|
PHP - Problem With Login Verification
I have the following code:
<?php include "connect.php"; ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Welcome</title> <script type="text/javascript" src="js/jquery.min.js"></script> <script type="text/javascript" src="js/jquery.ketchup.js"></script> <script type="text/javascript" src="js/jquery.ketchup.messages.js"></script> <script type="text/javascript" src="js/jquery.ketchup.validations.basic.js"></script> <script language="javascript" type="text/javascript" src="niceforms.js"></script> <link rel="stylesheet" type="text/css" media="all" href="niceforms-default.css" /> <link rel="stylesheet" type="text/css" media="screen" href="css/jquery.ketchup.css" /> </head> <body> <div id="container"> <?php if(!empty($_SESSION['connection_status']) && !empty($_SESSION['username'])) { ?> <form action="logout.php" class="niceform"> <fieldset> <legend>Member Area</legend> <div id= "container"> <p>Thanks for logging in <b><?=$_SESSION['username']?></b> !</p> <p><input type="submit" name="submit" id="submit" value="Logout" /></p> </div> </fieldset> </form> <?php } elseif(!empty($_POST['username']) && !empty($_POST['password'])) { $username = mysql_real_escape_string($_POST['username']); $password = md5(mysql_real_escape_string($_POST['password'])); $validation = mysql_query("SELECT * FROM users WHERE username = '".$username."' AND password = '".$password."'"); if(mysql_num_rows($validation) == 1) { $row = mysql_fetch_array($validation); $email = $row ['email']; $_SESSION['username'] = $username; $_SESSION['email'] = $email; $_SESSION['connection_status'] = 1; echo "<h1>Success</h1>"; echo "<p>Members area is loading.</p>"; echo "<meta http-equiv='refresh' content='=4;index.php' />"; } else { echo "<h1>Error</h1>"; echo "<p> There was an error, please try again <a href=\"index.php\">here </a> .</p>"; } } else { ?> <form method="post" action="index.php" name="loginform" id="loginform" class="niceform"> <fieldset> <legend>Member Login</legend> <p>Thanks for visiting. Please login below or click <a href="register.php">here</a> to register.</p> <dl> <dt><label for="username">Username:</label><br /></dt> <dd><input type="text" name="username" id="username" class= "validate(rangelength(4,30))"/></dd> </dl> <dl> <dt><label for="password">Password:</label><br /></dt> <dd><input type="password" name="password" id="password" class= "validate(rangelength(4,30))" /></dd> </dl> <p><a href="forgot_password.php">Forgot password?</a></p> </fieldset> <fieldset class="action"> <input type="submit" name="submit" id="submit" value="Sign In" /> </fieldset> </form> <?php } ?> </div> <script type = "text/javascript"> $(document).ready(function() { $('#loginform').ketchup(); }); </script> </boby> </html> When I try to login with true username/password, I always get: There was an error, please try again here . Similar TutorialsI am about to build a site for a liqueur brand and have to create a simple screen that asks if the user is of the right age. This does not have to be linked to a credit card, just a simple yes or no screen. I am thinking this would probably be done via a cookie, but I am not sure. Somehow it would have to work where it gets checked each time anyone goes to the site, regardless of the entry point. So for example it would get checked on mydomain.com, but also on mydomain.com/about, or mydomain.com/somethingelse. The yes or no screen would of course only show the first time the user came to site. Via what technology would I do this? Cookie? Can cookies have an expiration date? I would love some comments or direction on how this is done best. Thanks a lot! Okay, so I'm pretty new to jQuery but I am pretty experienced with PHP. I am about to begin coding a script written mostly in jQuery. It will use AJAX to verify that an article tag a user provides exists in a database. When a user goes to write an article on my website, my form will ask them to add keyword tags which will be used in searches. Basically only admins will be allowed to create new tags, so this is why I check the tags first. And also to prevent duplicates and similar tag entries in the database.
The form will have a single input that the user will use to search for a tag. Once the user hits the enter key, it will search the database for tags that already exist. Once the ajax is complete, a list of related tags will pop up and the user will be able to select their desired tag by either clicking the tag link in the list or by pressing enter.
This is a very crude demonstration of what my idea is.
