PHP - Age Verification Script
Hi -
I'm fairly new to php and am working a lot off of old page created before me and modifying them. I have to do an age verification page for an alcoholic beverage client (has to be 21+) and I'm having problems with the script actually redirecting correctly based on the birthdate entered. I have a html page with a form that calls this php file. Here is the php script I'm trying to get working: <?php $age = $_POST['year']; if($age > 1990) { header('Location: http://www.underagelink.com'); exit; } else { header('Location: http://legalagelink.com'); exit; } ?> Thanks! Similar TutorialsHow would I go about settings up a verification system with scripts that I write, so that I could sell scripts but if they were to get leaked or something I could kill the script, is there a way to set up a IP verification system when a script is run through CLI so it only runs if someones IP matches the one in the script? I am about to build a site for a liqueur brand and have to create a simple screen that asks if the user is of the right age. This does not have to be linked to a credit card, just a simple yes or no screen. I am thinking this would probably be done via a cookie, but I am not sure. Somehow it would have to work where it gets checked each time anyone goes to the site, regardless of the entry point. So for example it would get checked on mydomain.com, but also on mydomain.com/about, or mydomain.com/somethingelse. The yes or no screen would of course only show the first time the user came to site. Via what technology would I do this? Cookie? Can cookies have an expiration date? I would love some comments or direction on how this is done best. Thanks a lot! Hi guys. I'm using php to randomly generate a simple math verification question. But, I'm having a hard time validating the input. Can someone please tell me what I'm doing wrong? Thank you } else if(trim($verify) != $_SESSION['UserData']['Math'][0]+$_SESSION['UserData']['Math'][1]){ $error = '<div class="error_message">Attention! The verification number you entered is incorrect.</div>'; } <?php echo "<span class='label'><span class='required'>*</span>What is ".$_SESSION['UserData']['Math'][0]." + ".$_SESSION['UserData']['Math'][1]."?</span> "; ?> <input name="verify" type="text" id="verify" size="3" value="<?=$verify;?>" /><br /><br /> Okay, so I'm pretty new to jQuery but I am pretty experienced with PHP. I am about to begin coding a script written mostly in jQuery. It will use AJAX to verify that an article tag a user provides exists in a database. When a user goes to write an article on my website, my form will ask them to add keyword tags which will be used in searches. Basically only admins will be allowed to create new tags, so this is why I check the tags first. And also to prevent duplicates and similar tag entries in the database.
The form will have a single input that the user will use to search for a tag. Once the user hits the enter key, it will search the database for tags that already exist. Once the ajax is complete, a list of related tags will pop up and the user will be able to select their desired tag by either clicking the tag link in the list or by pressing enter.
This is a very crude demonstration of what my idea is.
I know there has to be a better way to do this. My usernames and passwords are stored in a text file. This is what I'm doing now, and all it does is return the error statement. This is the php from after the log in page. <?php $user = $_POST["username"]; $password = $_POST["password"]; $un = "no"; $pw = "no"; $fh = fopen("users.txt","r"); while (!feof($fh)) { $line = fgets($fh); $data = explode("$",$line); if ($data["0"] == $user){ $un = "yes"; } if ($data["1"] == $password){ $pw = "yes"; } } if (($un === "yes") && ($pw === "yes")){ echo "<h4> Hello <em>$user</em>!\n<br />"; }else { echo "<h3>Your username and/or password is incorrect.</h3>\n<br />"; echo "<a href='login.html'>Return to the login page.</a>\n<br />"; } fclose($fh); ?