PHP - Unexpected Characters In User Message

Actually, what i want to do is to use the email to fetch the $email,$password and $randomnumber from database after

Hi,

so far I have managed to set up a somewhat basic login website with a mysql database backend.

Once they have logged on they go to a "main menu" page.

What I need to define is that user A sees button A but only that button, etc.

(Then of course that same rule would have to apply if they tried to directly go to the page, but I am guessing I can do that in the same way that I currently do to force a login).

If anyone has any tutorials or sample code I would much appreciate it.

Thanks,

Hi guys,

I am trying to put together a little system that allows users to log onto my website and access there own personal page. I am creating each page myself and uploading content specific to them which cannot be viewed by anyone else.

I have got the system to work up as far as:

1/ The user logs in
2/ Once logged in they are re-directed to their own page using 'theirusername.php'

Thats all good and working how I need it too. The problem I have is this. If I log onto the website using USER A details - I get taken to USER A's page like I should but - If I then go to my browser and type in USERBdetails.php I can then access USER B's page.

This cannot happen!! I need for USER A not to be able to access USER B profile - there is obviously no point in the login otherwise! If you are not logged in you obviously cannot access any secure page. That much is working!

Please find below the code I am using:


LOGIN

<?php
session_start();


function dbconnect()
{
    $link = mysql_connect("localhost", "username", "password") or die ("Error: ".mysql_error());

}
?>

<?php
if(isset($_SESSION['loggedin']))
{
    header("Location:" . strtolower($username) . ".php");
if(isset($_POST['submit']))
{
   $username = mysql_real_escape_string($_POST['username']);
   $password = mysql_real_escape_string($_POST['password']);
   $mysql = mysql_query("SELECT * FROM clients WHERE username = '{$username}' AND password = '{$password}'");
   if(mysql_num_rows($mysql) < 1)
   {
     die("Password or Username incorrect! Please <a href='login.php'>click here</a> to try again");
   }   $_SESSION['loggedin'] = "YES";
   $_SESSION['username'] = $username;
 $_SESSION['name']
   header("Location:" . strtolower($username) . ".php");
}
?> 

HEADER ON EACH PHP PAGE

<?php
session_start();
if(!isset($_SESSION['loggedin']))
{
    die(Access to this page is restricted without a valid username and password);
?>

---------------------------------------------------

Am I right in thinking it is something to do with the "loggedin" part?

The system I have here is adapted from a normal login system I have been using for years. The original just checks the details and then does a 'session start'. This one obviously has to re-direct to a user specific page. To do this I used the <<header("Location:" . strtolower($username) . ".php");>> line to redirect to a page such as "usera.php" or "userb.php"

Any help would be greatly appreciated! 

Ta

Hi,

I am getting frustrated beyond belief at the moment with trying to get a very simple script to run, I am using PHP 5.3.3 and MySQL 5.1 on a Win2k8 server with IIS7.5. Basically my script is connecting to a local database, running a single select query, returning those rows and building up a string from them.

The problem is that I am receiving complete BS responses from PHP that the access is denied for the user being specified. This is complete rubbish since the user can connect via mysql, sqlyog, ASP.NET MVC without issue but for some bizarre reason it is not working via PHP.

The code for the script is here :

Code: [Select]
<?php

$mysql = mysql_connect('127.0.0.1:3306', 'myuser', 'mypass', 'mydatabase');


if (!$mysql) {
  die(mysql_error());
  $content = "<nobr></nobr>";
} else {
  
  $result = mysql_query('SELECT * FROM tblEventGroup'); 
  $content = "<nobr>";
  
  if ($result) {     
      while($row = mysql_fetch_assoc($result)) {
       $content .= "<span>";
       $content .= $row['GroupName'];
       $content .= "</span>";
       $content .= "<a href=\"../Event/EventSearch?groupid=";
       $content .= $row['GroupId'];
       $content .= "\" target=\"_blank\">Book here</a> ";
      }
  }
  
  mysql_close($mysql);
  $content .= "</nobr>";

}

?>
I cannot for the life of me understand what the problem is, the return error is

Access denied for user 'myuser'@'localhost' (using password: YES)

