Bl4ckMaj1k

EDIT: Solved. I was calling duplicate variables from an include. Changing the name in this code to something (could be anything really) different fixed the issue. Thanks!! I am currently working on some PHP which grabs variables from the link so I can keep track of which user has been clicked on. Everything seemed to be working just fine until I got to a particular part of the code. Let me know if this makes any sense AT ALL!!! As usual my code can be found below. Thanks!! <?php session_start(); // Put stored session variables into local php variable $staff_id = $_SESSION['sid']; $staff_username = $_SESSION['username']; $staff_fname = $_SESSION['staff_first_name']; $cust_edit_access = $_SESSION['cust_edit_access']; include_once "scripts/connect_to_mysql.php"; $customer_id = $_GET['cid']; $customer_id = mysql_real_escape_string($customer_id ); $customer_id = eregi_replace("`", "", $customer_id); $customer_project_id = $_GET['pid']; $customer_project_id = mysql_real_escape_string($customer_project_id ); $customer_project_id = eregi_replace("`", "", $customer_project_id ); include "left_nav_customers.php"; include "left_nav_tools.php"; include "pgbdy_header_left.php"; include "project_display.php"; $sql = mysql_query("SELECT * FROM company_info WHERE proj_id='$customer_project_id'"); while ($row = mysql_fetch_array($sql)) { $company_name = $row["company_name"]; $customer_address = $row["address"]; $customer_city = $row["city"]; $customer_state = $row["state"]; $customer_zip = $row["zip"]; $customer_email = $row["email"]; $customer_phone = $row["phone"]; $customer_fax = $row["fax"]; $cust_pre_meth_contact = $row["pref_meth_contact"]; $cust_entry_date = $row["entry_date"]; } $temp_project_id = ''; $start_date = date("F j, Y, g:i:s a"); $start_month = date('n'); if ($_POST['create_new_customer_project']) { $sql2 = mysql_query("INSERT INTO projects (cust_id, staff_id, start_date) VALUES('$customer_id','$staff_id','$start_date')") or die (mysql_error()); // Get the inserted ID here to use in the activation email $new_project_id = mysql_insert_id(); // Create directory(folder) to hold each user files(pics, MP3s, etc.) $temp_project_id = "$start_month-00$customer_id-0$new_project_id"; mkdir("customer_files/cust$customer_id/$temp_project_id", 0755); $sql3 = mysql_query("UPDATE projects SET proj_id='$temp_project_id' WHERE id='$new_project_id'"); } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Untitled Document</title> <link rel="stylesheet" type="text/css" href="style.css"/> <!----------- ALL JAVASCRIPT ------------------------ ==================================================--> <script src="js/jquery-1.5.js" type="text/javascript"></script> <script language="javascript" type="text/javascript"> function toggleSlideBox(x) { if ($('#'+x).is(":hidden")) { $(".hiddenDiv").slideUp(200); $('#'+x).slideDown(300); } else { $('#'+x).slideUp(300); } } </script> <!--===========COMPANY INFO POPUP==============-- ==============================================--> <script type="text/javascript"> <!-- function edit_company_info() { window.open( "edit_company_info.php?sid=<?php echo "$staff_id"; ?>&cid=<?php echo "$customer_id"; ?>&pid=<?php echo "$customer_project_id"; ?>", "myWindow", "status = 1, toolbar = no, scrollbars = no, location = no, resizable = no, height = 580, width = 600, resizable = 0" ) } //--> </script> <!--===========COMPANY INFO POPUP==============-- ==============================================--> <!--===========GENERAL INFO POPUP==============-- ==============================================--> <script type="text/javascript"> <!-- function edit_general_info() { window.open( "http://www.google.com/", "myWindow", "status = 1, toolbar = no, scrollbars = no, location = no, resizable = no, height = 600, width = 600, resizable = 0" ) } //--> </script> <!--===========GENERAL INFO POPUP==============-- ==============================================--> <!