hoponhiggo
-
Posts
146 -
Joined
-
Last visited
Posts posted by hoponhiggo
-
-
Thank you. That was alot easier than i thought it would be
-
Hi
I have written the below code to echo a table
<table> <?php //start top 10 loop $sql=mysql_query("SELECT * FROM Games ORDER BY up DESC LIMIT 10"); while($row=mysql_fetch_array($sql)) { $title=$row['gametitle']; $gameid=$row['gameid']; $up=$row['up']; ?> <tr><td><a href="Reviews.php?gameid=<?php echo $gameid ?>"><?php echo $title ?></a> <td align="right"><?php echo $up ?></td> </tr> <?php //end top 10 loop } ?> </table>I want to add a new column to the table that lists them as 1 through to ten.
Can anybody advise the best way to do this?
Thanks
-
I think i have figured this out. I think it was something to do with dependent files not being in the same directory as reviews.php.
Sorted now anyway
-
Reviews.php is basically just a template file which contains loads of HTML for the page layout etc and then
<?php //displays gamecard include"Game_reviews/gamecards.php"?> </div>
-
Hi
I have previously posted this in the Jquery section but im not so sure its a Jquery issue now, so apoligies for the double post.
I am having an issue with a rating system that works if i access the gamecards.php file through its absolute path (www..../...../gamecards.php) but will not work if i access it through a file that it is an include of (www..../reviews.php)
Basicaly, when i click on the link through the include, the data is not sent to the DB and the data does not refresh.
gamecards.php all works fine when its not as an include.
Any ideas why? Gamecards.php is posted below
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <script type="text/javascript" src="jquery.js"></script> <script type="text/javascript"> $(function() { $(".vote").click(function() { var id = $(this).attr("id"); var name = $(this).attr("name"); var dataString = 'id='+ id ; var parent = $(this); if(name=='up') { $(this).fadeIn(200).html('<img src="dot.gif" align="absmiddle">'); $.ajax({ type: "POST", url: "up_vote.php", data: dataString, cache: false, success: function(html) { parent.html(html); } }); } else { $(this).fadeIn(200).html('<img src="dot.gif" align="absmiddle">'); $.ajax({ type: "POST", url: "down_vote.php", data: dataString, cache: false, success: function(html) { parent.html(html); } }); } return false; }); }); </script> </head> <body> <?php include('config.php'); //get results from db if (isset($_GET['gameid']) && is_numeric($_GET['gameid'])) { $gameid = mysql_real_escape_string($_GET['gameid']); $sql = "SELECT * FROM Games WHERE gameid = $gameid"; $res = mysql_query($sql); $data = mysql_fetch_assoc($res); // However you'd like to format the html to output $title=$data['gametitle']; $cover=$data['cover']; $gameid=$data['gameid']; $info=$data['info']; $genre=$data['genre']; $rdate=$data['releasedate']; $format=$data['format']; $dir1="coverart"; $reviews="Enter Reviews Here"; date("d/m/y",$rdate); echo "<div id='cardcontainer_full'> <div id='coverart'><img src='$dir1/{$cover}' width='100' height='140'><br></div> <div id='gametitle'>$title</div> <div id='features'>Genre: $genre<br><br> Release Date: $rdate<br><br> Available for: $format<br><br> </div> <div id='gameinfo'><div style='font-weight:bold'>Summary</div><br>$info <p><div style='font-weight:bold'>Reviews</div><p>$reviews </div> </div>"; } else { $data = ''; if(isset($_GET['filter']) && $_GET['filter'] != ''){ $filter = $_GET['filter']."%"; }else{ // set A as default $filter = "a%"; } $sql = "SELECT * FROM Games WHERE gametitle LIKE '$filter' ORDER BY gametitle"; $res = mysql_query($sql) or die(mysql_error()); if(mysql_num_rows($res) == 0) die("No records found"); // loop through the results returned by your query while($row = mysql_fetch_assoc($res)) { $title=$row['gametitle']; $cover=$row['cover']; $gameid=$row['gameid']; $up=$row['up']; $down=$row['down']; // directory for images $dir="coverart"; ?> <div id="cardcontainer"> <div id="coverart"> <?php echo "<img src='$dir/{$cover}' width='100' height='140'><br>"; ?> </div> <div id="gametitle"> <a href="Reviews.php?gameid=<?php echo $gameid ?>"><?php echo $title ?></a> </div> <div id="friendrating">Rate It<br /><a href="" class="vote" id="<?php echo $gameid; ?>" name="up"><?php echo $up; ?></a></div> <div id="globalrating">Hate It<br /><a href="" class="vote" id="<?php echo $gameid; ?>" name="down"><?php echo $down; ?></a></div> </div> <br /> <?php } } ?> </body> </html> -
UPDATE: I have found that this works when i try to use it through the absolute path (www..../..../gamecards.php)
It is not working when i try to use it through www....../reviews.php which gamecards.php is an include of.
