PHP - Ideas On How To Do An Android Lock Screen Type Of Secure Login

I tried Googling them and what not but all I could find was useless stuff that I couldn't get to work, so I thought I would give it a crack at making my own. I don't think its that secure though. Can someone have a geeza over it? I've pretty much made it up from bits and pieces I have seen and researched. Ignore the echoes they were just for testing.

Well the code was working, now it just keeps redirecting me to index. So I dunno what I fucked.

Heres all the code:
Index.php
Code: [Select]
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
</head>

<body>
<?php 
include 'functions.php';
Connect();
?>
<form method="post" action="login.php">
<input type="text" name="Username" />
<input type="password" name="Password" />
<input type="hidden" name="ip" value="<?php ipget(); ?>" />
<input type="submit" />
</form>
</body>
</html>
Login.php
<?php
require_once 'standalone\HTMLPurifier.standalone.php';
include "functions.php";
Connect();
$purifier = new HTMLPurifier();
$result = mysql_query("SELECT Username, Password FROM login ") or die(mysql_error());
$sorted = mysql_fetch_array($result);
$name = $purifier->purify(strtolower($_POST['Username']));
$pass = $purifier->purify(md5(strtolower($_POST['Password'])));
$ip = md5($_POST['ip']);
$stamp = date("Ymdhis");

 

if ( $name == $sorted['Username'] ){
Echo "Username Correct";
if ( $pass == $sorted['Password'] ) {
echo "Password is correct";
session_start();
$_SESSION['ip'] = $ip;
$_SESSION['Username'] = $name;
$_SESSION['Password'] = $pass;
setcookie('ip', $ip, time()+3600);
setcookie('name', $name, time()+3600); 
$ipb = $_SERVER['REMOTE_ADDR'];
$orderid = "$stamp-$ipb";
$orderid = str_replace(".", "", "$orderid");
$GUID = md5(orderid);
setcookie('GUID', $GUID, time()+3600);
mysql_query("UPDATE login SET GUID = $GUID WHERE Username = '$name'");
header("location: admin.php");
} else {
echo "password is wrong";
}
} else {
Echo "wrong name";
}

?>


Functions.php
<?php
function connect(){
mysql_connect("localhost", "test", "password") or die(mysql_error());
mysql_select_db("db344475103") or die(mysql_error());
echo "Connected";
}
function ipget(){
$ip = $_SERVER['REMOTE_ADDR'];
echo $ip;
}
function check(){
session_start();
if (md5($_SERVER['REMOTE_ADDR']) == $_SESSION['ip'])
{
if (md5($_SERVER['REMOTE_ADDR']) == $_COOKIE['ip'])
{
if ($_SESSION['Username'] == $_COOKIE['name'])
{
if ($_COOKIE['GUID'] == mysql_query("SELECT GUID FROM login")) {
} else {
header("location: index.php");
session_destroy();
}
} else {
header("location: index.php");
session_destroy();
}
} else {
header("location: index.php");
session_destroy();
}
} else {
header("location: index.php");
session_destroy();
}
}
function clean(){
}
?>

Admin.php
Code: [Select]
<?php
include 'functions.php';
check();
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
</head>

<body>
Admin Area
</body>
</html>
Yeah its a lot of code, probably most of it useless as well knowing me.

Hi guys, It's my first post here, not looking to leech, I'm simply here to learn and develop my skills and any contributes will be greatly appreciated!

Anyways I have made a simple login script, however I would like to make it more secure. However before that, can you please explain to me as to why it is not secure in the first place? A basic explanation so I can understand would be great.   

Then after that, could you please give help as to how I would make this login code more secure?

Thank you very much

Code: [Select]
<?php
   $rowsfound=false;
    if (isset($_GET['frmStudentId']))
    {
           // functions to make performQuery() work correctly
           require_once("dbfunctions.inc.php");
           $query = "SELECT dbStudentId, dbStudentName " .
           " FROM student " .
           " WHERE dbStudentId = '".$_GET['frmStudentId']."'" .
           " AND dbPassword = '".$_GET['frmPassword']."'";
           $result = performQuery($query);
           if(count($result) > 0)
           {
           $rowsfound=true; // allow login
           }
           }
// code continues by generating appropriate response ...

