|
PHP - Log-in Using Salted Password - Error!
Hi,
Im creating a simple site in PHP, for the most part its going well, however I struggling with an error that I have encountered.
Im generating a random salt upon registering a user. This works fine, However when logging in with this user I am struggling and receive an error. Can somebody please explain where I am going wrong?
I have attatched some images to this post which includes coding and the error message.
NOTE: signup works fine, it is just the log-in which is broken. I have however included screenshots of both pages for better understanding of how the site works.
Signup:
http://picpaste.com/....1416827271.PNG
Log-in:
http://picpaste.com/....1416827394.PNG
Error Message:
http://picpaste.com/....1416827510.PNG
Kind Regards, Shaun
Similar TutorialsHey all, I posted a few months ago trying out my first salted password and I utterly failed lol. This is a small snippet from my current attempt. Code: (php) [Select] $salt = md5(uniqid(rand())); $Pass_S = md5($pass.$salt); This is only the password and salt generation part. I'm sure the salt generation is probably too simple so please feel free to give your thoughts on that part. Also the salt is stored on the database to be pulled up later for login uses. Thanks all! I have a div on my webpage that will contain an error message, basically 'username or password incorrect.' At the moment on the login page I have the div containing: Code: [Select] <div id="errorMessage"><?php echo $errorMessage; ?></div> and in the php code i have: Code: [Select] $errorMessage = ""; if(isset($_POST['username'])) { // check if username and password exists // else $errorMessage = "username or password incorrect"; } but unfortunately this doesn't seem to show on the page, any ideas? I have tried resetting the password on my old account and the email never arrives , nor do my notifications for posts.
Alright, I have created a hash password checker and here is my code: include("include.php"); // include the mySQL info! $users = mysql_query(" SELECT * FROM User "); // Select all from the users table in the database! while($row = mysql_fetch_array($users)) // While it fetches the users do the following... { if (hash("sha256", $password) == $row["Password"]) echo "Congratulations! The Hash matches the password entered into the database!"; } elseif (hash("sha256", $password) != $row["Password"]) { echo "Your Hash failed to match the password entered!"; } Now for some reason this displays a totally blank page. When I turn error display on I get the error "Unexpected T_ELSEIF" on this line elseif (hash("sha256", $password) != $row["Password"]) Any help is appreciated... I am trying to use the new way of validating the entered email in a register form. Code: [Select] /* REGISTER FORM */ // check if submit button has been clicked if (isset($_POST['submit_signup'])) { // process and assign variables after post submit button has been clicked $user_email = strip_tags(trim($_POST['email'])); $user_email = filter_var($user_email, FILTER_VALIDATE_EMAIL); $nickname = strip_tags(trim($_POST['nickname'])); $password = $_POST['password']; $repassword = $_POST['repassword']; $month = $_REQUEST['month']; $day = $_REQUEST['day']; $year = $_REQUEST['year']; $dob = $year . "-" . $month . "-" . $day; $find_us_question = strip_tags(trim($_POST['find_us_question'])); // connect to database $dbc = mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME); $check_query = "SELECT * FROM user WHERE nickname = '$nickname'"; $check_connect = mysqli_query($dbc, $check_query) or die(mysqli_error($dbc)); $check_count = mysqli_num_rows($check_connect); // Check if the email exists twice $query_get = "SELECT email FROM user WHERE email = '$user_email'"; $query_run = mysqli_query($dbc, $query_get); $num_rows = mysqli_num_rows($query_run); // check if username is already taken if ($check_count != 0) { echo "Username already exists!"; } elseif ($num_rows != 0) { echo "This email address is already registered in the database, you can not register it twice."; // check if fields are empty } elseif (empty($user_email) || empty($nickname) || empty($password) || empty($day) || empty($month) || empty($year)) { echo "Please fill out all the fields!"; // check char length of input data } elseif (strlen($nickname) > 30 || strlen($user_email) > 50) { echo "Maximum allowed character length for nickname/firstname/lastname are 30 characters!"; // check password char length } elseif (strlen($password) > 25 || strlen($password) < 6) { echo "Your password must be between 6 and 25 characters!"; // check if passwords match with each other } elseif ($password != $repassword) { echo "Please make sure your passwords are matching!"; } else { // encrypt password $password = sha1($password); I would like to implement now an error message stating something along the lines that the entered email address is not valid, how would I have to do the if statement to check the condition? Code: [Select] <?php include 'config.php'; //include 'dbc.php'; ?> <?php function filter($data) { // <--line 6 $data = trim(htmlentities(strip_tags($data))); if (get_magic_quotes_gpc()) $data = stripslashes($data); $data = mysql_real_escape_string($data); return $data; } ?> <?php /******************* ACTIVATION BY FORM**************************/ if ($_POST['doReset']=='Reset') { $err = array(); $msg = array(); foreach($_POST as $key => $value) { $data[$key] = filter($value); } if(!isEmail($data['email'])) { $err[] = "ERROR - Please enter a valid email"; } $email = $data['email']; //check if activ code and user is valid as precaution $rs_check = mysql_query("select id from users where email='$email'") or die (mysql_error()); $num = mysql_num_rows($rs_check); // Match row found with more than 1 results - the user is authenticated. if ( $num <= 0 ) { $err[] = "Error - Sorry no such account exists or registered."; //header("Location: forgot.php?msg=$msg"); //exit(); } if(empty($err)) { $new_pass = GenPwd(); $pass_reset = MD5($new_pass); //$sha1_new = sha1($new); //set update sha1 of new password + salt $rs_activ = mysql_query("update users set pass='$pass_reset' WHERE email='$email'") or die(mysql_error()); $host = $_SERVER['HTTP_HOST']; $host_upper = strtoupper($host); //send email $message = "Here are your new password details ...