|
PHP - Authenticating Youtube Account?
Does anyone know of a json or php method of authenticating a youtube user without using zend?
Code: [Select] <?php $id = NULL; $username = 'myYouTubeAccount'; $url = 'http://gdata.youtube.com/feeds/api/users/%s/uploads?orderby=updated&max-results=8'; $xml = simplexml_load_file(sprintf($url, $username)); foreach ($xml->entry as $entry) : $kids = $entry->children('http://search.yahoo.com/mrss/'); $attributes = $kids->group->content[0]->attributes(); $flv = $attributes['url']; $attributes = $kids->group->player->attributes(); $link = $attributes['url']; $querystring = parse_url($link,PHP_URL_QUERY); parse_str($querystring, $id_temp); $id = $id_temp['v']; ?> <a href="<?=$link?>"> <img src="http://i4.ytimg.com/vi/<?=$id?>/default.jpg" /> </a> <?php endforeach; ?> Similar TutorialsHi all, Here i have a serious problem. I want to sought it out using PHP and MySQL only. I have a form includes fields of customer id and Account type( stored in a jump menu and includes 6 different types of accounts) <style type="text/css"> <!-- body,td,th { font-size: 18px; font-weight: bold; } --> </style> <p><img src="../images/mahapitiya 1.jpg" width="1024" height="139" /></p> <form id="form1" name="form1" method="post" action=""> <label> <input type="submit" name="button" id="button" value="Logout" /> </label> </form> <p> </p> <form action="" method="post" name="form2" id="form2" onsubmit="return Validate();"> <fieldset> <legend class="cap">Create an Account</legend> <table width="75%" border="0" cellspacing="0" cellpadding="5" align="center"> <tr> <td> </td> <td class="title02"> </td> <td> </td> <td> </td> </tr> <tr height="30"> <td width="10%"> </td> <td width="25%" class="title02" align="left">Customer ID</td> <td width="55%" class="attribute1" align="left"><input type="text" name="customer_id" class="attribute1" /></td> <td width="10%"> </td> </tr> <tr height="30"> <td> </td> <td width="25%" class="title02" align="left">Account Type</td> <td width="55%" align="left" bgcolor="#FFFFFF" class="attribute1"><select name="account_type" id="jumpMenu" > <option selected="selected"></option> <option>Savings Investment</option> <option>Shakthi</option> <option>Surathal</option> <option>Abhimani Plus</option> <option>Yasasa Certificates</option> <option>Fixed Deposits</option> </select> </td> <td width="10%"> </td> </tr> </table> <p align="center"> </p> <p align="center"> <input type="submit" onclick="return Validate();" name="submit" value="Submit" class="attribute1" /> <input type="reset" name="reset" value="Reset" class="attribute1" /> <label> <input type="submit" name="button2" id="button2" value="Help" /> </label> </p> </fieldset> </td> <td width="5%"> </td> </tr> <tr> <td> </td> <td> </td> <td> </td> </tr> <tr> <td> </td> <td align="center"> </td> <td> </td> </tr> <tr> <td> </td> <td><font color="red" size="1" ></font></td> <td> </td> </tr> </table> </form> <p> </p> <script language = "Javascript"> function Validate() { if (document.form2.customer_id.value == '') { alert('Please enter the valid customer id!'); return false; } else if ( document.form2.account_type.selectedIndex == '' ) { alert ( "Please select an account type!." ); return false; } return true; } </script> There are 6 different types of tables exist in my database representing 6 different types of accounts.Each and every table there is a field called "account number" which is auto incremented.When user clicks on submit button i want account number to be opened based on selected account type. How this could be done? Thanks, Heshan. hi everyone i was wondering if anyone has any idea how i can make my php links look like this "wwwDOTmysiteDOTcom/xxx.php?s=account" right now they look like this "wwwDOTmysiteDOTcom/account.php" thanks... Hi, Trying PostgreSQL for the first time but not making much progress. Get peer failure when not including a host and Ident error when including a host. Never heard of Ident authentication until today and don't know for sure if I even have such a server running. Using Centos7, PHP7.4 using remi's repo, and PostgreSQL 12 from their repo. Any thoughts? Thanks
try {
//use Unix domain sockets
$dbh = new PDO("pgsql:dbname=postgres", 'postgres', 'secret');
}
catch(Exception $e){
echo($e->getMessage().PHP_EOL);
}
try {
$dbh = new PDO("pgsql:host=localhost;dbname=postgres", 'postgres', 'secret');
}
catch(Exception $e){
echo($e->getMessage().PHP_EOL);
}
try {
$dbh = new PDO("pgsql:host=127.0.0.1;dbname=postgres", 'postgres', 'secret');
}
catch(Exception $e){
echo($e->getMessage().PHP_EOL);
}
SQLSTATE[08006] [7] FATAL: Peer authentication failed for user "postgres" SQLSTATE[08006] [7] FATAL: Ident authentication failed for user "postgres" SQLSTATE[08006] [7] FATAL: Ident authentication failed for user "postgres"
Sorry if i posted this in the wrong place but i dident see anthing about Active Directory or Security Questions
But has anyone used Active Directory as their User Database? Has anyone even tryed braking Active Directory with injection attacks?
Notes that i have found so far:
Php Sends to CMD first so encode userdata in base64 as a transport layer
$rand is a random number to prevent users from useing Success: as a ligitimate user
You will need to clean up the many many spaces that powershell sends back as it is a concole
Special Charicters dont need to be escaped
I am using
Win 2008 RC2
Apache
PHP (of course)
Powershell
Active Directory
PHP Script
$psScriptPath = 'C:/Apache/PSScripts/' //Path outside Website Root
$rand = mt_rand(mt_getrandmax(),mt_getrandmax());
//UTF-8 Standard only
$username = utf8_decode($_POST["username"]);
$password = utf8_decode($_POST["password"]);
$base64_username = base64_encode($username); //Transport Layer Base64
$base64_password = base64_encode($password); //Transport Layer Base64
//The danger happens here as it is sent to powershell.
$query = shell_exec('powershell.exe -ExecutionPolicy ByPass -command "' . $psScriptPath . '" < NUL -rand "' . $rand . '" < NUL -base64_username "' . $base64_username . '" < NUL -base64_password "' . $base64_password . '" < NUL');// Execute the PowerShell script, passing the parameters
Powershell Script
#*=============================================================================
#* Script Name: adpwchange2014.ps1
#* Created: 2014-10-07
#* Author:
#* Purpose: This is a simple script that queries AD users.
#* Reference Website: http://theboywonder.co.uk/2012/07/29/executing-powershell-using-php-and-iis/
#*
#*=============================================================================
#*=============================================================================
#* PARAMETER DECLARATION
#*=============================================================================
param(
[string]$base64_username,
[string]$base64_password,
[string]$rand
)
#*=============================================================================
#* IMPORT LIBRARIES
#*=============================================================================
if ((Get-Module | where {$_.Name -match "ActiveDirectory"}) -eq $null){
#Loading module
Write-Host "Loading module AcitveDirectory..."
