PHP - User/pass Hand Off From Exe To Php

Hey, The code below for some reason is showing; Hoes: 20000 Morale: 4.10 (hoes * hoe_morale * 2)); cred.

Any ideas why i need it to show the actual result not the Maths thanks.

<?php
if($_GET['password']!="1234")
{
die("You do not have access to this page.");
}
else
{
include("functions.php");
include("db_connection.php");
$sql = "UPDATE users SET cash = cash + hoes * hoe_morale * 150, cred = cred + hoes * hoe_morale * 2 WHERE is_active = 1";
mysql_query($sql) or die(mysql_error());
$sql2="INSERT INTO messages (to_username,message,type, timestamp) VALUES('$playerdata[username]','     Hoes: $playerdata[hoes] Morale: $playerdata[hoe_morale] (hoes * hoe_morale * 2)); cred','player', NOW())"; 
mysql_query($sql2) or die(mysql_error());
echo "Ho Income complete";
}
?>

Probably real basic but im nto great with the maths aspect of php, how would i get the $level + noto to show from the php below as currently i get,
From: System



4 minutes ago     You have reached level 1 + 1 in Notoriety, Please check the Skill Points section to see if you now qualify for any upgrades!
$sql="INSERT INTO messages (to_username,from_username,message,type, timestamp) VALUES('$playerdata[username]','System','You have reached level $level + 1 in Notoriety, Please check the Skill Points section to see if you now qualify for any upgrades!','Player', NOW())";
mysql_query($sql) or die(mysql_error());

Hi, i made a registration page in php, Only problem is its not submitting anything to the database nor throwing back an errors. I'm confused as to why, the code is below any help will be appreciated thanks

** server.php holds the database info i.e

Code: [Select]
<?php 
///Server Info
$dbhost = "localhost";
$dbuser = "*****";
$dbpass = "******";
$dbname = "****";
$conn = mysql_connect($dbhost,$dbuser,$dbpass)
or die();
mysql_select_db($dbname);
?>
Registration page in question;
Code: [Select]
<?php
require_once('check.php');
session_start();
$name = $_SESSION['name'];
require_once('server.php');
require_once('stats.php');
    if($_POST) {
        function VisitorIP()
    { 
    if(isset($_SERVER['HTTP_X_FORWARDED_FOR']))
        $TheIp=$_SERVER['HTTP_X_FORWARDED_FOR'];
    else $TheIp=$_SERVER['REMOTE_ADDR'];
 
    return trim($TheIp);
    }
        $ipaddress = VisitorIP();
        $name = $_POST['username'];
        $namelength = strlen($name);
        $email = $_POST['email'];
        $password = $_POST['password'];
        $passwordlength = strlen($password);
        $confirm = $_POST['confirm'];    
        if($namelength < 3){
            
           $error1="<div class='text1' style='background-color:#FF0;'><span style='color:red'>Error: Your username must be at least 3 characters!</span></div>";
           echo $error1;
          } 
        elseif($passwordlength < 6) {
            $error1="<div class='text1' style='background-color:#FF0;'><span style='color:red'>Error: Password must be at least 6 characters long!</span></div>";
            echo $error1;
        }
        elseif($email == "") {
            $error1="<div class='text1' style='background-color:#FF0;'><span style='color:red'>Error: You must enter an email address!</span></div>";
            echo $error1;
          }   
        elseif($password != $confirm) {
        $error1="<div class='text1' style='background-color:#FF0;'><span style='color:red'>Error: Passwords do not match!</span></div>";
        echo $error1;
          } else {
                include("server.php");
            $query = sprintf("SELECT COUNT(id) FROM players WHERE UPPER(name) = UPPER('%s')",
                mysql_real_escape_string($_POST['username']));
            $result = mysql_query($query);
            list($count) = mysql_fetch_row($result);
            if($count >= 1) { 
$error1="<div class='text1' style='background-color:#FF0;'><span style='color:red'>Error: that username is taken.</span></div>";
echo $error1;