Hello,
I made an login script, it works but i want to be sure if its secure to use in everyday use, here is the script:

<?php
session_start();

require_once('include/config.inc.php');
require_once('include/functions.php');

function clean($str, $encode_ent = false) {
$str  = @trim($str);
if ($encode_ent) {
$str = htmlentities($str);
}
if (version_compare(phpversion(),'4.3.0') >= 0) {
if (get_magic_quotes_gpc()) {
$str = stripslashes($str);
}
if (@mysql_ping()) {
$str = mysql_real_escape_string($str);
}
else {
$str = addslashes($str);
}
}
else {
if (!get_magic_quotes_gpc()) {
$str = addslashes($str);
}
}
return $str;
}

if (isset($_POST['submit'])) {
if ($_POST['code'] == $_SESSION['rand_code']) {
//Sanitize the POST values
$username = clean($_POST['username']);
$password = clean($_POST['password']);
$ip       = clean($_SERVER['REMOTE_ADDR']);

$query="SELECT * FROM user WHERE username='$username' AND password='".md5($_POST['password'])."'";
$result=mysql_query($query);

//Check whether the query was successful or not
if ($result) {
if (mysql_num_rows($result) == 1) {
//Login Successful
session_regenerate_id();
$user = mysql_fetch_assoc($result);
$_SESSION['SESS_MEMBER_ID'] = $user['username'];
session_write_close();

$query_login_ok = "INSERT INTO logs (`username`, `password`, `result`, `ip`) VALUES ('$username', '$password', 'SUCCESS', '$ip');";
$result_query_login_ok = mysql_query($query_login_ok) or die('MYSQL ERROR');

header("location: pmt.php");

exit();
} else {
//Login failed
$query_login_fail = "INSERT INTO logs (`username`, `password`, `result`, `ip`) VALUES ('$username', '$password', 'FAILED', '$ip');";
$result_query_login_fail = mysql_query($query_login_fail) or die('MYSQL ERROR');

header("location: index.php");

exit();
}
} else {
die("ERROR");
}
}
}
?>
<form id="login" name="login" method="post" action="">
  <table width="300" border="0" align="center" cellpadding="2" cellspacing="0">
    <tr>
      <td width="112"><b>Username</b></td>
      <td width="188"><input name="username" type="text" class="textfield" id="username" value="admin" /></td>
    </tr>
    <tr>
      <td><b>Password</b></td>
      <td><input name="password" type="password" class="textfield" id="password" value="qazwsx" /></td>
    </tr>
    <img src="include/captcha.php"/>
    <tr>
      <td><b>Code</b></td>
      <td><input type="text" name="code" /></td>
    </tr>
    <tr>
      <td>&nbsp;</td>
      <td><input type="submit" name="submit" value="Login" /></td>
    </tr>
  </table>
</form>

This topic has been moved to Miscellaneous.

http://www.phpfreaks.com/forums/index.php?topic=351535.0

I have a login screen that only partly works if i put in the password and click submit it gives me a 500 internal server error. but if i put in the wrong password it gives me the wrong password screen. i am new to this and lost as to why it doesn't work any help would be appreciated. i am running on vista with iis7 and mysql. also this is some code i found online and changed it around to fit the new php 5.3.6 so not sure what i did or if i need to change more.  Thank you in advance

Hello and ty all for helping
I have located the problem its in login.php file but dont know where thats why am turning to experts of coding.
My file is located here ftp.sofo.si username and password are same "guest" pls feel free to download and inspect

Thank you again for any help
cheers

For my site I need to screenscrape a page on a site.
The problem is, to access the page that contains the data I need, I have to login to my account first.
I know there are ways to simulate a form submission with ASP, but my server is Linux and can't use ASP.

I'm wondering if any of you know how I would be able to simulate a POST with something like cURL?  And possibly write an example script?

Thanks in advance. 

(This may be in the wrong section, please move it if it is. Thanks)

Hi.I found out that PHP developers can make apps for android too with zend which I'm really interested in.Does anyone have any resource or tutorial teaching how to do that?for now the apps I'm going to develop are just going to contain Text.not advanced apps do crazy things. BTW I'm new to php and trying to learn fudamentals etc.If I want to go into app development wouldn't it confuse me?can I do that?thanks and sorry for my english

Good morning!

I was wondering how can i access the php data to the health data (steps, heart rate etc ..) of devices with android and ios?

I don't know maybe by inserting the keys I can access the json with the related data...

I tried to search a bit on the internet but I see that I can only do it if I create an app for both systems and then from there I enter the data in my mysql database..

I don't know where to start, do you know something?

Thank you

I want to build a online "app builder" project that users can create android / iphone applications online without any coding knowledge. These sites are very common in market. They offer onclick app builder.

I have skill in development of web applications using php frameworks.

My question is

How we can generate android apk from our server after getting the necessary information from user? (Appname, icon, packagename etc)

PHP can do this entire task?, if yes any framework for that?

