|
PHP - Incorrect Login Attempt 3 -> Forgot Details??
Incorrect login attempt 1 \/ Incorrect login attempt 2 \/ Incorrect login attempt 3 -->> ?forgot your login details? What's the most effecient way of achieving this? Is it to: 1. create a session for the user who hasn't logged in 2. the user login fails once, session['fail']=1 3. the user login fails twice, session['fail']=2 4. the user login fails for a third time pushing the session['fail'] count to three: this triggers an 'if' on the index.php prompting the user to retrieve their details through the "forgot login details system" However if the session['fail'] count never reaches 3 then this temp session is destroyed and the proper one created allowing the user into the site?? As usual any pointers into the correct direction here would be very much appreciated (and i try to repay by answering other peoples questions [where i can ]) Similar TutorialsHi guys, I am creating a piece of code that blocks a user a for 48 hours after attempting to login 5 times with the wrong password, within a 24hour period. If the user logs in successful within the 24hr and, it should reset the attempt count.
The issue I'm having ATM is that with the attempt count, It is only updating the first row of that user, if i attempt more times. Here is an example of whats going on:
User - Time - Attempt- count()
User 1 10:00pm Attempt 1 (5)
User 1 10:02pm Attempt 2 (4)
User 1 10:04pm Attempt 3 (3)
User 1 10:06pm Attempt 4 (2)
User 1 10:07pm Attempt 5 (1)
User 2 10:15pm Attempt 1 (2)
User 2 10:20pm Attempt 2 (1)
As you can see, all the attempts will increment (the numbers in the bracket) but the latest attempt will be set to one. How do I get it so that all the attempts are incremented so it looks like this.
User - Time - Attempt- count()
User 1 10:00pm Attempt 1 (5)
User 1 10:02pm Attempt 2 (5)
User 1 10:04pm Attempt 3 (5)
User 1 10:06pm Attempt 4 (5)
User 1 10:07pm Attempt 5 (5)
User 2 10:15pm Attempt 1 (2)
User 2 10:20pm Attempt 2 (2)
Here is a snippet of my code:
if (!$pw_ok) {
if (isset($_SERVER["REMOTE_ADDR"])) {
$str_RemoteHost = $_SERVER["REMOTE_ADDR"];
} else {
$str_RemoteHost = '';
}
$qry_WriteToDatabase = " INSERT INTO cms_user_login_attempts
(
cula_user_id,
cula_date_time,
cula_remote_host,
cula_attempt_count
)
VALUES (
" . $db->SQLString($row->user_id) . ",
Now(),
" . $db->SQLString($str_RemoteHost, true) . ",
'cula_attempt_count'
)";
$db->query($qry_WriteToDatabase);
$qry_UpdateCount = " UPDATE
cms_user_login_attempts
SET
cula_attempt_count = cula_attempt_count + 1
WHERE
cula_user_id = " . $db->SQLString($row->user_id) . " ";
$db->query($qry_UpdateCount);
$qry_CheckDatabase = " SELECT
CASE WHEN count(*) >= 5 THEN 0 ELSE 1 END as allowed_login
FROM
cms_user_login_attempts
WHERE
cula_date_time >= DATE_SUB(CURRENT_TIMESTAMP, interval 48 hour)
AND
cula_user_id = " . $db->SQLString($row->user_id) . "";
$rs_CheckDatabase = $db->query($qry_CheckDatabase);
if (! (isset($qry_CheckDatabase) && $qry_CheckDatabase)) {
$errors->defineError("invalid_user_pass", "Too many attempts, account locked for 48hours.", array("username","password"));
}
}
Edited by Navees_, 08 January 2015 - 06:15 PM. hope you all had a good Christmas/New Year. I have a register page that MD5 Hash's the users password and a login which also does this. However, no matter what I try it always says incorrect password. Even when I remove the MD5. Register Code: Code: [Select] <?php error_reporting (E_ALL ^ E_NOTICE); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Member System - Register</title> </head> <body> <?php if ( $_POST['registerbtn'] ){ $getuser = $_POST['user']; $getemail = $_POST['email']; $getpass = $_POST['pass']; $getretypepass = $_POST['retypepass']; if ($getuser){ if ($getemail){ if ($getpass){ if ($getretypepass){ if ( $getpass === $getretypepass ){ if ( (strlen($getemail) >= 7) && (strstr($getemail, "@")) && (strstr($getemail, ".")) ){ require("./connect.php"); $query = mysql_query("SELECT * FROM users WHERE username='$getuser'"); $numrows = mysql_num_rows($query); if ($numrows == 0){ $query = mysql_query("SELECT * FROM users WHERE email='$getemail'"); $numrows = mysql_num_rows($query); if ($numrows == 0){ $password = md5(md5("kjfiufj".$password."Fj56fj")); $date = date("F d, Y"); $code = md5(rand()); mysql_query("INSERT INTO users VALUES ( '', '$getuser', '$password', '$getemail', '0', '$code', '$date' )"); $query = mysql_query("SELECT * FROM users WHERE username='$getuser'"); $numrows = mysql_num_rows($query); if ($numrows == 1){ $site = "http://c3221281.web44.net/"; $webmaster = "Simon <admin@simon.com>"; $headers = "From: $webmaster"; $subject = "Activate Your Account"; $message = "Thanks for registering. Click the link below to activate your account.\n"; $message .= "$site/activate.php?user=$getuser&code=$code\n"; $message .