--===========BILLING INFO POPUP==============-- ==============================================--> <script type="text/javascript"> <!-- function edit_billing_info() { window.open( "http://www.google.com/", "myWindow", "status = 1, toolbar = no, scrollbars = no, location = no, resizable = no, height = 600, width = 600, resizable = 0" ) } //--> </script> <!--===========BILLING INFO POPUP==============-- ==============================================--> <!--===========FACILITY INFO POPUP==============-- ==============================================--> <script type="text/javascript"> <!-- function edit_facility_info() { window.open( "http://www.google.com/", "myWindow", "status = 1, toolbar = no, scrollbars = no, location = no, resizable = no, height = 600, width = 600, resizable = 0" ) } //--> </script> <!--===========FACILITY INFO POPUP==============-- ==============================================--> <!--===========PRODUCT NEEDS INFO POPUP==============-- ==============================================--> <script type="text/javascript"> <!-- function edit_product_needs_info() { window.open( "http://www.google.com/", "myWindow", "status = 1, toolbar = no, scrollbars = no, location = no, resizable = no, height = 600, width = 600, resizable = 0" ) } //--> </script> <!--===========PRODUCT NEEDS INFO POPUP==============-- ==============================================--> <script type="text/javascript"> <!-- var sURL = unescape(window.location.pathname); function refresh() { window.location.href = sURL; } //--> </script> <!----------- ALL JAVASCRIPT ------------------------ ==================================================--> </head> <body> <div id="pg_container"> <!--HEADER SECTION--> <div id="header"> <div id="header_logo"></div> <div id="header_right"> Welcome <a href="template.php?id=<?php echo "$staff_id"; ?>"><?php echo $staff_fname; ?></a> | <a href="logout.php">Logout</a> </div> </div> <!--HEADER SECTION--> <!--PAGE CONTAINER--> <div id="pgbdy_container"> <div id="left_nav"> <div id="leftnav_header"></div> <div id="leftnav_bdy"> <div id="leftnav_content"> <div id="leftnav_customers"> <p> Select a Customer:<br /><br /> <?php echo "$list_customers"; ?> </p> </div> <hr /> <?php if($cust_edit_access == "1") { ?> <div id="leftnav_tools"> <p> <?php echo "$leftnav_links"; ?> </p> </div> <?php } else { ?> <div id="leftnav_tools"> <p> Edit Customers<br /><br /> You do not have access to edit customers. </p> </div> <?php } ?> </div> </div> </div> <div id="pgbdy"> <div id="bdy_header"></div> <div id="bdy_content_area"> <div id="bdy_content"> <div id="bdy_content_header"> <div id="bdy_content_selected_customer"> <p><?php echo "$contact_info_display"; ?></p> </div> <div id="bdy_content_current_projects"> <form action="customer_profile.php?sid=<?php echo "$staff_id"; ?>&cid=<?php echo "$customer_id"; ?>" method="post" enctype="multipart/form-data"> <p> Customer Projects <input name="create_new_customer_project" type="submit" class="create_new_customer_project_btn" value="" /><br /><br /> <?php echo "$list_customer_projects"; ?> </p> </form> </div> </div> <hr /> <div id="bdy_content_container"> <div id="company_information_section"> <a href="#" onclick="return false" onmousedown="javascript:toggleSlideBox('company_infoBox');">Company Information</a> <div class="hiddenDiv" id="company_infoBox" style="border:#FFF 2px solid; width:553px;"> <p>Please click the button below to edit the customer's company information.<br /> <input name="edit_company_info" onclick="edit_company_info()" type="button" value="Edit Company Information"/><br /><br /> //i placed this here just to make sure the issue was on this page. <?php echo "$customer_project_id"; ?> <b>Company Name: </b><?php echo "$company_name"; ?><br /> <b>Contact Name: </b><?php echo "$customer_fname"; ?> <?php echo "$customer_lname"; ?><br /> <b>Address: </b><?php echo "$customer_address"; ?