        } else {
                $query1 = sprintf("INSERT INTO players(name,password,email,ip_address) VALUES ('%s','%s', '$email','$ipaddress');",
                    mysql_real_escape_string($_POST['username']),
                    mysql_real_escape_string(md5($password)));
                mysql_query($query1);
            
$error1="<div class='text1' style='background-color:#FF0;'><span style='color:#390'>Congratulations, you registered successfully!</span></div>";
echo $error1;

            }    
         }
    }
?>

How do I re write my code so it's 

   

 $itemAnnual0 = $values[0] * $periods[0];
    $itemAnnual1 = $values[1] * $periods[1];
    $itemAnnual2 = $values[2] * $periods[2];
...

$itemAnnual79 = $values[79] * $periods[79];

 

 

And for my previous post, I solved it.
 

Hello Guys, You  might have known about Luhn Algorithm, which is used to get checksum of IMEI of phones, credit cards etc etc. It is a public domain so it is not used for security but to ensure that client has passed the correct numbers etc etc.   Anyway, I am trying to get my hands on this algorithm and I will build a logic based on luhn algo to get the checksum, where I am stuck is how can I get the alternate numbers from a numeric string, for example I have written the following code to get all the numbers one by one into the array.

$imei = "356565451265856";
$lenOfStr= strlen($imei);
$myArray = array();

//Get all numbers one by one in array
for($i=0; $i < $lenOfStr; $i++){
  $myArray[] = substr($imei,$i,1);
}

// Checking the array
foreach($myArray as $seperatedNumbers){
  echo $seperatedNumbers;
}

No the problem is that I want to select every 2nd number from right to left e-g 5,5,2,... or 6,8,6 How can I get it done?   This logic may not be so good, there may be more brilliant solutions to write luhn algo, but I want to try myself once...    Thanks.
Edited by Digitizer, 31 August 2014 - 04:53 PM.

Someone showed me a while ago this trick for loading variables, but it creates an error when you go to the page initially:

$fname = $_POST['fname'] ? $_POST['fname'] : null;

How do I write the short hand to run correctly?

Alright, this is the code that i cant seem to get working. Its supposed to update the pin_lock field in my database. I have two databases that it needs to read from, the Account database to verify the login, then the Game database to modify the pin_lock field. It comes up that its sucessfully modified the entry but when i check it, its still the same as it was before.

session_start();
if ($_POST["vercode"] != $_SESSION["vercode"] OR $_SESSION["vercode"]=='') 
{ print("<center>Incorrect verification code!"); die(); }
require_once('config.php');
mysql_select_db($accdb);
$accountid=$_POST['accountid'];
$pass=$_POST['pass'];
$email=$_POST["email"];
$idnumber=$_POST["question"];
$phone=$_POST["answer"];
session_start(); 
if(!$_POST["accountid"]) { print("<center>Account ID Field Empty!"); die(); }
if(!$_POST["email"]) { print("<center>E-mail Address Field Empty!"); die(); }
if(!$_POST["question"]) { print("<center>Security Questions Field Empty!"); die(); }
if(!$_POST["answer"]) { print("<center>Answer Field Empty!"); die(); }
if(!ereg("^[0-9a-z]{4,12}$",$accountid)) { print("<center>Account ID Only letters from \"a\" to \"z\" and numbers, lenght of 4 to 12 characters"); die(); }
if(!ereg("^[0-9a-z]{4,14}$",$pass)) { print("<center>Password Only letters from \"a\" to \"z\" and numbers, lenght of 4 to 14 characters"); die(); }
if(!ereg("^[0-9a-zA-Z_]{4,128}$", (strtr($email, Array('@'=>'','.'=>'')))))  { print("<center>E-mail Only letters a to z and special chars @ . are allowed!"); die(); }
if($_POST["pass"]!=$_POST["pass2"]) { print("<center>Passwords do not match!"); die(); }

$ac = mysql_fetch_array(mysql_query(sprintf("SELECT * FROM account WHERE name='$accountid'")));
if (!$ac)
{ print("<center>Account ID does not exist!"); die(); }

