Jump to content

noobdood

Members
  • Posts

    18
  • Joined

  • Last visited

noobdood's Achievements

Newbie

Newbie (1/5)

0

Reputation

  1. right sorry. careless me. if(!password_verify($password, $hash)) got it.
  2. i tired the password_verify() but im not doing it right i think. got a warning: trying to login code: ob_start(); session_start(); if(isset($_POST['login'])) { $email = $_POST['email']; $password = $_POST['pass']; require "connection.php"; $emails = mysqli_real_escape_string($con, $email); $query = "SELECT id, name, email, password, salt FROM users WHERE email = '$emails';"; $result = mysqli_query($con, $query); if(mysqli_num_rows($result) == 0) // User not found. So, redirect to login_form again. { echo "<script>alert(\"User does not exist!\")</script>"; } $userData = mysqli_fetch_array($result, MYSQLI_ASSOC); $hash = $userData['password']; if(password_verify($password) != $hash) { echo "<script>alert(\"Incorrect Password!\")</script>"; }else{ session_regenerate_id(); $_SESSION['sess_user_id'] = $userData['id']; $_SESSION['sess_name'] = $userData['name']; session_write_close(); header('Location: home.php'); } }
  3. well, my questions are veering off course of the topic. so i will mark solved and open a new one for the other line of questioning. heh
  4. yeah im still reading up on that. whats 'ssis' in also there was a 'cost' in password hashing and was wondering what its for? in the doc it says by default the cost is 10 but higher is better (?)
  5. loveme, ive tried that it didnt work either. is it because the table is hidden? because are handled in js where they show the html table when is clicked and hidden when or is clicked.
  6. Thanks for the tips Jacques. so i read through the password_hash() doc. changed my code. is this correct?: $password1 = $_POST['pass']; $hash = password_hash($password1, PASSWORD_DEFAULT); $name = mysqli_real_escape_string($con, $name); $query ="INSERT INTO users (id, name, email, number, password) VALUES('','$name','$email','$number','$hash')";
  7. crap forgot. the problem is i get warning: i cant c where/what i need to edit.
  8. hey guys so im trying to display data into text boxes that are fetched from database according to checkbox with value id. processing is located before <!DOCTYPE html>: if(isset($_POST['edit_event']) && isset($_POST['check'])) { require "connection.php"; foreach ($_POST['check'] as $edit_id) { $edit_id = intval($GET['event_id']); //i tried (int)$edit_id; $sqls = "SELECT event_name,start_date,start_time,end_date,end_time,event_venue FROM event WHERE event_id IN $edit_id "; $sqlsr = mysqli_query($con, $sqls); $z = mysqli_fetch_array($sqlsr); { } button and form opens: <form method="post" action="event.php"> <input type="submit" name="edit_event" value="Edit Event"> this is the html where the data will be echoed: <div id="doverlay" class="doverlay"></div> <div id="ddialog" class="ddialog"> <table class="cevent"> <thead><tr><th>Update Event</th></tr></thead> <tbody> <tr> <td> <input type="text" name="en_" value="<?php echo $z['event_name']; ?>"> </td> </tr> <tr> <td> <input type="text" name="dates_" value="<?php echo $z['start_date']; ?>"> <input type="text" name="times_" value="<?php echo $z['start_time']; ?>"> </td> </tr> <tr> <td><input type="text" name="datee_" value="<?php echo $z['end_date']; ?>"> <input type="text" name="time_" value="<?php echo $z['end_time']; ?>"> </td> </tr> <tr> <td><input type="text" name="ev_" value="<?php echo $z['event_venue']; ?>"> </td> </tr> <tr> <td><input type="submit" name="update" value="Update Event" id="update"> <input type="submit" id="cancelupdate" name="cancel" value="Cancel" > </td> </tr> </tbody> </table> </div> this is the part which is populated by data from database where isset($_POST['check']) gets the 'check' from: echo "<tr> <td><input type='checkbox' name='check[]' value='$id'>$name </td> </tr>"; </form> thanks in advance!
  9. hi, im trying to create a website and only now started thinking about the security part(noob mistake). say for example i have home.php page and an index.php page. index.php is where users would sign up/log in. the login and sign up processes are all done but i was thinking of creating a unique id of some sort for when the user logs in. or something like this site (forum.phpfreaks) when we sign in, you are signed but the url stays the same = forums.phpfreaks.com. like if we were signed out we will be permanantly signed out and typing in forums.phpfreaks.com would just land us at the main page where we need to sign in. right now ,my home.php can be accessed with or without logging in even with sessions. hope im making sense, thanks in advanced! **haha that rhymed. i tried adding: <?php echo $_SERVER[php_SELF] . '?name=' . $userData['name'];?