lovephp

Anyone could help or giude how to secure this script by storing session into database? login.php <?php //Start session session_start(); //Include database connection details require_once('config.php'); //Get ip function get_client_ip() { $ipaddress = ''; if ($_SERVER['HTTP_CLIENT_IP']) $ipaddress = $_SERVER['HTTP_CLIENT_IP']; else if($_SERVER['HTTP_X_FORWARDED_FOR']) $ipaddress = $_SERVER['HTTP_X_FORWARDED_FOR']; else if($_SERVER['HTTP_X_FORWARDED']) $ipaddress = $_SERVER['HTTP_X_FORWARDED']; else if($_SERVER['HTTP_FORWARDED_FOR']) $ipaddress = $_SERVER['HTTP_FORWARDED_FOR']; else if($_SERVER['HTTP_FORWARDED']) $ipaddress = $_SERVER['HTTP_FORWARDED']; else if($_SERVER['REMOTE_ADDR']) $ipaddress = $_SERVER['REMOTE_ADDR']; else $ipaddress = 'UNKNOWN'; return $ipaddress; } //Array to store validation errors $errmsg_arr = array(); //Validation error flag $errflag = false; //Function to sanitize values received from the form. Prevents SQL injection function clean($str) { $str = @trim($str); if(get_magic_quotes_gpc()) { $str = stripslashes($str); } return mysql_real_escape_string($str); } //Sanitize the POST values $login = clean($_POST['login']); $password = clean($_POST['password']); $ip = get_client_ip(); //Input Validations if($login == '') { $errmsg_arr[] = 'Login ID missing'; $errflag = true; } if($password == '') { $errmsg_arr[] = 'Password missing'; $errflag = true; } /* if($login != '' || $password != '') { if($login !='admin' && $ip !=''.$log_ip.''){ $errmsg_arr[] = 'Your IP <b>'.$ip.'</b> is not recognized...'; $errflag = true; } } */ //If there are input validations, redirect back to the login form if($errflag) { $_SESSION['ERRMSG_ARR'] = $errmsg_arr; session_write_close(); //header("location: index.php"); echo ('<meta http-equiv="refresh" content="0;url=index.php">'); exit(); } //Create query $qry="SELECT * FROM members WHERE login='$login' AND passwd='".$_POST['password']."'"; $result=mysql_query($qry); //Check whether the query was successful or not if($result) { if(mysql_num_rows($result) == 1) { //Login Successful session_regenerate_id(); $member = mysql_fetch_assoc($result); $_SESSION['SESS_MEMBER_ID'] = $member['member_id']; $_SESSION['SESS_LOGIN_NAME'] = $member['login']; $_SESSION['SESS_PASS'] = $member['passwd']; session_write_close(); //header("location: member-index.php"); echo ('<meta http-equiv="refresh" content="0;url=member-index.php">'); exit(); }else { //Login failed //header("location: login-failed.php"); echo ('<meta http-equiv="refresh" content="0;url=login-failed.php">'); exit(); } }else { die("Query failed"); } ?> auth.php (included on top of all php pages <?php //Start session session_start(); //Check whether the session variable SESS_MEMBER_ID is present or not if(!isset($_SESSION['SESS_MEMBER_ID']) || (trim($_SESSION['SESS_MEMBER_ID']) == '')) { //header("location: access-denied.php"); echo ('<meta http-equiv="refresh" content="0;url=access-denied.php">'); exit(); } ?>

oops i missed that thats alot bro cheers

not working it only display just one result $today = date("m/d"); $res = mysql_query("SELECT * FROM members WHERE dob LIKE '$today%'"); $rw = mysql_fetch_array($res); echo $rw['dob']; echo '<br/>'; echo $rw['name']; echo '<br/>'; echo $today;

friend i store dob as 12/17/1984 in my table now how do i go on geting users birthday if today is 12/16 how could i display only the mm/dd from table? i tried $today = date("m-d"); $result = mysql_query("SELECT * FROM members WHERE dob = '".$today."'"); but not happening

oh yes bro server side through php am rechecking, this is only for users to see the calculated results. btw thumbs up to u i had been trying to sort this for hours

sorry for my bad english i really am not good at asking questions nor explaining dunno why but cheers u got me right and now i get what i was looking for one last help bro i need to get the values of <label id="totaladd"></label> and <label id="totalsub"></label> and <label id="total"></label> in some input field aswell i think it could be done by hidden field but not getting the right way to do it. maybe you could help me achieve it too?

yes ofcourse, im trying to get the total substraction output as say field 1 i add 500 and field 2 i add 100 the the output should be 600 i have run it here http://jsfiddle.net/KXGEY/8/ all works fine except the total substraction part.

