RalphLeMouf
-
Posts
153 -
Joined
-
Last visited
Everything posted by RalphLeMouf
-
how is that generic? it has all the code and clearly explains the problem.
-
I have a social network that has custom made comments section for users. Users are also able to reply to comments. Each comment has a 'reply' button that when pressed, uses jquery to make a new text box structure appear. It is a bit lengthy in syntax and logic so I am a bit lost on what the problem may be ( it is not functioning at all. I have also run out of trouble shoot methods. Here is the code for the comments and replies: <div id="x_comment_box"> <form name="x_comment_form" method="post" action="Project-X.php"> <textarea name="comment_body" class="round_10px defaulted">Leave a comment about "Name of Video"...</textarea> <input type="submit" name="x_submit" value="Submit" class="post"/> </form> </div> <?php $query = "SELECT * FROM `x_comments` WHERE `status` = 'active' ORDER BY `date` DESC, `time` DESC LIMIT 10"; $request = mysql_query($query,$connection) or die(mysql_error()); while($result = mysql_fetch_array($request)) { $webcast_poster = new User($result['userID']); $body = $result['commentBody']; $date = $result['date']; $time = $result['time']; $comment_id = $result['id']; ?> <div class="comment_structure_future_webcast_x clearfix"> <a name="comment_<?php echo $result['id']; ?>"></a> <div class='comment_polaroid_future'> <a href='http://www.cysticlife.org/Profile.php?id=<?php echo $poster->id ?>'> <img src='<?php echo $webcast_poster->img('mini'); ?>' border='0'/> </a> </div> <div class='comment_body_future_webcast_x round_10px'> <div id='CommentNameProfile'> <a href='http://www.cysticlife.org/Profile.php?id=<?php echo $auth->id; ?>'> <?php echo $webcast_poster->first_name. " ". $webcast_poster->last_name; ?> says... </a> </div> <?php echo strip_tags(stripslashes(nl2br($result['commentBody'])),'<br><br />'); ?> <div id='CommentInfoProfile'> <?php echo date('M d, Y',strtotime($result['date'])); ?> at <?php echo date('g:i A',strtotime($result['time'])); ?> • <?php if($webcast_poster->id == $auth->id) { ?> <a href='#' onclick='confirmation("DeleteWebcastComment.php?id=<?php echo $result['id']; ?>&ret=<?php echo urlencode($_SERVER['REQUEST_URI']); ?>");'>Delete •</a> <?php } ?> <a href='#reply_form_<?php echo $result['id']; ?>' name='reply_to_<?php echo $result['id']; ?>' class='reply_link'>Reply</a> </div> </div> <div class='profile_comment_tail_future'> </div> </div> <?php }?> <?php /* responses */ $query = "SELECT * FROM `x_comments_replies` WHERE `commentID` = '" . $result['id'] . "' && `status` = 'active' ORDER BY `date` ASC, `time` ASC"; $request2 = mysql_query($query,$connection); while($reply = mysql_fetch_array($request2)) { $replier = new User($reply['replierID']); ?> <div class="response_structure_future"> <a name="response_<?php echo $reply['id']; ?>"></a> <div class="response_polaroid_future"> <a href="http://www.cysticlife.org/Profile.php?id=<?php echo $replier->id; ?>"> <img src="<?php echo $replier->img('mini'); ?>" /> </a> </div> <div class="response_body_future round_10px"> <div class="response_arrow_future"></div> <div class="response_tail_future"></div> <div class="response_data_future"> <div class="response_name_future"> <a href="http://www.cysticlife.org/Profile.php?id=<?php echo $replier->id; ?>"> <?php echo $replier->first_name . " " . $replier->last_name; ?> says... </a> </div> <?php echo strip_tags(stripslashes(nl2br($reply['comment'])),'<br><br />'); ?> <div class="response_info_future"> <?php echo date('M d, Y',strtotime($reply['date'])); ?> at <?php echo date('g:i A',strtotime($reply['time'])); ?> <?php if($auth->id == $replier->id || $auth->id == $result['ToUserID']) { ?> <a onclick="confirmation('DeleteAirwaveReply.php?id=<?php echo $reply['id']; ?>&ret=<?php echo urlencode($_SERVER['REQUEST_URI']); ?>');"> • delete</a> <?php } ?> <div id="thumb_holder_replies"> <div id="thumb_report_replies"> <a href="mailto:[email protected]"> report </a> </div> <div class= "thumb_counter_replies" id="thumb_counter_replies_<?php echo $reply['id']; ?>"> +<?php echo $reply['thumbsUp_reply']; ?> </div> <div id="thumb_thumb_replies"> <?php $comment_reply_id = $reply['id'];?> <a class="myButtonLink" href="Profile_test.php?id=<?php echo $prof->id; ?>" id="<?php echo $comment_reply_id; ?>">Vote Up!</a> <?php echo $replier->id; ?> <?php print_r($replier->id); ?