|
PHP - Making A Signup Page, Trying To Log All Attempts
Hi everybody, I want to build a script that lets someone register with a simple form that logs all activity into a MySQL db.
The thing is, I want to log all attempts to signup into the system even if they do not satisfy password strength, or the required fields criteria. In the following code, the string "email" isn't being used. The field named 'name' is what I'm using to collect the email, and the field named 'msg' is what I'm using to collect the password. I've gotten to the point where if they don't provide anything for either email or password, then it directs them to the same page and it asks them to re enter their information. but I can't seem to capture the attempt (so if they enter an email but not a pass, i still want to know what email they entered). I'm getting this error Parse error: syntax error, unexpected T_ELSE in /hermes/bosweb25c/b1454/ipg.domainname/nameofsite/contact_insert2.php on line 41 Line 41 corresponds to the line with the first "else{" I'm really not sure what to do, it seems straight forward when I think it through in my head. If pass or email field is empty, enter it into the db, and then send them back to the beginning, if pass or email field not empty, continue in script. Code: [Select] <?php define('DB_NAME', 'dbname'); define('DB_USER', 'phpchick'); define('DB_PASS', 'password'); define('DB_HOST', 'localhost'); // contact to database $connect = mysql_connect(DB_HOST, DB_USER, DB_PASS) or die('Error , check your server connection.'); mysql_select_db(DB_NAME); //Get data in local variable $v_name=$_POST['name']; $v_email=$_POST['email']; $v_msg=$_POST['msg']; // check for null values if ($v_name=="" or $v_msg=="") $query="insert into contact(name,email,msg) values('$v_name','$v_email','$v_msg')"; mysql_query($query) or die(mysql_error()); echo " <head> <link rel=\"stylesheet\" type=\"text/css\" href=\"http://site.com/signup.css\"></head> <h2>Free Registration</h2> <form action=\"contact_insert2.php\" method=\"POST\" id=\"insert\"> <table> <tr> <td >Email</td> <td ><input type=\"text\" size=40 name=\"name\"></td> </tr> <tr> <td >Password</td> <td ><input type=\"password\" size=40 name=\"msg\" ></td> </tr> You must enter an email and password. <tr> <td colspan=2 id=\"sub\"><input type=\"submit\" name=\"submit\" value=\"submit\" ></td> </tr> </Table> </form>"; else{ if (strcspn($_REQUEST['msg'], '0123456789') == strlen($_REQUEST['msg'])) echo "true"; else{ $query="insert into contact(name,email,msg) values('$v_name','$v_email','$v_msg')"; mysql_query($query) or die(mysql_error()); echo "Your message has been received"; } } ?> Similar Tutorialshope you all had a good Christmas/New Year. Hi Guys, I can't figure this one out, in my registration code i set it to email when a user successfully registers: code: <?php if (isset($_POST['submitSignUp'])) { // Errors array() $errors = array(); // POST vars $fName = mysql_real_escape_string($_POST['fname']); $lName = mysql_real_escape_string($_POST['lname']); $email = mysql_real_escape_string($_POST['email']); $pass1 = mysql_real_escape_string($_POST['pass1']); $pass2 = mysql_real_escape_string($_POST['pass2']); $cntry = mysql_real_escape_string($_POST['cntry']); // Does passwords match if ($pass1 != $pass2) { $errors[] = "Your passwords don't match."; } // Potential errors // Empty fields if (empty($fName) || empty($lName) || empty($email) || empty($pass1) || empty($pass2)) { $errors[] = "You never filled in all the fields."; } else { // Does user exist? $result = mysql_query("SELECT * FROM `dig_customers` WHERE `email`='$email' LIMIT 1"); if (mysql_num_rows($result) > 0) { $errors[] = "The e-mail address <b>$email</b> has already been registered."; } else { // Empty for now... } } // display errors if any exist if (count($errors) > 0) { print "<div id=\"errorMsg\"><h3>Ooops! There was error(s)</h3><ol>"; foreach($errors as $error) { print "<li>$error</li>"; } print "</ol></div>"; } else { print "<div id=\"okMsg\"><p>All done :) you can now sign in.</p></div>"; // Encrypt the password before insertion $encPass = md5($pass1); // Insert into the database $q = mysql_query("INSERT INTO `dig_customers` (`id`, `password`, `password_unencrypted`, `gender`, `title`, `first_name`, `last_name`, `address`, `city`, `state_county`, `post_zip_code`, `country`, `email`, `home_number`, `mobile_number`, `news_letter`, `special_offers`, `admin_level`, `registered`) VALUES ('', '$encPass', '$pass1', 'NULL', 'NULL', '$fName', '$lName', 'NULL', 'NULL', 'NULL', 'NULL', '$cntry', '$email', 'NULL', 'NULL', 'NULL', 'NULL', 'N', NOW())"); if ($q) { // Alert on signup send_graham_email("User Has Signed Up!"); } } } ?> i moved this part: print "<div id=\"okMsg\"><p>All done you can now sign in.</p></div>"; and the INSERT query to where it is now thinking this has solved it, but i just got an email saying "user has signed up!" but when i check the stats they haven't LOL can anyone see where i have went wrong? cheers guys Graham hi i am new on php+mysql i am trying to create signup form that will: users to enter email address and the script check via ajax from MYSQL database if the email is not registered send the signup link to their email if already registered than show error you are a member. (I'm putting this in PHP since it's not a question specific to MySQL or other DB stuff.)