Can you give me some basic tips to generate apk from our server?

Can we genrate both android and iphone app from one single code?

What are the requirements needed for the server?

Anybody having skills in these areas, please help me. I need basic tips to get started this project.

Thanks

I'm not sure if JS or PHP is causing my browser to lock up when I access this page. I have a database of zipcodes ... approx. 70,000 of them. I have a php loop put them into a JS array. I then want JS to create a drop down with all the zip codes. On Chrome it completely doesn't work. On FF it will loop to about 64,000 and then give a warning that the script is taking too long. Reading up on google it seems that JS should be able to handle an array much bigger then mine... so what could be he problem?


<script language="javascript"> 
 
function addOption(selectbox,text,value )
{
var optn = document.createElement("OPTION");
optn.text = text;
optn.value = value;
selectbox.options.add(optn);
}
<?php
//TESTING
$con = mysql_connect("","","");
mysql_select_db("", $con);
//END TESTING
$data = mysql_query("SELECT postalCode FROM geo_city WHERE postalCode !='' ORDER BY postalCode ASC") or die(mysql_error());
echo 'function addOption_list(selectbox){ 
var zip = new Array("VOID"';
while($info = mysql_fetch_array($data)){ 
echo ',"'.$info['postalCode'].'"';
}
echo ');';
?>
for (var i=0; i < zip.length;++i){
 
addOption(document.drop_list.zip_list, zip[i], zip[i]);
}
}
</script> 
</head> 
 
<body onLoad="addOption_list()";> 
<FORM name="drop_list" action="" method="POST" > 

<SELECT  NAME="zip_list">  
<Option value="" >Zip Code list</option> 
</SELECT> 
</form>

I have php code that uses mp3 audio files stored in a database for the user to listen to. The page loads and the audio controls work and the files play on a desktop and laptop just fine. When trying to play a file on an android or IPhone, when you press the play (or any other control) nothing happens. It acts like the page is static. There is a home button on the webpage and it works so I know the page is interactive. Below is the code. I would appreciate any help. Thank you.

<?php
  $sermons = $database->select("sermon","*");;
  foreach( $sermons as $sermon )
  {
    $audio_file = 'http://xxxxxxx.com/sermons/'.$sermon['file_name'];
    $player = "<audio id='sermon_'$sermon[id] controls>
                <source src='$audio_file' type='audio/mpeg'>
                <source src='$audio_file' type='audio/mp3'>
                Your browser does not support the audio element.
              </audio>";
    echo "<tr>
          <td>$sermon[sermon_date]</td>
          <td>$sermon[title]</td>
          <td>$sermon[speaker]</td>
          <td>$player</td>
          </tr>";
  }
  ?>

I inherrited a site that has PHP code that decides to either serve the dedicated mobile site or desktop site to the user.
I would prefer that tablets get served the mobile site. Currently Android tablet users get served the desktop site.
I'd like to figure out how I can implement User Agent to detect an android tablet (with distinction from an Android phone)
This is the code I'm working with to determine which site to serve (mobile or desktop) Thanks   if ((strpos($user_agent, 'Mobile') === false &&     // Generic mobile browser string, most browsers have it.
strpos($user_agent, 'SymbianOS') === false &&    // Nokia device running Symbian OS.
strpos($user_agent, 'Opera M') === false && // Opera Mini or Opera Mobile.
strpos($user_agent, 'Android') === false && // Android devices that don't have 'Mobile' in UA string.
stripos($user_agent, 'HTC_') === false &&    // HTC devices that don't have 'Mobile' nor 'Android' in UA string. Case insensitive.
strpos($user_agent, 'Fennec/') === false &&     // Firefox mobile
strpos($user_agent, 'Kindle') === false &&     // Kindle Fire tablet
strpos($user_agent, 'BlackBerry') === false) ||    // BlackBerry
strpos($user_agent, 'iPad') === false)    // iPad
{
// Serve Desktop Site
return false;
}
 

As mention in my title, I am using wordpress, bought a theme and the support team is not able to assist me without the FTP access.   URL: http://www.icv.solutions/swagger Mobile: Android 4.4.2 Chrome: version 39.0.2171.93 Safari: star safari version 1.1   I am not able to scroll only on the above browser, other browser like firefox and default internet explorer on mobile have no such issue. In fact the older version of chrome have no such issue too,   If anyone could give me a hint where might the problem lies at or any help at all, would be great. I have been struggling with this for awhile now.   Thanks and happy holiday!

I have a folder with php includes files and one of them has the username and password of the database. Is there any way that i can lock the folder and unlock it with php. Or do it using the cpanel of my server?