|
PHP - Help With User/pass Verification
I know there has to be a better way to do this. My usernames and passwords are stored in a text file. This is what I'm doing now, and all it does is return the error statement.
This is the php from after the log in page. <?php $user = $_POST["username"]; $password = $_POST["password"]; $un = "no"; $pw = "no"; $fh = fopen("users.txt","r"); while (!feof($fh)) { $line = fgets($fh); $data = explode("$",$line); if ($data["0"] == $user){ $un = "yes"; } if ($data["1"] == $password){ $pw = "yes"; } } if (($un === "yes") && ($pw === "yes")){ echo "<h4> Hello <em>$user</em>!\n<br />"; }else { echo "<h3>Your username and/or password is incorrect.</h3>\n<br />"; echo "<a href='login.html'>Return to the login page.</a>\n<br />"; } fclose($fh); ?> Similar TutorialsActually, what i want to do is to use the email to fetch the $email,$password and $randomnumber from database after 2 weeks and i think i found a direction as to what i need.I worte a program and it will post to a php page. The php page needs to take the posted variables ($user) ($pass) and compair them aginst the database for existing users to return a vail or invaild login. It also needs to check and if not exits, save a 3rd and 4th variable to the the database ($serial) ($ip). Can someone giv eme guadance as to the commands i can research to accomplish this? I have a page that has roughly 100 text input fields. Once the user is done, I need to put the data in my mysql db. How do I get the data from the user input page to the php page that will process the data (e.g. process.php)? I've done some searching and found a few possibilities use a ajax style call back to load a seperate asp page (e.g. createsession.asp) and that page set session variables that can then be read by process.php write everything to a cookie using some sort of a delimiter so that it can handle multiple variables (e.g. cookie data => var1/var2/var3/var4... write all the data to a text file and then have process.php load that file Which should I pursue? Is there a better option? Unfortunately I have no code for this yet cuz I don;t even know if its possible... I am programming an application that is used by a couple of stores, which could end up being a lot of stores. Anyways, the basis is that the stores would, though a separate application (and therefore separate database) create a username and password, I now want to use this username and password to do the following 1. Allow them to login to my application using the same username and password 2. I want the store the username in a session to pull tables based on the username from my database For instance, a user has the login store123, after loggin in it now pulls the information from the tables store123_items, store123_prices, store123_settings, etc. Now my database will have quite a lot of store###_tables I am, sadly, a noobie to PHP and I do recall seeing an article (somewhere on the net, and I stupidly forgot to bookmark it, knowing I would need it eventually) on how to access multiple databases easily. Now because they are both under my account I can use the same username and password for both, its accessing the MySQL username/password database and storing the info I know I am lacking on how to do it. Any ideas? I work with a large codebase and I have this situation come up fairly often:
the legacy class has large objects such as:
$design->motor->dimensions->a; $design->motor->dimensions->bd; $design->specifications->weight; $design->data->height; //etcWhen I create a new class, that class sometimes operates on the specific data, so say:
class MyClass
{
public function compute($weight, $height, $a)
{
//stuff
}
}
//and I call this for example as such:
(new MyClass())->compute($design->specifications->weight, $design->data->height, $design->motor->dimensions->a);
CONS: Potential issue: if design specs change and I need to change things parameters in "compute" function, I need to "re-key" the variables I pass to the function, and adjust things accordinly in MyClass as wel.
PROS: only the exact data is being passed, and this data can come from anywhere it is viable, so in effect the function is fairly well separated, I think.
Alternative option for me is to pass the entire design object, i.e
class MyClass
{
public function compute(&$design) //can also be done via DI through a setter or constructor.
{
print $design->specifications->weight;
print ($design->data->height + $design->motor->dimensions->a);
//stuff
}
}
(new MyClass())->compute($design);
PROS: In this case when things change internally in which variables are needed and how things are computed, I only need to change the code in compute function of the class itself.
CONS: MyClass now needs to be aware of how $design object is constructed.
When it comes to this parameter passing, and Dependency Injection like this in general, does Computer Science advocate a preference on this issue? Do I pass the entire object, or do I pass only the bits and pieces I need?