Hallo everybody, i have the following code. but i get allways this error while the user exist in the database. User not found! what do i do wrong?   thank you very much for your help Rafal

<html>
<head>
<?php
$connection = mysql_connect("db.xyz.com", "username", "password")
or die ("connection fehler");
mysql_select_db("db0123456789")
or die ("database fehler");
$email = $_POST["inp_email"];
$pwd = $_POST["inp_pwd"];
if($email && $pwd)
{
$chkuser = mysql_query("SELECT email FROM gbook WHERE email = '($email)' ");
$chkuserare = mysql_num_rows($chkuser);
echo $email;
echo $pwd;
if ($chkuserare !=0)
{
$chkpwd = mysql_query("SELECT pwd FROM gbook WHERE email = '($email)' ");
$pwddb = mysql_fetch_assoc($chkpwd);
if ($pwd != $pwddb["pwd"])
{
echo "password is wrong!";
}
else
{
echo "login successed";
}
}
else
{
echo "User not found!";
}
}
else
{
echo "Pleas enter your email and password!";
}
mysql_close($connection);
?>
</head>
<body>
<form action="login.php" method="post">
Email <input type="text" name="inp_email"><br>
Password <input type="text" name="inp_pwd"><br>
<input type="submit" name="submit" value="login">
</form>
</body>
</html>

Edited by rafal, 21 September 2014 - 04:33 PM.

Hallo everybody, the user is in the table, but i get error (user not found!).   thank you very much for your help Rafal

<!DOCTYPE html>
<html>
<head>
<title>index</title>
<meta http-EQUIV="CONTENT-LANGUAGE" content="en">
<?php
SESSION_START();
include("abc.php");
$link2 = mysqli_connect("$hoster", "$nameuser", "$password", "$basedata")
or die ("connection error" . mysqli_error($link2));
$email = $_POST["inp_email"];
$pwd = $_POST["inp_pwd"];
if($email && $pwd)
{
$chkuser = mysqli_query("SELECT email FROM $table2 WHERE email = '$email' ");
$chkuserare = mysqli_num_rows($chkuser);
if ($chkuserare !=0)
{
$chkpwd = mysqli_query("SELECT pwd FROM $table2 WHERE email = '$email'");
$pwddb = mysqli_fetch_assoc($chkpwd);
if (md5($pwd) != $pwddb["pwd"])
{
echo "Password is wrong!";
}
else
{
$_SESSION['username'] = $email;
header ('Location:list.php');
}
}
else
{
echo "user not found!";
}
}
else
{
echo "enter your Email and Password!";
}
mysqli_close($link2);
?>
</head>
<body style="font-family: arial;margin: 10; padding: 0" bgcolor="silver">
<font color="black">
<br>
<form action="index.php" method="post">
<b>Login</b><br><br>
<table width="100%">
<tr><td>
Email:<br><input type="text" name="inp_email" style="width:98%; padding: 4px;"><br>
Password:<br><input type="password" name="inp_pwd" style="width:98%; padding: 4px;"><br>
<br>
<input type="submit" name="submit" value="Login" style="width:100%; padding: 4px;">
</td></tr>
</table>
</form>
</font>
</body>
</html>

Hello, i've got some shop script which has 2 payment modules which i'd like to use for something else, the payment modules only work if the user is logged in though, i tried to make them standalone scripts but that didn't work out too well.

So now i decided to go another way and just let everyone have the same session so everyone will be using the same username&password automatically.

the index file looks like this:
Code: [Select]
<?php
include('./inc/config.php');
include('./inc/functions.php');
include('./lang/'.$language.'.lng');
$id = addslashes($_REQUEST["id"]);
$user = addslashes($_REQUEST["username"]);
$pass = addslashes($_REQUEST["password"]);
$language = strtolower($language);
if(empty($id)) $id =1;
$file = mysql_query('SELECT * FROM navi_'.$language.' WHERE id="'.$id.'"');
if(mysql_num_rows($file)>0)
$file = mysql_fetch_array($file);
else
$file = mysql_fetch_array(mysql_query('SELECT * FROM navi_'.$language.' WHERE id="404"'));