Import-Module ActiveDirectory
}else{
write-output "Error: Please install ActiveDirectory Module"
EXIT
NUL
Stop-Process -processname powershell*
}
#*=============================================================================
#* PARAMETERS
#*=============================================================================
$username = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($base64_username))
$password = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($base64_password))
#*=============================================================================
#* INITIALISE VARIABLES
#*=============================================================================
# Increase buffer width/height to avoid PowerShell from wrapping the text before
# sending it back to PHP (this results in weird spaces).
$pshost = Get-Host
$pswindow = $pshost.ui.rawui
$newsize = $pswindow.buffersize
$newsize.height = 1000
$newsize.width = 300
$pswindow.buffersize = $newsize
#*=============================================================================
#* EXCEPTION HANDLER
#*=============================================================================
#*=============================================================================
#* FUNCTION LISTINGS
#*=============================================================================
Function Test-ADAuthentication {
Param($Auth_User, $Auth_Pass)
Write-Output "Running Function Test-ADAuthenication"
$domain = $env:USERDOMAIN
Add-Type -AssemblyName System.DirectoryServices.AccountManagement
$ct = [System.DirectoryServices.AccountManagement.ContextType]::Domain
$pc = New-Object System.DirectoryServices.AccountManagement.PrincipalContext($ct, $domain)
$pc.ValidateCredentials($Auth_User, $Auth_Pass).ToString()
}
#*=============================================================================
#* SCRIPT BODY
#*=============================================================================
Write-Output $PSVersionTable
Write-Output " "
$authentication = Test-ADAuthentication "$username" "$password"
if ($authentication -eq $TRUE) {
Write-Output "Success:$rand Authentication"
}elseif ($authentication -eq $FALSE) {
Write-Output "Failed:$rand Authentication"
}else {
Write-Output "Error: EOS"
EXIT
NUL
Stop-Process -processname powershell*
}
#*=============================================================================
#* SCRIPT Exit
#*=============================================================================
Write-Output "End Of Script"
EXIT
NUL
Stop-Process -processname powershell*
<?php //check for required fields from the form if ((!$_POST['username']) || (!$_POST['password'])) { header("Location: auth1.php"); //header("Location: auth1.php");
exit;
// Create connection
$message=""; } ?> When I enter any username ad password the code from auth2.php (the code above allows a connection anyway) I am attempting to redirect users back to auth1 if there is an incorrect username or password I am moving a site from another server to a new one. I have changed all the code snippets to reflect the new server and the new database but for some reason when I come to login it will not take me further. I know that the code has connected to the database as I have a userlog table on there telling me I when I logged in last. elow is my login.php (there is obviously more than the code included) Code: [Select] <? require 'include/common.inc.php'; require 'include/session.inc.php'; if(($u_username != "") || ($u_password != "")) { $funcResult = authenticateUser($u_username, $u_password, $chkRemember); if(!$funcResult->returnValue) { header("Location: login.php?msg=" . $funcResult->errorMessage); echo "ERROR: " . $funcResult->errorMessage; } else { if($artid!="") { header("Location: news/readarticle.php?artid=$artid"); } else { if($funcResult->errorMessage == "M") { header("Location: members/index.php"); exit; } elseif($funcResult->errorMessage == "B") { header("Location: business/index.php"); exit; } $msg = "Invalid UserName/Password"; } } } ?> <html> <head> <title>Welcome to Newquay Uncovered</title> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <link href="images/style.css" rel="stylesheet" type="text/css"> <script language="Javascript"> <!-- function validate(frm) { for(i=0;i<frm.length;i++) { if((frm.elements[i].type == "text" || frm.elements[i].type == "password") && frm.elements[i].value == "") { alert("Please fill in the required details"); frm.elements[i].focus(); return false; } } return true; } //--> </script> Here is Common Code: [Select] <? require '/home/xmasphot/public_html/www.newquayuncovered.com/include/db.inc.php'; // require '/dump/ldev/newquayuncovered/revamped/include/db.inc.php'; // USER UPLOAD FOLDER $uploaddir = "/home/xmasphot/public_html/www.newquayuncovered.com/members/uploads/"; // $uploaddir = "/dump/ldev/newquayuncovered/revamped/members/uploads/"; $pic_path = "/members/uploads/"; $nophoto = "/images/nophoto.jpg"; $pending = "/images/pending.jpg"; $fromemailaddresss = "help@newquayuncovered.com"; global $sportspicpath; global $sports_rpicpath; // $sports_rpicpath = "/dump/ldev/newquayuncovered/revamped/admin/sports/images/"; // $sports_picpath = "/newquayuncovered/revamped/admin/sports/images/"; $sports_rpicpath = "/home/xmasphot/public_html/www.newquayuncovered.com/admin/sports/images/"; $sports_picpath = "/admin/sports/images/"; if ($uid == "") { $uid = 0; } function sendErrorPage($mesg) { echo "Error Generated: <BR>$mesg"; exit; } function getDateString() { /* The function getDateString() returns the current date in the * format YYYY-MM-DD. This function is used when inserting date * columns into MySQL table */ return date(Y-m-d); } function getCountry($chk) { $query = "SELECT c_cid, c_cname FROM nq_country ORDER BY c_cname"; $results = mysql_query($query); echo "<option value=''><-- Select --></option>"; while($row = mysql_fetch_object($results)) { if($chk == $row->c_cid) { echo "<option value='$row->c_cid' selected>$row->c_cname</option>\n"; } else { echo "<option value='$row->c_cid'>$row->c_cname</option>\n"; } } } function getGender($chk) { echo "<option value=''><-- Select --></option>\n"; if($chk != "" && $chk == 0) { echo "<option value=0 selected>Female</option>\n"; } else { echo "<option value=0>Female</option>\n"; } if($chk == 