Jump to content

HDFilmMaker2112

Members
  • Posts

    547
  • Joined

  • Last visited

    Never

Posts posted by HDFilmMaker2112

  1. Alright... I made my own cipher that converts the password to another string... then from there I'm going to use MD5 + salt , and then SHA512 on the MD5 Hash... or would this be complete over kill?

     

    hash('sha512',(md5s(cipher($string))))
    

  2. if(isset($_GET['item']) && ctype_digit($_GET['item'])){
    $item_id=$_GET['item'];
    $sql50="SELECT * FROM $tbl_name WHERE item_id='$item_id'";
    $result50=mysql_query($sql50);
    while($row50=mysql_fetch_array($result50)){
    
    //product display here
    }
    }
    

     

    From that whenever you have ?item=item number in the URL you'll get a SQL Query for that product/item.

     

  3. I expanded this out to the whole alphabet lower and capital case + 0-9.

     

    And it's now converting a 10 character string to 8 characters.

     

    <?php
    require_once 'llib.php';
    require_once 'nlib.php';
    $str = 'Asda12Ka12';
    $new_str = '';
    foreach (str_split($str) as $char) {
        $new_str .= $number[$letter[$char]];
    }
    echo $new_str;
    ?>
    

     

     

    I've tracked it down to the lowercase a

    $letter['a']=01;
    

     

    $number['01']="0";
    

     

    so instead of inserting 0 into the new string it just doesn't insert anything.

    I end up with this:

     

    q9eRSvRS

     

    It should be:

     

    q9e0RSv0RS

  4. hmmm alright that works now

    $nh = mysql_num_rows(mysql_query("SELECT mail.*,messages.* FROM `messages` JOIN `mail` WHERE `mail`.`status`='1' AND `messages`.`to`='{$_SESSION['id']}' AND `messages`.`mail_id`=mail.id"));

     

    but... came to a glitch. I want to show if there is a new message the the current user. right now it will show if there has been any messages sent to the current user (any at all) where messages.mail_id=mail.id and mail.status=1

    so basically if current user sends message to userid=40 and mail_id=12 then it sets mail.status=1 where mail.id=12

    and userid=40 sends message back it marks mail.status=1 again so it will still think the current user has a new message.

    any idea how to fix that flaw in my system?

     

    You're out of my range now... Hope I don't make admins mad here, but go to the MySQL section on http://forums.devshed.com/mysql-help-4/

    And look for some help from the mod "r937". Pretty much solved any complex SQL Query I've ever had to write.

  5. Here's what I have right now:

     

    $input = "YAPePAsdf";
    $input = str_split($input);
    
    foreach($input as $key=>$char){ 
    if(isset($letter[$char])){
    $input[$key] = $letter[$char];
    }
    }
    
    $output = implode("-", $input);
    
    echo $output;
    
    

     

    above that is a bunch of code assigning a letter to a number in this format:

     

    $letter['letter']=number 1-52;
    

     

    This isn't displaying anything.

  6. Looking for the best way to convert a string to a bunch of numbers and then those numbers to a new string.

     

     

    Something like this:

    $string="APWE";

    A into 05, 05 into Y.

    P into 36, 36 into A

    W into 23, 23 into e

    E into 13, 13 into P

     

    So it will go from APWE to 05362313 to YAeP

     

    Looking at str_split($numbers, 2) to get from the numbers to the letters, but do I need to have a full library of each letters corresponding number and then the corresponding letter to those numbers to convert back to the new letters?

  7. I'm having an issue redirecting my page to an error page if my UPDATE query does not find a matching entry to update:

     

    elseif($_GET['forgot']=="password"){
    
    $new_password =& generatePassword();
    $username=sanitize($_POST['username']);
    
    $sql1="UPDATE $tbl_name SET password='$new_password' WHERE username='$username' AND email='$email' AND amount='$donation_amount'";
    $result1=mysql_query($sql1);
    $num_rows1=mysql_affected_rows();
    
    if($num_rows1==1){
    $content.='<p class="center">New password generated. It has been emailed to the email address provided.</p><br />';
    $message='Some one (hopefully you) requested a new password be generated for your account on Make the Movie Happen.
    Below is the newly generated password:
    
    Password: '.$new_password.'
    