\n User Email: $email \n Passwd: $new_pass \n Thank You Administrator $host_upper ______________________________________________________ THIS IS AN AUTOMATED RESPONSE. ***DO NOT RESPOND TO THIS EMAIL**** "; mail($email, "Reset Password", $message, "From: \"Member Registration\" <auto-reply@$host>\r\n" . "X-Mailer: PHP/" . phpversion()); $msg[] = "Your account password has been reset and a new password has been sent to your email address."; //$msg = urlencode(); //header("Location: forgot.php?msg=$msg"); //exit(); } } ?> <html> <head> <title>Forgot Password</title> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <script language="JavaScript" type="text/javascript" src="js/jquery-1.3.2.min.js"></script> <script language="JavaScript" type="text/javascript" src="js/jquery.validate.js"></script> <script> $(document).ready(function(){ $("#actForm").validate(); }); </script> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellspacing="0" cellpadding="5" class="main"> <tr> <td colspan="3"> </td> </tr> <tr> <td width="160" valign="top"><p> </p> <p> </p> <p> </p> <p> </p> <p> </p></td> <td width="732" valign="top"> <h3 class="titlehdr">Forgot Password</h3> <p> <?php /******************** ERROR MESSAGES************************************************* This code is to show error messages **************************************************************************/ if(!empty($err)) { echo "<div class=\"msg\">"; foreach ($err as $e) { echo "* $e <br>"; } echo "</div>"; } if(!empty($msg)) { echo "<div class=\"msg\">" . $msg[0] . "</div>"; } /******************************* END ********************************/ ?> </p> <p>If you have forgot the account password, you can <strong>reset password</strong> and a new password will be sent to your email address.</p> <form action="forgot.php" method="post" name="actForm" id="actForm" > <table width="65%" border="0" cellpadding="4" cellspacing="4" class="loginform"> <tr> <td colspan="2"> </td> </tr> <tr> <td width="36%">Your Email</td> <td width="64%"><input name="email" type="text" class="required email" id="txtboxn" size="25"></td> </tr> <tr> <td colspan="2"> <div align="center"> <p> <input name="doReset" type="submit" id="doLogin3" value="Reset"> </p> </div></td> </tr> </table> <div align="center"></div> <p align="center"> </p> </form> <p> </p> <p align="left"> </p></td> <td width="196" valign="top"> </td> </tr> <tr> <td colspan="3"> </td> </tr> </table> </body> </html> Fatal error: Cannot redeclare filter() (previously declared in/forgot.php:6) what is wrong ? Hello PhP Freaks forum In the past weeks ive been trying to make a website, where you can register. Everything seems to work except my cherished Change password feature. Everytime you try to change the password, it just resets it to nothing. Here is the code below. <?php if(isset($_SESSION['username'])) { $username = $_SESSION['username']; $lastname = $_SESSION['lastname']; $firstname = $_SESSION['firstname']; $email = $_SESSION['email']; echo " <h4>Options for:</h4> $username <br /> <br /> First name: $firstname <br />Last name: $lastname <br /><br /><h3>Want to change your password:</h3><br /> <form action='?do=option' method='post'> Old password <input type='password' placeholder='Has to be between 5-15 digits' name='password' size='30' value='' /><br /> <br /> New Password<input type='password' placeholder='Has to be between 5-15 digits' name='newpass' size='30' value='' /><br /> <br /> Confirm new password <input type='password' placeholder='Has to be between 5-15 digits' name='passconf' size='30' value='' /><br /> <center></div><input type='submit' value='Submit'/></center></form>"; }else{ echo 'Please login to view your options!'; } $password = $_REQUEST['password']; $pass_conf = $_REQUEST['newpass']; $email = $_REQUEST['passconf']; $connect = mysql_connect("Host", "User", "Password"); if(!$connect){ die(mysql_error()); } //Selecting database $select_db = mysql_select_db("My Database", $connect); if(!$select_db){ die(mysql_error()); } //Find if entered data is correct $result = mysql_query("SELECT * FROM users WHERE username='$username' AND password='$password'"); $row = mysql_fetch_array($result); $id = $row['id']; mysql_query("UPDATE users SET password='$newpass' WHERE username='$user'") ?> And i do know that i dont have a if(Empty($newpass)){ Die(Please fill out the new password) } Or any security on the others, but the problem just seems that it resets the password into nothing Hope i can get this fixed Best Regards William Pfaffe This topic has been moved to Application Design. http://www.phpfreaks.com/forums/index.php?topic=353345.0 <?php
require_once('upper.php'); require_once('database.php'); echo $error_msg=''; if(isset($_POST['submit'])) { $LoginId=mysqli_real_escape_string($dbc,trim($_POST['LoginId'])); $Password1=mysqli_real_escape_string($dbc,trim($_POST['Password1'])); $Password2=mysqli_real_escape_string($dbc,trim($_POST['Password2'])); $Name=mysqli_real_escape_string($dbc,trim($_POST['Name'])); $Age=mysqli_real_escape_string($dbc,trim($_POST['Age'])); $BloodGroup=mysqli_real_escape_string($dbc,trim($_POST['BloodGroup'])); if(!isset($_POST['Sex'])) { echo 'Please enter Sex<br>'; } else{ $Sex= mysqli_real_escape_string($dbc,trim($_POST['Sex'])); } $Qualification=mysqli_real_escape_string($dbc,trim($_POST['Qualification'])); $ContactNumber=mysqli_real_escape_string($dbc,trim($_POST['ContactNumber'])); $Email=mysqli_real_escape_string($dbc,trim($_POST['Email'])); $Address=mysqli_real_escape_string($dbc,trim($_POST['Address'])); $AboutYourself=mysqli_real_escape_string($dbc,trim($_POST['AboutYourself'])); //$countCheck=count($_POST['checkbox']); //echo $countCheck; //$checkbox=$_POST['checkbox']; //$countCheck=count($checkbox); if(empty($LoginId)){echo 'Please enter Login Id';} elseif(empty($Password1)){echo 'Please enter Password';} elseif(empty($Password2)){echo 'Please confirm Password';} elseif($Password1!