1) { echo "<option value=1 selected>Male</option>\n"; } else { echo "<option value=1>Male</option>\n"; } } function getSexuality($chk, $type="") { $arrVals = array( "R" => "Rather Not Say", "S" => "Straight", "O" => "Open Minded", "G" => "Gay/Lesbian", "B" => "BiSexual" ); if($type == 1) { echo $arrVals[$chk]; return; } echo "<option value=''><-- Select --></option>\n"; foreach($arrVals as $abbr=>$val) { if($abbr == $chk) { echo "<option value='" . $abbr . "' selected>" . $val . "</option>\n"; } else { echo "<option value='" . $abbr . "'>" . $val . "</option>\n"; } } } function getDOB_Date($chk) { echo "<option>--</option>\n"; for($i=1; $i<=31; $i++) { if($chk == $i) { echo "<option value=$i selected>$i</option>\n"; } else { echo "<option value=$i>$i</option>\n"; } } } function getDOB_Month($chk) { echo "<option>--</option>\n"; $arr_Month = array('Jan', 'Feb', 'Mar', 'Apr', 'May', 'Jun', 'Jul', 'Aug', 'Sep', 'Oct', 'Nov', 'Dec'); $i = 1; foreach ($arr_Month as $temp) { if($chk == $i) { echo "<option value=$i selected>$temp</option>\n"; } else { echo "<option value=$i>$temp</option>\n"; } $i++; } } function getDOB_Year($chk) { echo "<option>--</option>\n"; for($i=1960; $i<=1999; $i++) { if($chk == $i) { echo "<option value=$i selected>$i</option>\n"; } else { echo "<option value=$i>$i</option>\n"; } } } function getDBConnection() { global $hostName, $databaseName, $userName, $password, $con; // Get a persistent database connection if(!($link = mysql_pconnect($hostName, $userName, $password))) { return new Function_Result("Internal Error: Could not open database connection", null); } // Select mysql database if(!mysql_select_db($databaseName, $link)) { return new Function_Result("Internal Error: Could not select database",null); } return new Function_Result(null, $link); } function logout() { global $uid; global $username; global $isAuthenticated; global $userType; session_start(); global $REMOTE_ADDR; // Get DB Connection $funcResult = getDBConnection(); if($funcResult->returnValue == null) { return $funcResult; } $link = $funcResult->returnValue; $updStmt = "UPDATE nq_userlog SET ul_online_status=0 ,ul_last_logout=now() ,ul_last_logon_ip='$REMOTE_ADDR' WHERE ul_ulid='$uid'"; if(!mysql_query($updStmt, $link)) { return new Function_Result("Cannot update log.", null); } session_unregister("uid"); session_unregister("username"); session_unregister("isAuthenticated"); session_unregister("userType"); return new Function_Result(null, true); } class Function_Result { var $errorMessage; var $returnValue; function Function_Result($errMessage, $retValue) { $this->errorMessage = $errMessage; $this->returnValue = $retValue; } } function validateusername($u_username){ $u_username = trim($u_username); $funcResult = getDBConnection(); if($funcResult->returnValue == null) { return $funcResult; } $link = $funcResult->returnValue; $selectUserStmt = "SELECT u_uid,u_password,u_email FROM nq_user WHERE u_username='$u_username'"; if(!($result = mysql_query($selectUserStmt, $link))) { return new Function_Result("Internal Error: Could not execute SQL Query", null); } if(!($row = mysql_fetch_object($result))) { return new Function_Result("Invalid UserName", null); } return new Function_Result(null,$row); } function dynamicpictures() { $funcResult = getDBConnection(); if($funcResult->returnValue == null) { return $funcResult; } $link = $funcResult->returnValue; $selectUserStmt = "SELECT * FROM nq_pictures LEFT JOIN nq_user on pic_uid=u_uid WHERE pic_approval=1 AND pic_folder=0 AND pic_adult=0 AND pic_filename!='' AND pic_default=1 ORDER BY pic_date DESC LIMIT 5"; if(!($result = mysql_query($selectUserStmt, $link))) { return new Function_Result("Internal Error: Could not execute SQL Query", null); } return new Function_Result(null,$result); } function msgStatus($uid) { $funcResult = getDBConnection(); if(!$funcResult->returnValue) { sendErrorPage($funcResult->errorMessage); } $link = $funcResult->returnValue; $selectStmt = "SELECT COUNT(*) FROM nq_message WHERE msg_to_uid=$uid AND msg_status=0"; if(!($result = mysql_query($selectStmt, $link))) { return new Function_Result("Internal Error: Could not execute SQL Query. <BR>$selectStmt", null); } if(!($row = mysql_fetch_row($result))) { return new Function_Result("Internal Error: Could not assign record", null); } return new Function_Result(null, $row); } function getContact_country() { $query = "SELECT c_cname FROM nq_country ORDER BY c_cname"; $results = mysql_query($query); echo "<option value=''><-- Select --></option>"; while($row = mysql_fetch_object($results)) { echo "<option value='$row->c_cname'>$row->c_cname</option>\n"; } } function getState($ud_cid) { if ($ud_cid==130) { $qry = "limit 0, 54 " ;} elseif ($ud_cid==127) { $qry= "limit 55, 66"; } else { echo "<option value=''><-- Not Applicable --></option>"; return; } $query = "SELECT s_sid, s_sname FROM nq_state $qry" ; echo "<option value=''><-- Please Choose --></option>"; $results = mysql_query($query); while($row = mysql_fetch_object($results)) { echo "<option value='$row->s_sid'>$row->s_sname</option>\n"; } } function selectedstates($ud_cid, $chk) { if ($ud_cid==130) { $qry = "limit 0, 54 " ;} elseif ($ud_cid==127) { $qry= "limit 55, 66"; } else { echo "<option value=''><-- Not Applicable --></option>"; return; } $query = "SELECT s_sid, s_sname FROM nq_state $qry" ; echo "<option value=''><-- Please Choose --></option>"; $results = mysql_query($query); while($row = mysql_fetch_object($results)) { if($chk == $row->s_sid) { echo "<option value='$row->s_sid' selected>$row->s_sname</option>\n"; } else { echo "<option value='$row->s_sid'>$row->s_sname</option>\n"; } } } function getindexpagecontent($indexpageid) { $funcResult = getDBConnection(); if($funcResult->returnValue == null) { return $funcResult; } $link = $funcResult->returnValue; $selectStmt = "Select * from nq_config where con_conid='$indexpageid'"; if(!($result = mysql_query($selectStmt, $link))) { return new Function_Result("Internal Error: Could not execute SQL Query $selectStmt", null); } return new Function_Result(null,$result); } function getTop_latest_news($limit=2) { $funcResult = getDBConnection(); if(!