PHP - Check To Make Sure A Password Has At Least One Upper And One Lower Case Letter

Hi, I have the following code:

Code: [Select]
<?php

$cmd = $_GET['cmd'];

if($cmd=="") { $cmd = "adminlogin";}

// This creates the header for each of the installation pages


switch($cmd)
{

// This is the installation agreement page

case "adminlogin":
print <<<LOGIN

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Member Site Maker 1.0</title>
<link rel="stylesheet" href="style.css" type="text/css" />
</head>
<body>
<div id="head" align="center">
  <h1 id="siteName">Member Site Maker </h1>
  <br />
<table align="center" border="0" bgcolor="#CCCCCC">
<tr>
<td align="center"><span class=style1><b>ADMIN LOGIN</b></span></td>
</tr>
<tr>
<td>
<form action=admin.php?cmd=manage method=POST>
Password: <input type=text name=password1>
</td>
</tr>
<tr>
<td>
<input type=submit name=submit value=Submit>
</td>
</tr>
</table>
</form>

LOGIN;

break;


// Managing Users

case "manage":

include_once("header.html");

include_once("data/password.php");

$password1 = $_POST['password1'];
$password2 = base64_decode($password);

if ($password1 != $password2) {

print <<<BADLOGIN

<table width=953 border=1 align=center bgcolor=#00CCFF>
  <tr>
    <td><span class=style1><b><center>Failed Login</center></b></span></td>
  </tr>
  <tr>
    <td><span class=style2>Your passwords do not match. Please go back and correct this error</td>
</tr>
</table>

BADLOGIN;

} else {

echo <<<MANAGE

<!--end navBar2 div -->
<div id="navBar2">

<div id="sectionLinks">
  <ul>
      <li><a href="admin.php?cmd=manage&password1=$password1">Manage</a></li>
      <li><a href="admin.php?cmd=dashboard&password1=$password1">Dashboard</a></li>
      <li><a href="admin.php?cmd=approval&password1=$password1">Approval</a></li>
      <li><a href="admin.php?cmd=msgcentre&password1=$password1">Message Center</a></li>
      <li><a href="admin.php?cmd=logins&password1=$password1">Logins</a></li>
    </ul>
</div>
</div>
<!--end navBar2 div -->
<div id="content">
  <div class="story">
    <table width="100%" border="0">
      <tr>
        <td bgcolor="#99FF66"><div align="center"><span class="style3">Login</span></div></td>
        <td bgcolor="#99FF66"><div align="center"><span class="style3">Name</span></div></td>
        <td bgcolor="#99FF66"><div align="center"><span class="style3">Last Visited </span></div></td>
        <td bgcolor="#99FF66"><div align="center"><span class="style3">Registration Date </span></div></td>
        <td bgcolor="#99FF66"><div align="center"><span class="style3">Reset Password </span></div></td>
        <td bgcolor="#99FF66"><div align="center"><span class="style3">Delete</span></div></td>
      </tr>
      <tr>
        <td>&nbsp;</td>
        <td>&nbsp;</td>
        <td>&nbsp;</td>
        <td>&nbsp;</td>
        <td>&nbsp;</td>
        <td>&nbsp;</td>
      </tr>
    </table>
    <h3>&nbsp;</h3>
  </div>
  
</div>
<!--end content -->

MANAGE;

}
break;

case "dashboard":


break;

case "approval":


break;
This works fine for when viewing the admin.php, I am asked for a password and then it compares the password against the encoded password before displaying the manage page.

However this does not stop someone typing http://www.mysite.com/folder/admin.php?cmd=dashboard

If they do that, it skips the password form and password check, and they can then go ahead and do whatever in the admin.php file.

How can I prevent this, so that a password check is automatically done before allowing somebody to view the page? I have tried adding the code I used in the manage section, but it doesnt work again.

Any help will be greatly appreciated, I been trying to work it out all day and run out of ideas.