if(!empty($user) AND !empty($pass))
{$query = mysql_query('SELECT * FROM users WHERE username="'.$user.'" AND pass="'.md6($pass).'"');
if(mysql_num_rows($query) == 1) {$_SESSION[$session_prefix."user"] = ucfirst($user); echo'<meta http-equiv="refresh" content="0; url=index.php?id=8">';}
else $error = 'Username oder Passwort ist falsch.';}

include('./designe/'.$designe.'/head.tpl');
include('./designe/'.$designe.'/navi.php');
include('./designe/'.$designe.'/middle.tpl');

if(file_exists('./pages/'.$file["file"]))
{echo'<h1>'.ucfirst($file["title"]).'</h1>';
include('./pages/'.$file["file"]);}
if(!empty($error)) echo '<font color="red">'.$error.'</font>'; 

include('./designe/'.$designe.'/foot.tpl');
?>

Now i tried alot of things including adding:
Code: [Select]
session_start();
$_SESSION["username"] = "peter";
$_SESSION["user"] = "peter";
$_SESSION["id"] = "1";
$_SESSION["pass"] = "peter";
$_SESSION["password"] = "peter";
or
Code: [Select]
$id = "1";
$user = "peter";
$username = "peter";
$pass = "peter";
$password = "peter";
also a combination of both, nothing works, but i don't understand why ? Any help is appreciated.

/Edit, i tried adding it to the paymentmodule .php aswell, but no luck.

Hi guys!

I am learning PHP now and I am enjoying it. Im not an I.T. graduate that is why Im having very difficult time to understand  codes.

My problem is how to get the last character of a URL that I get using another php code. I can already post the URL on my page but it displays all the URL of the certain page that I get.

Example: the URL is "http://mysite.com/page_1/pp1/?lang=zh" I only want to get the "?lang=zh". I am working under 3 languages and I want to get only that last part of the URL for me to continue my work. I dont exactly know what string or filtering I will do to get that part only.

Please help me guys. I will appreciate all your comments here.

I want to be able to keep people from entering certain characters in a form. I've tried google, and had no luck so far. Thanks!

First forgive me, I do not know if this is the correct forum for this question. I did not write the code but I have a feeling if its possible to correct it, then its probably coding.

My question is, is there anyway to post larger News articles to the homepage. I am trying to post an article that a friend sent from another site onto mine (giving the other site proper credit). But the article is apparently too big. I do not know how many characters the article is, or what the character limit is set by Nuke 8.0.

Is there anything that I can do?

Thanks..oh and congrats on apparently being the only active PHP forums :-S I have tried a few others and they haven't made posts since 2011. Anyways thanks in advance for any and all help.

Hi
What code would i use to take the first 2 letters of a post code so for example
CM11 2AY
I want the CM bit what command would strip the first 2 characters out?

Thanks

hello i keep getting an error Parse error: syntax error, unexpected $end in /home/cookbook/public_html/cookbook.php on line 144 can someplease explain it to me? here is the code

[list type=decimal]
[li][/li]
[li][/li]
[/list]<?php
//include("include/session.php");
@session_start();
// Start_session, check if user is logged in or not, and connect to the database all in one included file
include_once("scripts/checkuserlog.php");
// Include the class files for auto making links out of full URLs and for Time Ago date formatting
include_once("wi_class_files/autoMakeLinks.php");
include_once ("wi_class_files/agoTimeFormat.php");
// Create the two objects before we can use them below in this script
$activeLinkObject = new autoActiveLink;
$myObject = new convertToAgo;
?>
<?php
// Include this script for random member display on home page
include_once "scripts/homePage_randomMembers.php"; 
?>
<?php
$sql_blabs = mysql_query("SELECT id, mem_id, the_blab, blab_date FROM blabbing ORDER BY blab_date DESC LIMIT 30");

$blabberDisplayList = ""; // Initialize the variable here

while($row = mysql_fetch_array($sql_blabs)){

$blabid = $row["id"];

$uid = $row["mem_id"];

$the_blab = $row["the_blab"];