$funcResult->returnValue) { sendErrorPage($funcResult->errorMessage); } $link = $funcResult->returnValue; $selectStmt_Top_latest_news = "SELECT *, CONCAT(LEFT(nwa_content, 90), '...') AS nwa_content FROM nq_newsarticle WHERE (nwa_topstories in (1,2,3)) and nwa_status='1' ORDER BY nwa_topstories ASC limit 0,". $limit; if(!($result_Top_latest_news = mysql_query($selectStmt_Top_latest_news, $link))) { return new Function_Result("Internal Error: Could not execute SQL Query. <BR>$selectStmt_Top_latest_news", null); } return new Function_Result(null, $result_Top_latest_news); } function Display_Admin_lst_evt() { $funcResult = getDBConnection(); if(!$funcResult->returnValue) { sendErrorPage($funcResult->errorMessage); } $link = $funcResult->returnValue; $selectStmt_lst_evt = "SELECT *, DATE_FORMAT(evt_from_date, '%b %d, %Y %h:%i %p') AS evt_fromdate, DATE_FORMAT(evt_to_date, '%b %d, %Y %h:%i %p') AS evt_todate FROM nq_events WHERE evt_uid=0 order by evt_evtid desc limit 0,2"; if(!($result_lst_evt = mysql_query($selectStmt_lst_evt, $link))) { return new Function_Result("Internal Error: Could not execute SQL Query $result_lst_evt", null); } return new Function_Result(null, $result_lst_evt); } function get_News_links($name,$limit) { $funcResult = getDBConnection(); if(!$funcResult->returnValue) { sendErrorPage($funcResult->errorMessage); } $link = $funcResult->returnValue; $selectStmt_Newslink = "SELECT *, CONCAT(LEFT(nwa_content, 50), '...') AS content, CONCAT(LEFT(nwa_title, 50), '...') AS title FROM nq_newsarticle left join nq_newscategory on nwc_nwcid=nwa_nwcid WHERE nwc_name='$name' order by nwa_createdate desc limit 0 , ". $limit; if(!($result_Newslink = mysql_query($selectStmt_Newslink, $link))) { return new Function_Result("Internal Error: Could not execute SQL Query. <BR>$selectStmt_Newslink", null); } return new Function_Result(null, $result_Newslink); } function getNightlife_title() { $funcResult = getDBConnection(); if(!$funcResult->returnValue) { sendErrorPage($funcResult->errorMessage); } $link = $funcResult->returnValue; $selectStmt = "SELECT * FROM nq_nightlife WHERE nl_parent !=0 ORDER BY nl_lastupdated desc"; if(!($result = mysql_query($selectStmt, $link))) { return new Function_Result("Internal Error: Could not execute SQL Query. <BR>$selectStmt", null); } return new Function_Result(null, $result); } function getNightlife_details($nl_nlid) { $funcResult = getDBConnection(); if(!$funcResult->returnValue) { sendErrorPage($funcResult->errorMessage); } $link = $funcResult->returnValue; $selectStmt = "SELECT * FROM nq_nightlife where nl_parent !=0 AND nl_nlid = '$nl_nlid'"; if(!($result = mysql_query($selectStmt, $link))) { return new Function_Result("Internal Error: Could not execute SQL Query. <BR>$selectStmt", null); } return new Function_Result(null, $result); } function getNightlife_homepage_details($nl_nlid) { $funcResult = getDBConnection(); if(!$funcResult->returnValue) { sendErrorPage($funcResult->errorMessage); } $link = $funcResult->returnValue; $selectStmt = "SELECT * FROM nq_nightlife where nl_parent !=1 AND nl_nlid = '$nl_nlid'"; if(!($result = mysql_query($selectStmt, $link))) { return new Function_Result("Internal Error: Could not execute SQL Query. <BR>$selectStmt", null); } return new Function_Result(null, $result); } function getNightlife_title_topten() { $funcResult = getDBConnection(); if(!$funcResult->returnValue) { sendErrorPage($funcResult->errorMessage); } $link = $funcResult->returnValue; $selectStmt = "SELECT * FROM nq_nightlife where nl_parent !=0 ORDER BY nl_lastupdated desc limit 0,10"; if(!($result = mysql_query($selectStmt, $link))) { return new Function_Result("Internal Error: Could not execute SQL Query. <BR>$selectStmt", null); } return new Function_Result(null, $result); } function getSection($id) { $funcResult = getDBConnection(); if(!$funcResult->returnValue) { sendErrorPage($funcResult->errorMessage); } $link = $funcResult->returnValue; $selectStmt = "SELECT * FROM nq_section where sec_secid='$id'"; if(!($result = mysql_query($selectStmt, $link))) { return new Function_Result("Internal Error: Could not execute SQL Query. <BR>$selectStmt", null); } return new Function_Result(null, $result); } function getTop_sectionStories($id) { $funcResult = getDBConnection(); if(!$funcResult->returnValue) { sendErrorPage($funcResult->errorMessage); } $link = $funcResult->returnValue; $selectStmt = "SELECT * FROM nq_sectionstory WHERE ssty_secid='$id' and ssty_position !='0' ORDER BY ssty_sstyid desc limit 0,3"; if(!($result = mysql_query($selectStmt, $link))) { return new Function_Result("Internal Error: Could not execute SQL Query. <BR>$selectStmt", null); } return new Function_Result(null, $result); } function getTopLink($id) { $funcResult = getDBConnection(); if(!$funcResult->returnValue) { sendErrorPage($funcResult->errorMessage); } $link = $funcResult->returnValue; $selectStmt = "SELECT * FROM nq_sectionlinks WHERE slnk_secid='$id' ORDER BY slnk_lastupdated desc"; if(!($result = mysql_query($selectStmt, $link))) { return new Function_Result("Internal Error: Could not execute SQL Query. <BR>$selectStmt", null); } return new Function_Result(null, $result); } function getAllStories($id) { $funcResult = getDBConnection(); if(!$funcResult->returnValue) { sendErrorPage($funcResult->errorMessage); } $link = $funcResult->returnValue; $selectStmt = "SELECT * FROM nq_sectionstory WHERE ssty_secid='$id' ORDER BY ssty_lastupdated desc"; if(!($result = mysql_query($selectStmt, $link))) { return new Function_Result("Internal Error: Could not execute SQL Query. <BR>$selectStmt", null); } return new Function_Result(null, $result); } function getStorydetails($id) { $funcResult = getDBConnection(); if(!$funcResult->returnValue) { sendErrorPage($funcResult->errorMessage); } $link = $funcResult->returnValue; $selectStmt = "SELECT * FROM nq_sectionstory where ssty_sstyid='$id'"; if(!($result = mysql_query($selectStmt, $link))) { return new Function_Result("Internal Error: Could not execute SQL Query. <BR>$selectStmt", null); } return new Function_Result(null, $result); } function getAllLink($id) { $funcResult = getDBConnection(); if(!$funcResult->returnValue) { sendErrorPage($funcResult->errorMessage); } $link = $funcResult->returnValue; $selectStmt = "SELECT * FROM nq_sectionlinks left join nq_section on sec_secid=slnk_secid WHERE slnk_secid='$id' ORDER BY slnk_slnkid desc"; if(!