QuickOldCar

Store each attempted login just as a date, additionally a 0/1 (fail/success) Get that users count of timestamps up to 10 minutes ago...if is a fail last attempt and is a count of 5 or more then it keeps preventing them (store the timestamp and fail)...otherwise allows them (store the timestamp and success).

You should make a habit to separate coding logic from html. Only add html for display, not stored in arrays.

Good eye mac_gyver, not even sure how I missed that exit and so obvious.

What does the html source file show? Btw is no need to keep coming in and out of php the way you are. Also where is $error defined? if (isset($_POST['submit']) && isset($error) == '') { // if there is no error, then process further Is your error reporting actually working?

You have 2 closing form tags </form> <a class="haveaccount" href="login.php">I already have an account...</a> </form>

Welcome to the forum. Be sure to visit the php manual as it has all the current uses and plenty of information to read over.

Welcome to the forum.

I'm in no way a lawyer and even a lawyers advice in a forum wouldn't have much merit, if went to court all would be determined there. It's usually anyone and everyone a party can blame and the lucky ones are those who can afford to get out of it or pass the blame and someone else accepts it. It's not even so much money but a reputation can be at stake. In my eyes if you clearly define in a TOS and also take actions against such wrongful person you should be exempt from blame. "...and any illegal or malicious activity" is a broad scope

I wouldn't let anyone upload code to the server. Are you doing a multiple subdomain/websites? If so have a default css file and let them edit that if anything and image uploads if required. Ever consider making your own theme/templating system? Create a variety of layouts and styles the user can select and further edit just css and images. Could make it they name their customized versions and those are saved. Can go crazy and make your own html builder.

For the record, you can use the session_id() for that random number.

Changed it around a little more. page one <?php session_start(); if(isset($_POST['submit']) && trim($_POST['name']) != ""){ if(!isset($_SESSION['number'])){ $_SESSION['number'] = session_id(); } if(!isset($_SESSION['name'])){ $_SESSION['name'] = trim($_POST['name']); } //database insert stuff header("location: nextpage.php"); exit; }else{ echo "Enter your name"; } ?> <form method="post" action=""> <input name="name" type="text" value="" > <input name="submit" type="submit" value="NEXT" > </form> page two <?php session_start(); echo "session: ".$_SESSION['number']."<br />"; echo "name: ".$_SESSION['name']; ?>

Try this for page one <?php //page one session_start(); if(isset($_POST['submit'])){ $_SESSION['number'] = mt_rand(1000, 9999); //database insert stuff header("location: nextpage.php?session=".$_SESSION['number']."&name=".trim($_POST['name'])); exit; } ?> <form method="post" action=""> <input name="name" type="text" value="" > <input name="submit" type="submit" value="NEXT" > </form>

Mistakes are part of the learning process. Everything does not always go as planned, might need to compromise or make adjustments. What's written in those books are a persons opinions. Whatever makes you more proficient and comfortable doing this while getting a completed project done per clients specifications is the right way. Many website developers I know use a cms versus starting over each time. Some use frameworks while others develop their own cms. Is also clients that want a certain premade cms in which you have to modify for their needs. There is so many aspects of website development and different methods to go about it is mind boggling these days. It seems that each client has a priority what is more important to them and their website, is something will have to find out or convince them your ways are the best to go about it. Some think they know but actually do not. I concentrate on the backend functional aspect of the website first and any css, jquery, javascript, ajax, etc would be later unless is required. Create a basic layout and style to manipulate and test your data. A basic plan of what you need is fine. create your websites so they can be modified in many ways without editing lots of code separate the coding logic from the display create databases for what you need, content data,users login system with permissions (I personally use a 0-9 scale) administration area navigation and link to scripts performing specific tasks inserting,fetching and updating content to the database website frontend and display data users account/profile area any additional requirements you may need design and style it add in any flashy features you want I've seen piles of sites that look fantastic and have no functionality, in the same respect have seen fantastic working ones that looked horrible. You have developers,designers and then you have website developers which need to be able to do both fairly well. Is there any particular trouble areas you have trying to get something working together? I find the biggest issues are the hosting or outdated coding versions the client is using. For the record I've been programming and developing for 36 years and have done all sorts of freelancing. I can not say I have seen it all, but I've seen a lot.

I agree with Ch0cu3r. Instead of trying to scrape that site all one csv file you should save results to a database and do a systematic scrape. In your case you already have a database with data, I would clone that database and add extra columns. Make the scraper refresh each time and start at the lowest id scraping the additional data and insert into the cloned database. Have an additional column to check for if was scraped or not in case was a glitch so don't have to start scraping from the beginning again.

if (!empty($rowhs) && trim($_POST["haddy"]) != "") {

A while ago someone asked about a tier system and made a function for it. http://forums.phpfreaks.com/topic/291591-wordpress-plugin-help/?do=findComment&comment=1492095 It may not be exactly what you need but can modify or get idea's from it. I see it being useful to know the values needed to insert into the database or some calculating after a query.

In your form the company name is set as name so.... $companyname = mysqli_real_escape_string($db, $_POST['name']); You should really be checking if these are actually set, trimmed and not blank.

Do a normal login and through session assign the user whichever database want. You don't need to pass anything through a url.

I agree using password_hash and password_verify is the best way. Only trim the password and use mysqli_real_escape_string, don't use stripslashes or any other methods to modify the password. Even better would be to use PDO and prepared statements.

You need to check the $_GET['reset'] value against the saved random code you have in database. A form so they can input the new password. Proper checks on users email and the user, data from the form updates password. You need some better logic in this, more if/else statements and less queries depending the immediate action are doing..

Maybe OP meant used session when creating the post, then was saved to database.

LIMIT is $startrow_id,$amount_per_page So if you wanted to start at id zero and 5 results would be LIMIT 0,5 then next page would be LIMIT 5,5

include("vars.php");//from same directory include($_SERVER['DOCUMENT_ROOT']."/vars.php");//discovering root from anywhere Could also do file_get_contents,curl, or even output buffering

Welcome to the club Fastol.

Hello and welcome. Be sure to go through the php manual as there is useful and current information there.