Does anybody have any idea why?
Thanks
-
Hi Guys
I know nothing about javaScript, but im trying to ammend somebody else's script to work with mine, but its not working an i think it may be down to the JavaScript.
Would somebody mind taking a loook and see if they can spot an error?
Basicaly, it is a rating system with 3 files. The first file (gamecard.php) contains a link to the other two files...Either 'Up.php' or 'Down.php'. When a user clicks on one of the links, the number will should increase by one. However, at the minute, the number disapears and doesnt refresh or store in the db
The 3 peices of code are:
Gamecard.php
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <title>Voting with jQuery, Ajax and PHP</title> <script type="text/javascript" src="jquery.js"></script> <script type="text/javascript"> $(function() { $(".vote").click(function() { var id = $(this).attr("id"); var name = $(this).attr("name"); var dataString = 'id='+ id ; var parent = $(this); if(name=='up') { $(this).fadeIn(200).html('<img src="dot.gif" align="absmiddle">'); $.ajax({ type: "POST", url: "up_vote.php", data: dataString, cache: false, success: function(html) { parent.html(html); } }); } else { $(this).fadeIn(200).html('<img src="dot.gif" align="absmiddle">'); $.ajax({ type: "POST", url: "down_vote.php", data: dataString, cache: false, success: function(html) { parent.html(html); } }); } return false; }); }); </script> </head> <?php //get results from db if (isset($_GET['gameid']) && is_numeric($_GET['gameid'])) { $gameid = mysql_real_escape_string($_GET['gameid']); $sql = "SELECT * FROM Games WHERE gameid = $gameid"; $res = mysql_query($sql); $data = mysql_fetch_assoc($res); // However you'd like to format the html to output $title=$data['gametitle']; $cover=$data['cover']; $gameid=$data['gameid']; $info=$data['info']; $genre=$data['genre']; $rdate=$data['releasedate']; $format=$data['format']; $dir1="coverart"; $reviews="Enter Reviews Here"; date("d/m/y",$rdate); echo "<div id='cardcontainer_full'> <div id='coverart'><img src='$dir1/{$cover}' width='100' height='140'><br></div> <div id='gametitle'>$title</div> <div id='features'>Genre: $genre<br><br> Release Date: $rdate<br><br> Available for: $format<br><br> </div> <div id='gameinfo'><div style='font-weight:bold'>Summary</div><br>$info <p><div style='font-weight:bold'>Reviews</div><p>$reviews </div> </div>"; } else { $data = ''; if(isset($_GET['filter']) && $_GET['filter'] != ''){ $filter = $_GET['filter']."%"; }else{ // set A as default $filter = "a%"; } $sql = "SELECT * FROM Games WHERE gametitle LIKE '$filter' ORDER BY gametitle"; $res = mysql_query($sql) or die(mysql_error()); if(mysql_num_rows($res) == 0) die("No records found"); // loop through the results returned by your query while($data = mysql_fetch_assoc($res)) { $title=$data['gametitle']; $cover=$data['cover']; $gameid=$data['gameid']; $up=$data['up']; $down=$data['down']; // directory for images $dir="coverart"; ?> <div id="cardcontainer"> <div id="coverart"> <?php echo "<img src='$dir/{$cover}' width='100' height='140'><br>"; ?> </div> <div id="gametitle"> <a href="Reviews.php?gameid=<?php echo $gameid ?>"><?php echo $title ?></a> </div> <div id="up"><a href="" class="vote" id="<?php echo $gameid; ?>" name="up"><?php echo $up; ?></a></div> <div id="down"><a href="" class="vote" id="<?php echo $gameid; ?>" name="down"><?php echo $down; ?></a></div> </div> <br /> <?php } } ?>up.php