($result = mysql_query($selectStmt, $link))) { return new Function_Result("Internal Error: Could not execute SQL Query. <BR>$selectStmt", null); } return new Function_Result(null, $result); } function getLinkdetails($id) { $funcResult = getDBConnection(); if(!$funcResult->returnValue) { sendErrorPage($funcResult->errorMessage); } $link = $funcResult->returnValue; $selectStmt = "SELECT * FROM nq_sectionlinks WHERE slnk_slnkid='$id'"; if(!($result = mysql_query($selectStmt, $link))) { return new Function_Result("Internal Error: Could not execute SQL Query. <BR>$selectStmt", null); } return new Function_Result(null, $result); } function getTopBeaches($limit) { $funcResult = getDBConnection(); if(!$funcResult->returnValue) { sendErrorPage($funcResult->errorMessage); } $link = $funcResult->returnValue; if ($limit == "") { $selectStmt = "SELECT * FROM nq_beaches where bch_position !='0' order by bch_position asc"; } else { $selectStmt = "SELECT * FROM nq_beaches where bch_position !='0' order by bch_position asc limit 0, $limit"; } if(!($result = mysql_query($selectStmt, $link))) { return new Function_Result("Internal Error: Could not execute SQL Query. <BR>$selectStmt", null); } return new Function_Result(null, $result); } function getBeachDetails($id) { $funcResult = getDBConnection(); if(!$funcResult->returnValue) { sendErrorPage($funcResult->errorMessage); } $link = $funcResult->returnValue; $selectStmt = "SELECT * FROM nq_beaches where bch_bchid ='$id'"; if(!($result = mysql_query($selectStmt, $link))) { return new Function_Result("Internal Error: Could not execute SQL Query. <BR>$selectStmt", null); } return new Function_Result(null, $result); } function getTopBeachsafety($limit) { $funcResult = getDBConnection(); if(!$funcResult->returnValue) { sendErrorPage($funcResult->errorMessage); } $link = $funcResult->returnValue; if ($limit == "") { $selectStmt = "SELECT * FROM nq_beachsafety where bs_position !='0' order by bs_position asc"; } else { $selectStmt = "SELECT * FROM nq_beachsafety where bs_position !='0' order by bs_position asc limit 0, $limit"; } if(!($result = mysql_query($selectStmt, $link))) { return new Function_Result("Internal Error: Could not execute SQL Query. <BR>$selectStmt", null); } return new Function_Result(null, $result); } function getBeachSafetyDetails($id) { $funcResult = getDBConnection(); if(!$funcResult->returnValue) { sendErrorPage($funcResult->errorMessage); } $link = $funcResult->returnValue; $selectStmt = "SELECT * FROM nq_beachsafety where bs_bsid ='$id'"; if(!($result = mysql_query($selectStmt, $link))) { return new Function_Result("Internal Error: Could not execute SQL Query. <BR>$selectStmt", null); } return new Function_Result(null, $result); } function getTopSectionCategory($id) { $funcResult = getDBConnection(); if(!$funcResult->returnValue) { sendErrorPage($funcResult->errorMessage); } $link = $funcResult->returnValue; $selectStmt = "SELECT * FROM nq_sectioncategory WHERE scat_secid='$id' and scat_position !='0' ORDER BY scat_position asc"; if(!($result = mysql_query($selectStmt, $link))) { return new Function_Result("Internal Error: Could not execute SQL Query. <BR>$selectStmt", null); } return new Function_Result(null, $result); } function getAllSectionCategory($id) { $funcResult = getDBConnection(); if(!$funcResult->returnValue) { sendErrorPage($funcResult->errorMessage); } $link = $funcResult->returnValue; $selectStmt = "SELECT * FROM nq_sectioncategory left join nq_section on scat_secid=sec_secid WHERE scat_secid='$id' and scat_position !=0 ORDER BY scat_position asc"; if(!($result = mysql_query($selectStmt, $link))) { return new Function_Result("Internal Error: Could not execute SQL Query. <BR>$selectStmt", null); } return new Function_Result(null, $result); } function getAllSectionArticle($id,$cat) { $funcResult = getDBConnection(); if(!$funcResult->returnValue) { sendErrorPage($funcResult->errorMessage); } $link = $funcResult->returnValue; $selectStmt = "SELECT * FROM nq_sectionlinks left join nq_section on sec_secid=slnk_secid WHERE slnk_secid='$id' and slnk_scatid='$cat' ORDER BY slnk_slnkid desc"; if(!($result = mysql_query($selectStmt, $link))) { return new Function_Result("Internal Error: Could not execute SQL Query. <BR>$selectStmt", null); } return new Function_Result(null, $result); } function getUserTypeCheck($name) { $funcResult = getDBConnection(); if(!$funcResult->returnValue) { sendErrorPage($funcResult->errorMessage); } $link = $funcResult->returnValue; $selectStmt = "SELECT * FROM nq_user where u_username='$name'"; if(!($result = mysql_query($selectStmt, $link))) { return new Function_Result("Internal Error: Could not execute SQL Query. <BR>$selectStmt", null); } if(!($row = mysql_fetch_object($result))) { return new Function_Result("Could not assign records.", null); } return new Function_Result(null, $row); } function getBigAdd($secid) { $funcResult = getDBConnection(); if(!$funcResult->returnValue) { sendErrorPage($funcResult->errorMessage); } $link = $funcResult->returnValue; $selectStmt = "SELECT count(*) as rcount FROM nq_assingbanner LEFT JOIN nq_banner ON ban_banid=ab_banid WHERE ban_bannertype=1 AND ab_secid='".$secid."'"; if(!($result = mysql_query($selectStmt, $link))) { return new Function_Result("Internal Error: Could not execute SQL Query. <BR>$selectStmt", null); } $rowad = mysql_fetch_object($result); if ($rowad->rcount > 0) { $rd = rand(0,$rowad->rcount)-1; if($rd < 0){ $rd = 0; } $sqlad = "SELECT * FROM nq_assingbanner LEFT JOIN nq_banner ON ban_banid=ab_banid WHERE ban_bannertype=1 AND ab_secid='".$secid."' limit $rd,1"; $resultad = mysql_query($sqlad); if(mysql_num_rows($resultad) > 0) { $rowad = mysql_fetch_object($resultad); if($rowad->ban_target == "n"){ $target = "_blank"; } else { $target = "_self"; } $ret_value="<table width=\"100%\" border=\"0\" cellspacing=\"0\" cellpadding=\"0\"><tr height=\"18\"><td height=\"62\" align=\"center\" valign=\"middle\"><a href =\"".$rowad->ban_page."\" target=\"".$target."\"><img src=\""; if($rowad->ban_image !='') { $ret_value.="/admin/images/ads/".$rowad->ban_image; } else { $ret_value.=$rowad->ban_url; } $ret_value.="\" border=\"0\" alt=\"".$rowad->ban_alttext."