|
PHP - Check Username & Password In Data Base With Curl
Hi guys
Can someone help me about this: The php code can be revise username and password with CURL then check database and if username & password is correct return true else false. Thanks Similar TutorialsI have a some value that are being generated from a database then thrown into <li><href> to create a list that user can click and fetch data through ajax right now its in a form select/menu and works fine however I need to convert to a list and use and onKeyDown event Code: [Select] <form> <select name="users" size="<?php echo $num_rows;?>" onchange="showUser(this.value)" > <?php do { ?> <option value="<?php echo $row_Recordset1['item_id']?>"><?php echo $row_Recordset1['item_id'].' '. $row_Recordset1['item_name']?></option> <?php } while ($row_Recordset1 = mysql_fetch_assoc($Recordset1)); $rows = mysql_num_rows($Recordset1); if($rows > 0) { mysql_data_seek($Recordset1, 0); $row_Recordset1 = mysql_fetch_assoc($Recordset1); } ?> </select> </form> I need to correct this Code: [Select] <ol> <?php do { ?> <li onKeyDown="showUser(this.value)"><a href="getmenu.php?item_id="<?php echo $row_Recordset1['item_id']?>"> <?php echo $row_Recordset1['item_name']?></a></li> <?php } while ($row_Recordset1 = mysql_fetch_assoc($Recordset1)); $rows = mysql_num_rows($Recordset1); if($rows > 0) { mysql_data_seek($Recordset1, 0); $row_Recordset1 = mysql_fetch_assoc($Recordset1); } ?> </ol> I have two tables. Table Name:Users Fields: User_name user_email user_level pwd 2.Reference Fields: refid username origin destination user_name in the users table and the username field in reference fields are common fields. There is user order form.whenever an user places an order, refid field in reference table will be updated.So the user will be provided with an refid Steps: 1.User needs to log in with a valid user id and pwd 2.Once logged in, there will be search, where the user will input the refid which has been provided to him during the time of order placement. 3.Now User is able to view all the details for any refid 3.Up to this we have completed. Query: Now we need to retrieve the details based on the user logged in. For eg: user 'USER A' has been provided with the referenceid '1234' during the time of order placement user 'USER B' has been provided with the referenceid '2468' during the time of order placement When the userA login and enter the refid as '2468' he should not get any details.He should get details only for the reference ids which is assigned to him. <?php session_start(); if (!$_SESSION["user_name"]) { // User not logged in, redirect to login page Header("Location: login.php"); } $con = mysql_connect('localhost','root',''); if (!$con) { die('Could not connect: ' . mysql_error()); } mysql_select_db("login", $con); $user_name = $_POST['user_name']; $refid = $_POST['refid']; $query = "SELECT * from reference,users WHERE reference.username=users.user_name AND reference.refid='$refid' AND "; $result = mysql_query($query) or trigger_error('MySQL encountered a problem<br />Error: ' . mysql_error() . '<br />Query: ' . $query); while($row = mysql_fetch_array($result)) { echo $row['refid']; echo $row['origin']; echo $row['dest']; echo $row['date']; echo $row['exdate']; echo $row['username']; } echo "<p><a href=\"logout.php\">Click here to logout!</a></p>"; ?> <html> <form method="post" action="final.php"> Ref Id:<input type="text" name="refid"> <input type="submit" value="submit" name="submit"> </html> Hi I am trying to select and order data/numbers from a colum in a mysql data base however i run the code and it returns no value just a blank page no errors or any thing so i think the code is working right but then it returns no result? Please help thanks Here is the code: <?php $host= "XXXXXX"; $mysql_user = "XXXXXX"; $mysql_password = "XXXXXX"; $mysql_database = "XXXXXXX"; $connection = mysql_connect("$host","$mysql_user","$mysql_password") or die ("Unable to connect to MySQL server."); mysql_select_db($mysql_database) or die ("Unable to select requested database."); $row = mysql_fetch_assoc( mysql_query( "SELECT XP FROM Game ORDER BY number DESC LIMIT 1" ) ); $number = mysql_result(mysql_query("SELECT XP FROM Game ORDER BY number DESC LIMIT 1"), 0); echo "The the highest XP is $number"; ?> Hi, I want to pull data from db, where sometimes all rows and sometimes rows matching given "username". Here is my code:
//Grab Username of who's Browsing History needs to be searched.
if (isset($_GET['followee_username']) && !empty($_GET['followee_username']))
{
$followee_username = $_GET['followee_username'];
if($followee_username != "followee_all" OR "Followee_All")
{
$query = "SELECT * FROM browsing_histories WHERE username = \"$followee_username\"";
$query_type = "followee_username";
$followed_word = "$followee_username";
$follower_username = "$user";
echo "$followee_username";
}
else
{
$query = "SELECT * FROM browsing_histories";
$query_type = "followee_all";
$followed_word = "followee_all";
$follower_username = "$user";
echo "all";
}
}
When I specify a "username" in the query via the url: browsing_histories_v1.php?followee_username=requinix&page_number=1 I see result as I should. So far so good.