<?php include("config.php"); $ip=$_SERVER['REMOTE_ADDR']; if($_POST['id']) { $id=$_POST['id']; $id = mysql_escape_String($id); $ip_sql=mysql_query("select ip_add from Voting_IP where mes_id_fk='$id' and ip_add='$ip'"); $count=mysql_num_rows($ip_sql); if($count==0) { $sql = "update Games set up=up+1 where gameid='$id'"; mysql_query( $sql); $sql_in = "insert into Games (mes_id_fk,ip_add) values ('$id','$ip')"; mysql_query( $sql_in); } else { } $result=mysql_query("select up from Games where gameid='$id'"); $row=mysql_fetch_array($result); $up_value=$row['up']; echo $up_value; } ?>down.php
<?php include("config.php"); $ip=$_SERVER['REMOTE_ADDR']; if($_POST['id']) { $id=$_POST['id']; $id = mysql_escape_String($id); $ip_sql=mysql_query("select ip_add from Voting_IP where mes_id_fk='$id' and ip_add='$ip'"); $count=mysql_num_rows($ip_sql); if($count==0) { $sql = "update Games set down=down+1 where gameid='$id'"; mysql_query( $sql); $sql_in = "insert into Voting_IP (mes_id_fk,ip_add) values ('$id','$ip')"; mysql_query( $sql_in); } else { } $result=mysql_query("select down from Games where gameid='$id'"); $row=mysql_fetch_array($result); $down_value=$row['down']; echo $down_value; } ?>The error may very well be in the php but im not so sure. Your help will be appreciated
-
Hi guys
Im trying to create a form which allows me to insert records into my database, and upload an image, the name of which will be stored in the database.
I have the following code which inserts all the data into the db, except the image name and the image isnt uploaded either
<?php require_once('../Connections/pwnedbookv4.php'); ?> <?php if (!function_exists("GetSQLValueString")) { function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") { if (PHP_VERSION < 6) { $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue; } $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue); switch ($theType) { case "text": $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; break; case "long": case "int": $theValue = ($theValue != "") ? intval($theValue) : "NULL"; break; case "double": $theValue = ($theValue != "") ? doubleval($theValue) : "NULL"; break; case "date": $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; break; case "defined": $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue; break; } return $theValue; } } $editFormAction = $_SERVER['PHP_SELF']; if (isset($_SERVER['QUERY_STRING'])) { $editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']); } if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "form1")) { $insertSQL = sprintf("INSERT INTO Games (gametitle, info, genre, releasedate, format) VALUES (%s, %s, %s, %s, %s)", GetSQLValueString($_POST['gametitle'], "text"), GetSQLValueString($_POST['info'], "text"), GetSQLValueString($_POST['genre'], "text"), GetSQLValueString($_POST['releasedate'], "date"), GetSQLValueString($_POST['format'], "text")); mysql_select_db($database_pwnedbookv4, $pwnedbookv4); $Result1 = mysql_query($insertSQL, $pwnedbookv4) or die(mysql_error()); } ?> <form action="<?php echo $editFormAction; ?>" method="post" enctype="multipart/form-data" name="form1" id="form1"> <table align="center"> <tr valign="baseline"> <td nowrap="nowrap" align="right">Gametitle:</td> <td><input name="gametitle" type="text" value="" size="50" maxlength="50" /></td> </tr> <tr valign="baseline"> <?php //define a maxim size for the uploaded images in Kb define ("MAX_SIZE","100"); //This function reads the extension of the file. It is used to determine if the file is an image by checking the extension. function getExtension($str) { $i = strrpos($str,"."); if (!