$notokinarray = array("fag", "gay", "shit", "fuck", "stupid", "idiot", "asshole", "cunt", "douche");
    $okinarray   = array("sorcerer", "grey", "shug", "farg", "smart", "awesome guy", "asshole", "cake", "dude");

$the_blab = str_replace($notokinarray, $okinarray, $the_blab);

$the_blab = ($activeLinkObject -> makeActiveLink($the_blab));

$blab_date = $row["blab_date"];

$convertedTime = ($myObject -> convert_datetime($blab_date));
    $whenBlab = ($myObject -> makeAgo($convertedTime));

//$blab_date = strftime("%b %d, %Y %I:%M:%S %p", strtotime($blab_date));

// Inner sql query

$sql_mem_data = mysql_query("SELECT id, username, firstname, lastname FROM myMembers WHERE id='$uid' LIMIT 1");

//die($sql_mem_data);

while($row = mysql_fetch_array($sql_mem_data)){

$uid = $row["id"];

$username = $row["username"];

$firstname = $row["firstname"];

if ($firstname != "") {$username = $firstname; } // (I added usernames late in  my system, this line is not needed for you)

///////  Mechanism to Display Pic. See if they have uploaded a pic or not  //////////////////////////

$ucheck_pic = "members/$uid/image01.jpg";

$udefault_pic = "members/0/image01.jpg";

if (file_exists($ucheck_pic)) {

$blabber_pic = '<div style="overflow:hidden; width:40px; height:40px;"><img src="' . $ucheck_pic . '" width="40px" border="0" /></div>'; // forces picture to be 100px wide and no more

} else {

$blabber_pic = "<img src=\"$udefault_pic\" width=\"40px\" height=\"40px\" border=\"0\" />"; // forces default picture to be 100px wide and no more

}

$blabberDisplayList .= '
      

<table width="100%" align="center" cellpadding="4" bgcolor="#CCCCCC">
        <tr>
          <td width="7%" bgcolor="#FFFFFF" valign="top"><a href="profile.php?id=' . $uid . '">' . $blabber_pic . '</a>
          </td>
          <td width="93%" bgcolor="#EFEFEF" style="line-height:1.5em;" valign="top"><span class="greenColor textsize10">' . $whenBlab . ' <a href="profile.php?id=' . $uid . '">' . $username . '</a> said: </span><br />
          ' . $the_blab . '</td>
        </tr>
      </table>';

}

}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
  <head>
    <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" />
    <meta name="Description" content="Web Intersect is a deft combination of powerful free open source software for social networking, mixed with insider guidance and tutorials as to how it is made at its core for maximum adaptability. The goal is to give you a free website system that has a network or community integrated into it to allow people to join and interact with your website when you have the need." />
    <meta name="Keywords" content="web intersect, how to build community, build social network, how to build website, learn free online, php and mysql, internet crossroads, directory, friend, business, update, profile, connect, all, website, blog, social network, connecting people, youtube, myspace, facebook, twitter, dynamic, portal, community, technical, expert, professional, personal, find, school, build, join, combine, marketing, optimization, spider, search, engine, seo, script" />
    <title>CookBookers</title>
    <link href="style/main.css" rel="stylesheet" type="text/css" />
    <link rel="icon" href="favicon.ico" type="image/x-icon" />
    <link rel="shortcut icon" href="favicon.ico" type="image/x-icon" />
    <script src="js/jquery-1.4.2.js" type="text/javascript"></script>
<style type="text/css">
#Layer1 {

height:210px;

background-image: url(images/top_container_bg_recipes_new.gif);
}
body {

background-color: #3c60a4;
}
</style>
</head>
<body>
<?php include_once "header_template.php"; ?>
<center>
  <table cellpadding="0px" cellspacing="0px" style="border:0px solid #666666;" width="950">
    <tr>
      <td>
        <table width="95%" height="22" border="0" align="center" cellpadding="10" cellspacing="0" style="background-color:#F2F2F2; border:0px solid #666666;">
          <tr>
            <td style="padding-left:45px;">
<?php
//die($_SESSION['username']);
$qryUsers = "SELECT * from recipies WHERE user='".$_SESSION['username']."'";
//die($qryUsers);
$rsUsers = @mysql_query($qryUsers) or die(mysql_error());
?>
<table width="100%"  border="0" cellspacing="0" cellpadding="0">
  <tr>
    <td width="16%"><h3>All Recipies of </h3></td>
    <td width="84%"><h3><?php print $_SESSION['username']; ?></h3></td>
  </tr>
  <tr>
    <td>&nbsp;</td>
    <td>&nbsp;</td>
  </tr>
</table>
<?php
while($rowUsers = @mysql_fetch_object($rsUsers))
{
?>

