PHP - How Do You Guys Work Around This?

This topic has been moved to Application Design.

http://www.phpfreaks.com/forums/index.php?topic=322691.0

I have a script on my website, freestudentcloud.com.

But i want:
1) that new users must activate there account.
2)If the user lose his pass that he can Change/renew his password.

I hope someone can help me with my problems.

I have no knowledge of php, but i have tried many thinks. like http://www.learnphponline.com/scripts/email-activation-for-php-forms

This is the users.php
Code: [Select]
<?php
if( ! defined( '_AppPath' ) ) { exit( 'Direct access to this script is not permitted' ); }

class Users
{
 var $app;
 function __construct( $app )
 {
  $this->app = $app;
 }
 //******************************
 // Insert new user
 //******************************
 function create($return = false)
 {
  //Data validation
  $error;
  if(empty($_POST['password']))
   $error = 'Please enter a password';
  if(!empty($_POST['maxupload']) && !ctype_digit($_POST['maxupload']))
   $error = 'Please enter numeric values only for max. upload limit';
  if(empty($_POST['name']))
   $error = 'Please enter a username';   
  //Check for errors 
  if($error)
  {
   return array("error" => $error);
  }
  $user = array();
  $user['name']  = $this->app->db->real_escape_string($_POST['name']);  
  $user['password']  = md5('_password_'.$_POST['password']);
  $user['maxupload'] = $_POST['maxupload'] ? $_POST['maxupload'] : '';
  $user['admin']     = $_POST['admin'];
  
  //remove white space from username
  $user['name'] = str_replace(" ","",$user['name']);
  //Check for illegal characters
  $valid = array('-', '_');
  if(!ctype_alnum(str_replace($valid,'',$user['name'])))
   return array("error" => 'Only alphanumeric characters and "-" or "_" are allowed');
  if(strlen($user['name']) > 30)
   return array("error" => 'Username is too big (30 characters allowed)');
  
   
  //Insert user into database
  $query = "INSERT INTO users VALUES (NULL,
                                     '".$user['name']."',
                                     '".$user['password']."',
                                     '".$user['admin']."',
                                     '0',
                                     '".($user['maxupload']*1000)."')";
  if(!$user['maxupload'])
   $query = "INSERT INTO users VALUES (NULL,
                                     '".$user['name']."',
                                     '".$user['password']."',
                                     '".$user['admin']."',
                                     '0',
                                     NULL)";
      
  //Save user record in database
  $result = $this->app->db->query($query);
  if(!$result)
   return array("error" => "The username you chose is taken already");
   
  //Set user id   
  $user['id'] = sprintf("%011d", $this->app->db->insert_id); 
   
  //Create meta entries for new user
  $this->app->meta->create("downloads_".$user['id'],0,$user['id']); //downloads entry
  $this->app->meta->create("uploads_".$user['id'],0,$user['id']); //uplodads entry
  
  
  
  $user['password'] = '';
  //If is ajax call return upload data
  if($return == true) {
   return $user;
  }
 }
 //******************************
 // Get users
 //******************************
 function get()
 {
  $user = $this->app->session->get_var( 'id' );
  $query = "SELECT id,name, admin, space, maxspace FROM users WHERE id != '$user'";
  $response = $this->app->db->query($query);
  //Check if database has records
  if ($response->num_rows > 0)
  {
   //Records were found
   $users = array();
   while($row = $response->fetch_array())
   {
    //Change bytes to kylobytes if maxspace is set
    if($row['maxspace']) $row['maxspace'] = $row['maxspace'] / 1000;
    $users[] = $row;   
   }
   return $users;
  }
  else return false;
 }
 function getinfo($user)
 {
  $query = "SELECT id,name, admin, space, maxspace FROM users WHERE name = '$user' LIMIT 1";
  $response = $this->app->db->query($query);
  if ($response && $row = $response->fetch_assoc())
  {
   return $row;
  }
 }
 //******************************
 // Delete user
 //******************************
 function delete($user)
 {
  $query = "DELETE FROM users WHERE id = '$user'";
  $this->app->db->query($query);
  
  //Remove user meta entries
  $this->app->meta->delete("uploads_".$user); //uplodads entry
  $this->app->meta->delete("downloads_".$user); //uplodads entry
 }
 //******************************
 // Change user password
 //******************************
 function updatepassword()
 {
  //Data validation
  $error;
  if(empty($_POST['password']))
   $error = 'Please enter a password';
  //Check for errors 
  if($error)
  {
   return array("error" => $error);
  } 
  $password = md5('_password_'.$_POST['password']);  
  $user = $this->app->session->get_var( 'id' );  
  