    Once you log-in, please change your password.
    
    Thank You,
    Make the Movie Happen Support Team
    ';
    mail($email, 'Make the Movie Happen - New Password', $message, 'From: general@makethemoviehappen.com');
    }
    elseif($num_rows1=="-1"){
    header("Location: ./index.php?forgot&e=1");
    }
    else{
    $content.='New password could not be generated. 
    If you continue to have issues, please email <a href="mailto:general@makethemoviehappen.com">general@makethemoviehappen.com</a> for assistance.';
    }
    }
    

    mysql_affected_rows should return a positive number if it finds rows to update and -1 if the query fails. I thought if it didn't find anything to update the query would fail... should it be 0 instead of -1?

     

     

    Here's where the page redirects if it doesn't find anything to update.

    else{
    $content='<div class="main">
    <div class="main_header clear">Forgot Password/Username</div>
    <br />
    <div>
    <p class="eighteen">Forget Password</p>
    <p>Enter the information below to reset your password.</p>';
    if($_GET['e']=="1"){
    $content.='<p class="red">Information entered incorrect.</p>';
    }
    $content.='
    <form action="./index.php?forgot=password" method="post">
        <p><label>Username:</label> <input type="text" name="username" size="30" /></p>
    <p><label>E-Mail of Original Donation/Purchase:</label> <input type="text" name="email" size="32" /></p>
    <p><label>Total Donation Amount:</label> <input type="text" name="donation_amount"  size="5" /> <span class="twelve">(In x,xxx.xx format. Any other format will cause an error.)</span></p>
        <p><input type="submit" value="Submit" name="Submit" /></p>
        </form>
    </div>
    <br />
    <div>
    <p class="eighteen">Forget Username</p>
    <p>Enter the information below to have your username emailed to you.</p>';
    if($_GET['e']=="2"){
    $content.='<p class="red">Information entered incorrect.</p>';
    }
    $content.='
    <form action="./index.php?forgot=username" method="post">
    <p><label>E-Mail of Original Donation/Purchase:</label> <input type="text" name="email" size="32" /></p>
    <p><label>Total Donation Amount:</label> <input type="text" name="donation_amount"  size="5" /> <span class="twelve">(In x,xxx.xx format. Any other format will cause an error.)</span></p>
        <p><input type="submit" value="Submit" name="Submit" /></p>
        </form>
    </div>
    </div>
    <br />
    ';
    }
    

  8. Can the following be condensed into one query?

    $username=sanitize($_POST['username']);
    $sql="SELECT * FROM $tbl_name WHERE username='$username' AND email='$email' AND amount='$donation_amount'";
    $result=mysql_query($sql);
    $num_rows = mysql_num_rows($result);
    
    if($num_rows==1){
    $sql1="UPDATE $tbl_name SET password='$new_password' WHERE username='$username' AND email='$email' AND amount='$donation_amount'";
    $result1=mysql_query($sql1);
    $num_rows1=mysql_affected_rows();
    

     

    Should I just throw out the SELECT and just use the update? $num_rows1 will equal 0 if it doesn't find an entry to update correct?

  9. One more question...

     

    When somebody tried to log-in, how do I compare the hashed/encrypted password to the one entered? Do I convert the one in DB back to readable characters, or convert the one entered to try to match the data in the DB?

  10. Forgot to post my current Table set-up:

     

    ideas

    message_number

    donor_id

    username

    name

    amount

    message

     

    This is for a system of donors submitting ideas to a film production. So we need to permit the submission of an idea, and me to communicate back and forth with them while keeping all the messages corresponding with that idea under the same group.

  11. What would be the best password encryption to use... I've seen MD5, SHA1, SHA256, and SHA512.. but I've recently posts suggesting that bcrypt or CRYPT_BLOWFISH is a better method? The will be my first attempt at password encryption.

  12. join is good, but to keep it simple u could do what u are trying to just exclude the while loop like this:

     

    $findBarIdBy_sql = "SELECT * FROM barer WHERE city_id = '$city_id'";

    $findBarIdBy_query = mysql_query($findBarIdBy_sql) or die(mysql_error());

    $row_barid = mysql_fetch_assoc($findBarid)or die(mysql_error());

     

    // then put the row u want into a varible and query again with sed varible

    $barid = $row_barid['store id '];

     

    //

    query again and put that $barid into your query .....

    the method i use i never use joins take longer !

