|
PHP - Login Attempt Page Limit
Hi guys, I am creating a piece of code that blocks a user a for 48 hours after attempting to login 5 times with the wrong password, within a 24hour period. If the user logs in successful within the 24hr and, it should reset the attempt count.
The issue I'm having ATM is that with the attempt count, It is only updating the first row of that user, if i attempt more times. Here is an example of whats going on:
User - Time - Attempt- count()
User 1 10:00pm Attempt 1 (5)
User 1 10:02pm Attempt 2 (4)
User 1 10:04pm Attempt 3 (3)
User 1 10:06pm Attempt 4 (2)
User 1 10:07pm Attempt 5 (1)
User 2 10:15pm Attempt 1 (2)
User 2 10:20pm Attempt 2 (1)
As you can see, all the attempts will increment (the numbers in the bracket) but the latest attempt will be set to one. How do I get it so that all the attempts are incremented so it looks like this.
User - Time - Attempt- count()
User 1 10:00pm Attempt 1 (5)
User 1 10:02pm Attempt 2 (5)
User 1 10:04pm Attempt 3 (5)
User 1 10:06pm Attempt 4 (5)
User 1 10:07pm Attempt 5 (5)
User 2 10:15pm Attempt 1 (2)
User 2 10:20pm Attempt 2 (2)
Here is a snippet of my code:
if (!$pw_ok) {
if (isset($_SERVER["REMOTE_ADDR"])) {
$str_RemoteHost = $_SERVER["REMOTE_ADDR"];
} else {
$str_RemoteHost = '';
}
$qry_WriteToDatabase = " INSERT INTO cms_user_login_attempts
(
cula_user_id,
cula_date_time,
cula_remote_host,
cula_attempt_count
)
VALUES (
" . $db->SQLString($row->user_id) . ",
Now(),
" . $db->SQLString($str_RemoteHost, true) . ",
'cula_attempt_count'
)";
$db->query($qry_WriteToDatabase);
$qry_UpdateCount = " UPDATE
cms_user_login_attempts
SET
cula_attempt_count = cula_attempt_count + 1
WHERE
cula_user_id = " . $db->SQLString($row->user_id) . " ";
$db->query($qry_UpdateCount);
$qry_CheckDatabase = " SELECT
CASE WHEN count(*) >= 5 THEN 0 ELSE 1 END as allowed_login
FROM
cms_user_login_attempts
WHERE
cula_date_time >= DATE_SUB(CURRENT_TIMESTAMP, interval 48 hour)
AND
cula_user_id = " . $db->SQLString($row->user_id) . "";
$rs_CheckDatabase = $db->query($qry_CheckDatabase);
if (! (isset($qry_CheckDatabase) && $qry_CheckDatabase)) {
$errors->defineError("invalid_user_pass", "Too many attempts, account locked for 48hours.", array("username","password"));
}
}
Edited by Navees_, 08 January 2015 - 06:15 PM. Similar Tutorialshope you all had a good Christmas/New Year. Incorrect login attempt 1 \/ Incorrect login attempt 2 \/ Incorrect login attempt 3 -->> ?forgot your login details? What's the most effecient way of achieving this? Is it to: 1. create a session for the user who hasn't logged in 2. the user login fails once, session['fail']=1 3. the user login fails twice, session['fail']=2 4. the user login fails for a third time pushing the session['fail'] count to three: this triggers an 'if' on the index.php prompting the user to retrieve their details through the "forgot login details system" However if the session['fail'] count never reaches 3 then this temp session is destroyed and the proper one created allowing the user into the site?? As usual any pointers into the correct direction here would be very much appreciated (and i try to repay by answering other peoples questions [where i can ]) So I have an application that allows users to earn points after logging in and visiting their account page using the following: Code: [Select] $addviews = mysql_query("UPDATE users SET viewlimit = viewlimit + 100 WHERE user_id = '".$_SESSION['userId'] . "' "); This works fine except that by simply refreshing the page the user will gain another 100 points, and on and on.... What would be a simple way to only award the points once a day? I want to query a database (search) and pass the desired columns from the search results to another page like so: Code: [Select] <?php //address error handling ini_set ('display_errors', 1); error_reporting (E_ALL & ~E_NOTICE); //authenticate user require('auth.php'); if (isset($_POST['submit'])) { // Connect to the database. require_once ('config.php'); //Query the database. $sql = "SELECT* FROM members INNER JOIN images ON members.member_id = images_member_id WHERE members.ethnicity = '{$_POST['ethnicity']}'"; $query = mysql_query($sql); if(mysql_num_rows($query) > 0){ while(($row = mysql_fetch_assoc($query)) !== false) { //Redirect to search results page. header("Location: search_results.php?friend='.$row['member_id'].'&me='.$_SESSION['id'].' &pic='.$row['image'].'&name='.$row['username'].'"); } } else { //If no results found. echo 'No results match this search query.' ; } } ?> I get the following error when i try to run the page (by submitting a form from another page which executes this page): Parse error: syntax error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING in /home/a4993450/public_html/profile_search.php on line 31 The culprit line is this one: header("Location: search_results.php?friend='.$row['member_id'].'&me='.$_SESSION['id'].' &pic='.$row['image'].'&name='.$row['username'].'"); As you can see, I eliminated all white space between the variables and concatenations, thinking that that was the problem but I keep getting the error message. I'm at a loss about what to do next. Any help? i am creating a responsive website.
I'll give you an example.
I am retriving 100 items from mysql database using php. I am only showing 20 items per page using simple pagination with arrows. I keep this format on desktop and tablets. However, I would like to show less items when I am viewing the page on a smartphone. So instead of 20 items per page, it'll show 5 items per page along with the pagination arrows.
I was wondering if this is possible with PHP or would I have to use javascript?