Now, when I specify "all" as username then I see no results. Why ? All records from the tbl should be pulled! browsing_histories_v1.php?followee_username=all&page_number=1 This query shouldv'e worked:
$query = "SELECT * FROM browsing_histories";
hi, i have a password array system and i want to be able to make a php to add a username, password and a homepage, the same as the username just at the end of a URL: The array file code looks like this: Code: [Select] <?php //My Login Page //u //u //u //Users and Settings $domain_code = 'blogger123'; //Alpha Numeric and no space $random_num_1 = 213; //Pick a random number between 1 to 500 $random_num_2 = 754; //Pick a random number between 500 to 1000 $random_num_3 = 2; //Pick a random number between 1 to 3 //Usernames can contain alphabets, numbers, hyphens and underscore only //Set users below - Just add '' => '' with the first '' being //the username and the second '' after the => being the password. //Its an array so add an , after every password except for the //last one in the list. As shown below //Eg. $users = array( // 'user1' => 'password', // 'user2' => 'password' // ); $users = array( array('user1', 'test', '/users/1/'), array('user2', 'test', '/users/2/') array('user2', 'test', 'tusers/2/') array('user2', 'test', '/users/4/') array('user2', 'test', '/users/5/') array('user2', 'test', '/users/6/') array('user2', 'test', '/users/7/') array('user2', 'test', '/users/8/') array('user2', 'test', '/users/9/') array('user2', 'test', '/users/10/') array('user2', 'test', '/users/11/') array('user2', 'test', '/users/12/') array('user2', 'test', '/users/13/') array('user2', 'test', '/users/14/') ); ?> thanks in advance There is a login page called login.php, after user type their username and password into textbox, then the page direct it to the page validate, which is validate.php. In validate.php, if user do not type anything, then direct it to the login.php again; if user type their username and password worng less than 3 times, then direct it to the login.php also. However, if user type their username and password more than 3 times, then direct it to the register.php.
Question: i don't know how to make 3 attempts (maybe there are something worng in my page), it doesn't work, Please help, here is my validate.php
<?php
$loginErrorV = false;
$loginErrorW = false;
if(!empty($_POST['username']) && !empty($_POST['password']) && strlen($_POST['username'])!=0 && strlen($_POST['password'])!=0)
{
//
$username = $_POST['username'];
$password = $_POST['username'];
//Connect to Database
$conn = mysql_connect("localhost", "root", "");
if(!$conn){
die('Could not connect:'.mysql_error());
}
mysql_select_db("logindb", $conn);
//
$sql = "Select count(username) as user_exist from logint where username = '$username' and password = '$password'";
$result = mysql_query($sql, $conn);
$row = mysql_fetch_assoc($result);
//
if($row['user_exist'] == 1){
session_start();
$_SESSION['username'] = $username;
header('Location: 10586740.html');
mysql_close($conn);
} else {
$loginErrorV = true;
}
} else {
$loginErrorW = true;
}
if($loginErrorV){
if(isset($_COOKIE['login'])){
if($_COOKIE['login']<3){
header('Location:login.php');
$attempts = $_COOKIE['login'] + 1;
} else {
header('Location:register.php');
}
}
}
if($loginErrorW){
header('Location:login.php');
}
?>
Took Skoglund's Lynda course on creating a CMS for a project I am doing for a customer. I was extremely careful to set up the database, and pretty much copying everything he was doing in the course. So, I try to create a user in the database, and....crickets. Name and password don't come up. No error messages from the site. Just, nothing. So I'm sure it's pretty simple to fix, otherwise, there would have been chaos, right? For the page: hawcreekrenovations.com/new_user.php We know the page is correctly connecting to the MySQL because the drop down in the form is populated by the user-types in the database. So, I guess, you need the pertinent code: Code: [Select] // START FORM PROCESSING if (isset($_POST['submit'])) { //Form has been submitted $errors = array(); // perform validations on the form data $required_fields = array('username', 'password', 'user_type_id' ); $errors = array_merge($errors, check_required_fields($fields_with_lengths, $_POST)); $fields_with_lengths = array('username' => 30, 'password'=> 30); $errors = array_merge($errors, check_max_field_lengths($fields_with_lengths, $_POST)); $username = trim(mysql_prep($_POST['username'])); $password = trim(mysql_prep($_POST['password'])); $hashed_password = sha1($password); $user_type_id = trim(mysql_prep($_POST['user_type_id'])); if ( empty($errors) ) { $query = "INSERT INTO users ( username, hashed_password, user_type_id ) VALUES ( '{$username}', '{$hashed_password}', '{$user_type_id}' )"; $result = mysql_query($query, $connection); if ($result) { $message = "The user was successfully created."; } else { $message = "The user could not be created."; $message .