|
PHP - Login Function: Just Some Needed Input On Complete Function
I have this function completely written in my class file that I am working on. The point to this function is to be able to check the login of a user or administrator for either of the control panels associated with my site.
It will check the session intime as well as the page / module referenced. Once it passes all those checks, it will check and ensure the emailaddress/password stored in the current session still holds true and the account is still active... if the account is still active it will update the lastActivity as well as update all of the session variables with what is currently in the database. What I am looking for is basically a look at the function, see if it looks good.. If there is any part to it that could create security holes for the site just off the login function itself... Usage: $q->validUser($_SESSION['user'], $_mod); <?php function validUser($sess, $p) { if ($sess['inTime'] == '' && $p != 'login' && $p != 'logout') { session_destroy(); $login = '0'; $_int = ''; return $login; } else if ($sess['inTime'] < time()-3600 && $p != 'login') { $sess['inTime'] = ''; session_destroy(); $this->check_login($sess, $p); } else { $this->user = $sess['emailAddress']; $this->pass = $sess['password']; $login = $this->sql_query("SELECT * FROM users WHERE emailAddress = '".$this->user."' AND password = '".$this->pass."' AND status = '1' LIMIT '1'"); if ($login = $this->sql_numrows($login) < 1) { $sess['inTime'] == ''; session_destroy(); $login = '0'; } else { // logged in, lets update the database for last_activity AND the session. $this->sql_query("UDATE users SET lastActivity = '".now()."' WHERE emailAddress = '".$this->user."'"); $login = $this->sql_query("SELECT * FROM users WHERE emailAddress = '".$this->user."' AND password = '".$this->pass."' AND status = '1' LIMIT '1'"); $login = mysql_fetch_assoc($login); foreach ($login as $key => $value) { $sess[$key] = $value; } $sess['inTime'] = time(); $login = '1'; } return $login; } } ?> That is the main function, sql_query and sql_numrows is: <?php function sql_query($query = "", $transaction = FALSE) { unset($this->query_result); if ($query != "") { $this->num_queries++; if ($transation == BEGIN_TRANSACTION && !$this->in_transation) { $result = mysql_query("BEGIN", $this->db_connect_id); if (!$result) { return false; } $this->in_transaction = TRUE; } $this->query_result = mysql_query($query, $this->db_connect_id); } else { if ($transaction == END_TRANSACTION && $this->in_transaction ) { $result = mysql_query("COMMIT", $this->db_connect_id); } } if ($this->query_result) { unset($this->row[$this->query_result]); unset($this->rowset[$this->query_result]); if ($transaction == END_TRANSACTION && $this->in_transaction ) { $this->in_transaction = FALSE; if (!mysql_query("COMMIT", $this->db_connect_id)) { mysql_query("ROLLBACK", $this->db_connect_id); return false; } } return $this->query_result; } else { if ($this->in_transaction ) { mysql_query("ROLLBACK", $this->db_connect_id); $this->in_transaction = FALSE; } return false; } } function sql_numrows($query_id = 0) { if(!$query_id) { $query_id = $this->query_result; } return ($query_id) ? mysql_num_rows($query_id) : false; } ?> Any insight that can help to benefit these functions would be appreciated. Similar TutorialsCan anyone help me complete this script I can get it working with using an implode function, but for the purpose of knowledge I want to not use it. I just want it to echo back the corresponding checkboxes, but I can't get the echoing correct, it echoes back array not the value? Code: [Select] <html> <title>What do you want on your Tombstone?</title> <body> <?php $Output_form = true; if (isset($_POST['submit'])) { if (empty($_POST['toppings'])) { echo '<b>You forgot the toppings for your Tombstone.