==$Password2){echo 'Password didn\'t match';} elseif(empty($Name)){echo 'Please enter Name';} elseif(empty($Age)){echo 'Please enter Age';} elseif(!isset($_POST['Sex'])){} elseif(empty($Qualification)){echo 'Please enter Qualification';} elseif(empty($ContactNumber)){echo 'Please enter Contact Number';} elseif(empty($Email)){echo 'Please enter Email';} elseif(empty($Address)){echo 'Please enter Address';} elseif(empty($AboutYourself)){echo 'Please enter About Yourself';} elseif(!isset($_POST['checkbox'])){ echo 'You have to register at least one activity.';} elseif(!isset($_POST['TermsAndConditions'])){ echo 'You have to agree all Terms and Conditions of Elite Brigade.';} else { require_once('database.php'); $query="select * from registration where LoginId='$LoginId'"; $result=mysqli_query($dbc,$query); if(mysqli_num_rows($result)==0) { $checkbox=$_POST['checkbox']; $countCheck=count($_POST['checkbox']); $reg_id=' '; for($i=0;$i<$countCheck;$i++) { $reg_id=$reg_id.$checkbox[$i].','; $query="insert into activity_participation (LoginId,Title,Date) values ('$LoginId','$checkbox[$i]',CURDATE())"; $result=mysqli_query($dbc,$query) or die("Not Connected"); } $query="insert into registration (LoginId,Password,Name,Age,BloodGroup,Sex,Qualification,ContactNumber,Email,Address,AboutYourself,Activity)values ('$LoginId'[B],SHA('$Password1'),[/B]'$Name','$Age','$BloodGroup','$Sex','$Qualification','$ContactNumber','$Email','$Address','$AboutYourself',',$reg_id')"; $result=mysqli_query($dbc,$query) or die("Not Connect"); echo ' Dear '.$Name.'.<br>Your request has been mailed to admin.<br>Your account is waiting for approval<br>'; $from= 'Elite Brigade'; $to='ankitp@rsquareonline.com'; $subject='New User Registration'; $message="Dear admin,\n\nA new user request for registration. Please check it out.\n\nRegards\nMicro"; mail($to,$subject,$message,'From:'.$from); //header('Location: index.php'); // header('Location: Registration.php'); } else { echo 'Dear '.$Name. ', <br> An account already exist with login-id<b> '.$LoginId.'</b> <br>Please try another login-id'; }} } ?> <html> <head> <script src="jquery-latest.js"></script> <script type="text/javascript" src="jquery-validate.js"></script> <style type="text/css"> * { font-family: Verdana; } label.error { color: white; padding-left: .5em; } p { clear: both; } .submit { margin-left: 12em; } em { font-weight: bold; padding-right: 1em; vertical-align: top; } </style> <script> $(document).ready(function(){ $("#commentForm").validate(); }); </script> </head> <body> <?php echo $error_msg; ?> <form action='<?php echo $_SERVER['PHP_SELF'];?>' id="commentForm" method='post'> <div class="registration_and_activity"> <table border="0" width="380"> <tr><td colspan="2"> <h3>New User?</h3></td></tr> <tr><td width="120"> <em>*</em>Enter Login id</td><td width="150"><input type='text' name='LoginId' minlength="4" value='<?php if(!empty($LoginId))echo $LoginId;?>' /></td></tr> <tr><td> <em>*</em>Enter Password</td> <td><head> <div id="divMayus" style="visibility:hidden">Caps Lock is on.</div> <SCRIPT language=Javascript> function capLock(e){ kc = e.keyCode?e.keyCode:e.which; sk = e.shiftKey?e.shiftKey:((kc == 16)?true:false); if(((kc >= 65 && kc <= 90) && !sk)||((kc >= 97 && kc <= 122) && sk)) document.getElementById('divMayus').style.visibility = 'visible'; else document.getElementById('divMayus').style.visibility = 'hidden'; } </SCRIPT> </HEAD> <input onkeypress='return capLock(event)' type='password' name='Password1' value='<?php if(!empty($Password1))echo $Password1;?>' /></td></tr> <tr><td> <em>*</em>Confirm Password</td><td><input type='password' name='Password2' value='<?php if(!empty($Password2))echo $Password2;?>' /></td></tr> <tr><td width="120"> <em>*</em>Enter Name</td> <td><input type='text' name='Name' value='<?php if(!empty($Name))echo $Name;?>' /></td></tr> <tr><td> <em>*</em>Enter Age</td><HEAD> <SCRIPT language=Javascript> function isNumberKey(evt) { var charCode = (evt.which) ? evt.which : event.keyCode if (charCode > 31 && (charCode < 48 || charCode > 57)) return false; return true; } </SCRIPT> </HEAD> <td><INPUT onkeypress='return isNumberKey(event)' type='text' name='Age' value='<?php if(!empty($Age))echo $Age;?>'/></td></tr> <tr><td> <em>*</em>Enter Blood</td><td><input type='text' name='BloodGroup' value='<?php if(!empty($BloodGroup))echo $BloodGroup;?>' /></td></tr> <tr><td> <em>*</em>Enter Sex</td><td><input type='radio' name='Sex' style='width:16px; border:0;' 'value='Male' />Male <input type='radio' name='Sex' style='width:16px; border:0;' 'value='Female' />Female</td></tr> <tr><td> <em>*</em>Enter Qualification</td><td><input type='text' name='Qualification' value='<?php if(!empty($Qualification))echo $Qualification;?>' /></td></tr> <tr><td> <em>*</em>Contact Number </td><td><input onkeypress='return isNumberKey(event)'type='text' name='ContactNumber' value='<?php if(!empty($ContactNumber))echo $ContactNumber;?>' /></td></tr> <tr><td> <em>*</em>Enter Email</td><td><input type='text' name='Email'class="email" value='<?php if(!empty($Email))echo $Email;?>' /></td></tr> <tr><td> <em>*</em>Enter Address</td><td><input type='text' name='Address' value='<?php if(!empty($Address))echo $Address;?>' /></td></tr> <tr ><td > <em>*</em>About Yourself </td></tr> <tr><td colspan="2"><textarea rows='10' cols='40' name='AboutYourself' /><?php if(!empty($Address))echo $Address;?