PHP - Help With Getting The Album_is That Match User_is Or User Sessionid???

Hi,

so far I have managed to set up a somewhat basic login website with a mysql database backend.

Once they have logged on they go to a "main menu" page.

What I need to define is that user A sees button A but only that button, etc.

(Then of course that same rule would have to apply if they tried to directly go to the page, but I am guessing I can do that in the same way that I currently do to force a login).

If anyone has any tutorials or sample code I would much appreciate it.

Thanks,

Actually, what i want to do is to use the email to fetch the $email,$password and $randomnumber from database after

Hi guys,

I am trying to put together a little system that allows users to log onto my website and access there own personal page. I am creating each page myself and uploading content specific to them which cannot be viewed by anyone else.

I have got the system to work up as far as:

1/ The user logs in
2/ Once logged in they are re-directed to their own page using 'theirusername.php'

Thats all good and working how I need it too. The problem I have is this. If I log onto the website using USER A details - I get taken to USER A's page like I should but - If I then go to my browser and type in USERBdetails.php I can then access USER B's page.

This cannot happen!! I need for USER A not to be able to access USER B profile - there is obviously no point in the login otherwise! If you are not logged in you obviously cannot access any secure page. That much is working!

Please find below the code I am using:


LOGIN

<?php
session_start();


function dbconnect()
{
    $link = mysql_connect("localhost", "username", "password") or die ("Error: ".mysql_error());

}
?>

<?php
if(isset($_SESSION['loggedin']))
{
    header("Location:" . strtolower($username) . ".php");
if(isset($_POST['submit']))
{
   $username = mysql_real_escape_string($_POST['username']);
   $password = mysql_real_escape_string($_POST['password']);
   $mysql = mysql_query("SELECT * FROM clients WHERE username = '{$username}' AND password = '{$password}'");
   if(mysql_num_rows($mysql) < 1)
   {
     die("Password or Username incorrect! Please <a href='login.php'>click here</a> to try again");
   }   $_SESSION['loggedin'] = "YES";
   $_SESSION['username'] = $username;
 $_SESSION['name']
   header("Location:" . strtolower($username) . ".php");
}
?> 

HEADER ON EACH PHP PAGE

<?php
session_start();
if(!isset($_SESSION['loggedin']))
{
    die(Access to this page is restricted without a valid username and password);
?>

---------------------------------------------------

Am I right in thinking it is something to do with the "loggedin" part?

The system I have here is adapted from a normal login system I have been using for years. The original just checks the details and then does a 'session start'. This one obviously has to re-direct to a user specific page. To do this I used the <<header("Location:" . strtolower($username) . ".php");>> line to redirect to a page such as "usera.php" or "userb.php"

Any help would be greatly appreciated! 

Ta

Hi,

I am getting frustrated beyond belief at the moment with trying to get a very simple script to run, I am using PHP 5.3.3 and MySQL 5.1 on a Win2k8 server with IIS7.5. Basically my script is connecting to a local database, running a single select query, returning those rows and building up a string from them.

The problem is that I am receiving complete BS responses from PHP that the access is denied for the user being specified. This is complete rubbish since the user can connect via mysql, sqlyog, ASP.NET MVC without issue but for some bizarre reason it is not working via PHP.

The code for the script is here :

Code: [Select]
<?php

$mysql = mysql_connect('127.0.0.1:3306', 'myuser', 'mypass', 'mydatabase');


if (!$mysql) {
  die(mysql_error());
  $content = "<nobr></nobr>";
} else {
  
  $result = mysql_query('SELECT * FROM tblEventGroup'); 
  $content = "<nobr>";
  
  if ($result) {     
      while($row = mysql_fetch_assoc($result)) {
       $content .= "<span>";
       $content .= $row['GroupName'];
       $content .= "</span>";
       $content .= "<a href=\"../Event/EventSearch?groupid=";
       $content .= $row['GroupId'];
       $content .= "\" target=\"_blank\">Book here</a> ";
      }
  }
  
  mysql_close($mysql);
  $content .= "</nobr>";

}

?>
I cannot for the life of me understand what the problem is, the return error is

Access denied for user 'myuser'@'localhost' (using password: YES)