><br /> <b>City, State, Zip: </b><?php echo "$customer_city"; ?>, <?php echo "$customer_state"; ?> <?php echo "$customer_zip"; ?><br /> <b>Email: </b><?php echo "$customer_email"; ?><br /> <b>Phone: </b><?php echo "$customer_phone"; ?><br /> <b>Fax: </b><?php echo "$customer_fax"; ?><br /> <b>Preferred Method of Contact: </b><?php echo "$cust_pre_meth_contact"; ?> </p> </div> </div> <div id="general_information_section"> <a href="#" onclick="return false" onmousedown="javascript:toggleSlideBox('general_infoBox');">General Information</a> <div class="hiddenDiv" id="general_infoBox" style="border:#FFF 2px solid; width:553px;"> <p>Please click the button below to edit the customer's general information.<br /> <input name="edit_general_info" onclick="edit_general_info()" type="button" value="Edit General Information"/> </p> </div> </div> <div id="billing_information_section"> <a href="#" onclick="return false" onmousedown="javascript:toggleSlideBox('billing_infoBox');">Billing Information</a> <div class="hiddenDiv" id="billing_infoBox" style="border:#FFF 2px solid; width:553px;"> <p>Please click the button below to edit the customer's billing information.<br /> <input name="edit_billing_info" onclick="edit_billing_info()" type="button" value="Edit Billing Information"/> </p> </div> </div> <div id="facility_information_section"> <a href="#" onclick="return false" onmousedown="javascript:toggleSlideBox('facility_infoBox');">Facility Information</a> <div class="hiddenDiv" id="facility_infoBox" style="border:#FFF 2px solid; width:553px;"> <p>Please click the button below to edit the customer's facility information.<br /> <input name="edit_facility_info" onclick="edit_facility_info()" type="button" value="Edit Facility Information"/> </p> </div> </div> <div id="product_needs_information_section"> <a href="#" onclick="return false" onmousedown="javascript:toggleSlideBox('product_needs_infoBox');">Product Needs Information</a> <div class="hiddenDiv" id="product_needs_infoBox" style="border:#FFF 2px solid; width:553px;"> <p>Please click the button below to edit the customer's product needs information.<br /> <input name="edit_product_needs_info" onclick="edit_product_needs_info()" type="button" value="Edit Product Needs Information"/> </p> </div> </div> </div> </div> </div> </div> <div id="right_nav"> <div id="rightnav_header"></div> <div id="rightnav_bdy"> <div id="rightnav_bdy_content"> <div id="rightnav_proj_status"> <p> All Current Associated Project Statuses </p> </div> <hr /> <div id="rightnav_alerts"> <p> Any associated alerts sent so far </p> </div> </div> </div> </div> </div> <!--PAGE CONTAINER--> <div id="footer"></div> </div> </body> </html> The issue is that each of these ID echo statements (cid being customer id, sid being staff id, and pid being project id) echoes something. CID echoes correctly, SID does as well. For some reason, PID only echoes the last project ID that was entered for that particular user. So for example, if I add a project to a user and im staff it would be like this: Staff ID = my Staff ID = 1 Customer ID = customer I am currently working on = 11 (in this case...just a random number for example sake) Project ID = the current month number (no zeroes)-00(current customer id being worked on)-0(current project ID from table) = 3-0011-042 If our example is saying that the latest addition is 3-0011-042, and I click on project 3-0011-038, for some reason (EVEN THOUGH MY WEB LINK HAS THE CORRECT PID which is 3-0011-038) it only echoes the last PID entered in the table. Its almost like its completely ignoring what I have in my address bar and looks directly at my tables latest entry....this has really screwed with my brainnnn!!! I can't seem to figure it out for the life of me. I don't even know how I could run a $_GET function and not get what I am asking for.....crazy. Please help guys!!!!