$i) { return ""; } $l = strlen($str) - $i; $ext = substr($str,$i+1,$l); return $ext; } //This variable is used as a flag. The value is initialized with 0 (meaning no error found) //and it will be changed to 1 if an errro occures. //If the error occures the file will not be uploaded. $errors=0; //checks if the form has been submitted if(isset($_POST['Submit'])) { if($_POST['Submit'] == ""){ // submit empty die ("you must include a picture"); } //reads the name of the file the user submitted for uploading $image=$_FILES['image']['name']; //if it is not empty if ($image) { //get the original name of the file from the clients machine $filename = stripslashes($_FILES['image']['name']); //get the extension of the file in a lower case format $extension = getExtension($filename); $extension = strtolower($extension); //if it is not a known extension, we will suppose it is an error and will not upload the file, //otherwise we will do more tests if (($extension != "jpg") && ($extension != "jpeg") && ($extension != "png") && ($extension != "gif")) { //print error message echo '<h1>Unknown extension!</h1>'; $errors=1; } else { //get the size of the image in bytes //$_FILES['image']['tmp_name'] is the temporary filename of the file //in which the uploaded file was stored on the server $size=filesize($_FILES['image']['tmp_name']); //compare the size with the maxim size we defined and print error if bigger if ($size > MAX_SIZE*1024) { echo '<h1>You have exceeded the size limit!</h1>'; $errors=1; } //we will give an unique name, for example the time in unix time format $image_name=time().'.'.$extension; //the new name will be containing the full path where will be stored (images folder) $newname="coverart/".$image_name; //Writes the information to the database mysql_query("UPDATE Games SET cover = '$image_name' WHERE gametitle= '$gametitle'"); //we verify if the image has been uploaded, and print error instead $copied = copy($_FILES['image']['tmp_name'], $newname); if (!$copied) { echo '<h1>Copy unsuccessfull!</h1>'; $errors=1; }}}} ?> <td nowrap="nowrap" align="right">Cover:</td> <td><input type="file" name="image"></td></td> </tr> <tr valign="baseline"> <td nowrap="nowrap" align="right">Info:</td> <td><input name="info" type="text" value="" size="50" /></td> </tr> <tr valign="baseline"> <td nowrap="nowrap" align="right">Genre:</td> <td><input type="text" name="genre" value="" size="50" /></td> </tr> <tr valign="baseline"> <td nowrap="nowrap" align="right">Releasedate:</td> <td><input type="text" name="releasedate" value="" size="50" /></td> </tr> <tr valign="baseline"> <td nowrap="nowrap" align="right">Format:</td> <td><input type="text" name="format" value="" size="50" /></td> </tr> <tr valign="baseline"> <td nowrap="nowrap" align="right"> </td> <td><input type="submit" value="Submit" /></td> </tr> </table> <input type="hidden" name="MM_insert" value="form1" /> </form>Can anybody see what im missing?
-
try changing
mysql_connect('localhost', 'abc123, 'abc123');to
mysql_connect('localhost', 'abc123', 'abc123');you missed a '
-
Hi
I am trying to expand on my current form validation code which is basic to say the least. the following code part of my registration form.
//form validation starts here if(isset($_POST['username'])){ if($_POST['username'] == ""){ //username empty die("You must enter a username"); } } else { //username not set } if(isset($_POST['password'])){ if($_POST['password'] == ""){ //password empty die("You must enter a password"); } } else { //password not set }How can i expand on this to
a)echo the error messages on the same page?
b)ensure that passwords are a minimum amounts of characters?