I have a page that uses the GET id to find a product. GET variables are sanitized, and the SQL string is escaped even though it's expecting a number only. So the code seems safe to me. I'm getting some error_log results that appear to be hack attempts:
SELECT I wrote a small PHP with SQLite script which stores the IP with counter, it works fine with one problem, If I enter the correct password 4th time the counter becomes 4 and I get the error to enter my captcha. All the other times, 1-3 and 5 and above count it just works fine. What am I doing wrong with the logic.
Attaching the zip file with code.
https://drive.google...dit?usp=sharing
Hello I'm on the verge of damaging my computer, please help... The below is my first PHP script - it works about once every 20 attempts, sending the email message. I've tried moving the header bit around, so it's inside the if statement, but it is still only intermittently successful. For the sake of this PC, please help out Best Wishes <? function checkOK($field) { if (eregi("\r",$field) || eregi("\n",$field)){ die("Invalid Input!"); } } $select=$_POST['select']; checkOK($select); $name=$_POST['name']; checkOK($name); $email=$_POST['email']; checkOK($email); $confirmail=$_POST['confirmail']; checkOK($confirmail); $month=$_POST['month']; checkOK($month); $day=$_POST['day']; checkOK($day); $year=$_POST['year']; checkOK($year); $leaving=$_POST['leaving']; checkOK($leaving); $hour=$_POST['hour']; checkOK($hour); $minutes=$_POST['minutes']; checkOK($minutes); $ampm=$_POST['ampm']; checkOK($ampm); $going=$_POST['going']; checkOK($going); $flightnumber=$_POST['flightnumber']; checkOK($flightnumber); $pay=$_POST['pay']; checkOK($pay); $song=$_POST['song']; checkOK($song); $comments=$_POST['comments']; checkOK($comments); $to="beepbeepyeah@kabeoke.com"; $message="Message Type: $select\n\nName: $name\n\nEmail: $email\n\n$confirmail\n\nDate of Journey: $month, $day, $year\n\nLeaving From: $leaving\n\nDeparture Time: $hour:$minutes $ampm\n\nGoing to: $going\n\nFlight Number: $flightnumber\n\nPayment Method: $pay\n\nSong Requests: $song\n\nComments: $comments"; header('Location:http://www.kabeoke.com'); if(mail($to,"Slap it - booking/enquiry from Kabeoke.com!",$message,"From: $email\n")){ } else { echo "There was a problem sending the mail. Please check that you filled in the form correctly."; } ?> In my post.php file i have the following code // checks if the username is in use if (!get_magic_quotes_gpc()) { $_POST['username'] = addslashes($_POST['username']); } $usercheck = $_POST['username']; mysql_real_escape_string($usercheck); $check = mysql_query("SELECT username FROM users WHERE username = '$usercheck'") or die(mysql_error()); $check2 = mysql_num_rows($check); //if the name exists it gives an error if ($check2 != 0) { $error="<span style="; $error .="color:red"; $error .=">"; $error .= "Sorry, the username is already in use."; $error .="</span>"; setcookie(Errors, $error, time()+20); header('Location ./?p=UPC'); die(); } The problem is it always 500s if the username is already in use. I wish to lockout the user for (3) minutes if they get (4) wrong username/password attempts in (5) minutes.
Is this typically tied to a single IP using $_SERVER['REMOTE_ADDR']?
Is it a good ideal to also check for a given username but from any IP? I might be wrong, but I assume the value in $_SERVER['REMOTE_ADDR'] is under the user's control.
Obviously, a session wouldn't be ideal as the associated cookie is under the user's control. Do I need to use the database or is there a better way?
Any thoughts or advise would be appreciated.