hi i need help an idea how can i separate members from admins since i dont know how to create login form i used tutorial ( http://www.youtube.com/watch?v=4oSCuEtxRK8 ) (its session login form only that i made it work other tutorials wre too old or something) how what i want to do is separate members and admins because admin need more rights to do now i have idea but dont know will it work like that what i want to do is create additional row in table named it flag and create 0 (inactive user) 1 (member) 2 (admin) will that work? and how can i create different navigation bars for users and admins? do you recommend that i use different folders to create it or just script based on session and flag? my coding is displaying all result in only one page.i want to limit it to 50result per page..can anyone give the suitable coding? right now,im using this <?php do { ?> <?php if ($totalRows_Recordset1 > 0) { // Show if recordset not empty ?> <tr bgcolor="#CCCCCC"> <td height="21"><div align="center"><span class="style17"> <?php $count=$count + 1; echo $count; ?> </span></div></td> <td><div align="center" class="style17"><?php echo $row_Recordset1['id']; ?></div></td> <td><div align="left" class="style17"><?php echo $row_Recordset1['name']; ?></div></td> <td><div align="center" class="style17"><a href="staf_info.php?id=<?php echo $row_Recordset1['id']; ?>"><img src="pic/b_view.png" width="16" height="16" border="0" /></a></div></td> <td><div align="center" class="style17"><a href="kemaskini_staf.php?id=<?php echo $row_Recordset1['id']; ?>"><img src="pic/b_edit.png" width="16" height="16" border="0" /></a></div> <div align="center" class="style17"></div></td> <td><div align="center" class="style17"><a href="staf_delete.php?id=<?php echo $row_Recordset1['id']; ?>"><img src="pic/b_drop.png" alt="padam" width="16" height="16" border="0" /></a><a href="staf_delete.php?id=<?php echo $row_Recordset1['id']; ?>"></a></div></td> </tr> <?php } // Show if recordset not empty ?> <?php } while ($row_Recordset1 = mysql_fetch_assoc($Recordset1)); ?> Unless buffer overflows or breaking out of code to perform a new command are problems that have been solved.... I am trying to figure out the proper PHP method for setting a boundary on a variable within a script. I have this variable $name which is fed a value from $_POST['name'] from a form field. Now this form field is limited in the HTML to accept only 20 characters, but someone could easily edit the form or outgoing post data. So I want to know how to limit the variable size in the script. In other languages it could be something like this: var name(20). So how do I do that in PHP? Hi all, I need your help as I have got a problem with display the 50 rows in the search results. I want to limit 50 rows in per page and if I have less than 50 rows like 21 rows in the page 2 then display the 21 rows. I have got a problem with the limit, because when I tried to use `LIMIT 0, 50`, it will display total 71 rows which I only want to display no more than 50 in per page. Here is what I have tried:
$search_mailbox = $link->prepare("SELECT * FROM $folder WHERE from_email LIKE ? OR subject LIKE ? OR message LIKE ? ORDER BY received_date DESC LIMIT 0, 50");
$search_mailbox->execute([$searchemail, $searchsubject, $searchmessage]);
$search_mailbox = $link->prepare("SELECT * FROM $folder WHERE from_email LIKE ? OR subject LIKE ? OR message LIKE ? ORDER BY received_date DESC LIMIT $offset, $limit");
$search_mailbox->execute([$searchemail, $searchsubject, $searchmessage]);
Here is the full code:
<?php
// Initialize the session
session_start();
//Connect to the database
require_once('config.php');
$searchemail = '%' . 'gmail.com' . '%';
$searchsubject = '%' . 'gmail.com' . '%';
$searchmessage = '%' . 'gmail.com' . '%';
$mailbox = $link->prepare("SHOW TABLES");
$mailbox->execute();
$folders = array();
$total = 0;
$total_rows = 0;
$i = 0;
while ($folder = $mailbox->fetch(PDO::FETCH_NUM)) {
$folder = $folder[0];
if (strpos($folder, 'users') !== false) {
$folder = str_replace('users', '', $folder);
}
else
{
$folders[$i] = $folder;
}
$i++;
}
foreach($folders as $folder) {
$search_mailbox = $link->prepare("SELECT * FROM $folder WHERE from_email LIKE ? OR subject LIKE ? OR message LIKE ? ORDER BY received_date DESC LIMIT 0, 50");
$search_mailbox->execute([$searchemail, $searchsubject, $searchmessage]);
if ($search_mailbox->rowCount() > 0) {
$total += $search_mailbox->rowCount();
}
}
$page = 1;
$limit = 50;
//$per_page = 50;
//$pages = ceil($total / $per_page);
$offset = ($page - 1) * $limit;
foreach($folders as $folder) {
$search_mailbox = $link->prepare("SELECT * FROM $folder WHERE from_email LIKE ? OR subject LIKE ? OR message LIKE ? ORDER BY received_date DESC LIMIT $offset, $limit);
$search_mailbox->execute([$searchemail, $searchsubject, $searchmessage]);
if ($search_mailbox->rowCount() > 0) {
foreach($search_mailbox->fetchAll() as $k => $row) {
$email_number = $row['id'];
$search_from = $row['from_email'];
$search_subject = $row['subject'];
$total_rows++;
echo $search_subject . '.........................' . $total_rows;
echo "<br>";
}
}
}
?>
I am unable to fetch the first 50 rows in the page 1 and I am also unable to fetch the 21 rows in the page 2. What I am trying to achieve is when I am in page 1, I want to display the first 50 rows, then in the page 2 if I have another 50 rows then display the 50 rows, but if I have less than 50 rows like 21 rows then display the 21 rows. Can you please show me an example how I can start with first 50 rows when I am in the page 1 then in page 2 display 21 rows to make in total 71 rows? Any advice would be much appreicated. Thanks in advance. Can someoneplease help, I need to setup an error page like IF Username and Password are wrong then show an error also if there is no username or password in the fields and I just click LOGIN, I get a blank page?! Can someone please help me here or point me to a relevant tutorial? thanks here is my page: http://www.retroandvintage.co.uk/default.php here is my code: Code: [Select] <?php session_start(); include_once("config.php"); $ebits = ini_get('error_reporting'); error_reporting($ebits ^ E_NOTICE); /* Login script: This script does the following: Checks that the user is NOT already logged in - if they are they are redirected to the members page by the 'checkLoggedIn()' function. Checks if the login form has been submitted - if so, the 'login' and 'password' fields are checked to ensure they are of the correct format and length. If there are any problems here an error is added to the $messages array and then the script executes the 'doIndex()' function - this function basically outputs the main 'index' page for this script - ie the login form. If there are no problems with the previous step, the 'login' and 'password' field data is passed to the 'checkPass' function to check that an entry exists in the 'users' table for that login/password pair. If nothing is returned from the 'checkPass()' function, an error is added to the $messages array and the 'doIndex()' function is called as above. If a row of data is returned from the 'users' table, the data is passed to the 'cleanMemberSession()' function - which initializes session variables and logs the user in. The user is then forwarded to the