</b>'; echo '<br>'; echo '<br>'; } else { echo '<p><b>This is what you are getting on your Tombstone: '; (array)$_POST['toppings']; echo $toppings; echo '!'; echo '</p></b>'; $Output_form = false; } } if ($Output_form) { ?> <form action="ProcessToppings.php" method="post"> <p><i><h2>What do you want on your Tombstone?</h2></i></p> <p> <input type="checkbox" name="toppings[]" value="pepperoni" /> Pepperoni<br /> <input type="checkbox" name="toppings[]" value="sausage" /> Sausage<br /> <input type="checkbox" name="toppings[]" value="mushrooms" /> Mushrooms<br /> <input type="checkbox" name="toppings[]" value="cheese" /> Cheese<br /> <input type="checkbox" name="toppings[]" value="olives" /> Olives</p> <p> <input type="submit" value="Make that Peet-Za!" name="submit" /></p> </form> <?php } ?> </body> </html> hello. im trying to write a function that sets the file path depending on what it pulls from the database i have 2 databases 1 called "templates" which has a list of template names with there id's and 1 called "basicSetting" which sets the active and default templates. in the template db i have id name type id1 = template1 admin id2 = template1 main id3 = template1 main in basic settings i have set activeAdminTemp_id = 1 defaultAdminTemp_id = 1 activeTemp_id = 2 defaultTemp_id = 2 the path should be something like this Code: [Select] include(SITE_ROOT.DS.'GET TYPE/templates/GET TEMPLATE FOLDER NAME'.DS.GET TEMPLATE NAME.php); SITE_ROOT = www.sitename.com/ GET TYPE = /admin or in the main root /templates/ = where the templates are stored GET TEMPLATE FOLDER NAME = the name of the template is the same as the folder name GET TEMPLATE NAME.php; = the name of the template.php this is what i have in my functions file Code: [Select] function include_templates(){ $tempBS = basicSettings::find_all(); //SHOULD GET THESE VALUES $tempBS->id."<br />"; $tempBS->activeAdminTemp_id."<br />"; $tempBS->defaultAdminTemp_id.'<br/>'; $tempBS->activeTemp_id.'<br/>'; $tempBS->defaultTemp_id.'<br/>'; $temp = Templates::find_all(); //SHOULD GET THESE VALUES $temp->id."<br />"; $temp->name."<br />"; $temp->type.'<br/>'; } now i need to add into my function something like this ... but im not sure. Code: [Select] $sql = "SELECT * FROM templates WHERE id='".$tempBS->id."'"; echo include(SITE_ROOT.DS.'.$temp->type./templates/'.$temp->name.''.DS.'temp->name.''.php'); but that i not working. please help thanks rick I have 3 actions below which control my cart. My problem is with the minus action. It's supposed to remove 1 quantity from the cart but instead it takes the quantity all the way down to 1. for example: you add 3 quantities of a usb stick and you want to remove 1 quantity, it would take the amount of quantity to 1 instead of 2. here are the functions: switch ($action) { case 'add': if ($cart) { $cart .= ','.$_GET['id']; header("Location: cart.php"); } else { $cart = $_GET['id']; header("Location: cart.php"); } break; case 'minus': if ($cart) { $items = explode(',',$cart); $newcart = ''; foreach ($items as $item) { if ($_GET['id'] != $item) { if ($newcart != '') { $newcart .= ','.$item; } else { $newcart = $item; } } } $cart = $item - $id; } break; case 'update': if ($cart) { $newcart = ''; foreach ($_POST as $key=>$value) { if (stristr($key,'qty')) { $id = str_replace('qty','',$key); $items = ($newcart != '') ? explode(',',$newcart) : explode(',',$cart); $newcart = ''; foreach ($items as $item) { if ($id != $item) { if ($newcart != '') { $newcart .= ','.$item; } else { $newcart = $item; } } } for ($i=1;$i<=$value;$i++) { if ($newcart != '') { $newcart .= ','.