></textarea></td></tr> <tr><td> <?php echo" <tr><td colspan='2'><em>*</em><b>Select fields for which you want to register</b></td></tr>"; require_once('database.php'); $query="select * from activity"; $result=mysqli_query($dbc,$query); while($row=mysqli_fetch_array($result)){ $Title=$row['Title']; $ActivityId=$row['ActivityId']; echo "<tr><td>$Title</td>"; echo "<td><input type='checkbox' name='checkbox[]' value='$Title' style='width:14px; text-align:right;'/></td></tr>";//value=$ActivityId tells ActivityId variable extracts with name="checkbox" echo "<br/>"; } echo "<td><em>*</em><input type='checkbox' name='TermsAndConditions' style='width:14px; text-align:right;'/></td><td> I agree all <a href='TermsAndConditions.php'>Terms and conditions </a>of Elite Brigade</td></tr>"; echo "<tr><td colspan='2' align='center'><input type='submit' value='Register' name='submit' style='background:url(./images/button_img2.png) no-repeat 10px 0px; width:100px; padding:3px 0 10px 0; color:#FEFBC4; border:0;'/></td></tr><br>"; echo " </td></tr></table> </div> </form> </body> </html>"; require_once('lower.php'); ?> Hi Friends .... I encrypt user password by SHA('$Password') method but now i want to add "Forget Password Module" for which I need to decrypt it first before tell my user but I don't Know how to decrypt it. Please help me........ I am a new developer, trying to figure out what causing a memory error. The code goes through registered appointments and depends on the service ID, I have to free a 45 minutes for another service to be booked. Now, once I book an appointment for any of the services that can have 45 minutes free spot, the website takes forever to load the hours but doesn't show them, instead I get this error A PHP Error was encountered Severity: Error Message: Maximum execution time of 120 seconds exceeded
foreach ($appointments as $appointment) { foreach ($periods as $index => &$period) { $appointment_start = new DateTime($appointment['start_datetime']); $appointment_end = new DateTime($appointment['end_datetime']); if ($appointment_start >= $appointment_end) { continue; } $period_start = new DateTime($date . ' ' . $period['start']); $period_end = new DateTime($date . ' ' . $period['end']); $serviceId=$appointment['id_services']; $color1=1; $color2=2; $color3=3; $color4=4; $color5=5; $color6=6; $color7=7; $color8=8; $color9=9; $color10=10; $color11=11; $color12=12; $color13=13; $color14=14; $color15=15; $color16=16; $color17=17; $color18=18; $color19=19; $period_s=''; $period_e=''; if ($appointment_start <= $period_start && $appointment_end <= $period_end && $appointment_end <= $period_start) { // The appointment does not belong in this time period, so we will not change anything. continue; } else { if ($appointment_start <= $period_start && $appointment_end <= $period_end && $appointment_end >= $period_start) { // The appointment starts before the period and finishes somewhere inside. We will need to break // this period and leave the available part. //open slot for services 45,45,45 if($serviceId == $color1 || $serviceId == $color3 || $serviceId == $color7 || $serviceId == $color9|| $serviceId == $color10 || $serviceId == $color11 || $serviceId == $color12){ unset($periods[$index]); $period_s= clone $appointment_start; $period_s->modify('+45 minutes'); $period_e= clone $appointment_end; $period_e->modify('-45 minutes'); $periods[] = [ 'start' => $period_s->format('H:i'), 'end' =>$period_e->format('H:i') ]; $period['start'] = $appointment_end->format('H:i'); } //Open slot for service 45,45,60 else if($serviceId == $color2 || $serviceId == $color8){ $period_s= clone $appointment_start; $period_s->modify('+45 minutes'); $period_e= clone $appointment_end; $period_e->modify('-60 minutes'); $periods[] = [ 'start' => $period_s->format('H:i'), 'end' =>$period_e->format('H:i') ]; $period['start'] = $appointment_end->format('H:i'); } // // //Open slot for service 30,45,45 else if($serviceId == $color4 || $serviceId == $color6 ||$serviceId == $color16 || $serviceId == $color18){ $period_s= clone $appointment_start; $period_s->modify('+30 minutes'); $period_e= clone $appointment_end; $period_e->modify('-45 minutes'); $periods[] = [ 'start' => $period_s->format('H:i'), 'end' =>$period_e->format('H:i') ]; $period['start'] = $appointment_end->format('H:i'); } // // //Open slot for service 30,45,60 else if($serviceId == $color5 || $serviceId == $color17){ $period_s= clone $appointment_start; $period_s->modify('+30 minutes'); $period_e= clone $appointment_end; $period_e->modify('-60 minutes'); $periods[] = [ 'start' => $period_s->format('H:i'), 'end' =>$period_e->format('H:i') ]; $period['start'] = $appointment_end->format('H:i'); } // // //Open slot for service 60,45,45 else if($serviceId == $color13 || $serviceId == $color15){ $period_s= clone $appointment_start; $period_s->modify('+60 minutes'); $period_e= clone $appointment_end; $period_e->modify('-45 minutes'); $periods[] = [ 'start' => $period_s->format('H:i'), 'end' =>$period_e->format('H:i') ]; $period['start'] = $appointment_end->format('H:i'); } // // //Open slot for service 60,45,60 else if($serviceId == $color14 ){ $period_s= clone $appointment_start; $period_s->modify('+60 minutes'); $period_e= clone $appointment_end; $period_e->modify('-60 minutes'); $periods[] = [ 'start' => $period_s->format('H:i'), 'end' =>$period_e->format('H:i') ]; $period['start'] = $appointment_end->format('H:i'); } // //for the rest of services else { $period['start'] = $appointment_end->format('H:i');} } else { if ($appointment_start >= $period_start && $appointment_end < $period_end) { // The appointment is inside the time period, so we will split the period into two new // others. unset($periods[$index]); if($serviceId == $color1 || $serviceId == $color3 || $serviceId == $color7 || $serviceId == $color9|| $serviceId == $color10 || $serviceId == $color11 || $serviceId == $color12){ $period_s= clone $appointment_start; $period_s->modify('+45 minutes'); $period_e= clone $appointment_end; $period_e->modify('-45 minutes'); $periods[] = [ 'start' => $period_start->format('H:i'), 'end' => $appointment_start->format('H:i') ]; $periods[] = [ 'start' => $period_s->format('H:i'), 'end' =>$period_e->format('H:i') ]; $periods[] = [ 'start' => $appointment_end->format('H:i'), 'end' => $period_end->format('H:i') ]; } // //Open slot for service 45,45,60 else if($serviceId == $color2 || $serviceId == $color8){ $period_s= clone $appointment_start; $period_s->modify('+45 minutes'); $period_e= clone $appointment_end; $period_e->modify('-60 minutes'); $periods[] = [ 'start' => $period_start->format('H:i'), 'end' => $appointment_start->format('H:i') ]; $periods[] = [ 'start' => $period_s->format('H:i'), 'end' =>$period_e->format('H:i') ]; $periods[] = [ 'start' => $appointment_end->format('H:i'), 'end' => $period_end->format('H:i') ]; } // // //Open slot for service 30,45,45 else if($serviceId == $color4 || $serviceId == $color6 ||$serviceId == $color16 || $serviceId == $color18){ $period_s= clone $appointment_start; $period_s->modify('+30 minutes'); $period_e= clone $appointment_end; $period_e->modify('-45 minutes'); $periods[] = [ 'start' => $period_start->format('H:i'), 'end' => $appointment_start->format('H:i') ]; $periods[] = [ 'start' => $period_s->format('H:i'), 'end' =>$period_e->format('H:i') ]; $periods[] = [ 'start' => $appointment_end->format('H:i'), 'end' => $period_end->format('H:i') ]; } // // //Open slot for service 30,45,60 else if($serviceId == $color5 || $serviceId == $color17){ $period_s= clone $appointment_start; $period_s->modify('+30 minutes'); $period_e= clone $appointment_end; $period_e->modify('-60 minutes'); $periods[] = [ 'start' => $period_start->format('H:i'), 'end' => $appointment_start->format('H:i') ]; $periods[] = [ 'start' => $period_s->format('H:i'), 'end' =>$period_e->format('H:i') ]; $periods[] = [ 'start' => $appointment_end->format('H:i'), 'end' => $period_end->format('H:i') ]; } // // //Open slot for service 60,45,45 else if($serviceId == $color13 || $serviceId == $color15){ $period_s= clone $appointment_start; $period_s->modify('+60 minutes'); $period_e= clone $appointment_end; $period_e->modify('-45 minutes'); $periods[] = [ 'start' => $period_start->format('H:i'), 'end' => $appointment_start->format('H:i') ]; $periods[] = [ 'start' => $period_s->format('H:i'), 'end' =>$period_e->format('H:i') ]; $periods[] = [ 'start' => $appointment_end->format('H:i'), 'end' => $period_end->format('H:i') ]; } // // //Open slot for service 60,45,60 else if($serviceId == $color14 ){ $period_s= clone $appointment_start; $period_s->modify('+60 minutes'); $period_e= clone $appointment_end; $period_e->modify('-60 minutes'); $periods[] = [ 'start' => $period_start->format('H:i'), 'end' => $appointment_start->format('H:i') ]; $periods[] = [ 'start' => $period_s->format('H:i'), 'end' =>$period_e->format('H:i') ]; $periods[] = [ 'start' => $appointment_end->format('H:i'), 'end' => $period_end->format('H:i') ]; } //for other services once The code is completely correct else{ $periods[] = [ 'start' => $period_start->format('H:i'), 'end' => $appointment_start->format('H:i') ]; $periods[] = [ 'start' => $appointment_end->format('H:i'), 'end' => $period_end->format('H:i') ]; } } else if ($appointment_start == $period_start && $appointment_end == $period_end) { if($serviceId == $color1 || $serviceId == $color3 || $serviceId == $color7 || $serviceId == $color9|| $serviceId == $color10 || $serviceId == $color11 || $serviceId == $color12){ unset($periods[$index]); $period_s= $appointment_start; $period_s->modify('+45 minutes'); $period_e= $appointment_end; $period_e->modify('-45 minutes'); $periods[] = [ 'start' => $period_s->format('H:i'), 'end' =>$period_e->format('H:i') ]; } //Open slot for service 45,45,60 else if($serviceId == $color2 || $serviceId == $color8){ unset($periods[$index]); $period_s= clone $appointment_start; $period_s->modify('+45 minutes'); $period_e= clone $appointment_end; $period_e->modify('-60 minutes'); $periods[] = [ 'start' => $period_s->format('H:i'), 'end' =>$period_e->format('H:i') ]; } // // //Open slot for service 30,45,45 else if($serviceId == $color4 || $serviceId == $color6 ||$serviceId == $color16 || $serviceId == $color18){ unset($periods[$index]); $period_s= clone $appointment_start; $period_s->modify('+30 minutes'); $period_e= clone $appointment_end; $period_e->modify('-45 minutes'); $periods[] = [ 'start' => $period_s->format('H:i'), 'end' =>$period_e->format('H:i') ]; } // // //Open slot for service 30,45,60 else if($serviceId == $color5 || $serviceId == $color17){ unset($periods[$index]); $period_s= clone $appointment_start; $period_s->modify('+30 minutes'); $period_e= clone $appointment_end; $period_e->modify('-60 minutes'); $periods[] = [ 'start' => $period_s->format('H:i'), 'end' =>$period_e->format('H:i') ]; } // // //Open slot for service 60,45,45 else if($serviceId == $color13 || $serviceId == $color15){ unset($periods[$index]); $period_s= clone $appointment_start; $period_s->modify('+60 minutes'); $period_e= clone $appointment_end; $period_e->modify('-45 minutes'); $periods[] = [ 'start' => $period_s->format('H:i'), 'end' =>$period_e->format('H:i') ]; } // // //Open slot for service 60,45,60 else if($serviceId == $color14 ){ unset($periods[$index]); $period_s= clone $appointment_start; $period_s->modify('+60 minutes'); $period_e= clone $appointment_end; $period_e->modify('-60 minutes'); $periods[] = [ 'start' => $period_s->format('H:i'), 'end' =>$period_e->format('H:i') ];} // //for the rest of services else { unset($periods[$index]);} // The whole period is blocked so remove it from the available periods array. } else { if ($appointment_start >= $period_start && $appointment_end >= $period_start && $appointment_start <= $period_end) { // The appointment starts in the period and finishes out of it. We will need to remove //the time that is taken from the appointment. if($serviceId == $color1 || $serviceId == $color3 || $serviceId == $color7 || $serviceId == $color9|| $serviceId == $color10 || $serviceId == $color11 || $serviceId == $color12){ unset($periods[$index]); $period_s= clone $appointment_start; $period_s->modify('+45 minutes'); $period_e= clone $appointment_end; $period_e->modify('-45 minutes'); $period['end'] = $appointment_start->format('H:i'); $periods[] = [ 'start' => $period_s->format('H:i'), 'end' =>$period_e->format('H:i') ]; } //Open