Hi - I'm fairly new to php and am working a lot off of old page created before me and modifying them. I have to do an age verification page for an alcoholic beverage client (has to be 21+) and I'm having problems with the script actually redirecting correctly based on the birthdate entered. I have a html page with a form that calls this php file. Here is the php script I'm trying to get working: <?php $age = $_POST['year']; if($age > 1990) { header('Location: http://www.underagelink.com'); exit; } else { header('Location: http://legalagelink.com'); exit; } ?> Thanks! Hi guys. I'm using php to randomly generate a simple math verification question. But, I'm having a hard time validating the input. Can someone please tell me what I'm doing wrong? Thank you } else if(trim($verify) != $_SESSION['UserData']['Math'][0]+$_SESSION['UserData']['Math'][1]){ $error = '<div class="error_message">Attention! The verification number you entered is incorrect.</div>'; } <?php echo "<span class='label'><span class='required'>*</span>What is ".$_SESSION['UserData']['Math'][0]." + ".$_SESSION['UserData']['Math'][1]."?</span> "; ?> <input name="verify" type="text" id="verify" size="3" value="<?=$verify;?>" /><br /><br /> Good day! I have an index.php or a login page.The scenario on my webpage is when i successfully login and i accidentally press the back button the login page appear again and when i try to login again i could login again, which is not good. here is my code: <?php session_start(); if(isset($_SESSION['USER_ID'])){ exit("you can't login in again when your all ready logged!"); } //require_once 'conn.php'; $db_name="dspi"; mysql_connect("localhost", "root", "") or die("Cannot connect to server"); mysql_select_db("$db_name")or die("Cannot select DB"); $department = mysql_real_escape_string($_POST['department']); $username = mysql_real_escape_string($_POST['username']); $sql=mysql_query("SELECT `Department`, `Username` FROM `tbllogin` WHERE `Department` = '{$department}' AND Username = '{$username}'") or die(mysql_error()); $ct = mysql_num_rows($sql); if($ct == 1) { $row = mysql_fetch_assoc($sql); if($row['Department']=='Accounting') { header('location: Company.php'); } elseif($row['Department']=='Engineering') { header('location: Company.php'); } elseif($row['Department']=='Finishing_Goods') { header('location: Company.php'); } elseif($row['Department']=='HRAD') { header('location: Company.php'); } elseif($row['Department']=='MIS') { header('location:Company.php'); } elseif($row['Department']=='Packaging_and_Design') { header('location:Company.php'); } elseif($row['Department']=='Production') { header('location:Company.php'); } elseif($row['Department']=='Purchasing_Logistic') { header('location:Company.php'); } elseif($row['Department']=='QA_and_Technical') { header('location:Company.php'); } elseif($row['Department']=='Supply_Chain') { header('location:Company.php'); } else { header('location:index.php'); echo"Incorrect Username or Department"; } } ?> Hi, below is the error and php that i used for my login page.
Error:
Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Access denied for user 'ODBC'@'localhost' (using password: NO) in C:\xampp\htdocs\Sportify\admin\checkauthadmin.php on line 11 Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in C:\xampp\htdocs\Sportify\admin\checkauthadmin.php on line 11 Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Access denied for user 'ODBC'@'localhost' (using password: NO) in C:\xampp\htdocs\Sportify\admin\checkauthadmin.php on line 12 Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in C:\xampp\htdocs\Sportify\admin\checkauthadmin.php on line 12 Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Access denied for user 'ODBC'@'localhost' (using password: NO) in C:\xampp\htdocs\Sportify\admin\checkauthadmin.php on line 13 Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in C:\xampp\htdocs\Sportify\admin\checkauthadmin.php on line 13 Php:
<?php
//session_start();
$today = date(Ymd);
$_SESSION[username] = $_POST['username'];
$_SESSION[password] = $_POST['password'];
$_SESSION[id] = $_POST['id'];
$username = stripslashes($_SESSION[username]);
$password = stripslashes($_SESSION[password]);
$username = mysql_real_escape_string($_SESSION[username]);