$id; } else { $newcart = $id; } } } } } $cart = $newcart; break; } can some help with the minus function. thanks Hi there. I have a PHP Function like so: <?php function JomSocial_field($fieldcode) { $database=& JFactory::getDBO(); $user =& JFactory::getUser(); $userId = $user->get( 'id' ); $sql = "SELECT (id) FROM #__community_fields WHERE fieldcode= '$fieldcode'"; $database->setQuery( $sql ); $fieldID = $database->loadResult(); $sql = "SELECT (value) FROM #__community_fields_values WHERE field_id= {$fieldID} && user_id= {$userId}"; $database->setQuery( $sql ); echo $database->loadResult(); } ?> I can then insert the results into form inputs like so: Code: [Select] <input type="hidden" id="enrolment_year" name="enrolment_year" value="<?php JomSocial_field("enrolment_year"); ?>" /> However, I now want to use the result in a variable like so <?php $filename1 = "folder/".print(JomSocial_field("enrolment_year"))."/file.zip"; but it doesn't work...it just actually prints the result as text on the page. The echo command doesn't work either. If it were an item that has been posted, I could get it using the $_POST["enrolment_year"], but the trouble is, I want to get the value on first page load, not after a post. Can anyone help me please? I can not handle with this function, will allways return 0 mysql_num_rows and i`m not able to login. Code: [Select] <?php session_start(); mysql_connect("localhost", "root", ""); mysql_select_db("proiect"); include("inc/functii.php"); echo "<form method='post' name='login'> <table cellspacing='1' cellpadding='2' border='0' > <tr> <td colspan='2' align='center' height='55'> Admin Login </td> </tr> <tr> <td id='paddingbot' colspan='2'> Username </td> </tr> <tr> <td id='paddingtop' colspan='2'><input type='text' name='username' size='33'/></td> </tr> <tr> <td colspan='2'></td> </tr> <tr> <td id='paddingbot' colspan='2'> Password </td> </tr> <tr> <td id='paddingtop' colspan='2'><input type='password' name='password' size='33' /></td> </tr> <tr> <td id='rem_me'><input type='checkbox' name='remember_me' /></td> <td> Remember me </td> </tr> <tr> <td align='right' colspan='2'><input type='submit' name='login' value='Login >' /></td> </tr> <tr> <td colspan='2' align='center'>"; checkLogin(); echo "</tr> </table> </form>"; ?> Code: [Select] <?php function checkLogin () { if (isset($_POST['login'])) if (($_POST['username']) == '') { echo "Please, complete the field for username."; } elseif (($_POST['password']) == '') { echo "Please, complete the field for password."; } elseif (($_POST['username'] !== '') && ($_POST['password']) !== '') { $username = $_POST['username']; $password = md5($_POST['password']); $result = mysql_query("SELECT * FROM admin WHERE username='".$username."' AND password='".$password."'") or die ("Error:".mysql_error()); $nr = mysql_num_rows($result); if ($nr < 1) { echo $nr; } else { $_SESSION['username'] = $username; $_SESSION['password'] = $password; echo "Welcome".$username; } } } ?> Hi, Since upgrading to php 5.3 i have a line of code on my site that is giving me a depreciated error. The line of code is as follows: $data=eregi_replace(">"."[[:space:]]+"."<","><",$data); I've got as far as knowing i need to change it from eregi_replace to preg_replace but i can't for the life of me work out where to put any backslashes etc, if any. Is there a formula for working this type of thing out? Every example i see has backslashes and $1's all over the place. Do i simply do this "/ and this /" after and before every double quote? Or is it not as simple as that? Things never are are they! Please could an expert on here offer me any assistance. This is an important line of code(i think) so i didn't want to experiment as i would normally do, i need to get this right first time as i don't know what will happen if i get this wrong. Cheers. Hi, My login form is running correctly.i want to add remind me function.please help me.