members page. If the form hasn't yet been submitted, then the 'doIndex()' function is called and the login page is displayed. */ // Check user not logged in already: checkLoggedIn("no"); // Page title: $title="Member Login Page"; // if $submit variable set, login info submitted: if(isset($_POST["submit"])) { // // Check fields were filled in // // login must be between 4 and 15 chars containing alphanumeric chars only: field_validator("rsUser", $_POST["rsUser"], "alphanumeric", 4, 15); // password must be between 4 and 15 chars - any characters can be used: field_validator("rsPass", $_POST["rsPass"], "string", 4, 15); // if there are $messages, errors were found in validating form data // show the index page (where the messages will be displayed): if($messages){ doIndex(); // note we have to explicity 'exit' from the script, otherwise // the lines below will be processed: exit; } // OK if we got this far the form field data was of the right format; // now check the user/pass pair match those stored in the db: /* If checkPass() is successful (ie the login and password are ok), then $row contains an array of data containing the login name and password of the user. If checkPass() is unsuccessful however, $row will simply contain the value 'false' - and so in that case an error message is stored in the $messages array which will be displayed to the user. */ if( !($row = checkPass($_POST["rsUser"], $_POST["rsPass"])) ) { // login/passwd string not correct, create an error message: $messages[]="Incorrect login/password, try again"; } /* If there are error $messages, errors were found in validating form data above. Call the 'doIndex()' function (which displays the login form) and exit. */ if($messages){ doIndex(); exit; } /* If we got to this point, there were no errors - start a session using the info returned from the db: */ cleanMemberSession($row["rsUser"], $row["rsPass"]); // and finally forward user to members page (populating the session id in the URL): header("Location: main.php"); } else { // The login form wasn't filled out yet, display the login form for the user to fill in: doIndex(); } /* This function displays the default 'index' page for this script. This consists of just a simple login form for the user to submit their username and password. */ function doIndex() { /* Import the global $messages array. If any errors were detected above, they will be stored in the $messages array: */ global $messages; /* also import the $title for the page - note you can normally just declare all globals on one line - ie: global $messages, $title; */ global $title; } // drop out of PHP mode to display the plain HTML: ?> <!doctype html> <html> <head> <title>List of Pubs and Bars in the UK</title> <meta name="description" content="Pubs and bars in the UK, nightlife for food and drink" /> <meta name="keywords" content="Pubs, bars, List, uk, nightlife, drinking, drinks, beer, lager, food" /> <meta name="Content-Language" content="en-gb" /> <meta name="robots" content="FOLLOW,INDEX" /> <meta name="revisit-after" content="2 days" /> <meta name="copyright" content="jbiddulph.com" /> <meta name="author" content="John Biddulph - Professional web site design and development in the south of england mainly worthing and brighton" /> <meta name="distribution" content="Global" /> <meta name="resource-type" content="document" /> <link rel="stylesheet" type="text/css" href="css/reset.css" /> <link rel="stylesheet" type="text/css" href="css/ui-lightness/jquery-ui-1.8.6.custom.css" title="default" /> <link rel="alternate stylesheet" type="text/css" href="css/south-street/jquery-ui-1.8.6.custom.css" title="1" /> <link rel="alternate stylesheet" type="text/css" href="css/redmond/jquery-ui-1.8.6.custom.css" title="2" /> <script type="text/javascript" src="js/stylechanger.js"></script> <script type="text/javascript" src="js/jquery-1.4.2.min.js"></script> <script type="text/javascript" src="js/jquery-ui-1.8.6.custom.min.js"></script> <script type="text/javascript"> $(function(){ // Accordion $("#accordion").accordion({ header: "h3" }); // Tabs $('#tabs').tabs(); // Dialog $('#dialog').dialog({ autoOpen: false, width: 600, buttons: { "Ok": function() { $(this).dialog("close"); }, "Cancel": function() { $(this).dialog("close"); } } }); // Dialog Link $('#dialog_link').click(function(){ $('#dialog').dialog('open'); return false; }); // Datepicker $('#datepicker').datepicker({ inline: true }); //hover states on the static widgets $('#dialog_link, ul#icons li').hover( function() { $(this).addClass('ui-state-hover'); }, function() { $(this).removeClass('ui-state-hover'); } ); }); </script> <script type="text/javascript"> function lookup(inputString) { if(inputString.length == 0) { // Hide the suggestion box. $('#suggestions').hide(); } else { $.post("rpc.php", {queryString: ""+inputString+""}, function(data){ if(data.length >0) { $('#suggestions').show(); $('#autoSuggestionsList').html(data); } }); } } // lookup function fill(thisValue) { $('#inputString').val(thisValue); setTimeout("$('#suggestions').hide();", 200); } </script> </head> <body> <?php if($messages) { displayErrors($messages); }?> <header> <div id="title"> <h1>My Pub Space <a href="#" onClick="setActiveStyleSheet('default'); return false;"><img src="images/0.gif" width="15" height="15" border="0" alt="css style" /></a> <a href="#" onClick="setActiveStyleSheet('1'); return false;"><img src="images/1.gif" width="15" height="15" border="0" alt="css style" /></a> <a href="#" onClick="setActiveStyleSheet('2'); return false;"><img src="images/2.gif" width="15" height="15" border="0" alt="css style" /></a> <span> <form method="post" class="textbox" action="search.php"> Town/City: <input type="text" size="26" class="searchbox" value="" name="rsTown" id="inputString" onKeyUp="lookup(this.value);" onBlur="fill();" /> <div class="suggestionsBox" id="suggestions" style="display: none;"> <img src="images/upArrow.png" style="position: relative; top: -36px; left: 105px; z-index:1;" alt="upArrow" /> <div class="suggestionList" id="autoSuggestionsList"> </div> </div> <input type="image" src="images/go.png" height="30" with="30" value="GO" /> </form> </span> </h1> </div> </header> <nav> <ul> <li class="selected"><a href="default.php">Home</a></li> <li><a href="#">Pubs</a></li> <li><a href="#">Members</a></li> <li><a href="#">Events</a></li> <li><a href="register.php">Register</a></li> </ul> </nav> <section id="intro"> <header> <h2>Your social guide to going down the pub, online!</h2> </header> <p>Stuck in town with nowhere to go? Not sure if up the road or down the street is best? Need to be somewhere warm, cosy and friendly. Need a drink?....<br />You've come to the right place, mypubspace has it all!</p> <img src="images/pub.jpg" alt="pub" /> </section> <div id="content"> <div id="mainContent"> <section> <article class="blogPost"> <header> <h2>Pubs and Bars UK Listing</h2> </header> <?php $tableName="pubs"; $targetpage = "default.php"; $limit = 20; $query = "SELECT COUNT(*) as num FROM $tableName"; $total_pages = mysql_fetch_array(mysql_query($query)); $total_pages = $total_pages['num']; $stages = 3; $page = mysql_escape_string($_REQUEST['page']); if( isset($_REQUEST['page']) && ctype_digit($_REQUEST['page']) ) { $page = (int) $_GET['page']; $start = ($page - 1) * $limit; }else{ $start = 0; } // Get page data $query1 = "SELECT * FROM $tableName LIMIT $start, $limit"; $result = mysql_query($query1); // Initial page num setup if ($page == 0){$page = 1;} $prev = $page - 1; $next = $page + 1; $lastpage = ceil($total_pages/$limit); $LastPagem1 = $lastpage - 1; $paginate = ''; if($lastpage > 1) { $paginate .