Wow sorry I have so many threads up that I must've posted in the wrong one....sorry about that bro.

Ouch that must suck!!! Yepp, it goes in there. I didn't even notice it was missing from your code. Glad everything is working now, happy coding. Bl4ck Maj1k P.S. There are easier ways to handle links in your message. You should give them a read-up, potentially save yourself some time and headaches LOL. Good luck bro.

http://www.google.com usually has some great ideas....I would definitely give them a try.

wow, you have done a bit much in your message section. I would simply trim it down to something a bit more simplistic. See my code below, hope this helps. $message = ' <html> <body> Please click <a href="">here</a> to go to your profile. </body> </html> ';// end of message Try doing your message variable similar to that. Seeing as you already added the HTML in your header variable, sending html will work just fine. Give it a shot...hope this helps!! Bl4ck Maj1k

Awesome brother!!! Glad you figured this out. You just gave me a great idea by the way for my own project. I love Java!!!!!!!! :-) Bl4ck Maj1k

I don't believe he has a true issue with process. He understands how this has to work. He also has a process in mind. He just needs to see the syntax in his own code to make it work. Saying this in a pseudo fashion, however correct and straight forward, unfortunately won't quite do the trick. If this was my code, I would write it out from scratch. Starting with the highest level of course and working my way down. If you code one step at a time, instead of implementing a function mid-stream, you may find it easier to work with. I truly hope you figure this thing out eventually. I am almost certain if you take a step away from it, code something similar with a lot less chaos from scratch with your objective in mind, you will fully understand how to implement that same thing into this script. Good luck mate!!, Bl4ck Maj1k

exit (); ??

Well I have an idea of why your query may be returning an error message. mysql_query($dupemail); $dupemail = "SELECT Email FROM customerdetail WHERE Email = '".$email."'"; Shouldn't that be flip-flopped?? When your variable $dupemail is being read at the top, its a null variable. There is no data passed into it until the line beneath. Just try the following: $dupemail = "SELECT Email FROM customerdetail WHERE Email = '".$email."'"; mysql_query($dupemail); Hope this helps. It was the first issue I noticed.

Welcome guys!!! And thanks for all the welcomes to me as well :-)

EDIT: I just thought of a MUCH easier way to check old password. Do it as if they were logging into a system. Below is an example assuming that the old password field in the form is called 'old_password'. $old_password = $_POST['old_password']; //this captures what the user typed into the old_password form field and stores it into our local php variable $old_password $sql = mysql_query("SELECT * FROM myMembers WHERE password='$old_password'"); //This says to query the database and ensure the old password matches the one you typed into the form $password_check = mysql_num_rows($sql); //This variable will help us check as to whether or not our passwords match if ($password_check < 1) { $errorMsg = 'ERROR'; echo $errorMsg; } else { //Run the rest of the form } ========================================================================== ========================================================================== Thats simple. Just MD5 their old password. For example: OLD PASSWORD Here you would just $POST['password']; and check the database to ensure its a replica. You can use a line like this one: $sql_password_check = mysql_query("SELECT id FROM myMembers WHERE password='$password' LIMIT 1"); $password_check = mysql_num_rows($sql_password_check); Then you need a condition statement that calculates whether or not an identical field exists or not. This can be done with a simple if as seen below: if ($password_check == ""){ $errorMsg = "ERROR"; exit (); } So now before we get to the portion with our New Password entry, we have to pass the test of matching passwords. If all is good, we move down to our Else condition as seen below: NEW PASSWORD else { $_POST['new_password1']; //Enter all the rest of your form data parsing stuff from the form here. } CONFIRM NEW PASSWORD Here you would just make sure that the Password the user just typed matches the one in $_POST['new_password1']; A simple 'if' condition would suffice. Overall, my point is that MD5 is NOT necessary here at all. All you need is a simple form and a couple of if conditions and you are good to go. If a user FORGETS their password, there are several fields in the database you can use as test questions to ensure user is who he says he is. The easiest way to do this is have an email sent to their registered account. From the link in that email, take them to a confirm identity page. From there, after they've confirmed their identity, take them to a create new password page. Then viola!! Still no need for MD5 decryption. Just keep in mind that MD5 is to help people encrypt and stop people from decrypting. Hope this helps!! Bl4ck Maj1k

Personally I wouldn't recomment going backwards in the first place. It was my understanding that MD5 hashing was made as a security precaution. It ENCRYPTS so people won't be able to see what the original string was, not even the database admin. If you can just go in and DECRYPT it, then the security is thrown out of the window if you ask me..... Bl4ck Maj1k

Wow.....I can't for the life of me see how that is possible....they must have some sort of function that they personally built in. Sorry for the bad info on my part then. Apparently there is a way. If you find PLEASE post because now my curiosity is at its highest point LOL.