<form class="form-signin" role="form" id="form1" method="post" action="log.php">
<h2 class="form-signin-heading text-center bluetxt">Sign In</h2>
<input type="text" id="email1" class="form-control" name="email1" placeholder="Email address" autofocus /><br />
<input type="text" id="pwd1" class="form-control" name="pwd1" placeholder="Password" value=""/><br/>
<label class="checkbox">
<input type="checkbox" value="remember" name="remember"> Remember me
</label>
<input type="submit" value="Login" onclick="ValidationLog()" style="color:#FFF;" class="btn btn-lg btn-primary btn-block"/>
</form>
<?php
$mail = $_POST['email1'];
$pwd = $_POST['pwd1'];
$con = mysql_connect("localhost","root","");
if(!$con)
{
die('Could not connect:'.mysql_error());
}
mysql_select_db("biz",$con);
if((($mail)&&($pwd))==""){
header( 'Location:index.php' );
}else{
$result = mysql_query("SELECT mail,pw FROM reg WHERE mail = '$mail' AND pw = '$pwd'");
$num_rows = mysql_num_rows($result);
mysql_close($con);
if($num_rows == 0)
{
}
else{
header( 'Location:user/' );
}
}
?>
Hello All I currently have a function that takes in user input from form fields $email & $password. If all is well the function logs the user in, if not redirects back to the login form. What I require is two things. 1) Allow the user to login with either "email" or "username" (entered in the $email form field). 2) Allow the system to have a "master" password and if that is entered with a valid email or user from above then log that user in. Here is my current function, any help is greatly received. Regards function loginMember($email,$password,$returnURL){ if ($email != "" && $password != ""){ $result = mysql_query("SELECT mid,memberid,forename,surname FROM tbl001_member WHERE emailaddress='$email' AND password='".$password."' AND online=1"); if (mysql_num_rows($result) > 0) { $row = mysql_fetch_row($result); $_SESSION["logged_user"] = $row[2]." ".$row[3]; $_SESSION["logged_id"] = $row[0]; $_SESSION["logged_memid"] = $row[1]; session_unregister('wrong_email'); if (isset($_SESSION["logged_user"])) { header('Location:'.$returnURL); exit; } } else { session_register('wrong_email'); $_SESSION['wrong_email'] = $email; return "* There is no registered account with typed email & password."; } } else { session_register('wrong_email'); $_SESSION['wrong_email'] = $email; return "* Please input email and password correctly."; } } After many hours of playing and help from here and other places I have managed to figure out how to login to a particular website, then submit a form that you have to be logged in to get to using cURL. The reason behind me doing this is because my client needs to submit about 40 forms a day per website, there are 3 sites, so that is 120 forms. I am hoping that I can reduce this to only 40 forms, and once they complete one they can just submit it to the other 2 without retyping or copy pasting every field. This is what I have so far, a problem is that I can not give the website username and password as it is a paid for site that my client has entrusted me with. I can tell you that the site is careerjunction.co.za and within the recruiters section. Now this site works a little different, first off there is no remember me on the login area, and it uses cookies to let me get around. If I login, it gives me a cookie, if I try login again from another computer, it gives an error and tells me I have to logout first, with a click here to logout of the other session. If I login and then click logout, a javascript window asks me if I am sure and then logs me out after pressing yes. Every month they make you change your password, and have a form come up saying old pass, new pass, repeat new pass. The script below works only if I am logged out, so this logs in then shows the form, problem is I can not do this a second time 2 days later because I have to logout first, and I can not use it if the account is already logged in. I would like to adjust the script to logout first, then login and show the form. Code: [Select] //create a file called cookie.txt and place in site root with perms at 777 first. //logout page is "http://v1.careerjunction.co.za/usr/mltses.asp?" curl_login("http://v1.careerjunction.co.za/rec/acc/logfrmupd.asp", "Username=example&Password=example", "", "false"); echo curl_grab_page("http://v1.careerjunction.co.za/rec/my/job/jobfrm.asp?recno=-1&p=1&HideTemp=1", "", "false"); function curl_login($url,$data,$proxy,$proxydata){ $fp = fopen("cookie.txt", "w"); fclose($fp); $login = curl_init(); curl_setopt($login, CURLOPT_COOKIEJAR, "cookie.txt"); curl_setopt($login, CURLOPT_COOKIEFILE, "cookie.txt"); curl_setopt($login, CURLOPT_USERAGENT, "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)"); curl_setopt($login, CURLOPT_TIMEOUT, 40); curl_setopt($login, CURLOPT_RETURNTRANSFER, TRUE); if ($proxystatus == 'true') { curl_setopt($login, CURLOPT_SSL_VERIFYHOST, FALSE); curl_setopt($login, CURLOPT_HTTPPROXYTUNNEL, TRUE); curl_setopt($login, CURLOPT_PROXY, $proxy); } curl_setopt($login, CURLOPT_URL, $url); curl_setopt($login, CURLOPT_HEADER, TRUE); curl_setopt($login, CURLOPT_USERAGENT, $SERVER['HTTP_USER_AGENT']); curl_setopt($login, CURLOPT_FOLLOWLOCATION, TRUE); curl_setopt($login, CURLOPT_POST, TRUE); curl_setopt($login, CURLOPT_POSTFIELDS, $data); ob_start(); //prevent any output return curl_exec ($login); //execute the curl command ob_end_clean(); //stop preventing output curl_close ($login); unset($login); } function curl_grab_page($site,$proxy,$proxystatus){ $ch = curl_init(); curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE); if ($proxystatus == 'true') { curl_setopt($login, CURLOPT_SSL_VERIFYHOST, FALSE); curl_setopt($login, CURLOPT_HTTPPROXYTUNNEL, TRUE); curl_setopt($login, CURLOPT_PROXY, $proxy); } curl_setopt($ch, CURLOPT_COOKIEFILE, "cookie.txt"); curl_setopt($ch, CURLOPT_URL, $site); ob_start(); //prevent any output return curl_exec ($ch); //execute the curl command ob_end_clean(); //stop preventing output curl_close ($ch); } The end result I would like to have is this My customer needs to have a form on their own website that once completed needs to go onto their website database, this seems simple enough for me to achieve. Then they need to be able to complete a very similar form on three other websites without logging into each and filling out the form all over again. So I would like it that once they have their own form completed, they could click a button and that would submit all the data to the relative site, therefore they would have 3 buttons one for each site they want to submit data to. I am only dealing with the first site at the moment so I have a very long way to go, and this does not even account for if they want to edit an existing form or anything like that. Whew I think I have bitten off a little more than I bargained for. Maybe a curl / php expert from here would like to PM me and we can work out some form of remuneration to help me complete this project, I have the entire site designed already and this is just part of the backend of the site. Let me know what sort of $$dolars you think it would cost to help please. ok so this problem has been laughing at me for quite some time now I tryed using some inline php in a form to pass it to my login script. The problem is that whenever the form gets submitted the variable r doesn't contain the actual microtime but it contains the inline php as a string: Code: [Select] <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Snitch</title> <link rel="stylesheet" type="text/css" href="templates/css/snitch1440x900.css" /> </head> <body> <div id="login-achtergrond"> <div id="login"> <form action="." id="loginform" name="login" method="post"> <input type="hidden" name="actie" value="Login"></input> <input type="hidden" name="r" value="<?php echo microtime();?>"></input> <input type="text" id="gebruikersnaam" name="gebruikersnaam" value="" style="opacity:0.7;filter:alpha(opacity=70)"></input> <input type="password" id="paswoord" name="paswoord" value="" style="opacity:0.7;filter:alpha(opacity=70)"></input> <input id="aanmelden" type="submit" name="submit" value="" style="opacity:0;filter:alpha(opacity=0)"> </form> </div> <div id="registreer"> </div> </div> </body> </html> the $_POST['r']; contains "<?php echo microtime();?>" instead of for example: 0.53192500 1305636839 does someone know what I am doing wrong here? I also tryed doing it like this: Code: [Select] <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Snitch</title> <link rel="stylesheet" type="text/css" href="templates/css/snitch1440x900.css" /> </head> <body> <div id="login-achtergrond"> <div id="login"> <form action=".r=<?php echo microtime();?>" id="loginform" name="login" method="post"> <input type="hidden" name="actie" value="Login"></input> <input type="text" id="gebruikersnaam" name="gebruikersnaam" value="" style="opacity:0.7;filter:alpha(opacity=70)"></input> <input type="password" id="paswoord" name="paswoord" value="" style="opacity:0.7;filter:alpha(opacity=70)"></input> <input id="aanmelden" type="submit" name="submit" value="" style="opacity:0;filter:alpha(opacity=0)"> </form> </div> <div id="registreer"> </div> </div> </body> </html> both $_POST and $_GET contains a string instead of the actual microtime single quotes didn't work eather One more question. So I have a function with two parameters, $x and $y. Here it is. Code: [Select] function dydx($x,$y){ $equation = 2 * $x; return $equation; } Now here's the problem. I want $equation to be user defined. Easy enough, I use a post command and I get $equation to equal whatever the user