$password = mysql_real_escape_string($_SESSION[password]);
$id = mysql_real_escape_string($_SESSION[id]);
include('connection.php');
$sql_login = "SELECT id FROM admin WHERE username = '$username' and password = '$password'";
$result_login = mysql_query($sql_login);
$count_login = mysql_num_rows($result_login);
//$row = mysql_fetch_assoc($sql_login);
if($count_login == 1)
{
//session_register("user_email");
//session_register("user_password");
//echo "PASS";
header("location:../admin/main_admin.php");
}
else
{
header("location:admin_login2.php");
}
exit;
?>
Hello All, I have this problem, no matter if I typed the wrong or right email and password, I always get Login failed message here is my code index.php Code: [Select] <td class="white-text">Email: <form name="form1" method="post" action="/admin/Login.php"> <label for="user"></label> <input type="text" name="email" /> </td> </tr> <tr> <td><p><strong class="white-text">Password:</strong></p> <label for="sdf"></label> <input type="password" name="password" /> <p class="sdf"><strong></strong><a href="#" class="white-link-underline"><strong></strong></a> <input type="submit" name="submit" id="submit" value="Submit" /> </p> </form> </td> Login.php Code: [Select] <?php session_start(); $con = mysql_connect("localhost","123","123"); if (!$con) { die('Could not connect: ' . mysql_error()); } mysql_select_db("123", $con); if (isset($_POST['email'])) { $email = mysql_real_escape_string($_POST['email']); $password = mysql_real_escape_string($_POST['password']); //Query $results = mysql_query("SELECT * FROM users WHERE 'email' = '$email' AND password = '$password' "); if(!$result) { $_SESSION['error'] = '<span style="color: red">Login Failed. Email or Password is Incorrect <br/>'; } else { $row = mysql_fetch_assoc($results); $_SESSION['userid'] = $row['id']; $_SESSION['email'] = $email; $_SESSION['error'] = 'Login Successful<br/>. Welcome,'. $email; } mysql_close($con); } header('Location: ./index.php') ?> Hi, I had my login working and now it has stopped working. Idk why but heres the files: <?php ob_start(); include 'inc/open.php'; // Define $ip and $password $ip=$_POST['ip']; $password=$_POST['password']; // To protect MySQL injection (more detail about MySQL injection) $ip = stripslashes($ip); $password = stripslashes($password); $ip = mysql_real_escape_string($ip); $password = mysql_real_escape_string($password); $sql="SELECT * FROM status WHERE ip='$ip' and password='$password'"; $result=mysql_query($sql); // Mysql_num_row is counting table row $count=mysql_num_rows($result); // If result matched $ip and $password, table row must be 1 row if($count==1){ // Register $ip, $password and redirect to file "login_success.php" session_register("ip"); session_register("password"); header("location:lindex.php"); } else { echo "Wrong ip or Password"; } ob_end_flush(); ?> And then I want my index page to recognize this and do the following: <?php session_start(); include('inc/open.php'); if(session_is_registered('ip')){ echo "<h5><a href='index.php'>Home</a> | <a href='addnew.php'>Add New Sever</a> | <a href='offline.php'>View Offline Servers</a> | <a href='editserver.php'>Server CP</a></h5>"; }else{ echo "<h5><a href='index.php'>Home</a> | <a href='addnew.php'>Add New Sever</a> | <a href='offline.php'>View Offline Servers</a> | <a href='editlogin.php'>Login</a></h5>"; } ?> Thank you. Problem: the login is working and redirecting to index.php however index.php is not recognizing that user is logged on. Hello there, The problem is that my login system isn't consistent. There's an option of staying logged in, and if you check that a cookie gets created with a hash. When you visit the site again, you should be logged in automatically. But the thing is, that when you load the page, you aren't! But after a refresh you are logged in. So I'm guessing a problem in the order of things that get done... Here's the script: Code: [Select] <?php session_start(); if(isset($_COOKIE['LoginCookie'])) { $hash = $_COOKIE['LoginCookie']; mysql_select_db('database'); $sql = "SELECT all the info of the people FROM people WHERE cookie_hash = '".