  $query = "UPDATE users SET password = '$password' WHERE id = '$user'";                             
  $response = $this->app->db->query($query);
  
  return $response;
 } 
 //******************************
 // Update user info
 //******************************
 function update($return = false)
 {
  //Data validation
  $error;
  if(!empty($_POST['maxupload']) && !ctype_digit($_POST['maxupload']))
   $error = 'Please enter numeric values only for max. upload limit';   
  //Check for errors 
  if($error)
  {
   return array("error" => $error);
  }
  $user = array();
  $user['id']        = $_POST['value'];
  $user['maxupload'] = $_POST['maxupload'] ? $_POST['maxupload'] : NULL;
  $user['admin']     = $_POST['admin'];  
  //Update user in database
  $query = "UPDATE users SET maxspace = '".($user['maxupload']*1000)."',
                             admin    = '".$user['admin']."'  
                             WHERE id = '".$user['id']."'";
  
  if(is_null($user['maxupload']))
   $query = "UPDATE users SET maxspace = NULL,
                             admin    = '".$user['admin']."'  
                             WHERE id = '".$user['id']."'";   
  
 
  
  $response = $this->app->db->query($query);
  
  //If is ajax call return upload data
  if($return == true)
   return $user;

 }
 //******************************
 // Update user used space
 //******************************
 function updatespace($space)
 {
  $user = $this->app->session->get_var( 'username' );
  $query = "UPDATE users SET space = '$space' WHERE name = '$user' LIMIT 1";
  $response = $this->app->db->query($query);
  if($response)
   return $response;
 }
 //******************************
 // Login user
 //******************************
 function login($user,$password)
 {
  $user = $this->app->db->real_escape_string($user);
  $password = md5('_password_'.$password);
  
  $query = "SELECT * FROM users WHERE name = '$user' AND password = '$password'";
  $response = $this->app->db->query($query);
  if ($response && $row = $response->fetch_assoc())
  {
   // Credentials matched
   $this->app->session->add_var( array( 'username' => $row['name'],'id' => $row['id'] ));
   
   if( $_SESSION ) { session_regenerate_id( true ); }
   # Redirect to dashboard
   $path = $this->app->path."manage/";
   header ("Location: $path");
  }
  else
  {
   return "Incorrect";
  }
 }
 //******************************
 // Logout user
 //******************************
 function logout()
 {
  $path = $this->app->path."manage/";
  session_destroy();
  header("Location: $path");
 }
}
?>
Register.php
Code: [Select]
<?php
if( ! defined( '_AppPath' ) ) { exit( 'Direct access to this script is not permitted' ); }

?>

<!DOCTYPE HTML>
<html>
<head>
<meta charset="utf-8" />
<title>Login</title>
<!--STYLES-->
<link rel="stylesheet" href="<?php echo $viewsdir ?>views/css/reset.css" type="text/css">
<link rel="stylesheet" href="<?php echo $viewsdir ?>views/css/styles.css" type="text/css">
<!--SRIPTS-->
<script src="<?php echo $viewsdir ?>views/plugins/jquery.js" type="text/javascript"></script>
<script src="<?php echo $viewsdir ?>views/plugins/jquery.form.js" type="text/javascript"></script>
<script src="<?php echo $viewsdir ?>views/plugins/core.js" type="text/javascript"></script>
<script>
path = '';
</script>
</head>

<body>

 
 
 <div id="main" class="notice container">
<!--Wrapper-->
<div id="wrapper" class="notice">
 
  <!--Content-->
  <div id="content" class="padding">
 
  <?php if($error) : ?>
  <div id="message" class="one message invalid clearfix" style="display: block;">  
  <?php echo $error ?>
  </div>  
  <?php endif ?>
 
   <form id="on-login" method="post">
    <!--Username-->
    <p class="placeholders">
    <label for="user">Username</label>
    <input name="name" type="text" autocomplete="off" value="<?php echo $_POST['name'] ?>">
    </p>
    <!--Password-->
    <p class="placeholders">
    <label for="password">Password</label>
    <input name="password" type="password" autocomplete="off">
    </p>
    <p>
    <label for="robot">Are you human ? <span class="help">- how much is 2 + 3 ?</span></label>
    <input type="text" name="robot" value="<?php echo $_POST['robot'] ?>">
    </p>
   
   
    <input type="submit" class="submit" name="action" value="register">
    <a class="help one" href="<?php echo $path."manage/"; ?>">Log in</a>   
   </form>
   
  <!--End #content-->
  </div>   
<!--End #wrapper-->
</div>
<!--End .container-->
 </div>
</body>
</html>
The database is:
table: users
Column: | id | name | email | password | admin | space | maxspace |

What can i do? i do not ask to make the whole sript , i wanna learn, but i don't get it at all.

Thank you,
Tim

Hey everyone

A little advice would be great.  okay... I have a system that registers users and then allows them to take part in a quiz, which uses sessions and a database however what the problem is, is that i would like the user to be able to see the results of there quiz rather than destroying a session on logout.php

for example when they login, they will click member area for example and this will display info about the quiz they completed.... i.e. Scores

How would i do keep this info so its not lost on logging out??