P.S. The answer to this was NOOOO!!!! And I totally get it!! My form wasn't returning the variable to the URL.....so how would it POSSIBLY have anything to capture....wow PHP makes SOOOO much sense!!!! :-) I <3 this place already!!!!!!

EDIT I DID IT!!!!!! I FIXED IT!!!!! Finally WOWWWW!!! I am SOOOOO proud of me right now!! Here is what I did. First, I changed the following: if (isset($_POST['password'])) { include_once "scripts/connect_to_mysql.php"; $id = $_GET['id']; $id = mysql_real_escape_string($id ); $id = eregi_replace("`", "", $id); to: include_once "scripts/connect_to_mysql.php"; $id = $_GET['id']; $id = mysql_real_escape_string($id ); $id = eregi_replace("`", "", $id); if (isset($_POST['password'])) { Then I went into the HTML of the code and changed the following: <form action="cust_acc_conf.php" method="post" id="form" name="form" enctype="multipart/form-data" onsubmit="return validate_form ( );"> <div id="login_header"> to: <form action="cust_acc_conf.php?id=<?php echo $id ?>" method="post" id="form" name="form" enctype="multipart/form-data" onsubmit="return validate_form ( );"> This wouldn't work for me before because the $id variable wasn't being returned UNLESS I hit the submit button. Now that its outside of the if condition, it stores it in the $id variable without any necessary action required. This makes it accessible whenever I need it, not just when a button is pressed. Wow sometimes all you need is a push in the right direction. Thank youuuuuuuuuu!!!!!!!

Interesting. Here is the PHP with the function you advised I add to top of code: <?php session_start(); echo '$_POST array:<pre>'; print_r($_POST); echo '</pre>$_GET array:<pre>'; print_r($_GET); echo '</pre>'; $id = ''; if (isset($_POST['password'])) { include_once "scripts/connect_to_mysql.php"; $id = $_GET['id']; $id = mysql_real_escape_string($id ); $id = eregi_replace("`", "", $id); $cust_password = $_POST['password']; $hashedPass = md5($cust_password); //$sql = mysql_query("UPDATE customers SET password='$hashedPass' WHERE id='$id'"); $update_success = 'You have successfully updated your Password. Please click <a href="customer_login.php">HERE</a> to log into your account.'; echo $update_success; echo $hashedPass; echo $cust_password; echo $id; exit(); } ?> And here is what was output to page:

I get what you are asking but honestly I can't seem to figure out how I would add this to your code. Just know that this is how you would do it... First you would make a variable called whatever (here I called it $sql_email_check). What this does is checks to see if the variable you typed in for email addess (usually something like $email = $_POST['email'] has a match in the table. That line would look like this: $sql_email_check = mysql_query("SELECT email FROM myMembers WHERE email='$emailCHecker'"); From here you have to track that variable in a way that can return a value for checking purposes. I usually do that like this: $email_check = mysql_num_rows($sql_email_check); Its ok for these 2 lines to be one after the other. Then somewhere in the code you need to set an condition stating if there was a match found then don't move forward. I usually do that like this: if ($email_check > 0){ $errorMsg = "<b>ERROR:</b><br />Your Email address is already in use. Please try again<br />"; exit(); This will check each time an email is entered into your system. If all is good and there are no matches, then the variable $email_check will not be greater than 0 thus completely skipping over this condition. If its greater than zero, your user will be forced out of the system and receive this error message. I would also suggest adding an echo of your $errorMsg variable to your if condition. Within the message you should give the user a link which returns him/her to the last page they were on. I hope this helps!! Bl4ck Maj1k

If I am not mistaken MD5 is a one way street brother. Once hashed, thats it. Even brute forcing won't give you the original value back. If you are looking to display on a 'Forgot Password' page, I suggest generating a random password. You wouldn't want a page displaying password data anyway. Definitely not safe. Hope this helps!! Bl4ck Maj1k

I have tried $_GET, $_POST, and $_REQUEST....still nothing. My $id variable will not echo anything neither will any data get written to the table. P.S. if I am using method="POST"; in my HTML form, will PHP still allow me to gather data using $_GET? Someone told me yesterday that its not possible. P.S.S. I am literally smiling ear to ear seeing the speedy reply.....WOW!!! YAY!!! :-)

