PHP - Mesosphere Datacenter Operating System

Hi all

I have been looking though loads of tutorials regarding log in method for websites (not APIs), and cant help find that they are outdated.

So I am asking what is the correct way to create a log in system using php?

Modern websites use JavaScript for asynchronous web requests so this requirement should also be catered for. APIs and mobile apps use access tokens which is very secure if implemented correctly.

Can we use the token principle for websites? As the way I see it that most php log in systems use php sessions and they create a session and save some data in this session when the user successfully authenticates, however the session id is held in a cookie so if the cookie is stolen then they have access to your account.

API access tokens are expired and refreshed periodically so is there such a implementation method for web sites too?

ok i need directing to a tutorial, an easyish one that can help me do a secure login and registration system. Something that uses sessions and mysql. something with sql injection and other security. i need it very secure.


hope you can help.

Hi Everyone,

Just a quick question before I take on this project.

Basically the client has a secure server set up with folders for different clients. So they can store excel files, PDFs etc, What the client use to do was send the client an email with the http address of that clients particular folder to be able to login.

What my job is to create a login system that redirects each client to their particular area on the secure system.

Is this going to be difficult,

What I was thinking of doing was when the administator is setting up the client details there would be an extra field saying address: they paste the address of the folder on the server. Then it will redirect them to their folder.

Is this the correct way to do this.

Any help or advice would be great.

Hello there,

Thank you for taking the time to visit my thread. I've been brainstorming for the past few days trying to establish the best method of a content management system. I'm curious since you are all highly advanced PHP coders what you think the best method of content management is I would like it to be presented in the URL in the following method:

file.php?v=example


So please share your ideas remember there is never a stupid suggestion I want to hear all your possibilities please!

Hey guys,
I'm starting to build a website and I was wondering wether I should use a library template engine such as smarty, or use pure php, such as this tutorial - http://www.massassi.com/php/articles/template_engines/

Basically the website will not expose any of the users/designers to the designer portion of the website. I am scratching my head wether I should use smarty or pure php, even Facebook uses smarty, from what I have heard. I need some answers.

Thank you all!

Hi there, I am a student from the UK and I am taking PHP and mySql programming for the first time. I have done a bit of python and html before. I do have some experience with PHP though. I need to create a project for my coursework. My system will be an MVP system (Cricket) where scores will be input and then MVP scores obtained. I wanted to know if anyone has any experience with this and thus could helpfully guide me in the right direction with resources and anything that could be deemed relevant.   I am more than happy to explain further and send my prototype over.

Many thanks.

Hi, im getting alot of errors like so Deprecated: Function session_is_registered() is deprecated

time to update some files, can you guys pls help im rubbish with PHP guess thats why I waited so long to update.

here is the code I need to change
checklogin.php

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row

if($count==1){
// Register $myusername, $mypassword and redirect to file "login_success.php"
session_register("myusername");
session_register("mypassword");
header("location:index.php");
}


index.php
<?
session_start();
/*if(!session_is_registered(myusername)){
header("location:main_login.php");
}*/
?>

index.php (display username stuff)
<?php if(session_is_registered(myusername)){ ?>&nbsp;&nbsp; Welcome: <?= $_SESSION['myusername'] ?><?php } ?>

index.php (edit content stuff)
<?php $file = file_get_contents('content/menu_header_a.txt', 'r');  if(session_is_registered(myusername)){ ?><a href="javascript:open4()"><?php echo $file ?></a><?php } else { echo $file; }?>

Many thanks for any and all your help with this one.

if you could keep it simple please like  ( replace this with this ) . thanks

i am making a private messaging system like hotmails where the message list appears on the left. Then when you click on one of them the box on the right loads the email. The problem is i dont really know how to go about it. Anyone have any pointers?

Good Afternoon everyone.

I am having some problems in getting a script I found on a forum to work, I have tried contacting the original author but with no joy.

Basically its a php/ajax comment system, however I am getting these errors

Code: [Select]
Notice: Undefined index: type in C:\wamp\www\buy2earn\viewm.php on line 93

Notice: Undefined index: type in C:\wamp\www\buy2earn\viewm.php on line 105
Here is the portion of code that I am working on, I don't understand what $_post['type'] is meant to come from? I guess its basically if the form has been submitted, but if I change the values tp 'submit' I still get the same result, just with the message submit is undefined instead!