$em = mysql_fetch_array(mysql_query(sprintf("SELECT * FROM account WHERE name='$accountid' AND email='$email'")));
if (!$em)
{ print("<center>E-mail is incorrect!"); die(); }

$q = mysql_fetch_array(mysql_query(sprintf("SELECT * FROM account WHERE name='$accountid' AND idnumber='$idnumber'")));
if (!$q)
{ print("<center>Security Question is incorrect!"); die(); }

$an = mysql_fetch_array(mysql_query(sprintf("SELECT * FROM account WHERE name='$accountid' AND phone='$phone'")));
if (!$an)
{ print("<center>Answer is incorrect!"); die(); }
$ac = mysql_fetch_array(mysql_query(sprintf("SELECT * FROM account WHERE name='$accountid'")));
mysql_select_db($gamedb);
$temp["query"] = sprintf("UPDATE cq_user SET lock_key='0' WHERE account_id='$selectedid'");
  if (!mysql_query($temp["query"])) { die(mysql_error()); }
  else { print("<center>You bank pin has been removed!"); }

Any ideas what is wrong with it?

I'm modifying a script I built a few months ago to allow someone to upload an attachment via a form and then email it off. It is expected that this form will receive a lot of hits and so it won't be possible to store the attachment in a folder before emailing it out (right away).

Problem: If I skip the move_uploaded_file part, and just attach the tmp_name the tmp_name is how I receive it rather than the PDF that it actually is.

How can i change the documents name before sending it off, without saving it to a general location. My worry with saving it is, someone uploads their copy and at the exact moment it's supposed to email off, someone somewhere else uploads theirs and it overwrites the first persons and then the email gets sent with the newest persons data.

index.php
Code: [Select]
<form action="process.php" method="post" enctype="multipart/form-data">
<label for="file">Filename:</label>
<input type="file" name="file" />
<br />
<input type="submit" name="submit" value="Submit" />
</form>

process.php
Code: [Select]
<?php
print_r($_FILES);
if ($_FILES["file"]["type"] == "text/plain") {
if ($_FILES["file"]["error"] > 0) {
echo "Return Code: " . $_FILES["file"]["error"] . "<br />";
} else {
echo "Upload: " . $_FILES["file"]["name"] . "<br />";
echo "Type: " . $_FILES["file"]["type"] . "<br />";
echo "Size: " . ($_FILES["file"]["size"] / 1024) . " Kb<br />";
echo "Temp file: " . $_FILES["file"]["tmp_name"] . "<br />";

if (file_exists("upload/" . $_FILES["file"]["name"])) {
echo $_FILES["file"]["name"] . " already exists. ";
} else {
move_uploaded_file($_FILES["file"]["tmp_name"],
"upload/" . $_FILES["file"]["name"]);
echo "Stored in: " . "upload/" . $_FILES["file"]["name"];
}
}
} else {
echo "Invalid file";
}
?>

hi,

i have made a website where people resgister their details of them and products.

they have to enter the following details in form

Name of company

name of the product

company address

email id 

password 

mobile number contact

and 

brief details about their company 

after filling all details user is registered on website.

user can then login with email id and pwd.

now after login ..user will get a page where he can upload the photos of products images and their price, so now my question is that when he finishes uploading (|by clicking on upload button) the product images and price text box ..then on final uploaded webspage it should show all other things which he registerd before (company name , mobile number etc) along with images and price...hence the main question that user does not need to enter mobile and address while uploading images and filling proce ..but on the final page it should show mobile and address along with price and images..as user is not going to enter mobile and address again and again as he will have multiple products to upload.

thanks in advance .

I would appreciate your assistance, there are tons of login scripts and they work just fine. However I need my operators to login and then list their activities for the other operators who are logged in to see and if desired send their clients on the desired activity. I have the login working like a charm and the activities are listed just beautifully. How do I combine the two tables in the MySQL with PHP so the operator Logged in can only make changes to his listing but see the others.