I'm trying to get a simple table to display and am not sure how to make it happen. Table will have just 2 columns. A TIME and an EVENT. What I want to have happen is for the first row to show the TIME and next to that, the EVENT. If a TIME has more than one event going I want the next row to show an empty first cell and then the second event below the first. If I set up the loop the only way I know how (so far) it would also output the TIME value again and again as many times as there were events for that same time. For example what I don't want is: 9:15 Sunday School 9:15 Nursery Available What I do want is: 9:15 Sunday School Nursery Available Thanks. I am about to build a site for a liqueur brand and have to create a simple screen that asks if the user is of the right age. This does not have to be linked to a credit card, just a simple yes or no screen. I am thinking this would probably be done via a cookie, but I am not sure. Somehow it would have to work where it gets checked each time anyone goes to the site, regardless of the entry point. So for example it would get checked on mydomain.com, but also on mydomain.com/about, or mydomain.com/somethingelse. The yes or no screen would of course only show the first time the user came to site. Via what technology would I do this? Cookie? Can cookies have an expiration date? I would love some comments or direction on how this is done best. Thanks a lot! Hi guys. I'm using php to randomly generate a simple math verification question. But, I'm having a hard time validating the input. Can someone please tell me what I'm doing wrong? Thank you } else if(trim($verify) != $_SESSION['UserData']['Math'][0]+$_SESSION['UserData']['Math'][1]){ $error = '<div class="error_message">Attention! The verification number you entered is incorrect.</div>'; } <?php echo "<span class='label'><span class='required'>*</span>What is ".$_SESSION['UserData']['Math'][0]." + ".$_SESSION['UserData']['Math'][1]."?</span> "; ?> <input name="verify" type="text" id="verify" size="3" value="<?=$verify;?>" /><br /><br /> Hi - I'm fairly new to php and am working a lot off of old page created before me and modifying them. I have to do an age verification page for an alcoholic beverage client (has to be 21+) and I'm having problems with the script actually redirecting correctly based on the birthdate entered. I have a html page with a form that calls this php file. Here is the php script I'm trying to get working: <?php $age = $_POST['year']; if($age > 1990) { header('Location: http://www.underagelink.com'); exit; } else { header('Location: http://legalagelink.com'); exit; } ?> Thanks! Okay, so I'm pretty new to jQuery but I am pretty experienced with PHP. I am about to begin coding a script written mostly in jQuery. It will use AJAX to verify that an article tag a user provides exists in a database. When a user goes to write an article on my website, my form will ask them to add keyword tags which will be used in searches. Basically only admins will be allowed to create new tags, so this is why I check the tags first. And also to prevent duplicates and similar tag entries in the database.
The form will have a single input that the user will use to search for a tag. Once the user hits the enter key, it will search the database for tags that already exist. Once the ajax is complete, a list of related tags will pop up and the user will be able to select their desired tag by either clicking the tag link in the list or by pressing enter.
This is a very crude demonstration of what my idea is.
How do I apply double delete verification? Right now I have... Code: [Select] if (isset($_POST['delete'])) { if(is_array($_POST['delete'])) { $keys = array_keys($_POST['delete']); $id = $keys[0]; $sql = "DELETE FROM `blog_posts` WHERE `post_id` = '$id'"; header("Location: " . $_SERVER['php_self'] . "?" . $_SERVER['query_string'] ); } } if(isset($sql) && !empty($sql)) { mysql_query($sql) or die(mysql_error()); } which deletes the query great, but I want some box to pop up saying, are you sure you want to delete this post? I'm not sure how to create this verification. I'm in the habit of verifying input client side. For example, there is a field to enter a number, and I ensure that it is within a particular range using Javascript. My backend PHP code does not do such checking... Is this bad? Should I be doing checking using my backend code and send a response back to the client to display a message? Admittedly, I avoid it, since it's a little extra work -- well more extra than just javascripts, IF-THEN-ALERT type statement. How to remove the verification code here,i mean the captcha... <?php session_start(); if ($_POST['Submit'] == 'Send') { if (strcmp(md5($_POST['user_code']),$_SESSION['ckey'])) { header("Location: sendmail.php?msg=ERROR: Invalid Verification Code"); exit(); } $to = $_POST['toemail']; $subject = $_POST['subject']; $message = $_POST['message']; $fromemail = $_POST['fromemail']; $fromname = $_POST['fromname']; $lt= '<'; $gt= '>'; $sp= ' '; $from= 'From:'; $headers = $from.