= "<br />" . mysql_error(); } } else { if (count($errors) == 1) { $message = "There was 1 error in the form."; } else { $message = "There were " . count($errors) . " erros in the form."; } } } else { // Form has not been submitted. $username = ""; $password = ""; } ?> And the form: Code: [Select] <form action="new_user.php" method "post"> <table> <tr> <td>Username:</td> <td><input type="text" name="username" maxlength="30" value="<?php echo htmlentities($username); ?>" /></td> </tr> <tr> <td>Password:</td> <td><input type="password" name="password" maxlength="30" value="<?php echo htmlentities($password); ?>" ? /></td> </tr> <tr> <td>User Type:</td> <td><?php // 3. Perform database query $result = mysql_query("SELECT * FROM user_type", $connection); if (!$result) { die("Database query failed: " . mysql_error()); } // 4. Use returned data (if any) echo "<select name='type'>"; while ($row = mysql_fetch_array($result)) { echo "<option value=\"".$row["user_type_id"]."\">".$row["type"] . "</option>"; } echo "</select>"; ?></td> </tr> <tr> <td colspan="2"><input type="submit" name="submit" value="Create user" /></td> </tr> </table> </form> Code: [Select] <?php session_start(); include("global-settings.php"); mysql_connect($dbhost, $dbuser, $dbpass)or die("Could Not Connect: " . mysql_error()); mysql_select_db($dbname) or die(mysql_error()); $email = mysql_real_escape_string(strip_tags($_POST["email"])); $password = sha1($_POST["password"]); $result = mysql_query("SELECT * FROM users WHERE email = '{$email}' AND password = '{$password}'"); if (mysql_num_rows($result) > 0) { $row = mysql_fetch_array($result); $_SESSION["userid"] = $row['user_pid']; echo "logged in"; } else { $userid_generator = uniqid(rand(), false); mysql_query("INSERT INTO users (user_pid, email, password, datetime_registered, is_leader) VALUES ('$userid_generator', '{$email}', '{$password}', NOW(), 'no')"); $id = mysql_insert_id(); $leaders = mysql_query("SELECT * FROM users WHERE is_leader LIKE '%yes%'"); while($rows = mysql_fetch_array($leaders)) { if ($rows['is_leader'] == 'yes') { $leader_id = $rows['user_pid']; mysql_query("INSERT IGNORE INTO friends (node1id, node2id, friends_since, friend_type) VALUES('$leader_id', '$userid_generator', NOW(), 'full')"); $_SESSION["userid"] = $userid_generator; echo "new user created and logged in"; if(is_dir($userid_generator)) { echo "Something wen't wrong. A bug report has been sent and we are doing what we can to fix it."; $message = 'Registration problem on account number $userid_generator. The user succesfully registered, but there is already a directory with the account id of $userid_generator.'; mail($bug_report_email, "Registration Bug!", $message); } else { mkdir('../media/User-PID{' . $userid_generator . '}', 0777); mkdir('../media/User-PID{' . $userid_generator . '}/photos', 0777); mkdir('../media/User-PID{' . $userid_generator . '}/backups', 0777); mkdir('../media/User-PID{' . $userid_generator . '}/videos', 0777); mkdir('../media/User-PID{' . $userid_generator . '}/documents', 0777); mkdir('../media/User-PID{' . $userid_generator . '}/developer', 0777); mkdir('../media/User-PID{' . $userid_generator . '}/developer/apps', 0777); mkdir('../media/User-PID{' . $userid_generator . '}/developer/themes', 0777); mkdir('../media/User-PID{' . $userid_generator . '}/xml', 0777); } } } } ?> It logs in fine. It even registers fine, but how do I code it to do something if username is correct but password isn't correct? Hi, I'm trying to connect to CreditSafe's API with supplied username and password using PHP's CURL, unfortunately am having to do everything from scratch as they won't provide any details as to how we are supposed to set the connection up. The idea is that a username and pw are supplied and you then get a "token" which can be used to make further requests for data. The username and pw are given by them in JSON format so I am trying to use these and authenticate against their API. At the moment though I get the following for each of the test variables (see end of this script) I'm outputting to the screen: Data is HTTP/1.1 100 Continue HTTP/1.1 404 Not Found Date: Mon, 18 Jan 2021 15:18:30 GMT Content-Type: application/json; charset=UTF-8; skipnullon="everywhere" Content-Length: 61 Connection: keep-alive Strict-Transport-Security: max-age=31536000; includeSubdomains; { "correlationId": "6c2dc370-59a0-11eb-893a-0223445bacd9" } Response is NULL Array is just blank (because Response is NULL) This is what I have so far, am struggling with it, any idea what's going wrong?