<html> <head> <title>Sum Html Textbox Values using jQuery/JavaScript</title> <script src="http://ajax.googleapis.com/ajax/libs/jquery/1/jquery.min.js"></script> <script> $(function() { $(document).on('blur keyup', '.add, .sub', function(e) { var sum = 0; $('.add, .sub').each(function(i) { if (!isNaN(this.value) && this.value.length != 0) { if ($(this).hasClass('add')) { sum += parseFloat(this.value); } else { sum -= parseFloat(this.value); } } }); $('#total').text(sum.toFixed(2)); }) }) </script> </head> <body> <form method="post" action="calc.php"> Addition: <br/> Field 1: <input type="text" class="add" name="1" value="7500"/><br/> Field 2: <input type="text" class="add" name="2" value=""/><br/> Field 3: <input type="text" class="add" name="3" value=""/><br/> Field 4: <input type="text" class="add" name="4" value=""/><br/><br/> Total Addition: <br/><br/> Substraction: <br/> Field 1: <input type="text" class="sub" name="5" value=""/><br/> Field 2: <input type="text" class="sub" name="6" value=""/><br/> Field 3: <input type="text" class="sub" name="7" value=""/><br/> Field 4: <input type="text" class="sub" name="8" value=""/><br/><br/> Total Substraction: <br/><br/> Grand Total: <div id="total"></div> <input type="submit" value="submit" /> </form> </body> </html>

ok fixed it

friend the following code fetches city state etc from google by zip or postcode which works fine on my localhost wamp server but when i try it online on my webhost nothing is showing, how can i fix it please? $search_code = urlencode($row['zip']); $url = 'http://maps.googleapis.com/maps/api/geocode/json?address=' . $search_code . '&sensor=false'; $json = json_decode(file_get_contents($url)); $lat = $json->results[0]->geometry->location->lat; $lng = $json->results[0]->geometry->location->lng; $address_url = 'http://maps.googleapis.com/maps/api/geocode/json?latlng=' . $lat . ',' . $lng . '&sensor=false'; $address_json = json_decode(file_get_contents($address_url)); $address_data = $address_json->results[0]->address_components; $street = str_replace('Dr', 'Drive', $address_data[1]->long_name); $town = $address_data[2]->long_name; $county = $address_data[3]->long_name; thanks

oh mate its just a small script with not too much traffic only for a office use for 15 users not more. yes i read and understood what u wrote thanks alot for the right advise ill keep that in mind. cheers

lol done. its actually funny everytime i come here asking for help but end up fixing it by myself most of the time did this and i got what i needed //Check number of members $query = "SELECT COUNT(*) AS Count FROM members"; $result = mysql_query($query); $result = mysql_fetch_assoc($result); $count = $result['Count']; if($count >= 5) { $errmsg_arr[] = 'We cannot accept more users right now!'; $errflag = true; } thanks mate appreciate your time

Guys i want to limit registration but its not working. say if members table already has 5 rows then i want to show the error registration closed but somehow its now working as in data still getting inserted... //Check number of members if($login != '' || $password != '') { $qry = "SELECT COUNT(*) FROM members"; $result = mysql_query($qry); if($result) { if(mysql_num_rows($result) > 5) { $errmsg_arr[] = 'Cannot add more users'; $errflag = true; } @mysql_free_result($result); } else { die("Query failed"); } }

thanks you been really helpful really appreciate it.

hahaha got it now its working made a mistake $todaysdata = date("T-m-d"); instead of $todaysdata = date("Y-m-d"); cheers bro

using this and it does download the csv but data does not appear on the file $query = "select * FROM data WHERE DATE_FORMAT(date_time, '%Y-%m-%d') = '$todaysdata' ";

used the one you gave it works but no data in the csv file

ok this works but again all blank not data getting downloaded $query = "select * FROM data WHERE DATE_FORMAT(date_time, '%Y-%m-%d') = '".$todaysdara."'";

what is wrong here? $query = 'SELECT * FROM data WHERE DATE_FORMAT(date_time, '%Y-%c-%d') = "'.$todaysdata.'"'; still getting error

lol you are right but slight issue i get error now as Parse error: parse error on that line

there is data in the table and i want to compare is say today is 2014-04-04 i want to get only those rows with 2014-04-04 from date_time but the date_time stores records as 2014-04-04 22:13:19

but if i remove $query = sprintf('SELECT * FROM data''); all data gets downloaded

yes i meant the file does gets downloaded but the csv file remains blank no data on it

OK friends im back yet again with new issue. from my table i am trying to download data matching current day date but somehow its not working, i save date as `date_time` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP, the outcome is 2014-04-04 22:13:19 here is my code, what i want is download data which is posted only today like 2014-04-04 so i did this but it downloads all blank require_once('config.php'); $todaysdata = date("Y-m-d"); $query = sprintf('SELECT * FROM data WHERE date_time = "'.$todaysdata.'"'); $result = mysql_query($query) or die('Failed to connect to server: ' . mysql_error()); $today = date("d-m-Y"); header("Content-Type: text/csv"); header("Content-Disposition: attachment;filename=Data_Backup.$today.csv"); $row = mysql_fetch_assoc($result); if ($row) { echocsv(array_keys($row)); } while ($row) { echocsv($row); $row = mysql_fetch_assoc($result); } function echocsv($fields) { $separator = ''; foreach ($fields as $field) { if (preg_match('/\\r|\\n|,|"/', $field)) { $field = '"' . str_replace('"', '""', $field) . '"'; } echo $separator . $field; $separator = ','; } echo "\r\n"; }

hehe yes i was on the cell phone on the previous reply. anyways i sorted it by redirecting it to another php file through which i delete files inside that dir thanks and cheers