I'm having trouble of getting the code right
When i try to dump the $x value it's appearing null;

Code: [Select]
class Dictionary{

var $id=null;
var $en=null;
var $sp=null;
var $type=null;

public function __construct($data=array())
{
   if( isset($data['id']) ) $this->id= (int)$data['id'];
   if( isset($data['en']) ) $this->en= $data['en'];
   if( isset($data['sp']) ) $this->sp= $data['sp'];
   if( isset($data['type']) ) $this->type= $data['type'];
 
}
public function store ( $params ) {
 
    // Store all the parameters
    $this->__construct( $params );
}



public function WordGet($word)//add the english and spanish word
{

$con = new PDO(DBN,DB_USER,DB_PASS);
$sql = "SELECT *FROM word WHERE MATCH(en) AGAINST ('ctx')";
$st = $con->prepare($sql);
$st->bindValue(':word',$word,PDO::PARAM_STR);
$st->execute();
$r = $st->fetch();

$con = null;
return new Dictionary($r);

}


$test = new Dictionary;

$x = $test->WordGet('ctx');


var_dump($x);

In this example i'm scanning a css file for colour hash codes...
 

$match='/(#[a-f0-9]{3,6})/is';	//	matches colour hashes from 3 to 6 in length
preg_match_all($match, $s, $a, PREG_PATTERN_ORDER);

That works ok for now, what i'm after is how once matched as above how to get some text from before the mmatch returned as a seperate group.

Example css:
body {
background: #fff;
}

a {
color: #000;
text-decoration: none;
}
At the moment i'm just returned "#fff" and "#000", what i'm after is ("#fff","body") and ("#000","a"). So basically after match come back to before "{" and either to start of file or next "}".

Any help please?

hey im tring to match words which contain double s at the end...ie. address, business, class etc...so that is so i can put a ' at the end... class'

			if (preg_match("/ss$/", $name))
			{
				$name = $name . "'";
			}

any help with the regular expression would be great thank you

hey guys im making a script where the user gets redirected...but im wanting to make sure the redirection is within the same domain and not being shipped off to another site when using ($_SERVER['HTTP_REFERER'])   now what im using seems to do the trick but im wondering if there is a better method of doing this?...i dont want to use regex either   thank you guys

<?php 

$match = strpos("http://127.0.0.1/login", $_SERVER['SERVER_NAME']);

if ($match && $match > 0 ||  $match === 0)
{
	echo "domain match";
}

?>

so I use file_get_contents to get the contents of a webpage, one of the lines has


Code: [Select]
<meta property="og:url" content="http://www.google.com/blahblahblah?s=5cd04d4a7632296b9cdb463d04e82c05" />
I want it to echo only http://www.google.com/blahblahblah so anything between <meta property="og:url" content=" and ?s=5cd04d4a7632296b9cdb463d04e82c05" /> I want to extract and put into a variable

this works just fine but I was thinking preg match would be better


$thread = explode('<meta property="og:url" content="', $psuc);
$thread = explode('?s=', $thread[1]);
echo $thread[0];


Thanks

Hello,
I am trying to crawl a website and get all the domain names listed on the site to output into my php script. 
I am using the following code.... 
The main area is the preg match area, since I know nothing about it, nor do I understand it a little bit!

$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,"http://link I am getting data from.com);
curl_setopt($ch, CURLOPT_TIMEOUT, 30); //timeout after 30 seconds
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
$result=curl_exec ($ch);
curl_close ($ch);
// Search The Results From The Starting Site
if( $result )
{
// LOOKING FOR ANYTHING.COM  all .com's
preg_match_all( "(.*)\.com", $result, $output, PREG_SET_ORDER );
 
foreach( $output as $item )

{
// ALL LINKS DISPLAY HERE 
print_r($item);



}

}


Any help would be greatly appreciated!

How to check if a result of a database match with a result of another database. How do  this?

E.g.
In DatabaseA holds a column called usernames.
In DatabaseB holds a column called banned.

Is it possible to match results of an Array with an Arrary of results of another database and COUNT the matching results?