FIRST THE ONE script the member logges in here to the one table in MSQL:
<?php
   session_start();
   
   require_once('config.php');
   
   $errmsg_arr = array();
   
   $errflag = false;
   
   $link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD);
   if(!$link) {
      die('Failed to connect to server: ' . mysql_error());
   }
   
   $db = mysql_select_db(DB_DATABASE);
   if(!$db) {
      die("Unable to select database");
   }
   
   function clean($str) {
      $str = @trim($str);
      if(get_magic_quotes_gpc()) {
         $str = stripslashes($str);
      }
      return mysql_real_escape_string($str);
   }
   
   $login = clean($_POST['login']);
   $password = clean($_POST['password']);
   
   if($login == '') {
      $errmsg_arr[] = 'Login ID missing';
      $errflag = true;
   }
   if($password == '') {
      $errmsg_arr[] = 'Password missing';
      $errflag = true;
   }
   
   if($errflag) {
      $_SESSION['ERRMSG_ARR'] = $errmsg_arr;
      session_write_close();
      header("location: login-form.php");
      exit();
   }
   
   $qry="SELECT * FROM members WHERE login='$login' AND passwd='".md5($_POST['password'])."'";
   $result=mysql_query($qry);
   
   if($result) {
      if(mysql_num_rows($result) == 1) {
         session_regenerate_id();
         $member = mysql_fetch_assoc($result);
         $_SESSION['SESS_MEMBER_ID'] = $member['member_id'];
         $_SESSION['SESS_FIRST_NAME'] = $member['firstname'];
         $_SESSION['SESS_LAST_NAME'] = $member['lastname'];
         session_write_close();
         header("location: member-index.php");
         exit();
      }else {
         header("location: login-failed.php");
         exit();
      }
   }else {
      die("Query failed");
   }
?>

................................................. ................................
Now I need the person who logged in to the table above to be able to make multiple entries to the table below

<?
$ID=$_POST['ID'];
$title=$_POST['title'];
$cost=$_POST['cost'];
$activity=$_POST['activity'];
$ayear=$_POST['aday'];
$aday=$_POST['ayear'];
$seats=$_POST['special'];
$special=$_POST['seats'];
mysql_connect("xxxxxx", "xxx350234427", "========") or die(mysql_error());
mysql_select_db("xxxx") or die(mysql_error());
mysql_query("INSERT INTO `activity` VALUES ('ID','$title', '$cost','$activity', '$aday', '$ayear', '$special', '$seats')");
Print "Your information has been successfully added to the database!"
?>
Click <a href="member-profile.php">HERE</a> to return to the main menu
  <?php      
?>

Actually, what i want to do is to use the email to fetch the $email,$password and $randomnumber from database after

Hi,

so far I have managed to set up a somewhat basic login website with a mysql database backend.

Once they have logged on they go to a "main menu" page.

What I need to define is that user A sees button A but only that button, etc.

(Then of course that same rule would have to apply if they tried to directly go to the page, but I am guessing I can do that in the same way that I currently do to force a login).

If anyone has any tutorials or sample code I would much appreciate it.

Thanks,

Hi,

I am getting frustrated beyond belief at the moment with trying to get a very simple script to run, I am using PHP 5.3.3 and MySQL 5.1 on a Win2k8 server with IIS7.5. Basically my script is connecting to a local database, running a single select query, returning those rows and building up a string from them.

The problem is that I am receiving complete BS responses from PHP that the access is denied for the user being specified. This is complete rubbish since the user can connect via mysql, sqlyog, ASP.NET MVC without issue but for some bizarre reason it is not working via PHP.

