PHP - Character Endoing £ Sign Is ?

Hi there, im trying to create a sign up page for my site! I have used confirm password and email fields on the form but the code still shows the error message even if the passwords and emails match! Can anyone advice me please? 

I am coding using php and I am adding a pound sign in my mysql table but it outputs as a question mark, how do I make it output the pound sign? thanks.

Hi there. I have a javascript code that packages an array as a string and sends it to a php mailer, which then separates the string into an array for mailing using a preg_split regular expression that searches for a comma followed by an html tag.

$myWrongArray = preg_split("/,(?=<)/",$myVar); // lookahead splits the string when the comma is before a tag (the opening bracket < )
//The look ahead is (?=<), which interrogates the next character and if it is the angle bracket, <, the preg_split function operates.

Everything works great EXCEPT when the string contains a degree sign or an &, in which case the array is returned up to the degree or & and then stops.

I can’t for the life of me understand it. Any ideas?

Hi guys, I've got a snippet of code that's supposed to make a new directory with the user's unique ID (member_id) in the database. I have the code here but I get a myriad of errors including the infamous "at line 1 error, and the directory does not create. Please help me!!

//Create Directory
$queryString2 = $_SERVER['QUERY_STRING'];
$query2 = "SELECT member_id FROM members WHERE $queryString2 = $row[activation]"; 
$result2 = mysql_query($query2) or die(mysql_error());
mkdir("/home/gafferzo/www/members/clubs/" . mysql_result($result2,0), 0777);  

Hi. I am brand new here...

I have a script where I'm trying to parse an email and everything is working fine but it looks like the percent sign (%) is getting stripped out of my message.

The percent sign is in the subject message and it gets removed and I also can't use it in any other strings in the script.

I've tried just adding a slash in front like \% but that didn't fix it.

Is there another way to escape a percent sign when using it in a script?

Any help is appreciated.
Thanks.
-Jeff

$username = $_POST['username'];
$password = $_POST['password'];
$month = $_POST['month'];
$day = $_POST['day'];
$year = $_POST['year'];

$query = mysql_query("INSERT INTO users VALUES ('','$username','$password','$month','$day','$year')
mysql_query($query);


The code above is a sample of what I have but what I want is to store an entire birthdate in ONE SQL cell. More like this...


$username = $_POST['username'];
$password = $_POST['password'];
$month = $_POST['month'];
$day = $_POST['day'];
$year = $_POST['year'];

$query = mysql_query("INSERT INTO users VALUES ('','$username','$password','$birthdate')
mysql_query($query);


How is this possible? Can I do this and actually use it efficiently in the future?

The Script:

<?php

    echo "<h1>The Hashtag: </h1>";
    echo $_GET['hashtag'];

?>

An example for the URL on localhost:

/search.php?hashtag=#xbox

If I am not using the number sign, then the word "xbox" does get printed on screen, if I do use the number sign then the hashtag "#xbox" does not get printed on screen.   Any suggestions on how to do this?

this code is to create a new user based on posted variables. it works fine for creating the necessary tables and granting privileges. but then when i log out as root and try to log back in as the user it's failing. why is it failing? Thanks, G.

Code: [Select]
<?php
extract( $_POST );
include( '../php/userobject.php' );

@ $db = mysqli_connect('localhost', 'root', 'xxxxxx', 'mealchamp');
if ( mysqli_connect_errno() ) {
echo 'Error: could not connect to database as root.<br />';
exit;
}
else
echo 'Connected to database as root.<br />';

$query = "SELECT username FROM userlist WHERE username = $uname";
$result = mysqli_query($db, $query);

if ($result) 
echo 'That user name is already taken.<br/>Please hit back on your browser, and try a different user name.<br/>';
else {
echo 'That username is available.<br/>';
echo "$fname<br/>";
echo "$lname<br/>";
echo "$add1<br/>";
echo "$add2<br/>";
echo "$city<br/>";
echo "$prov<br/>";
echo "$ctry<br/>";
echo "$post<br/>";
echo "$email<br/>";
echo "$uname<br/>";
echo "$pass1<br/>";
echo "$sex<br/>";
echo "$birth<br/>";
echo "$height<br/>";
echo "$weight<br/>";

$query = "INSERT INTO userlist 
(firstname, lastname, address1, address2, city,  province, country, postal, email,  username, password, sex,  birth,  height,  weight) VALUES
('$fname', '$lname', '$add1', '$add2', '$city','$prov', '$ctry', '$post','$email','$uname', '$pass1', '$sex', '$birth', '$height',  '$weight')";
$result = mysqli_query($db, $query);
if ($result)
echo "Userlist was updated successfully<br />";
else
echo "Could not update userlist";

