it out. I use the following PHP line to check whether the submit button in an html form was pressed or not: Code: [Select] if (isset($_POST['buttonname'])==FALSE) {do something} If the html form is contained within a PHP script as follows: Code: [Select] <?php print" <html> <body> <form action=check.php method=POST //form here </form> </body> </html> "; ?> then the check works fine. But if the html form is contained within an external html file that is called upon in an iframe as follows: Code: [Select] <?php print" <html> <body> <iframe src ='form.htm'></iframe> </body> </html> "; ?> then the check doesn't work and it always thinks the submit button wasn't pressed. How can I perform this check when the submit button is in an external html file that is called upon in an iframe? Any help would be much appreciated! Thanks. |
|||||||