= "You must activate your account to login."; if ( mail($getemail, $subject, $message, $headers) ){ $errormsg = "You have been registered. You must activate your account from the activation link sent to <b>$getemail</b>."; $getuser = ""; $getemail = ""; } else $errormsg = "An error has occueed. Your activation email was not sent."; } else $errormsg = "An error has occured. Your account was not created."; } else $errormsg = "There is already a user with that email."; } else $errormsg = "There is already a user with that username."; mysql_close(); } else $errormsg = "You must enter a valid email address to register."; } else $errormsg = "Your passwords did not match."; } else $errormsg = "You must retype your password to register."; } else $errormsg = "You must enter your password to register."; } else $errrosmg = "You must enter your email to register."; } else $errormsg = "You must enter your username to register."; } $form = "<form action='./register.php' method='post'> <table> <tr> <td></td> <td><font color='red'>$errormsg</font></td> </tr> <tr> <td>Username:</td> <td><input type='text' name='user' value='$getuser' /></td> </tr> <tr> <td>Email:</td> <td><input type='text' name='email' value='$getemail' /></td> </tr> <tr> <td>Password:</td> <td><input type='password' name='pass' value='' /></td> </tr> <tr> <td>Retype:</td> <td><input type='password' name='retypepass' value='' /></td> </tr> <tr> <td></td> <td><input type='submit' name='registerbtn' value='Register' /></td> </tr> </table> </form>"; echo $form; ?> </body> </html> Login Code: Code: [Select] <?php error_reporting (E_ALL ^ E_NOTICE); session_start(); $userid = $_SESSION['userid']; $username = $_SESSION['username']; ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Member System - Login</title> </head> <body> <?php if ($username && $userid){ echo "You are already logged in as <b>$username</b>. <a href='./member.php'>Click here</a> to go to the member page."; } else{ $form = "<form action='./login.php' method='post'> <table> <tr> <td>Username:</td> <td><input type='text' name='user' /></td> </tr> <tr> <td>Password:</td> <td><input type='password' name='password' /></td> </tr> <tr> <td></td> <td><input type='submit' name='loginbtn' value='Login' /></td> </tr> <tr> <td><a href='./register.php'>Register</a></td> <td><a href='./forgotpass.php'>Forgot your password?</a></td> </tr> </table> </form>"; if ($_POST['loginbtn']){ $user = $_POST['user']; $password = $_POST['password']; if ($user){ if ($password){ require("connect.php"); $password = md5(md5("kjfiufj".$password."Fj56fj")); // make sure login info correct $query = mysql_query("SELECT * FROM users WHERE username='$user'"); $numrows = mysql_num_rows($query); if ($numrows == 1){ $row = mysql_fetch_assoc($query); $dbid = $row['id']; $dbuser = $row['username']; $dbpass = $row['password']; $dbactive = $row['active']; if ($password == $dbpass){ if ($dbactive == 1){ // set session info $_SESSION['userid'] = $dbid; $_SESSION['username'] = $dbuser; echo "You have been logged in as <b>$dbuser</b>. <a href='./member.php'>Click here</a> to go to the member page."; } else echo "You must activate your account to login. $form"; } else echo "You did not enter the correct password. $form"; } else echo "The username you entered was not found. $form"; mysql_close(); } else echo "You must enter your password. $form"; } else echo "You must enter your username. $form"; } else echo $form; } ?> </body> </html> Many thanks for your time and help, after the user has logged in, I would like to display their details by barcode id Login.php <?php $host=""; // Host name $username=""; // Mysql username $password=""; // Mysql password $db_name=""; // Database name $tbl_name=""; // Table name // Connect to server and select databse. mysql_connect("$host", "$username", "$password")or die("cannot connect"); mysql_select_db("$db_name")or die("cannot select DB"); session_start(); // username and password sent from form $barcodeID=$_POST['barcode']; // To protect MySQL injection (more detail about MySQL injection) $barcodeID = stripslashes($barcodeID); $barcodeID = mysql_real_escape_string($barcodeID); $sql="SELECT * FROM $tbl_name WHERE BarcodeID='$barcodeID'"; $result=mysql_query($sql); $count=mysql_num_rows($result); if($count > 0){ $data = mysql_fetch_array ($result); $_SESSION["user_id"] = $data["BarcodeID"]; $_SESSION["user_firstname"] = $data["Firstname"]; $_SESSION["user_surname"] = $data["Surname"]; $_SESSION["user_jobrole"] = $data["JobRole"]; $_SESSION["user_manager"] = $data["Manager"]; $_SESSION["user_priority"] = $data["Priority"]; $_SESSION["user_datejoined"] = $data["DateJoined"]; $_SESSION["user_times_loggged_in"] = $data["TimesLoggedOn"]; if ($_SESSION["user_priority"] == '1') { header("Location: AdminSection.php"); } else { header("Location:LoggedIn.php"); } if ($_SESSION["user_times_loggged_in"] == '0') { header("Location:UsingTheSystem.html"); } } ?> LoggedIn.php I keep getting the error undefined index "barcode"? <?php $barcodeID = $_POST["barcode"]; include 'dbcon.php'; $sql = "SELECT Firstname, Surname, JobRole, Manager" . " FROM users" . " WHERE BarcodeID = .'$barcodeID'" ; $rows = mysql_query($sql); echo $rows; ?> Any help will be greatly appreciated Thanks Obviously when connecting to php Im not going to show all of my login details; mysql_connect("details","details","password") or die(mysql_error()); mysql_select_db("details") or die(mysql_error()); whats the best way to hide them? Ive seen some people using an include file with their login details on but say for eg. <?php include('con.php'); ?> Whats to stop somone looking at www.myweb/con.php and obtaining my details there instead? hi im new to php
im using a script that i found at the link below:
http://forums.devshe...sql-891201.html
It works fine but i have added a couple of fields to the database : telephone and mobile_telephone
