searls03

all of those are md5 so that they are secure. they wouldnt get decrypted easily. please just help. the site is not getting hacked, it is a problem with the mysql server, I talked to the webhost and they said it was.

it is not like it is a super duper secure site in the first place. anything on it can be found in a phone book. would someone please just answer my question instead of telling me how absurd I am for letting the site stay online. I am trying to find the issue and fix it, but at the same time I want people to be able to login to the site. I don't want it to be down for another month till it happens again or until I find the problem.

I still want members to be able to login to the site, that is why I need to do this. and is there a way I can monitor the dbase via php so that I can see exactly what is happening to it?

is there a way to monitor the table via php so that I could see exactly when it happens, and some data about what happened? but could you also tell me how to do what I asked like I said, incase I don't notice it so I don't get flooded with emails.

idk why it is doing it. I think it is just a glitch or something in my webhost. I would like people to still be able to login, that way if i don't notice it, my inbox doesn't get flooded with emails. but I check it about every month, but if it happens before or after I check it, people can still atleast login. please just tell me how I could do this if it is possible.

and even if they had the data, i would still like for people to login.

no it is not getting hacked. I have two websites where it happens at the exact same time. it only happens to my login data also. is there a way to do what i asked?

ok, so I have been having a problem with tables being emptied. I want to know if there is a way and how I could make it so that if one table did get deleted, there is a backup it can pull login info from instead. like I have table sessions, the main login table and then there is sessions2....the secondary with all the same info as sessions, but it is the backup. so if sessions were empty, the code would then tell it to go to sessions2 and see if it were empty and if not, it uses that to login....but if sessions were not empty, it would not have to use sessions2. make sense? <?php /* Created By Adam Khoury @ [url='http://www.flashbuilding.com/']www.flashbuilding.com[/url] -----------------------June 20, 2008----------------------- */ if ($_POST['Submit']) { //Connect to the database through our include include_once "connect_to_mysql_1.php"; $username = stripslashes($_POST['username']); $username = strip_tags($username); $username = mysql_real_escape_string($username); $password = ereg_replace("[^A-Za-z0-9]", "", $_POST['password2']); // filter everything but numbers and letters $password = md5($password); // Make query and then register all database data that - // cannot be changed by member into SESSION variables. // Data that you want member to be able to change - // should never be set into a SESSION variable. $sql = mysql_query("select * FROM sessions WHERE username='$username' AND password='$password'"); $login_check = mysql_num_rows($sql); if($login_check > 0){ while($row = mysql_fetch_array($sql)){ // Get member ID into a session variable $id = $row["id"]; session_register('id'); $_SESSION['id'] = $id; // Get member username into a session variable $username = $row["username"]; session_register('username'); $_SESSION['username'] = $username; $name = $row["name"]; session_register('name'); $_SESSION['name'] = $name; // Get member userlevel into a session variable if ($_POST['username']) { $sql = mysql_query("UPDATE sessions SET loggedin='1' where username='$username'")or die(mysql_error()); } // close if post // Update last_log_date field for this member now // Print success message here if all went well then exit the script }// close while } else { // Print login failure message to the user and link them back to your login page print '<br /><br /><font color="#FF0000">Sorry, incorrect username or password, please try again! </font><br />'; }} ?>