Many Thanks

Hi all, i have written a fairly simple profile page that users can see once they have logged in and i have a password change feature. the user is asked to enter there current password and then enter there desired new password, then confirm there new password to make sure they match. However the users current password isn't checked as im not sure how to code it. Heres my code so far:


<?PHP

session_start();

//Database Information

$dbhost = "localhost";
$dbname = "test";
$dbuser = "test";
$dbpass = "test";

//Connect to database

$conn = mysql_connect ( $dbhost, $dbuser, $dbpass)or die("Could not connect: ".mysql_error());
mysql_select_db($dbname, $conn) or die(mysql_error());

//Clean data

$_POST = array_map('strip_tags', $_POST);
$_POST = array_map('mysql_real_escape_string', $_POST);

$currentpassword = $_POST['currentpassword'];
$newpassword = $_POST['newpassword'];    
$cnewpassword = $_POST['cnewpassword'];

if($newpassword == $cnewpassword)
{  
    $query = "UPDATE `users` SET `password` = '".$newpassword."' WHERE `username` = '".$_SESSION['username']."' LIMIT 1";  
$run = mysql_query($query);
if($run) {
echo "Congratulations You have successfully changed your password";
    include 'success.php'; 
exit();
         } 
  else {
include 'password.php';
exit;
     } 
}
 else  {  
    echo "The new password and confirm new password fields must be the same";
    include 'password.php';
    exit();
        }   
 ?>


I'm guessing i need a && within the if statement to check the currentpassword with what is supplied within my database, but im not sure how to code this.

Lee

I could use some help comparing Dates.

I need to check if a Temporary Password has expired, and am a bit shaky on "Date Math".   

The Temporary Password was created like this...

// Build query.
$q2 = "UPDATE member
SET temp_password=?,
temp_reset_on=NOW(),
updated_on=NOW()
WHERE email=?
LIMIT 1";


So how do I see if temp_reset_on is more than 4-hour old and thus expired?

Thanks,


Debbie

Hello, I recently inherited my company's website from a former coworker and it's done in PHP. I'm still learning PHP so I need a little help. There's one page that our sales guy goes to to put our specials on the site and it's set to remember the username and password. I'm fine with it holding the username I just need to know how to make it ask for a password. Here is the code

Actual username and password removed

Code: [Select]
<?php 
function clean($text)
{
return trim(htmlspecialchars($text, ENT_QUOTES ));
}
class database
{
    var $DB, $username, $database, $result, $rowNum, $lUID;
    function database($database, $username="*****", $password="***")
    {
     $this->DB = mysql_connect("localhost", $username, $password)
//        $this->DB = mysql_connect("commerce.****.org", $username, $password)
        or die ("Failed to connect to DB with username ".$username." error: ".mysql_error());
        mysql_select_db($database, $this->DB) or die ("Can't select db ".$database." error: ".mysql_error());
This is just the top of the page, if you need more info just ask.
Any help you can offer would be great, thanks.
   

Hi all,

I've got a website for an event, each team have their details on a page which are recalled from a SQl database.

But I'm wanting to create a password input box for each team, so when they enter the correct password they are taken to a page containing forms where they can edit the team details.

Here is the page with the users details on where they anter the password: http://www.wharncliffenetwork.co.uk/wrc/entered/team.php?id=8

I'm not sure how to code it, Can an IF statement be used? Anyone got any pointers? I'f been unsuccessful in finding a tutorial or something similar.

Hope that makes sense :S Cheers.

Hi guys
Can someone help me about this:
The php code can be revise username and password with CURL then check database and if username & password is correct return true else false.

Thanks

hello, im trying to see if there is a function that can get the value of the last row in mysql and see what is in field initial (this is letters A-Z) and make it one letter higher.  then, when it reaches letter Z, wrap around to A again.

Hi, I'm new here and I should say, I am a raw amateur at PHP and MySQL. All I can do is look at how others do similar things and try and adapt it.

I have a MySQL table: Neil_Details. It has 4 columns: id, number, name, password.

I can enter number and name from a csv file automatically, no problem. id is the Primary Key and will auto_increment.

The column 'number' is the student numbers, name is their Chinese names.

I want to take the column number and generate a password from each number in the column password.  That's all!

Quote

$password = password_hash($number, PASSWORD_DEFAULT);

People tell me, "Don't use their student numbers," but once I know how to do this in principle, I can splice part of the number and Chinese name together somehow and make a more secure password.

I just want to learn how to do this in principle. Then I can do it for each class.