E.g.
In DatabaseA holds 4 columns and the records are pulled in as an array.
Science
Geography
Accounting
Agriculture

In DatabaseB holds 4 columns and the records are pulled in as an array.
Geography
French
Accounting
Science

THE RESULT should echo = 1

How to write this in a shorter way?

I've got a set of results and I need to check them against another database results. If they both are similar then I want to make it as "1" (points). The questions and the answers are in the same order (Question1, Question2, Question3 = Answer1, Answer2, Answer3). sa I guess the maching could be done using a set of arrays.

E.g.
get records from db1 get records from db2
get records from dbY get records from dbX
COUNT the matching data from db1 against dbY = echo TOTAL_SCORE1
COUNT the matching data from db2 against dbX = echo TOTAL_SCORE2

I've managed to get the data from the databases in order. But i need to get the COUNT of the MATCHING records.


php
\\Assume this is db1
$SomeVar = $_POST['sitting2'];
$queryU =  "SELECT * FROM adxone WHERE username = '".$SomeVar."'";
$resultU = mysql_query($queryU);
$scoreU = mysql_fetch_assoc($resultU);
$userRa1 = $scoreU['roundzAa'];
$userRa2 = $scoreU['roundzAb'];
$userRa3 = $scoreU['roundzAc'];
$userRa4 = $scoreU['roundzAd'];
$userRa5 = $scoreU['roundzAe'];
$userRa6 = $scoreU['roundzAf'];
$userRa7 = $scoreU['roundzAg'];
$userRa8 = $scoreU['roundzAh'];

\\ Assume this is dbY
$WinVar = 'examinationA';
$query =  "SELECT * FROM markacs WHERE roundx = '".$WinVar."'";
$result = mysql_query($query);
$scoreM = mysql_fetch_assoc($result);
$winRa1 = $scoreM['markwinxa'];  
$winRa2 = $scoreM['markwinxb']; 
$winRa3 = $scoreM['markwinxc']; 
$winRa4 = $scoreM['markwinxd']; 
$winRa5 = $scoreM['markwinxe']; 
$winRa6 = $scoreM['markwinxf']; 
$winRa7 = $scoreM['markwinxg']; 
$winRa8 = $scoreM['markwinxh']; 

/*need to match if 
$winRa1 = $userRa1, $winRa2 = $userRa2, etc..

then get the COUNT of the matching results*/

I am having a dilemma.  I am working on a script for a client.  It is a match making system.  It takes all the teams, minimum of 20 teams. 10 matches a season.  No team can play the same team in the season.  Here is my code I have so far.  If it does not make sense ask me, I will try to explain more in depth.

<?php
error_reporting(E_ALL);
include("security/config.php");

//create season for testing purposes
$sql_season = "insert into season (`season`) values ('1')";
$conn->query($sql_season) or die($conn->error);

$season = 1; //testing purpose
echo "Season 1:<br />"; //testing purpose

//get number of teams
$sql_teams = "select * from teams";
$rs = $conn->query($sql_teams) or die($conn->error);
$num_of_teams = $rs->num_rows;
echo "&nbsp;&nbsp;Number of teams this season: {$num_of_teams}<br />"; //testing purpose
//put all teams in array
$teams = array();
while($ts = $rs->fetch_array(MYSQLI_ASSOC)){
	$teams[] = $ts;
}


if($num_of_teams % 2 != 0){
	$teams[] = array('name' => 'bye week', 'id' => 0);
	$sql_dummy = "insert into teams (`name`) values ('bye week')";
	$conn->query($sql_dummy);
}

//how many matches
$weeks = 10;
$matches = 10;
echo "&nbsp;&nbsp;This Seaon will be {$weeks} consisting of {$matches} matches<br /><br />"; //testing purpose
for($i = 0; $i < $weeks; $i++){
	//mix up teams
	$teams1 = $teams;
	$teams2 = $teams;
	shuffle($teams1);
	shuffle($teams2);
	
	$week = $i + 1;
	
	//$sql_week = "insert into weeks (`number`, `season_id`) values ('{$week}', '{$season}')";
	//$conn->query($sql_week) or die($conn->error);
	//$weekID = $conn->insert_id;
	echo "&nbsp;&nbsp;&nbsp;&nbsp;Week {$week} Created:<br />";
	