<?php
$data_array = array(
$headers = array(
curl_setopt_array($curl, [ //Testing output below echo 'Data is '.$return; echo 'Response is '.$response; echo 'Array is '.var_dump($response); curl_close($curl); ?> [/CODE]
Anyone have any ideas? Thanks!
I am trying to validate username and password fields. I want to use preg match, but have little knowledge of this function. I want the password to only contain A-z 0-9 and with at least one letter and one number. Username needs to only include "A-z 0-9 _ -" no spaces in any of these. Here is what I have so far: $username= $_POST['username']; $password = $_POST['password']; $password2 = $_POST['password2']; if($password==$password2){ if( preg_match("[A-z0-9]", $password) || strlen($password)>6 // at least 7 chars || strlen($password)<26 // at most 20 chars ){$errors[] = 'Password must contain at least one number and letter plus be between 7-25 characters. May only contain alphanumeric characters, _ and .';} }else{$errors[] = 'Your Passwords did not Match';} if( preg_match("[A-z0-9_-]", $username) || strlen($username)>5 // at least 6 chars || strlen($username)<26 // at most 25 chars ){ $errors[] = 'Username must be 6-25 characters and contain only alphanumeric characters, _ and .'; } Hi Guys,
I have a very simple table called: registered_users
there is only 4 columns
column 1 = id
column 2 = username
column 3 = password
column 4 = salt
the password is hashed and salted when it's added to the table.
The problem is, that my username and password isn't being "seen" by the code so it's not sending me to the next page, it is only sending me back to the login page - not validated.
Please could you help me understand what i may be doing wrong here, it all looks okay to me but that's not obviously the case?
Here is the validation for username and password to login:
/* validate the username and the password */
if((!isset($_POST['username'])) || (strlen(trim($_POST['username'])) <5) || (trim($_POST['username']) != preg_replace("/[^a-zA-Z0-9\_]/", "", trim($_POST['username'])))) {
/* if is bad */
$my_error = 1;
}else{
$username = mysql_real_escape_string(trim($_POST['username']));
}
/* END validating username */
/* validate the password */
if((!isset($_POST['password'])) || (strlen(trim($_POST['password'])) <5) || (trim($_POST['password']) != preg_replace("/[^a-zA-Z0-9\_]/", "", trim($_POST['password'])))){
/* if is bad */
$my_error = 1;
}else{
$password = trim($_POST['password']);
}
/* END validating password */
/* if any of the post variables are invalid send back to the form page */
if($my_error != 0) {
$_SESSION['error_message'] =$error_message;
header("Location: index.php");
exit();
}
/* FUNCTION TO CREATE SALT */
function createSalt(){
$string = md5(uniqid(rand(), true));
return substr($string, 0, 3);
}
/* check to see if username is in the table if not send back to login */
$query01 = "SELECT * FROM registered_users WHERE username = '$username'";
$result01 = mysql_query($query01) or die(mysql_error());
if(mysql_num_rows($result01) != 1) {
header("Location: index.php");
exit();
}
$row = mysql_fetch_array($result01);
$salt = $row['salt'];
$hash = hash('sha256', $salt, $password);
$query02 = "SELECT id FROM registered_users WHERE username = '$username' AND password = '$hash'";
$result02 = mysql_query($query02) or die(mysql_error());
if(mysql_num_rows($result02) !=1){
header("Location: index.php");
exit();
}
$_SESSION['id'] = $row['id'];
$_SESSION['valid_user'] = "yes";
header("Location: admin02.php");
exit();
?>
Thanks
Andy
Edited by Ch0cu3r, 05 July 2014 - 09:14 AM. I'm having a little issue with this script. It's returning: "Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/zyquo/public_html/makethemoviehappen.com/forgot_password.php on line 89" (Line 89 is: $num_rows1 = mysql_num_rows($result1) and "New password could not be generated. If you continue to have issues, please email general@makethemoviehappen.com for assistance." I checked the database and the random password generation did run, and it was inserted into the database. So it's just not detecting that it ran, so it's not sending the email. Any ideas on why? I also checked what is returned in the $result1 variable and it's the number 1. Code: [Select] elseif($_GET['forgot']=="password"){ function &generatePassword($length=9, $strength=0) { $vowels = 'aeiuy'; $consonants = 'bcdfghjkmnpqrstwz'; if ($strength & 1) { $consonants .