\"></a></td> </tr> </table>"; } return new Function_Result(null,$ret_value); } else { return new Function_Result(null,"<br>"); } } function getTwoSmallAdd($secid) { $funcResult = getDBConnection(); if(!$funcResult->returnValue) { sendErrorPage($funcResult->errorMessage); } $link = $funcResult->returnValue; $sqlad = "SELECT * FROM nq_assingbanner LEFT JOIN nq_banner ON ban_banid=ab_banid WHERE ban_bannertype=2 AND ab_secid='".$secid."' order by rand() limit 0,2"; $resultad = mysql_query($sqlad); $ret_value="<table width=\"100%\" border=\"0\" cellspacing=\"0\" cellpadding=\"0\">"; while($rowad = mysql_fetch_object($resultad)) { if($rowad->ban_target == "n"){ $target = "_blank"; } else { $target = "_self"; } $ret_value.="<tr><td height=\"20\" valign=\"top\"><img src=\"/images/spcr.gif\" width=\"1\" height=\"1\"></td></tr><tr><td valign=\"top\"><a href=\"".$rowad->ban_page."\" target=\"".$target."\"><img src=\""; if($rowad->ban_image !='') { $ret_value.="/admin/images/ads/".$rowad->ban_image; } else { $ret_value.=$rowad->ban_url; } $ret_value.="\" border=\"0\" alt=\"".$rowad->ban_alttext."\"></a></td></tr>"; } $ret_value.="</table>"; return new Function_Result(null,$ret_value); } ?> And finally session Code: [Select] <? function setUserSession($u_uid, $u_username, $type) { global $uid; global $username; global $isAuthenticated; global $userType; session_start(); session_register("uid"); session_register("username"); session_register("isAuthenticated"); session_register("userType"); $uid = $u_uid; $username = $u_username; $isAuthenticated = true; $userType = $type; return true; } /***** SESSION HANDLING - ENDS HERE *****/ function authenticateUser($u_username, $u_password, $chkRemember) { $u_username = trim($u_username); $u_password = trim($u_password); $chkRemember=($chkRemember); if(($u_username == "") || ($u_password == "")) { sendErrorPage("The username/password you have entered is invalid. Please try again."); exit; } //$cryptPassword = crypt($u_password, CRYPT_STD_DES); // Get DB Connection $funcResult = getDBConnection(); if($funcResult->returnValue == null) { return $funcResult; } $link = $funcResult->returnValue; $selectUserStmt = "SELECT u_uid, u_username, u_type FROM nq_user WHERE u_username='$u_username' AND u_password='$u_password' and u_status!='U'"; if(!($result = mysql_query($selectUserStmt, $link))) { return new Function_Result("Internal Error: Could not execute SQL Query", null); } if(!($row = mysql_fetch_row($result))) { return new Function_Result("Invalid UserName/Password", null); } else { if ($chkRemember==1){ setcookie("newquay",$row[1],time()+60*60*24*30); } else { setcookie("newquay","",time()+60*60*24*30); } setUserSession($row[0], $row[1], $row[2]); global $REMOTE_ADDR; $updStmt = "UPDATE nq_userlog SET ul_last_updated=now(), ul_last_logon_ip='$REMOTE_ADDR', ul_online_status=1 WHERE ul_ulid=$row[0]"; if(!mysql_query($updStmt, $link)) { return new Function_Result("Cannot update log.<BR>$updStmt", null); } return new Function_Result($row[2], true); } } ?> The site isn't doing anything when I enter username and password, just bringing me back to the same page. Also I am unable to access the areas of the site that are only for registered members. Any help here would be greatly apprecaited, I have spent days on this now. Thanks in advance! There are a few other bugs that need ironing out too. You can view the site at www.newquayuncovered.com Do you use the OS userids or do you keep them separate in MYSQL? Must users login to a website and request a token to use for REST API requests? Did you use a framework provided method? I need something ultra-simple How could I from the varying URLs parse only the YouTube video ID? http://www.youtube.com/watch?v=SwrawcORlp0&feature=player_embedded http://www.youtube.com/watch?v=SwrawcORlp0&feature=popular How can I from the URLs above only extract the id into a variable $url SwrawcORlp0 Thanks, df Hi all, I've been working on a new php application that my users will host on their own domains. I also have my company domain. What I'm trying to do is create a php file that will verify a value from MySQL DB on my company domain. All I'm waiting is to get a date from company domain MySQL. So, I have user.com/Program AND developer.com/ Developer.com has a DB named Allowed_User that store CompID and AuthDate. I'm trying to send CompID from User.com and return AuthDate from Developer.com. Basically, when their pay the fees, AuthDate is set to the 15th of next month. The program will then compare the AuthDate to the current date and either allow the script to continue or it will exit saying they haven't paid Not having any experience with this sort of thing, is there a better route to go? I was planning on verifying this date every time someone logs in, so atleast once per day/user/location. Any suggestions on how to do is would be greatly appreciated. Thanks, Ray I am trying to create a registration form where users put their name, email and password only.
but i want to write an auto generated account number into database table for each user e.g; XY1234567 where XY should not change 1234567 auto generated random number and no duplicates (in numbers only).
example...
XY1234567
XY2345678
XY2233455
i found code
$num_of_ids = 10000; //Number of "ids" to generate.
$i = 0; //Loop counter.
$n = 0; //"id" number piece.
$l = "AAA"; //"id" letter piece.
while ($i <= $num_of_ids) {
$id = $l . sprintf("%04d", $n); //Create "id". Sprintf pads the number to make it 4 digits.
echo $id . "<br>"; //Print out the id.
if ($n == 9999) { //Once the number reaches 9999, increase the letter by one and reset number to 0.
$n = 0;
$l++;
}
$i++; $n++; //Letters can be incremented the same as numbers. Adding 1 to "AAA" prints out "AAB".
}
but its not working as i want. Any help please?
Edited by 684425, 27 December 2014 - 12:58 PM. I really swear that the host I use is like screwing with me hard. Like literally will have something working one night, wake up the next day to my error log full and nothing working anymore. Or, like in this case, have the code working fine, perfectly in fact, to all of the sudden bring up all these errors and shit without changing anything I just can't figure it out. Point being, I am working on this portal, and on the account page, you can update your info. Which for one field...