I want to limit the number of incorrect login attempts within a specified time period (e.g. 15 minutes). I'm wondering what I should tie those attempts to. e.g. If too many attempts from one ip address for a specific username, lock them out for 15 minutes? Or too many attempts from any ip address for a specific username? Or too many attempts for an ip address matched loosely (i.e. 255.255.255.0 matching) with a specific username? What's the best choice? Just too many attempts for a username? Or also use the ip address? And should I store the attempts in the session, or the DB? I've got a somewhat simple problem I think.. I'm working on a uni practical, and one of the checkpoints is to limit the number of incorrect login attempts to 2. I know I could do this very easily with session variables, however on the practical sheet, it says that we're not allowed to modify any of the partially implemented code. So I was wondering, what other ways are there to track the number of incorrect logins? If it comes to it, I will just use session variables, as it's pretty much the most sensible way I'd imagine.. but would like to know of any other possible ways.. Cheers Denno Please help me in php coding I need to open php file when i click on link <Click here> in that php file i need to collect three email id's in the form and post the form to another php file, for those emails id's i need to send email containing activation key, with the help of that link in their email inbox that user need to signup with username and password and more details ..then user can able to login to account in my client website for more actions This part is where i am kinda struck while generating activation key, i googled but no help..if any one help me appreciated thanks Danny danny_boy9988@yahoo.com Hi, I have wondered if just one user should be used (e.g. root) for connecting to the database is the right way of doing things? (which is what I have always done). Would it be better to have a new user created in the privileges section in MySQL and have all operation/table access assigned appropriately for every single user that signs up? I would think that this would give a lot more security but would need a bit more work. What are your thoughts? heres the code for the login page ...i changed the server and username info for privacy <?php include "include/session.php"; $dbservertype='mysql'; $servername='supremeserver.com'; // username and password to log onto db server $dbusername='newlogin'; $dbpassword='new18'; // name of database $dbname='newlogin'; connecttodb($servername,$dbname,$dbusername,$dbpassword); function connecttodb($servername,$dbname,$dbusername,$dbpassword) { global $link; $link=mysql_connect ("$servername","$dbusername","$dbpassword"); if(!$link){die("Could not connect to MySQL");} mysql_select_db("$dbname",$link) or die ("could not open db".mysql_error()); } ?> <!doctype html public "-//w3c//dtd html 3.2//en"> <html> <head> <title>LOGIN</title> <meta name="GENERATOR" content="Arachnophilia 4.0"> <meta name="FORMATTER" content="Arachnophilia 4.0"> </head> <body bgcolor="#ffffff" text="#000000" link="#0000ff" vlink="#800080" alink="#ff0000"> <?php $userid=mysql_real_escape_string($userid); $password=mysql_real_escape_string($password); if($rec=mysql_fetch_array(mysql_query("SELECT * FROM plus_signup WHERE userid='$userid' AND password = '$password'"))){ if(($rec['userid']==$userid)&&($rec['password']==$password)){ include "include/newsession.php"; echo "<p class=data> <center>Successfully,Logged in<br><br><a href='logout.php'> Log OUT </a><br><br><a href=welcome.php>Click here if your browser is not redirecting automatically or you don't want to wait.</a><br></center>"; print "<script>"; print " self.location='welcome.php';"; // Comment this line if you don't want to redirect print "</script>"; } } else { session_unset(); echo "<font face='Verdana' size='2' color=red>Wrong Login. Use your correct Userid and Password and Try <br><center><input type='button' value='Retry' onClick='history.go(-1)'></center>"; } ?> </body> </html> _________________________________________________ _________________________________________________ __ your help is much appreciated Hello PHP mates! I am having some doubts and I am going to share them with you so maybe someone can help. Okay, I know how to make signup and login page. And here is the problem. How to make signup page for multiple types of users? For example, type A user has its own signup form, user type B also has its own and same goes for C type of user. How can I make that? Thanks in advance PHP freaks! Hello, I have a problem with writing a function that will display the number of attempts to communicate with the host that have not been answered, if the host starts responding again, the table should display, for example 0. The website addresses are taken from the MySQL database. The next column should display the time from which the communication with the host was lost and if it responds, it should display, e.g. OK. Please, give me some hints