Thanks
-
When you say tables, do you mean as in a database or a HTML/CSS layout?
If you mean for the layout of your webpage, I suggest you repost this in the CSS section of the forums
-
Dam. Another rookie mistake.
I could have just echo'd $_SESSION['MM_Username'] couldnt i? Silly me
-
Hi
I am trying to develop an editprofile.php page to allow users to change their details.
So far i have written
<?php $result = mysql_query("SELECT username FROM users WHERE username = {$_SESSION['MM_Username']}"); $num_rows = mysql_num_rows($result); if($num_rows > 0) { while ($row = mysql_fetch_array($result)) { $username = $row['username']; } } ?>and then tried to test it by using
<div><?php echo $username ?></div>
but nothing is being echo'ed out. What am i doing wrong?
-
Finally sorted this now. I have posted the code for reference:
$salt="asifiwouldtellyou"; $userpass=$_POST['Password']; $md5pass = md5($salt . $userpass); if (isset($_POST['Username'])) { $loginUsername=$_POST['Username']; $password=$md5pass; $MM_fldUserAuthorization = ""; $MM_redirectLoginSuccess = "index.php"; $MM_redirectLoginFailed = "loginsignup.php"; $MM_redirecttoReferrer = false; mysql_select_db($database_pwnedbookv4, $pwnedbookv4); $LoginRS__query=sprintf("SELECT username, password, uid FROM users WHERE username=%s AND password=%s", GetSQLValueString($loginUsername, "text"), GetSQLValueString($password, "text"))Nodral, PFMaBiSmAd and Muddy_Funster: Thank you all very much for your contributions - especially Nodral. Top Guy!
-
I have tried to go through the whole login/signup code and remove what i can.
I am left with
<?php if (!function_exists("GetSQLValueString")) { function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") { if (PHP_VERSION < 6) { $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue; } $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue); switch ($theType) { case "text": $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; break; case "long": case "int": $theValue = ($theValue != "") ? intval($theValue) : "NULL"; break; case "double": $theValue = ($theValue != "") ? doubleval($theValue) : "NULL"; break; case "date": $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; break; case "defined": $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue; break; } return $theValue; } } // *** Validate request to login to this site. if (!isset($_SESSION)) { session_start(); } $loginFormAction = $_SERVER['PHP_SELF']; if (isset($_GET['accesscheck'])) { $_SESSION['PrevUrl'] = $_GET['accesscheck']; } if (isset($_POST['Username'])) { $loginUsername=$_POST['Username']; $password=$_POST['Password']; $salt="anything here"; $password=md5( md5($salt.$_POST['Password'])); $MM_fldUserAuthorization = ""; $MM_redirectLoginSuccess = "index.php"; $MM_redirectLoginFailed = "loginsignup.php"; $MM_redirecttoReferrer = false; mysql_select_db($database_pwnedbookv4, $pwnedbookv4); $LoginRS__query=sprintf("SELECT username, password, uid FROM users WHERE username=%s AND password=%s", GetSQLValueString($loginUsername, "text"), GetSQLValueString($password, "text")); $LoginRS = mysql_query($LoginRS__query, $pwnedbookv4) or die(mysql_error()); $loginFoundUser = mysql_num_rows($LoginRS); if ($loginFoundUser) { $loginStrGroup = ""; $pullID = mysql_fetch_assoc($LoginRS); $usrID = $pullID['uid']; if (PHP_VERSION >= 5.1) {session_regenerate_id(true);} else {session_regenerate_id();} //declare two session variables and assign them $_SESSION['MM_Username'] = $loginUsername; $_SESSION['MM_UserGroup'] = $loginStrGroup; $_SESSION['MM_userid'] = $usrID; if (isset($_SESSION['PrevUrl']) && false) { $MM_redirectLoginSuccess = $_SESSION['PrevUrl']; } header("Location: " . $MM_redirectLoginSuccess ); } else { header("Location: ". $MM_redirectLoginFailed ); } } $editFormAction = $_SERVER['PHP_SELF']; if (isset($_SERVER['QUERY_STRING'])) { $editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']); } if(isset($_POST['username'])){ if($_POST['username'] == ""){ //username empty die("You must enter a username"); } } else { //username not set } if(isset($_POST['password'])){ if($_POST['password'] == ""){ //username empty die("You must enter a password"); } } else { //password not set } $salt="anything here"; $password=md5( md5($salt.