Ive change the register.php to include these fields but im struggling with the edit_account
Could anyone help please
Hi, I have successfully implemented a master details page with the results aligned in columns linking to a details page. I wish to maintain the recordID passed from the master details page and make the dynamic text, which reads Shade A tree that is capable of..... in the attached screen shot a link to another details page referencing the same recordID. The detailspage2.php would look the same as the screenshot except the Shade text and description below will be highlighted, which I can do, there will be a new image and a new image description. All other dynmaic elements on the page will remain the same. I tried to simply save as my detailspage.php to detailspage2.php and create a link to detailspage2.php. It linked to detailspage2.php but none of the record info showed up in their respective table cells. I have all the names desc's, images, etc setup in a table in my database. Please let me know what code and other info you need to help me out with this procedure. Thanks. I am sure this is a simple fix and I am total beginner but thanks to these forums learn alot Here is the code: Code: [Select] http://$host/forgot.php?doReset=Reset&VeriCode=$new_code And when I click the link in email I get the following error The requested URL /forgot.php?doReset=Reset&VeriCode=60dea138b76c71acccfe34d4fab3e004 was not found on this server. If someone needs the full code to help, please PM me. I'm having a little issue with this script. It's returning: "Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/zyquo/public_html/makethemoviehappen.com/forgot_password.php on line 89" (Line 89 is: $num_rows1 = mysql_num_rows($result1) and "New password could not be generated. If you continue to have issues, please email general@makethemoviehappen.com for assistance." I checked the database and the random password generation did run, and it was inserted into the database. So it's just not detecting that it ran, so it's not sending the email. Any ideas on why? I also checked what is returned in the $result1 variable and it's the number 1. Code: [Select] elseif($_GET['forgot']=="password"){ function &generatePassword($length=9, $strength=0) { $vowels = 'aeiuy'; $consonants = 'bcdfghjkmnpqrstwz'; if ($strength & 1) { $consonants .= 'BCDFGJLMNPQRSTVXZ'; } if ($strength & 2) { $vowels .= "AEIUY"; } if ($strength & 4) { $consonants .= '23456789'; } if ($strength & 8) { $consonants .= '@#$%'; } $password = ''; $alt = time() % 2; for ($i = 0; $i < $length; $i++) { if ($alt == 1) { $password .= $consonants[(rand() % strlen($consonants))]; $alt = 0; } else { $password .= $vowels[(rand() % strlen($vowels))]; $alt = 1; } } return $password; } $new_password =& generatePassword(); $username=$_POST['username']; $sql="SELECT * FROM $tbl_name WHERE Username='$username' AND Email='$email' AND Amount='$donation_amount'"; $result=mysql_query($sql); $num_rows = mysql_num_rows($result); if($num_rows==1){ $sql1="UPDATE $tbl_name SET Password='$new_password' WHERE Username='$username' AND Email='$email' AND Amount='$donation_amount'"; $result1=mysql_query($sql1); $num_rows1 = mysql_affected_rows($result1); if($num_rows1==1){ $content.='<p class="center">New password generated. It has been emailed to the email address provided.</p><br />'; $message='Some one (hopefully you) requested a new password be generated for your account on Make the Movie Happen. Below is the newly generated password: Password: '.$new_password.' Once you log-in, please change your password. Thank You, Make the Movie Happen Support Team '; mail($email, 'Make the Movie Happen - New Password', $message, 'From: general@makethemoviehappen.com'); } else{ $content.='New password could not be generated. If you continue to have issues, please email <a href="mailto:general@makethemoviehappen.com">general@makethemoviehappen.com</a> for assistance.'; } } else{ header("Location: ./index.php?forgot&e=1"); } } I paid someone to develop my site and for some reason the Forgot Password page is not working. Once the user types in their email address and submits, nothing happens. The user should get a message displayed instantly letting them know if the password was sent or if their account was not found. Any help would be greatly appreciated! Code: [Select] [php] <? include_once "connect.php"; if(isset($_SESSION['RES_LoginID']) && $_SESSION['RES_LoginID']!="") { echo "<script>window.location='myprofile.php';</script>"; exit; } // code to send mail to user (account details) if(isset($_REQUEST["btnLogin"])) { $sel="select name,email,password from users where email='".$_REQUEST['RES_EMAIL']."'"; $urs=mysql_query($sel); if (mysql_affected_rows()>0) // send mail if mail existing in database { $row=mysql_fetch_array($urs); $name=$row['name']; $username=$row['email']; $password=$row['password']; $message="<link href='".WEBSITEURL."site.css' rel='stylesheet' type='text/css' /> <body> <table border=0 cellspacing='5' cellpadding=0 width=600 align='center' class='purple_11'> <tr><td> $SITE_LOGO<br><br> Dear <b>".$name."