$hash."'"; if($result = mysql_query($sql)) { $row = mysql_fetch_array($result); if(empty($row)) { setcookie('LoginCookie','',time()-3600); } if(mysql_num_rows($result) == 1) { $_SESSION['loggedin'] = true; $_SESSION['loggedinnick'] = $row['nick']; $_SESSION['loggedinvoornaam'] = $row['voornaam']; $_SESSION['loggedinachternaam'] = $row['achternaam']; $_SESSION['loggedinid'] = $row['id']; $_SESSION['loggedintype'] = $row['type']; } } } if(isset($_POST['login'])) { if(empty($_POST['username']) || empty($_POST['wachtwoord'])) { $_SESSION['melding'] = 'ERROR'; header('Location: index.php'); exit(); } $username = CleanMyDirtyData($_POST['username']); $wachtwoord = sha1(CleanMyDirtyData($_POST['wachtwoord'])); mysql_select_db('database'); $sqlmail = mysql_query("SELECT * FROM people WHERE email='$username' AND wachtwoord = '$wachtwoord'"); $sqlnaam = mysql_query("SELECT * FROM people WHERE nick='$username' AND wachtwoord = '$wachtwoord'"); if(mysql_num_rows($sqlmail) == 1 || mysql_num_rows($sqlnaam) == 1) { if(mysql_num_rows($sqlmail) == 1) { $row = mysql_fetch_array($sqlmail); } else { $row = mysql_fetch_array($sqlnaam); } if(isset($_POST['remember'])) { $hash = sha1($username . 'Some secret thingys for your safety'); setcookie('LoginCookie',$hash,time()+30000000); mysql_query("UPDATE leden SET cookie_hash='" . $hash . "' WHERE id='" . $row['id'] . "'")or die(mysql_error()); } $_SESSION['loggedin'] = true; $_SESSION['loggedinnick'] = $row['nick']; $_SESSION['loggedinvoornaam'] = $row['voornaam']; $_SESSION['loggedinachternaam'] = $row['achternaam']; $_SESSION['loggedinid'] = $row['id']; $_SESSION['loggedintype'] = $row['type']; $_SESSION['melding'] = 'You are logged in now.'; } else { $_SESSION['melding'] = 'ERROR'; header('Location: index.php'); exit(); } } So if the checkbox that you want to stay logged in, there is no cookie made but the $_SESSION['loggedin'] is set to true. Throughout the rest of the page, this parameter is used to show either content for guests of private content for people that are logged in. BUT the problem is that if it is checked on the first page load the $_SESSION['loggedin'] doesn't seem to get set even though the cookie is set. Another slight problem with my script is that when a user logs in on another pc, the hash get's changed in the database and the user gets logged out of the site on the previous page. What is the easiest way to do that? And do you guys think this script is safe? Or do you see some holes? Thanks in advance! arbitter login system. why wont it work? Did same thing @ school it worked. this is my action page: <?php ob_start(); $host="host"; // Host name $username="user"; // Mysql username $password="pass"; // Mysql password $db_name="db"; // Database name $tbl_name="members"; // Table name // Connect to server and select databse. mysql_connect("$host", "$username", "$password")or die("cannot connect"); mysql_select_db("$db_name")or die("cannot select DB"); // Define $myusername and $mypassword $myusername=$_POST['myusername']; $mypassword=$_POST['mypassword']; // To protect MySQL injection (more detail about MySQL injection) $myusername = stripslashes($myusername); $mypassword = stripslashes($mypassword); $myusername = mysql_real_escape_string($myusername); $mypassword = mysql_real_escape_string($mypassword); $sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'"; $result=mysql_query($sql); // Mysql_num_row is counting table row $count=mysql_num_rows($result); // If result matched $myusername and $mypassword, table row must be 1 row if($count==1){ // Register $myusername, $mypassword and redirect to file "users/index.php" session_register("myusername"); session_register("mypassword"); header("location:users/index.php"); } else { echo "Error. Username or password incorrect. Have you <a href='#' onclick='alert()'>registered?</a>"; } ob_end_flush(); ?