|
PHP - Password Protect Members Area
Hello, I just joined today! I am very new to php, I'm sure you'll be able to tell
I created a 'members area only' thanks to some awesome online tutorials!! The only part that isn't working is the page protection for the 'members only area'. I am using $_SESSION and ISSET, but wonder why page shows when the address to the protected page is typed directly in, (no session should exist) if I understand correctly ... Any help will be wonderful, I really can't do this on my own yet. I have tried many different combinations, I may have them all mixed together by now. Currently, I have this code to the top of the page I am trying to protect ... <? ob_start(); session_start(); //The users login details should be stored either in the post array or session array so we pull those login credentials $username = isset($_POST['username']) ? $_POST['username'] : $_SESSION['username']; $password = isset($_POST['password']) ? $_POST['password'] : $_SESSION['password']; //if no username session variable exists, redirect user: if(!isset($username)) { header("Location: login_form.php"); } ?> <html> <head> </head> <body> <p> This is the members only area</p> </body> </html> Similar Tutorialshey guys, im new to PHP and im trying to use a login script that allows users to register and login to my site from my database. on my login/register pages i get this error Warning: mysql_pconnect() [function.mysql-pconnect]: Unknown MySQL server host 'host' (1) in /home/hullcale/public_html/dbConfig.php on line 12 Error connecting to database. Warning: mysql_select_db() [function.mysql-select-db]: Access denied for user 'hullcale'@'localhost' (using password: NO) in /home/hullcale/public_html/dbConfig.php on line 20 Warning: mysql_select_db() [function.mysql-select-db]: A link to the server could not be established in /home/hullcale/public_html/dbConfig.php on line 20 it seems like al my problems are from my page dbConfig.php on line 12 and 20, problem is i dont know how to edit them, here is the code from that page... things you may need to know is my databse is called hullcale_database, user is Admin, password is password, as for host im not actually sure where i get this from? any tips?! <? // Replace the variable values below // with your specific database information. $host = "localhost"; $user = "UserName"; $pass = "Password"; $db = "dbName"; // This part sets up the connection to the // database (so you don't need to reopen the connection // again on the same page). $ms = mysql_pconnect(host, $user, $pass); if ( !$ms ) { echo "Error connecting to database.\n"; } // Then you need to make sure the database you want // is selected. mysql_select_db($db); ?> Hey everyone! Thanks for taking the time to help. I have two files..a membership area and a commenting section. I am fairly new at these subjects but I am a quick learner. First off, I need help figuring out why my "register.php" in the members area file isn't working properly, everything looks to be ok but maybe I have been working on this too long. Quite frankly I can't check and see if all of the other scripts are correct because I can't get past the "register.php". So if you all wouldn't mind helping me out on this part, I would greatly appreciate it Secondly, I have a commenting section and in the "demo.php", there is a warning that appears as follows: "Warning: mysql_fetch_assoc() expects parameter 1 to be resource, boolean given in C:\Program Files (x86)\EasyPHP-5.3.8.1\www\comments\demo.php on line 17 " If someone could tell me what is missing or help me figure out what to do in simple terms, I would greatly appreciate that as well. Thanks! Gene [attachment deleted by admin] When a user logs in and clicks on the update link they get sent to update.php. On the bottom of this page there is a "Back to Index" link which leads back to the page they were just on (index.php). However all the records in the mysql table is being listed instead if just the users. Any ideas why? I'm using sessions for my members area and echoing it to make sure it's being passed between both pages correctly and it is. Hey, nooby here I am looking for a PHP solution for password protect pages. I have successfully implemented this code which check a user name and password to grant access. The problem is that each user needs a different (password protected) page. What I would like to do is take it a step further and have each user directed to a specific page. visitor1 => www.mysite.com/visitor1.com visitor2 => www.mysite.com/visitor2.com Since I am not going to have anymore than three users I don't want the complication of a database and keep everything PHP. Any idea please? Cheers, This is the login page:
<?php
$LOGIN_INFORMATION = array(
'visitor1' => 'password1',
'visitor2' => 'password2'
);
define('USE_USERNAME', true);
define('LOGOUT_URL', 'http://www.mysite.com/logout.php');
define('TIMEOUT_MINUTES', 0);
define('TIMEOUT_CHECK_ACTIVITY', true);
if(isset($_GET['help'])) {
die('Include following code into every page you would like to protect, at the very beginning (first line):<br><?php include("' . str_replace('\\','\\\\',__FILE__) . '"); ?>');
}
$timeout = (TIMEOUT_MINUTES == 0 ? 0 : time() + TIMEOUT_MINUTES * 60);
if(isset($_GET['logout'])) {
setcookie("verify", '', $timeout, '/'); // clear password;
header('Location: ' . LOGOUT_URL);
exit();
}
if(!function_exists('showLoginPasswordProtect')) {
function showLoginPasswordProtect($error_msg) {
?>
<!DOCTYPE HTML>
<html>
<head>
</head>
<body class="loading">
<div style="width:500px; margin-left:auto; margin-right:auto; text-align:center">
<form method="post">
<p>Please enter password</p><br />
<font color="red"><?php echo $error_msg; ?></font><br />
<?php if (USE_USERNAME) echo 'Login:<br /><input type="input" name="access_login" /><br />Password:<br />'; ?>
<input type="password" name="access_password" /><p></p><input type="submit" name="Submit" value="Submit" />
</form>
</div>
</body>
</html>
<?php
die();
}
}
if (isset($_POST['access_password'])) {
$login = isset($_POST['access_login']) ? $_POST['access_login'] : '';
$pass = $_POST['access_password'];
if (!USE_USERNAME && !in_array($pass, $LOGIN_INFORMATION)
|| (USE_USERNAME && ( !array_key_exists($login, $LOGIN_INFORMATION) || $LOGIN_INFORMATION[$login] != $pass ) )
) {
showLoginPasswordProtect("Incorrect password.");
}
else {
setcookie("verify", md5($login.'%'.$pass), $timeout, '/');
unset($_POST['access_login']);
unset($_POST['access_password']);
unset($_POST['Submit']);
}
}
else {
if (!isset($_COOKIE['verify'])) {
showLoginPasswordProtect("");
}
$found = false;
foreach($LOGIN_INFORMATION as $key=>$val) {
$lp = (USE_USERNAME ? $key : '') .'%'.$val;
if ($_COOKIE['verify'] == md5($lp)) {
$found = true;
// prolong timeout
if (TIMEOUT_CHECK_ACTIVITY) {
setcookie("verify", md5($lp), $timeout, '/');
}
break;
}
}
if (!$found) {
showLoginPasswordProtect("");
}
}
?>
And here is the code I used at the top of each protected page:
<?php include("/home/user/public_html/clients/login.php"); ?>[/code]
hi all i have a code that i am trying to password to protect my webpage and i cant seen to get it to coonect to mysql DB. here is the code $c_username = "root"; $c_password = "Steph1989"; $c_host = "localhost"; $c_database = "eclipse_media"; // Connect. $connection = mysql_connect($c_host, $c_username, $c_password) or die ("It seems this site's database isn't responding."); mysql_select_db($c_database) or die ("It seems this site's database isn't responding."); I'm not sure if this is a php or Apache question but here goes anyways. I have my Apache web server set up so I can access it from anywhere which obviously means anyone else can access it too. I have my index page which is basically a menu for the site password protected with a simple php script. The problem is the index.php password page can be bypassed by just typing the name or path of any of the pages on the site. I don't want to have to password protect or enter a session variable onto every page. Is there a practical way to make it where no page can be accessed without being routed from the index.php page ? Hi, I have the following code: Code: [Select] <?php $cmd = $_GET['cmd']; if($cmd=="") { $cmd = "adminlogin";} // This creates the header for each of the installation pages switch($cmd) { // This is the installation agreement page case "adminlogin": print <<<LOGIN <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <title>Member Site Maker 1.0</title> <link rel="stylesheet" href="style.css" type="text/css" /> </head> <body> <div id="head" align="center"> <h1 id="siteName">Member Site Maker </h1> <br /> <table align="center" border="0" bgcolor="#CCCCCC"> <tr> <td align="center"><span class=style1><b>ADMIN LOGIN</b></span></td> </tr> <tr> <td> <form action=admin.php?cmd=manage method=POST> Password: <input type=text name=password1> </td> </tr> <tr> <td> <input type=submit name=submit value=Submit> </td> </tr> </table> </form> LOGIN; break; // Managing Users case "manage": include_once("header.html"); include_once("data/password.php"); $password1 = $_POST['password1']; $password2 = base64_decode($password); if ($password1 != $password2) { print <<<BADLOGIN <table width=953 border=1 align=center bgcolor=#00CCFF> <tr> <td><span class=style1><b><center>Failed Login</center></b></span></td> </tr> <tr> <td><span class=style2>Your passwords do not match. Please go back and correct this error</td> </tr> </table> BADLOGIN; } else { echo <<<MANAGE <!