> <?php echo $result['id']; ?> </div> </div> </div> </div> </div> </div> <?php } ?> <a name='reply_form_<?php echo $result['id']; ?>' style="clear:both"></a> <div id='reply_to_<?php echo $result['id']; ?>' class="respond_structure_future" <?php if(isset($_GET['reply_to']) && $_GET['reply_to'] == $result['id']) { echo 'style="display:block;"';}else{ echo 'style="display:none;"';} ?>> <div class="respond_polaroid_future"> <a href="http://www.cysticlife.org/Profile.php?id=<?php echo $auth->id; ?>"> <img src="<?php echo $auth->img('mini'); ?>" /> </a> </div> <form name='comment_reply' action='<?php echo $_SERVER['REQUEST_URI']; ?>' method='post'> <div class="respond_body_future round_10px"> <div class="respond_arrow_future"></div> <div class="respond_tail_future"></div> <div class="respond_data_future"> <textarea id="reply_to_<?php echo $result['id']; ?>_textarea" name='reply'></textarea><br /> <input type='hidden' name='comment' value='<?php echo $result['id']; ?>' /> <div class="respond_nevermind"> <a href="reply_to_<?php echo $result['id']; ?>">nevermind</a> </div> <input type='submit' class="submit" name='sub_comment_reply' value='Reply' /> </div> </div> </form> </div> Here is the jquery: <script type="text/javascript"> $(document).ready( function() { $('#Comments').localScroll({ offset:{top:-40,left:0} }); $("a.reply_link").click( function() { $("#"+$(this).attr('name')).fadeIn('slow'); }); $(".respond_nevermind a").click( function(event) { event.preventDefault(); var reply_box = document.getElementById($(this).attr('href')); $(reply_box).css('display','none'); var reply_textarea = document.getElementById($(this).attr('href')+"_textarea"); $(reply_textarea).val(''); }); }); </script> thanks in advance
-
I'll also just noticed that is only paginating 4 pages when it should be 370 pages!
-
Thanks to great help from some of you, I am about two steps away from completing my pagination project. I have finally been able to get it to limit and paginate correctly but here is the problem. When I go to the initial page. it is blank with NO results on it except the pagination display ( number of pages and arrows ) it is not attaching "currentpage=1" but when you go to the next page, results 41-80 are on there. So all I need to do is get it to pull the results of 1-40 on the first page. I've attached pages 1 and 2 as screen shots to give a better example. Here is the code: First query that pulls the airwaves and limits them: $rowsperpage = 40; $currentpage = (int) $_GET['currentpage']; $offset = ($currentpage - 1) * $rowsperpage; $query = "SELECT * FROM `CysticAirwaves` WHERE `FromUserID` = `ToUserID` AND `status` = 'active' ORDER BY `date` DESC, `time` DESC LIMIT $offset, $rowsperpage" ; $request = mysql_query($query,$connection); $counter = 0; while($result = mysql_fetch_array($request)) { and the code that paginates everything: $query = "SELECT COUNT(*) FROM `CysticAirwaves`"; $result = mysql_query($query, $connection) or trigger_error("SQL", E_USER_ERROR); $r = mysql_fetch_row($result); $numrows = $r[0]; // number of rows to show per page $rowsperpage = 40; // find out total pages $totalpages = ceil($numrows / $rowsperpage); // get the current page or set a default if (isset($_GET['currentpage=1']) && is_numeric($_GET['currentpage=1'])) { // cast var as int $currentpage = (int) $_GET['currentpage=1']; } else { // default page num $currentpage = 1; } // end if // if current page is greater than total pages... if ($currentpage > $totalpages) { // set current page to last page $currentpage = $totalpages; } // end if // if current page is less than first page... if ($currentpage < 1) { // set current page to first page $currentpage = 1; } // end if // the offset of the list, based on current page $offset = ($currentpage - 1) * $rowsperpage; // while there are rows to be fetched... while ($list = mysql_fetch_assoc($result)) { // echo data echo $list['id'] . " : " . $list['number'] . "<br />"; } // end while /****** build the pagination links ******/ // range of num links to show $range = 3; // if not on page 1, don't show back links if ($currentpage > 1) { // show << link to go back to page 1 echo "<div id='all_page_turn'><ul><li class='PreviousPageBlog> <a href='http://www.cysticlife.org/Airwave_build.php?currentpage=1'><<</a></li></ul></div> "; // get previous page num $prevpage = $currentpage - 1; // show < link to go back to 1 page echo " <a