evil_stevo

That worked great litebearer!!! I did a little modification for my own and got rid of the decimal and this came out... $birthdate = "1985-07-15"; //calculate age $ageTime = strtotime($birthdate); // Birthday Timestamp $t = time(); // Current Time $age = ($ageTime < 0) ? ( $t + ($ageTime * -1) ) : $t - $ageTime;$year = 60 * 60 * 24 * 365; $ageYears = $age / $year; $age = number_format($ageYears,0); //Delete Decimals echo $age; Let me know what you think... THANKS AGAIN! IT WAS JUST THE TICKET!!!! :)

//calculate age $birthdate = "1978-04-26"; //birth date... actually being obtained from a database $today = date("Y-m-d H:i:s"); // The exact date $age = date_diff($str_birthday, $today); echo $age; I'd like a simple code to echo the age of someone with the mysql database information that's in their record. This doesn't work. I have no idea why. Nothing seems to work that I've found on the net. Please help. Thanks.

$username = $_POST['username']; $password = $_POST['password']; $month = $_POST['month']; $day = $_POST['day']; $year = $_POST['year']; $query = mysql_query("INSERT INTO users VALUES ('','$username','$password','$month','$day','$year') mysql_query($query); The code above is a sample of what I have but what I want is to store an entire birthdate in ONE SQL cell. More like this... $username = $_POST['username']; $password = $_POST['password']; $month = $_POST['month']; $day = $_POST['day']; $year = $_POST['year']; $query = mysql_query("INSERT INTO users VALUES ('','$username','$password','$birthdate') mysql_query($query); How is this possible? Can I do this and actually use it efficiently in the future?

So, your saying I don't even really need to do the disconnect with either require or include? Or, should I be writing it out fully in the code itself instead of including or requiring?

So, I'm thinking it's fine if I have another piece of code in there after wards that needs reconnecting to the database. All I'll have to do is add include "connect.php" and "disconnect.php" again. Shouldn't be any problems right as long as I don't over do it?

Oh, does password need anything done to it other than md5? Maybe something like this?? <?php session_start(); //start session //required $message = ""; $loginstatus = ""; //if $_POST "username" and "password" exist, check for consistency. if (isset($_POST['username'])&&($_POST['password'])) { require_once 'connect.php'; //connect if(get_magic_quotes_gpc()) { $username = mysql_real_escape_string(stripslashes($_POST['username'])); //set variables from session $password = mysql_real_escape_string(stripslashes($_POST['password'])); //set variables from session } else { $username = mysql_real_escape_string($_POST['username']); //set variables from session $password = mysql_real_escape_string(($_POST['password'])); //set variables from session } $password = md5($password); //md5 encryption $query = mysql_query("SELECT * FROM users WHERE username='$username' AND password='$password'"); //checking if row exists that has $username and $password together. $num = mysql_num_rows($query); //number of rows. if not equal to one login will fail. if($num==1) { $_SESSION['username'] = $username; //store session data $message = "$username, you are logged in!"; include "disconnect.php"; } else { $message = "<font color='red'>Wrong Username or Password. Please try again.</font>"; } } Also, let's say above is my header.php and below is my index.php... <?php include "head.php"; ?> <div style="margin:5px"> Here is my page! <?php require "connect.php"; CODE CODE CODE require "disconnect.php"; ?> </div> <?php include "foot.php" ?> Will this conflict or be conflicted by the the require_once code in the header.php? Is it bad to have multiple connections to the database as long as there disconnected?

Very nice. Googling everything you said makes sense and is smart. Ok, so should I 'require', 'require_once' or 'include' the disconnect.php? That's my next good question. Thanks!

Alright, thanks! That's already in there though. So, what else should be done? Does anyone know of anything else that can be done to ensure a more secure system without making things really complicated (unnecessarily complicated). Thanks.