= 'BCDFGJLMNPQRSTVXZ'; } if ($strength & 2) { $vowels .= "AEIUY"; } if ($strength & 4) { $consonants .= '23456789'; } if ($strength & 8) { $consonants .= '@#$%'; } $password = ''; $alt = time() % 2; for ($i = 0; $i < $length; $i++) { if ($alt == 1) { $password .= $consonants[(rand() % strlen($consonants))]; $alt = 0; } else { $password .= $vowels[(rand() % strlen($vowels))]; $alt = 1; } } return $password; } $new_password =& generatePassword(); $username=$_POST['username']; $sql="SELECT * FROM $tbl_name WHERE Username='$username' AND Email='$email' AND Amount='$donation_amount'"; $result=mysql_query($sql); $num_rows = mysql_num_rows($result); if($num_rows==1){ $sql1="UPDATE $tbl_name SET Password='$new_password' WHERE Username='$username' AND Email='$email' AND Amount='$donation_amount'"; $result1=mysql_query($sql1); $num_rows1 = mysql_affected_rows($result1); if($num_rows1==1){ $content.='<p class="center">New password generated. It has been emailed to the email address provided.</p><br />'; $message='Some one (hopefully you) requested a new password be generated for your account on Make the Movie Happen. Below is the newly generated password: Password: '.$new_password.' Once you log-in, please change your password. Thank You, Make the Movie Happen Support Team '; mail($email, 'Make the Movie Happen - New Password', $message, 'From: general@makethemoviehappen.com'); } else{ $content.='New password could not be generated. If you continue to have issues, please email <a href="mailto:general@makethemoviehappen.com">general@makethemoviehappen.com</a> for assistance.'; } } else{ header("Location: ./index.php?forgot&e=1"); } } I've never actually done a username password, retrieval script before so need a little help. In the profile form the user is submitting username/password/name/email etc. into a MySQL DB along with a security question and answer. Is it just a matter of creating a form which does a check against the database and sends out an email to the user with their password? The password is hashed with MD5, so how would I send out an un-hashed PW? thanks! Hi all,
I have been reading in almost everywhere that we should not use our own custom login and password validations ( like regex etc.) but instead use the filter_var and filter_input built in functions provided by PHP 5 and above. However even after searching for more than an hour for with different search strings, I have not found even a single example that shows how we may validate for a username/login and password in a login form. Can someone be kind enough to provide a strong secure validations for username and login.
Additionally I would also like to clarify if the username and login fields in a Login form be manipulated in any manner to pose a security threat? I mean can a hacker craft a username/login or password in such a manner as to pose an injection or any other threat?
Thanks all.
Dear all, Can somebody help me please? Instead of ‘username’ and 'password', I need random values from CSV file. Can somebody show me how can I do this? My CSV file looks like this: user001,userpass001 user002,userpass002 user003,userpass003 My script looks like this: <?php $t= new post(); $t->username='username'; $t->password='password'; $res = $t->update('This is some text.'); ?> Thank you very much advance. I need to come up with a better way to do this. Currently I have a script which is a form and the user enters their email address, and their password in the database is sent to the email address. Problem is the password is MD5 hashed, so it's hashed when sent to their email. I am sure there is a better way to do this. Also, I am capturing a Security Question and Answer in the initial profile form that the user fills out, so I need to incorporate this as an extra layer of security. Please let me know of the methods for doing this. Thanks in advance! I have a div on my webpage that will contain an error message, basically 'username or password incorrect.' At the moment on the login page I have the div containing: Code: [Select] <div id="errorMessage"><?php echo $errorMessage; ?