So far I have this, which doesn't seem to work, although I get no errors in /var/log/apache2/error.log

Could you please help me along a bit with some tips, pointers, links?

My index.php first calls '/makePassword/form.html.php'

This is called makePassword.php.

Thanks for any tips!

<?php
        //start PHP session
        session_start();
     
        //check if login form is submitted
        if(isset($_POST['gettable'])){
            //assign variables to post values
            $tablename = $_POST['tablename'];
            
// login to the database dbname=allstudentsdb
        include $_SERVER['DOCUMENT_ROOT'] . '/includes/studentdb.inc.php';
        
        $stmt = $pdo->prepare('SELECT * FROM ' . $tablename . ' WHERE number = :number');
                $stmt->execute(['number' => $number]);
                $password = password_hash($number, PASSWORD_DEFAULT);
                echo 'password is ' . $password;
                $stmt = $pdo->prepare('INSERT INTO ' . $tablename . ' (password) VALUES (:password)');
                try{
                        $stmt->execute(['password' => $password]);
     
                        
                    }
                    catch(PDOException $e){
                        $_SESSION['error'] = $e->getMessage();
                    }
               }
               echo 'Passwords made!';

// the input form to get the mysql table name
               header('location: ' . '/makePassword/form.html.php');
               ?>

 

Hey guys im automatically generating a folder location to place some image files the user has uploaded into.

If this folder doesnt exist how can i make it?

$target_path_thumbnails = "http://www.worldwidelighthouses.com/Images/".$folderlocation."/".$foldername."/Mini/";
Thats the path style.



Danny

I have a function to writes data I want to make sure it was successful.

my function:
Code: [Select]
function save_ini_file($filename,$content)
{
$File = "ini_files/". $filename . ".ini";

echo $File;
$Handle = fopen($File, 'w');
$info = $content;
fwrite($Handle, $info);
fclose($Handle);

  return true;
}
the if statement that calls the function.
Code: [Select]
if(!save_ini_file($serial,$data))
{
echo "did not write";
}else{
echo "did write";
}

the file is being created but I am getting the "did not write" echoed

Hi im new to php and I need help making webpage that queries a mysql database based on a 3 check boxes and displays results on the same page or on another page. The table being queried has 4 columns, name, gps, wifi, bluetooth. So for example a row in the table would be like, samsung galaxy s2, yes, yes, yes. The idea is for it to be a website that will display phones according to their features.

So the idea is depending on if the boxes were ticked the samsung galaxy would be displayed as a result. So i need some help understanding how to make this.

Some1 gave me the code below in attempt to help me (im not sure it works or not) but im not sure how fully use it, ie what pages i need to make and how i create the connection to the mysql database, and how to use the query that they wrote to display the results

thanks

code:
Code: [Select]
<form action="?do=filter" method="post">
<table cellspacing="0" cellpadding="3" border="1">
<tr>
<td>GPS<input type="checkbox" name="gps" value="checked"></td>
<td>Wifi<input type="checkbox" name="wifi" value="checked"></td>
<td>Bluetooth<input type="checkbox" name="bluetooth" value="checked"></td>
</tr>
<tr><td><input type='submit' name='filter' value='Filter'></td></tr>
</table>
</form>
</html>
<?php
function filterMe($filter){
if(isset($_POST[$filter])){
return "Yes";
}else{
return "No";
}
}

if(isset($_POST['filter'])){
echo "Gps - " . filterMe('gps');
echo "
Wifi - " . filterMe('wifi');
echo "
Bluetooth - " . filterMe('bluetooth');
}
?>


All you need to do is use a query something like
SELECT name,gps,wifi,bluetooth FROM `product` WHERE `gps`='".filterMe('gps')."' AND `wifi`='".filterMe('wifi')."' AND `bluetooth`='".filterMe('bluetooth')."'

Morning all, I'm trying to query a user table and am receiving errors. In the mysql statement I am trying to SELECT all data from the table that matches the username of the person logged in.

The error I am receiving is this: Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given in C:\xampp\htdocs\123\myaccount.php


The database query is written correctly, if I am logged in as the user Admin then I recieve this message as well:
Unknown column 'Admin' in 'where clause' from the or die(mysql_error());.

In the database the username is: admin but I can login using Admin, is this an issue of upper and lowercase?

