devilsvein

Thanks for that barand. Works fine after I added global in...

I've basically created a function which hosts a image and text obtained from my database. Now this all works. The image shows and the correct information from the database is retrieved. IF i put it in a function....the text from the database isn't retrieved. the page that the function is on is as so: <?php require "corefolder/globe.php"; // global connection and data retrieval require "corefolder/gamecore.php"; function Banner() { echo "<div class=bannimage> <img src='newbann.png' /> <div class=text> <h3 style=margin-top:0px; margin-bottom:0px;>"; echo "["; echo $userid; echo "] " ; </div> </div>"; } ?>

Google MySQLi query

ah so i could have like, as a example //some code here then .. echo "<div align=left>"; include "menu"; echo "</div> <div align=right>"; include "page"; echo "</div">

sorry could you elaborate on that. I don't quite fully understand

shouldnt it all be mysqli and not mysql

yeah each time they log in, $variable++ I would also use a cron and every sunday night email someone the counter from variable, and then reset variable to 0 for next weeks count

so how does include know where to position the code... would it need to be in a function and i call the function on the page.

then its something else in your code

$firstname = $_POST['firstname']; $sql = "SELECT id FROM users WHERE first_name =" . $firstname . " LIMIT 1"; $result = mysqli_query($mysqli, $sql); $row = mysqli_fetch_assoc($result); echo $row['Firstname']; $mysqli is the database connection. Sorry I did it procedure style, I never learnt object style.

How would I create a php template that has a banner going across the top, menubar on the left, actual page content on the right and footer at the bottom. I prefer not to keep rewritting the same code over and over.....hence create a template

Hey guys, i decided to create a template which consists of my banner, css sheets, background and a menu bar! Now I want this to be shown on every page.....which is what its doing. for example I have on a page of mine whydonateblood.php <?php <?php session_start(); require "outerheader.php"; require "corefolder/enginecore.php"; ?> Just displaying that out on a page shows the background navigation etc. In simple terms the header template is shown! (so proud of myself! ) So now I want to actually start on the content of the page. I did.... <?php session_start(); require "outerheader.php"; require "corefolder/enginecore.php"; echo "<table width='500px' bgcolor='white'> <tr><td>HI</td></tr> </table>"; ?> But the table starts BELOW the last section of the header... to describe my page...i have a banner going across at the top... a navigation bar on the left hand side. and background in well background the header page consists of a container....... <body> <div align="center"><img src=background.jpg class='bg'></div> <div class="container"> <div class="bannimage"> <img src='newbann.png' /> </div> <div class="mainmenu"> <?php echo displayMenu(); ?> </div> </div> </body> so my question is how can I get the contents of my page....in the correct position in my header template.

I found the issue. It was a code which wasn't shown. i had a snipet at the top of the page which was poorly designed. It was suppose to redirect if the user was already logged in...but ws just logging in for the fun of it.... Thanks for your time and help

Thanks for the feedback. I took the password escape out. But I want to know why I can login with a incorrect password on my site.

Have a issue which I've put a temporary patch on to prevent unauthorized access. But I still want to know why this is happening Basically my "check" system on login checks the username and password of that typed in. If theres no match it should read out a error message and prevent any more attacks. But what I've found out is....if the passwords "hello123" and you type "hello12" it redirects you to the loggedinpage.....which is wrong. login page extract: $username = htmlentities($_POST['username']); $username = mysqli_real_escape_string($mysqli, $username); $password =mysqli_real_escape_string ($mysqli, $_POST['password']); $query = mysqli_query($mysqli, "SELECT * FROM Persons WHERE Username = '$username'"); $row = mysqli_fetch_assoc($query); $numrows = mysqli_num_rows($query); $dbuser = $row['Username']; $dbpass = $row['Password']; $email = $row['Email']; $_SESSION['login'] = false ; $salt1 = $dbuser; $salt2 = $email; $hash = hash('sha512' , $salt1.$password.$salt2); $id = $row['PlayerID']; if( ($username == '') || ($password == '') ) { $error_string .= '<font color=red>You have left either the username or password field blank!</font>'; $_SESSION['login'] = false ; } else if ($numrows == 1) { if ($hash == $dbpass) { //$error_string .= 'Authentication succeeded'; $_SESSION['login'] = true ; $_SESSION['username'] = $username; $_SESSION['email'] = $email; $_SESSION['ID'] = $id; header("Location: loggedin.php"); } else { $error_string .= '<font color=red>Authentication failed</font>'; $_SESSION['login'] = false ; } } else { $error_string .= '<font color=red>Authentication failed</font>'; $_SESSION['login'] = false ; } } So what I have done is on loggedin.php ive placed now if (empty($_SESSION['username']) || empty($_SESSION['email']) || empty($_SESSION['ID']) || $_SESSION['login'] = false) { session_destroy(); header('location: login.php'); die(); } So why on earth is login page saying details are correct when there not because if you still type in the wrong password by one letter it redirects you to loggedin.php but as that code is there in loggedin.php it prevents anyone from accessing.