how to write it. Thanks in advance. Edited October 12, 2019 by xyz91MySQL Version: 5.5.20 (<-- This is my WAMPServer version to test my program, my hosting has 5.1 though) PHP Version: 5.3.10 (My Hosting says its PHP 5 but not sure what version, i know its not the newest) What im trying to do is have my site have a page like "www.mysite.com/data.php?user=Nicholas&country=USA" Thing is, i dont know what to add in my data.php source code to make it work like that. What im trying to achieve is for my users to sign up for my page but I DO NOT want to add my MySQL user and pass in the page where it can be cracked and hacked. When the user goes to the page, a script will automatically put the user and country and then the page will automatically add the user and his country to the MySQL table on my database. Im also making a program that will work like this and that will have a higher chances of being hacked if i add my MySQL info into the program in order to add data. Can someone please provide me of a sample source i can try? I will not only be adding user and country but i want to test this out. Thanks! People upload photos to my site. They go into a gallery. They are all linked. Right now when you click one they go nowhere. I want to be each photo to open in its own page with my comment system already on it. Should I be using templates? If so how? Heres code to the gallery page if needed. And I'm using dreamweavers server behaviors. If that will cause a problem let me know. Still new to PHP but getting better...maybe. Sorry to keep asking noob questions. Code: [Select] <?php require_once('myconn.php'); if (!function_exists("GetSQLValueString")) { function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") { if (PHP_VERSION < 6) { $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue; } $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue); switch ($theType) { case "text": $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; break; case "long": case "int": $theValue = ($theValue != "") ? intval($theValue) : "NULL"; break; case "double": $theValue = ($theValue != "") ? doubleval($theValue) : "NULL"; break; case "date": $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; break; case "defined": $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue; break; } return $theValue; } } $maxRows_Recordset1 = 40; $pageNum_Recordset1 = 0; if (isset($_GET['pageNum_Recordset1'])) { $pageNum_Recordset1 = $_GET['pageNum_Recordset1']; } $startRow_Recordset1 = $pageNum_Recordset1 * $maxRows_Recordset1; mysql_select_db($database_myconn, $myconn); $query_Recordset1 = "SELECT name, photopath, `state` FROM photo"; $query_limit_Recordset1 = sprintf("%s LIMIT %d, %d", $query_Recordset1, $startRow_Recordset1, $maxRows_Recordset1); $Recordset1 = mysql_query($query_limit_Recordset1, $myconn) or die(mysql_error()); $row_Recordset1 = mysql_fetch_assoc($Recordset1); if (isset($_GET['totalRows_Recordset1'])) { $totalRows_Recordset1 = $_GET['totalRows_Recordset1']; } else { $all_Recordset1 = mysql_query($query_Recordset1); $totalRows_Recordset1 = mysql_num_rows($all_Recordset1); } $totalPages_Recordset1 = ceil($totalRows_Recordset1/$maxRows_Recordset1)-1; ?> <div id="photos"> <table border=""> <?php $i=0; $numperpage=8; ?> <?php do { ?> <?php if ($i%$numperpage==0) echo "<tr>"; ?> <td align="center"> <a href=<?php echo $row_Recordset1['photopath']; ?>/> <img src=<?php echo $row_Recordset1['photopath']; ?> height="200" width="200"/> <br/> <?php echo $row_Recordset1['name']; ?><br/> <?php echo $row_Recordset1['state']; ?></td> <?php $i++; if ($i%$numperpage==0) echo "</tr>"; ?> <?php } while ($row_Recordset1 = mysql_fetch_assoc($Recordset1)); ?> </table> </div> </body> </html> <?php mysql_free_result($Recordset1); ?> I am trying to make an admin page for a client using the rich text editor CKeditor. I have the standard page set up to get it's content with a php include of an html file. This html files is also used to preload the content into the CKeditor. What I need to know is how to get the CKeditor to change the html file so it will load into the page. The admin page is located at www.wisconsincrosscountry.org/admin the html content is located at www.wisconsincrosscountry.org/phpContent/Content-test.html the page that the changes should appear on www.wisconsincrosscountry.org/testing.php I don't have much experience in php, so any help is greatly appreciated. Hi guys, i found simple php script which allow all visitors of my web site to create free email address thru my webmail service (like yahoo,hotmail,gmail,etc) and it works great, but in last month stupid bots created lots of funny user accounts and sending SPAM emails Signup script is one file (signup.php) doing all the stuff i need (registration form,lost passwords form,etc). Now i want to put captcha code into signup.php to have captcha image cheking to prevent bots from creating more user accounts ... i`m not a php programer but i know how to change some things, but not all Signup scripts is free, so i will post it here that you can help me with this (it does not have my mysql and other information,because of security issue) - i will be happy if some of you guys put all the code i need for captcha to work with signup.php script Here is the signup.php script: Code: [Select] <?php // HMailServer New user signup Script Configuration $dbhost = "localhost"; // host of the MySQL database $dbuser = "root"; // Database username $dbpassword = ""; // Your database password $dbname = "hmail"; // the name of the database that has the hmailserver tables $webmailurl = "http://www.yurdomainname.com/webmail/login.php"; // The url to login in the webbased mail system $quota = "50"; // The mailbox free space if (strlen($_POST["pas1"]) <= 4 && IsSet($_POST["pas1"])) { $error .