<?php 
$date=date("Y-m-d"); 
$username = $_SESSION['username'];

if($_POST['type'] == "addcomment") {
    $username = mysql_real_escape_string($_POST['username']);
    $comment = mysql_real_escape_string($_POST['comment']);
    
    if($username == "" || $comment == "") { 
        die("<p><font color='red'>Error: Please include a message.</font></p>"); 
    }
    $q1 = mysql_query("INSERT INTO 'comments' ('c_id', 'm_id', 'username', 'date', 'comment')
VALUES ('', '$m_id', '$username', '$date', '$comment')")
 or die("<p>Mysql Error: <b>".mysql_error()."</b></p>");
 
    echo "<p><font color='green'>Comment added successfully.</font></p>";
} elseif($_POST['type'] == "getcomments") { 
    $q1 = mysql_query("SELECT * FROM 'comments'");
    $n1 = mysql_num_rows($q1);
    if($n1 == 0) { 
        die("<p><font color='red'>No comments were found.</font></p>");
    }
    echo "<table border=1>";
    echo "<tr><td><b>User</b></td><td><b>Comment</b></td></tr>";
    while($r1 = mysql_fetch_assoc($q1)) { 
        $a = $r1['username'];
        $m = $r1['comment'];
        echo "<tr><td>$a</td><td>$m</td></tr>";
    }
    echo "</table>";
} else {?>
    <div style="font-size: 18px;">
        <p>Current Comments: </p>
        <div id="comments"></div> 
        <hr />
        <p>Add a comment:</p>
        <form action="<?php $_SERVER['PHP_SELF'];?>" method="post">
            <p>Username: <input type="text" name="username" id="username" /></p>
            <p>Comment: <textarea name="message" cols="50" rows="10" id="message"></textarea></p>
            <p><input type="submit" name="submit" value="Add Comment" id="submit" /></p>
        </form>
        <div id="return"></div> 
    </div>
    

<?php } ?>
    

Many Thanks for any help

I already have a web based RPG game I am developing. Here is a small video to showcase the loot animation.     My problem is, I want to add combat. I will be using html 5 websockets. I already have a websockets server up so multiplayer isn't the issue.   A good combat system I found is on this game: http://treasurearena.clay.io/   I'm not going to dig out the source code, and try to extract the combat system from this game. Just trying to find something similar that I can use, does anyone have any recommendations?   Thanks!   Edit: It can be as simple as swinging a freaking sword and moving. That's all I really want, I just don't want the boring 'click', 'click', and 'click' bullshit.

Hi All!   This is my first post here, so if there are some things I miss or something more I need to do please let me know.   I tried searching the forum for the answer first but could not find anything.   So here is the thing; I followed a tutorial I found about building a login system for my website. The tutorial worked perfectly, except I needed it to redirect to a user specific page instead of a static page on login. I made the necessary changes to the script, and now it redirects to the user specific page, but does not recognize that I am logged in so it will not show me the content.   In the interest of full disclosure, I am not very good at PHP and lack a fundamental understanding of it. I am enrolled in some Udemy courses to try to rectify that, but I needed the login system ASAP, so copy and paste programming was my only option. I know, I know. I am a terrible human being and should be thrown into the sun. I agree. I am in counseling to try to deal with it.   The tutorial I used can be found he  http://www.wikihow.c...n-PHP-and-MySQL.   Here is the relevant code:   process_login.php:  

<?php


include_once 'db_connect.php';
include_once 'functions.php';


sec_session_start(); // Our custom secure way of starting a PHP session.


if (isset($_POST['email'], $_POST['p'])) {
    $email = $_POST['email'];
    $password = $_POST['p']; // The hashed password.