= "<div class='paginate'>"; // Previous if ($page > 1){ $paginate.= "<a href='$targetpage?page=$prev'>previous</a>"; }else{ $paginate.= "<span class='disabled'>previous</span>"; } // Pages if ($lastpage < 7 + ($stages * 2)) // Not enough pages to breaking it up { for ($counter = 1; $counter <= $lastpage; $counter++) { if ($counter == $page){ $paginate.= "<span class='current'>$counter</span>"; }else{ $paginate.= "<a href='$targetpage?page=$counter'>$counter</a>";} } } elseif($lastpage > 5 + ($stages * 2)) // Enough pages to hide a few? { // Beginning only hide later pages if($page < 1 + ($stages * 2)) { for ($counter = 1; $counter < 4 + ($stages * 2); $counter++) { if ($counter == $page){ $paginate.= "<span class='current'>$counter</span>"; }else{ $paginate.= "<a href='$targetpage?page=$counter'>$counter</a>";} } $paginate.= "..."; $paginate.= "<a href='$targetpage?page=$LastPagem1'>$LastPagem1</a>"; $paginate.= "<a href='$targetpage?page=$lastpage'>$lastpage</a>"; } // Middle hide some front and some back elseif($lastpage - ($stages * 2) > $page && $page > ($stages * 2)) { $paginate.= "<a href='$targetpage?page=1'>1</a>"; $paginate.= "<a href='$targetpage?page=2'>2</a>"; $paginate.= "..."; for ($counter = $page - $stages; $counter <= $page + $stages; $counter++) { if ($counter == $page){ $paginate.= "<span class='current'>$counter</span>"; }else{ $paginate.= "<a href='$targetpage?page=$counter'>$counter</a>";} } $paginate.= "..."; $paginate.= "<a href='$targetpage?page=$LastPagem1'>$LastPagem1</a>"; $paginate.= "<a href='$targetpage?page=$lastpage'>$lastpage</a>"; } // End only hide early pages else { $paginate.= "<a href='$targetpage?page=1'>1</a>"; $paginate.= "<a href='$targetpage?page=2'>2</a>"; $paginate.= "..."; for ($counter = $lastpage - (2 + ($stages * 2)); $counter <= $lastpage; $counter++) { if ($counter == $page){ $paginate.= "<span class='current'>$counter</span>"; }else{ $paginate.= "<a href='$targetpage?page=$counter'>$counter</a>";} } } } // Next if ($page < $counter - 1){ $paginate.= "<a href='$targetpage?page=$next'>next</a>"; }else{ $paginate.= "<span class='disabled'>next</span>"; } $paginate.= "</div>"; } echo $total_pages.' Results'; // pagination echo $paginate; ?> <div id="accordion"> <?php while($row = mysql_fetch_array($result)) { echo '<div><h3><a href=\"#\">'.$row['rsPubName'].'</a></h3><div>'.$row['rsAddress'].'<br />'.$row['rsTown'].', '.$row['rsCounty'].'<br />'.$row['rsPostCode'].'<br /><br />Region: '.$row['Region'].'<br /><br />Telephone: '.$row['rsTel'].'</div></div>'; } ?> </div> </article> </section> </div> <aside> <section> <header> <h3>Members Login Area</h3> </header> <form method="post" class="textbox" action="<?php print $_SERVER["PHP_SELF"]; ?>"> Username: <br /> <input type="text" class="textbox" name="rsUser" value="<?php print isset($_POST["rsUser"]) ? $_POST["rsUser"] : "" ; ?>"> Password: <br /> <input type="password" class="textbox" name="rsPass"> <br /> <br /> <input name="submit" class="ui-button ui-widget ui-state-default ui-corner-all ui-button-text-only" type="submit" value="Login"> <br /> </form> <ul> <li><button id="button" class="ui-button ui-widget ui-state-default ui-corner-all ui-button-text-only" role="button" aria-disabled="false"><span class="ui-button-text"><a href="register.php">Sign up</a></span></button></li> <li><button id="button" class="ui-button ui-widget ui-state-default ui-corner-all ui-button-text-only" role="button" aria-disabled="false"><span class="ui-button-text"><a href="forgot.php">Forgot Password</a></span></button></li> </ul> </section> <section> <header> <h3>Quick Search</h3> </header> <ul> <li><a href="#">Coming Soon!</a></li> </ul> </section> </aside> </div> <footer> <div> <section id="about"> <header> <h3>About</h3> </header> <p>My Pub Space is one of the largest and newest UK Pubs and Bars Listing sites online. It is not just a list of pubs, we have added a touch of interactive social pubbing experience online! Once registered, you can view information on pubs in your area, write reviews, organise your evenings out!</p> </section> <section id="blogroll"> <header> <h3>Links</h3> </header> <ul> <li><a href="#">Coming Soon!</a></li> </ul> </section> <section id="popular"> <header> <h3>Popular</h3> </header> <ul> <li><a href="#">Coming Soon!</a></li> </ul> </section> </div> </footer> </body> </html> Hi, I am a php newbie, who has a page that relies on some php scripts, and to which I am trying to add a login page written in php. I took the example from he http://www.howtodothings.com/computers-internet/how-to-make-a-login-system-for-your-website Basically it consists of adding: <? require("log.php"); ?> to the top of any page I want to protect, a log.php file which performs the actions of the form, linking to a mySQL database, and a login.php file which contains the form. I have the login working fine, but it breaks one of the PHP scripts on the page that is protected. It is an upload script, called Weaverbox, based on FancyUpload. The uploads which are handled by a file called upload.php, aren't happening. The progress shows that they are being uploaded, but nothing is uploaded, and there is no success message. As soon as I remove the code from the top of the page requiring log.php all works fine again. I think I may have to add some rules/extensions to resolve this conflict, but I don't know how to go about this. Would someone be able to help me get it sorted? Thanks Nick ONE of my SESSION values isn't remaining after login while others do. This works fine on my localhost, it's on the live site that there is a problem and it just started yesterday. Before that it worked great. Out of the four SESSIONs made I can only echo three values on other pages, member id the most important doesn't transfered to other pages Notes: all these files are in the same folder, there is a SESSION started for the member id on the login page, you can see that it is used in the redirect below and the redirect works fine with the redirect going to the correct page " $home/member/index.php?user=$id_mem " Here is the login page // Here's the basic login page info <?php # login.php session_start(); ob_start() ...connect to db & header called... ...Form validation..... if ($e && $p) { // If everything's OK. // Query the database: $q = "SELECT id_mem, display_name, mem_group FROM sn_members WHERE (email='$e' AND password=SHA1('$p')) AND active IS NULL"; $r = mysqli_query ($dbc, $q) or trigger_error("Query: $q\n<br />MySQL Error: " . mysqli_error($dbc)); // or die("Error: ".mysqli_error($dbc)); if (@mysqli_num_rows($r) == 1) { // If a match was made. // Register the values & redirect: // Give SELECTED elements a session $_SESSION = mysqli_fetch_array ($r, MYSQLI_ASSOC); $_SESSION['agent'] = md5($_SERVER['HTTP_USER_AGENT']); mysqli_free_result($r); // Update db for last login $id_mem = $_SESSION['id_mem']; // <<< SESSION member id has a value here because it's used in the redirect below $ip = $_SERVER['REMOTE_ADDR']; // Get ip address of person logging in $q = "UPDATE sn_members SET last_login = Now(), ip = '$ip' WHERE id_mem = '$id_mem' LIMIT 1"; $r = mysqli_query ($dbc, $q) or trigger_error("Query: $q\n<br />MySQL Error: " . mysqli_error($dbc)); header("Location: $home/member/index.php?user=$id_mem"); exit(); // Quit the script. } ?