= "<centeR>Error: Your password must be longer than 4 characters</center>"; } else if ($_POST["pas1"] == "12345" && IsSet($_POST["pas1"])) { $error .= "<centeR>Error: Too simple password</center>"; } // Get the action if (IsSet($_POST["action"])) { $action = $_POST["action"]; } else { $action = $_GET["action"]; } // A function to check addresses, probably i will have to use it later. function normalmail($visitormail) { if(!$visitormail == "" && (!strstr($visitormail,"@") || !strstr($visitormail,"."))) { return FALSE; } else { return TRUE; } } // If there is no action, open the page for a new registration if (!IsSet($action)) { // Load the domain names and their ids into a variable $db = mysql_connect($dbhost, $dbuser, $dbpassword); mysql_select_db($dbname); $result = mysql_query("SELECT * FROM hm_domains WHERE domainactive = '1' ", $db); $domains = "<select name=\"domain\">"; while ($row = mysql_fetch_array($result)) { $domainid = $row['domainid']; $domainname = $row['domainname']; $domains .= "\n<option value=\"$domainid\">$domainname</option>"; } $domains .= "\n</select>"; mysql_close(); echo " <center><b>Open a new E-Mail Account</b> <p> (*) fields are reguired.<br> <form action=\"\" name=\"registration\" method=\"post\"> <table border=\"0\"> <tr> <td>* Username: <td><input type=\"text\" name=\"username\">@<td>$domains<tr> <td>* First name: <td><input type=\"text\" name=\"firstname\"><td><tr> <td>* Last name: <td><input type=\"text\" name=\"lastname\"><td><tr> <td>* Password: <td><input type=\"password\" name=\"pas1\"><Td><tr> <td>* Password again: <td><input type=\"password\" name=\"pas2\"><Td><tr> <td>Old email Address: <td><input type=\"text\" name=\"oldmail\"><td>(in case you forgot your password)<tr> <td>* Secret question: <td><input type=\"text\" name=\"squestion\"><td><tr> <td>* Secret answe <td><input type=\"text\" name=\"sanswere\"><td><tr> <td><td> <input type=\"hidden\" name=\"action\" value=\"register\"> <input type=\"Submit\" value=\"Signup\"><td><tr></td></tr></table></table> "; } else if ($action == "register") { // Load the variables from the posting $domainid = $_POST["domain"]; $username = $_POST["username"]; $pas1 = $_POST["pas1"]; $pas2 = $_POST["pas2"]; $firstname = $_POST["firstname"]; $lastname = $_POST["lastname"]; $squestion = $_POST["squestion"]; $sanswere = $_POST["sanswere"]; $oldmail = $_POST["oldmail"]; // Do all the checks if ($oldmail != NULL && normalmail($oldmail) == FALSE) { $error .= "Error: Please enter a valid email address\n<br>"; } if ($squestion == NULL) { $error .= "Error: You have to enter your secret question\n<br>"; } if ($sanswere == NULL) { $error .= "Error: You have to enter your secret aswere\n<br>"; } if ($username == NULL) { $error .= "Error: You have to enter your desired username\n<br>"; } if ($domainid == NULL) { $error .= "Error: You have to choose a domain\n<Br>"; } if ($pas1 == NULL) { $error .= "Error: You have to enter your password\n<Br>"; } if ($pas1 != $pas2) { $error .= "Error: Your passwords does not match\n<Br>"; } if ($firstname == NULL) { $error .= "Error: You have to enter your first name\n<Br>"; } if ($lastname == NULL) { $error .= "Error: You have to enter your last name\n<Br>"; } //Check if the user exists for that domain $db = mysql_connect($dbhost, $dbuser, $dbpassword); mysql_select_db($dbname); $result = mysql_query("SELECT * FROM hm_domains WHERE domainid = '$domainid' ", $db); $result = @mysql_fetch_array($result); $address = $username . "@" . $result['domainname']; $result = mysql_query("SELECT * FROM hm_accounts WHERE accountaddress = '$address' ", $db); $result = @mysql_fetch_array($result); if ($result['accountid'] != "") { $error .= "Error: The E-Mail address $address is already registered, please coose another username or domain\n<Br>"; mysql_close(); } if (IsSet($error)) { echo "<Center>Oops, There was some errors, please submit the form again<br>"; echo $error; } else { // Insert the new user infos into the database $passwd = md5($pas1); $db = mysql_connect($dbhost, $dbuser, $dbpassword); mysql_select_db($dbname); $query = "INSERT INTO hm_accounts (accountaddress, accountdomainid, accountadminlevel, accountpassword, accountactive, accountisad, accountmaxsize, accountpwencryption, accountvacationmessageon, accountoldaddress, accountfirstname, accountlastname, accountsecretque, accountsecretans) VALUES ('$address','$domainid','0','$passwd','1','0','$quota','2','0','$oldmail','$firstname','$lastname','$squestion','$sanswere')"; mysql_query($query) or die("Error: Can not query to the database"); mysql_close(); echo "<center><B>Completed!