href='http://www.cysticlife.org/Airwave_build.php?currentpage=$prevpage'><</a> "; } // end if // loop to show links to range of pages around current page for ($x = ($currentpage - $range); $x < (($currentpage + $range) + 1); $x++) { // if it's a valid page number... if (($x > 0) && ($x <= $totalpages)) { // if we're on current page... if ($x == $currentpage) { // 'highlight' it but don't make a link echo " [<b>$x</b>] "; // if not current page... } else { // make it a link echo " <a href='http://www.cysticlife.org/Airwave_build.php?currentpage=$x'>$x</a> "; } // end else } // end if } // end for // if not on last page, show forward and last page links if ($currentpage != $totalpages) { // get next page $nextpage = $currentpage + 1; // echo forward link for next page echo " <a href='http://www.cysticlife.org/Airwave_build.php?currentpage=$nextpage'>></a> "; // echo forward link for lastpage echo " <a href='http://www.cysticlife.org/Airwave_build.php?currentpage=$totalpages'>>></a> "; } // end if /****** end build pagination links ******/ thanks in advance [attachment deleted by admin]
-
@mjdamato - I read and understood the logic of the tutorial and adapted it to my needs with no avail. It is yielding no results what so ever. Here is the code: // find out how many rows are in the table $query = "SELECT COUNT(*) FROM `CysticAirwaves`"; $result = mysql_query($query, $conn) or trigger_error("SQL", E_USER_ERROR); $r = mysql_fetch_row($result); $numrows = $r[0]; // number of rows to show per page $rowsperpage = 40; // find out total pages $totalpages = ceil($numrows / $rowsperpage); // get the current page or set a default if (isset($_GET['currentpage']) && is_numeric($_GET['currentpage'])) { // cast var as int $currentpage = (int) $_GET['currentpage']; } else { // default page num $currentpage = 1; } // end if // if current page is greater than total pages... if ($currentpage > $totalpages) { // set current page to last page $currentpage = $totalpages; } // end if // if current page is less than first page... if ($currentpage < 1) { // set current page to first page $currentpage = 1; } // end if // the offset of the list, based on current page $offset = ($currentpage - 1) * $rowsperpage; // get the info from the db $query2 = "SELECT `id` FROM `CysticAirwaves` LIMIT $offset, $rowsperpage"; $result = mysql_query($query2, $conn) or trigger_error("SQL", E_USER_ERROR); // while there are rows to be fetched... while ($list = mysql_fetch_assoc($result)) { // echo data echo $list['id'] . " : " . $list['number'] . "<br />"; } // end while /****** build the pagination links ******/ // range of num links to show $range = 3; // if not on page 1, don't show back links if ($currentpage > 1) { // show << link to go back to page 1 echo " <a href='http://www.cysticlife.org/Airwaves_build.php?currentpage=1'><<</a> "; // get previous page num $prevpage = $currentpage - 1; // show < link to go back to 1 page echo " <a href='http://www.cysticlife.org/Airwaves_build.php?currentpage=$prevpage'><</a> "; } // end if // loop to show links to range of pages around current page for ($x = ($currentpage - $range); $x < (($currentpage + $range) + 1); $x++) { // if it's a valid page number... if (($x > 0) && ($x <= $totalpages)) { // if we're on current page... if ($x == $currentpage) { // 'highlight' it but don't make a link echo " [<b>$x</b>] "; // if not current page... } else { // make it a link echo " <a href='http://www.cysticlife.org/Airwaves_build.php?currentpage=$x'>$x</a> "; } // end else } // end if } // end for // if not on last page, show forward and last page links if ($currentpage != $totalpages) { // get next page $nextpage = $currentpage + 1; // echo forward link for next page echo " <a href='http://www.cysticlife.org/Airwaves_build.php?currentpage=$nextpage'>></a> "; // echo forward link for lastpage echo " <a href='http://www.cysticlife.org/Airwaves_build.php?currentpage=$totalpages'>>></a> "; } // end if /****** end build pagination links ******/ ?> </div>
-
Yes I read and took off the +1. Also I AM WILLING to learn. I just thought I was super close but if you have a better more "ideal" suggestion and am more than open for it. Ifnot, I am a little confused on your description of hard coding $currentPage. Can't really figure out what I should put there instead. Thanks again fro working with me on this
-
Thanks guys, this is great. How would I correct the offset?