	//$matchup = array();

	for($x = 0; $x < $matches; $x++){
		shuffle($teams1);
		shuffle($teams2);
		$team_1 = array_pop($teams1);
		$team_2 = array_pop($teams2);

		$rs = false;

		$rs = ($team_1['id'] == $team_2['id'] ? true : false);
		$sql_search = "select * from matches where season_id = '{$season}' "
		$sql_search .= "and team_1 = ('{$team_1['id']}' or '{$team_2['id']}') ";
		$sql_search .= "and team_2 = ('{$team_1['id']}' or '{$team_2['id']}')";
		$rss = $conn->query($sql_search) or die($conn->error);
		if(!$rs || !$rss){
			
			$sql_create = "insert into matches (`team_1`, `team_2`, `week`, `season_id`) values ('{$team_1['id']}', '{$team_2['id']}', '{$week}', '{$season}')";
			$rs = $conn->query($sql_create);
			if($rs){
				echo "&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;"; //testing purpose
				echo "{$team_1['name']} vs {$team_2['name']}<br />"; //testing purpose
			}
			else{
				echo 'error: ' . $conn->error . '<br />'; //testing purpose
			}
		}
		else{
			$teams1[] = $team_1;
			$teams2[] = $team_2;
			$x--;
		}
		
		
	}
}
 

Hello, I am trying to replace a url and add a sub-id to it, however I'm not quite there. Any help is always appreciated here. In the end, I would like the value of gotoUrl to have the cpId 123abc45 attached to it. I.E.

http://example.com/?Aff=56732&SID=123abc45
http://example.com/?Aff=56732&uv=123abc45&product=1834234
http://example.com/?Aff=56732&cid=123abc45&ace=2gs244s3

$gotoUrl = "http://example.com/?Aff=56732&SID=";
// OR could be listed as such:
// $gotoUrl = "http://example.com/?Aff=56732&uv=default&product=1834234";
// $gotoUrl = "http://example.com/?Aff=56732&cid=&ace=2gs244s3";

// Will attach this to replace value
$cpId = "123abc45";
// Possible sid replacements, depending on the url
$sidList = array("sid","SID","cid","uv");

	if ($gotoUrl){
		foreach($sidList as $sidVar){
			if (preg_match("/$sidVar/i", $gotoUrl)){
			$gotoUrl = preg_replace("#{$sidVar}(?=.*\d)(?=.*[a-z])(?=.*[A-Z])$#", "{$sidVar}={$cpId}", $gotoUrl);
			}
		}
        echo $gotoUrl;
        }

Edited by iwpg, 13 August 2014 - 10:36 PM.

HI, I have a registration script where a password is made with one hash, and a user password reset page that uses another hash. I don't know how to make them the same, as every time I change them, it messes up the code and I get errors.

I will comment the parts that I think need changing. Because when I try to log in with the new password that was made by the reset password script, it says "wrong username or password" because either it wasn't updated in the database, or it was updated in a bad way. Any help greatly appreciated.

The password email reset code:

Code: [Select]
<?php
 
define('IN_SCRIPT', true);
// Start a session
session_start();

ini_set ("display_errors", "1");
error_reporting(E_ALL);

$host = "";
$database  = "";
$username  = "";
$password  = "";
$tbl_name   = "";

$conn = mysql_connect($host, $username, $password) or die("Could not connect: " . mysql_error());

if($conn)
{
mysql_select_db($database);
echo "connected to database!!";
 } else {
  echo "failed to select database";
}
 



//this function will display error messages in alert boxes, used for login forms so if a field is invalid it will still keep the info
//use error('foobar');
function error($msg) {
    ?>
    <html>
    <head>
    <script language="JavaScript">
    <!--
        alert("<?=$msg?>");
        history.back();
    //-->
    </script>
    </head>
    <body>
    </body>
    </html>
    <?
    exit;
}

