|
PHP - Can't Log-in Anymore...
Hi,
somehow I can't log-in on my testsite anymore... (username: user / pw: pass) I receive the following error message... Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/web1244/public_html/functions.php on line the code is as follows... <?php function get_fund($ISIN) { $ISIN = mysql_real_escape_string($ISIN); $qr = mysql_query("SELECT * FROM fund WHERE ISIN='".$ISIN."' "); if ( mysql_error() ) echo mysql_error(); if ( mysql_num_rows($qr) == 0 ) return NULL; return mysql_fetch_object($qr); } function show($var) { if(trim($_POST[$var])) return 'value="'.trim($_POST[$var]).'"'; return '';; } function checkForError($text, $result, $output) { if (in_array(($text), $result)) echo "<span style='color:#FF0000'>$output</span>"; else echo "$output"; } function exist($var) { if(isset($var)) if(trim($var) !== '') return TRUE; return FALSE; } function logged() { if(exist($_SESSION['login'])) return TRUE; return FALSE; } function loggedAdmin() { if(exist($_SESSION['admin'])) if($_SESSION['admin'] == aPass) return TRUE; return FALSE; } function loginAdmin() { if(exist($_POST['username'])) if(exist($_POST['password'])) if(exist($_POST['button'])) if(trim($_POST['username']) == aLogin) if(trim($_POST['password']) == aPass) $_SESSION['admin'] = aPass; } function login() { if(exist($_POST['username'])) if(exist($_POST['password'])) if(exist($_POST['button'])) if(mysql_ping()) { $query = "SELECT * FROM user WHERE login ='".mysql_real_escape_string($_POST['username'])."' AND password='".mysql_real_escape_string($_POST['password'])."'"; $res = mysql_query($query); if(mysql_num_rows($res)) { $resx=mysql_fetch_assoc($res); $_SESSION['login'] = $resx['id']; } } } function getAccounts($id = false) { $accounts= array(); $query = $id? " SELECT id, name FROM custody_ac WHERE id_client = '$id'" :"SELECT id, name FROM custody_ac WHERE id_client = '".$_SESSION['login']."'"; $qres=mysql_query($query); while($row = mysql_fetch_assoc($qres)) $accounts[] = $row; return($accounts); } ?> is there probably anyone who could tell me what I've done wrong, please? Thanks ozzo Similar TutorialsI wrote
<?php Code: [Select] <?php require "global.php"; if ($_POST) { $name = $_POST['name']; $data = sprintf("INSERT INTO forums VALUES (DEFAULT,'$name')"); mysql_query($data); $fid = mysql_insert_id(); header( 'Location: viewforum.php?fid='.$fid); exit; } echo ' <form action="" method="POST"> <table> <tr><td>Forum Name: </td><td><input name="name" /></td></tr> </table> <input type="submit" value=" Add Forum " /> </form>'; ?> This added forums whenever I made one to my MySQL database in the table "forums" For whatever reason, whenever I make a forum, it makes it end in ".php?fid=0" and does not create the forum on the database. Any ideas? Thanks! Hey I finally got this code working yesterday, when the user enters a name into the form and submits it the specific users details should be shown on the next page, this was working fine yesterday and when i turned my laptop on today it is not working, I am not getting any errors just not displaying the user details?? Any ideas? Heres the code Form: <table width="300" border="1" align="center" cellpadding="2" cellspacing="1" bgcolor="#9999cc"> <tr> <form name="form1" method="post" action="getdetails.php"> <td> <table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF"> <tr> <td colspan="3"><strong><center>Personal Details</center> </strong></td> </tr> <tr> <td width="78">Username</td> <td width="6">:</td> <td width="294"><input name="submit" type="text" id="username"></td> </tr> <tr> <td> </td> <td> </td> <td><input type="submit" name="Submit" value="Get Details"></td> </tr> </table> </td> </form> </tr> </table> getdetails.php <html> <head> <link rel="stylesheet" type ="text/css" href="anything2.css" </head> <body> <div id="container"> <div id="header"><img src="imagesb.jpg" alt="Cool Image" align="left"> <img src="images.jpg" alt="Cool Image" align="right"><center><b><font size="6.5"><br><br>User Details</b></center></font> </div> <div