> It comes up with this error: Warning: session_register() [function.session-register]: Cannot send session cookie - headers already sent by (output started at C:\xampp\htdocs\external\index.php:59) in C:\xampp\htdocs\external\action.php on line 32 Warning: session_register() [function.session-register]: Cannot send session cache limiter - headers already sent (output started at C:\xampp\htdocs\external\index.php:59) in C:\xampp\htdocs\external\action.php on line 32 Warning: Cannot modify header information - headers already sent by (output started at C:\xampp\htdocs\external\index.php:59) in C:\xampp\htdocs\external\action.php on line 34 If you have not registered, please click here Warning: Unknown: Your script possibly relies on a session side-effect which existed until PHP 4.2.3. Please be advised that the session extension does not consider global variables as a source of data, unless register_globals is enabled. You can disable this functionality and this warning by setting session.bug_compat_42 or session.bug_compat_warn to off, respectively in Unknown on line 0 i want help as i cant find that the reason that why registered members cant login, when user pass entered it does not process any thing any help will be appreciated Code: [Select] <?php session_start(); session_register("id_session"); session_register("password_session"); include "header.php"; include "config.php"; $a=""; $b=""; if ($_POST) { $a=trim($_POST["id"]); $b=trim($_POST["password"]); $a=str_replace("'","",$a); $b=str_replace("'","",$b); $a=str_replace("\"","",$a); $b=str_replace("\"","",$b); } if ($a=="" || $b=="") { if ($_SESSION["id_session"]=="" || $_SESSION["password_session"]=="") { ?> <form action=members.php method=post> <br><br><Center><table><tr><td colspan=2 align=center><h3>Members Login Area</h3></td></tr> <tr><td>Member's ID</td><td><input type=text name=id></td></tr> <tr><td>Password</td><td><input type=password name=password></td></tr> <tr><td> </td><td> <a href="forgot.php" onclick="doexit=false;"><font face="Verdana,Arial,Helvetica" size="1" color="#000000"><b>Forgot Your Password?</b></font></a></td></tr> <tr><td colspan=2 align=center><input type=submit value="Log In"></td></tr> </table></form> <? } else { middle(); } } else { $check=0; $id=$_POST["id"]; $rs = mysql_query("select * from members where ID='$id'"); if ($rs) { $arr=mysql_fetch_array($rs); $n2=$arr['Password']; if ($n2==$b) { $check=1; $_SESSION["id_session"]=$arr[0]; $_SESSION["password_session"]=$arr[9]; middle(); } } if ($check==0) { print "<h2>Invalid User Id or Password</h2>"; ?> <form action=members.php method=post> <br><br><Center><table><tr><td colspan=2 align=center><h3>Members Login Area</h3></td></tr> <tr><td>Member's ID</td><td><input type=text name=id></td></tr> <tr><td>Password</td><td><input type=password name=password></td></tr> <tr><td> </td><td> <a href="forgot.php" onclick="doexit=false;"><font face="Verdana,Arial,Helvetica" size="1" color="#000000"><b>Forgot Your Password?</b></font></a></td></tr> <tr><td colspan=2 align=center><input type=submit value="Log In"></td></tr> </table></form> <? } } function middle() { $id=$_SESSION["id_session"]; $rs = mysql_query("select * from members where ID=$id"); $arr=mysql_fetch_array($rs); $check=1; $id=$arr[0]; $password=$arr[9]; $name=$arr[1]; $address=$arr[2]; $city=$arr[3]; $state=$arr[4]; $zip=$arr[5]; $country=$arr[6]; $phone=$arr[7]; $email=$arr[8]; $password=$b; $paymentoption=$arr[10]; $refby=$arr[11]; $l1=$arr[12]; $l2=$arr[13]; $l3=$arr[14]; $l4=$arr[15]; $l5=$arr[16]; $l6=$arr[17]; $l7=$arr[18]; $l8=$arr[19]; $l9=$arr[20]; $l10=$arr[21]; $leader=$arr[22]; $total=$arr[23]; $unpaid=$arr[24]; $paid=$arr[25]; ?> <table border="0" width="650"> <tr> <td width="150" valign="top"> <table width="140"> <tr> <td align="left"><br><br><br><br> <ul><font face="verdana" size="1"> <a href="stats.php">Statistics</a><br><br> <a href="update_pf.php">Edit Personal Information</a><br><br> <a href="sample_e.php">Referral Code & Links</a><br><br> <a href="logout.php">Logout</a><br><br> </td></tr></table> </td> <td VALIGN="top"> <table> <tr> <td> <font face="verdana" size="3"><b> <p>Account Center</b></font></p> <br> </td> </tr> <tr> <td> <div align="center"> <table border="0" cellpadding="3" cellspacing="0" width="400"> <tr> <td colspan="2"><b> <hr><font face="Verdana, Arial, Helvetica, sans-serif" size="-1"><center> Account Details for <?echo $name;?></font></center></b><hr> </td> </tr> <tr> <td valign="center" align="left"><strong><font face="Verdana" size="-1">Total Commisions Earned: </font></strong><br></td> <td valign="center"> <font face="Verdana" size="-1">$<? echo $total;?></font><br></td> </tr> <tr> <td valign="center" align="left"><strong><font face="Verdana" size="-1">Commisions Due: </font></strong><br></td> <td valign="center"> <font face="Verdana" size="-1">$<? echo $unpaid;?