> I'm in the habit of verifying input client side. For example, there is a field to enter a number, and I ensure that it is within a particular range using Javascript. My backend PHP code does not do such checking... Is this bad? Should I be doing checking using my backend code and send a response back to the client to display a message? Admittedly, I avoid it, since it's a little extra work -- well more extra than just javascripts, IF-THEN-ALERT type statement. I have the following code: <?php include "connect.php"; ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Welcome</title> <script type="text/javascript" src="js/jquery.min.js"></script> <script type="text/javascript" src="js/jquery.ketchup.js"></script> <script type="text/javascript" src="js/jquery.ketchup.messages.js"></script> <script type="text/javascript" src="js/jquery.ketchup.validations.basic.js"></script> <script language="javascript" type="text/javascript" src="niceforms.js"></script> <link rel="stylesheet" type="text/css" media="all" href="niceforms-default.css" /> <link rel="stylesheet" type="text/css" media="screen" href="css/jquery.ketchup.css" /> </head> <body> <div id="container"> <?php if(!empty($_SESSION['connection_status']) && !empty($_SESSION['username'])) { ?> <form action="logout.php" class="niceform"> <fieldset> <legend>Member Area</legend> <div id= "container"> <p>Thanks for logging in <b><?=$_SESSION['username']?></b> !</p> <p><input type="submit" name="submit" id="submit" value="Logout" /></p> </div> </fieldset> </form> <?php } elseif(!empty($_POST['username']) && !empty($_POST['password'])) { $username = mysql_real_escape_string($_POST['username']); $password = md5(mysql_real_escape_string($_POST['password'])); $validation = mysql_query("SELECT * FROM users WHERE username = '".$username."' AND password = '".$password."'"); if(mysql_num_rows($validation) == 1) { $row = mysql_fetch_array($validation); $email = $row ['email']; $_SESSION['username'] = $username; $_SESSION['email'] = $email; $_SESSION['connection_status'] = 1; echo "<h1>Success</h1>"; echo "<p>Members area is loading.</p>"; echo "<meta http-equiv='refresh' content='=4;index.php' />"; } else { echo "<h1>Error</h1>"; echo "<p> There was an error, please try again <a href=\"index.php\">here </a> .</p>"; } } else { ?> <form method="post" action="index.php" name="loginform" id="loginform" class="niceform"> <fieldset> <legend>Member Login</legend> <p>Thanks for visiting. Please login below or click <a href="register.php">here</a> to register.</p> <dl> <dt><label for="username">Username:</label><br /></dt> <dd><input type="text" name="username" id="username" class= "validate(rangelength(4,30))"/></dd> </dl> <dl> <dt><label for="password">Password:</label><br /></dt> <dd><input type="password" name="password" id="password" class= "validate(rangelength(4,30))" /></dd> </dl> <p><a href="forgot_password.php">Forgot password?</a></p> </fieldset> <fieldset class="action"> <input type="submit" name="submit" id="submit" value="Sign In" /> </fieldset> </form> <?php } ?> </div> <script type = "text/javascript"> $(document).ready(function() { $('#loginform').ketchup(); }); </script> </boby> </html> When I try to login with true username/password, I always get: There was an error, please try again here . I'm trying to create a series of web pages that will lead to a FINAL SALE page. At that point, I require TWO things to happen. First, the customer must pay the displayed total. Second, some kind of automated receipt needs to be generated so that a script can allow the customer to progress further. An applicable example would be a customer navigating through web pages of paintings by different artists and then choosing to see Alfred's latest unreleased paintings for a $2 fee. After paying the $2, the next web page would validate receipt of the payment, and now allow the customer to access Alfred's gallery. Is there a template for this sort of thing? Obviously, an online payment would require a credit card. Any recommendations for service providers would be appreciated. I have contacted Pay Pal, but they seem trained to encourage Ebay type sales and insist that the email I receive as confirmation would be sufficient. However, that would require me to check my email and manually grant access to galleries without ever sleeping. LOL. I'm sure there is a more viable solution, but need some advice and guidance from those that have already traversed this