</b>,<br><br> Your login details a <br> Username : $username<br> Password : $password<br> <br><br> Login at: <a href='".WEBSITEURL."login.php' target='_blank'>$SITE_NAME</a><br><br><br> Thank You,<br> $SITE_NAME </td></tr></table> </body>"; $sub="Forgot Password?"; SendHTMLMail($username,$sub,$message,ADMIN_MAIL); $redirect="<script>window.location='forgot_password.php?msgs=1';</script>"; } else // if mail doesnot match { $redirect="<script>window.location='forgot_password.php?msgs=2';</script>"; } echo $redirect; exit; } // generate message for display $msg=""; if(isset($_REQUEST['msgs'])) { switch($_REQUEST['msgs']) { case 1 : $msg="Your password sent successfully."; break; case 2 : $msg="Email Address does not exists."; break; } } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "[url=http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd]http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd[/url]"> <html xmlns="[url=http://www.w3.org/1999/xhtml]http://www.w3.org/1999/xhtml[/url]"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <meta name="keywords" content="<?=$KEYWORD?>" /> <link rel="shortcut icon" href="images/favicon.gif"> <title><?=$SITE_TITLE?></title> <link href="site.css" rel="stylesheet" type="text/css" /> <script language="javascript"> function valid_login() { form=document.frmLogin; if(form.RES_EMAIL.value=="") { alert("Please enter your email.") form.RES_EMAIL.focus(); return false; } else if (!(/^\w+([\.-]?\w+)*@\w+([\.-]?\w+)*(\.\w{2,3})+$/.test(form.RES_EMAIL.value))) { alert("Please enter a proper email address."); form.RES_EMAIL.focus(); return false; } else { form.submit(); } } </script> </head> <body onload="MM_preloadImages('images/about-us-hover.jpg','images/my-pofile-hover.jpg','images/help-hover.jpg','images/home.jpg')"> <table width="1000" border="0" align="center" cellpadding="0" cellspacing="0"> <tr> <td width="1251" align="center" valign="top" class="main_bg"><table width="850" border="0" align="center" cellpadding="0" cellspacing="0"> <tr> <td height="153" align="left" valign="top"><? include_once "top.php"; ?></td> </tr> <tr> <td valign="top"><table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td height="18"></td> </tr> <tr> <td><table width="822" border="0" align="center" cellpadding="0" cellspacing="0"> <tr> <td width="11" align="left" valign="top"><img src="images/white-crv1.jpg" width="11" height="11" /></td> <td width="100%" height="11" class="gray-top-bdr"><img src="images/blank-img.gif" width="1" height="1" /></td> <td width="11" align="right" valign="top"><img src="images/white-crv2.jpg" width="11" height="11" /></td> </tr> <tr> <td width="11" class="gray-left-bdr"><span class="gray-top-bdr"><img src="images/blank-img.gif" width="1" height="1" /></span></td> <td align="center"><? include("gad_hori.php");?></td> <td width="11"class="gray-rightt-bdr"><span class="gray-top-bdr"><img src="images/blank-img.gif" width="1" height="1" /></span></td> </tr> <tr> <td width="11" height="11" align="left" valign="bottom"><img src="images/white-crv3.jpg" width="11" height="11" /></td> <td height="11" class="gray-bot-bdr"><img src="images/blank-img.gif" width="1" height="1" /></td> <td width="11" height="11" align="left" valign="bottom"><img src="images/white-crv4.jpg" width="11" height="11" /></td> </tr> </table></td> </tr> <tr> <td height="73" align="left" valign="top"></td> </tr> <tr> <td align="left" valign="top"><table width="822" border="0" align="center" cellpadding="0" cellspacing="0"> <tr> <td width="587" align="left" valign="top"><table width="587" border="0" cellspacing="0" cellpadding="0"> <tr> <td width="19"><img src="images/gray-left-crv.jpg" width="19" height="247" /></td> <td width="321" align="left" valign="top" class="gry-bg-rpt"> <form name="frmLogin" id="frmLogin" action="" method="post"> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td height="20"></td> </tr> <tr> <td height="27" class="gray-bot-bdr red-txt20" valign="top">Forgot Password?</td> </tr> <tr> <td height="25" align="center" valign="middle" class="red-txt12"><?=$msg;?></td> </tr> <tr> <td><table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td colspan="2" height="22" align="left" style="padding-left:15px;"><strong>Please enter your E-mail address to get the password .</strong></td> </tr> <tr height="15"><td> </td></tr> <tr> <td width="33%" align="center"><strong>Email Address :</strong></td> <td width="67%"><input name="RES_EMAIL" type="text" class="input" style="width:176px; height:20px;"/></td> </tr> <tr> <td> </td> <td height="40" align="center"> <input type="submit" name="btnLogin" value="" class="btn_submit" title="Sign In" onclick="return valid_login();" /> </td> </tr> <tr> <td> </td> <td height="25" align="left" valign="bottom">Know your password? <a href="login.php">Login here</a></td> </tr> </table></td> </tr> </table> </form> </td> <td width="247" align="left" valign="top" class="red-box2"><table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td height="88"> </td> <td> </td> </tr> <tr> <td width="77"> </td> <td><table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td height="85" align="left" valign="top"><img src="images/dont-acc.jpg" width="135" height="65" hspace="10" /></td> </tr> <tr> <td height="40" align="left" valign="top"><a href="register.php"><img src="images/register-but.jpg" alt="Register Here" width="146" height="30" border="0" /></a></td> </tr> </table></td> </tr> </table></td> </tr> </table></td> <td width="235" align="right" valign="top"><? include("square_ads.php");?