> Here is the main page that a user would be redirect to above <?php // /member/ all member info is through this folder session_start(); ob_start(); if (isset($_GET['user']) && is_numeric($_GET['user'])) { $user = $_GET['user']; $user = $user; if ($user < 0) { header("Location: $home/index.php"); exit(); } } if ((!isset($_SESSION['id_mem'])) && (!isset($_SESSION['agent']) OR ($_SESSION['agent'] != md5($_SERVER['HTTP_USER_AGENT'])))){ // If not a logged in member redirect header("Location: $home/index.php"); exit(); // Quit the script. } ?> Thanks in advance for the help SJ Hello, I am once again desperately asking for your help, I am working on a simple login page and I am having trouble actually getting it to login. I display error messages for if the user doesn't enter anything but I can't seem to get it to work for if the credentials are wrong. It logs the user in whether the information is right or not and i dont even know what to do now
This is the code any suggestions would be greatly appreciated
<?php
/*
Name: Deanna Slotegraaf
Course Code: WEBD3201
Date: 2020-09-22
*/
$file = "sign-in.php";
$date = "2020-09-22";
$title = "WEBD3201 Login Page";
$description = "This page was created for WEBD3201 as a login page for a real estate website";
$banner = "Login Page";
require 'header.php';
$error = "";
if($_SERVER["REQUEST_METHOD"] == "GET")
{
$username = "";
$password = "";
$lastaccess = "";
$error = "";
$result = "";
$validUser = "";
}
else if($_SERVER["REQUEST_METHOD"] == "POST")
{
$conn;
$username = trim($_POST['username']); //Remove trailing white space
$password = trim($_POST['password']); //Remove trailing white space
if (!isset($username) || $username == "") {
$error .= "<br/>Username is required";
}
if (!isset($password) || $password == ""){
$error .= "<br/>Password is required";
}
if ($error == "") {
$password = md5($password);
$query = "SELECT * FROM users WHERE EmailAddress='$username' AND Password='$password'";
$results = pg_query($conn, $query);
//$_SESSION['username'] = $username;
//$_SESSION['success'] = "You are now logged in";
header('location: dashboard.php');
}else {
$error .= "Username and/or Password is incorrect";
}
}
?>
<div class = "form-signin">
<?php
echo "<h2 style='color:red; font-size:20px'>".$error."</h2>";
?>
<form action = "<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
<label for="uname"><b>Login ID</b></label>
<input type="text" name="username" value="<?php echo $username; ?>"/>
<br/>
<label for="psw"><b>Password</b></label>
<input type="password" name="password" value="<?php echo $password; ?>"/>
<br/>
<button type="submit" name="login_user">Login</button>
<button type="reset">Reset</button></div>
</form>
</div>
<?php require "footer.php"; ?>
Hi all. I`m starting with the php programming and i try to create a simple questionnaire i want to ask few questions with few possible answers could anyone give me any sample how the code should look like, i`ve created few quetsions but they are all seperate code, how can i put them together into one code? any suggestions? Thanks Lately I've been telling myself to start touching up my security when it comes to passwords, so here I am with another question on PHPFreaks. I've read several salting guides, but I still have a few lingering questions. One of which is: once a salt has been created (see my function below), do I store it in a column named "salt" for each user in the "users" table? It seems like if a hacker got a hold of the database information, they could just ignore the salt and go straight to deciphering a user's hashed password. Just curious about that... Now, onto my simple function I decided to write to give this a try: function generateSalt($username) { //length of salt $char_max = 21; $char_list = array('A', 'B', 'C', 'D', 'G', 'Z', rand(0,200), 9, 8, 6, rand(3,55), rand(7, 1444)); //random numbers and letters will be appended to this variable $gen_chars = ''; for($x = 0; $x < 10; $x++) { $gen_chars .= $char_list[rand(0, count($char_list))]; } //random addition to salt $gen_chars = hash(sha256, $gen_chars); //shorten then hash -- max 5 chars $shorten_user = substr(sha1(strpos($username, 0, 3)), 0, 5); //salt var $salt = $gen_chars.$shorten_user.date('M-d-Y h:m:s'); $salt = substr(hash(sha256, $salt), 0, $char_max); return $salt; } Any feedback regarding this function? I've read that MD5 isn't really reliable, and people should be using SHA256, so I decided to go with that. I also tried to make each user's salt really random and unique. But how does this affect the user's password or make it any securer if I can't combine the salt and password? I know for a fact that I'm missing a piece of information or doing something wrong, so if anyone could help me out: that'd be very appreciated. Hey guys! In my tutorials they were putting together a login system. After I watched the tutorial I decided to put one together that was my own. also, the tutorial only used MD5. After I read the post on the top of this forum about MD5 I decided to give salt a go on my own to see if I could pull it off. I'd like to hear what more experienced coders have to say about my code, but I'd appreciate it if you went easy on me lol. I'm quite happy with myself that I put this together all on my own and it works, I have tested it with my database lol. Code: (php) [Select] <?php //Check for form values in POST array// if (isset($_POST['username'])&& isset($_POST['password'])){ //strip tags and whitespace from user// if(!empty($_POST['username'])){ $T_user = strip_tags($_POST['username']); $user = str_replace(' ','',$T_user); }else{ $user = false; } //strip tags and spaces// if(!empty($_POST['password'])){ $T_pass = strip_tags($_POST['password']); $T2_pass = str_replace(' ', '', $T_pass); //Generate SALT and encrypt// $salt = 'angelinajolie'; $pass = md5($T2_pass.$salt); }else{ $pass = false; } //Check User and Pass for NULL then query database// if($pass || $user != false){ $query = "SELECT id FROM users WHERE username = '$user' AND password ='$pass'"; $query_run = mysql_query($query); $query_rows = mysql_num_rows($query_run); if($query_rows == 0){ echo 'Password and/or Username are invalid!'; echo $query_rows; }else if ($query_rows != 0){ echo 'Welcome back!'; } }else{ echo 'Must specify Username and Password!'; } } ?> <form action="<?php echo $current_file; ?>" method="POST"> Username: <input type="text" name="username" /> Password: <input type="password" name="password" /> <input type="submit" value="Login" /> </form> I stumbled across this site after being slammed hard elsewhere for being a novice and really not knowing what I am doing. What I have read so far is more encouraging. I just wrote my first program in php and it is not working at all right now. All it keeps doing is opening window after window until I force the browser to close. I am using a Mac running Yosemite and using MAMP. Hopefully that is enough background.