The PHP code is below:
Code: [Select]
<?php
require_once('connect.php');

$query = mysql_query("SELECT * FROM user WHERE username = $_SESSION[gatekeeper]");
while ($row = mysql_fetch_array($query) or die(mysql_error()));
{
echo"<div class='BlockContent'>";
echo" <table id='UserList'>";
echo" <tr>";
echo"   <th>My Account</th>";
echo" </tr>";
echo" <tr>";
echo"   <td id='left'>";
echo"   </td>";
echo" </tr>";
echo" </table>";
echo"</div>";
}
?>

Hello PhP Freaks forum
In the past weeks ive been trying to make a website, where you can register. Everything seems to work except my cherished Change password feature. Everytime you try to change the password, it just resets it to nothing.

Here is the code below.

<?php
         if(isset($_SESSION['username']))
         {
            $username = $_SESSION['username'];
            $lastname = $_SESSION['lastname'];
            $firstname = $_SESSION['firstname'];
            $email = $_SESSION['email'];
               
            echo "
            
               <h4>Options for:</h4> &nbsp; $username
               <br />
               <br />
               First name: &nbsp; $firstname
            
               <br />Last name: &nbsp; $lastname       
   
   <br /><br /><h3>Want to change your password:</h3><br />
   
      <form action='?do=option' method='post'>
   
      Old password <input type='password' placeholder='Has to be between 5-15 digits' name='password' size='30' value='' /><br />
                  <br />
      New Password<input type='password' placeholder='Has to be between 5-15 digits' name='newpass' size='30' value='' /><br />
                  <br />
      Confirm new password <input type='password' placeholder='Has to be between 5-15 digits' name='passconf' size='30' value='' /><br />
                  
      <center></div><input type='submit' value='Submit'/></center></form>";   
      
            
         }else{
            echo 'Please login to view your options!';
         }
      
      $password = $_REQUEST['password'];
      $pass_conf = $_REQUEST['newpass'];
      $email = $_REQUEST['passconf'];
      
      $connect = mysql_connect("Host", "User", "Password");
      if(!$connect){
      die(mysql_error());
      }
      
      //Selecting database
      $select_db = mysql_select_db("My Database", $connect);
      if(!$select_db){
      die(mysql_error());
      }
      
      //Find if entered data is correct
      
      $result = mysql_query("SELECT * FROM users WHERE username='$username' AND password='$password'");
      $row = mysql_fetch_array($result);
      $id = $row['id'];

            
         mysql_query("UPDATE users SET password='$newpass' WHERE username='$user'")
      
      ?>          

And i do know that i dont have a

if(Empty($newpass)){
Die(Please fill out the new password)                                                 
}

Or any security on the others, but the problem just seems that it resets the password into nothing