></td> </tr> </table></td> </tr> </table></td> </tr> <tr> <td valign="top"><? include_once "bottom.php"; ?></td> </tr> </table></td> </tr> </table> </body> </html>[/php] Hi there all, I want to pull news feeds, from a web site and display them .... I have forgot what commands to use to do this. please help. Any example, i am most grateful. Hello, My user login script saves their passwords into my SQL in a md5 encryption. I am currently working on a 'forgot password' that sends the password to their email. The code that pulls out the password is this: echo $req_user_info['pass']; Now is there a way to decrypt the 'pass' (currently nothing is displayed - not even the encryption code) Please help - Ollie Howdy, I am new to PHP and I have not worked on the forum for a couple of months. Well, I can't sign in!!! I am a real noob at this. Any help greatly appreciated. The return email is not set up. So, I can't get a reset going. Can I pull the password file and start again? How can I go about doing this? Thanks in advance. Hi all. I`m starting with the php programming and i try to create a simple questionnaire i want to ask few questions with few possible answers could anyone give me any sample how the code should look like, i`ve created few quetsions but they are all seperate code, how can i put them together into one code? any suggestions? Thanks Lately I've been telling myself to start touching up my security when it comes to passwords, so here I am with another question on PHPFreaks. I've read several salting guides, but I still have a few lingering questions. One of which is: once a salt has been created (see my function below), do I store it in a column named "salt" for each user in the "users" table? It seems like if a hacker got a hold of the database information, they could just ignore the salt and go straight to deciphering a user's hashed password. Just curious about that... Now, onto my simple function I decided to write to give this a try: function generateSalt($username) { //length of salt $char_max = 21; $char_list = array('A', 'B', 'C', 'D', 'G', 'Z', rand(0,200), 9, 8, 6, rand(3,55), rand(7, 1444)); //random numbers and letters will be appended to this variable $gen_chars = ''; for($x = 0; $x < 10; $x++) { $gen_chars .= $char_list[rand(0, count($char_list))]; } //random addition to salt $gen_chars = hash(sha256, $gen_chars); //shorten then hash -- max 5 chars $shorten_user = substr(sha1(strpos($username, 0, 3)), 0, 5); //salt var $salt = $gen_chars.$shorten_user.date('M-d-Y h:m:s'); $salt = substr(hash(sha256, $salt), 0, $char_max); return $salt; } Any feedback regarding this function? I've read that MD5 isn't really reliable, and people should be using SHA256, so I decided to go with that. I also tried to make each user's salt really random and unique. But how does this affect the user's password or make it any securer if I can't combine the salt and password? I know for a fact that I'm missing a piece of information or doing something wrong, so if anyone could help me out: that'd be very appreciated. Hey guys! In my tutorials they were putting together a login system. After I watched the tutorial I decided to put one together that was my own. also, the tutorial only used MD5. After I read the post on the top of this forum about MD5 I decided to give salt a go on my own to see if I could pull it off. I'd like to hear what more experienced coders have to say about my code, but I'd appreciate it if you went easy on me lol. I'm quite happy with myself that I put this together all on my own and it works, I have tested it with my database lol. Code: (php) [Select] <?php //Check for form values in POST array// if (isset($_POST['username'])&& isset($_POST['password'])){ //strip tags and whitespace from user// if(!empty($_POST['username'])){ $T_user = strip_tags($_POST['username']); $user = str_replace(' ','',$T_user); }else{ $user = false; } //strip tags and spaces// if(!empty($_POST['password'])){ $T_pass = strip_tags($_POST['password']); $T2_pass = str_replace(' ', '', $T_pass); //Generate SALT and encrypt// $salt = 'angelinajolie'; $pass = md5($T2_pass.$salt); }else{ $pass = false; } //Check User and Pass for NULL then query database// if($pass || $user != false){ $query = "SELECT id FROM users WHERE username = '$user' AND password ='$pass'"; $query_run = mysql_query($query); $query_rows = mysql_num_rows($query_run); if($query_rows == 0){ echo 'Password and/or Username are invalid!'; echo $query_rows; }else if ($query_rows != 0){ echo 'Welcome back!'; } }else{ echo 'Must specify Username and Password!'; } } ?> <form action="<?php echo $current_file; ?>" method="POST"> Username: <input type="text" name="username" /> Password: <input type="password" name="password" /> <input type="submit" value="Login" /> </form> I stumbled across this site after being slammed hard elsewhere for being a novice and really not knowing what I am doing. What I have read so far is more encouraging. I just wrote my first program in php and it is not working at all right now. All it keeps doing is opening window after window until I force the browser to close. I am using a Mac running Yosemite and using MAMP. Hopefully that is enough background.
I know this is an introduction area, so I will also post this in another forum in case this is closed for being off topic.