></font><br></td> </tr> <tr> <td valign="center" align="left"><strong><font face="Verdana" size="-1">Commisions Paid: </font></strong><br></td> <td valign="center"> <font face="Verdana" size="-1">$<? echo $paid;?></font><br></td> </tr> <tr> <td valign="center" align="left" colspan=2> </td> </tr> <tr> <td valign="center" align="left"><strong><font face="Verdana" size="-1">Direct Referrals: </font></strong><br></td> <td valign="center"> <font face="Verdana" size="-1"><? $rsd=mysql_query("select * from members where Leader=".$id); echo mysql_num_rows($rsd); ?></font><br></td> </tr> <tr> <td valign="center" align="left" colspan=2> </td> </tr> <tr> <td valign="center" align="left" colspan=2><strong><font face="Verdana" size="3">Downline Information </font></strong><br></td> </tr> <tr> <td valign="center" align="left"><strong><font face="Verdana" size="-1">Total Downline Size: </font></strong><br></td> <td valign="center"> <font face="Verdana" size="-1"><? echo ($l1+$l2+$l3+$l4+$l5+$l6+$l7+$l8+$l9+$l10); ?></font><br></td> </tr> <tr><td colspan=2> <Table width=100%> <tr><td bgcolor=#000000><strong><font face="Verdana" size="-1" color=#ffffff>Level</font></strong></td> <td bgcolor=#000000><strong><font face="Verdana" size="-1" color=#ffffff>Number of Members</font></strong></td> </tr> <? include "config.php"; ?> <? for($i=1;$i<=$levels;$i++) { ?> <tr><td><strong><font face="Verdana" size="-1"><? echo $i; ?></font></strong></td> <td ><font face="Verdana" size="-1"> <? if($i==1) { echo $l1; } elseif($i==2) { echo $l2; } elseif($i==3) { echo $l3; } elseif($i==4) { echo $l4; } elseif($i==5) { echo $l5; } elseif($i==6) { echo $l6; } elseif($i==7) { echo $l7; } elseif($i==8) { echo $l8; } elseif($i==9) { echo $l9; } elseif($i==10) { echo $l10; } ?> </font></td> </tr> <? } ?> </table> </td></tr> <tr><td colspan=4><hr></td><tr> </table> </div> </td> </tr> </table> <font face="verdana" size="3"><b> <p>Download Center</b></font></p> <? include "download.php"; ?> </td> </tr> </table> <br><br> <? } include "footer.php"; ?> edit: added [code][/code] blocks How to remove the verification code here,i mean the captcha... <?php session_start(); if ($_POST['Submit'] == 'Send') { if (strcmp(md5($_POST['user_code']),$_SESSION['ckey'])) { header("Location: sendmail.php?msg=ERROR: Invalid Verification Code"); exit(); } $to = $_POST['toemail']; $subject = $_POST['subject']; $message = $_POST['message']; $fromemail = $_POST['fromemail']; $fromname = $_POST['fromname']; $lt= '<'; $gt= '>'; $sp= ' '; $from= 'From:'; $headers = $from.$fromname.$sp.$lt.$fromemail.$gt; mail($to,$subject,$message,$headers); header("Location: sendmail.php?msg= Mail Sent!"); exit(); } ?> <html> <head> <title>Email </title> </head> <body bgcolor="#ffffcc"> <h2 align="center"> </h2> <h3 align="center"> Please do not misuse this script. </h3><br> <p style="margin-left:15px"> <form action="sendmail.php" method="POST"> <b>From Name:</b><br> <input type="text" name="fromname" size="50"><br> <br><b>From Email:</b><br> <input type="text" name="fromemail" size="50"><br> <br><b>To Email:</b><br> <input type="text" name="toemail" size="50"><br> <br><b>Subject:</b><br> <input type="text" name="subject" size="74"><br> <br><b>Your Message:</b><br> <textarea name="message" rows="5" cols="50"> </textarea><br> <br><b>Verification Code:</b><br> <input name="user_code" type="text" size="25"> <img src="pngimg.php" align="middle"><br><br> <input type="submit" name="Submit" value="Send"> <input type="reset" value="Reset"> </form> </p> <?php if (isset($_GET['msg'])) { echo "<font color=\"red\"><h3 align=\"center\"> $_GET[msg] </h3></font>"; } ?> </body> </html> I know there has to be a better way to do this. My usernames and passwords are stored in a text file. This is what I'm doing now, and all it does is return the error statement. This is the php from after the log in page. <?php $user = $_POST["username"]; $password = $_POST["password"]; $un = "no"; $pw = "no"; $fh = fopen("users.txt","r"); while (!feof($fh)) { $line = fgets($fh); $data = explode("$",$line); if ($data["0"] == $user){ $un = "yes"; } if ($data["1"] == $password){ $pw = "yes"; } } if (($un === "yes") && ($pw === "yes")){ echo "<h4> Hello <em>$user</em>!\n<br />"; }else { echo "<h3>Your username and/or password is incorrect.