inputs. The problem is that if I get input from the user, I'm not sure how to take that input and then have the function parameters work on it. Like if the user inputs "3*$x + 2*$y", i want to be able to let the parameters for the function dydx act on it. How could I go about doing this? hidden input field type doesnt display the full value i get from table, say if it is a first name and last name i get only the first name. here is my input field echo "<input type=hidden name=proid value=$result_row[project_id]></include>"; echo "<input type=text value=$result_row[project_name] readonly></include>"; my sql query returns the full name but when i input into the text field it returns an incomplete project name like say if it is fans of soccer, i just get the value "fans" in my display..... Hello all, I have some piece of code that is nested like this $variable = 'This is a global argument'; function parentFunction($variable) { function childFunction() { echo 'Argument of the parent function is '.$GLOBALS['variable']; } childFunction(); } parentFunction(5); What I want to know is - Is there a way to access a variable from the parent function without passing arguments to the child function? (Something like how classes have parent::?). I don't want to use $GLOBALS because it might cause some variable collision, and I didn't want to pass arguments because incase I decide to change the arguments in the parent function I'd have to do it in the child function aswell. From my searching around in the Internet it seems like this is not possible, but if theres a slight chance that there might be something out there, i'm willing to give it a shot . Thanks in advance Question 1) Is the only and proper way to call a parent function "parent::function()"? Are there other/better ways from within a child function? Question 2) What are the deciding factors for when to make a function or attribute static? How do you make that decision? Assuming 5.3... Thanks. I need to call usort from a class function, and I'm puzzled about how to define the comparison function. I've tried to define the comparison function in the same class, but I can't get usort to call it. I found one hint that it will work if I make the comparison function static, but I tried that, and it didn't work for me. If I define the comparison function outside the class, it won't have access to object properties that it needs to operate. The only solution I can think of is to define the comparison function outside the class and put the object properties it needs in globals. Is there a cleaner way to do this? When I put this chunk of code into it's own function: function fetch_all ($dbc, $query) { include ('knuffix_list_func.php'); pagination_start ($dbc, $query); $offset = $pag_array[0]; $rows_per_page = $pag_array[1]; $query = $query . " LIMIT $offset, $rows_per_page"; echo "test query: " . $query; knuffix_list ($query, $dbc); pagination_end ($pag_array); } And when I echo out the query as you can see in the example, then I notice that the variables $offset and $rows_per_page never get appended. I set the variable $pag_array to a global inside the function pagination_start(). It usually works when I DON'T wrap a function around this chunk of code, but if I do wrap a function around everything then the global suddenly won't work anymore. Btw, this also won't work if I wrap a function around the function DECLARATIONS. Any ideas, how I could make it work? I want to define a function instead of repeating query in all my php pages. I call a function by passing an $id value and from that function i have to get all the info related to that id, like name, description and uom.
I am trying to do this, but i dont know how to get these values seperately.
here is my function
function items($item_id)
{
$details = array();
$result = mysql_query("select item_id, name, uom, description from items where item_id=".$item_id."") or die (mysql_error());
while($row = mysql_fetch_array($result))
{
$details[] = array((stripslashes($row['name'])), (stripslashes($row['uom'])), (stripslashes($row['description'])));
}
return $details;
}
and i call my function like this
$info = items($id);Can somebody guide me in this Hi all, I want to call a javascript function from a php function like this: public function Buscar() { $HoraInicio = $_POST['edtHoraInicio']; $HoraFin = $_POST['edtHoraFin']; $FechaInicio = $_POST['edtFec1']; $FechaFin = $_POST['edtFec2']; $FechaMax = $FechaFin." ".$HoraFin.":00"; $FechaMin = $FechaInicio." ".$HoraInicio.":00"; $_GET["FechaMax"] = $FechaMax; $_GET["FechaMin"] = $FechaMin; echo $FechaMin; echo "<script language=javascript>alert('Hi.')</script>"; } but the function Buscar never show the alert but shows the $FechaMin I hopu u guys can help me out with this probem Thanks, Siddhartha |
|||||||