$password)); if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "form1")) { $insertSQL = sprintf("INSERT INTO users (username, password, email, fname, sname) VALUES (%s, %s, %s, %s, %s)", GetSQLValueString($_POST['username'], "text"), GetSQLValueString($password, "text"), GetSQLValueString($_POST['email'], "text"), GetSQLValueString($_POST['fname'], "text"), GetSQLValueString($_POST['sname'], "text")); mysql_select_db($database_pwnedbookv4, $pwnedbookv4); $Result1 = mysql_query($insertSQL, $pwnedbookv4) or die(mysql_error()); $insertGoTo = "loginsignup.php"; if (isset($_SERVER['QUERY_STRING'])) { $insertGoTo .= (strpos($insertGoTo, '?')) ? "&" : "?"; $insertGoTo .= $_SERVER['QUERY_STRING']; } header(sprintf("Location: %s", $insertGoTo)); } //send mail $to = $_POST['email']; $subject = "Welcome to ..."; $message = " <html> <head> <title>Welcome to ...</title> </head> <body> <p>Welcome to ...</p> <p>Thank you for registering</p> <p>Hoponhiggo (admin)</p> </body> </html> "; // To send HTML mail, the Content-type header must be set $headers = 'MIME-Version: 1.0' . "\r\n"; $headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n"; $headers .= 'From: pwnedbookv4@hoponhiggo.co.uk' . "\r\n"; preg_match('/^([0-9a-zA-Z]([-\.\w]*[0-9a-zA-Z])*@([0-9a-zA-Z][-\w]*[0-9a-zA-Z]\.)+[a-zA-Z]{2,9})$/i'); mail($to,$subject,$message,$headers); ?>Using dreamweaver, it says i have two log in actions as server behaviours.
Whenever i try to ammend:
if (isset($_POST['Username'])) { $loginUsername=$_POST['Username']; $password=$_POST['Password']; $salt="anything here"; $password=md5( md5($salt.$_POST['Password']));both of these server behaviors dissapear. Alot of this code has been automatically created by dreamweaver so im not to sure what can stay and what can go to try and make this work
-
ok, my code is now
$loginFormAction = $_SERVER['PHP_SELF']; if (isset($_GET['accesscheck'])) { $_SESSION['PrevUrl'] = $_GET['accesscheck']; } $salt="Any random gobbldy-gook"; $password=md5( md5($salt.$_POST['password'])); if (isset($_POST['Username'])) { $loginUsername=$_POST['Username']; $password=$_Post['Password']; $MM_fldUserAuthorization = ""; $MM_redirectLoginSuccess = "index.php"; $MM_redirectLoginFailed = "loginsignup.php"; $MM_redirecttoReferrer = false; mysql_select_db($database_pwnedbookv4, $pwnedbookv4); $LoginRS__query=sprintf("SELECT username, password, uid FROM users WHERE username=%s AND password=%s", GetSQLValueString($loginUsername, "text"), GetSQLValueString($password, "text")); $LoginRS = mysql_query($LoginRS__query, $pwnedbookv4) or die(mysql_error()); $loginFoundUser = mysql_num_rows($LoginRS); if ($loginFoundUser) { if(isset($_POST['checkcookie'])){ setcookie("cookname", $loginUsername, time()+60*60*24*100, "/"); setcookie("cookpass", $password, time()+60*60*24*100, "/"); } $loginStrGroup = ""; $pullID = mysql_fetch_assoc($LoginRS); $usrID = $pullID['uid']; if (PHP_VERSION >= 5.1) {session_regenerate_id(true);} else {session_regenerate_id();} //declare two session variables and assign them $_SESSION['MM_Username'] = $loginUsername; $_SESSION['MM_UserGroup'] = $loginStrGroup; $_SESSION['MM_userid'] = $usrID; if (isset($_SESSION['PrevUrl']) && false) { $MM_redirectLoginSuccess = $_SESSION['PrevUrl']; } header("Location: " . $MM_redirectLoginSuccess ); } else { header("Location: ". $MM_redirectLoginFailed ); } } ?>Still not working. Do you think the fact that even before i started changing any code, there was already a $password variable? ($password=$password=$_Post['Password']
already existed?Is the $password in the the
$password=md5( md5($salt.$_POST['password']));
overiding the $password in
$password=$password=$_Post['Password'];
?