ok so I need to know where to put this piece of code: $userTime = time(); mysql_query("update `sessions` set `activity` = '$userTime' where username='$username1'"); $inactivityTime = time() - 120; // 2 minutes mysql_query("update `sessions` set `loggedin` = '0' where `activity` < '$inactivityTime' "); inside of <?php /* Copyright (c) 2009 Anant Garg (anantgarg.com | inscripts.com) This script may be used for non-commercial purposes only. For any commercial purposes, please contact the author at anant.garg@inscripts.com THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. */ define ('DBPATH','mysql3.000webhost.com'); define ('DBUSER','a3605639_mem'); define ('DBPASS','Black1'); define ('DBNAME','a3605639_mem'); session_start(); $username1 = $_SESSION['username']; global $dbh; $dbh = mysql_connect(DBPATH,DBUSER,DBPASS); mysql_selectdb(DBNAME,$dbh); if ($_GET['action'] == "chatheartbeat") { chatHeartbeat(); } if ($_GET['action'] == "sendchat") { sendChat(); } if ($_GET['action'] == "closechat") { closeChat(); } if ($_GET['action'] == "startchatsession") { startChatSession(); } if (!isset($_SESSION['chatHistory'])) { $_SESSION['chatHistory'] = array(); } if (!isset($_SESSION['openChatBoxes'])) { $_SESSION['openChatBoxes'] = array(); } function chatHeartbeat() { $sql = "select * from chat where (chat.to = '".mysql_real_escape_string($_SESSION['username'])."' AND recd = 0) order by id ASC"; $query = mysql_query($sql); $items = ''; $chatBoxes = array(); while ($chat = mysql_fetch_array($query)) { if (!isset($_SESSION['openChatBoxes'][$chat['from']]) && isset($_SESSION['chatHistory'][$chat['from']])) { $items = $_SESSION['chatHistory'][$chat['from']]; } $chat['message'] = sanitize($chat['message']); $items .= <<<EOD { "s": "0", "f": "{$chat['from']}", "m": "{$chat['message']}" }, EOD; if (!isset($_SESSION['chatHistory'][$chat['from']])) { $_SESSION['chatHistory'][$chat['from']] = ''; } $_SESSION['chatHistory'][$chat['from']] .= <<<EOD { "s": "0", "f": "{$chat['from']}", "m": "{$chat['message']}" }, EOD; unset($_SESSION['tsChatBoxes'][$chat['from']]); $_SESSION['openChatBoxes'][$chat['from']] = $chat['sent']; } if (!empty($_SESSION['openChatBoxes'])) { foreach ($_SESSION['openChatBoxes'] as $chatbox => $time) { if (!isset($_SESSION['tsChatBoxes'][$chatbox])) { $now = time()-strtotime($time); $time = date('g:iA M dS', strtotime($time)); $message = "Sent at $time"; if ($now > 180) { $items .= <<<EOD { "s": "2", "f": "$chatbox", "m": "{$message}" }, EOD; if (!isset($_SESSION['chatHistory'][$chatbox])) { $_SESSION['chatHistory'][$chatbox] = ''; } $_SESSION['chatHistory'][$chatbox] .= <<<EOD { "s": "2", "f": "$chatbox", "m": "{$message}" }, EOD; $_SESSION['tsChatBoxes'][$chatbox] = 1; } } } } $sql = "update chat set recd = 1 where chat.to = '".mysql_real_escape_string($_SESSION['username'])."' and recd = 0"; $query = mysql_query($sql); if ($items != '') { $items = substr($items, 0, -1); } header('Content-type: application/json'); ?> { "items": [ <?php echo $items;?> ] } <?php exit(0); } function chatBoxSession($chatbox) { $items = ''; if (isset($_SESSION['chatHistory'][$chatbox])) { $items = $_SESSION['chatHistory'][$chatbox]; } return $items; } function startChatSession() { $items = ''; if (!empty($_SESSION['openChatBoxes'])) { foreach ($_SESSION['openChatBoxes'] as $chatbox => $void) { $items .= chatBoxSession($chatbox); } } if ($items != '') { $items = substr($items, 0, -1); } header('Content-type: application/json'); ?> { "username": "<?php echo $_SESSION['username'];?>", "items": [ <?php echo $items;?> ] } <?php exit(0); } function sendChat() { $from = $_SESSION['username']; $to = $_POST['to']; $message = $_POST['message']; $_SESSION['openChatBoxes'][$_POST['to']] = date('Y-m-d H:i:s', time()); $messagesan = sanitize($message); if (!isset($_SESSION['chatHistory'][$_POST['to']])) { $_SESSION['chatHistory'][$_POST['to']] = ''; } $_SESSION['chatHistory'][$_POST['to']] .= <<<EOD { "s": "1", "f": "{$to}", "m": "{$messagesan}" }, EOD; unset($_SESSION['tsChatBoxes'][$_POST['to']]); $sql = "insert into chat (chat.from,chat.to,message,sent) values ('".mysql_real_escape_string($from)."', '".mysql_real_escape_string($to)."','".mysql_real_escape_string($message)."',NOW())"; $query = mysql_query($sql); echo "1"; exit(0); } function closeChat() { unset($_SESSION['openChatBoxes'][$_POST['chatbox']]); echo "1"; exit(0); } function sanitize($text) { $text = htmlspecialchars($text, ENT_QUOTES); $text = str_replace("\n\r","\n",$text); $text = str_replace("\r\n","\n",$text); $text = str_replace("\n","<br>",$text); return $text; } I cant seem to figure this out to save my life!!!!!!!!

if the page isnt refreshed, then how does the system know it has been more that 120 secs? this is what I have come up with, I am pretty sure it wont work though: <?php session_start(); // Must start session first thing /* Created By Adam Khoury @ www.flashbuilding.com -----------------------June 20, 2008----------------------- */include_once "connect_to_mysql_1.php"; // Here we run a login check if (!isset($_SESSION['username'])) { // 2 minutes mysql_query("update `sessions` set `loggedin` = '0' where `username`= ".($_SESSION['username'])." "); echo 'Please <a href="/login.php">log in</a> to access your account'; exit(); } //Connect to the database through our include // Place Session variable 'id' into local variable $username1 = $_SESSION['username']; $name1 = $_SESSION['name']; ?> <?php // set time of last activity $userTime = time(); mysql_query("update `sessions` set `activity` = '$userTime' where username='$username1'"); ?>

ok, i think I get it now.

but how does the site know to lets say the user went to a new page? how does the site know this and to put a timestamp in?

sorry, I guess my question is, how does the system know when to submit? is that what time() is? please explain. sorry.

my fault, how do I make it so that the time submits when an action is made?

but what would be the code I use to do something like this? like i said, I have never tried this before.

how do I do that? I have never tried that before.

ok,so I use sessions in my system. my question is how can I make it so that when a session expires, it runs a php code. I have a chat system set up where when a user logs in, it sets a row in the database called loggedin to 1 which which means they are available, when they logout, it sets it to 0. I need to know how to make it so that when the session expires, such as they just closed the window and never logged out, it will set loggedin to = 0, so that they are not available for chat. does this make sense? is there a better way to do this?

it is earlier in code that I didn't post, it is what is directly coming from database.

this is why I am asking a question. I have never tried a password thing like this. could you help?

when you verify that the new password was typed in the new and confirm, to make sure they match. so that the person can be make sure that the password they wanted is what they have.

did that part make sense? could you put a comment where I should put it? did I also do the other part right?

nope came up with a different select box for each year.

like? <?php for( $i = 1900; $i <= date('Y', strtotime( '- 1 year')); $i++ ) {echo '<select>'; echo '<option>'; echo $i; echo '</option>'; echo '</select>'; } ?>

so how do I make a it a drop down list?

so I want to make a drop down list with the current year all the way down to 1900. so lets say this year it lists 1900-2011, next year to 2012. I want it to do this automatically without anybody changing it. does anyone know how to do this?