This is a login file to connect to the server:
<?php // login.php
// Get connection information
echo <<<_END
<form method = "post" action = "login.php">
<pre>
<input type = "text" name = "localhost" />host server<br />
<input type = "text" name = "username" />Username<br />
<input type = "text" name = "password" /><br />
<br />
<input type = "submit" value = "submit" />
</form>
_END
$db_server = sanitize_string($localhost);
$db_username = sanitize_string($username);
$db_password = sanitize_string($password);
/*
$user = 'root';
$password = 'root';
$db = 'rpsls';
$host = 'localhost';
$port = 3306;
$link = mysql_connect(
"$host:$port",
$user,
$password
);
$db_selected = mysql_select_db(
$db,
$link
);
*/
mysql_connect($db_server, $db_username, $db_password) or die(mysql_error());
// Create rpsls table if it does not exist
$tbl = "rpsls";
$query = "CREATE TABLE rpsls(human VARCHAR(10), computer VARCHAR(10), outcome VARCHAR(5),
action VARCHAR(15));
INSERT INTO rpsls (human, computer, outcome, action) VALUES ("Rock", "Paper", "Lose", "Covers");
INSERT INTO rpsls (human, computer, outcome, action) VALUES ("Rock", "Scissors", "Win", "Crushes");
INSERT INTO rpsls (human, computer, outcome, action) VALUES ("Rock", "Lizard", "Win", "Crushes");
INSERT INTO rpsls (human, computer, outcome, action) VALUES ("Rock", "Spock", "Lose", "Vaporizes");
INSERT INTO rpsls (human, computer, outcome, action) VALUES ("Paper", "Rock", "Win", "Covers");
INSERT INTO rpsls (human, computer, outcome, action) VALUES ("Paper", "Scissors", "Lose", "Cuts");
INSERT INTO rpsls (human, computer, outcome, action) VALUES ("Paper", "Lizard", "Lose", "Eats");
INSERT INTO rpsls (human, computer, outcome, action) VALUES ("Paper", "Spock", "Win", "Disproves");
INSERT INTO rpsls (human, computer, outcome, action) VALUES ("Scissors", "Lizard", "Win", "Decapitates");
INSERT INTO rpsls (human, computer, outcome, action) VALUES ("Scissors", "Spock", "Lose", "Smashes");
INSERT INTO rpsls (human, computer, outcome, action) VALUES ("Scissors", "Rock", "Lose", "Crushes");
INSERT INTO rpsls (human, computer, outcome, action) VALUES ("Scissors", "Paper", "Win", "Cuts");
INSERT INTO rpsls (human, computer, outcome, action) VALUES ("Lizard", "Spock", "Win", "Poisons");
INSERT INTO rpsls (human, computer, outcome, action) VALUES ("Lizard", "Rock", "Lose", "Crushes");
INSERT INTO rpsls (human, computer, outcome, action) VALUES ("Lizard", "Paper", "Win", "Eats");
INSERT INTO rpsls (human, computer, outcome, action) VALUES ("Lizard", "Scissors", "Lose", "Decapitates");
INSERT INTO rpsls (human, computer, outcome, action) VALUES ("Spock", "Rock", "Win", "Vaporizes");
INSERT INTO rpsls (human, computer, outcome, action) VALUES ("Spock", "Paper", "Lose", "Disproves");
INSERT INTO rpsls (human, computer, outcome, action) VALUES ("Spock", "Scissors", "Win", "Smashes");
INSERT INTO rpsls (human, computer, outcome, action) VALUES ("Spock", "Lizard", "Lose", "Poisons");";
check_table($tbl, $query);
// Create choices table if it does not exist
$tbl = "choices";
$query = "CREATE TABLE choices(id SMALLINT, choice VARCHAR(10));
INSERT INTO choices (id, choice) VALUES (1, "Rock");
INSERT INTO choices (id, choice) VALUES (2, "Paper");
INSERT INTO choices (id, choice) VALUES (3, "Scissors");
INSERT INTO choices (id, choice) VALUES (4, "Lizard");
INSERT INTO choices (id, choice) VALUES (5, "Spock");";
check_table($tbl, $query);
// Sanitize user input
function sanitize_string($var)
{
$var = stripslashes($var);
$var = htmlentities($var);
$var = strip_tags($var);
return $var;
}
function check_table($tbl, $query){
$db = new mysqli(...);
$result = $db->query("SHOW TABLES LIKE "$tbl);
if ($result->num_rows == 0){
mysql_query($query);
}
}
?>
and this is the program:
<?php
// log into server and database
require_once 'login.php';
$db_server = mysql_connect($db_hostname, $db_username, $db_password);
if (!$db_server) die("Unable to connect to MySQL: " . mysql_error());
$conn = mysql_connect($db_server, $db_username, $db_password) or die(mysql_error());
$db_database = 'rpsls';
mysql_select_db($db_database) or die("Unable to select database: " . mysql_error());
// Start Game