-
It's not doing what it should be doing. It does not limit the page to 40 and the link that says "next" is broken. Its show at least 40 or 50 blue links that say "Page$i"
-
Hello, I am just about complete with my first pagination project, however I am missing a few steps or not doing something quite right. I would prefer to keep what I have and just tweak it as opposed to a new structure suggestion. Thanks in advance. On my site we have a feature call "Airwaves" Its more or less a status update. I want to limit 40 per page $query = "SELECT COUNT(*) FROM `CysticAirwaves`"; $request = mysql_query($query,$connection); $result = mysql_fetch_array($request); $ammount_of_waves = $result['COUNT(*)']; $currentPage = 1; $wavesPerPage = 40; $totalPages = ceil($ammount_of_waves / $wavesPerPage); $offset = ($wavesPerPage * ($currentPage - 1)) + 1; $waves_query = "SELECT * FROM `CysticAirwaves` LIMIT $offset, $wavesPerPage"; $request = mysql_query($waves_query,$connection); $result = mysql_fetch_array($request); ?> <?php if ($totalPages > 1) { ?> <div id="all_page_turn"> <ul> <li class="PreviousPageBlog round_10px"> <?php if ($currentPage > 1) { ?> <a href="http://www.cysticlife.org/Airwave_build.php?page=$currentPage - 1">Previous</a> <?php } ?> </li> <?php for ($i = 1; $i <= $totalPages; $i++) { $class = ($i == $currentPage) ? 'selected' : null ?> <a href="http://www.cysticlife.org/Airwave_build.php?page=$i" class="$class">Page $i</a> <?php } ?> <li class="NextPageBlog round_10px"> <?php if ($currentPage < $totalPages) { ?> <a href="http://www.cysticlife.org/Airwave_build.php?page=$currentPage + 1">Next</a> <?php } }?> ?> </li> </ul> </div>
-
granting admins access to proxy normal users
RalphLeMouf replied to RalphLeMouf's topic in PHP Coding Help
Here the code from the login page I would use: if(isset($_POST['subSignIn']) && !empty($_POST['email']) && !empty($_POST['password'])) { $query = "SELECT `encrypted_password`,`salt` FROM `Users` WHERE `Email` = '" . stripslashes(mysql_real_escape_string($_POST['email'])). "'"; $request = mysql_query($query,$connection) or die(mysql_error()); $result = mysql_fetch_array($request); $salty_password = sha1($result['salt'] . stripslashes(mysql_real_escape_string($_POST['password']))); $query2 = "SELECT * FROM `Users` WHERE `Email` = '". stripslashes(mysql_real_escape_string($_POST['email']))."' AND `encrypted_password` = '$salty_password'"; $request2 = mysql_query($query2,$connection) or die(mysql_error()); $result = mysql_fetch_array($request2); $_SESSION['CLIFE']['AUTH'] = true; $_SESSION['CLIFE']['ID'] = $result['id']; $query = "UPDATE `Users` SET `LastActivity` = '" . date("Y-m-d") . " " . date("g:i:s") . "' WHERE `id` = '" . mysql_real_escape_string($_SESSION['CLIFE']['ID']) . "' LIMIT 1"; mysql_query($query,$connection); if(!empty($_POST['return'])) { header("Location: " . $_POST['return']); }else{ header("Location: CysticLife-Dashboard.php?id=" . $_SESSION['CLIFE']['ID']); } }else{ echo "second if statment chooses the else option<br />"; $_SESSION['CLIFE']['AUTH'] = false; $_SESSION['CLIFE']['ID'] = false; } ?>[/code] and the post fields to activate this look like this: <input type="text" name="email" class="text" value="<?php if(isset($formError) && $formError == "true") { echo stripslashes($_POST['email']); } ?>" /> <input type="password" name="password" class="text" value="<?php if(isset($formError) && $formError == "true") { echo stripslashes($_POST['password']); } ?>" /> I might be slightly foggy on the concept of the master password: When a user signs in they use their email as username and then password, your suggesting you just enter the email of the user you want to proxy and then the master password will log you in to that specific account? Thanks -