</b> <br><br> You have created an email account with us! you can use the E-Mail services eather by pop3/imap or by using the webmail system. <p>Please <A href=\"$webmailurl\">Login</a> to read or to send emails <p>Thank you $firstname $lastname for joining us"; } } else if ($action == "install") { $db = mysql_connect($dbhost, $dbuser, $dbpassword); mysql_select_db($dbname); mysql_query("ALTER TABLE `hm_accounts` ADD `accountoldaddress` VARCHAR(50) NOT NULL"); mysql_query("ALTER TABLE `hm_accounts` ADD `accountfirstname` VARCHAR(50) NOT NULL"); mysql_query("ALTER TABLE `hm_accounts` ADD `accountlastname` VARCHAR(50) NOT NULL"); mysql_query("ALTER TABLE `hm_accounts` ADD `accountsecretque` VARCHAR(120) NOT NULL"); mysql_query("ALTER TABLE `hm_accounts` ADD `accountsecretans` VARCHAR(120) NOT NULL"); mysql_query("ALTER TABLE `hm_accounts` ADD `accounttmpverify` VARCHAR(120) NOT NULL"); mysql_close(); Echo "The script is istalled successfuly"; } // If the user forgot his password, this is the page to recover it. else if ($action == "forgotpass") { echo "<Center><b>Welcome to the password recovery page</b> <br><br> This page will help you to recover your lost password, if you had filled the oldmail at the registration time You will be able to recover it by using the oldmail method, else you will have to use the secret question method"; echo "<br><br><center> <table border=1 cellspacing=0 cellpadding=0> <tr><td><center>Old Email Method<tr><td> <form name=\"forgot\" action=\"\" method=\"post\"> <table border=0><tr><td> Old email<td><input type=\"text\" name=\"oldemail\"><tr> <td>Your email with us in form of (username@domain.tld) <td><input type=\"text\" name=\"current\"><tr> <input type=\"hidden\" name=\"action\" value=\"fpassoldemail\"> <td><td><input type=\"submit\" value=\"Send me Recovery code\"></tr></td> </form></td></tr></table></table> <center><p> <table border=1 cellspacing=0 cellpadding=0> <tr><td><center>Secret Question Method<tr><td> <form name=\"forgot\" action=\"\" method=\"post\"> <table border=0> <tr><td>Frist name<td><input type=\"text\" name=\"firstname\"><tr> <tr><td>Last name<td><input type=\"text\" name=\"lastname\"><tr> <td>Your email with us in form of (username@domain.tld) <td><input type=\"text\" name=\"current\"><tr> <input type=\"hidden\" name=\"action\" value=\"fpassgetquestion\"> <td><td><input type=\"submit\" value=\"Submit\"></tr></td> </form></td></tr></table></table></center>"; } // if the user submited data for the secret question method, // load the variables, and do the checks else if ($action == "fpassgetquestion") { $username = $_POST["current"]; $firstname = $_POST["firstname"]; $lastname = $_POST["lastname"]; if (normalmail($username) == FALSE) { $error .= "Error: Please enter a valid ID in form of email address\n<br>"; } if ($username == NULL) { $error .= "Error: You have to enter your current ID (in form of username@domain.ltd)\n<br>"; } if ($firstname == NULL) { $error .= "Error: You have to enter your first name\n<Br>"; } if ($lastname == NULL) { $error .= "Error: You have to enter your last name\n<Br>"; } if (IsSet($error)) { echo "<Center>Oops, There was some errors, please submit the form again<br>"; echo $error; //else do the rest of the checks } else { $db = mysql_connect($dbhost, $dbuser, $dbpassword); mysql_select_db($dbname); $result = mysql_query("SELECT * FROM hm_accounts WHERE accountaddress = '$username' ", $db); $result = @mysql_fetch_array($result); $questi = $result['accountsecretque']; echo "<center><b>Please answere your secret question: $questi </b>"; echo "<p><form name=\"forgot\" action=\"\" method=\"post\"> <table border=0> <input type=\"hidden\" value=\"$firstname\" name=\"firstname\"> <input type=\"hidden\" value=\"$lastname\" name=\"lastname\"> <input type=\"hidden\" value=\"$questi\" name=\"squestion\"> <input type=\"hidden\" value=\"$username\" name=\"current\"> <td>Answe <td><input type=\"text\" name=\"sanswere\"><tr> <input type=\"hidden\" name=\"action\" value=\"fpassquestion\"> <td><td><input type=\"submit\" value=\"Submit\"></tr></td> </form></td></tr></table></table></center>"; } } else if ($action == "fpassquestion") { $username = $_POST["current"]; $firstname = $_POST["firstname"]; $lastname = $_POST["lastname"]; $squestion = $_POST["squestion"]; $sanswere = $_POST["sanswere"]; // Do all the checks if (normalmail($username) == FALSE) { $error .= "Error: Please enter a valid ID in form of email address\n<br>"; } if ($squestion == NULL) { $error .= "Error: You have to enter your secret question\n<br>"; } if ($sanswere == NULL) { $error .= "Error: You have to enter your secret aswere\n<br>"; } if ($username == NULL) { $error .= "Error: You have to enter your current ID (in form of username@domain.ltd)\n<br>"; } if ($firstname == NULL) { $error .