$fromname.$sp.$lt.$fromemail.$gt; mail($to,$subject,$message,$headers); header("Location: sendmail.php?msg= Mail Sent!"); exit(); } ?> <html> <head> <title>Email </title> </head> <body bgcolor="#ffffcc"> <h2 align="center"> </h2> <h3 align="center"> Please do not misuse this script. </h3><br> <p style="margin-left:15px"> <form action="sendmail.php" method="POST"> <b>From Name:</b><br> <input type="text" name="fromname" size="50"><br> <br><b>From Email:</b><br> <input type="text" name="fromemail" size="50"><br> <br><b>To Email:</b><br> <input type="text" name="toemail" size="50"><br> <br><b>Subject:</b><br> <input type="text" name="subject" size="74"><br> <br><b>Your Message:</b><br> <textarea name="message" rows="5" cols="50"> </textarea><br> <br><b>Verification Code:</b><br> <input name="user_code" type="text" size="25"> <img src="pngimg.php" align="middle"><br><br> <input type="submit" name="Submit" value="Send"> <input type="reset" value="Reset"> </form> </p> <?php if (isset($_GET['msg'])) { echo "<font color=\"red\"><h3 align=\"center\"> $_GET[msg] </h3></font>"; } ?> </body> </html> How would I go about settings up a verification system with scripts that I write, so that I could sell scripts but if they were to get leaked or something I could kill the script, is there a way to set up a IP verification system when a script is run through CLI so it only runs if someones IP matches the one in the script? I am sending a email verification that a person registers on my site. I have two problems. Here is the email script: Code: [Select] $message = "Thank you for registering."; mail($email, 'Registration Confirmation', $message, 'From: noreply@website.com'); Problem 1: I have tried this on two different identical pages, index.php and register.php. It only works in the index page. Problem 2: When it does work on the index page, the From header does not show what is in the mail() function, it shows that it is from my host. What's up with that? Given the choice, I need to get problem 2 solved way more than problem 1. Thank you. Basically I am writing my own voting system but I have a few problems and I would like to address them all in one post rather than three. First: The first thing I need help with is using CURL to check if a user actually voted at the remote top list website. Two: I need maybe a source script of a 10 digit hash generator that will display the hash generated and will insert it into the database This is currently what my hash generator looks like but I need someone to help me change it so that it will echo the actual hash generated and inserts it into the database, <?php function gen_md5_password($len = 6) { return substr(md5(rand().rand()), 0, $len); } ?> Three: I need some sort of way to tell the database that if they hash is not used within 24 hours, it will just dump or delete. Ok So the main purpose of this is: 1). User has to grab a OTP from the generator (work's) 2) the OTC updates in the database field (work's) via the person's user_email 3). it sends an email containing the OTP what it is not doing is, when they go and login, it just keeps saying invalid login credentials. I'm pasting my code below to see if anyone can help me out here. this is still a work in progress. do_login.php (not working here) Keep's saying invalid password. <?php if(empty($_POST)) exit; include 'config.php'; // declare post fields $post_user_email = trim($_POST['user_email']); $post_password = trim($_POST['authcode']); $post_autologin = $_POST['autologin']; if(($post_user_email == $config_email) && ($post_password == $config_password)) { $_SESSION['Site-Key'] = $config_email; // Autologin Requested? if($post_autologin == 1) { $password_hash = md5($config_password); // will result in a 32 characters hash setcookie ($cookie_name, 'usr='.$config_email.'&hash='.