</h3>\n<br />"; echo "<a href='login.html'>Return to the login page.</a>\n<br />"; } fclose($fh); ?> So, If I want to store something like: Code: [Select] Hello<br /> <b>This is a sentence </b> I would need to use htmlentities() So I could output the HTML after it's stored in the database safely? I am sending a email verification that a person registers on my site. I have two problems. Here is the email script: Code: [Select] $message = "Thank you for registering."; mail($email, 'Registration Confirmation', $message, 'From: noreply@website.com'); Problem 1: I have tried this on two different identical pages, index.php and register.php. It only works in the index page. Problem 2: When it does work on the index page, the From header does not show what is in the mail() function, it shows that it is from my host. What's up with that? Given the choice, I need to get problem 2 solved way more than problem 1. Thank you. I'm trying to create a series of web pages that will lead to a FINAL SALE page. At that point, I require TWO things to happen. First, the customer must pay the displayed total. Second, some kind of automated receipt needs to be generated so that a script can allow the customer to progress further. An applicable example would be a customer navigating through web pages of paintings by different artists and then choosing to see Alfred's latest unreleased paintings for a $2 fee. After paying the $2, the next web page would validate receipt of the payment, and now allow the customer to access Alfred's gallery. Is there a template for this sort of thing? Obviously, an online payment would require a credit card. Any recommendations for service providers would be appreciated. I have contacted Pay Pal, but they seem trained to encourage Ebay type sales and insist that the email I receive as confirmation would be sufficient. However, that would require me to check my email and manually grant access to galleries without ever sleeping. LOL. I'm sure there is a more viable solution, but need some advice and guidance from those that have already traversed this obstacle. Ok So the main purpose of this is: 1). User has to grab a OTP from the generator (work's) 2) the OTC updates in the database field (work's) via the person's user_email 3). it sends an email containing the OTP what it is not doing is, when they go and login, it just keeps saying invalid login credentials. I'm pasting my code below to see if anyone can help me out here. this is still a work in progress. do_login.php (not working here) Keep's saying invalid password. <?php if(empty($_POST)) exit; include 'config.php'; // declare post fields $post_user_email = trim($_POST['user_email']); $post_password = trim($_POST['authcode']); $post_autologin = $_POST['autologin']; if(($post_user_email == $config_email) && ($post_password == $config_password)) { $_SESSION['Site-Key'] = $config_email; // Autologin Requested? if($post_autologin == 1) { $password_hash = md5($config_password); // will result in a 32 characters hash setcookie ($cookie_name, 'usr='.$config_email.'&hash='.$password_hash, time() + $cookie_time); } exit('OK'); } else { echo '<div id="error_notification">The submitted login info is incorrect.</div>'; } ?> Index.php <?php require_once 'config.php'; if(isset($_SESSION['google-ads123123'])) { header("Location: http://forum.site1.com"); exit; } ?> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML> <HEAD> <TITLE>Access Required</TITLE> <script type="text/javascript" src="js/mootools-1.2.1-core-yc.js"></script> <script type="text/javascript" src="js/process.js"></script> <link rel="stylesheet" type="text/css" href="style.css" /> </HEAD> <BODY> <center> <div id="status"> <fieldset><legend align="center">Authentication</legend> <div id="login_response"><!-- spanner --></div> <form id="login" name="login" method="post" action="do_login.php"> <table align="center" width="200" border="0"> <tr> <td width="80">Email</td><td><input id="user_email" type="text" name="user_email"></td> </tr> <tr> <td>AuthCode:</td> <td><input type="password" name="authcode"></td> </tr> <tr> <td> </td> <td><input type="checkbox" name="autologin" value="1">Remember Me</td> </tr> <tr> <td> </td> <td><input id="submit" type="submit" name="submit" value="Login"> <br /> <a href="getcode.php"> Get Auth Code </a> <div id="ajax_loading"><img align="absmiddle" src="images/spinner.gif"> Processing...