slot for service 45,45,60 else if($serviceId == $color2 || $serviceId == $color8){ $period_s= clone $appointment_start; $period_s->modify('+45 minutes'); $period_e= clone $appointment_end; $period_e->modify('-60 minutes'); $period['end'] = $appointment_start->format('H:i'); $periods[] = [ 'start' => $period_s->format('H:i'), 'end' =>$period_e->format('H:i') ]; } // // //Open slot for service 30,45,45 else if($serviceId == $color4 || $serviceId == $color6 ||$serviceId == $color16 || $serviceId == $color18){ $period_s= clone $appointment_start; $period_s->modify('+30 minutes'); $period_e= clone $appointment_end; $period_e->modify('-45 minutes'); $periods[] = [ 'start' => $period_s->format('H:i'), 'end' =>$period_e->format('H:i') ]; $period['end'] = $appointment_start->format('H:i'); } // // //Open slot for service 30,45,60 else if($serviceId == $color5 || $serviceId == $color17){ $period_s= clone $appointment_start; $period_s->modify('+30 minutes'); $period_e= clone $appointment_end; $period_e->modify('-60 minutes'); $periods[] = [ 'start' => $period_s->format('H:i'), 'end' =>$period_e->format('H:i') ]; $period['end'] = $appointment_start->format('H:i'); } // // //Open slot for service 60,45,45 else if($serviceId == $color13 || $serviceId == $color15){ $period_s= clone $appointment_start; $period_s->modify('+60 minutes'); $period_e= clone $appointment_end; $period_e->modify('-45 minutes'); $periods[] = [ 'start' => $period_s->format('H:i'), 'end' =>$period_e->format('H:i') ]; $period['end'] = $appointment_start->format('H:i'); } // // //Open slot for service 60,45,60 else if($serviceId == $color14 ){ $period_s= clone $appointment_start; $period_s->modify('+60 minutes'); $period_e= clone $appointment_end; $period_e->modify('-60 minutes'); $periods[] = [ 'start' => $period_s->format('H:i'), 'end' =>$period_e->format('H:i') ]; $period['end'] = $appointment_start->format('H:i'); } // for the rest of services else{ $period['end'] = $appointment_start->format('H:i'); } } else { if ($appointment_start >= $period_start && $appointment_end >= $period_end && $appointment_start >= $period_end) { // The appointment does not belong in the period so do not change anything. continue; } else { if ($appointment_start <= $period_start && $appointment_end >= $period_end && $appointment_start <= $period_end) { //Open slot for service 45,45,45 if($serviceId == $color1 || $serviceId == $color3 || $serviceId == $color7 || $serviceId == $color9|| $serviceId == $color10 || $serviceId == $color11 || $serviceId == $color12){ unset($periods[$index]); $period_s= clone $appointment_start; $period_s->modify('+45 minutes'); $period_e= clone $appointment_end; $period_e->modify('-45 minutes'); $periods[] = [ 'start' => $period_s->format('H:i'), 'end' =>$period_e->format('H:i') ]; } //Open slot for service 45,45,60 else if($serviceId == $color2 || $serviceId == $color8){ unset($periods[$index]); $period_s= clone $appointment_start; $period_s->modify('+45 minutes'); $period_e= clone $appointment_end; $period_e->modify('-60 minutes'); $periods[] = [ 'start' => $period_s->format('H:i'), 'end' =>$period_e->format('H:i') ]; } // //Open slot for service 30,45,45 else if($serviceId == $color4 || $serviceId == $color6 ||$serviceId == $color16 || $serviceId == $color18){ unset($periods[$index]); $period_s= clone $appointment_start; $period_s->modify('+30 minutes'); $period_e= clone $appointment_end; $period_e->modify('-45 minutes'); $periods[] = [ 'start' => $period_s->format('H:i'), 'end' =>$period_e->format('H:i') ];} //Open slot for service 30,45,60 else if($serviceId == $color5 || $serviceId == $color17){ unset($periods[$index]); $period_s= clone $appointment_start; $period_s->modify('+30 minutes'); $period_e= clone $appointment_end; $period_e->modify('-60 minutes'); $periods[] = [ 'start' => $period_s->format('H:i'), 'end' =>$period_e->format('H:i') ];} // // //Open slot for service 60,45,45 else if($serviceId == $color13 || $serviceId == $color15){ unset($periods[$index]); $period_s= clone $appointment_start; $period_s->modify('+60 minutes'); $period_e= clone $appointment_end; $period_e->modify('-45 minutes'); $periods[] = [ 'start' => $period_s->format('H:i'), 'end' =>$period_e->format('H:i') ];} // // //Open slot for service 60,45,60 else if($serviceId == $color14 ){ unset($periods[$index]); $period_s= clone $appointment_start; $period_s->modify('+60 minutes'); $period_e= clone $appointment_end; $period_e->modify('-60 minutes'); $periods[] = [ 'start' => $period_s->format('H:i'), 'end' =>$period_e->format('H:i') ];} else{ unset($periods[$index]); } } } } } } } } } return array_values($periods); } Hello all,
Appreciate if you folks could pls. help me understand (and more importantly resolve) this very weird error:
Fatal error: Uncaught exception 'PDOException' with message 'SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'ASC, purchase_later_flag ASC, shopper1_buy_flag AS' at line 3' in /var/www/index.php:67 Stack trace: #0 /var/www/index.php(67): PDO->query('SELECT shoplist...') #1 {main} thrown in /var/www/index.php on line 67
Everything seems to work fine when/if I use the following SQL query (which can also be seen commented out in my code towards the end of this post) :
$sql = "SELECT shoplist.*, store_master.store_name, item_master.item_name FROM shoplist, store_master, item_master WHERE shoplist.store_id = store_master.store_id AND shoplist.item_id = item_master.item_id";However, the moment I change my query to the following, which essentially just includes/adds the ORDER BY clause, I receive the error quoted above: $sql = "SELECT shoplist.*, store_master.store_name, item_master.item_name FROM shoplist, store_master, item_master ORDER BY purchased_flag ASC, purchase_later_flag ASC, shopper1_buy_flag ASC, shopper2_buy_flag ASC, store_name ASC) WHERE shoplist.store_id = store_master.store_id AND shoplist.item_id = item_master.item_id";In googling for this error I came across posts that suggested using "ORDER BY FIND_IN_SET()" and "ORDER BY FIELD()"...both of which I tried with no success. Here's the portion of my code which seems to have a problem, and line # 67 is the 3rd from bottom (third last) statement in the code below: <?php