This is my one page log in system. Using this on the header so guests can log in on ANY page. Let me know what you think needs improving for security. I'm also wondering if putting the include "disconnect.php"; where I have is correct. Thanks! <?php session_start(); $message = ""; //error message needs to be blank $loginstatus = ""; //error message needs to be blank //if $_POST "username" and "password" exist, check for consistency. if (isset($_POST['username'])&&($_POST['password'])) { include 'connect.php'; //connect $username = mysql_real_escape_string($_POST['username']); //set variables from session $password = mysql_real_escape_string($_POST['password']); //set variables from session //remove slashes and HTML $username = stripslashes($username); $password = stripslashes($password); $username = strip_tags($username); $password = strip_tags($password); $password = md5($password); //md5 encryption $query = mysql_query("SELECT * FROM users WHERE username='$username' AND password='$password'"); //checking if row exists that has $username and $password together. $num = mysql_num_rows($query); //number of rows. if not equal to one login will fail. if($num==1) { $_SESSION['username'] = $username; //store session data $message = "$username, you are logged in!"; include "disconnect.php"; } else { $message = "<font color='red'>Wrong Username or Password. Please try again.</font>"; } } //if $_SESSION "username" and "password" exist, check for consistency. if (isset($_SESSION['username'])) { $username = $_SESSION['username']; $loginstatus = " <table cellspacing='0' cellpadding='0'> <tr> <td align='right'><b>$message</b> <a href='logout.php'>[logout]</a></td> </tr> </table> "; } else { $loginstatus = " <b>$message</b> <table cellspacing='0' cellpadding='0'> <form action='index.php' method='post'> <tr> <td><b>Username: </td> <td><input type='text' name='username' class='inputbox'></td> <td> <b>Password: </td> <td><input type='password' name='password' class='inputbox'></td> <td> <input type='submit' value='Log In' class='submitbutton'></td> </tr> </table> </form> "; } echo $loginstatus; ?>

Thanks! WOW! I got a lot of work to do! Ok, so I'll whitelist everything I need to and do that at sign up as well. Sorry, I didn't realize the ability of the tag. Won't happen again!

My main pages looks like this... <?php include "header.php"; CONTENT include "footer.php"; ?> On the header will be my login script so on every page the script will be there so they can log in from anywhere on the site. Also, I want it all done on one page instead of being directed somewhere else. This is the code below. <?php session_start(); $message = ""; //error message needs to be blank $loginstatus = ""; //error message needs to be blank //if $_POST "username" and "password" exist, check for consistency. if (isset($_POST['username'])&&($_POST['password'])) { include 'connect.php'; //connect $username = mysql_real_escape_string($_POST['username']); //set variables from session $password = mysql_real_escape_string($_POST['password']); //set variables from session //remove slashes and HTML $username = stripslashes($username); $password = stripslashes($password); $username = strip_tags($username); $password = strip_tags($password); $password = md5($password); //md5 encryption $query = mysql_query("SELECT * FROM users WHERE username='$username' AND password='$password'"); //checking if row exists that has $username and $password together. $num = mysql_num_rows($query); //number of rows. if not equal to one login will fail. if($num==1) { $_SESSION['username'] = $username; //store session data $message = "$username, you are logged in!"; } else { $message = "<font color='red'>Wrong Username or Password. Please try again.</font>"; } } //if $_SESSION "username" and "password" exist, check for consistency. if (isset($_SESSION['username'])) { $username = $_SESSION['username']; $loginstatus = " <table cellspacing='0' cellpadding='0'> <tr> <td align='right'><b>$message</b> <a href='logout.php'>[logout]</a></td> </tr> </table> "; } else { $loginstatus = " <b>$message</b> <table cellspacing='0' cellpadding='0'> <form action='CURRENTPAGE.php' method='post'> <tr> <td><b>Username: </td> <td><input type='text' name='username' class='inputbox'></td> <td> <b>Password: </td> <td><input type='password' name='password' class='inputbox'></td> <td> <input type='submit' value='Log In' class='submitbutton'></td> </tr> </table> </form> "; } echo $loginstatus; ?> I have two questions... #1 How can I direct my page when entering the password to the current page the user is on? (look at CURRENTPAGE.php in the code for reference) #2 Security is obviously an issue at all times. How does my security look? What can I do to make this login script more secure? Thanks so much for all of those who help out. I'll be watching this forum all day everyday.