> in the index.php: <?php ob_start(); session_start(); if(isset($_POST['login'])) { $email = $_POST['email']; $password = $_POST['pass']; require "connection.php"; $emails = mysqli_real_escape_string($con, $email); $query = "SELECT id, name, email, password, salt FROM users WHERE email = '$emails';"; $result = mysqli_query($con, $query); if(mysqli_num_rows($result) == 0) // User not found. So, redirect to login_form again. { echo "<script>alert(\"User does not exist!\")</script>"; } $userData = mysqli_fetch_array($result, MYSQLI_ASSOC); $hash = hash('sha256', $userData['salt'] . hash('sha256', $password) ); if($hash != $userData['password']) { echo "<script>alert(\"Incorrect Password!\")</script>"; }else{ session_regenerate_id(); $_SESSION['sess_user_id'] = $userData['id']; $_SESSION['sess_name'] = $userData['name']; session_write_close(); header('Location: home.php?user='); } } ob_flush(); ?> <!DOCTYPE html> <form name="login" method="post" action="<?php echo $_SERVER[PHP_SELF] . '?name=' . $userData['name'];?>"> but i got access forbidden!
  10. i can't set it manually. the child form is cloned by using a loop based on values of a drop down: script: $(document).ready(function() { $('select[name=numc]').change(function() { var number_of_forms_to_create = $(this).val(); var table = $('table.prime').clone(); var target = $('div#add-child-wrap'); for(var i = 0; i < number_of_forms_to_create; i++) { var clone = table.clone(); clone.attr('id','style', ''); clone.prependTo(target); } }); }); i tried this: <?php $number_of_children = count($_POST['child-fname']; // Get the number of children to be added to the database $count = 0; $children=array(); // Create the array that will contain the rearranged data while ( $count <> $number_of_children ) { $children[$count]['child-salutations'] = $_POST['child-salutations'][$count]; $children[$count]['child-fname'] = $_POST['child-fname'][$count]; $children[$count]['child-lname'] = $_POST['child-lname'][$count]; $children[$count]['cday'] = $_POST['cday'][$count]; $children[$count]['cmonth'] = $_POST['cmonth'][$count]; $children[$count]['cyear'] = $_POST['cyear'][$count]; // We set a default value here if no option has been selected due to the way PHP handles radio buttons and check-boxes where no option has been selected if (!isset($_POST['living'][$count])) { $children[$count]['living'] = 'living-me'; } else { $children[$count]['living'] = $_POST['living'][$count]; $children[$count]['child-line'] = $_POST['child-line'][$count]; $children[$count]['child-mobile'] = $_POST['child-mobile'][$count]; $children[$count]['child-office'] = $_POST['child-office'][$count]; $children[$count]['child-email'] = $_POST['child-email'][$count]; $count++ } echo '<pre>'; var_dump($children); echo '</pre>'; foreach ( $children AS $child ) { //do something here } ?> but i literally had thousands of the same name recorded into the database when i submitted the form to test it out.
  11. im not sure what splitted arrays look like. is it like this? $cday = ($_POST['cday']); $cmonth = ($_POST['cmonth']); $cyear = ($_POST['cyear']); $childsalutations = ($_POST['child-salutations']); $childfname = ($_POST['child-fname']); $childlname = ($_POST['child-lname']); $childline1 = ($_POST['child-line1']); $childemail = ($_POST['child-email']); $childm = ($_POST['child-mobile']); $childoff = ($_POST['child-office']); $info = array('c_name' => $childsalutation $childfname $childlname, 'c_dob' => $cday-$cmonth-$cyear, 'c_line1' => $childline1, 'c_mobile' => $childm, 'c_office' => $childoff, 'c_email' => $childemail)
  12. hi guys so i have this add contacts page and the form is divided into 3 different froms 1) primary contact 2)spouse 3)child and the child form data is inserted as array into database because in the primary contact part of the form there is a "Children ?" with yes and no radio button and if yes a drop down list is enabled where if user chooses say 2 then there would be 2 child form that appears. and since theres 2 children then in the database a new row and data will be added accordingly. image attached to be clearer. i got it inserted into database but in the specified field it says array: |child_name|dob|house_add1|mobile|office|email| inserted: |array|array-array-array|array|array|array|array| query: "INSERT INTO child VALUES('','".$childsalutations." $childfname $childlname',' ".$cday."-".$cmonth."