granting admins access to proxy normal users
RalphLeMouf replied to RalphLeMouf's topic in PHP Coding Help
I'm open for that...how would one go about doing that? New to me. Thanks! -
Hello all, I have a social network site that has users. Each user has a profile and a id. Myself and two other people are admins and are granted access to certain pages via $admin = true . I have recently hashed everyones passwords. I need to allow admins the ability to proxy a user or login as a different user or become another user for moderation purposes. via OOP there is a $auth->id which is the person's id who is logged in or their user id and $prof->id which is another persons id I am looking at. Meaning if I am looking at someones profile, it is their user id. I am trying to figure out a simple page to create where if $admin you can type a desired id in a input box, press enter and you are all of a sudden logged in as that id. Thanks in advance
-
I failed to point out that I work in dev environment. I am not using my real mysql database to make this. So for testing purposes I have it going to the `Password` column when you sign up and to the `encrypted_password` column when it's updating because when I put this on my real site. I want to keep the clear text column for a while just to make sure everything goes smoothly. I feel like my latest stab at this is the closest and want to stick with it. However my trouble shooting has hit a wall and I don't know how to see what is going wrong right now.
-
ok guys. I've considered and taken from everything you have said and started over,although I still don't have it. I think this is way closer and makes much more sense. $salty_password = sha1($row['salt'], $_POST['password']); if(isset($_POST['subSignIn']) && !empty($_POST['email']) && !empty($_POST['password'])) { $query = "SELECT `salt` FROM `cysticUsers` WHERE `Email` = '" . $_POST['email'] . "'"; $request = mysql_query($query,$connection) or die(mysql_error()); $result = mysql_fetch_array($request); $query2 = "SELECT * FROM `cysticUsers` WHERE `Email` = '". $_POST['email']."' AND `Password` = '$salty_password'"; $request2 = mysql_query($query2,$connection) or die(mysql_error()); $result = mysql_fetch_array($request2); print_r($request); print_r($request2); if(@mysql_num_rows($request,$request2)) { $_SESSION['CLIFE']['AUTH'] = true; $_SESSION['CLIFE']['ID'] = $result['id']; // UPDATE LAST ACTIVITY FOR USER $query = "UPDATE `cysticUsers` SET `LastActivity` = '" . date("Y-m-d") . " " . date("g:i:s") . "' WHERE `id` = '" . mysql_real_escape_string($_SESSION['CLIFE']['ID']) . "' LIMIT 1"; mysql_query($query,$connection); if(!empty($_POST['return'])) { header("Location: " . $_POST['return']); }else{ header("Location: CysticLife-Dashboard.php?id=" . $_SESSION['CLIFE']['ID']); } } }else{ $_SESSION['CLIFE']['AUTH'] = false; $_SESSION['CLIFE']['ID'] = false; }
-
I know for a fact _POST['subSignIn'], $_POST['email'], and $_POST['password'] are working. I have been logging in with this page for a year, and now that I've altered the script to interact with the newly hashed passwords has it stopped working. I just think there is something off about the queries I am trying. yes the errors are turned on. not getting any for my existing code, when I do its just syntax errors.