Thanks in advance guys

Lance

This topic has been moved to Miscellaneous.

http://www.phpfreaks.com/forums/index.php?topic=317497.0

im trying to make a salary system which would display a month salary according to login hours so i got two different  tables storing data like   1. users table  id, name, password, salary 2.attendance table  id, user_id, Employee_Name, Remark, Login_Hours, Date   so what im looking to do is fetch all users id, name and salary from users table and then match it with attendance user_id,Employee_Name ,Login_Hours, table and then also count numbers of result for a particular year-month so that i could do the hourly wage calculation.   could someone help out i got no idea how to achieve it   apprieciate your help, thanks   i tried something like this it does output something but still dunno how to match results of both tables and get result  

$date = '2014-11';

$query1 = "SELECT COUNT(*) as num FROM attendance WHERE Date LIKE '%".$date."%' AND Employee_Name='moses'";
$total_pages = mysql_fetch_array(mysql_query($query1));
     $total_res = $total_res[num]; // total rows counting of total office days of a month
    
$result2=mysql_query("SELECT id, user_id, Employee_Name, Remark, SUM(Login_Hours), Date FROM attendance WHERE Employee_Name='moses'");
while($row = mysql_fetch_array($result2)){
     echo $sal_to_month = 9000/$total_res; //9000 is salary should be fetched from users table
     echo '<br/>';
       echo  $sal_to_month/9*$row['SUM(Login_Hours)'];
}

This topic has been moved to PHPFreaks.com Questions, Comments, & Suggestions.

http://www.phpfreaks.com/forums/index.php?topic=351181.0

This topic has been moved to Miscellaneous.

http://www.phpfreaks.com/forums/index.php?topic=328252.0

Hello everyone I am totally new in php i need some help in coding, Suppose I have 100 check boxes and one Textbox, I want to send the combined value of check box and textbox to another page. Like if i check a check box then the value of that check box and text box will be submitted to another page.

 Please see the attached b screenshot so you can get the idea

Thanks in Advance       Attached Files  capture 2.jpg   38.69KB   0 downloads

goodguybadguy.net

they can tell when you enter an email address that hasnt been registered yet. how the hell are they doing this? does gmail or  yahoo have some sort of database they allow access to for this?

looking for suggestions and experiences from those of you that use a Password Manager

Being fresh to PHP I installed PHPMailer (Not sure how to install classes so what I did is I dropped the PHPMailer files into my PEAR folder since that's where all my extensions are being sent to in XAMPP). Then I ran a basic script to send email via PHPMailer using the functions offered by PHPMailer instead of Mail() (of course) but when I do that and execute my code by going to localhost my Firefox will just display my PHP code right back at me.

Fatal error: Can't use function return value in write context on line 21   Hello, I am creating a login_parse php file that will facilitate user authentication on a website.  I have received the above error with the code below.   The line that yields the error is $_SESSION('uid') = $row['id'];   As always, I am grateful for the assistance.

<?php

session_start();
include_once("connect.php");

	if (!isset($_POST['username'])) 
	{
		$username = $_POST['username'];
		$password = $_POST['password'];
		
		
		$sql = "SELECT * FROM users WHERE username='".$username."'  AND password ='".$password."' LIMIT 1";
		$res = mysql_query($sql) or die(mysql_error());
		
		$ifstmt = mysql_num_rows(mysql_query($res));
		
		if($ifstmt == 1)
		{
			$row = mysql_fetch_assoc($res);
			
			$_SESSION('uid') = $row['id'];
			
			$_SESSION('username') = $row['username'];
			
			header("Location: demo.php");
			exit();
			
		}
		else
		{
			echo "Invalid login information.  Please return to the previous page";
			exit();
		}
	}

?>

This one requires lots of up front information:

I have a page, for this example that I will call page.php. It takes get parameters, and for this example I'll call the parameter "step". So I have a URL like this: page.php?step=1 This page has a form with an action of page.php?step=1. The code on the page validates the posting information. If the information is bad, it returns the user to page.php?step=1; if it is good, it takes the user to page.php?step=2 via header( "location:page.php?step=2" ). So redirection is done by relative path, not full URLs.
This all works as expected.

Now what I've done is set .htaccess to be HTTPS for this page, via this code:

# Turn SSL on for payments
RewriteCond %{HTTPS} off
RewriteCond %{SCRIPT_FILENAME} \/page\.php [NC]
RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L]

This works (initially). However, once you try to post the form, it just redirects back to the step=1 version of the page. I really don't know how or why that would be.

I'm not sure how else I can explain this or what other information you may have. But it's frustrating to not get a page working in HTTPS that works in HTTP. Very odd. Any suggestions? (I don't even really know the best location to figure out when/why it's redirecting back to the original page.)

Hi..,
I use below method to export data to excel.

header('Content-type: application/ms-excel');
header('Content-Disposition: attachment; filename=abc.xls');

if I run the script from the server. (http://localhost/export.php) it is work. (pop-up window if i want save or open the file)

but if i run the script from the client (http://192.168.1.5/export.php) it is not work. (nothing happen)

any idea how to solve this?

require_once 'includes/upload.class.php';
$upload = new uploads();
$details = $upload->getFileInformation($id);

<?php echo $details['upload_desc']; ?>

then here the class.

require_once 'db.class.php';



class uploads extends database

{

   private $uploadData;

   function uploadFile() {

   public function getFileInformation($id)

   {

      $this->uploadData = $this->readData("uploadfiles", "upload_id", $id);

      return $this->uploadData;

   }


But it wont work!