Good evening my PHP experts!!! OK so heres the problem...I have been at this for about 2 DAYS now and for the life of me I just don't understand what I could possibly be doing wrong. I have 3 of 4 variables outputting correctly but without my id being pulled from the URL NOTHING will get written to my database. I have ran some tests and I came to learn that my $_POST['id']; function is not working properly for some strange reason. As always, any help would be greatly appreciated. Please see below PHP code. I also have posted the HTML code for your reference purposes...thanks in advance. Please helpppp!!!! <?php session_start(); $id = ''; if (isset($_POST['password'])) { include_once "scripts/connect_to_mysql.php"; $id = $_POST['id']; $id = mysql_real_escape_string($id ); $id = eregi_replace("`", "", $id); $cust_password = $_POST['password']; $hashedPass = md5($cust_password); $sql = mysql_query("UPDATE customers SET password='$hashedPass' WHERE id='$id'"); $update_success = 'You have successfully updated your Password. Please click <a href="customer_login.php">HERE</a> to log into your account.'; //Output to test whether or not my variables have anything in them. //$update_success, $hashedPass, $cust_password all Output just fine. $id displays nothing at all. echo $update_success; echo $hashedPass; echo $cust_password; echo $id; exit(); } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Untitled Document</title> <link rel="stylesheet" type="text/css" href="style.css"/> <script type="text/javascript"> <!-- Form Validation --> function validate_form ( ) { valid = true; if ( document.form.password.value == "" ) { alert ( "Password field must not be blank." ); valid = false; } return valid; } <!-- Form Validation --> </script> </head> <body> <div id="pg_container"> <!--HEADER SECTION--> <div id="header"> <div id="header_logo"></div> <div id="header_right">Welcome to Built 2 Manage.</div> </div> <!--HEADER SECTION--> <!--PAGE CONTAINER--> <div id="pgbdy_container"> <form action="cust_acc_conf.php" method="post" id="form" name="form" enctype="multipart/form-data" onsubmit="return validate_form ( );"> <div id="login_header"> <p> Please log into your account below. </p> </div> <div id="cust_choose_pass_form"> <div id="cust_choose_pass_text"> <p> Password: </p> </div> <div id="cust_choose_pass_field"> <p> <input name="password" type="text" id="password" /><br /><br /> <input name="submit_password" type="submit" id="submit_password" value="Submit Password" /><br /> </p> </div> </div> </form> </div> <!--PAGE CONTAINER--> <div id="footer"></div> </div> </body> </html>

I am Chris!! Everyone calls me Bl4ck Maj1k because of the funny Dave Chappelle episode with Rick James. If you have seen that episode, you are familiar with the scene where Rick James is stomping mud onto Eddie and Charlie Murphy's couch. Then they beat on his legs. As Rick James crawled to the door of the Murphy home, crying in pain, he shouts, "Bl4ck Maj1k, evil mutha....owwww". A lot of my friends thought that was hilarious and since I was the blackest guy on the face of the earth according to them (another line in the Charlie Murphy, Rick James skit), they just started calling me Bl4ck Maj1k. Anywho, sorry for the long story that you probably could care less to hear lol. I am here for one thing specifically, and that is to learn!!! I definitely understand a lot about programming and different languages so I will help out where I can, but I am no where near as PHP savvy I should be by now. Maybe because I have always been afraid that it was too complex for my itty witty mind to grasp LOL. I am currently working on my biggest project as of yet and it is in the very awesome language of PHP!!! This place is HUGE and I feel I could really learn a thing or two from the experts that hang out here. So here I am. As in all projects, we all run into the inevitable road blocks!!! I am hoping that my road blocks won't be such a pain with help from all these experts!! Before I leave I just want to say one thing. I am in no way shape or form lazy. Before I ever ask any questions I give myself at least 2 hours of non stop tinkering and troubleshooting. I test constantly and only when I have reached my precipice is when I ask for help. I also LOVE forum life....friendships with people sharing similar interests...surrounded by experts of the trade. Wow now it feels like I am ranting. Well thats all. Thanks in advance!!