--end navBar2 div --> <div id="navBar2"> <div id="sectionLinks"> <ul> <li><a href="admin.php?cmd=manage&password1=$password1">Manage</a></li> <li><a href="admin.php?cmd=dashboard&password1=$password1">Dashboard</a></li> <li><a href="admin.php?cmd=approval&password1=$password1">Approval</a></li> <li><a href="admin.php?cmd=msgcentre&password1=$password1">Message Center</a></li> <li><a href="admin.php?cmd=logins&password1=$password1">Logins</a></li> </ul> </div> </div> <!--end navBar2 div --> <div id="content"> <div class="story"> <table width="100%" border="0"> <tr> <td bgcolor="#99FF66"><div align="center"><span class="style3">Login</span></div></td> <td bgcolor="#99FF66"><div align="center"><span class="style3">Name</span></div></td> <td bgcolor="#99FF66"><div align="center"><span class="style3">Last Visited </span></div></td> <td bgcolor="#99FF66"><div align="center"><span class="style3">Registration Date </span></div></td> <td bgcolor="#99FF66"><div align="center"><span class="style3">Reset Password </span></div></td> <td bgcolor="#99FF66"><div align="center"><span class="style3">Delete</span></div></td> </tr> <tr> <td> </td> <td> </td> <td> </td> <td> </td> <td> </td> <td> </td> </tr> </table> <h3> </h3> </div> </div> <!--end content --> MANAGE; } break; case "dashboard": break; case "approval": break; This works fine for when viewing the admin.php, I am asked for a password and then it compares the password against the encoded password before displaying the manage page. However this does not stop someone typing http://www.mysite.com/folder/admin.php?cmd=dashboard If they do that, it skips the password form and password check, and they can then go ahead and do whatever in the admin.php file. How can I prevent this, so that a password check is automatically done before allowing somebody to view the page? I have tried adding the code I used in the manage section, but it doesnt work again. Any help will be greatly appreciated, I been trying to work it out all day and run out of ideas. Many Thanks I have a problem w/ a widely used password protect php code. I use a business directory program that allows custom input fields. I'm using this code to password protect a business listing page in my directory code. I created custom fields for the username & password so a listing can enter their own user/pass but when I test it it won't work when I'm calling/echoing the fields. When I hardcode it w/ a user/pass it works. Any ideas on how I should recode this?: Quote <?php // Define your username and password $username = "<?php echo $custom_74; ?>"; $password = "<?php echo $custom_16; ?>"; if ($_POST['txtUsername'] != $username || $_POST['txtPassword'] != $password) { ?> <h1>Login</h1> <form name="form" method="post" action="<?php echo $_SERVER['REQUEST_URI']; ?>"> <p><label for="txtUsername">Username:</label> <br /><input type="text" title="Enter your Username" name="txtUsername" /></p> <p><label for="txtpassword">Password:</label> <br /><input type="password" title="Enter your password" name="txtPassword" /></p> <p><input type="submit" name="Submit" value="Login" /></p> </form> <?php } else { ?> I close the code correctly. <?php echo $custom_74; ?> & <?php echo $custom_16; ?> are just incidently my custom field echo codes. I have over 150 custom fields working fine for user/listee options. The password protect code won't accept echos it seems as coded above. Thanks, Gene This topic has been moved to Apache HTTP Server. http://www.phpfreaks.com/forums/index.php?topic=358740.0 I'm trying to password protect and admin area but an included script, but it's not working very well. I've used this script forever, but for some reason it pops up an alert that says "The URL is not valid and cannot be loaded," when the form is submitted. It's an old script from PHPBuddy. Here is the script: // password_protect.php Code: [Select] <?php # Simple password protection # # (c) http://www.phpbuddy.com # Author: Ranjit Kumar # Feel free to use this script but keep this message intact! # # To protect a page include this file in your PHP pages! session_start(); $admin_user_name = "admin"; $admin_password = "admin"; //you can change the username and password by changing the above two strings if (!isset($HTTP_SESSION_VARS['user'])) { if(isset($HTTP_POST_VARS['u_name'])) $u_name = $HTTP_POST_VARS['u_name']; if(isset($HTTP_POST_VARS['u_password'])) $u_password = $HTTP_POST_VARS['u_password']; if(!isset($u_name)) { ?