obstacle. Ok So the main purpose of this is: 1). User has to grab a OTP from the generator (work's) 2) the OTC updates in the database field (work's) via the person's user_email 3). it sends an email containing the OTP what it is not doing is, when they go and login, it just keeps saying invalid login credentials. I'm pasting my code below to see if anyone can help me out here. this is still a work in progress. do_login.php (not working here) Keep's saying invalid password. <?php if(empty($_POST)) exit; include 'config.php'; // declare post fields $post_user_email = trim($_POST['user_email']); $post_password = trim($_POST['authcode']); $post_autologin = $_POST['autologin']; if(($post_user_email == $config_email) && ($post_password == $config_password)) { $_SESSION['Site-Key'] = $config_email; // Autologin Requested? if($post_autologin == 1) { $password_hash = md5($config_password); // will result in a 32 characters hash setcookie ($cookie_name, 'usr='.$config_email.'&hash='.$password_hash, time() + $cookie_time); } exit('OK'); } else { echo '<div id="error_notification">The submitted login info is incorrect.</div>'; } ?> Index.php <?php require_once 'config.php'; if(isset($_SESSION['google-ads123123'])) { header("Location: http://forum.site1.com"); exit; } ?> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML> <HEAD> <TITLE>Access Required</TITLE> <script type="text/javascript" src="js/mootools-1.2.1-core-yc.js"></script> <script type="text/javascript" src="js/process.js"></script> <link rel="stylesheet" type="text/css" href="style.css" /> </HEAD> <BODY> <center> <div id="status"> <fieldset><legend align="center">Authentication</legend> <div id="login_response"><!-- spanner --></div> <form id="login" name="login" method="post" action="do_login.php"> <table align="center" width="200" border="0"> <tr> <td width="80">Email</td><td><input id="user_email" type="text" name="user_email"></td> </tr> <tr> <td>AuthCode:</td> <td><input type="password" name="authcode"></td> </tr> <tr> <td> </td> <td><input type="checkbox" name="autologin" value="1">Remember Me</td> </tr> <tr> <td> </td> <td><input id="submit" type="submit" name="submit" value="Login"> <br /> <a href="getcode.php"> Get Auth Code </a> <div id="ajax_loading"><img align="absmiddle" src="images/spinner.gif"> Processing...</div></td> </tr> </table> </form> </fieldset> </div> </center> </BODY> </HTML> getcode.php (generates a MD5 and adds into db) <?php $db_host = '123'; $db_username = '123'; $db_password = '123'; $db_name = '123'; @mysql_connect($db_host, $db_username, $db_password) or die(mysql_error()); @mysql_select_db($db_name) or die(mysql_error()); // This is displayed if all the fields are not filled in $empty_fields_message = "<p>Please go back and complete all the fields in the form.</p>Click <a class=\"two\" href=\"javascript:history.go(-1)\">here</a> to go back"; // Convert to simple variables $email_address = $_POST['user_email']; if (!isset($_POST['user_email'])) { ?> <h2>Generate your Auth Code</h2> <form method="post" action="<?php echo $_SERVER['REQUEST_URI']; ?>"> <p class="style3"><label for="user_email">Email:</label> <input type="text" title="Please enter your email address" name="user_email" size="30"/></p> <p class="style3"><label title="Generate Auth Code"> </label> <input type="submit" value="Submit" class="submit-button"/></p> </form> <?php } elseif (empty($email_address)) { echo $empty_fields_message; } else { $status = "OK"; $msg=""; //error_reporting(E_ERROR | E_PARSE | E_CORE_ERROR); if (!stristr($email_address,"@") OR !stristr($email_address,".")) { $msg="Your email address is not correct<BR>"; $status= "NOTOK";} echo "<br><br>"; if($status=="OK"){ $query="SELECT username FROM users WHERE user_email = '$email_address'"; $st=mysql_query($query); $recs=mysql_num_rows($st); $row=mysql_fetch_object($st); $em=$row->user_email;// email is stored to a variable if ($recs == 0) { echo "<center><font face='Verdana' size='2' color=red><b>No Auth Code</b><br> Sorry Your address is not in our database ."; exit;} function makeRandomPassword() { $salt = "abchefghjkmnpqrstuvwxyz0123456789"; srand((double)microtime()*1000000); $i = 0; while ($i <= 7) { $num = rand() % 33; $tmp = substr($salt, $num, 1); $pass = $pass . $tmp; $i++; } return $pass; } $random_password = makeRandomPassword(); $db2_password = md5($random_password); $sql = mysql_query("UPDATE users SET authcode='$db2_password' WHERE user_email='$email_address'"); $subject = "Auth Code Verification"; $message = " Here is your Auth Code, Auth Code: $random_password Auth Code: $db2_password This is an automated response, please do not reply!"; mail($email_address, $subject, $message, "From: Auth Server<theslcguy@safe-mail.net.com>"); echo "Your Auth Code has been sent! <br /> Please check your email! <br /> Also Allow up to 5 minutes to recieve your Code...