-
@Skylight_lady - seems worth a try although not sure what you are referring to with the ... ... ... after your reworked query are you saying I should do something like: if($_POST['password'] = $_POST['password'].$salt_pass; ) { validate sign in}else{ no go }
-
gotcha. Unfortunately this is not working? thanks for your time though!
-
@PFMaBiSmAd - First off. Thanks so much for your time. I'm a newbie and have been struggling to get this and am behind on a deadline by a few days so thanks a lot for working with me Your code snippet logically makes a whole lot of sense and think it could work. I am just wondering if it will go with what I have after it or do I need to change what goes after it to make everything work? and also being a newbie, having trouble with the syntax of it. should salt be `salt` in the CONCAT brackets? this is what I have: $query = "SELECT `id` FROM `cysticUsers` WHERE `Email` = '$email' AND `Password` = 'SHA1(CONCAT(`salt`,'$password'))' AND Status = 'active' LIMIT 1"; $request = mysql_query($query,$connection) or die(mysql_error()); if(@mysql_num_rows($request)) { $row = mysql_fetch_assoc($request); if (sha1($row['salt'] . $_POST['password']) === $row['Password']) { $_SESSION['CLIFE']['AUTH'] = true; $_SESSION['CLIFE']['ID'] = $result['id']; // UPDATE LAST ACTIVITY FOR USER $query = "UPDATE `cysticUsers` SET `LastActivity` = '" . date("Y-m-d") . " " . date("g:i:s") . "' WHERE `id` = '" . mysql_real_escape_string($_SESSION['CLIFE']['ID']) . "' LIMIT 1"; mysql_query($query,$connection); if(!empty($_POST['return'])) { header("Location: " . $_POST['return']); }else{ header("Location: CysticLife-Dashboard.php?id=" . $_SESSION['CLIFE']['ID']); } } }else{ $_SESSION['CLIFE']['AUTH'] = false; $_SESSION['CLIFE']['ID'] = false; } } ?>
-
@PFMaBiSmAd - I am not familiar with those functions or in which context to execute them. Is it possible for them to be meshed into my existing query or would I have to write a whole new query all together? I would prefer to salvage what I already have. I feel like I'm pretty close. Could you maybe give me a more in context example as to what you are trying to suggest?
-
what do you mean by record? like their `id` and other stuff in their row in the db? and to clarify what I'm trying to do: sign in with the clear text password that has been signed up with but is now hashed and has a unique salt
-
@Pikachu2000 - indeed i am.
-
and they are entering in the same cleartext password that was originally used so it should be the same
-
I'm still learning php, so thanks for bearing with me - so your saying I need to hash the $_POST['password'] when they are signing in to this page to compare it with the hashed pw in the db? oh duh, that makes sense. I guess it will be the same if the same salt and hash forumla is used that I used to hash it in the first place?
-
@DavidAM - thanks so much for taking the time to help me figure this out. So how do I return the rows? or are you saying that just taking the `password` out of the WHERE clause along with what I already have will solve my problem? p.s. - took the "where `Email` = $email" out because I don't have a use for that variable anymore. So your saying to try this?: i f(isset($_POST['subSignIn']) && !empty($_POST['email']) && !empty($_POST['password'])) { $query = "SELECT `salt`,`id`,`Email`,`Password` FROM `cysticUsers` WHERE `Status` = 'active' LIMIT 1"; $request = mysql_query($query,$connection) or die(mysql_error()); $request = mysql_query($query,$connection) or die(mysql_error()); if(@mysql_num_rows($request)) { $row = mysql_fetch_assoc($request); if (sha1($row['salt'] . $_POST['password']) === $row['Password']) { $_SESSION['CLIFE']['AUTH'] = true; $_SESSION['CLIFE']['ID'] = $result['id']; // UPDATE LAST ACTIVITY FOR USER $query = "UPDATE `cysticUsers` SET `LastActivity` = '" . date("Y-m-d") . " " . date("g:i:s") . "' WHERE `id` = '" . mysql_real_escape_string($_SESSION['CLIFE']['ID']) . "' LIMIT 1"; mysql_query($query,$connection); if(!empty($_POST['return'])) { header("Location: " . $_POST['return']); }else{ header("Location: CysticLife-Dashboard.php?id=" . $_SESSION['CLIFE']['ID']); } } }else{ $_SESSION['CLIFE']['AUTH'] = false; $_SESSION['CLIFE']['ID'] = false; } }