> <HTML> <HEAD> <TITLE><?php echo $HTTP_SERVER_VARS['HTTP_HOST']; ?> : Authentication Required</TITLE> </HEAD> <BODY bgcolor=#ffffff> <table border=0 cellspacing=0 cellpadding=0 width=100%> <TR><TD> <font face=verdana size=2><B>(Access Restricted to Authorized Personnel)</b> </font></td> </tr></table> <P></P> <font face=verdana size=2> <center> <?php $form_to = "http://$HTTP_SERVER_VARS[HTTP_HOST]$HTTP_SERVER_VARS[PHP_SELF]"; if(isset($HTTP_SERVER_VARS["QUERY_STRING"])) $form_to = $form_to ."?". $HTTP_SERVER_VARS["QUERY_STRING"]; ?> <form method=post action=<?php echo $form_to; ?>> <table border=0 width=350> <TR> <TD><font face=verdana size=2><B>User Name</B></font></TD> <TD><font face=verdana size=2><input type=text name=u_name size=20></font></TD></TR> <TR> <TD><font face=verdana size=2><B>Password</B></font></TD> <TD><font face=verdana size=2><input type=password name=u_password size=20></font></TD> </TR> </table> <input type=submit value=Login></form> </center> </font> </BODY> </HTML> <?php exit; } else { function login_error($host,$php_self) { echo "<HTML><HEAD> <TITLE>$host : Administration</TITLE> </HEAD><BODY bgcolor=#ffffff> <table border=0 cellspacing=0 cellpadding=0 width=100%> <TR><TD align=left> <font face=verdana size=2><B> You Need to log on to access this part of the site! </b> </font></td> </tr></table> <P></P> <font face=verdana size=2> <center>"; echo "Error: You are not authorized to access this part of the site! <B><a href=$php_self>Click here</a></b> to login again.<P> </center> </font> </BODY> </HTML>"; session_unregister("adb_password"); session_unregister("user"); exit; } $user_checked_passed = false; if(isset($HTTP_SESSION_VARS['adb_password'])) { $adb_session_password = $HTTP_SESSION_VARS['adb_password']; if($admin_password != $adb_session_password) login_error($HTTP_SERVER_VARS['HTTP_HOST'],$HTTP_SERVER_VARS['PHP_SELF']); else { $user_checked_passed = true; } } if($user_checked_passed == false) { if(strlen($u_name)< 2) login_error($HTTP_SERVER_VARS['HTTP_HOST'],$HTTP_SERVER_VARS['PHP_SELF']); if($admin_user_name != $u_name) //if username not correct login_error($HTTP_SERVER_VARS['HTTP_HOST'],$HTTP_SERVER_VARS['PHP_SELF']); if(isset($admin_password)) { if($admin_password == $u_password) { session_register("adb_password"); session_register("user"); $adb_password = $admin_password; $user = $u_name; } else { //password in-correct login_error($HTTP_SERVER_VARS['HTTP_HOST'],$HTTP_SERVER_VARS['PHP_SELF']); } } else { login_error($HTTP_SERVER_VARS['HTTP_HOST'],$HTTP_SERVER_VARS['PHP_SELF']); } $page_location = $HTTP_SERVER_VARS['PHP_SELF']; if(isset($HTTP_SERVER_VARS["QUERY_STRING"])) $page_location = $page_location ."?". $HTTP_SERVER_VARS["QUERY_STRING"]; header ("Location: ". $page_location); } } } ?> And here is the file I'm trying to protect: //index.php Code: [Select] <?php include('password_protect.php'); include("connection.php"); //Logout if($_REQUEST['action'] == "logout") { session_unset(); session_destroy(); header('Location:index.php'); } //Script Actions //Add Main Display if ($_REQUEST['action'] == "add_main_d") { //Upload Image $target_path = "main_display/"; $target_path = $target_path . basename( $_FILES['image']['name']); if(move_uploaded_file($_FILES['image']['tmp_name'], $target_path)) { $msg1 = "<p>The image ". basename( $_FILES['image']['name']). " has been uploaded</p>"; } else { $msg1 = "<p>There was an error uploading the image, please try again!</p>"; } $image = $_FILES['image']['name']; //Add Info to Database $query = "INSERT INTO main_display (title,descrip,link,image) VALUES('$_REQUEST[title]','$_REQUEST[descrip]','$_REQUEST[link]','$image')"; $result = mysql_query($query) or die ("Can't do anything with the query!"); $msg = "<p>" . $_REQUEST['title'] . " added to the main display.</p>"; } //Add Guest if ($_REQUEST['action'] == "add_guest") { //Upload Image $target_path = "guests/"; $target_path = $target_path . basename( $_FILES['image']['name']); if(move_uploaded_file($_FILES['image']['tmp_name'], $target_path)) { $msg1 = "<p>The image ". basename( $_FILES['image']['name']). " has been uploaded</p>"; } else { $msg1 = "<p>There was an error uploading the image, please try again!