/*
$sql = "SELECT shoplist.*, store_master.store_name, item_master.item_name
FROM shoplist, store_master, item_master
WHERE shoplist.store_id = store_master.store_id
AND shoplist.item_id = item_master.item_id";
*/
$sql = "SELECT shoplist.*, store_master.store_name, item_master.item_name
FROM shoplist, store_master, item_master
ORDER BY FIND_IN_SET(purchased_flag ASC,
purchase_later_flag ASC,
shopper1_buy_flag ASC,
shopper2_buy_flag ASC,
store_name ASC)
WHERE shoplist.store_id = store_master.store_id
AND shoplist.item_id = item_master.item_id";
$result = $pdo->query($sql);
// foreach ($pdo->query($sql) as $row) {
foreach ($result as $row) {
echo '<tr>';
print '<td><span class="filler-checkbox"><input type="checkbox" name="IDnumber[]" value="' . $row["idnumber"] . '" /></span></td>';
Thanks
Parse error: syntax error, unexpected T_STRING in C:\xampp\htdocs\mywork\unique.php on line 15 <html> <head> <title> </title> </head> <body bgproperties="fixed"> <?php $dbhost = 'localhost'; $dbuser = 'root'; $dbpass = ''; $con = mysql_connect($dbhost, $dbuser, $dbpass) or die ('Error connecting to mysql'); $dbname = 'mywork'; mysql_select_db($dbname, $con); $sql=mysql_query(insert into users (regno,name,gender,date,month,year,emailid,cell,paddress,caddress,incometype,incomeamt,dad,fyes,dadocup,mom,myes,momocup,password) VALUES ('$_POST[regno]','$_POST[name]','$_POST[gender]','$_POST[date]','$_POST[month]','$_POST[year]','$_POST[emailid]','$_POST[cell]','$_POST[paddress]','$_POST[caddress]','$_POST[incometype]','$_POST[incomeamt]','$_POST[dad]','$_POST[fyes]','$_POST[dadocup]','$_POST[mom]','$_POST[myes]','$_POST[momocup]','$_POST[password]')"); $sql1=mysql_fetch_array($sql); $result = @mysql_query($SQl1); $result="SELECT * FROM users WHERE regno='$regno'"; while($row = mysql_fetch_array($result)) { //echo $row['regno']."regno<br>"; //echo $row['name']."name<br>"; //echo $row['gender']."gender<br>"; //echo $row['date']."date<br>"; //echo $row['month']."month<br>"; //echo $row['year']."year<br>"; //echo $row['emailid']."emailid<br>"; //echo $row['cell']."cell<br>"; //echo $row['paddress']."paddress<br>"; //echo $row['caddress']."caddress<br>"; //echo $row['incometype']."incometype<br>"; //echo $row['incomeamt']."incomeamt<br>"; //echo $row['dad']."dad<br>"; //echo $row['fyes']."fyes<br>"; //echo $row['dadocup']."dadocup<br>"; //echo $row['mom']."mom<br>"; //echo $row['myes']."myes<br>"; //echo $row['momocup']."momocup<br>"; //echo $row['password']."password<br>"; } echo "Thanks for Register!"; if (!mysql_query($sql,$con)) { die('Error: ' . mysql_error()); } echo "1 record added"; mysql_close($con); ?> <form name="security" action="index.php" method="post"> <input type="submit" value="click here to login"> </form> </body> </html> Code: [Select] <?php mysql_connect ("-","-","-") or die ('Error'); mysql_select_db ("-"); $out = mysql_query("SELECT * FROM guestbook ORDER BY id DESC"); while($row = mysql_fetch_assoc($out); --and this one if that braces is deleted { ----this is where im getting the error $name = $row['name']; $email = $row['email']; $txt = $row['comment']; $msg = "Are you sure you want to delete"; /* @var $_REQUEST <type> */ if (isset($_REQUEST ["action"]) && $_REQUEST["action"] == "del") { $id = intval($_REQUEST['id']); mysql_query("DELETE FROM guestbook WHERE id=$id;"); echo "<action=index.php>"; } echo "<font face='verdana' size='1'>"; echo "<table border='0'> <tr><td>Name: ".$name."</td></tr>"." <tr><td>Email: ".$email."</td></tr> <tr><td colspan='2'>Comment:</td></tr> <tr><td colspan='2' width='500'><b>".$txt."</b></td></tr> <tr><td><a onclick=\"return confirm('.$msg.');\" href='index.php?action=del&id=".$row['id']."'><span class='red'>["."Delete"."]</span></a> </td></tr> </table><br />"; echo "<hr size='1' width='500' align='left'></font>"; } ?> Kindly help me please. When i delete ({) the error will become the ( i dont know what to do already. Thanks. Hi all, I am trying to make a 'forgot password' script. The passwords in the database are md5 encrypted. Is there a way to reverse this md5 password and send the forgotten password in its orginal for to the user through email? Thanks. <?PHP include("cxn.php"); $sql = "SELECT password FROM Members WHERE email='$_POST[email]'"; $result = mysqli_query($cxn,$sql) or die ("Couldn't execute query"); $num = mysqli_num_rows($result); if ($num >0) // Email Address Found { $password = md5($_POST['password']); // Trying to take the md5 off the password here. $to = "$_POST[email]"; $subj = "Password for website.co.uk"; $mess = "Your password for www.website.co.uk is: \n $_POST['password'] \n Please login with your email address and this password. Thank you."; $mailsend = mail($to,$subj,$mess,$headers); $update= "An email containing your password has been sent to". $_POST['email']."."; include("signin-redirect.php"); } else // Email Address Not Found { $registrationerror = "The email address '$_POST[email]' is already registered!"; include("signin-redirect.php"); } ?> I am having some trouble getting this to pull the password correctly from the database. I believe the problem is from the password being in md5 format. I am not sure how to fix the issue. Much thanks Code: [Select] <?php //signin.php include 'connect.php'; include 'header.php'; echo '<h3>Sign in</h3><br />'; //first, check if the user is already signed in. If that is the case, there is no need to display this page if(isset($_SESSION['signed_in']) && $_SESSION['signed_in'] == true) { echo 'You are already signed in, you can <a href="signout.php">sign out</a> if you want.'; } else { if($_SERVER['REQUEST_METHOD'] != 'POST') { /*the form hasn't been posted yet, display it note that the action="" will cause the form to post to the same page it is on */ echo '<form method="post" action=""> Username: <input type="text" name="username" /><br /> Password: <input type="password" name="password"><br /> <input type="submit" value="Sign in" /> </form>'; } else { /* so, the form has been posted, we'll process the data in three steps: 1. Check the data 2. Let the user refill the wrong fields (if necessary) 3. Varify if the data is correct and return the correct response */ $errors = array(); /* declare the array for later use */ if(!isset($_POST['username'])) { $errors[] = 'The username field must not be empty.'; } if(!isset($_POST['password'])) { $errors[] = 'The password field must not be empty.'; } if(!empty($errors)) /*check for an empty array, if there are errors, they're in this array (note the ! operator)*/ { echo 'Uh-oh.. a couple of fields are not filled in correctly..