$query = "CREATE TABLE ".$uname."_persfood  
(persfoodid  INT UNSIGNED NOT NULL AUTO_INCREMENT PRIMARY KEY,
 food   VARCHAR(30) NOT NULL)";
$result = mysqli_query($db, $query);
if ($result)
echo "Personal food table was created successfully<br />";
else
echo "Could not create personal food table<br />";

$query = "GRANT select ON mealchamp.userlist TO ".$uname." IDENTIFIED BY '$pass1'";
$result = mysqli_query($db, $query);
if ($result)
echo "User priveleges were granted successfully<br />";
else
echo "Could not grant user priveleges<br />";
$query = "GRANT select, insert, update, delete, index ON mealchamp.".$uname."_persfood TO ".$uname." IDENTIFIED BY '$pass1'";
$result = mysqli_query($db, $query);
if ($result)
echo "User priveleges were granted successfully<br />";
else
echo "Could not grant user priveleges<br />";

mysqli_close($db);

@ $db = mysqli_connect('localhost', $uname, $pass1, 'mealchamp');
if ( mysqli_connect_errno() ) {
echo 'Error: could not connect to database as user.<br />';
exit;
}
else {
echo 'Connected to database as user.<br />';
?>

I am trying to build my own custom login script.

What I am trying to achieve is once a user has logged in depending on wether they have checked the keep me logged in checkbox they have two options. If they haven't checked it then it creates session variables only, and if they have checked it it also creates cookie variable as well as the session variables.

If they then close their browser / tab without logging out and then revisit the site they will get redirected to login page because the active session variable is no longer there. As soon as they land on the loggin page, it automatically checks for the cookie variable and if it exists, it uses it to login and redirect them automatically.

However the problem that I am facing is that the session variable is still being trashed after a default amount of idle time and forcing a login.

My goal is that the user shouldn't have to re-login unless they have either clicked the logout button.

Can someone please have a look through my solution and advise me as to wether this is the correct method that I am implementing, if there is an easier way to achieve what I want, and is this a secure way to handle user logins.

Thanks in advance.

Andrew



Here is the check code I have placed at the top of each admin page.

Code: [Select]
<?php 
session_start();
$url = (!empty($_SERVER['HTTPS'])) ? "https://".$_SERVER['SERVER_NAME'].$_SERVER['REQUEST_URI'] : "http://".$_SERVER['SERVER_NAME'].$_SERVER['REQUEST_URI'];
$uid = $_SESSION['uid'];
if (!isset($uid)) {
header('location:login.php?redirect='.$url);
exit();
}
?>
Next we have the code for the login.php file.

Code: [Select]
<?php include ('functions.php'); ?>
<?php get_header('login'); ?>
    <div id="login-result">
    <?php
connect();
$redirect = htmlspecialchars(mysql_real_escape_string(addslashes($_GET['redirect'])));

if(isset($_COOKIE['remembered'])){

$username = htmlspecialchars(mysql_real_escape_string(addslashes($_COOKIE['remembered']['username'])));
$password = htmlspecialchars(mysql_real_escape_string(addslashes($_COOKIE['remembered']['password'])));

$sql      = "SELECT * FROM usersT WHERE username='$username' AND password='$password'";
$result   = mysql_query($sql);
$count    = mysql_num_rows($result);
$row      = mysql_fetch_array($result);

$uid      = $row['uid'];
$fname    = $row['firstname'];
$lname    = $row['lastname'];
$role     = $row['role'];

   
if($count==1){
$sql2    = "UPDATE usersT SET status = '1' WHERE uid = '$uid'";
$result2 = mysql_query($sql2);

if($result2){

session_register("uid");
session_register("uname");
session_register("ulevel");
$_SESSION["uid"]    = $uid;
$_SESSION["uname"]  = $fname;
$_SESSION["ufullname"]  = $fname . " " .$lname;
$_SESSION["urole"] = $role;
                                        $home = get_option('home');

if(!empty($redirect)) {
header( 'Location: '. $redirect ) ;
exit(); 
}
else {
header( $home ) ;
exit();
}

}

}
else {
echo "<div class=\"error rounded5 shadow\">Invalid username or password!</div>";
}
}
else if (isset($_POST['admin_login'])){

if(isset($_POST["username"]) && isset($_POST["password"])){

$username_p = htmlspecialchars(mysql_real_escape_string(addslashes($_POST["username"])));
$password_p = htmlspecialchars(mysql_real_escape_string(addslashes($_POST["password"])));
$psw        = md5($password_p);

$sql3      = "SELECT * FROM usersT WHERE username='$username_p' AND password='$psw'";
$result3   = mysql_query($sql3);
$count3    = mysql_num_rows($result3);
$row3      = mysql_fetch_array($result3);