     

    JOIN is actually quicker... Let MySQL do as much as possible. Every time you do a new query, your starting...stopping... and then starting MySQL again. If I'm not mistaken. And it's cleaner code.

  13. What would be the best way to set-up a database for a messaging system? I'm basically looking for some like GMail where the messages are kept together. So if you go back and forth with the discussion, each piece of the discussion would be show up with those other replies.

     

    Should I just do a unique message id and link together those unique ids some how?

  14. *******

    form.php

    *******

    <?php
    $form='
    some php code...
    <form>
    some php and html ...
    php form...
    </form>';
    ?>
    

     

     

    ******

    config.php

    ******

    <?php
    include 'form.php';
    $foo='<table>
    <tr><td>
    // I would like to get the contents of form.php and add the to the rest of the contents of $foo.
    some text ' .$form. ' some more text
    </tr></td>
    </table>';
    ?>
    
    
    

     

     

    ******

    file.php

    ******

    <?php include("config.php"); ?>
    <html>
    <head>
    <?php
    // Some php code here.
    ?>
    <title>title</title>
    </head>
    <body>
    Please fill out our form.<br>
    <?php echo $foo; 
    // Some php code here too.
    ?>
    </body>
    </html>
    

  15. Below is the code for one of my pages

     

    if ($_SESSION['loggedin']!='1') {
    echo "Please <a href='login.php'>Login</a> or <a href='members/regster.php'>Register</a> to view this page.<br>
    You will be redirected to <a href='members/login.php'>Login</a> page after 3 seconds.";
    echo "<meta http-equiv=\"refresh\" content=\"3;url=members/register.php\"></center>";
    } else {
    if ($_GET['action']=='complete') {
    	$query = "SELECT * FROM `pending` WHERE offer_id='".mysql_real_escape_string($_GET['oid'])."' AND user_id='".$ui['id']."'";
    	$result = mysql_query($query) or die(mysql_error());
    	if (mysql_num_rows($result)>0) {
    		print "<center>You already submited this offer.<br>Please return to <a href='offers.php'>Offers</a> page and submit another offer.</center>";
    		exit;
    	} else {
    		$date = date("F j, Y, g:i a");
    		$getoffer = "SELECT * FROM `offers` WHERE id='".mysql_real_escape_string($_GET['oid'])."'";
    		$result = mysql_query($getoffer) or die(mysql_error());
    		$offer = mysql_fetch_array($result);
    		$query = "INSERT INTO `pending` VALUES('','".$offer['id']."','".$ui['id']."','".$date."','".$offer['reward']."','1')";
    		mysql_query($query) or die(mysql_error());
    		print "<center>Offer moved to pending list. Please allow it up to 3 days to get approved.<br>Complete more <a href='../offers.php'>Offers</a></center>";
    		exit;
    	}		
    } else {
    	if ($_GET['action']=='list') {
    		print "<table width=\"100%\">
    		<tr>
    		<td>Name</td>
    		<td>Reward</td>
    		<td>Status</td>
    		</tr>";
    		$getpend = "SELECT * FROM `pending` WHERE user_id='".$ui['id']."'";
    		$pend = mysql_query($getpend) or die(mysql_error());
    		$getcomp = "SELECT * FROM `completed` WHERE user_id='".$ui['id']."'";
    		$comp = mysql_query($getcomp) or die(mysql_error());
    		if ((mysql_num_rows($pend)==0) && (mysql_num_rows($comp)==0)) {
    			print"<center>You don't have any pending or denied offers, Please go to <a href='offers.php'>Offers</a> page to submit any offer by your choice and get reward for it.</center>";
    		} else {
    			if (mysql_num_rows($comp)>0) {
    				while ($completed = mysql_fetch_array($comp)) {
    					$getoffer = "SELECT * FROM offers WHERE id='".$completed['offer_id']."'";
    					$offer = mysql_query($getoffer) or die(mysql_error());
    					if (mysql_num_rows($offer)==0) {
    						continue;
    					} else {