Hope i can get this fixed

Best Regards

William Pfaffe

<?php
require_once('upper.php');
require_once('database.php');
echo $error_msg='';
if(isset($_POST['submit']))
{
$LoginId=mysqli_real_escape_string($dbc,trim($_POST['LoginId']));
$Password1=mysqli_real_escape_string($dbc,trim($_POST['Password1']));
$Password2=mysqli_real_escape_string($dbc,trim($_POST['Password2']));
$Name=mysqli_real_escape_string($dbc,trim($_POST['Name']));
$Age=mysqli_real_escape_string($dbc,trim($_POST['Age']));
$BloodGroup=mysqli_real_escape_string($dbc,trim($_POST['BloodGroup']));
if(!isset($_POST['Sex']))
{
echo 'Please enter Sex<br>';
}
else{
$Sex= mysqli_real_escape_string($dbc,trim($_POST['Sex']));
}
$Qualification=mysqli_real_escape_string($dbc,trim($_POST['Qualification']));
$ContactNumber=mysqli_real_escape_string($dbc,trim($_POST['ContactNumber']));
$Email=mysqli_real_escape_string($dbc,trim($_POST['Email']));
$Address=mysqli_real_escape_string($dbc,trim($_POST['Address']));
$AboutYourself=mysqli_real_escape_string($dbc,trim($_POST['AboutYourself']));
//$countCheck=count($_POST['checkbox']);
//echo $countCheck;
//$checkbox=$_POST['checkbox'];
//$countCheck=count($checkbox);
if(empty($LoginId)){echo 'Please enter Login Id';}
elseif(empty($Password1)){echo 'Please enter Password';}
elseif(empty($Password2)){echo 'Please confirm Password';}
elseif($Password1!==$Password2){echo 'Password didn\'t match';}
elseif(empty($Name)){echo 'Please enter Name';}
elseif(empty($Age)){echo 'Please enter Age';}
elseif(!isset($_POST['Sex'])){}
elseif(empty($Qualification)){echo 'Please enter Qualification';}
elseif(empty($ContactNumber)){echo 'Please enter Contact Number';}
elseif(empty($Email)){echo 'Please enter Email';}
elseif(empty($Address)){echo 'Please enter Address';}
elseif(empty($AboutYourself)){echo 'Please enter About Yourself';}
elseif(!isset($_POST['checkbox'])){ echo 'You have to register at least one activity.';}
elseif(!isset($_POST['TermsAndConditions'])){ echo 'You have to agree all Terms and Conditions of Elite Brigade.';}
else
{
require_once('database.php');
$query="select * from registration where LoginId='$LoginId'";
$result=mysqli_query($dbc,$query);
if(mysqli_num_rows($result)==0)
{
$checkbox=$_POST['checkbox'];
$countCheck=count($_POST['checkbox']);
$reg_id=' ';
for($i=0;$i<$countCheck;$i++)
{
$reg_id=$reg_id.$checkbox[$i].',';
$query="insert into activity_participation (LoginId,Title,Date) values ('$LoginId','$checkbox[$i]',CURDATE())";
$result=mysqli_query($dbc,$query) or die("Not Connected");
}
$query="insert into registration (LoginId,Password,Name,Age,BloodGroup,Sex,Qualification,ContactNumber,Email,Address,AboutYourself,Activity)values ('$LoginId'[B],SHA('$Password1'),[/B]'$Name','$Age','$BloodGroup','$Sex','$Qualification','$ContactNumber','$Email','$Address','$AboutYourself',',$reg_id')";
$result=mysqli_query($dbc,$query) or die("Not Connect");

echo ' Dear '.$Name.'.<br>Your request has been mailed to admin.<br>Your account is waiting for approval<br>';
$from= 'Elite Brigade';
$to='ankitp@rsquareonline.com';
$subject='New User Registration';
$message="Dear admin,\n\nA new user request for registration. Please check it out.\n\nRegards\nMicro";
mail($to,$subject,$message,'From:'.$from);
//header('Location: index.php');
// header('Location: Registration.php');
}
else
{
echo 'Dear '.$Name. ', <br> An account already exist with login-id<b> '.$LoginId.'</b> <br>Please try another login-id';
}}
}
?>

<html>
<head>
<script src="jquery-latest.js"></script>
  <script type="text/javascript" src="jquery-validate.js"></script>
<style type="text/css">
* { font-family: Verdana;  }

label.error {  color: white;  padding-left: .5em; }
p { clear: both; }
.submit { margin-left: 12em; }
em { font-weight: bold; padding-right: 1em; vertical-align: top; }
</style>
  <script>
  $(document).ready(function(){
    $("#commentForm").validate();
  });
  </script>
  
</head>

<body>

<?php
echo $error_msg; ?>

<form action='<?php echo $_SERVER['PHP_SELF'];?>' id="commentForm" method='post'>
<div class="registration_and_activity">

<table border="0" width="380">
<tr><td colspan="2">
<h3>New User?</h3></td></tr>
<tr><td width="120">

<em>*</em>Enter Login id</td><td width="150"><input type='text' name='LoginId'  minlength="4" value='<?php if(!empty($LoginId))echo $LoginId;?>' /></td></tr>
<tr><td>
<em>*</em>Enter Password</td> <td><head>
   <div id="divMayus" style="visibility:hidden">Caps Lock is on.</div>
   <SCRIPT language=Javascript>

function capLock(e){
 kc = e.keyCode?e.keyCode:e.which;
 sk = e.shiftKey?e.shiftKey:((kc == 16)?true:false);
 if(((kc >= 65 && kc <= 90) && !sk)||((kc >= 97 && kc <= 122) && sk))
  document.getElementById('divMayus').style.visibility = 'visible';
 else
  document.getElementById('divMayus').style.visibility = 'hidden';
}