<br />"; echo "<br><br>Click <a href='http://auth.site1.com'>here</a> to login"; } else { echo "<center><font face='Verdana' size='2' color=red >$msg <br><br><input type='button' value='Retry' onClick='history.go(-1)'></center></font>";} } ?> Config.php <?php session_start(); // Start Session header('Cache-control: private'); // IE 6 FIX // always modified header('Last-Modified: ' . gmdate("D, d M Y H:i:s") . ' GMT'); // HTTP/1.1 header('Cache-Control: no-store, no-cache, must-revalidate'); header('Cache-Control: post-check=0, pre-check=0', false); // HTTP/1.0 header('Pragma: no-cache'); // ---------- LOGIN INFO ---------- // $config_email = $POST["user_email"]; $config_authcode = $POST["authcode"]; $cookie_name = 'google-ads123123'; $cookie_time = (3600 * 24 * 30); // 30 days if(!$_SESSION['google-ads123123']) { include_once 'autologin.php'; } ?> How do I apply double delete verification? Right now I have... Code: [Select] if (isset($_POST['delete'])) { if(is_array($_POST['delete'])) { $keys = array_keys($_POST['delete']); $id = $keys[0]; $sql = "DELETE FROM `blog_posts` WHERE `post_id` = '$id'"; header("Location: " . $_SERVER['php_self'] . "?" . $_SERVER['query_string'] ); } } if(isset($sql) && !empty($sql)) { mysql_query($sql) or die(mysql_error()); } which deletes the query great, but I want some box to pop up saying, are you sure you want to delete this post? I'm not sure how to create this verification. Basically I am writing my own voting system but I have a few problems and I would like to address them all in one post rather than three. First: The first thing I need help with is using CURL to check if a user actually voted at the remote top list website. Two: I need maybe a source script of a 10 digit hash generator that will display the hash generated and will insert it into the database This is currently what my hash generator looks like but I need someone to help me change it so that it will echo the actual hash generated and inserts it into the database, <?php function gen_md5_password($len = 6) { return substr(md5(rand().rand()), 0, $len); } ?> Three: I need some sort of way to tell the database that if they hash is not used within 24 hours, it will just dump or delete. How to remove the verification code here,i mean the captcha... <?php session_start(); if ($_POST['Submit'] == 'Send') { if (strcmp(md5($_POST['user_code']),$_SESSION['ckey'])) { header("Location: sendmail.php?msg=ERROR: Invalid Verification Code"); exit(); } $to = $_POST['toemail']; $subject = $_POST['subject']; $message = $_POST['message']; $fromemail = $_POST['fromemail']; $fromname = $_POST['fromname']; $lt= '<'; $gt= '>'; $sp= ' '; $from= 'From:'; $headers = $from.$fromname.$sp.$lt.$fromemail.$gt; mail($to,$subject,$message,$headers); header("Location: sendmail.php?msg= Mail Sent!"); exit(); } ?> <html> <head> <title>Email </title> </head> <body bgcolor="#ffffcc"> <h2 align="center"> </h2> <h3 align="center"> Please do not misuse this script. </h3><br> <p style="margin-left:15px"> <form action="sendmail.php" method="POST"> <b>From Name:</b><br> <input type="text" name="fromname" size="50"><br> <br><b>From Email:</b><br> <input type="text" name="fromemail" size="50"><br> <br><b>To Email:</b><br> <input type="text" name="toemail" size="50"><br> <br><b>Subject:</b><br> <input type="text" name="subject" size="74"><br> <br><b>Your Message:</b><br> <textarea name="message" rows="5" cols="50"> </textarea><br> <br><b>Verification Code:</b><br> <input name="user_code" type="text" size="25"> <img src="pngimg.php" align="middle"><br><br> <input type="submit" name="Submit" value="Send"> <input type="reset" value="Reset"> </form> </p> <?php if (isset($_GET['msg'])) { echo "<font color=\"red\"><h3 align=\"center\"> $_GET[msg] </h3></font>"; } ?