//This functions checks and makes sure the email address that is being added to database is valid in format.
function check_email_address($email) {
  // First, we check that there's one @ symbol, and that the lengths are right
  if (!ereg("^[^@]{1,64}@[^@]{1,255}$", $email)) {
    // Email invalid because wrong number of characters in one section, or wrong number of @ symbols.
    return false;
  }
  // Split it into sections to make life easier
  $email_array = explode("@", $email);
  $local_array = explode(".", $email_array[0]);
  for ($i = 0; $i < sizeof($local_array); $i++) {
     if (!ereg("^(([A-Za-z0-9!#$%&'*+/=?^_`{|}~-][A-Za-z0-9!#$%&'*+/=?^_`{|}~\.-]{0,63})|(\"[^(\\|\")]{0,62}\"))$", $local_array[$i])) {
      return false;
    }
  } 
  if (!ereg("^\[?[0-9\.]+\]?$", $email_array[1])) { // Check if domain is IP. If not, it should be valid domain name
    $domain_array = explode(".", $email_array[1]);
    if (sizeof($domain_array) < 2) {
        return false; // Not enough parts to domain
    }
    for ($i = 0; $i < sizeof($domain_array); $i++) {
      if (!ereg("^(([A-Za-z0-9][A-Za-z0-9-]{0,61}[A-Za-z0-9])|([A-Za-z0-9]+))$", $domain_array[$i])) {
        return false;
      }
    }
  }
  return true;
}


if (isset($_POST['submit'])) {

if ($_POST['forgotpassword']=='') {
error('Please Fill in Email.');
}
if(get_magic_quotes_gpc()) {
$forgotpassword = htmlspecialchars(stripslashes($_POST['forgotpassword']));
}
else {
$forgotpassword = htmlspecialchars($_POST['forgotpassword']);
}
//Make sure it's a valid email address, last thing we want is some sort of exploit!
if (!check_email_address($_POST['forgotpassword'])) {
  error('Email Not Valid - Must be in format of name@domain.tld');
}
    // Lets see if the email exists
    $sql = "SELECT COUNT(*) FROM users WHERE email = '$forgotpassword'";
    $result = mysql_query($sql)or die('Could not find member: ' . mysql_error());
    if (!mysql_result($result,0,0)>0) {
        error('Email Not Found!');
    }

//Generate a RANDOM MD5 Hash for a password//THIS IS THE POSSIBLE PROBLEM
$random_password=md5(uniqid(rand()));

//Take the first 8 digits and use them as the password we intend to email the user
$emailpassword=substr($random_password, 0, 8);

//Encrypt $emailpassword in MD5 format for the database
$newpassword = md5($emailpassword);

        // Make a safe query
$newpassword = mysql_real_escape_string($newpassword);
           $query = sprintf("UPDATE 'users' SET 'password' = '$newpassword'
                          WHERE 'email' = '$forgotpassword'");
                   

//Email out the infromation

$site_name = "mysite.COM";
$site_email = "noreply@mysite.COM";
$subject = "Your New Password";
$message = "Your new password is as follows:
----------------------------
Password: $emailpassword
----------------------------
Please make note this information has been encrypted into our database

This email was automatically generated.";
                       
          if(!mail($forgotpassword, $subject, $message,  "FROM: $site_name <$site_email>")){
             die ("Sending Email Failed, Please Contact Site Admin! ($site_email)");
          }else{
                error('New Password Sent!.');
         }

}

else {
?>
      <form name="forgotpasswordform" action="" method="post">
        <table border="0" cellspacing="0" cellpadding="3" width="100%">
          <caption>
          <div>Forgot Password</div>
          </caption>
          <tr>
            <td>Email Address:</td>
            <td><input name="forgotpassword" type="text" value="" id="forgotpassword" /></td>
          </tr>
          <tr>
            <td colspan="2" class="footer"><input type="submit" name="submit" value="Submit" class="mainoption" /></td>
          </tr>
        </table>
      </form>
      <?
}
?>
And now for the registration and password creation script

Code: [Select]
<?php
 
$host = " ";
$database  = " ";
$username  = " ";
$password  = " ";

mysql_connect($host, $username, $password) or die("Could not connect: " . mysql_error());

mysql_select_db($database);
 

if ($_POST['form_submitted'] == '1') {
##User is registering, insert data until we can activate it

$activationKey =  mt_rand() . mt_rand() . mt_rand() . mt_rand() . mt_rand();
$username = mysql_real_escape_string($_POST[username]);
 