-$cyear ','$childline1','$childline2','$childm','$childoff','$childemail')" in a stackoverflow question(not my own question) someone says: information stating arrays need to be split, before inserting into the table. does that mean something like this?: $cday = ($_POST['cday']); $cmonth = ($_POST['cmonth']); $cyear = ($_POST['cyear']); $childsalutations = ($_POST['child-salutations']); $childfname = ($_POST['child-fname']); $childlname = ($_POST['child-lname']); $childline1 = ($_POST['child-line1']); $childemail = ($_POST['child-email']); $childm = ($_POST['child-mobile']); $childoff = ($_POST['child-office']); $info = array('c_name' => $childsalutation $childfname $childlname, 'c_dob' => $cday-$cmonth-$cyear, 'c_line1' => $childline1, 'c_mobile' => $childm, 'c_office' => $childoff, 'c_email' => $childemail) just in case u wanted to c the html child form(warning its abit long,very!): <table class="prime"> <tbody> <br> <tr><td style="font-size:20px;font-weight:bold">Child <span id="number"></span></td></tr> <tr> <td>Salutation :</td> <td><select name="child-salutations[]" id="child-salutations"> <option value="" disabled selected>Salutations</option> <option value="Datin">Datin</option> <option value="Datin Paduka">Datin Paduka</option> <option value="Dato Paduka">Dato Paduka</option> <option value="Dato'">Dato'</option> <option value="Dato' Seri">Dato' Seri</option> <option value="Datuk">Datuk</option> <option value="Datuk Seri">Datuk Seri</option> <option value="Dr.">Dr.</option> <option value="Haji">Haji</option> <option value="Hajjah">Hajjah</option> <option value="HM">HM</option> <option value="HRH">HRH</option> <option value="Miss">Miss</option> <option value="Mrs.">Mrs.</option> <option value="Mr.">Mr.</option> <option value="Pehin">Pehin</option> <option value="Professor">Professor</option> <option value="Raja">Raja</option> <option value="Tan Sri">Tan Sri</option> <option value="Tengku">Tengku</option> <option value="Tuanku">Tuanku</option> <option value="Tun">Tun</option> <option value="Tunku">Tunku</option> <option value="Ungku">Ungku</option> </select> </td> </tr> <tr><td colspan="2"><label class="label" style="color:Red">*If a person has many salutations, choose the highest form of salutation</label></td></tr> <tr><td>First Name :</td><td><input type="text" name="child-fname[]" id="child-fname" class="style" /></td> <td>Last Name :</td><td><input type="text" name="child-lname[]" id="child-lname" class="style" /></td></tr> <tr> <td>Date of Birth : </td> <td> <select name="cday[]"> <option value=""selected disabled>Day</option> <option value="1">1</option> <option value="2">2</option> <option value="3">3</option> <option value="4">4</option> <option value="5">5</option> <option value="6">6</option> <option value="7">7</option> <option value="8">8</option> <option value="9">9</option> <option value="10">10</option> <option value="11">11</option> <option value="12">12</option> <option value="13">13</option> <option value="14">14</option> <option value="15">15</option> <option value="16">16</option> <option value="17">17</option> <option value="18">18</option> <option value="19">19</option> <option value="20">20</option> <option value="21">21</option> <option value="22">22</option> <option value="23">23</option> <option value="24">24</option> <option value="25">25</option> <option value="26">26</option> <option value="27">27</option> <option value="28">28</option> <option value="29">29</option> <option value="30">30</option> <option value="31">31</option> </select> <select name="cmonth[]"> <option value="" selected disabled>Month</option> <option value="1">January</option> <option value="2">February</option> <option value="3">March</option> <option value="4">April</option> <option value="5">May</option> <option value="6">June</option> <option value="7">July</option> <option value="8">August</option> <option value="9">September</option> <option value="10">October</option> <option value="11">November</option> <option value="12">December</option> </select> Year : <input type="text" name="cyear[]" maxlength="4" size="4" class="year"> </td> </tr> <tr><td>Where do they live ?</td><td colspan="3"><input type="radio" name="living[]" id="living-me" class="living-me"/>With Me<input type="radio" name="living[]" id="living-other" class="living-other"/>With Other Parent<input type="radio" name="living[]" id="living-own" class="living-own"/>Own</td></tr> <tr><td>House Address</td></tr> <tr><td>Line 1 :</td><td><input type="text" name="child-line1[]" id="child-line1" size="20" class="style" /></td> <td>Mobile No :</td><td><input type="text" name="child-mobile[]" id="child-mobile" class="style" /></td></tr> <tr><td>Office No :</td><td><input type="text" name="child-office[]" id="child-office" class="style" /></td> <td>Email Address : </td><td><input type="email" name="child-email[]" id="email" class="style" /></td></tr> </tbody> </table>
  13. thank you. it was actually my html structure that wasn't making it work. i don't know why but i had to rearrange the form and stuff. thank you.
  14. this worked for a member on this forum of course i edited accordingly but it doesn't delete it just refreshes. script: <script> $(document).ready(function(){ $("#del_event").click(function() { $(':checkbox:checked').each(function() { $.post('delete.php', { check: $(this).attr('value') } ); }); }); }); </script> delete.php <?php $del_id = $_POST['check']; $sqlqueer = mysql_query("DELETE FROM event WHERE event_id = $del_id") or die(mysql_error()); if($sqlqueer) { echo "<meta http-equiv=\"refresh\" content=\"0;URL=event.php\">"; } ?>
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.