Jump to content

HDFilmMaker2112

Members
  • Posts

    547
  • Joined

  • Last visited

    Never

Posts posted by HDFilmMaker2112

  1. Could somebody break down for me what the below actually does? I found the snippet on php.net. I've read up a little bit on reg expressions but it's still a little unclear to me. 

     

    I get the [] means don't include that character. But then how does the [a-zA-Z0-9._-] work?

     

    preg_match('/^[^@]+@[a-zA-Z0-9._-]+\.[a-zA-Z]+$/', $email)
    

  2. I'll include a chunk of my "libraries" for the cipher:

     

     

    $letter['']="00";
    $letter['b']="01";
    $letter['d']="02";
    $letter['f']="03";
    $letter['h']="04";
    $letter['j']="05";
    $letter['l']="06";
    $letter['n']="07";
    $letter['p']="08";
    $letter['r']="09";
    $letter['t']="10";
    $letter['v']="11";
    $letter['x']="12";
    
    $number['00']=" ";
    $number['01']="0";
    $number['02']="1";
    $number['03']="2";
    $number['04']="3";
    $number['05']="4";
    $number['06']="5";
    $number['07']="6";
    $number['08']="7";
    $number['09']="8";
    $number['10']="9";
    $number['11']="a";
    $number['12']="b";
    

  3. Alright, well I just tried SHA512 wrapping the MD5S and that is working:

     

    function kam3($string){
    return hash('sha512',(md5s($string)));
    }
    

     

    My issue is with the cipher(); which doesn't make much sense since it's just a substitution cipher. It's takes an "a" and turns it into a "c"....

     

    function cipher($str){
    require_once 'llib.php';
    require_once 'nlib.php';
    $new_str = '';
    foreach (str_split($str) as $char) {
        $new_str .= $number[$letter[$char]];
    }
    return $new_str;
    }
    

  4. Right now the password is generated by my forgot password page, then logged-in and changed via the change password form. I manually create users for this website, so eventually the user generation will be built into the admin panel, it's just not there yet.

     

    function md5s($string) {
        $salt = md5($string."%*k~'_@");
        $string = md5("$salt$string$salt");
       
        return $string; 
    }
    
    function kam3($string){
    return hash('sha512',(md5s(cipher($string))));
    }
    

  5. Alright, that fixed the change password script, but now I can't log-in with the newly changed password...

     

    <?php
    session_start(); 
    $myusername2=$_SESSION['myusername2'];
    $mypassword2=$_SESSION['mypassword2'];
    
    require_once 'db_select.php';
    require_once 'func.php';
    
    $current=kam3(sanitize($_POST['current']));
    $new=sanitize($_POST['new']);
    $new_confirm=sanitize($_POST['new_confirm']);
    
    if($current!=$mypassword2){
    header("location:index.php?usercp=password&p=0");
    }
    
    elseif($new!=$new_confirm){
    header("location:index.php?usercp=password&c=0");
    }
    
    elseif($current==$mypassword2 && $new==$new_confirm){
    $new=kam3($new);
    $sql="UPDATE $tbl_name SET password='$new' WHERE username='$myusername2' AND password='$mypassword2'";
    $result=mysql_query($sql);
    unset($_SESSION['mypassword2']);
    unset($_SESSION['myusername2']);
    if(mysql_affected_rows()==1){
    $_SESSION['mypassword2']=$new;
    $_SESSION['myusername2']=$myusername2;
    header("location:./index.php?usercp=password&c=1");
    }
    else{
    echo "Could Not Update Password."; 
    }
    }
    ?>
    

     

    <?php
    require_once 'db_select.php';
    require_once 'func.php';
    
    // username and password sent from form 
    $myusername=sanitize($_POST['username']); 
    $mypassword=kam3(sanitize($_POST['password'])); 
    
    $check_details="SELECT * FROM $tbl_name WHERE username='$myusername' AND password='$mypassword'";
    $details_result=mysql_query($check_details);
    
    
    // Mysql_num_row is counting table row
    $count_details=mysql_num_rows($details_result);
    
    // If result matched $myusername and $mypassword, table row must be 1 row
    if($count_details==1){
    session_start();
    $_SESSION['myusername2']=$myusername;
    $_SESSION['mypassword2']=$mypassword;
    header("location:index.php?usercp");
    }
    
    else{ 
    $u2="0";  
    header('Location:./index.php?u2='.$u2.''); 
    } 
    
    ?>
    

  6. For some reason the below is directing me back to my change password form and telling me the current password is entered incorrectly. That is triggered by this if statement - if($current!=$mypassword2)

     

    kam3(); is my hashing function.