> </body> </html> So, If I want to store something like: Code: [Select] Hello<br /> <b>This is a sentence </b> I would need to use htmlentities() So I could output the HTML after it's stored in the database safely? I am sending a email verification that a person registers on my site. I have two problems. Here is the email script: Code: [Select] $message = "Thank you for registering."; mail($email, 'Registration Confirmation', $message, 'From: noreply@website.com'); Problem 1: I have tried this on two different identical pages, index.php and register.php. It only works in the index page. Problem 2: When it does work on the index page, the From header does not show what is in the mail() function, it shows that it is from my host. What's up with that? Given the choice, I need to get problem 2 solved way more than problem 1. Thank you. This topic has been moved to PHP Regex. http://www.phpfreaks.com/forums/index.php?topic=354362.0 Hello, I didn't want to learn php; wish I could find a wysiwyg program to do basic coding ... so you know that I'm a noob. I have a php file that I've been working on. Most of the code was written by other people. I'm trying to add a checkbox that requires the user to agree to the terms of membership. The form works (for all other form entries) and it updates the database with "yes" in the field "agree" for the checkbox. What it doesn't do is verify that the checkbox is marked and prevent the user from continuing. At this time, the form updates regardles of the checkbox being marked or not. I have run out of hunches and need some expert eyes, please? i have a code that generates a random code and displays it as an image. But the problem the image can be displayed only if it is called before any other output. How do i run it so that it can be displayed after any output.. Code: [Select] <? //Security Word for the form $codelenght = 10; while($newcode_length < $codelenght) { $x=1; $y=3; $part = rand($x,$y); if($part==1){$a=48;$b=57;} // Numbers if($part==2){$a=65;$b=90;} // UpperCase if($part==3){$a=97;$b=122;} // LowerCase $code_part=chr(rand($a,$b)); $newcode_length = $newcode_length + 1; $newcode = $newcode.$code_part; } header('Content-Type: image/png'); $im = imagecreatetruecolor(200, 40); $white = imagecolorallocate($im, 255, 255, 255); $grey = imagecolorallocate($im, 128, 128, 128); $blue = imagecolorallocate($im, 0, 0, 238); $black = imagecolorallocate($im, 0, 0, 0); imagefilledrectangle($im, 1, 1, 200, 40, $white); $font = '/home/vhosts/master_files/advertising/fonts/arialbd.ttf'; imagettftext($im, 12, 0, 10, 18, $blue, $font, $newcode); imagepng($im); imagedestroy($im); ?> Hello Guys, I'm new here, I have been building some e-commerce sites with order forms, the order forms are simple mail form scripts. The problem is in order to mail these forms they require image verification and the php generated image does not show up on the server I am hosting it with. I have researched the problem and I have been told that this may be due to the server not having a GD library installed. My brother and I checked it out, and it was in fact installed so i'm guessing it may just not be configured. Whether than fighting with this though I thought it might just be easier to get rid of the image verification all together, my boss hated it anyway. The website I am working on is http://www.pwcwater.com if you click to buy something you will fill out shipping information and have a product selected. Next there is a screen where you fill out the billing and credit card information. That is where the image verification does not load. Also on the FAQ page there is another mailer form. If there is someone who can help me simply just get rid of the image verification I would really really appreciate it. Page A. (The Form) Code: [Select] <form action="contactus_send.php" method="post"> <div align="left"><strong>Name: </strong><br> <input name="name" type="text"> <br> <strong>Phone Number:</strong><br> <input name="phone" type="text"> <br> <strong>E-Mail: </strong><br> <input name="email" type="text"> <br> <br> <strong>Reason For Contacting Us:</strong><br> <select name="reason" id="reason" onChange="MM_jumpMenu('parent',this,0)"> <option>Sales Question</option> <option>Tech Question</option> <option>Website Question</option> <option>Suggestion</option> <option>Feedback</option> </select> <br> <br> <strong>Message:</strong><br> <textarea name="message" cols="60" rows="10"></textarea> <br> </div> Type verification image:</strong><br /> <input name="verif_box" type="text" id="verif_box" /> <img src="../verificationimage.php?