I know this is an introduction area, so I will also post this in another forum in case this is closed for being off topic.
This is a login file to connect to the server:
<?php // login.php
// Get connection information
echo <<<_END
<form method = "post" action = "login.php">
<pre>
<input type = "text" name = "localhost" />host server<br />
<input type = "text" name = "username" />Username<br />
<input type = "text" name = "password" /><br />
<br />
<input type = "submit" value = "submit" />
</form>
_END
$db_server = sanitize_string($localhost);
$db_username = sanitize_string($username);
$db_password = sanitize_string($password);
/*
$user = 'root';
$password = 'root';
$db = 'rpsls';
$host = 'localhost';
$port = 3306;
$link = mysql_connect(
"$host:$port",
$user,
$password
);
$db_selected = mysql_select_db(
$db,
$link
);
*/
mysql_connect($db_server, $db_username, $db_password) or die(mysql_error());
// Create rpsls table if it does not exist
$tbl = "rpsls";
$query = "CREATE TABLE rpsls(human VARCHAR(10), computer VARCHAR(10), outcome VARCHAR(5),
action VARCHAR(15));
INSERT INTO rpsls (human, computer, outcome, action) VALUES ("Rock", "Paper", "Lose", "Covers");
INSERT INTO rpsls (human, computer, outcome, action) VALUES ("Rock", "Scissors", "Win", "Crushes");
INSERT INTO rpsls (human, computer, outcome, action) VALUES ("Rock", "Lizard", "Win", "Crushes");
INSERT INTO rpsls (human, computer, outcome, action) VALUES ("Rock", "Spock", "Lose", "Vaporizes");
INSERT INTO rpsls (human, computer, outcome, action) VALUES ("Paper", "Rock", "Win", "Covers");
INSERT INTO rpsls (human, computer, outcome, action) VALUES ("Paper", "Scissors", "Lose", "Cuts");
INSERT INTO rpsls (human, computer, outcome, action) VALUES ("Paper", "Lizard", "Lose", "Eats");
INSERT INTO rpsls (human, computer, outcome, action) VALUES ("Paper", "Spock", "Win", "Disproves");
INSERT INTO rpsls (human, computer, outcome, action) VALUES ("Scissors", "Lizard", "Win", "Decapitates");
INSERT INTO rpsls (human, computer, outcome, action) VALUES ("Scissors", "Spock", "Lose", "Smashes");
INSERT INTO rpsls (human, computer, outcome, action) VALUES ("Scissors", "Rock", "Lose", "Crushes");
INSERT INTO rpsls (human, computer, outcome, action) VALUES ("Scissors", "Paper", "Win", "Cuts");
INSERT INTO rpsls (human, computer, outcome, action) VALUES ("Lizard", "Spock", "Win", "Poisons");
INSERT INTO rpsls (human, computer, outcome, action) VALUES ("Lizard", "Rock", "Lose", "Crushes");
INSERT INTO rpsls (human, computer, outcome, action) VALUES ("Lizard", "Paper", "Win", "Eats");
INSERT INTO rpsls (human, computer, outcome, action) VALUES ("Lizard", "Scissors", "Lose", "Decapitates");
INSERT INTO rpsls (human, computer, outcome, action) VALUES ("Spock", "Rock", "Win", "Vaporizes");
INSERT INTO rpsls (human, computer, outcome, action) VALUES ("Spock", "Paper", "Lose", "Disproves");
INSERT INTO rpsls (human, computer, outcome, action) VALUES ("Spock", "Scissors", "Win", "Smashes");
INSERT INTO rpsls (human, computer, outcome, action) VALUES ("Spock", "Lizard", "Lose", "Poisons");";
check_table($tbl, $query);
// Create choices table if it does not exist
$tbl = "choices";
$query = "CREATE TABLE choices(id SMALLINT, choice VARCHAR(10));
INSERT INTO choices (id, choice) VALUES (1, "Rock");
INSERT INTO choices (id, choice) VALUES (2, "Paper");
INSERT INTO choices (id, choice) VALUES (3, "Scissors");
INSERT INTO choices (id, choice) VALUES (4, "Lizard");
INSERT INTO choices (id, choice) VALUES (5, "Spock");";
check_table($tbl, $query);
// Sanitize user input
function sanitize_string($var)
{
$var = stripslashes($var);
$var = htmlentities($var);
$var = strip_tags($var);
return $var;
}
function check_table($tbl, $query){
$db = new mysqli(...);
$result = $db->query("SHOW TABLES LIKE "$tbl);
if ($result->num_rows == 0){
mysql_query($query);
}
}
?>
and this is the program:
<?php
// log into server and database
require_once 'login.php';
$db_server = mysql_connect($db_hostname, $db_username, $db_password);
if (!$db_server) die("Unable to connect to MySQL: " . mysql_error());
$conn = mysql_connect($db_server, $db_username, $db_password) or die(mysql_error());
$db_database = 'rpsls';
mysql_select_db($db_database) or die("Unable to select database: " . mysql_error());
// Start Game
ready_to_play();
// Rock Paper Scissors Lizard Spock game
function rock_paper_scissors_lizard_spock()
{
$human = human_play();
$computer = computer_play();
game_outcome($human, $computer);
play_again();
// Start Game Function
function ready_to_play(){
echo <<<_END
<form method = "post" action = "rpsls.php">
<h2>Ready to play Rock, Paper, Lizard, Spock?</h2>
<hr>
<table>
<tr>
<td><input type = "radio" name = "ready" value = "Yes" />Yes</td>
<td><input type = "radio" name = "ready" value = "No" />No</td>
</tr>
<tr>
<td colspan = "2"><input type = "submit" value = "Play!" /></td>
</tr>
</table>
</form>
_END
if ($ready == "Yes"){
$query = "CREATE TABLE gameResults (
games SMALLINT NOT NULL,
win SMALLINT NULL,
loss SMALLINT NULL,
draw SMALLINT NULL,
PRIMARY KEY (games))";
mysql_query($query);
rock_paper_scissors_lizard_spock();
}else{
close_rpsls();
}
}
// Play Again
// Start Game Function
function play_again()
{
echo <<<_END
<form method = "post" action = "rpsls.php">
<h2>Play Again?</h2>
<hr>
<table>
<tr>
<td><input type = "radio" name = "ready" value = "Yes" />Yes</td>
<td><input type = "radio" name = "ready" value = "No" />No</td>
</tr>
<tr>
<td colspan = "2"><input type = "submit" value = "Play!" /></td>
</tr>
</table>
</form>
_END
if ($ready == "Yes"){
rock_paper_scissors_lizard_spock();
}else{
close_rpsls();
}
}
// Human Play Selection
function human_play()
{
echo <<<_END
<form method = "post" action = "rpsls.php">
<h2>Let's Play Rock, Paper, Lizard, Spock</h2>
<hr>
<table>
<tr>