$email = mysql_real_escape_string($_POST[email]);
//////////////////////////////////////////////////////////////////////////
 $username= $_POST['username'];

     $checkuser = mysql_query("SELECT username FROM users WHERE username='$username'");

        $username_exist = mysql_num_rows($checkuser);

        if($username_exist > 0){
       
   echo "I'm sorry but the username you specified has already been taken.  Please pick         another one.";
        unset($username);
$sendemail='0';
         }
   ///////////////////////////////////////////////////////////////////////////////////
   
     $email= $_POST['email'];

     $checkemail = mysql_query("SELECT email FROM users WHERE email='$email'");

        $useremail_exist = mysql_num_rows($checkemail);

        if($useremail_exist > 0){
       
   echo "I'm sorry but the email address you specified has already been taken.  Please pick         another one.";
        unset($email);
$sendemail='0';
         }
 ////////////////////////////////////////////////////////////////////////////// 

if ( $_POST['password'] == $_POST['password2'] && $username_exists <=0 && $useremail_exist <= 0) {

$password = sha1($_POST['password']);


$sql="INSERT INTO users (username, password, email, activationkey, status) VALUES ('$username', '$password', '$email', '$activationKey', 'verify')";

$sendemail = '1';

} else {

echo "*Passwords do not match!";
$sendemail='0';
}

if (!mysql_query($sql))

  {

  die('Error: ' . mysql_error());

  }
 $_POST['form_submitted'] = '0'; //make form disappear.

if ($sendemail =='1') { 
echo "An email has been sent to $_POST[email] with an activation key. Please check your mail to complete registration.";
}
##Send activation Email

$to      = $_POST[email];

$subject = "  Registration";

$message = "Welcome to our website! verify_user.php?$activationKey\r\rIf this is an error, ignore this email and you will be removed from our mailing list.\r\rRegards,\  Team";

$headers = 'From: noreply@r.com' . "\r\n" .

    'Reply-To: noreply@r.com' . "\r\n" .

    'X-Mailer: PHP/' . phpversion();

mail($to, $subject, $message, $headers);

} else {

##User isn't registering, check verify code and change activation code to null, status to activated on success

$queryString = $_SERVER['QUERY_STRING'];

$query = "SELECT * FROM users"; 

$result = mysql_query($query) or die(mysql_error());

  /*if*/ while($row = mysql_fetch_array($result)){

    if ($queryString == $row["activationkey"]){
     
 
  $_POST['form_submitted'] = '2'; //make form disappear.
     
 
   echo "Congratulations!" . $row["username"] . " is now the proud new owner of an e.com account. Please sign in to the site at  <a href='sign_in.php'>THIS LINK</a>. ";

    $sql=" UPDATE users SET status='activated' WHERE (id = $row[id])";
          //UPDATE users SET activationkey = '',
  
   //$sql="UPDATE users SET activationkey = 'Done-$row[id]', status='activated' WHERE (id = $row[id])";
       if (!mysql_query($sql))

  {

        die('Error: ' . mysql_error());

  }

    }

  }

}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
<style type="text/css">
<!--
.style1 {
font-size: large;
font-weight: bold;
}
.style3 {font-size: large}
-->
</style>
</head>

<body>
 
<?php 

if (!isset ($_POST['form_submitted'])){

echo (' <div align="center"><span class="style3">&nbsp;&nbsp;Please register. 
&nbsp;&nbsp;</span> 
 <table border="0">
 <form action="verify_user.php" method="post" name="register">
 <tr><td>Username: <input type="text" name="username" maxlength="20"></td></tr>
 <tr><td>Password:<input type="password" name="password" /></td><td>
 <tr><td>Confirm password: <input type="password" name="password2" maxlength="20"></td><td>
 <tr><td> Email: <input type="text" name="email" /></td></tr>
  
    <input type="hidden" name="form_submitted" value="1"/>  

 <tr><td><input type="submit" value="Submit" /></td></tr>
</form>
 </table>
 </div>'); 
 
 }
 if ( $_POST['form_submitted'] =='2'){  
 echo (" You may now enter the site!");//echo nothing no form. 
 }
 ?>

 
</body>

</html>