ready_to_play();
// Rock Paper Scissors Lizard Spock game
function rock_paper_scissors_lizard_spock()
{
$human = human_play();
$computer = computer_play();
game_outcome($human, $computer);
play_again();
// Start Game Function
function ready_to_play(){
echo <<<_END
<form method = "post" action = "rpsls.php">
<h2>Ready to play Rock, Paper, Lizard, Spock?</h2>
<hr>
<table>
<tr>
<td><input type = "radio" name = "ready" value = "Yes" />Yes</td>
<td><input type = "radio" name = "ready" value = "No" />No</td>
</tr>
<tr>
<td colspan = "2"><input type = "submit" value = "Play!" /></td>
</tr>
</table>
</form>
_END
if ($ready == "Yes"){
$query = "CREATE TABLE gameResults (
games SMALLINT NOT NULL,
win SMALLINT NULL,
loss SMALLINT NULL,
draw SMALLINT NULL,
PRIMARY KEY (games))";
mysql_query($query);
rock_paper_scissors_lizard_spock();
}else{
close_rpsls();
}
}
// Play Again
// Start Game Function
function play_again()
{
echo <<<_END
<form method = "post" action = "rpsls.php">
<h2>Play Again?</h2>
<hr>
<table>
<tr>
<td><input type = "radio" name = "ready" value = "Yes" />Yes</td>
<td><input type = "radio" name = "ready" value = "No" />No</td>
</tr>
<tr>
<td colspan = "2"><input type = "submit" value = "Play!" /></td>
</tr>
</table>
</form>
_END
if ($ready == "Yes"){
rock_paper_scissors_lizard_spock();
}else{
close_rpsls();
}
}
// Human Play Selection
function human_play()
{
echo <<<_END
<form method = "post" action = "rpsls.php">
<h2>Let's Play Rock, Paper, Lizard, Spock</h2>
<hr>
<table>
<tr>
<td><input type = "radio" name = "human" value = "Rock" />Rock</td>
<td><input type = "radio" name = "human" value = "Paper" />Paper</td>
</tr>
<tr>
<td><input type = "radio" name = "human" value = "Scissors" />Scissors</td>
<td><input type = "radio" name = "human" value = "Lizard" />Lizard</td>
</tr>
<tr>
<td colspan = "2"><input type = "radio" name = "human" value = "Spock" />Spock</td>
</tr>
<tr>
<td colspan = "2"><hr></td>
</tr>
<tr>
<td colspan = "2"><input type = "submit" value = "Play!" /></td>
</tr>
</table>
</form>
_END
return $human;
}
// Computer Play Selection
function computer_play()
{
$play = rand(1,5);
$query = "SELECT choice FROM choices WHERE number = $play";
$computer = mysql_query($query);
return $computer;
}
// Game Outcome Function
function game_outcome($human, $computer)
{
$win = $loss = $draw = 0
if ($human == $computer){
echo "Draw<br />";
echo "We both played ".$human;
$draw = 1;
}else{
$query = "SELECT outcome, action FROM rpsls WHERE human = $human AND computer = $computer";
$results = mysql_query($query);
$results2 = mysql_fetch_array($results);
$outcome = $results2[0];
$action = $results2[1];
if ($outcome == "Win"{
echo "You Win!!!<br />"
echo "Your ".$human. " ".$action." my ".$computer."<br />";
$win = 1;
}else{
echo "You Lose/.<br />
echo "My ".$computer." ".$action." your ".$human."<br />";
$loss = 1;
}
}
$query = "INSERT INTO gameResults VALUES".(NULL, '$win', '$loss', '$draw')";
mysql_query($query);
}
// Game Statistics Function
function game_statistics ()
{
$query = "SELECT * FROM gameResults";
$result = mysql_query($query);
$rows = mysql_num_rows($result);
$games = $rows;
$win = $loss = $draw = 0;
for ($index = 0; $index < $rows; ++$index){
$row = mysql_fetch_row($result);
$win = $win + $row[1];
$loss = $loss + $row[2];
$draw = $draw + $row[3];
}
echo <<<_END
<table>
<tr>
<td>Games</td>
<td>Win</td>
<td>Loss</td>
<td>Draw</td>
</tr>
<tr>
<td>$games</td>
<td>$win</td>
<td>$loss</td>
<td>$draw</td>
</tr>
</table>
_END
}
// Print Statistics and close the game
function close_rpsls(){
echo <<<_END
<form method = "post" action = "rpsls.php">
<h3>Are you sure you want to quit?</h3>
<hr>
<table>
<tr>
<td><input type = "radio" name = "ready" value = "Yes" />Yes</td>
<td><input type = "radio" name = "ready" value = "No" />No</td>
</tr>
<tr>
<td colspan = "2"><input type = "submit" value = "Play!" /></td>
</tr>
</table>
</form>
_END
if ($ready == "No"){
rock_paper_scissors_lizard_spock();
}else{
$query = "DROP TABLE gameResults";
mysql_query($query);
}
}
// close connection
mysql_close($conn);
?>
Please forgive my novice errors and help me figure out what is wrong with this program.
Thank you.