</p>"; } $image = $_FILES['image']['name']; //Add Info to Database $query = "INSERT INTO guest (name,ep,link,image) VALUES('$_REQUEST[name]','$_REQUEST[ep]','$_REQUEST[link]','$image')"; $result = mysql_query($query) or die ("Can't do anything with the query!"); $msg = "<p>" . $_REQUEST['name'] . " was added to the guest list.</p>"; } //Delete Item if($_REQUEST['action'] == "delete_item"){ $query = "SELECT * FROM main_display WHERE id = '$_REQUEST[item]'"; $result = mysql_query($query) or die ("Can't do anything with the query!"); $row = mysql_fetch_array($result,MYSQL_ASSOC); $image = $row['image']; unlink("main_display/$image"); //Delete news $query = "DELETE FROM main_display WHERE id = '$_REQUEST[item]'"; $result = mysql_query($query) or die ("Can't do anything with the query!"); $msg = "Display Meny Item erased."; } //Delete Guest if($_REQUEST['action'] == "delete_guest"){ $query = "SELECT * FROM guest WHERE id = '$_REQUEST[item]'"; $result = mysql_query($query) or die ("Can't do anything with the query!"); $row = mysql_fetch_array($result,MYSQL_ASSOC); $image = $row['image']; unlink("guests/$image"); //Delete news $query = "DELETE FROM guest WHERE id = '$_REQUEST[item]'"; $result = mysql_query($query) or die ("Can't do anything with the query!"); $msg = "Display Meny Item erased."; } ?> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <link rel="stylesheet" type="text/css" href="style.css" /> <title>Admin Window</title> <?php //Form Check - Javascript if($_REQUEST['view'] == "main_d") { include("add_main_d_check.php"); } if($_REQUEST['view'] == "guest_d") { include("add_guest_d_check.php"); } ?> </head> <body> <div id="wrapper"> <h1> Admin Window </h1> <div id="links"> <ul> <li><a href="index.php">Main</a></li> <li><a href="index.php?view=main_d">Main Display</a></li> <li><a href="index.php?view=guest_d">Guests</a></li> <li><a href=\"index.php?action=logout\">Logout</a></li> </ul> </div> <?php if (isset($msg1)) { echo $msg1 . "<br />"; } if (isset($msg)) { echo $msg; } //Page Controller switch($_REQUEST['view']) { case "main_d": include("main_d.php"); break; case "guest_d": include("guests.php"); break; default: if(!isset($_REQUEST['action'])){ echo "<p>Please select an action.</p>"; } break; } ?> </div> </body> </html> I will be grateful for any help on this. Thanks! Hello PhP Freaks forum In the past weeks ive been trying to make a website, where you can register. Everything seems to work except my cherished Change password feature. Everytime you try to change the password, it just resets it to nothing. Here is the code below. <?php if(isset($_SESSION['username'])) { $username = $_SESSION['username']; $lastname = $_SESSION['lastname']; $firstname = $_SESSION['firstname']; $email = $_SESSION['email']; echo " <h4>Options for:</h4> $username <br /> <br /> First name: $firstname <br />Last name: $lastname <br /><br /><h3>Want to change your password:</h3><br /> <form action='?do=option' method='post'> Old password <input type='password' placeholder='Has to be between 5-15 digits' name='password' size='30' value='' /><br /> <br /> New Password<input type='password' placeholder='Has to be between 5-15 digits' name='newpass' size='30' value='' /><br /> <br /> Confirm new password <input type='password' placeholder='Has to be between 5-15 digits' name='passconf' size='30' value='' /><br /> <center></div><input type='submit' value='Submit'/></center></form>"; }else{ echo 'Please login to view your options!'; } $password = $_REQUEST['password']; $pass_conf = $_REQUEST['newpass']; $email = $_REQUEST['passconf']; $connect = mysql_connect("Host", "User", "Password"); if(!$connect){ die(mysql_error()); } //Selecting database $select_db = mysql_select_db("My Database", $connect); if(!$select_db){ die(mysql_error()); } //Find if entered data is correct $result = mysql_query("SELECT * FROM users WHERE username='$username' AND password='$password'"); $row = mysql_fetch_array($result); $id = $row['id']; mysql_query("UPDATE users SET password='$newpass' WHERE username='$user'") ?> And i do know that i dont have a if(Empty($newpass)){ Die(Please fill out the new password) } Or any security on the others, but the problem just seems that it resets the password into nothing Hope i can get this fixed Best Regards William Pfaffe This topic has been moved to Application Design. http://www.phpfreaks.com/forums/index.php?topic=353345.0 <?php