-
no error, im just redirected to my log in page.
-
look forward to you reposting in 5 mins then!! lol
Wait no more haha
changed my login code to:
$loginFormAction = $_SERVER['PHP_SELF']; if (isset($_GET['accesscheck'])) { $_SESSION['PrevUrl'] = $_GET['accesscheck']; } $salt="Any random gobbldy-gook"; $password=md5( md5($salt.$password)); $sql="SELECT uid FROM users WHERE username='$username' AND password='$password'"; if (isset($_POST['Username'])) { $loginUsername=$username; $password=$password; $MM_fldUserAuthorization = ""; $MM_redirectLoginSuccess = "index.php"; $MM_redirectLoginFailed = "loginsignup.php"; $MM_redirecttoReferrer = false; mysql_select_db($database_pwnedbookv4, $pwnedbookv4); $LoginRS__query=sprintf("SELECT username, password, uid FROM users WHERE username=%s AND password=%s", GetSQLValueString($loginUsername, "text"), GetSQLValueString($password, "text")); $LoginRS = mysql_query($LoginRS__query, $pwnedbookv4) or die(mysql_error()); $loginFoundUser = mysql_num_rows($LoginRS); if ($loginFoundUser) { if(isset($_POST['checkcookie'])){ setcookie("cookname", $loginUsername, time()+60*60*24*100, "/"); setcookie("cookpass", $password, time()+60*60*24*100, "/"); } $loginStrGroup = ""; $pullID = mysql_fetch_assoc($LoginRS); $usrID = $pullID['uid']; if (PHP_VERSION >= 5.1) {session_regenerate_id(true);} else {session_regenerate_id();} //declare two session variables and assign them $_SESSION['MM_Username'] = $loginUsername; $_SESSION['MM_UserGroup'] = $loginStrGroup; $_SESSION['MM_userid'] = $usrID; if (isset($_SESSION['PrevUrl']) && false) { $MM_redirectLoginSuccess = $_SESSION['PrevUrl']; } header("Location: " . $MM_redirectLoginSuccess ); } else { header("Location: ". $MM_redirectLoginFailed ); } } ?>but as you can guess, no joy!
-
just going to try an apply the next part to the log in code
-
Refer to my previous post, you are still trying to insert $_POST['password'] into the database, rather than the hashed and salted variable, $password
Damn...Cant beleive i missed this...Rookie mistake
Thank you very much for your help. You have been very patient with me haha
-
Tried the changes. still not working.
My current code is:
$editFormAction = $_SERVER['PHP_SELF']; if (isset($_SERVER['QUERY_STRING'])) { $editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']); } if(isset($_POST['username'])){ if($_POST['username'] == ""){ //username empty die("You must enter a username"); } } else { //username not set } if(isset($_POST['password'])){ if($_POST['password'] == ""){ //username empty die("You must enter a password"); } } else { //password not set } $salt="Any random gobbldy-gook"; $password=md5( md5($salt.$password)); if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "form1")) { $insertSQL = sprintf("INSERT INTO users (username, password, email, fname, sname) VALUES (%s, %s, %s, %s, %s)", GetSQLValueString($_POST['username'], "text"), GetSQLValueString($_POST['password'], "text"), GetSQLValueString($_POST['email'], "text"), GetSQLValueString($_POST['fname'], "text"), GetSQLValueString($_POST['sname'], "text")); mysql_select_db($database_pwnedbookv4, $pwnedbookv4); $Result1 = mysql_query($insertSQL, $pwnedbookv4) or die(mysql_error()); $insertGoTo = "loginsignup.php"; if (isset($_SERVER['QUERY_STRING'])) { $insertGoTo .= (strpos($insertGoTo, '?')) ? "&" : "?"; $insertGoTo .= $_SERVER['QUERY_STRING']; } header(sprintf("Location: %s", $insertGoTo)); } -
Set them to VARCHAR(255)
Done!