$result = queryMysql("SELECT * FROM accounts WHERE user='$user'");
$row = $result->fetch_assoc();
$set_comp = $row['company'];
// Check if 'Company' value is set
if (isset($_POST['company']))
{
$company = sanitizeString($_POST['company']);
if ($_POST['company'] != $set_comp)
{
queryMysql("UPDATE accounts SET company='$company' WHERE user='$user'");
}
elseif ($set_company == "")
{
queryMysql("INSERT INTO accounts (company) VALUES('$company') WHERE user='$user'");
}
elseif (empty($_POST['company']))
{
$company = "";
}
else
{
$company = stripslashes($row['company']);
}
}
And the form... Quote<form method='post' action='account.php' enctype='multipart/form-data'> Company:</th><td><input type='company' size='50' maxlength='40' name='company' value='$company'> <input type='submit' value='Save Info'> </form>
Now before it inexplicably stopped working, what it was doing and meant to do was display a form, that either had the information that was set, or displayed nothing because nothing was entered, and you could either put something there or change what was already there. Now it keeps telling me: [22-Oct-2018 06:29:37 UTC] PHP Notice: Undefined variable: company in /home/iqy0804tq6fq/public_html/portal/account.php on line 262 Also, sanitizeString and queryMysql are my own created functions, they work fine. I tried removing the elseif (empty($_POST['company'])), and just left the last else in, didn't work. It just displays empty columns now. Now also, when I try to update, it feeds me all these errors now my SQL syntax is wrong its LIKE HOW DID THIS CHANGE IN 10 SECONDS!!? I didn't DO anything for my syntax to be any different than when it worked perfectly! It's insanity. Hi friends, I am creating a site where users can add credit to their account via Liberty Reserve, and after that their account will automatically be updated with the amount they added so that they can use it to purchase products.. And after any purchase, the amount will be subtracted from their account.. I cant really find a php code to do that... i have done a search on here but still cant find anything close to it.. Can someone kindly help? Thank you Hello everyone, here is my problem. I am working for someone that would like users to be able to create a Trial Account on their website. This trial account is to be used for 24 hours, once the 24 hours is completed they can no longer login/use that account. Everything about the Trial Account is completed, other then the account timer. I am at a loss on how to get this part done. I was thinking that I would use the MySQL commands, GETDATE() and DATEADD(), to get the date and time that the account was created and using the DATEADD() command I would add 24 hours to the GETDATE() value. Then if the user logs into at a date past the DATEADD() value the Users Account type is switched to 3(This means that the account has been disabled) and then is directed to the Logout page, which then redirects him back to the homepage. After this point, the user can no longer login due to the code preventing any user with an account type of 3 to login. The problem is that I am unaware how to incorporate the GETDATE() and DATEADD() functions into my PHP code. Would anyone be able to explain how I can get this done, or suggest a better method of inputting a starting time and ending time for the account? Thank You for any/all help. Hello, I am having a problem with this code. I know it's messy, but it works. The Problem is that you can register a username more then once, It detects there is already a username of that in the database, but it still inserts it, and then there would be two of the same username. My Code: <?php if($_SERVER['REQUEST_METHOD'] == 'POST') { if($_POST['username'] == "" || $_POST['password1'] == "" || $_POST['password2'] == "" || $_POST['email'] == "" || $_POST['rights'] == "" || $_POST['ipaddress'] == "") { echo '<p class="info" id="warning"><span class="info_inner">You left one or more fields blank.</span></p>'; } else { $rr = mysql_query('SELECT * FROM users WHERE username=\'' . realEscape($_POST['username']) . '\'') ; if(mysql_num_rows($rr) > 0) { echo '<p class="info" id="error"><span class="info_inner">ERROR: The username is already in use!</span></p>'; } $rrr = mysql_query('SELECT * FROM users WHERE email=\'' . realEscape($_POST['email1']) . '\'') ; if(mysql_num_rows($rrr) > 0) { echo '<p class="info" id="error"><span class="info_inner">ERROR: The email is already in use!</span></p>'; } else { if($_POST['password1'] == $_POST['password2']) { if(preg_match('/[A-Za-z0-9-\s]{3,13}/i', $_POST['username'], $matches) && strlen($matches[0]) === strlen($_POST['username'])) { if(preg_match('/[a-z0-9]{3,13}/i', $_POST['password1'], $matches) && strlen($matches[0]) === strlen($_POST['password1'])) { if(is_numeric($_POST['rights'])) { mysql_query("INSERT INTO users (username, password, rights, ipaddress, email, date) VALUES ('". realEscape($_POST['username']) ."', '". encrypt($_POST['password1']) ."', '". realEscape($_POST['rights']) ."', '". realEscape($_POST['ipaddress']) ."', '". realEscape($_POST['email']) ."', NOW())"); echo ' <p class="info" id="info"><span class="info_inner">The account has been created.</p>'; } else { echo '<p class="info" id="error"><span class="info_inner">ERROR: Undefined</span>'; } } else { echo '<p class="info" id="error"><span class="info_inner">ERROR: Invalid password. Your password can only contain Numbers and Letters, and be 3-12 characters in length.</span></p>'; } } else { echo '<p class="info" id="error"><span class="info_inner">ERROR: Invalid username. Your password can only contain Numbers and Letters, and be 3-12 characters in length.</span></p>'; } } else { echo '<p class="info" id="error"><span class="info_inner">ERROR: Passwords do not match.</span></p>'; } } } } ?> Hi! Trying to have it send a link to a user's email upon registration, and set it so they can't login until they click the link from their email. Here's the register script: <?php include('config.php'); include('dateindex.php'); if($loggedin == '1') die("You can't register another account while you're logged in."); if(isset($_POST['submit'])) { $callname = mysql_real_escape_string($_POST['callname']); $uname = mysql_real_escape_string($_POST['username']); $password = mysql_real_escape_string($_POST['password']); $email = mysql_real_escape_string($_POST['email']); if((!isset($_POST['username'])) || (!isset($_POST['callname'])) || (!isset($_POST['email'])) || (!isset($_POST['pass'])) || ($uname == '') || ($_POST['pass'] == '')) die("Please fill out the form completely. <br><br> <a href=register.php>Continue</a>"); $check = @mysql_query("SELECT id FROM users WHERE username = '$uname'"); $check = @mysql_num_rows($check); if($check > 0) die("Sorry, that username has already been taken. Please try again. <br><br> <a href=register.php>Continue</a>"); function validateEmailAddress($email) { return filter_var($email, FILTER_VALIDATE_EMAIL) && preg_match('/@.+\./', $email); } if(validateEmailAddress($email) !=1) { echo "That email address does not exist.<br /><br /><a href=register.php>Continue</a>"; exit(); } $pass = md5($_POST['pass']); $date = date("m/d/y"); $a =md5(uniqid(rand(), true)); $newPlayer = @mysql_query("INSERT INTO users (username, password, callname, email, registered, active) VALUES ('$uname', '$pass', '$callname', '$email', '$date', '$a')") or die("Error: ".mysql_error()); if (mysql_affected_rows() == 1) { $body = "Thank you for registering. To activate account click this link"; $body .= "http://localhost/testing/mbactivate.php?x=" . mysql_insert_id() . "$y=$a"; mail($_POST['email'], 'Registration Confirmed', $body, 'From:mirrorcat@airpost.net'); echo '<br />You have been registered! A confirmation email has been sent.'; exit(); } } else { echo '<form action=register.php method=post> Callname: <input type=text name=callname><br> Username: <input type=text name=username><br> Email: <input type=text name=email><br> Password: <input type=password name=pass><br> <input type=submit name=submit value=Submit> </form>'; } ?