= "Error: You have to enter your first name\n<Br>"; } if ($lastname == NULL) { $error .= "Error: You have to enter your last name\n<Br>"; } // If there was error, stop if (IsSet($error)) { echo "<Center>Oops, There was some errors, please submit the form again<br>"; echo $error; //else do the rest of the checks } else { $db = mysql_connect($dbhost, $dbuser, $dbpassword); mysql_select_db($dbname); $result = mysql_query("SELECT * FROM hm_accounts WHERE accountaddress = '$username' ", $db); $result = @mysql_fetch_array($result); // check if the information does match with the stored data if ( $result['accountlastname'] == NULL || $result['accountfirstname'] == NULL || $result['accountsecretque'] == NULL || $result['accountsecretans'] == NULL) { die("Error: Cant find infos in database for $username"); mysql_close(); } if (strtolower($result['accountlastname']) == strtolower($lastname) && strtolower($result['accountfirstname']) == strtolower($firstname) && strtolower($result['accountsecretque']) == strtolower($squestion) && strtolower($result['accountsecretans']) == strtolower($sanswere)) { echo "<b><center>Your info does match, please enter a new password for $username bellow</b>"; echo "<p><br><center> <table><tr><td> <center>Change password for $username<tr><Td> <center><table> <form name=\"forgot\" action=\"\" method=\"post\"> <tr><Td>Enter new password<td><input type=\"password\" name=\"pas1\"><Tr> <Td>Verify password<td><input type=\"password\" name=\"pas2\"><Tr> <input type=\"hidden\" value=\"$firstname\" name=\"firstname\"> <input type=\"hidden\" value=\"$lastname\" name=\"lastname\"> <input type=\"hidden\" value=\"$squestion\" name=\"squestion\"> <input type=\"hidden\" value=\"$sanswere\" name=\"sanswere\"> <input type=\"hidden\" value=\"$username\" name=\"current\"> <input type=\"hidden\" value=\"forgpassquepro\" name=\"action\"> <Td><td><input type=\"submit\" value=\"Change it\"></Tr></table></table></form></center>"; } else { echo "<b><center>Your info does NOT match</b><p> Your data does not match with the stored informations of $username, please enter the exact info"; } } } else if ($action == "forgpassquepro") { $username = $_POST["current"]; $firstname = $_POST["firstname"]; $lastname = $_POST["lastname"]; $squestion = $_POST["squestion"]; $sanswere = $_POST["sanswere"]; $newpassword = $_POST["pas1"]; $newpassword = md5($newpassword); if (normalmail($username) == FALSE) { die("Error"); } $db = mysql_connect($dbhost, $dbuser, $dbpassword); mysql_select_db($dbname); $result = mysql_query("SELECT * FROM hm_accounts WHERE accountaddress = '$username' ", $db); $result = @mysql_fetch_array($result); // check if the information does match with the stored data if ( $result['accountlastname'] == NULL || $result['accountfirstname'] == NULL || $result['accountsecretque'] == NULL || $result['accountsecretans'] == NULL) { die("Error: Cant find infos in database for $username"); mysql_close(); } if ($_POST["pas1"] != $_POST["pas2"]) { $error = "<center><B>Your passwords does not match, please submit the form again</b></centeR>"; } if ($error != NULL) { echo $error; } else { if (strtolower($result['accountlastname']) == strtolower($lastname) && strtolower($result['accountfirstname']) == strtolower($firstname) && strtolower($result['accountsecretque']) == strtolower($squestion) && strtolower($result['accountsecretans']) == strtolower($sanswere)) { $accountid = $result['accountid']; //ok change the password $query = "UPDATE hm_accounts SET accountpassword = '$newpassword' WHERE accountid = '$accountid'"; mysql_query($query); echo "<center><b>Ok Your password has changed, sign in now with your new password, and your ID $username</b></center>"; mysql_close(); } } } // forgot password, old email method. else if ($action == "fpassoldemail") { $username = $_POST["current"]; $oldmail = $_POST["oldemail"]; // Do all the checks if (normalmail($username) == FALSE) { $error .= "Error: Please enter a valid ID in form of email address\n<br>"; } if (normalmail($oldmail) == FALSE) { $error .= "Error: Please enter a valid email address\n<br>"; } $db = mysql_connect($dbhost, $dbuser, $dbpassword); mysql_select_db($dbname); $result = mysql_query("SELECT * FROM hm_accounts WHERE accountaddress = '$username'", $db); $result = @mysql_fetch_array($result); $accountid = $result['accountid']; if ($result['accountoldaddress'] == NULL) { $error .= "Error: Missing infos in the database for $username <Br>"; } if ($result['accountoldaddress'] != $oldmail) { $error .= "Error: The address $oldmail does not match with the old address of $username <Br>"; } if ($error != NULL) { echo "<Center>Oops, There was some errors, please submit the form again<br>"; echo $error; mysql_close(); } else { // in that case somehow we have to generate a random code for($x=0;$x<10;$x++) { $y = rand(0,61); $z .= $y + (($y<10) ? 48 : (($y<20) ? 