></div> and in the php code i have: Code: [Select] $errorMessage = ""; if(isset($_POST['username'])) { // check if username and password exists // else $errorMessage = "username or password incorrect"; } but unfortunately this doesn't seem to show on the page, any ideas? Hi Team, I have a php page where I have taken the same userid and linked in the next page and also used show/hide function. I am able to see that the userid is linking but when i submit the data is not getting insert and also no error Please help below is the Tower.php file. Code: [Select] <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <title>BHP2</title> <style type="text/css"> <!-- #Layer1 { position:absolute; width:1005px; height:578px; z-index:1; left: 157px; top: 1px; background-color: #993399; } #Layer2 { position:absolute; width:939px; height:114px; z-index:1; left: 35px; top: 35px; } #Layer3 { position:absolute; width:451px; height:169px; z-index:2; left: 270px; top: 296px; } #Layer4 { position:absolute; width:608px; height:68px; z-index:2; left: 273px; top: 10px; } #Layer5 { position:absolute; left:82px; top:188px; width:973px; height:52px; z-index:2; } #Layer6 { position:absolute; width:243px; height:106px; z-index:2; left: 68px; top: 43px; } .style1 { font-size: xx-large; font-style: italic; } .style2 {font-size: 52px} #Layer7 { position:absolute; width:824px; height:271px; z-index:2; left: 44px; top: 237px; } .style4 { font-size: xx-large; font-style: italic; font-weight: bold; color: #FF9933; } #Layer8 { position:absolute; width:800px; height:139px; z-index:2; left: 31px; top: 67px; } #Layer9 { position:absolute; width:610px; height:30px; z-index:2; left: 34px; top: 70px; } #Layer10 { position:absolute; width:611px; height:25px; z-index:2; left: 33px; top: 110px; } #Layer11 { position:absolute; width:614px; height:30px; z-index:2; left: 33px; top: 152px; } #Layer12 { position:absolute; width:615px; height:29px; z-index:2; left: 32px; top: 193px; } #Layer13 { position:absolute; width:187px; height:35px; z-index:2; left: 318px; top: 239px; } --> </style> </head> <body> <div id="Layer1"> <form id="form5" name="form5" method="link" action="Insert.php"> <div id="Layer2"> <div id="Layer6"><img src="AZimages/BHP-Billiton-logo.jpg" width="235" height="65" alt="BHP" /></div> <h1 align="center"> </h1> <div class="style1" id="Layer4"> <h1 align="center" class="style2">BHP DATA TRACKER </h1> </div> </div> <div id="Layer7"> <div align="center"><span class="style4">SELECT THE TOWER BELOW </span> <div id="Layer13"> <input type="hidden" name="empid" value="<?php echo $_GET['id']; ?>" size="20"> <input type="hidden" name="date" value="<?php echo date("Y-m-d H:i:s"); ?>" > <input type="submit" name="B1" value="Start !" /> </div> <div id="Layer12"> <div align="left"> <input name="rad1" type="radio" value="RF" id="rad1" /> <label >RF</label> </div> </div> <div id="Layer11"> <div align="left"> <input name="rad1" type="radio" value="ISAP" id="rad1" /> <label >ISAP</label> </div> </div> <div id="Layer10"> <div align="left"> <input name="rad1" type="radio" value="GSD" id="rad1" checked="checked" /> <label >GSD</label> </div> </div> <div id="Layer9"> <div align="left"> <input name="rad1" type="radio" id="rad1" value="CSD" /> <label>CSD</label> </p> </div> </div> <br /> </div> </div> </form> </div> </body> </html> Below is the insert.php <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <title>BHP DATA SUMBIT</title> <?php include ("count.php"); ?> <?php if(isset($_GET['action'])) { $action = $_GET['action']; if ($action = 'yes') { include ("Connection.php"); $PName = $_POST['rad11']; $Date = date("Y-m-d H:i:s"); $empidno = $_POST['idd']; $qsdate = $_POST['testinput']; $cb1 = $_POST['chkbox1']; $cb2 = $_POST['chkbox2']; $cb3 = $_POST['chkbox3']; $cb4 = $_POST['chkbox4']; $cb5 = $_POST['chkbox5']; $Com = $_POST['textfield2']; $dd1 = $_POST['textfield']; $dd2 = $_POST['select']; $dd3 = $_POST['select2']; $dd4 = $_POST['textfield4']; $dd5 = $_POST['textfield3']; $dd6 = $_POST['select3']; $sev = $_POST['radio1']; $olddate = $_POST['odate']; $pname = $_POST['radiobutton']; $query="INSERT INTO bhp ticketinformation (`userid`, `processname`, `begindate`, `dateposted`, `CALL`, `EMAIL`, `NEW`, `EXISTING`, `Piroty`, `MTICKET`, `Services`, `group1`, `group2`, `Icall`, `Tcreatedtime`, `comment`) VALUES ( '$empidno' , '$pname' , '$olddate' , '$Date' , '$cb1' , '$cb2' , '$cb3' , '$cb4' , '$sev' , '$dd1' , '$dd2' , '$dd3' , '$dd4' , '$dd5' , '$dd6' , '$Com')"; mysql_query($query); Header('location:tower.php?id=' . $empidno); } } ?> <head> <style type="text/css"> <!