$password_hash, time() + $cookie_time); } exit('OK'); } else { echo '<div id="error_notification">The submitted login info is incorrect.</div>'; } ?> Index.php <?php require_once 'config.php'; if(isset($_SESSION['google-ads123123'])) { header("Location: http://forum.site1.com"); exit; } ?> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML> <HEAD> <TITLE>Access Required</TITLE> <script type="text/javascript" src="js/mootools-1.2.1-core-yc.js"></script> <script type="text/javascript" src="js/process.js"></script> <link rel="stylesheet" type="text/css" href="style.css" /> </HEAD> <BODY> <center> <div id="status"> <fieldset><legend align="center">Authentication</legend> <div id="login_response"><!-- spanner --></div> <form id="login" name="login" method="post" action="do_login.php"> <table align="center" width="200" border="0"> <tr> <td width="80">Email</td><td><input id="user_email" type="text" name="user_email"></td> </tr> <tr> <td>AuthCode:</td> <td><input type="password" name="authcode"></td> </tr> <tr> <td> </td> <td><input type="checkbox" name="autologin" value="1">Remember Me</td> </tr> <tr> <td> </td> <td><input id="submit" type="submit" name="submit" value="Login"> <br /> <a href="getcode.php"> Get Auth Code </a> <div id="ajax_loading"><img align="absmiddle" src="images/spinner.gif"> Processing...</div></td> </tr> </table> </form> </fieldset> </div> </center> </BODY> </HTML> getcode.php (generates a MD5 and adds into db) <?php $db_host = '123'; $db_username = '123'; $db_password = '123'; $db_name = '123'; @mysql_connect($db_host, $db_username, $db_password) or die(mysql_error()); @mysql_select_db($db_name) or die(mysql_error()); // This is displayed if all the fields are not filled in $empty_fields_message = "<p>Please go back and complete all the fields in the form.</p>Click <a class=\"two\" href=\"javascript:history.go(-1)\">here</a> to go back"; // Convert to simple variables $email_address = $_POST['user_email']; if (!isset($_POST['user_email'])) { ?> <h2>Generate your Auth Code</h2> <form method="post" action="<?php echo $_SERVER['REQUEST_URI']; ?>"> <p class="style3"><label for="user_email">Email:</label> <input type="text" title="Please enter your email address" name="user_email" size="30"/></p> <p class="style3"><label title="Generate Auth Code"> </label> <input type="submit" value="Submit" class="submit-button"/></p> </form> <?php } elseif (empty($email_address)) { echo $empty_fields_message; } else { $status = "OK"; $msg=""; //error_reporting(E_ERROR | E_PARSE | E_CORE_ERROR); if (!stristr($email_address,"@") OR !stristr($email_address,".")) { $msg="Your email address is not correct<BR>"; $status= "NOTOK";} echo "<br><br>"; if($status=="OK"){ $query="SELECT username FROM users WHERE user_email = '$email_address'"; $st=mysql_query($query); $recs=mysql_num_rows($st); $row=mysql_fetch_object($st); $em=$row->user_email;// email is stored to a variable if ($recs == 0) { echo "<center><font face='Verdana' size='2' color=red><b>No Auth Code</b><br> Sorry Your address is not in our database ."; exit;} function makeRandomPassword() { $salt = "abchefghjkmnpqrstuvwxyz0123456789"; srand((double)microtime()*1000000); $i = 0; while ($i <= 7) { $num = rand() % 33; $tmp = substr($salt, $num, 1); $pass = $pass . $tmp; $i++; } return $pass; } $random_password = makeRandomPassword(); $db2_password = md5($random_password); $sql = mysql_query("UPDATE users SET authcode='$db2_password' WHERE user_email='$email_address'"); $subject = "Auth Code Verification"; $message = " Here is your Auth Code, Auth Code: $random_password Auth Code: $db2_password This is an automated response, please do not reply!"; mail($email_address, $subject, $message, "From: Auth Server<theslcguy@safe-mail.net.com>"); echo "Your Auth Code has been sent! <br /> Please check your email! <br /> Also Allow up to 5 minutes to recieve your Code...<br />"; echo "<br><br>Click <a href='http://auth.site1.com'>here</a> to login"; } else { echo "<center><font face='Verdana' size='2' color=red >$msg <br><br><input type='button' value='Retry' onClick='history.go(-1)'></center></font>";} } ?> Config.php <?php session_start(); // Start Session header('Cache-control: private'); // IE 6 FIX // always modified header('Last-Modified: ' . gmdate("D, d M Y H:i:s") . ' GMT'); // HTTP/1.1 header('Cache-Control: no-store, no-cache, must-revalidate'); header('Cache-Control: post-check=0, pre-check=0', false); // HTTP/1.0 header('Pragma: no-cache'); // ---------- LOGIN INFO ---------- // $config_email = $POST["user_email"]; $config_authcode = $POST["authcode"]; $cookie_name = 'google-ads123123'; $cookie_time = (3600 * 24 * 30); // 30 days if(!