    						$offer = mysql_fetch_array($offer);
    						print"
    						<tr>
    						<td>".$offer['name']."</td>
    						<td>".$offer['reward']."</td>
    						<td><font color=green>Completed</font></td>
    						</tr>";
    					}
    				}	
    			}
    			if (mysql_num_rows($pend)>0) {
    				while ($pending = mysql_fetch_array($pend)) {
    					$getoffer = "SELECT * FROM offers WHERE id='".$pending['offer_id']."'";
    					$offer = mysql_query($getoffer) or die(mysql_error());
    					if (mysql_num_rows($offer)==0) {
    						continue;
    					} else {
    						$offer = mysql_fetch_array($offer);
    						if ($pending['status']==1) { $status='<font color=red>Pending</font>'; }
    						if ($pending['status']==2) { $status='<font color=#72a3eb>Denied</font>'; }
    						print"
    						<tr>
    						<td>".$offer['name']."</td>
    						<td>".$offer['reward']."</td>
    						<td>".$status."</td>
    						</tr>";
    					}
    				}	
    			}				
    		}
    		print "</table>";
    		print"<br><center>Back to <a href='../?os=home'>offer</a> page.</center>";
    		exit;
    	}
    }
    print "<center>View <a href='?action=list'>Denied, Pending and Completed</a> offer list.<br><br>";
    print "<center>Please select offer type.</center>";
    $query = "SELECT * FROM `offer_types` WHERE active=1";
    $result = mysql_query($query) or die(mysql_error());
    print "<center>";
    while ( $otypes = mysql_fetch_array($result)) {
    	print" | <a href='offers.php?type=".$otypes['id']."'>".$otypes['type']."</a> | ";
    }
    print "</center><br>";
    if ($_GET['type']) {
    	$query = "SELECT * FROM `offers` WHERE active=1 AND type='".mysql_real_escape_string($_GET['type'])."' ORDER BY `reward` DESC";
    } else {
    	$query = "SELECT * FROM `offers` WHERE active=1 ORDER BY `reward` DESC";
    }
    $result = mysql_query($query) or die(mysql_error());
    if (mysql_num_rows($result)==0) {
    	print "<center>No Offers available at the moment, please check other sections for different offer types.</center>";
    } else {
    	print "<table width=\"100%\">
    	<tr>
    	<td>Name</td>
    	<td>Description</td>
    	<td>Countries</td>
    	<td>Reward</td>
    	<td>Action</td>
    	</tr>";
    	while ( $offer = mysql_fetch_array($result)) {
    		$getcompleted = "SELECT * FROM `completed` WHERE offer_id='".$offer['id']."' AND user_id='".$ui['id']."'";
    		$completed = mysql_query($getcompleted) or die(mysql_error());
    		if (mysql_num_rows($completed)>0) {
    			continue;
    		} else {
    			$getpending = "SELECT * FROM `pending` WHERE offer_id='".$offer['id']."' AND user_id='".$ui['id']."'";
    			$pending = mysql_query($getpending) or die(mysql_error());
    			if (mysql_num_rows($pending)==0) {
    				$link = "<form method=GET><input type=hidden name=action value=complete><input type=hidden name=oid value='".$offer['id']."'><input type=submit value='Submit'></form>";
    			} else {
    				$pend=mysql_fetch_array($pending);
    				if ($pend['status']==1) { $link = "<font color=red>Pending</font>"; }
    				if ($pend['status']==2) { $link = "<font color=#72a3eb>Denied</font>"; }
    			}
    			print "
    			<tr>
    			<td><a href='".$offer['url']."' target=_blank>".$offer['name']."</a></td>
    			<td>".$offer['info']."</td>
    			<td>".$offer['country']."</td>
    			<td>".$offer['reward']."</td>
    			<td>".$link."</td>
    			</tr>";
    		}
    	}
    }
    print "</table>";
    }
    
    
    
    
    ?>
    

     

    when someone press the submit button it goes to ?action=complete&oid=411 how can i make it go to ?os=offers&action=complete&oid=411

     

    You have to wrap your current code in an if statement that has $_GET['os']=="offers" as it's condition. And change your form action="" to match.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.