> login/index: <?php include('config.php'); echo '<center><a href=index.php>Main</a> | <a href=myprofile.php>Profile</a> | <a href=inbox.php>Inbox</a> | <a href=page1.php>To-Do List</a> | <a href=logout.php>Logout</a></center>'; print date('g:i a - l, F jS'); echo '<br /><br />'; ?> <?php if($loggedin == '0') { if(isset($_POST['submit'])) { // Make sure all forms were filled out. if((!isset($_POST['username'])) || (!isset($_POST['pass'])) || ($_POST['username'] == '') || ($_POST['pass'] == '')) die("Please fill out the form completely. <br><br> <a href=index.php>Continue</a>"); // Get user's record from database $player = @mysql_query("SELECT id, username, password, callname, email, registered, lastlogin FROM users WHERE username = '".$_POST['username']."'"); $player = @mysql_fetch_assoc($player); mysql_real_escape_string($username); mysql_real_escape_string($password); if($player['id'] == false) die("Sorry, that user is not in our database.<br><br> <a href=index.php>Back</a>"); else if($player['password'] != md5($_POST['pass'])) die("Wrong password!<br><br> <a href=index.php>Back</a>"); $_SESSION['id'] = $player['id']; $_SESSION['username'] = $player['username']; $_SESSION['password'] = $player['password']; $_SESSION['callname'] = $player['callname']; $_SESSION['email'] = $player['email']; $date = date("m/d/y"); $update = @mysql_query("UPDATE users SET lastlogin = '$date' WHERE id = '".$_SESSION['id']."'"); echo 'You are now logged in!'; } else { echo 'You are not logged in. <br><br> <form action=index.php method=post> Username: <input type=text name=username><br> Password: <input type=password name=pass><br> <input type=submit name=submit value=Submit> </form> Would you like to <a href=register.php>register?</a>'; } } else { echo 'You are logged in! Welcome, '.$_SESSION['callname'].'!'; } ?> <br /><br /> <b>Activate Account</b><br /> <?php // Validate $_GET['x'] and $_GET['y']. if (isset($_GET['x'])) { $x = (int) $_GET['x']; } else { $x = 0; } if (isset($_GET['y'])) { $y = $_GET['y']; } else { $y = 0; } // If $x and $y aren't correct, redirect the user. if ( ($x > 0) && (strlen($y) == 32)) { $query = "UPDATE users SET active=NULL WHERE (id=$x AND active='" . $y . "') LIMIT 1"; $result = mysql_query ($query) or trigger_error("Query: $query\n<br />MySQL Error: " . mysql_error()); // Print a customized message. if (mysql_affected_rows() == 1) { echo "<br><br><h3>Your account is now active. You may now log in.</h3>"; } else { echo '<br><br><p><font color="red" size="+1">Your account could not be activated. Please re-check the link or contact the system administrator.</font></p>'; } // mysql_close(); } else { // Redirect. // Start defining the URL. $url = 'http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']); // Check for a trailing slash. if ((substr($url, -1) == '/') OR (substr($url, -1) == '\\') ) { $url = substr ($url, 0, -1); // Chop off the slash. } // Add the page. $url .= '/index.php'; ob_end_clean(); // Delete the buffer. exit(); } // End of main IF-ELSE. ?> My problem is it isn't sending the code to the email specified, even though the random letters that should be sent to the email are stored in the database. And when I test the url anyway, (x=1&y=activationcode) it returns it as false, that the code doesn't exist even though I can clearly see it in my database! Can anyone spot any errors? Hi guys,
It's been a while that I have actively contributed to phpfreaks. I had some time consuming matters unfortunately.
If it would be possible I would like to have my old account restored or reactivated. The name probably sounds familiar
The restore password form doesn't seem to work (as in I receive no mails).
My emailaddress hasn't changed. Thanks in advanced!
Cssfreakie <--- the old one
Edited by cssfreakie2, 13 January 2015 - 01:35 PM. The below script WILL list one account successfully, but how come this script doesn't list more than one account when <b>listAccounts()</b> is called? EXAMPLE OF accounts.txt FILE: Code: [Select] username:blah user526:pass justinlh:justin function listAccounts() { //load all the accounts $accounts = loadAccounts(); //display each account in the drop-down box foreach($accounts as $account) { $account_split = explode(':', $account); echo '<option value="'. $account .'">'.$account_split[0].'</option>'; } } function loadAccounts() { /* EXAMPLE OF ACCOUNTS.TXT * http://pastebin.com/zAPH0a4J */ $handle = fopen('accounts.txt', 'r'); $accounts = fread($handle, filesize('accounts.txt')); fclose($handle); return explode('\n', $accounts); } This code logs the user in with the correct user_email, user_pwd, and active=1. A '0' is inserted into the active column of the users table during registration. I need help checking if active=0 then flash_warning('User account not activated'). login_user.php Code: [Select] <?php include(MODEL_PATH.'user.php'); switch ($route['view']){ case "login_user": if(login($params['user']['user_email'], $params['user']['user_pwd'])) { flash_notice('You are logged in!'); redirect_to(''); } else { flash_warning('Username or password is invalid!'); $route['view'] = 'login'; } break; }user.php Code: [Select] <?php session_start(); function login($username, $password) { db_connect_posts(); $query = sprintf("SELECT * FROM users WHERE user_email = '%s' AND user_pwd = '%s' AND active = '1'" , mysql_real_escape_string($username), md5($password) ); $result = mysql_query($query); $number_of_posts = mysql_num_rows($result); if($number_of_posts == 0) { return false; } $row = mysql_fetch_array($result); $_SESSION['user'] = $row; return true; } ?>Login form Code: [Select] <form action="<?php echo '/'.APP_ROOT.'/'; ?>sessions/login_user" method="post"> <fieldset> <legend>Login</legend> <div> <label>E-mail</label> <input name="user[user_email]" size="40" type="text" /> </div> <div> <label>Password</label> <input name="user[user_pwd]" size="40" type="password" /> </div> <input type="submit" value="Login" /> </fieldset> </form> I've been doing a lot of studying of Linux lately. I enabled the root acount to do some work. When done, even if I logout, close the terminal, or reboot, I can still access the root account without supplying the root password. So what am I not understanding or what am I doing wrong? I don't really need to disable the root account, but this is just a learning experience, and I'm not understanding why I still have access. See below:
# I needed to enable root access for something
skunkbad:~$ sudo passwd root
# I did what I needed to do
skunkbad:~$ sudo -i
root@ubuntu-Inspiron-3647:~#
# I logout from root
root@ubuntu-Inspiron-3647:~# logout
# I disable the root access per instructions from many internet references
skunkbad:~$ sudo passwd -dl root
# Root access is still available, even if I close and reopen the terminal
skunkbad:~$ sudo -i
# I logout from root
root@ubuntu-Inspiron-3647:~# logout
# Trying to access root via su prompts for password, and old password is wrong
skunkbad:~$ su
Password:
su: Authentication failure
Hi guys, I want something to be clarified. The supervisor of my system is responsible for approving accounts. When he logged into the system he should be able to view the customer records based on customer ID. That is when he types the relevant customer ID and clicks on search button the relevant record is displayed in a form. That part is OK. Thereafter he should approve the account by clicking on "Approve Account" button. I want to know how can he make sure relevant customer_id is approved or not. customer table includes fields of, customer_id, nic, full_name, name_with_initials, address, contact_number, gender. I want to whether i have add an extra field to my customer table saying "approves status" or whatever. Can anyone give me a suggestion?? Thanks, Heshan |
|||||||