<td><input type = "radio" name = "human" value = "Rock" />Rock</td>
<td><input type = "radio" name = "human" value = "Paper" />Paper</td>
</tr>
<tr>
<td><input type = "radio" name = "human" value = "Scissors" />Scissors</td>
<td><input type = "radio" name = "human" value = "Lizard" />Lizard</td>
</tr>
<tr>
<td colspan = "2"><input type = "radio" name = "human" value = "Spock" />Spock</td>
</tr>
<tr>
<td colspan = "2"><hr></td>
</tr>
<tr>
<td colspan = "2"><input type = "submit" value = "Play!" /></td>
</tr>
</table>
</form>
_END
return $human;
}
// Computer Play Selection
function computer_play()
{
$play = rand(1,5);
$query = "SELECT choice FROM choices WHERE number = $play";
$computer = mysql_query($query);
return $computer;
}
// Game Outcome Function
function game_outcome($human, $computer)
{
$win = $loss = $draw = 0
if ($human == $computer){
echo "Draw<br />";
echo "We both played ".$human;
$draw = 1;
}else{
$query = "SELECT outcome, action FROM rpsls WHERE human = $human AND computer = $computer";
$results = mysql_query($query);
$results2 = mysql_fetch_array($results);
$outcome = $results2[0];
$action = $results2[1];
if ($outcome == "Win"{
echo "You Win!!!<br />"
echo "Your ".$human. " ".$action." my ".$computer."<br />";
$win = 1;
}else{
echo "You Lose/.<br />
echo "My ".$computer." ".$action." your ".$human."<br />";
$loss = 1;
}
}
$query = "INSERT INTO gameResults VALUES".(NULL, '$win', '$loss', '$draw')";
mysql_query($query);
}
// Game Statistics Function
function game_statistics ()
{
$query = "SELECT * FROM gameResults";
$result = mysql_query($query);
$rows = mysql_num_rows($result);
$games = $rows;
$win = $loss = $draw = 0;
for ($index = 0; $index < $rows; ++$index){
$row = mysql_fetch_row($result);
$win = $win + $row[1];
$loss = $loss + $row[2];
$draw = $draw + $row[3];
}
echo <<<_END
<table>
<tr>
<td>Games</td>
<td>Win</td>
<td>Loss</td>
<td>Draw</td>
</tr>
<tr>
<td>$games</td>
<td>$win</td>
<td>$loss</td>
<td>$draw</td>
</tr>
</table>
_END
}
// Print Statistics and close the game
function close_rpsls(){
echo <<<_END
<form method = "post" action = "rpsls.php">
<h3>Are you sure you want to quit?</h3>
<hr>
<table>
<tr>
<td><input type = "radio" name = "ready" value = "Yes" />Yes</td>
<td><input type = "radio" name = "ready" value = "No" />No</td>
</tr>
<tr>
<td colspan = "2"><input type = "submit" value = "Play!" /></td>
</tr>
</table>
</form>
_END
if ($ready == "No"){
rock_paper_scissors_lizard_spock();
}else{
$query = "DROP TABLE gameResults";
mysql_query($query);
}
}
// close connection
mysql_close($conn);
?>
Please forgive my novice errors and help me figure out what is wrong with this program.
Thank you.
Here is the contents of the error log:
141104 18:36:26 mysqld_safe Starting mysqld daemon with databases from /Applications/MAMP/db/mysql141104 18:36:28 [Warning] Setting lower_case_table_names=2 because file system for /Applications/MAMP/db/mysql/ is case insensitive 141104 18:36:28 [Note] Plugin 'FEDERATED' is disabled. 141104 18:36:28 InnoDB: The InnoDB memory heap is disabled 141104 18:36:28 InnoDB: Mutexes and rw_locks use GCC atomic builtins 141104 18:36:28 InnoDB: Compressed tables use zlib 1.2.3 141104 18:36:28 InnoDB: Initializing buffer pool, size = 128.0M 141104 18:36:28 InnoDB: Completed initialization of buffer pool 141104 18:36:28 InnoDB: highest supported file format is Barracuda. 141104 18:36:32 InnoDB: Waiting for the background threads to start 141104 18:36:33 InnoDB: 5.5.38 started; log sequence number 1711074 141104 18:36:33 [Note] Server hostname (bind-address): '0.0.0.0'; port: 8889 141104 18:36:33 [Note] - '0.0.0.0' resolves to '0.0.0.0'; 141104 18:36:33 [Note] Server socket created on IP: '0.0.0.0'. 141104 18:36:35 [Note] Event Scheduler: Loaded 0 events 141104 18:36:35 [Note] /Applications/MAMP/Library/bin/mysqld: ready for connections. Version: '5.5.38' socket: '/Applications/MAMP/tmp/mysql/mysql.sock' port: 8889 Source distribution I have possible HTTP_REFERER values such as the following:
[HTTP_REFERER] => http://www.example.com/lib/index.php?cid=components&controller=data&id=17&roles_id=15 [HTTP_REFERER] => http://www.example.com/lib/index.php?cid=createhelpI am just trying to get the value of "cid" Note that this applies to a TinyMCE plugin, and my $_GET variable does not include "cid". Looking at my $_SERVER array, HTTP_REFERER is the only element that includes "cid". I am also not concerned about spoofing HTTP_REFERER. I am getting the value of "cid" as follows. Is this the right way to do so? $RegExp = '/index\.php\?cid=([^&]+)/'; preg_match($RegExp, $_SERVER['HTTP_REFERER'], $matches); exit($matches[1]); Hey guys i have a few question with this login script im trying to make. Ok so first im using php myadmin and i've created a simple login here that works fine but i want to tweak it so when i login i can login to a specific site where i've created tables and stuff. Is there anyone out there that can help me im a little stumped on how to do this. Thanks in regards. Here are my two scripts im using show_login.html Code: [Select] <html> <head> <title>Login Form</title> <h1>Login to Authorized Area</h1> <form method= "post" action= "login.php"> <br> Username: <input type= "text" name= "username"> <br> <br> Password: <input type= "password" name= "password"> <br> <p> <input type= "submit" name= "submit" value= "Login" </p><br> </html> </form> login.php Code: [Select] <? if ((!$_POST['username']) || (!$_POST['password'])) { header("Location: show_login.html"); exit; } $db_name="ryan"; $table_name="auth_users4"; $connection=@mysql_connect("localhost","RyanH","test1234")or die(mysql_error()); $db =@mysql_select_db($db_name, $connection)or die(mysql_error()); $sql= "SELECT * FROM $table_name WHERE username ='$_POST[username]' AND password = password('$_POST[password]')"; $result = @mysql_query($sql,$connection) or die(mysql_error()); $num=mysql_num_rows($result); if ($num != 0) { echo "<P>Congratulations, you're authorized!