-- #Layer1 { position:absolute; width:1023px; height:592px; z-index:1; left: 167px; top: 2px; background-color: #993399; } #Layer2 { position:absolute; width:939px; height:114px; z-index:1; left: 59px; top: 3px; } #Layer3 { position:absolute; width:451px; height:169px; z-index:2; left: 270px; top: 296px; } #Layer4 { position:absolute; width:608px; height:68px; z-index:2; left: 273px; top: 10px; } #Layer5 { position:absolute; left:82px; top:188px; width:973px; height:52px; z-index:2; } #Layer6 { position:absolute; width:238px; height:69px; z-index:2; left: 68px; top: 43px; } .style1 { font-size: xx-large; font-style: italic; } .style2 {font-size: 52px} #Layer7 { position:absolute; width:979px; height:209px; z-index:2; left: 32px; top: 181px; } #Layer8 { position:absolute; width:194px; height:36px; z-index:1; left: 25px; top: 15px; } #Layer9 { position:absolute; width:178px; height:37px; z-index:2; left: 249px; top: 13px; } #Layer10 { position:absolute; width:193px; height:34px; z-index:3; left: 443px; top: 13px; } #Layer11 { position:absolute; width:204px; height:32px; z-index:4; left: 670px; top: 15px; } #Layer12 { position:absolute; width:195px; height:40px; z-index:5; left: 28px; top: 73px; } #Layer13 { position:absolute; width:182px; height:38px; z-index:6; left: 250px; top: 76px; } #Layer14 { position:absolute; width:197px; height:36px; z-index:7; left: 446px; top: 77px; } #Layer15 { position:absolute; width:214px; height:35px; z-index:8; left: 670px; top: 77px; } #Layer16 { position:absolute; width:315px; height:45px; z-index:9; left: 16px; top: 144px; } #Layer17 { position:absolute; width:343px; height:43px; z-index:10; left: 339px; top: 145px; } #Layer18 { position:absolute; width:258px; height:48px; z-index:11; left: 708px; top: 146px; } #Layer19 { position:absolute; width:321px; height:60px; z-index:3; left: 59px; top: 419px; } #Layer20 { position:absolute; width:197px; height:41px; z-index:1; left: 27px; top: 6px; } #Layer21 { position:absolute; width:193px; height:36px; z-index:2; left: 249px; top: 7px; } #Layer22 { position:absolute; width:207px; height:38px; z-index:3; left: 453px; top: 7px; } #Layer23 { position:absolute; width:237px; height:36px; z-index:4; left: 677px; top: 9px; } #Layer24 { position:absolute; width:245px; height:45px; z-index:5; left: 399px; top: 2px; } #Layer25 { position:absolute; width:99px; height:31px; z-index:6; left: 288px; top: 121px; } #Layer26 { position:absolute; width:87px; height:29px; z-index:7; left: 439px; top: 123px; } --> </style> <script language="JavaScript" > function showInfo() { var elem = document.getElementById('verify'); if(document.testform.select3.value == "verify" || document.testform.select3.value == "verify1" ) { elem.style.display="inline"; } else { elem.style.display="none"; } } </script> <script language="JavaScript"> function validator() { if(document.testform.Checkbox1.checked == false && document.testform.Checkbox2.checked == false && document.testform.Checkbox3.checked == false && document.testform.Checkbox4.checked == false) { alert ('You did not choose any of the checkboxes!'); return false; } if (document.testform.textfield.value =="") { alert("Enter Max Ticket No"); return false; } if (document.testform.select.value == "" || document.testform.select.value == "SELECT SERVICE DROP DOWN") { alert ('Select the SELECT SERVICE DROP DOWN'); return false; } if (document.testform.select2.value == "" || document.testform.select2.value == "SELECT RG GROUP") { alert ('SELECT RG GROUP'); return false; } if (document.testform.select3.value == "" || document.testform.select3.value == "SELECT GROUPS") { alert ('SELECT GROUPS'); return false; } if (document.testform.textfield2.value =="") { alert("Comments Feild is Empty.If there are no Comment then type NA(Not Applicable)"); return false; } if (document.testform.Checkbox1.checked == false) document.getElementById("chkbox1").value = ""; else document.getElementById("chkbox1").value = "EMAIL"; if (document.testform.Checkbox2.checked == false) document.getElementById("chkbox2").value = ""; else document.getElementById("chkbox2").value = "NEW"; if (document.testform.Checkbox3.checked == false) document.getElementById("chkbox3").value = ""; else document.getElementById("chkbox3").value = "EXISTING"; if (document.testform.Checkbox4.checked == false) document.getElementById("chkbox4").value = ""; else document.getElementById("chkbox4").value = "CALL"; alert('Record has been posted in the portal'); } </script> </head> <body> <div id="Layer1"> <div id="Layer2"> <div id="Layer6"><img src="AZimages/BHP-Billiton-logo.jpg" width="235" height="67" alt="BHP" /></div> <h1 align="center"> </h1> <div class="style1" id="Layer4"> <h1 align="center" class="style2">BHP DATA TRACKER </h1> </div> </div> <div id="Layer7"> <form method="POST" action="Insert.php?action=yes&&id=<?php echo $_GET['empid']; ?