<?php echo rand(0,9999);?>" alt="verification image, type it in the box" width="50" height="24" align="absbottom" /><br /> <!-- if the variable "wrong_code" is sent from previous page then display the error field --> <?php if(isset($_GET['wrong_code'])){?> <div style="border:1px solid #990000; background-color:#D70000; color:#FFFFFF; padding:4px; padding-left:6px;width:295px;">Wrong verification code</div> <br> <br /> <?php ;}?> <input name="Submit" type="submit" value="Submit"> </form> Page B (the mailer) Code: [Select] <?php // ----------------------------------------- // The Web Help .com // ----------------------------------------- // remember to replace you@email.com with your own email address lower in this code. // load the variables form address bar $subject = $_REQUEST["subject"]; $name = $_REQUEST["name"]; $phone = $_REQUEST["phone"]; $email = $_REQUEST["email"]; $reason = $_REQUEST["reason"]; $message = $_REQUEST["message"]; $from = $_REQUEST["from"]; $break = "\n\n"; $verif_box = $_REQUEST["verif_box"]; // remove the backslashes that normally appears when entering " or ' $eventtype = stripslashes($eventtype); $phone = stripslashes($phone); $name = stripslashes($name); $message = stripslashes($message); $subject = stripslashes($subject); $from = stripslashes($from); // check to see if verificaton code was correct if(md5($verif_box).'a4xn' == $_COOKIE['tntcon']){ // if verification code was correct send the message and show this page mail("domskidan@gmail.com", 'New Contact Message: '.$subject, "\n".'****** New Contact Message ******'.$break.'Name: '.$name.$break.'Phone Number: '.$phone.$break.'E-mail: '.$email.$break.'Reason For Contact: '.$reason.$break.'Message: '.$message.$break, "From: $from"); // delete the cookie so it cannot sent again by refreshing this page setcookie('tntcon',''); } else { // if verification code was incorrect then return to contact page and show error header("Location:".$_SERVER['HTTP_REFERER']."?subject=$subject&from=$from&message=$message&wrong_code=true"); exit; } ?> function isValidEmail($email){ return eregi("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$", $email); } How do I incorporate the code above into my code?? Code: [Select] <?php error_reporting(E_ALL ^ E_NOTICE); ?> <?php // make sure the form has actually been submitted . . . if( strtolower($_SERVER['REQUEST_METHOD']) === 'post' ) { // 1. Create a database connection $connection = mysql_connect("localhost", "root", "maven777"); if(!$connection){ die("Database connection failed: " .mysql_error()); } // 2. Select a database to use $db_select = mysql_select_db("homesloans", $connection); if(!$db_select){ die("Database selection failed: " .mysql_error()); } $radius = ($_POST['radius']); $type = ($_POST['type']); $price = ($_POST['price']); $bedrooms = ($_POST['bedrooms']); $bathrooms = ($_POST['bathrooms']); $parking = ($_POST['parking']); $city = ($_POST['city']); $details = ($_POST['details']); $firstname = ($_POST['firstname']); $lastname = ($_POST['lastname']); $email = ($_POST['email']); $phone = ($_POST['phone']); $query="INSERT INTO leads (leadid, city, radius, type, price, bedrooms, bathrooms, parking, details, firstname, lastname, email, phone) VALUES('NULL', '[$city]', '[$radius]', '[$type]', '[$price]', '[$bedrooms]', '[$bathrooms]', '[$parking]', '[$details]', '[$firstname]', '[$lastname]', '[$email]', '[$phone]')"; mysql_query($query) or die ('Error updating database'); echo "Database Successfully Updated."; // not necessarily. The only way to know for sure is to check that mysql_affected_rows() > 0 } ?> This topic has been moved to Miscellaneous. http://www.phpfreaks.com/forums/index.php?topic=353317.0 |