The code for the script is here :

Code: [Select]
<?php

$mysql = mysql_connect('127.0.0.1:3306', 'myuser', 'mypass', 'mydatabase');


if (!$mysql) {
  die(mysql_error());
  $content = "<nobr></nobr>";
} else {
  
  $result = mysql_query('SELECT * FROM tblEventGroup'); 
  $content = "<nobr>";
  
  if ($result) {     
      while($row = mysql_fetch_assoc($result)) {
       $content .= "<span>";
       $content .= $row['GroupName'];
       $content .= "</span>";
       $content .= "<a href=\"../Event/EventSearch?groupid=";
       $content .= $row['GroupId'];
       $content .= "\" target=\"_blank\">Book here</a> ";
      }
  }
  
  mysql_close($mysql);
  $content .= "</nobr>";

}

?>
I cannot for the life of me understand what the problem is, the return error is

Access denied for user 'myuser'@'localhost' (using password: YES)

Hi guys,

I am trying to put together a little system that allows users to log onto my website and access there own personal page. I am creating each page myself and uploading content specific to them which cannot be viewed by anyone else.

I have got the system to work up as far as:

1/ The user logs in
2/ Once logged in they are re-directed to their own page using 'theirusername.php'

Thats all good and working how I need it too. The problem I have is this. If I log onto the website using USER A details - I get taken to USER A's page like I should but - If I then go to my browser and type in USERBdetails.php I can then access USER B's page.

This cannot happen!! I need for USER A not to be able to access USER B profile - there is obviously no point in the login otherwise! If you are not logged in you obviously cannot access any secure page. That much is working!

Please find below the code I am using:


LOGIN

<?php
session_start();


function dbconnect()
{
    $link = mysql_connect("localhost", "username", "password") or die ("Error: ".mysql_error());

}
?>

<?php
if(isset($_SESSION['loggedin']))
{
    header("Location:" . strtolower($username) . ".php");
if(isset($_POST['submit']))
{
   $username = mysql_real_escape_string($_POST['username']);
   $password = mysql_real_escape_string($_POST['password']);
   $mysql = mysql_query("SELECT * FROM clients WHERE username = '{$username}' AND password = '{$password}'");
   if(mysql_num_rows($mysql) < 1)
   {
     die("Password or Username incorrect! Please <a href='login.php'>click here</a> to try again");
   }   $_SESSION['loggedin'] = "YES";
   $_SESSION['username'] = $username;
 $_SESSION['name']
   header("Location:" . strtolower($username) . ".php");
}
?> 

HEADER ON EACH PHP PAGE

<?php
session_start();
if(!isset($_SESSION['loggedin']))
{
    die(Access to this page is restricted without a valid username and password);
?>

---------------------------------------------------

Am I right in thinking it is something to do with the "loggedin" part?

The system I have here is adapted from a normal login system I have been using for years. The original just checks the details and then does a 'session start'. This one obviously has to re-direct to a user specific page. To do this I used the <<header("Location:" . strtolower($username) . ".php");>> line to redirect to a page such as "usera.php" or "userb.php"

Any help would be greatly appreciated! 

Ta

Hallo everybody, i have the following code. but i get allways this error while the user exist in the database. User not found! what do i do wrong?   thank you very much for your help Rafal

<html>
<head>
<?php
$connection = mysql_connect("db.xyz.com", "username", "password")
or die ("connection fehler");
mysql_select_db("db0123456789")
or die ("database fehler");
$email = $_POST["inp_email"];
$pwd = $_POST["inp_pwd"];
if($email && $pwd)
{
$chkuser = mysql_query("SELECT email FROM gbook WHERE email = '($email)' ");
$chkuserare = mysql_num_rows($chkuser);
echo $email;
echo $pwd;
if ($chkuserare !=0)
{
$chkpwd = mysql_query("SELECT pwd FROM gbook WHERE email = '($email)' ");
$pwddb = mysql_fetch_assoc($chkpwd);
if ($pwd != $pwddb["pwd"])
{
echo "password is wrong!";
}
else
{
echo "login successed";
}
}
else
{
echo "User not found!";
}
}
else
{
echo "Pleas enter your email and password!";
}
mysql_close($connection);
?>
</head>
<body>
<form action="login.php" method="post">
Email <input type="text" name="inp_email"><br>
Password <input type="text" name="inp_pwd"><br>
<input type="submit" name="submit" value="login">
</form>
</body>
</html>

Edited by rafal, 21 September 2014 - 04:33 PM.