</SCRIPT>
   </HEAD>
<input onkeypress='return capLock(event)' type='password' name='Password1' value='<?php if(!empty($Password1))echo $Password1;?>' /></td></tr>

<tr><td>
<em>*</em>Confirm Password</td><td><input type='password' name='Password2' value='<?php if(!empty($Password2))echo $Password2;?>' /></td></tr>
<tr><td width="120">
<em>*</em>Enter Name</td> <td><input type='text'  name='Name' value='<?php if(!empty($Name))echo $Name;?>' /></td></tr>
<tr><td>
<em>*</em>Enter Age</td><HEAD>
   <SCRIPT language=Javascript>
      
      function isNumberKey(evt)
      {
         var charCode = (evt.which) ? evt.which : event.keyCode
         if (charCode > 31 && (charCode < 48 || charCode > 57))
            return false;

         return true;
      }
  
  
     
   </SCRIPT>
   </HEAD>
<td><INPUT onkeypress='return isNumberKey(event)'  type='text' name='Age' value='<?php if(!empty($Age))echo $Age;?>'/></td></tr>

<tr><td>
<em>*</em>Enter Blood</td><td><input type='text' name='BloodGroup' value='<?php if(!empty($BloodGroup))echo $BloodGroup;?>' /></td></tr>

<tr><td>
<em>*</em>Enter Sex</td><td><input type='radio' name='Sex'  style='width:16px; border:0;' 'value='Male' />Male   <input type='radio' name='Sex' style='width:16px; border:0;' 'value='Female' />Female</td></tr>

<tr><td>
<em>*</em>Enter Qualification</td><td><input type='text' name='Qualification'  value='<?php if(!empty($Qualification))echo $Qualification;?>' /></td></tr>

<tr><td>
<em>*</em>Contact Number </td><td><input onkeypress='return isNumberKey(event)'type='text'  name='ContactNumber' value='<?php if(!empty($ContactNumber))echo $ContactNumber;?>' /></td></tr>

<tr><td>
<em>*</em>Enter Email</td><td><input type='text' name='Email'class="email" value='<?php if(!empty($Email))echo $Email;?>' /></td></tr>

<tr><td>
<em>*</em>Enter Address</td><td><input type='text'   name='Address' value='<?php if(!empty($Address))echo $Address;?>' /></td></tr>


<tr ><td >
<em>*</em>About Yourself </td></tr>
<tr><td colspan="2"><textarea rows='10' cols='40'  name='AboutYourself'  /><?php if(!empty($Address))echo $Address;?></textarea></td></tr>
<tr><td>

<?php echo"
<tr><td colspan='2'><em>*</em><b>Select fields for which you want to register</b></td></tr>";

require_once('database.php');
$query="select * from activity";
$result=mysqli_query($dbc,$query);
while($row=mysqli_fetch_array($result)){
$Title=$row['Title'];
$ActivityId=$row['ActivityId'];
echo "<tr><td>$Title</td>";
echo "<td><input type='checkbox' name='checkbox[]' value='$Title' style='width:14px; text-align:right;'/></td></tr>";//value=$ActivityId tells ActivityId variable extracts with name="checkbox"
echo "<br/>";
}
echo "<td><em>*</em><input type='checkbox' name='TermsAndConditions'  style='width:14px; text-align:right;'/></td><td> I agree all <a href='TermsAndConditions.php'>Terms and conditions </a>of Elite Brigade</td></tr>";
echo "<tr><td colspan='2' align='center'><input type='submit' value='Register' name='submit' style='background:url(./images/button_img2.png) no-repeat 10px 0px; width:100px; padding:3px 0 10px 0; color:#FEFBC4; border:0;'/></td></tr><br>";

echo " </td></tr></table>

</div>

</form>
</body>
</html>";
require_once('lower.php');

?>


Hi Friends ....
I encrypt user password by SHA('$Password') method but now i want to add "Forget Password Module" for which I need to decrypt it first before tell my user but I don't Know how to decrypt it.
Please help me........

This topic has been moved to Application Design.

http://www.phpfreaks.com/forums/index.php?topic=353345.0