require_once('upper.php'); require_once('database.php'); echo $error_msg=''; if(isset($_POST['submit'])) { $LoginId=mysqli_real_escape_string($dbc,trim($_POST['LoginId'])); $Password1=mysqli_real_escape_string($dbc,trim($_POST['Password1'])); $Password2=mysqli_real_escape_string($dbc,trim($_POST['Password2'])); $Name=mysqli_real_escape_string($dbc,trim($_POST['Name'])); $Age=mysqli_real_escape_string($dbc,trim($_POST['Age'])); $BloodGroup=mysqli_real_escape_string($dbc,trim($_POST['BloodGroup'])); if(!isset($_POST['Sex'])) { echo 'Please enter Sex<br>'; } else{ $Sex= mysqli_real_escape_string($dbc,trim($_POST['Sex'])); } $Qualification=mysqli_real_escape_string($dbc,trim($_POST['Qualification'])); $ContactNumber=mysqli_real_escape_string($dbc,trim($_POST['ContactNumber'])); $Email=mysqli_real_escape_string($dbc,trim($_POST['Email'])); $Address=mysqli_real_escape_string($dbc,trim($_POST['Address'])); $AboutYourself=mysqli_real_escape_string($dbc,trim($_POST['AboutYourself'])); //$countCheck=count($_POST['checkbox']); //echo $countCheck; //$checkbox=$_POST['checkbox']; //$countCheck=count($checkbox); if(empty($LoginId)){echo 'Please enter Login Id';} elseif(empty($Password1)){echo 'Please enter Password';} elseif(empty($Password2)){echo 'Please confirm Password';} elseif($Password1!==$Password2){echo 'Password didn\'t match';} elseif(empty($Name)){echo 'Please enter Name';} elseif(empty($Age)){echo 'Please enter Age';} elseif(!isset($_POST['Sex'])){} elseif(empty($Qualification)){echo 'Please enter Qualification';} elseif(empty($ContactNumber)){echo 'Please enter Contact Number';} elseif(empty($Email)){echo 'Please enter Email';} elseif(empty($Address)){echo 'Please enter Address';} elseif(empty($AboutYourself)){echo 'Please enter About Yourself';} elseif(!isset($_POST['checkbox'])){ echo 'You have to register at least one activity.';} elseif(!isset($_POST['TermsAndConditions'])){ echo 'You have to agree all Terms and Conditions of Elite Brigade.';} else { require_once('database.php'); $query="select * from registration where LoginId='$LoginId'"; $result=mysqli_query($dbc,$query); if(mysqli_num_rows($result)==0) { $checkbox=$_POST['checkbox']; $countCheck=count($_POST['checkbox']); $reg_id=' '; for($i=0;$i<$countCheck;$i++) { $reg_id=$reg_id.$checkbox[$i].','; $query="insert into activity_participation (LoginId,Title,Date) values ('$LoginId','$checkbox[$i]',CURDATE())"; $result=mysqli_query($dbc,$query) or die("Not Connected"); } $query="insert into registration (LoginId,Password,Name,Age,BloodGroup,Sex,Qualification,ContactNumber,Email,Address,AboutYourself,Activity)values ('$LoginId'[B],SHA('$Password1'),[/B]'$Name','$Age','$BloodGroup','$Sex','$Qualification','$ContactNumber','$Email','$Address','$AboutYourself',',$reg_id')"; $result=mysqli_query($dbc,$query) or die("Not Connect"); echo ' Dear '.$Name.'.<br>Your request has been mailed to admin.<br>Your account is waiting for approval<br>'; $from= 'Elite Brigade'; $to='ankitp@rsquareonline.com'; $subject='New User Registration'; $message="Dear admin,\n\nA new user request for registration. Please check it out.\n\nRegards\nMicro"; mail($to,$subject,$message,'From:'.$from); //header('Location: index.php'); // header('Location: Registration.php'); } else { echo 'Dear '.$Name. ', <br> An account already exist with login-id<b> '.$LoginId.'</b> <br>Please try another login-id'; }} } ?> <html> <head> <script src="jquery-latest.js"></script> <script type="text/javascript" src="jquery-validate.js"></script> <style type="text/css"> * { font-family: Verdana; } label.error { color: white; padding-left: .5em; } p { clear: both; } .submit { margin-left: 12em; } em { font-weight: bold; padding-right: 1em; vertical-align: top; } </style> <script> $(document).ready(function(){ $("#commentForm").validate(); }); </script> </head> <body> <?php echo $error_msg; ?> <form action='<?php echo $_SERVER['PHP_SELF'];?>' id="commentForm" method='post'> <div class="registration_and_activity"> <table border="0" width="380"> <tr><td colspan="2"> <h3>New User?</h3></td></tr> <tr><td width="120"> <em>*</em>Enter Login id</td><td width="150"><input type='text' name='LoginId' minlength="4" value='<?php if(!empty($LoginId))echo $LoginId;?>' /></td></tr> <tr><td> <em>*</em>Enter Password</td> <td><head> <div id="divMayus" style="visibility:hidden">Caps Lock is on.