The code you have, isn't doing what you expect. The second parameter of the md5() function isn't a salt string. It is a bool flag that determines what format the value is returned as.A 'salt' is a random string that you prepend and/or append to the actual password before you apply a hash function to it. Therefore, in php you would need to concatenate the salt string to the $_POST['password'] value.
I have no idea what this means!
Still cant get this to work
-
tried it there too. Still no different.
also, do i have to modify my table structure in anyway to support the lenght of characters hashing creates?
-
i have edited my code (see below), but while i get no errors, the passwords are not being hashed. They are still being stored into my db as plain text. any ideas?
$editFormAction = $_SERVER['PHP_SELF']; if (isset($_SERVER['QUERY_STRING'])) { $editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']); } if(isset($_POST['username'])){ if($_POST['username'] == ""){ //username empty die("You must enter a username"); } } else { //username not set } if(isset($_POST['password'])){ if($_POST['password'] == ""){ //username empty die("You must enter a password"); } } else { //password not set } if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "form1")) { $insertSQL = sprintf("INSERT INTO users (username, password, email, fname, sname) VALUES (%s, %s, %s, %s, %s)", GetSQLValueString($_POST['username'], "text"), GetSQLValueString($_POST['password'], "text"), GetSQLValueString($_POST['email'], "text"), GetSQLValueString($_POST['fname'], "text"), GetSQLValueString($_POST['sname'], "text")); $salt="Any random gobbldy-gook"; $password=md5( md5($password), $salt); mysql_select_db($database_pwnedbookv4, $pwnedbookv4); $Result1 = mysql_query($insertSQL, $pwnedbookv4) or die(mysql_error()); $insertGoTo = "loginsignup.php"; if (isset($_SERVER['QUERY_STRING'])) { $insertGoTo .= (strpos($insertGoTo, '?')) ? "&" : "?"; $insertGoTo .= $_SERVER['QUERY_STRING']; } header(sprintf("Location: %s", $insertGoTo)); }
3 column layout issue
in CSS Help
Posted
Hi guys
Im trying to create a blank 3 column layout using some snippets of code ive found from a template, but i cant get it too work.
When viewing the design in dreamweaver, the text and styling in the left and right colum is not visible. Can anybody advise as to why?
html:
CSS:
body{ margin:0; padding:0; line-height: 1.5em; } b{font-size: 110%;} em{color: red;} #topsection{ background: #EAEAEA; height: 90px; /*Height of top section*/ } #topsection h1{ margin: 0; padding-top: 15px; } #contentwrapper{ float: left; width: 100%; } #contentcolumn{ margin: 0 15% 0 20%; /*Margins for content column. Should be "0 RightColumnWidth 0 LeftColumnWidth*/ } #leftcolumn{ float: left; width: 20%; /*Width of left column in percentage*/ ; background: #C8FC98; } #rightcolumn{ float: left; width: 15%; /*Width of right column in pixels*/ ; /*Set margin to that of -(RightColumnWidth)*/ background: #FDE95E; } #footer{ clear: left; width: 100%; background: black; color: #FFF; text-align: center; padding: 4px 0; } #footer a{ color: #FFFF80; } .innertube{ margin: 10px; margin-top: 0; }Any help would be greatly appreciated....