<?php
print"<h3>Public Recipes</h3><br>";
$qryUsers = "SELECT * from recipies WHERE user='".$_SESSION['username']."'";
print"<ol>";
$rsUsers = @mysql_query($qryUsers) or die(mysql_error());

if( @mysql_num_rows($rsUsers)>0 )

{

while($rowUsers = @mysql_fetch_object($rsUsers) )

{

 print "<li style='margin:5px 0px;'><a href=description.php?Rid=".$rowUsers->Rid.">".$rowUsers->title."</a></li>";

 

}

}
print"</ol>";



?>
</td>
          </tr>
        </table>      </td>
    </tr>
   <tr>
     </td>
   </tr>
  </table>
  </center>
  <?php include_once "footer_template.php"; ?>
</body>
</html>

Just trying to do a basic query... not working and don't know why:

here is inserts.php:

<?php

$username="wormste1_barry";
$password="barry";
$database="wormste1_barry";

$CarName=$_POST['CarName'];
$CarTitle=$_POST['CarTitle'];
$CarPrice=$_POST['CarPrice'];
$CarMiles=$_POST['CarMiles'];
$CarDescription=$_POST['CarDescription'];

mysql_connect(localhost,$username,$password);
@mysql_select_db($database) or die( "Unable to select database");

$query = "INSERT INTO tablename VALUES
('','$CarName','$CarTitle','$CarPrice','$CarMiles','$CarDescription');

mysql_query($query);

mysql_close();

?>

That parses the simple form of :

form.html:

<HTML>

<HEAD>

</HEAD>

<BODY>


<form action="inserts.php" method="post">
car Name: <input type="text" name="CarName"><br>
Car Title: <input type="text" name="CarTitle"><br>
Car Price: <input type="text" name="CarPrice"><br>
Car Miles: <input type="text" name="CarMiles"><br>
Car Description: <input type="text" name="CarDescription"><br>
<input type="Submit">
</form>

</BODY>

</HTML>

I get the error: Parse error: syntax error, unexpected $end in /home/wormste1/public_html/tilburywebdesign/shop/FTPServers/barryottley/showroom/inserts.php on line 23

Don't know whats wrong?

I know this is probably a missing curly bracket or some other syntax, but I can't seem to spot it, anyone see it? i get this error btw.

Parse error: syntax error, unexpected $end in C:\Program Files\xampp\htdocs\cameo\login.php on line 39

<?php
session_start();
//sql variables
$server = "localhost";
$user = "root";
$pass = "";
$db = "cameo";

//iff user isn't logged in, try to log them in
if(!isset($_SESSION['username'])){
  if(isset($_POST['submit'])){
    //connect to database
      $dbc = mysqli_connect($server, $user, $pass, $db);
    
    //grab entered form data
    $user_username = mysqli_real_escape_string($dbc, trim($_POST['username']));
    $user_password = mysqli_real_escape_string($dbc, trim($_POST['username']));
     
    //if both username and password are entered then find a match in the database
    if((!empty($user_username)) && (!empty($user_password))) {
     //look up the username and password in the database
      $query = "SELECT username FROM cameo WHERE username = '$user_username' AND '$user_password'";
      $data = mysqli_query($dbc, $query);
    
     //authenticate if data matches a row
     if(mysqli_num_rows($data) == 1){
        //login is okay
       $row = mysqli_fetch_array($data);
       $_SESSION['username'] = $row['username'];
       $_SESSION['is_admin'] = $row['is_admin'];
       header('Location:index.php');
 }
  else {
    //username and password are incorrect or missing, so send a message
   $error_msg = 'Sorry, you must enter a valid username and password to log in.';
  }
}
}
?>