id="leftnav"><center> <br><br> <input type= "button" style="width:120px;" value="Home" onClick="window.location= 'home.php' "> <br><br> <input type= "button" style="width:120px;" value="Club Details" onClick="window.location= 'clubdetails.php' "> <br><br> <input type= "button" style="width:120px;" value="Future Events" onClick="window.location= 'futureevents.php' "> <br><br> <input type= "button" style="width:120px;" value="News" onClick="window.location= 'news.php' "> <br><br> <input type= "button" style="width:120px;" value="FAQ" onClick="window.location= 'faq.php' "> <br><br> <input type= "button" style="width:120px;" value="Wall" onClick="window.location= 'wall.php' "> <br><br> <input type= "button" style="width:120px;" value="About Us" onClick="window.location= 'about.php' "> </div> <div id="body"> <br><br> <?php mysql_connect ("localhost","root","") or die("Cannot connect to Database"); mysql_select_db ("test"); if (isset($_POST['Submit'])){ $username=mysql_real_escape_string(trim($_POST['Submit'])); $sql = "select * from memberdetails WHERE username='$username'"; $result = mysql_query ($sql); while ($row = mysql_fetch_array($result)) { $username= $row["username"]; $firstname= $row["firstname"]; $surname= $row["surname"]; $dob= $row["dob"]; $totalwins= $row["totalwins"]; $totalloses= $row["totalloses"]; $email= $row["email"]; $country= $row["country"]; $info= $row["info"]; echo "<b><u>Username:</b></u> $username<br>"; echo "<b><u>Firstname:</b></u> $firstname<br>"; echo "<b><u>Surname: </b> </u> $surname<br>"; echo "<b><u>Date of Birth:</b></u> $dob<br>"; echo "<b><u>Total Chess Wins:</b></u> $totalwins<br>"; echo "<b><u>Total Chess loses:</b></u> $totalloses<br>"; echo "<b><u>Email Address: </b></u> $email<br>"; echo "<b><u>Born in: </b></u> $country<br>"; echo "<b><u>Other Details:</b></u> $info<br><br><br>"; }} ?> <a href="delete.php">Delete User</a> <div id="footer">This is the footer</div> </body> </html> Ok so a few days ago I was alerted that my site was vulnerable to XSS injections in my search form. I modified the php script to prevent any malicious activity by adding this to it: Code: [Select] "/\<(script).*\>.*\<\/(script)\>/isU", " ", But now anytime I put anything into the search form nothing is returned. Please advice. Here is the script in it's entirety. Code: [Select] <?php mysql_connect ("localhost", "","") or die (mysql_error()); mysql_select_db (""); $search = mysql_real_escape_string(preg_replace('/[^\w\'\"\@\-\.\,\(\) ]/i', '', "/\<(script).*\>.*\<\/(script)\>/isU", " ", $_POST['search'])); $sql = mysql_query("SELECT * FROM sales WHERE contact LIKE '%$search%' OR phone LIKE '%$search%' OR office LIKE '%$search%' OR town LIKE '%$search%' OR cross_streets LIKE '%$search%' OR description LIKE '%$search%' OR email LIKE '%$search%' OR price LIKE '%$search%' order by `date_created`"); echo "<strong>Click Headers to Sort</strong>"; echo "<br/><strong>Your Results for: </strong>"; echo $_POST['search']; echo "<table border='0' align='center' bgcolor='#999969' cellpadding='3' bordercolor='#000000' table class='sortable' table id='results'> <tr> <th> Title </th> <th> Price </th> <th> Bed </th> <th> Bath </th> <th> Contact </th> <th> Office </th> <th> Phone </th> </tr>"; while ($row = mysql_fetch_array($sql)){ echo "<tr> <td bgcolor='#FFFFFF' style='color: #000' align='center'> <a href='classified/sales/index.php?id=".$row['id']."'>" . $row['title'] . "</a></td> <td bgcolor='#FFFFFF' style='color: #000' align='center'>$" . $row['price'] . "</td> <td bgcolor='#FFFFFF' style='color: #000' align='center'>" . $row['rooms'] . "</td> <td bgcolor='#FFFFFF' style='color: #000' align='center'>" . $row['bath'] . "</td> <td bgcolor='#FFFFFF' style='color: #000' align='center'>" . $row['contact'] . "</td> <td bgcolor='#FFFFFF' style='color: #000' align='center'>" . $row['office'] . "</td> <td bgcolor='#FFFFFF' style='color: #000' align='center'>" . $row['phone'] . "</td> </tr>"; } echo "</table>"; print_r($apts) ?> Thanks |
|||||||