21 : 10)); } $db = mysql_connect($dbhost, $dbuser, $dbpassword); mysql_select_db($dbname); $query = "UPDATE hm_accounts SET accounttmpverify = '$z' WHERE accountid = '$accountid'"; mysql_query($query); mysql_close(); $body = " The user account $username has this email associated with it. A Web user from " . $_SERVER['REMOTE_ADDR'] . " has just requested a Confirmation Code to change the password. Your Confirmation Code is: $z With this code you can now assign a new password at http://" . $_SERVER['HTTP_HOST'] . $_SERVER['SCRIPT_NAME'] . "?action=fpassconfirm&addr=$username&code=$z If you cant click in the link, copy paste the URL into your browser. If you didn't asked for this, don't worry. Just delete this Email."; $body = wordwrap($body, 70); $subject = "Lost password: confirmation code"; $headers=""; $headers = 'From: ' . $username; if (mail($oldmail, $subject, $body, $headers)) { echo "<b>Message successfully sent!</b> <p>Please read the email in your old address $oldmail to get the verification code and reset your password <p>Your IP address is loged for security reasons."; } else { echo "<b>Message delivery failed!</b>"; } } } else if ($action == "fpassconfirm") { $code = $_POST["code"]; $username = $_POST["addr"]; if (!IsSet($code)) { $code = $_GET["code"]; } if (!IsSet($username)) { $username = $_GET["addr"]; } $db = mysql_connect($dbhost, $dbuser, $dbpassword); mysql_select_db($dbname); $result = mysql_query("SELECT * FROM hm_accounts WHERE accountaddress = '$username' ", $db); $result = @mysql_fetch_array($result); if ($username == NULL || normalmail($username) == FALSE) { $error .= "Error: Please enter your E-mail address in the correct form<Br>"; } if ($code == NULL) { $error .= "Error: Please enter the confirmation code<br>"; } if ($result['accounttmpverify'] != $code) { $error .= "Error: You entered an invalid confirmation code. <Br>"; } if ($error != NULL) { echo "<Center>Oops, There was some errors, please submit the form again<br>"; echo $error; echo "<br><br> <form name=\"forgot\" action=\"\" method=\"post\"> <center> <table><tr> <Td>E-Mail address<td><input name=\"addr\" type=\"text\"> <tr><td>Code<td><input name=\"code\" type=\"text\"><tr> <input type=\"hidden\" value=\"fpassconfirm\" name=\"action\"> <td><td><input type=\"submit\" value=\"Submit\"></tr> </td></table></table></form></centeR> "; mysql_close(); } else { echo "<b><center>Confirmation code is valid, Please enter your new password bellow</b>"; echo "<p><br> <center><table><tr><Td> Change password for $username<tr><Td> <table><tr> <form name=\"forgot\" action=\"\" method=\"post\"> <Td>Enter new password<td><input type=\"password\" name=\"pas1\"> <Tr><Td>Verify password<td><input type=\"password\" name=\"pas2\"><Tr> <input type=\"hidden\" value=\"$code\" name=\"code\"> <input type=\"hidden\" value=\"$username\" name=\"addr\"> <input type=\"hidden\" value=\"forgpasscodepro\" name=\"action\"> <Td><td><input type=\"submit\" value=\"Change it\"></Tr></table></table></form>"; mysql_close(); } } // ok lets check the code again, and change the password. else if ($action = "forgpasscodepro") { $code = $_POST["code"]; $username = $_POST["addr"]; $newpassword = $_POST["pas1"]; $newpassword = md5($newpassword); $db = mysql_connect($dbhost, $dbuser, $dbpassword); mysql_select_db($dbname); $result = mysql_query("SELECT * FROM hm_accounts WHERE accountaddress = '$username' ", $db); $result = @mysql_fetch_array($result); $accountid = $result['accountid']; if ($username == NULL || normalmail($username) == FALSE) { $error .= "Error: Please enter your E-mail address in the correct form<Br>"; } if ($code == NULL) { $error .= "Error: Please enter the confirmation code<br>"; } if ($result['accounttmpverify'] != $code) { $error .= "Error: You entered an invalid confirmation code. <Br>"; } if ($_POST["pas1"] != $_POST["pas2"]) { $error .= "Error: Passwords does not match. <Br>"; } if ($error != NULL) { echo $error; } else { $query = "UPDATE hm_accounts SET accountpassword = '$newpassword' WHERE accountid = '$accountid'"; mysql_query($query); echo "<b>Your password has changed!</B><br><br> now you can sign in with your new password and your ID $username"; mysql_close(); } } echo "<center><p><em><font size=\"2\">Powered by <a target=\"hmail\" href=\"http://www.hmailserver.com\">HMailServer</a> @ All rights reserved</em></font></centeR>"; ?> Tnx I am wanting to create a basic product listing page for a product category called "Belts". My latest attempt was this, but I got an error: PHP Code: Code: [Select] $query = "select * from products"; $result = mysql_query($query); while($row=mysql_fetch_assoc($result)) { print ".$row['name'] where category = 'Belts'.$row['colour'] where category = 'Belts'"; } Quote PHP Parse error: syntax error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING This is what my MySQL table looks like: http://i54.tinypic.com/2j1si8w.png I image what I am trying to do will print "Somename Black, ProductName2 Brown"? I'm not really interested in styling at the moment, I just want to see the PHP-MySQL work at the most basic level. I am unsure what the error cosde means. Can anyone see a fault in my code? |
|||||||