$page = login($email, $password, $mysqli);
if ($page == true) {
  // Login success        
  header('Location: '. $page);
   exit();


    } else {
        // Login failed 
        header('Location: ../error.php?error=1');
    }
} else {
    // The correct POST variables were not sent to this page. 
    echo 'Invalid Request';
}

I have 2 referring url.   USERNAME http://testsite.com/...gister&ref=test USER ID http://testsite.com/...gister&ref_id=1   1. Code to remember  ref and ref_id 2. Code to allow user to insert own referrer if no ref link detected? 3. Store ref and ref_id into same column Like db referrer = username/user_id or referrer = username / referrer_id = user_id ?   PHP

$ref_id = isset($_GET['ref_id']) ? filter_input(INPUT_GET, 'ref_id', FILTER_SANITIZE_STRING) : '');
$ref = isset($_GET['ref']) ? filter_input(INPUT_GET, 'ref', FILTER_SANITIZE_STRING) : '');

FORM

if(!empty($_GET['ref_id'])){
    print '
	<tr>
    	<td style="font-weight:bold">Referred by user id #</td>
    	<td><input type="text" name="ref_id" maxlength="255" style="width:200px" value="'.cleanOutput($ref_id).'"></td>
  	</tr>';
	
}else{
    print '
	<tr>
    	<td style="font-weight:bold">Referred by</td>
    	<td><input type="text" name="ref" maxlength="255" style="width:200px" value="'.cleanOutput($ref).'"></td>
  	</tr>';
	
}

2. 

$ref = isset($_GET['ref']) ? filter_input(INPUT_GET, 'ref', FILTER_SANITIZE_STRING) : (isset($_POST['ref']) ? filter_input(INPUT_POST, 'ref', FILTER_SANITIZE_STRING) : '');

Hi,
I'm trying to code a very basic commenting system, my only worries is how I'm going on about disabling the user from putting any html php etc.. in the comment so it gets displayed on the page.. I have on idea of what to look for, any help is much appreciated

I considdered this: strip_tags() but what i want is to display the comment just without actually executing the code if you get me?

Here are some script that i have been working on and i seems to not work so i want to make a select friend list that when they select the friend that they want to send the message to it sends it to them , that sounded stupid but ya. so here is my script , kinda big .
pm_inbox.php i did edit the code from its original state because its to big! so here is the sections where is most needed
Code: [Select]
<?php

// Start_session, check if user is logged in or not, and connect to the database all in one included file
include_once("scripts/checkuserlog.php");
?>
<?php
if (!isset($_SESSION['idx'])) {
echo  '<br /><br /><font color="#FF0000">Your session has timed out</font>
<p><a href="login.php">Please Click Here</a></p>';
exit(); 
}
//THIS IS WHERE I STARTED
$selecteduser = $_POST["selecteduser"];
$id = "";
$username = "";
$id = preg_replace('#[^0-9]#i', '', $id);
$sql = mysql_query("SELECT * FROM myMembers WHERE id='$id' LIMIT 1");
while($row = mysql_fetch_array($sql)){ 
    $username = $row["username"];
$friend_array = $row["friend_array"];
$check_pic = "members/$id/image01.jpg";
$default_pic = "members/0/image01.jpg";
if (file_exists($check_pic)) {
    $user_pic = "<img src=\"$check_pic?$cacheBuster\" width=\"218px\" />"; 
} else {
$user_pic = "<img src=\"$default_pic\" width=\"218px\" />"; 
}

$selecteduser .= "<option value='$friend_array'>Friends</option>";



}






// Decode the Session IDX variable and extract the user's ID from it
$decryptedID = base64_decode($_SESSION['idx']);
$id_array = explode("p3h9xfn8sq03hs2234", $decryptedID);
$my_id = $id_array[1];
$my_uname = $_SESSION['username']; // Put user's first name into a local variable
// ------- ESTABLISH THE INTERACTION TOKEN ---------
$thisRandNum = rand(9999999999999,999999999999999999);
$_SESSION['wipit'] = base64_encode($thisRandNum); // Will always overwrite itself each time this script runs
// ------- END ESTABLISH THE INTERACTION TOKEN ---------
?>
<?php
// Mailbox Parsing for deleting inbox messages
if (isset($_POST['deleteBtn'])) {
    foreach ($_POST as $key => $value) {
        $value = urlencode(stripslashes($value));
if ($key != "deleteBtn") {
   $sql = mysql_query("UPDATE private_messages SET recipientDelete='1', opened='1' WHERE id='$value' AND to_id='$my_id' LIMIT 1");
   // Check to see if sender also removed from sent box, then it is safe to remove completely from system
}
    }
header("location: pm_inbox.php");
}
?>