</div> <SCRIPT language=Javascript> function capLock(e){ kc = e.keyCode?e.keyCode:e.which; sk = e.shiftKey?e.shiftKey:((kc == 16)?true:false); if(((kc >= 65 && kc <= 90) && !sk)||((kc >= 97 && kc <= 122) && sk)) document.getElementById('divMayus').style.visibility = 'visible'; else document.getElementById('divMayus').style.visibility = 'hidden'; } </SCRIPT> </HEAD> <input onkeypress='return capLock(event)' type='password' name='Password1' value='<?php if(!empty($Password1))echo $Password1;?>' /></td></tr> <tr><td> <em>*</em>Confirm Password</td><td><input type='password' name='Password2' value='<?php if(!empty($Password2))echo $Password2;?>' /></td></tr> <tr><td width="120"> <em>*</em>Enter Name</td> <td><input type='text' name='Name' value='<?php if(!empty($Name))echo $Name;?>' /></td></tr> <tr><td> <em>*</em>Enter Age</td><HEAD> <SCRIPT language=Javascript> function isNumberKey(evt) { var charCode = (evt.which) ? evt.which : event.keyCode if (charCode > 31 && (charCode < 48 || charCode > 57)) return false; return true; } </SCRIPT> </HEAD> <td><INPUT onkeypress='return isNumberKey(event)' type='text' name='Age' value='<?php if(!empty($Age))echo $Age;?>'/></td></tr> <tr><td> <em>*</em>Enter Blood</td><td><input type='text' name='BloodGroup' value='<?php if(!empty($BloodGroup))echo $BloodGroup;?>' /></td></tr> <tr><td> <em>*</em>Enter Sex</td><td><input type='radio' name='Sex' style='width:16px; border:0;' 'value='Male' />Male <input type='radio' name='Sex' style='width:16px; border:0;' 'value='Female' />Female</td></tr> <tr><td> <em>*</em>Enter Qualification</td><td><input type='text' name='Qualification' value='<?php if(!empty($Qualification))echo $Qualification;?>' /></td></tr> <tr><td> <em>*</em>Contact Number </td><td><input onkeypress='return isNumberKey(event)'type='text' name='ContactNumber' value='<?php if(!empty($ContactNumber))echo $ContactNumber;?>' /></td></tr> <tr><td> <em>*</em>Enter Email</td><td><input type='text' name='Email'class="email" value='<?php if(!empty($Email))echo $Email;?>' /></td></tr> <tr><td> <em>*</em>Enter Address</td><td><input type='text' name='Address' value='<?php if(!empty($Address))echo $Address;?>' /></td></tr> <tr ><td > <em>*</em>About Yourself </td></tr> <tr><td colspan="2"><textarea rows='10' cols='40' name='AboutYourself' /><?php if(!empty($Address))echo $Address;?></textarea></td></tr> <tr><td> <?php echo" <tr><td colspan='2'><em>*</em><b>Select fields for which you want to register</b></td></tr>"; require_once('database.php'); $query="select * from activity"; $result=mysqli_query($dbc,$query); while($row=mysqli_fetch_array($result)){ $Title=$row['Title']; $ActivityId=$row['ActivityId']; echo "<tr><td>$Title</td>"; echo "<td><input type='checkbox' name='checkbox[]' value='$Title' style='width:14px; text-align:right;'/></td></tr>";//value=$ActivityId tells ActivityId variable extracts with name="checkbox" echo "<br/>"; } echo "<td><em>*</em><input type='checkbox' name='TermsAndConditions' style='width:14px; text-align:right;'/></td><td> I agree all <a href='TermsAndConditions.php'>Terms and conditions </a>of Elite Brigade</td></tr>"; echo "<tr><td colspan='2' align='center'><input type='submit' value='Register' name='submit' style='background:url(./images/button_img2.png) no-repeat 10px 0px; width:100px; padding:3px 0 10px 0; color:#FEFBC4; border:0;'/></td></tr><br>"; echo " </td></tr></table> </div> </form> </body> </html>"; require_once('lower.php'); ?> Hi Friends .... I encrypt user password by SHA('$Password') method but now i want to add "Forget Password Module" for which I need to decrypt it first before tell my user but I don't Know how to decrypt it. Please help me........ I created a field in "b_users" table as "banned" with default value="no". i.e, all members by default are set to "banned"="no". I was testing this code in my some pages to ban member and prevent access to my pages: $getid="SELECT * from b_users where id='$user_id'"; if($getid[banned]=="yes") { die("<center>You have been banned from posting</center>"); } else { show page Above code is banning all members. But i want to show ban message to members who's "banned" field value is set to "yes" only. How to do that? i been working on my view Members page for a while now i can't seem to get it to work right this is how i shows up for me and i want it to show up like this i think it has something to do with the loop, but have no idea how to fix this :S <?php require_once('settings.php'); checkLogin('1 2'); $Members = mysql_query("SELECT * FROM users") or die(mysql_error()); $numRowsMembers = mysql_num_rows($Members); ?