</div></td> </tr> </table> </form> </fieldset> </div> </center> </BODY> </HTML> getcode.php (generates a MD5 and adds into db) <?php $db_host = '123'; $db_username = '123'; $db_password = '123'; $db_name = '123'; @mysql_connect($db_host, $db_username, $db_password) or die(mysql_error()); @mysql_select_db($db_name) or die(mysql_error()); // This is displayed if all the fields are not filled in $empty_fields_message = "<p>Please go back and complete all the fields in the form.</p>Click <a class=\"two\" href=\"javascript:history.go(-1)\">here</a> to go back"; // Convert to simple variables $email_address = $_POST['user_email']; if (!isset($_POST['user_email'])) { ?> <h2>Generate your Auth Code</h2> <form method="post" action="<?php echo $_SERVER['REQUEST_URI']; ?>"> <p class="style3"><label for="user_email">Email:</label> <input type="text" title="Please enter your email address" name="user_email" size="30"/></p> <p class="style3"><label title="Generate Auth Code"> </label> <input type="submit" value="Submit" class="submit-button"/></p> </form> <?php } elseif (empty($email_address)) { echo $empty_fields_message; } else { $status = "OK"; $msg=""; //error_reporting(E_ERROR | E_PARSE | E_CORE_ERROR); if (!stristr($email_address,"@") OR !stristr($email_address,".")) { $msg="Your email address is not correct<BR>"; $status= "NOTOK";} echo "<br><br>"; if($status=="OK"){ $query="SELECT username FROM users WHERE user_email = '$email_address'"; $st=mysql_query($query); $recs=mysql_num_rows($st); $row=mysql_fetch_object($st); $em=$row->user_email;// email is stored to a variable if ($recs == 0) { echo "<center><font face='Verdana' size='2' color=red><b>No Auth Code</b><br> Sorry Your address is not in our database ."; exit;} function makeRandomPassword() { $salt = "abchefghjkmnpqrstuvwxyz0123456789"; srand((double)microtime()*1000000); $i = 0; while ($i <= 7) { $num = rand() % 33; $tmp = substr($salt, $num, 1); $pass = $pass . $tmp; $i++; } return $pass; } $random_password = makeRandomPassword(); $db2_password = md5($random_password); $sql = mysql_query("UPDATE users SET authcode='$db2_password' WHERE user_email='$email_address'"); $subject = "Auth Code Verification"; $message = " Here is your Auth Code, Auth Code: $random_password Auth Code: $db2_password This is an automated response, please do not reply!"; mail($email_address, $subject, $message, "From: Auth Server<theslcguy@safe-mail.net.com>"); echo "Your Auth Code has been sent! <br /> Please check your email! <br /> Also Allow up to 5 minutes to recieve your Code...<br />"; echo "<br><br>Click <a href='http://auth.site1.com'>here</a> to login"; } else { echo "<center><font face='Verdana' size='2' color=red >$msg <br><br><input type='button' value='Retry' onClick='history.go(-1)'></center></font>";} } ?> Config.php <?php session_start(); // Start Session header('Cache-control: private'); // IE 6 FIX // always modified header('Last-Modified: ' . gmdate("D, d M Y H:i:s") . ' GMT'); // HTTP/1.1 header('Cache-Control: no-store, no-cache, must-revalidate'); header('Cache-Control: post-check=0, pre-check=0', false); // HTTP/1.0 header('Pragma: no-cache'); // ---------- LOGIN INFO ---------- // $config_email = $POST["user_email"]; $config_authcode = $POST["authcode"]; $cookie_name = 'google-ads123123'; $cookie_time = (3600 * 24 * 30); // 30 days if(!$_SESSION['google-ads123123']) { include_once 'autologin.php'; } ?> How would I go about settings up a verification system with scripts that I write, so that I could sell scripts but if they were to get leaked or something I could kill the script, is there a way to set up a IP verification system when a script is run through CLI so it only runs if someones IP matches the one in the script? I'm in the habit of verifying input client side. For example, there is a field to enter a number, and I ensure that it is within a particular range using Javascript. My backend PHP code does not do such checking... Is this bad? Should I be doing checking using my backend code and send a response back to the client to display a message? Admittedly, I avoid it, since it's a little extra work -- well more extra than just javascripts, IF-THEN-ALERT type statement. |
|||||||