// Start Private Messaging stuff
$('#pmForm').submit(function(){$('input[type=submit]', this).attr('disabled', 'disabled');});
function sendPM ( ) {
      var pmSubject = $("#pmSubject");
  var pmTextArea = $("#pmTextArea");
  var sendername = $("#pm_sender_name");
  var senderid = $("#pm_sender_id");
  var recName = $("#pm_rec_name");
  var recID = $("#pm_rec_id");
  var pm_wipit = $("#pmWipit");
  var url = "scripts_for_profile/private_msg_parse.php";
      if (pmSubject.val() == "") {
           $("#interactionResults").html('<img src="images/round_error.png" alt="Error" width="31" height="30" /> &nbsp; Please type a subject.').show().fadeOut(6000);
      } else if (pmTextArea.val() == "") {
   $("#interactionResults").html('<img src="images/round_error.png" alt="Error" width="31" height="30" /> &nbsp; Please type in your message.').show().fadeOut(6000);
      } else {
   $("#pmFormProcessGif").show();
   $.post(url,{ subject: pmSubject.val(), message: pmTextArea.val(), senderName: sendername.val(), senderID: senderid.val(), rcpntName: recName.val(), rcpntID: recID.val(), thisWipit: pm_wipit.val() } ,           function(data) {
   $('#private_message').slideUp("medium");
   $("#interactionResults").html(data).show().fadeOut(10000);
   document.pmForm.pmTextArea.value='';
   document.pmForm.pmSubject.value='';
   $("#pmFormProcessGif").hide();
           });
  }
}function toggleViewAllFriends(x) {
if ($('#'+x).is(":hidden")) {
$('#'+x).fadeIn(200);
} else {
$('#'+x).fadeOut(200);
}
}
// End Private Messaging stuff</script>
<style type="text/css">
.hiddenDiv{display:none}
#pmFormProcessGif{display:none}
.msgDefault {font-weight:bold;}
.msgRead {font-weight:100;color:#666;}
</style>
</head>
<body>
<div id="bg" class="stage"></div>
<div id="container">
<div id="sun" class="stage"></div>
<div id="clouds" class="stage">
<div id="stage" class="stage">
<?php include_once "header_template.php"; ?>

        <a href="#" onclick="return false" onmousedown="javascript:toggleInteractContainers('private_message');">Compose Message</a></div><div class="interactContainers" id="private_message">

<form action="javascript:sendPM();" name="pmForm" id="pmForm" method="post" type="hidden">
<font size="+1">Send A Private Message to <strong><em><?php echo "$selecteduser"; ?></em></strong></font><br /><br />
Subject:
<input name="pmSubject" id="pmSubject" type="text" maxlength="64" style="width:98%;" />
Message:
<textarea name="pmTextArea" id="pmTextArea" rows="8" style="width:98%;"></textarea>
  <input name="pm_sender_id" id="pm_sender_id" type="hidden" value="<?php echo $_SESSION['id']; ?>" />
  <input name="pm_sender_name" id="pm_sender_name" type="hidden" value="<?php echo $_SESSION['username']; ?>" />
  <input name="pm_rec_id" id="pm_rec_id" type="hidden" value="<?php echo $id; ?>" />
  <input name="pm_rec_name" id="pm_rec_name" type="hidden" value="<?php echo $username; ?>" />
  <input name="pmWipit" id="pmWipit" type="hidden" value="<?php echo $thisRandNum; ?>" />
  <span id="PMStatus" style="color:#F00;"></span>
  <br /><input name="pmSubmit" type="submit" value="Submit" /> or <a href="#" onclick="return false" onmousedown="javascript:toggleInteractContainers('private_message');">Close</a>
<span id="pmFormProcessGif" style="display:none;"><img src="images/loading.gif" width="28" height="10" alt="Loading" /></span></form>
      </div>
              <span id="jsbox" style="display:none"></span>
            </td>
          </tr>
      </table>