     

    <?php
    session_start(); 
    $myusername2=$_SESSION['myusername2'];
    $mypassword2=$_SESSION['mypassword2'];
    
    require_once 'db_select.php';
    require_once 'func.php';
    
    $current=kam3(sanitize($_POST['current']));
    $new=sanitize($_POST['new']);
    $new_confirm=sanitize($_POST['new_confirm']);
    
    if($current!=$mypassword2){
    header("location:index.php?usercp=password&p=0");
    }
    
    elseif($new!=$new_confirm){
    header("location:index.php?usercp=password&c=0");
    }
    
    elseif($current==$mypassword2 && $new==$new_confirm){
    $new=kam3($new);
    $sql="UPDATE $tbl_name SET password='$new' WHERE username='$myusername2' AND password='$mypassword2'";
    $result=mysql_query($sql);
    unset($_SESSION['mypassword2']);
    unset($_SESSION['myusername2']);
    if(mysql_affected_rows($result)==1){
    $_SESSION['mypassword2']=$new;
    $_SESSION['myusername2']=$myusername2;
    header("location:./index.php?usercp=password&c=1");
    }
    else{
    echo "Could Not Update Password."; 
    }
    }
    ?>
    

     

    The initial log-in script looks like this:

     

    <?php
    require_once 'db_select.php';
    require_once 'func.php';
    
    // username and password sent from form 
    $myusername=sanitize($_POST['username']); 
    $mypassword=kam3(sanitize($_POST['password'])); 
    
    $check_details="SELECT * FROM $tbl_name WHERE username='$myusername' AND password='$mypassword'";
    $details_result=mysql_query($check_details);
    
    
    // Mysql_num_row is counting table row
    $count_details=mysql_num_rows($details_result);
    
    // If result matched $myusername and $mypassword, table row must be 1 row
    if($count_details==1){
    session_start();
    $_SESSION['myusername2']=$myusername;
    $_SESSION['mypassword2']=$mypassword;
    header("location:index.php?usercp");
    }
    
    else{ 
    if($usernamec!=$myusername || !isset($myusername) || $passwordc!=$mypassword){  
    $u2="0";  
    } 
    header('Location:./index.php?u2='.$u2.''); 
    } 
    
    ?>
    

     

    The log-in works fine, it's just when I get to my change password page, it's telling me the password is entered incorrectly.

  7. Sorry... missed the opening { bracket on the if statement:

     

    $query = "INSERT IGNORE database.t_usuario (usuario_nombre,usuario,password) ".
    "VALUES ('$usuario_nombre','$usuario','$password')";
    
    mysql_query($query) or die('Error, query failed : ' . mysql_error()); 
    
    if(mysql_affected_rows==1){
    header("Location: PC_users_display.php"); 
    }
    else{
    echo "Duplicate Entry Detected.";
    }
    

  8. i have written a code for checking username and password, and then directing to a specific profile page w.r.t the username entered..

     

    the password checking works fine

     

    but it directs the page to only one profile irrespective of the username entered..

     

    below is my code

     

    <?php
    
    //$mysql_host = "mysql14.000webhost.com";
    //$mysql_database = "a3907930_mehreen";
    //$mysql_user = "a3907930_root";
    //$mysql_password = "aaaAAA111";
    $host="mysql14.000webhost.com"; // Host name 
    $username="a3907930_root"; // Mysql username 
    $password="aaaAAA111"; // Mysql password 
    $db_name="a3907930_mehreen"; // Database name 
    $tbl_name="members"; // Table name
    
    // Connect to server and select databse.
    mysql_connect($host, $username, $password)or die("cannot connect"); 
    mysql_select_db($db_name)or die("cannot select DB");
    