$_SESSION['google-ads123123']) { include_once 'autologin.php'; } ?> I have the following code: <?php include "connect.php"; ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Welcome</title> <script type="text/javascript" src="js/jquery.min.js"></script> <script type="text/javascript" src="js/jquery.ketchup.js"></script> <script type="text/javascript" src="js/jquery.ketchup.messages.js"></script> <script type="text/javascript" src="js/jquery.ketchup.validations.basic.js"></script> <script language="javascript" type="text/javascript" src="niceforms.js"></script> <link rel="stylesheet" type="text/css" media="all" href="niceforms-default.css" /> <link rel="stylesheet" type="text/css" media="screen" href="css/jquery.ketchup.css" /> </head> <body> <div id="container"> <?php if(!empty($_SESSION['connection_status']) && !empty($_SESSION['username'])) { ?> <form action="logout.php" class="niceform"> <fieldset> <legend>Member Area</legend> <div id= "container"> <p>Thanks for logging in <b><?=$_SESSION['username']?></b> !</p> <p><input type="submit" name="submit" id="submit" value="Logout" /></p> </div> </fieldset> </form> <?php } elseif(!empty($_POST['username']) && !empty($_POST['password'])) { $username = mysql_real_escape_string($_POST['username']); $password = md5(mysql_real_escape_string($_POST['password'])); $validation = mysql_query("SELECT * FROM users WHERE username = '".$username."' AND password = '".$password."'"); if(mysql_num_rows($validation) == 1) { $row = mysql_fetch_array($validation); $email = $row ['email']; $_SESSION['username'] = $username; $_SESSION['email'] = $email; $_SESSION['connection_status'] = 1; echo "<h1>Success</h1>"; echo "<p>Members area is loading.</p>"; echo "<meta http-equiv='refresh' content='=4;index.php' />"; } else { echo "<h1>Error</h1>"; echo "<p> There was an error, please try again <a href=\"index.php\">here </a> .</p>"; } } else { ?> <form method="post" action="index.php" name="loginform" id="loginform" class="niceform"> <fieldset> <legend>Member Login</legend> <p>Thanks for visiting. Please login below or click <a href="register.php">here</a> to register.</p> <dl> <dt><label for="username">Username:</label><br /></dt> <dd><input type="text" name="username" id="username" class= "validate(rangelength(4,30))"/></dd> </dl> <dl> <dt><label for="password">Password:</label><br /></dt> <dd><input type="password" name="password" id="password" class= "validate(rangelength(4,30))" /></dd> </dl> <p><a href="forgot_password.php">Forgot password?</a></p> </fieldset> <fieldset class="action"> <input type="submit" name="submit" id="submit" value="Sign In" /> </fieldset> </form> <?php } ?> </div> <script type = "text/javascript"> $(document).ready(function() { $('#loginform').ketchup(); }); </script> </boby> </html> When I try to login with true username/password, I always get: There was an error, please try again here . So, If I want to store something like: Code: [Select] Hello<br /> <b>This is a sentence </b> I would need to use htmlentities() So I could output the HTML after it's stored in the database safely? I'm trying to create a series of web pages that will lead to a FINAL SALE page. At that point, I require TWO things to happen. First, the customer must pay the displayed total. Second, some kind of automated receipt needs to be generated so that a script can allow the customer to progress further. An applicable example would be a customer navigating through web pages of paintings by different artists and then choosing to see Alfred's latest unreleased paintings for a $2 fee. After paying the $2, the next web page would validate receipt of the payment, and now allow the customer to access Alfred's gallery. Is there a template for this sort of thing? Obviously, an online payment would require a credit card. Any recommendations for service providers would be appreciated. I have contacted Pay Pal, but they seem trained to encourage Ebay type sales and insist that the email I receive as confirmation would be sufficient. However, that would require me to check my email and manually grant access to galleries without ever sleeping. LOL. I'm sure there is a more viable solution, but need some advice and guidance from those that have already traversed this obstacle. |
|||||||