> <?php for($count = 1; $count <= $numRowsMembers; $count++) { $name = mysql_fetch_array($Members); ?> <table border=2> <tr><td><img src="<? echo $name['main_P']?>" width="50" height="50"/> <a href="view_profile.php?username=<? echo $name['Username']?>"><? echo $name['Username']?></a> <? $onlinestatus = $name['ON_OFF']; if ( $onlinestatus == OFFLINE ) { echo ""; } else { echo "<font color=green>Online Now!</font>"; } ?> </td></tr></table> <? } ?> Hi Guys, I was wondering how I could wrap my members page so that only 5 members appear at a time and you have to click the next button to go onto the next page. Here is the current code. Code: [Select] $userid = $_SESSION['userid']; $query = "SELECT username, first_name, last_name, password, email, dob, mob, yob, year, gender FROM spotty WHERE user_id = '" . $userid . "'"; $query2 = "SELECT user_id FROM spotty WHERE user_id = '" . $userid . "'"; $result = mysql_query($query) or die('Error Getting Information Requested'); $result2 = mysql_query($query2) or die('Error Getting user_id'); $row = mysql_fetch_array($result); $row2 = mysql_fetch_array($result2); //$result = mysql_query($query); $num = mysql_num_rows($result2); $username = $row['username'] ; if($_SESSION['userid'] == NULL) { echo "Sorry, wrong username or password. You will be redirected in 5 seconds."; echo "<meta http-equiv='refresh' content='7;url=http://www.klueless.net/daisysite'>"; } else { echo "Members."; echo "<br />"; $membsquery="SELECT * FROM spotty WHERE showmem = '0'"; $membs=mysql_query($membsquery); $num=mysql_numrows($membs); $membresult = mysql_result($membs,$i,"user_id"); $useridname = $membresult['username']; echo "<br /> <br />" ; echo "<table border='0' cellspacing='2' cellpadding='2'> <tr> <font face='Comic Sans MS, cursive'>Click on a username to see their profile.</font> <br /> <br /> </tr>"; $i = 0; while ($i < $num) { $f1 = "<font face='Verdana, Geneva, sans-serif'><a href='profile.php?id=" . mysql_result($membs,$i,"user_id") . "'>" . mysql_result($membs,$i,"username") . "</a><br /><br />"; echo "<tr> <td>" . $f1 ."</font></td> </tr> </table>" ; $i++; } } mysql_close() ?> Thanks in advance! Hi guys, Im trying to get my members_profile.php to display the users profile.... I.e members_profile.php?boxerman will display my information. I've been at it for hours but no luck... This is what im trying to code: <?php include ("connect.php") $username = $_GET['username']; $user = mysql_query("SELECT * FROM user WHERE username = '$username'"); $user=mysql_fetch_assoc($user); echo "<h1>User Info</h1>"; echo "<b>Username:".$user['username']."<br>"; echo "<br>"; echo '<form name="backlistfrm" method="post" action="members.php">'; echo '<input type="submit" value="Back to The List">'; echo '</form>'; echo "<br>"; ?> It displays nothing when going to members_profile.php?boxerman Any advice as to why? Regards, B-Man $_GET["find"] displays all users including the current user. The current user should not be displayed. I would like to display members that are NOT friends with the current user. Do I need to join the tables to make this work? $_GET["add"] inserts "screen_name" into "member and friendwith" Code: [Select] <?php if(isset($_GET["find"])) { $username = $_POST["screen_name"]; $query = "SELECT * FROM users WHERE screen_name LIKE '%$username%'"; $result = mysql_query($query); $exist = mysql_num_rows($result); if($exist=='0') { echo "No match found"; } else { echo "Matches for search: $username<br>"; while($currow = mysql_fetch_array($result)) { ?> <a href="users/member?addfriend=<?php echo $currow['screen_name']; ?>"><img src="avatars/<?php echo $currow["image"]; ?>" ></a> <?php } } } if(isset($_GET["add"])) { $username = $_SESSION["screen_name"]; $friend = $_GET["add"]; $query = "SELECT * FROM friends WHERE member='$username' AND friendwith='$friend'"; $result = mysql_query($query); $exist = mysql_num_rows($result); if($exist=='0') { $query = "INSERT INTO friends(member,friendwith) VALUES('$username','$friend')"; mysql_query($query); echo "$friend is now your friend!"; } else { echo "$friend is already your friend!"; } } ?> Let me make this clear really quick, I am not talking about this forum. Ok, so how do I set up a way that I can make a simple messaging system on my website and make it so that I can have check boxes of who I can send a message to on my website. I have a recipient field and I need to know how I can make it so that only the specific members that are checked will get the message.........does this make sense? |
|||||||