    // username and password sent from form 
    $myusername=$_POST['myusername']; 
    $mypassword=$_POST['mypassword'];
    $sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
    $result=mysql_query($sql);
    // Mysql_num_row is counting table row
    $count=mysql_num_rows($result);
    // If result matched $myusername and $mypassword, table row must be 1 row
    
    
    if($count==1){
    // Register $myusername, $mypassword and redirect to file "login_success.php"
      session_register("myusername");
      session_register("mypassword");
      
    if ($myusername='mehreen')
    header ("location:mehreen_profile.php");
    
    elseif ($myusername='mariam')
    header ("location:mariam_profile.php");
    
    else
    header ("location:login_page.html");
    }
    
    else {
    header("location:invalidpassword.html");
    }
    
    
    
      ?>
    

     

    could u please help!

     

    My first suggestion is to always use {} brackets on all if/elseif/else statements. Also try adding dot slash "./" to all of the location header redirects, and change the lowercase l in location to a capital L.

     

    ie;

    header ("Location: ./login_page.html");

     

    Lastly, your if/elseif statements have one = sign... when comparing (as you are in an if/elseif statement) it must be two equal signs. With one equal sign you're declaring a variable, and thus the first if statement will always be true, because you're declaring it to be true right in the statement.

  9. $query = "INSERT IGNORE database.t_usuario (usuario_nombre,usuario,password) ".
    "VALUES ('$usuario_nombre','$usuario','$password')";
    
    mysql_query($query) or die('Error, query failed : ' . mysql_error()); 
    
    if(mysql_affected_rows==1)
    header("Location: PC_users_display.php"); 
    }
    else{
    echo "Duplicate Entry Detected.";
    }
    }
    

  10. I have a link on Home Page say for eg

     

    <a href="count.php?id=<?php echo $row['ID']; ?>&desc=<?php echo $row['PRO']; ?>" name="abc<?php $i; ?>">**Home**</a></li>

     

    Once click on Home Link provided above it goes to next page that is

     

    http://abb/MyWeb/pr/arro/count.php?id=4&desc=It%20isavailable

     

    Now i want to read value from URL

     

    id=4 and

    desc=it is available

     

    and i want to store it in variable

     

    $idenity = id ( store the id from url to varible )

     

    First, you could write the link simpler, with less starts and stops on php.

     

    echo '<a href="count.php?id='.$row['ID'].'&desc='.$row['PRO'].'name="abc'.$i.'">**Home**</a></li>';
    

     

    Second, you use $_GET[''], with the variable in the URL you want to get, inside the brackets and single quotes.

     

    ie;

     

    $identity=$_GET['id'];
    $desc=$_GET['desc'];
    

  11. I'm looking to know I could reduce this a bit? I'm thinking that counting the number of rows returned and comparing the password and username typed in matches the one selected from the database is useless, as the select query itself should give me that info. If it returns a row then clearly it's the correct information.

     

    So should I remove this?:

    $row=mysql_fetch_row($result);
    $usernamec=$row[0];
    $passwordc=$row[4];
    
    // Register $myusername, $mypassword and redirect to file
    if($myusername==$usernamec && $mypassword==$passwordc){
    

     

    <?php
    // username and password sent from form 
    $myusername=sanitize($_POST['username']); 
    $mypassword=kam3(sanitize($_POST['password'])); 
    
    $sql="SELECT * FROM $tbl_name WHERE username='$myusername' AND password='$mypassword'";
    $result=mysql_query($sql);
    
    
    // Mysql_num_row is counting table row
    $count=mysql_num_rows($result);
    
    // If result matched $myusername and $mypassword, table row must be 1 row
    if($count==1){
    $row=mysql_fetch_row($result);
    $usernamec=$row[0];
    $passwordc=$row[4];
    
    // Register $myusername, $mypassword and redirect to file
    if($myusername==$usernamec && $mypassword==$passwordc){
    session_start();
    $_SESSION['myusername2']=$myusername;
    $_SESSION['mypassword2']=$mypassword;
    header("location:index.php?usercp");
    }
    }
    
    else{ 
    if($usernamec!=$myusername || !isset($myusername) || $passwordc!=$mypassword){  
    $u2="0";  
    } 
    header('Location:./index.php?u2='.$u2.''); 
    } 
    ?>
    

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.