</p>"; }else{ echo "<P>You are not authorized to use this site</p>"; echo'<br/><a href="show_login.html">Try Again</a>'; exit; } ?> Hi im trying to create a sign up page for my website that contains different paths dependin on the membership that you select. I am an unexperienced programmer and need help as nothing is working at the moment. I would appreciate if people could reply to this post as soon as possible as I need it sorted today! Below is my code! Can you please send me suggestive improvement? Thanks <?php if (isset ($_POST['firstname'])){ //grab data from the form $username = preg_replace('#[^A-Za-z0-9]#i', '', $_POST['username']); // filter everything but letters and numbers $firstname = preg_replace('#[^A-Za-z]#i', '', $_POST['firstname']); // filter everything but Letters $lastname = preg_replace('#[^A-Za-z]#i', '', $_POST['lastname']); // filter everything but Letters $phone = preg_replace('#[^0-9]#i', '', $_POST['phone']); // filter everything but numbers $address= preg_replace('#[^A-Za-z]#i', '', $_POST['address']); // filter everything but Letters $postcode= preg_replace('#[^A-Za-z]#i', '', $_POST['postcode']); // filter everything but Letters $town= preg_replace('#[^A-Za-z]#i', '', $_POST['town']); // filter everything but Letters $housenumber= preg_replace('#[^0-9]#i', '', $_POST['housenumber']); // filter everything but numbers $b_m = preg_replace('#[^0-9]#i', '', $_POST['birth_month']); // filter everything but numbers $b_d = preg_replace('#[^0-9]#i', '', $_POST['birth_day']); // filter everything but numbers $b_y = preg_replace('#[^0-9]#i', '', $_POST['birth_year']); // filter everything but numbers $email1 = $_POST['email1']; $email2 = $_POST['email2']; $pass1 = $_POST['pass1']; $pass2 = $_POST['pass2']; $email1 = stripslashes($email1); $pass1 = stripslashes($pass1); $email2 = stripslashes($email2); $pass2 = stripslashes($pass2); $email1 = strip_tags($email1); $pass1 = strip_tags($pass1); $email2 = strip_tags($email2); $pass2 = strip_tags($pass2); //connect to db $connection = mysql_connect('linuxproj.ecs.soton.ac.uk', 'db_alw3g08', 'pasta'); $db = mysql_select_db('db_alw3g08', $connection); $emailCHecker = mysql_real_escape_string($email1); $emailCHecker = str_replace("`", "", $emailCHecker); // Database duplicate username check setup for use below in the error handling if else conditionals $sql_uname_check = mysql_query("SELECT username FROM Members WHERE username='$username'"); $uname_check = mysql_num_rows($sql_uname_check); // Database duplicate e-mail check setup for use below in the error handling if else conditionals $sql_email_check = mysql_query("SELECT email FROM Members WHERE email='$emailCHecker'"); $email_check = mysql_num_rows($sql_email_check); // Error handling for missing data if ((!$username) || (!$firstname) || (!$lastname) || (!$address) || (!$postcode) || (!$town) || (!$b_m) || (!$b_d) || (!$b_y) || (!$email1) || (!$email2) || (!$pass1) || (!$pass2)) { $errorMsg = 'ERROR: You did not submit the following required information:<br /><br />'; if(!$username){ $errorMsg .= ' * User Name<br />'; } if(!$firstname){ $errorMsg .= ' * First Name<br />'; } if(!$lastname){ $errorMsg .= ' * Last Name<br />'; } if(!$address){ $errorMsg .= ' * Address<br />'; } if(!$postcode){ $errorMsg .= ' * postcode<br />'; } if(!$town){ $errorMsg .= ' * town<br />'; } if(!$b_m){ $errorMsg .= ' * Birth Month<br />'; } if(!$b_d){ $errorMsg .= ' * Birth Day<br />'; } if(!$b_y){ $errorMsg .= ' * Birth year<br />'; } if(!$email1){ $errorMsg .= ' * Email Address<br />'; } if(!$email2){ $errorMsg .= ' * Confirm Email Address<br />'; } if(!$pass1){ $errorMsg .= ' * Login Password<br />'; } if(!$pass2){ $errorMsg .= ' * Confirm Login Password<br />'; } } else if ($email1 != $email2) { $errorMsg = 'ERROR: Your Email fields below do not match<br />'; } else if ($pass1 != $pass2) { $errorMsg = 'ERROR: Your Password fields below do not match<br />'; } else if (strlen($username) < 6) { $errorMsg = "<u>ERROR:</u><br />Your User Name is too short. 6 - 20 characters please.<br />"; } else if (strlen($username) > 20) { $errorMsg = "<u>ERROR:</u><br />Your User Name is too long. 6 - 20 characters please.<br />"; } else if ($uname_check > 0){ $errorMsg = "<u>ERROR:</u><br />Your User Name is already in use inside of our system. Please try another.<br />"; } else if ($email_check > 0){ $errorMsg = "<u>ERROR:</u><br />Your Email address is already in use inside of our system. Please use another.<br />"; } else { // Error handling is ended, process the data and add member to database $email1 = mysql_real_escape_string($email1); $pass1 = mysql_real_escape_string($pass1); // Add MD5 Hash to the password variable $password = md5($pass1); // Convert Birthday to a DATE field type format(YYYY-MM-DD) out of the month, day, and year supplied $dateofbirth = "$b_y-$b_m-$b_d"; // Add user info into the database table for the main site table $sql = mysql_query("INSERT INTO members (username, firstname, lastname, email, password, dateofbirth, phone, lastlogin) VALUES('$username','$firstname','$lastname','$email1','$password', '$dateofbirth','$phone', now())") or die (mysql_error()); $sql = mysql_query("INSERT INTO address (address, postcode, town, housenumber) VALUES('$adress','$postcode,'$town','$housenumber'") or die (mysql_error()); $id = mysql_insert_id() } else { // if the form is not posted with variables, place default empty variables so no warnings or errors show $errorMsg = ""; $username = ""; $firstname = ""; $lastname = ""; $phone = ""; $address = ""; $postcode = ""; $town = ""; $housenumber = ""; $b_m = ""; $b_d = ""; $b_y = ""; $email1 = ""; $email2 = ""; $pass1 = ""; $pass2 = ""; } |
|||||||