<br /><br />'; echo '<ul>'; foreach($errors as $key => $value) /* walk through the array so all the errors get displayed */ { echo '<li>' . $value . '</li>'; /* this generates a nice error list */ } echo '</ul>'; } else { //the form has been posted without errors, so save it //notice the use of mysql_real_escape_string, keep everything safe! //also notice the sha1 function which hashes the password $sql = "SELECT userid, username, userlevel FROM users WHERE username = '" . mysql_real_escape_string($_POST['username']) . "' AND password = '" . sha1($_POST['password']) . "'"; $result = mysql_query($sql); if(!$result) { //something went wrong, display the error echo 'Something went wrong while signing in. Please try again later.'; //echo mysql_error(); //debugging purposes, uncomment when needed } else { //the query was successfully executed, there are 2 possibilities //1. the query returned data, the user can be signed in //2. the query returned an empty result set, the credentials were wrong if(mysql_num_rows($result) == 0) { echo 'You have supplied a wrong user/password combination. Please try again.'; } else { //set the $_SESSION['signed_in'] variable to TRUE $_SESSION['signed_in'] = true; //we also put the user_id and user_name values in the $_SESSION, so we can use it at various pages while($row = mysql_fetch_assoc($result)) { $_SESSION['userid'] = $row['userid']; $_SESSION['username'] = $row['username']; $_SESSION['userlevel'] = $row['userlevel']; } echo 'Welcome, ' . $_SESSION['username'] . '. <br /><a href="index.php">Proceed to the forum overview</a>.'; } } } } } include 'footer.php'; ?> Well, I can now add/change/delete data in my db. But then I find I have no security at all. I know that IE/View/Source will display the code, but I did not know that right click on a frame would display that particular frameset code. Can you point me to a simple php security script. I have looked at many of them and they are pretty complicated. No need for me to reinvent the wheel and not sure I could do it anyway. I have many other programs I can be working on. I don't need anything extreme as the data is only phone nos. and email addresses. It is just that the site members don't want others to be able to view it. What if I created a db password table, then simply verified that the entered password was in the file. What kind of security would I have? Thanks Okay, so I am trying to create a login page My problem is that after I register and I want to login it says I have an incorrect password I encrypted the password with the md5 function and when I echoed the password in the db I get e882b72bccfc2ad578c27b0d9b472a14 and when I echoed the password I tried to login with I get e882b72bccfc2ad5 The password seems to be correct, just cut in half... Now why is the password I logged in with half the size it should be? I know i left out the connect that works fine but when i run this it tell me wrong password even if i copy and paste the user name and password from my database.... Can anyone help me please { $username = $_COOKIE['ID_my_site']; $pass = $_COOKIE['Key_my_site']; $check = mysql_query("SELECT * FROM users WHERE username = '$username'")or die(mysql_error()); while($info = mysql_fetch_array( $check )) { if ($pass != $info['password']) { } else { header("Location: members.php"); } } } if (isset($_POST['submit'])) { // if form has been submitted if(!$_POST['username'] | !$_POST['pass']) { die('You did not fill in a required field.'); } if (!get_magic_quotes_gpc()) { $_POST['email'] = addslashes($_POST['email']); } $check = mysql_query("SELECT * FROM users WHERE username = '".$_POST['username']."'")or die(mysql_error()); $check2 = mysql_num_rows($check); if ($check2 == 0) { die('That user does not exist in our database.'); } while($info = mysql_fetch_array( $check )) { $_POST['pass'] = stripslashes($_POST['pass']); $info['password'] = stripslashes($info['password']); $_POST['pass'] = md5($_POST['pass']); if ($_POST['pass'] != $info['password']) { die('Incorrect password, please try again.'); } else { $_POST['username'] = stripslashes($_POST['username']); $hour = time() + 3600; setcookie(ID_my_site, $_POST['username'], $hour); setcookie(Key_my_site, $_POST['pass'], $hour); header("Location: members.php"); } } } else { ?> <form action="<?php echo $_SERVER['PHP_SELF']?>" method="post"> <table border="0"> <tr><td colspan=2><h1>Login</h1></td></tr> <tr><td>Username:</td><td> <input type="text" name="username" maxlength="40"> </td></tr> <tr><td>Password:</td><td> <input type="password" name="pass" maxlength="50"> </td></tr> <tr><td colspan="2" align="right"> <input type="submit" name="submit" value="Login"> </td></tr> </table> </form> <?php } ?> I want to password protect my entire website. How would I go on to doing this. There is a website that has this already (www.printerdev.co.uk). I want to do the exact same thing but not sure how to. Can someone please help me When I set up MS SQL on my machine, for whatever reason I did not set up a UID or password. I can not get the php to connect with SQL because I do not have a UID and password on the db (which I know is not smart). I don't understand code enough to know how to manipulate this string below to remove the requirement. |
|||||||