Here is the contents of the error log:
141104 18:36:26 mysqld_safe Starting mysqld daemon with databases from /Applications/MAMP/db/mysql141104 18:36:28 [Warning] Setting lower_case_table_names=2 because file system for /Applications/MAMP/db/mysql/ is case insensitive 141104 18:36:28 [Note] Plugin 'FEDERATED' is disabled. 141104 18:36:28 InnoDB: The InnoDB memory heap is disabled 141104 18:36:28 InnoDB: Mutexes and rw_locks use GCC atomic builtins 141104 18:36:28 InnoDB: Compressed tables use zlib 1.2.3 141104 18:36:28 InnoDB: Initializing buffer pool, size = 128.0M 141104 18:36:28 InnoDB: Completed initialization of buffer pool 141104 18:36:28 InnoDB: highest supported file format is Barracuda. 141104 18:36:32 InnoDB: Waiting for the background threads to start 141104 18:36:33 InnoDB: 5.5.38 started; log sequence number 1711074 141104 18:36:33 [Note] Server hostname (bind-address): '0.0.0.0'; port: 8889 141104 18:36:33 [Note] - '0.0.0.0' resolves to '0.0.0.0'; 141104 18:36:33 [Note] Server socket created on IP: '0.0.0.0'. 141104 18:36:35 [Note] Event Scheduler: Loaded 0 events 141104 18:36:35 [Note] /Applications/MAMP/Library/bin/mysqld: ready for connections. Version: '5.5.38' socket: '/Applications/MAMP/tmp/mysql/mysql.sock' port: 8889 Source distribution I have possible HTTP_REFERER values such as the following:
[HTTP_REFERER] => http://www.example.com/lib/index.php?cid=components&controller=data&id=17&roles_id=15 [HTTP_REFERER] => http://www.example.com/lib/index.php?cid=createhelpI am just trying to get the value of "cid" Note that this applies to a TinyMCE plugin, and my $_GET variable does not include "cid". Looking at my $_SERVER array, HTTP_REFERER is the only element that includes "cid". I am also not concerned about spoofing HTTP_REFERER. I am getting the value of "cid" as follows. Is this the right way to do so? $RegExp = '/index\.php\?cid=([^&]+)/'; preg_match($RegExp, $_SERVER['HTTP_REFERER'], $matches); exit($matches[1]); At the fear of bothering all you, I will post here hoping that I am in the write section. I am new to php and mysql. I am using such to develope a webpage for my new business. I do believe that my php scripting is turned on because I have one script that "works". However when I take the wheel and write a script of my own and try to view it all I get is a blank white page and no errors nor anything that I wanted to display. I have tried numerous attempts at tiring to get anything to show up all I can ever seem to do is "echo" something anything else is null in displaying. Please feel free to take a look. http://72.28.26.162/rc/ phpinfo.php is accessible if you insert it after the last / (http://72.28.26.162/rc/phpinfo.php) I am at a loss. I have spent hours looking for something I miss during set up or with my procedure. I thank whomever my help me in advance. I am running ubuntu server 10 Apache/2.2.16 port 80 (Please advise if you need anything else) thanks What I am trying to do is to submit as POST values to database_write.php, from within the while statement. What is happening is I am getting the second row of data every time I change the primary button.
Currently database_write.php is just doing print_r($_POST), And my array is always the same, no matter which select box I choose from. How can I get the values to be associated with the row I am currently changing? Any help would be great, thanks.
What I have so far:
<table class="table table-bordered table-hover">
<thead>
<th>Room Number</th>
<th>Primary Caregiver</th>
<th>Seconday Caregiver</th>
</thead>
<tbody class="list">
<?php
$sql = 'SELECT alarm_device_id, alarm_description, alarm_device_type, notes FROM alarm_device where notes in (\'MSU\') ORDER BY alarm_description';
$retval = mysql_query( $sql, $con );
if(! $retval )
{
die('Could not get data: ' . mysql_error());
}
$x=0;
while($row = mysql_fetch_array($retval, MYSQL_ASSOC))
{
$id = $row['alarm_device_id'];
$alarm_description = $row['alarm_description'];
echo '<form id="msu_form">';
echo "<tr><td>{$row['alarm_description']}</td>";
echo "<td>";
$query2 = "SELECT alert_device_id,alert_description FROM alert_device WHERE notes = 'MSU'";
$result2 = mysql_query($query2) or die("Error in alarm_device select:" . mysql_error());
$count2 = mysql_num_rows($result2);
if($count2 > 0)
{
//echo '<select name='.$x.'>';
echo '<select id="Primary" name="primary" onchange="doAjaxPost(this)">';
while($row2 = mysql_fetch_array($result2))
{
echo "<option value=".$row2['alert_device_id'].">".$row2['alert_description']."</option>";
}
echo "</select>";
}else
{
echo "Please update alert device to this area";
}
echo "</td>";
echo "<td>";
$query3 = "SELECT alert_device_id,alert_description FROM alert_device WHERE notes = 'MSU2'";
$result3 = mysql_query($query3) or die("Error in alarm_device select:" . mysql_error());
$count3 = mysql_num_rows($result3);
if($count3 > 0)
{
echo '<select id="Secondary" name="secondary">';
while($row3 = mysql_fetch_array($result3))
{
echo "<option value=".$row3['alert_device_id'].">".$row3['alert_description']."</option>";
}
echo "</select>";
}else
{
echo "Please update alert device to this area";
}
echo "</td>";
$aid = $id + $x;
//echo $aid;
//$ad = $alarm_description + $x;
echo '<input type="hidden" id="ID" name="ID" value="'.$id.'"/>';
//echo '<input type="hidden" id="desc" name="desc" value="'.$ad.'"/>';
//echo '<td>'."<input type='submit' name='btnupdate' value='UPDATE' /></td>";
//echo '<td><input type="button" value="Ajax Request" onClick="doAjaxPost()"></td>';
echo '</form>';
$x = $x+1;
}
?>
<script>
function doAjaxPost() {
// get the form values
var primary = $('#Primary').val();
var secondary = $('#Secondary').val();
var hidden = $('#ID').val();
//var desc = $(sel).parent().nextAll('#desc').val();
$.ajax({
type: "POST",
url: "functions/database_write.php",
data: $('#msu_form').serialize(),
//data: "Primary="+primary+"&Hidden="+hidden+"&Secondary="+secondary,
success: function(resp){
//we have the response
alert("'" + resp + "'");
},
error: function(e){
alert('Error: ' + e);
}
});
}
</script>
</tr>
</tbody>
</table>
|
|||||||