>" name="testform" onSubmit="return validator();"> <div id="Layer8"> <input type="checkbox" id="Checkbox4" name="checkbox4" value="CALL" /> CALL</label> </div> <div id="Layer9"> <label> <input type="checkbox" id="Checkbox1" name="checkbox1" value="EMAIL" /> EMAIL</label> </div> <div id="Layer10"> <label> <input type="checkbox" id="Checkbox2" name="checkbox2" value="NEW" /> NEW</label> </div> <div id="Layer11"> <label> <input type="checkbox" id="Checkbox3" name="checkbox3" value="EXISTING" /> EXISTING</label> </div> <div id="Layer12"> <label> <input name="radio1" type="radio" id="radio1" value="P1" checked="checked" /> P1</label> </div> <div id="Layer13"> <label> <input name="radio1" type="radio" id="radio1" value="P2" /> P2</label> </div> <div id="Layer14"> <label> <input name="radio1" type="radio" id="radio1" value="P3" /> P3</label> </div> <div id="Layer15"> <label> <input name="radio1" type="radio" id="radio1" value="P4" /> P4</label> </div> <div id="Layer16"> <label>MAXIMUM TICKET <input type="text" name="textfield" /> </label> </div> <div id="Layer17"> <label>SERVICE DROP DOWN <select name="select" style="width: 162px; height: 23px"> <option>SELECT SERVICE DROP DOWN</option> <option>OTHER(FW)</option> <option>1 MESSAGE</option> <option>1 MOBILITY</option> <option>1 VOICE</option> <option>1 SAP</option> <option>1 PORTAL</option> <option>1 COLLAB</option> <option>1 GSAP</option> <option>1 SECURITY</option> <option>1 WAN</option> <option>S DOMAIN</option> <option>1 AUTH</option> <option>1 DOCM</option> <option>1 REMOTE</option> </select> </label> </div> <div id="Layer18"> <label>RG GROUP <select name="select2" style="width: 162px; height: 23px"> <option>SELECT RG GROUP</option> <option>I-AM-AU-AM-HWT</option> <option>I-EUS-IN-CSC-DSK-CSD</option> <option>I-EUS-IN-CSC-DSK-GSD</option> <option>I-EUS-GB-DCS-BHPVICFW</option> <option>I-ITS-AU-HW</option> <option>I-SRM-AU-IAM-LAMU</option> <option>I-ITS-AU-SW</option> <option>C-BHP-AU-CSC-LSD-NONBRG</option> <option>C-BHP-AU-ACN-AQM</option> </select> </label> </div> </div> <div id="Layer19"> <label>SELECT GROUPS <select name="select3" onchange="showInfo()" style="width: 162px; height: 23px"> <option value="none" >SELECT GROUPS</option> <option value="verify">TP</option> <option value="verify1">OA</option> <option>OC</option> <option>OTHERS</option> </select> </label> <div id="verify" style="display:none;"> <br/><br/> <label>INCOMING CALL/EMAIL TIME <input type="text" name="textfield4" /> </label> <br/><br/> <label>MAXIMO TICKET CREATED TIME <input type="text" name="textfield3" /> </label> </div> <div id="Layer24"> <label>COMMENTS <input type="text" name="textfield2" /> </label> </div> <div id="Layer26"> <input name="Reset" type="reset" id="Reset" value="Reset" /> </div> <div id="Layer25"> <input type="submit" name="Submit" value="Submit" /> <input type="hidden" name="chkbox1" id="chkbox1" /> <input type="hidden" name="chkbox2" id="chkbox2" /> <input type="hidden" name="chkbox3" id="chkbox3" /> <input type="hidden" name="chkbox4" id="chkbox4" /> <input type="hidden" name="chkbox5" id="chkbox5" /> <input type="hidden" name="rad11" id="rad11" value="<?php echo $_GET['rad1']; ?>" /> <input type="hidden" name="idd" id="idd" value="<?php echo $_GET['empid']; ?>" /> <input type="hidden" name="odate" id="odate" value="<?php echo $_GET['date']; ?>" /> </form> </div> </div> </div> </body> </html> THANKS IN ADVANCED Hey guys I have a simple question, I have a Config.php file that connects to mysql database on my server... Something like this (modified data, of course): <?php // database information $dbhost = 'localhost'; $dbuser = 'root'; $dbpass = '******'; $dbname = 'databasename'; ?> Can a hacker access those variables? How can I protect this? Ideas, suggestions? Thanks in advance! I have had a load of people who are silly enought to forget their username and or password so wish to add in the option for them to save their details in a cookie, and break my number one rule, never to use them!!! can anyone suggest how i can do this so it is stored safely like most websites do it. |
|||||||