-
Thanks so much for lending a hand you guy's @jaikob - I have updated EXISTING passwords by hashing and salting them, and from here on out, when new users signs up hashing and salt their password right off the bat. So to answer your question. Via my third code chunk, I am trying to allow a user to sign in with the password they signed up with even though its hashed and salted and not in clear text any longer. make sense? @Skylight_lady - Here is the updated version: The query that is run to hash the newly signing up users password and storing their individual salt that is hashing it: if(!$error) { $alpha = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcedfghijklmnopqrstuvwxyz1234567890"; $rand = str_shuffle($alpha); $salt = substr($rand,0,40); $hashed_password = sha1($salt . $_POST['password']); $query = "INSERT INTO `cysticUsers` ( `FirstName`, `LastName`, `Email`, `Password`, `salt`, `RelationshipToCF`, `State`, `Gender`, `Birthday`, `Status` )VALUES( '" . mysql_real_escape_string($_POST['firstName']) . "', '" . mysql_real_escape_string($_POST['lastName']) . "', '" . mysql_real_escape_string($_POST['email']) . "', '" . $hashed_password . "', '" . $salt . "', '" . mysql_real_escape_string($_POST['RelationToCF']) . "', '" . mysql_real_escape_string($_POST['State']) . "', '" . mysql_real_escape_string($_POST['sex']) . "', '" . mysql_real_escape_string($_POST['DateOfBirth_Year'] . "-" . $_POST['DateOfBirth_Month'] . "-" . $_POST['DateOfBirth_Day']) . "', 'pending' )"; mysql_query($query, $connection); The query that updates users un-hashed passwords to hashed with some salt for good measure: /* 1: find all the users in the database */ $query = "SELECT * FROM `cysticUsers`"; $request = mysql_query($query,$connection); /* 2: loop through each user :done */ while($result = mysql_fetch_array($request)) { /* 3:create a random salt, save random salt to user's row */ $alpha = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcedfghijklmnopqrstuvwxyz1234567890"; $rand = str_shuffle($alpha); $salt = substr($rand,0,40); $hashed_password = sha1($salt . $result['Password']); $user = $result['id']; /* 4: use user's random salt to hash user's original password */ $query2 = "UPDATE `cysticUsers` SET `salt` = '$salt' WHERE `id` = '$user'"; $request2 = mysql_query($query2,$connection) or die(mysql_error()); /* 5: save the hashed version to their row */ $query3 = "UPDATE `cysticUsers` SET `encrypted_passwords` = '$hashed_password' WHERE `id` = '$user'"; $request3 = mysql_query($query3,$connection) or die(mysql_error()); } And finally the query in question that you want to see the syntax and I can't get to work: if(isset($_POST['subSignIn']) && !empty($_POST['email']) && !empty($_POST['password'])) { $query = "SELECT `salt`,`id`,`Email`,`Password` FROM `cysticUsers` WHERE `Email` = '" . $email . "' AND `Password` = '" . $password . "' && `Status` = 'active' LIMIT 1"; $request = mysql_query($query,$connection) or die(mysql_error()); if(@mysql_num_rows($request)) { $row = mysql_fetch_assoc($request); if (sha1($row['salt'] . $_POST['password']) === $row['Password']) { $_SESSION['CLIFE']['AUTH'] = true; $_SESSION['CLIFE']['ID'] = $result['id']; // UPDATE LAST ACTIVITY FOR USER $query = "UPDATE `cysticUsers` SET `LastActivity` = '" . date("Y-m-d") . " " . date("g:i:s") . "' WHERE `id` = '" . mysql_real_escape_string($_SESSION['CLIFE']['ID']) . "' LIMIT 1"; mysql_query($query,$connection); if(!empty($_POST['return'])) { header("Location: " . $_POST['return']); }else{ header("Location: CysticLife-Dashboard.php?id=" . $_SESSION['CLIFE']['ID']); } } }else{ $_SESSION['CLIFE']['AUTH'] = false; $_SESSION['CLIFE']['ID'] = false; } }