$uid      = $row3['uid'];
$fname    = $row3['firstname'];
$lname    = $row3['lastname'];
$role     = $row3['role'];

   
if($count3==1){
$sql4    = "UPDATE usersT SET status = '1' WHERE uid = '$uid'";
$result4 = mysql_query($sql4);

if($result4){

session_register("uid");
session_register("uname");
session_register("ulevel");
$_SESSION["uid"]    = $uid;
$_SESSION["uname"]  = $fname;
$_SESSION["ufullname"]  = $fname . " " .$lname;
$_SESSION["urole"] = $role;
$home = get_option('home');

if(isset($_POST['remember'])) { 
setcookie("remembered[username]", $username, time() + 86400 * 365 * 2);
setcookie("remembered[password]", $psw, time() + 86400 * 365 * 2); 
}

if(!empty($redirect)) {
header( 'Location: '. $redirect ) ;
exit(); 
}
else {
header( $home ) ;
exit();
}

}

}
else {
echo "<div class=\"error rounded5 shadow\">Invalid username or password!</div>";
}
}
}
?>
    </div><!-- / login-results -->
    <div id="login" class="rounded5 shadow">
<form name="loginform" id="loginform" action="<?php $_SERVER['PHP_SELF']; ?>" method="post">
            <p>
                <label for="username">Username<br>
                <input type="text" name="username" id="username" class="rounded5" value="<?php echo $username_p; ?>" size="20" tabindex="10" /></label>
            </p>
            <p>
                <label for="password">Password<br>
                <input type="password" name="password" id="password" class="rounded5" value="<?php echo $password_p; ?>" size="20" tabindex="20" /></label>
            </p>
            <p class="submit">
            Keep me logged in<input type="checkbox" name="remember" id="remember" /><br /><br /><a href="" class="left">Lost your password?</a>
                <input type="submit" name="admin_login" id="admin_login" class="btn rounded10 right" value="Log In" tabindex="100" />
            </p>
            <div class="cleaner"></div><!-- / cleaner -->
        </form>
    </div><!-- / login-->
<?php get_footer('login'); ?>

Finally here is the code I am using for the logout.php page.

Code: [Select]
<?php
session_start();
include ('functions.php');
connect();
$uid    = mysql_real_escape_string($_SESSION['uid']);
$sql    = "UPDATE usersT SET status = '0' WHERE uid = '$uid'";
$result = mysql_query($sql);

if($result) {
session_unset(); 
session_destroy();

if(isset($_COOKIE['remembered'])){ 
setcookie("remembered[username]", $username, time() - 3600);
setcookie("remembered[password]", $psw, time() - 3600); 
header("location: login.php");
}
exit();
}
else {
echo "You couldn't be logged out at this time.";
}
?>

So this is a simple code that finds out the difference between two dates and displays it in number of days.

$date1=date_create("2013-03-15");
$date2=date_create("2013-12-12");
$diff=date_diff($date1,$date2);
echo $diff->format("%R%a days");

// RESULT
+272 days

 

My first question. Is it possible to remove the + sign in the result above?

Second question. Is it possible to show "months" if it's greater than 30 days? And years if the days are greater than 365?

How would I do this?

Please help me out with sessions . I m new to this topic.

so the user is reading a story, to finish reading he has to click a link that redirects them to the signup page.
Code: [Select]
<?php
session_start();
$beginurl = $_SERVER['HTTP_REFERER'];
$_SESSION['beginurl'] = $beginurl;
echo $_SESSION['beginurl'];
?>
<html>
 <head>
  </head>
 <body>
<script type="text/javascript"><!--
location.replace("http://www.mysite.com/members/");
//--></script>
  </body>
</html>
When they get to the second page, they have to click a link that opens up a modal. this is the code that runs when they hit the register button

Code: [Select]
session_start();
$beginurl = $_SESSION['beginurl'];

$beginurl= (isset($_SESSION['beginurl'])) ? $_SESSION['beginurl'] : 'Error';

if( $_SESSION['status'] ='authorized')   
$_SESSION['$makemodal'] = 0;

//sends the user to the page upon successful password credential
if(!isset($_SESSION['SESS_USERID'])||(trim($_SESSION['SESS_USERID']=='admin')))
   {
        echo '<script language="javascript">';
         
echo "top.location.href = $beginurl";
        echo '</script>';
        exit();
    }

Am I passing this variable correctly?

and I'm not sure if the top.location.href towards the bottom is correct either, right now after I hit the register button I'm redirected to a blank page where the url is,

"http://www.mysite.com/function Error() { [native code]}"