Im basically working on a site in which I want to display a menu bar on every page. As this site will be built with many pages i feel it would be easier to simply create a function with the menu bar inside it. I have a few questions which i would appreciate if someone could answer. <ul> <li><a href="#">Home</a></li> <li><a href="#">about</a></li> </ul> Let say I have this code above. would i simply be able to do: function menu () { <li><a href=#>Home</a></li> <li><a href=#>about</a></li> </ul> } and call the function on specific areas on the page i want it to be displayed. after requiring that file name. Also curious on if i can do if statements inside that function that display certain menu links depending on the outcome of the condition Thanks

Thanks guys, found it to be that the session variables weren't carrying the data from the login page but still managing to log in. (weird!). Found the issue to be a code i found online to reduce session hijacking. Oh well. Back to using session_start(); only lol

Basically trying to retrieve a username to display from a table in SQL. But it doesn't display anything. Just blank. $sql = "SELECT Username FROM Persons WHERE PlayerID='".$_SESSION['ID']."'"; $result = mysqli_query($mysqli, $sql); $row = mysqli_fetch_assoc($result); $username = $row['Username']; Connection to DB is fine. Table is called Persons, Has headings Username, Password, Player ID To display it I use: <?php echo $username; ?>

function resize_image($image) { width: 50px; height: 50px; } something like that?

thanks for your reply! I did go back to using phpass and managed to place this in; if( $page_mode == 'Login' ) { require "globe.php"; //db connect $username = htmlentities($_POST['username']); $username = mysqli_real_escape_string($mysqli, $username); $password = $_POST['password']; $query = mysqli_query($mysqli, "SELECT * FROM Persons WHERE Username = '$username'"); $row = mysqli_fetch_assoc($query); $numrows = mysqli_num_rows($query); $dbuser = $row['Username']; $dbpass = $row['Password']; $hash_cost_log2 = 8; // Do we require the hashes to be portable to older systems (less secure)? $hash_portable = FALSE; $hasher = new PasswordHash($hash_cost_log2, $hash_portable); if( ($username == '') || ($password == '') ) { $error_string .= '<font color=red>You have left either the username or password field blank!</font>'; } else if ($numrows == 1) { $hash = $hasher->HashPassword($password); if ($hasher->CheckPassword($password, $hash)) { $error_string .= 'Authentication succeeded'; } else { $error_string .= 'Authentication failed'; //echo $pass } } else { $error_string .= '<font color=red>No username can be found! (2)</font>'; } } At the moment no error message appears however my checkpassword function always returns true....if a username and password are entered regardless of whether its right. so i get authentication succeeded showing up

Hi guys, On my registration page I have this code: function myhash($password, $unique_salt) { $salt = "f#@V)Hu^%Hgfds"; $hash = sha1($unique_salt . $password); // make it take 1000 times longer for ($i = 0; $i < 1000; $i++) { $hash = sha1($hash); } return $hash; } function unique_salt() { return substr(sha1(mt_rand()),0,22); } $phash = myhash($password, unique_salt()); I don't know what to do for the logjn page authentication to ensure I get the same hash code for validation. Would really appreciate the help if someone can post a solution or a alternative answer. Thanks! (btw i did try using phpass but couldn't get it to work if anyone suggests that)

Making a login page and using phpass. if( $page_mode == 'Login' ) { require "globe.php"; //db connect $username = htmlentities($_POST['username']); $username = mysqli_real_escape_string($mysqli, $username); $password = $_POST['password']; $query = mysqli_query($mysqli, "SELECT * FROM Persons WHERE Username = '$username'"); $row = mysqli_fetch_assoc($query); $numrows = mysqli_num_rows($query); $dbuser = $row['Username']; $hash_cost_log2 = 8; $hash_portable = FALSE; $hasher = new PasswordHash($hash_cost_log2, $hash_portable); if( ($username == '') || ($password == '') ) { $error_string .= '<font color=red>You have left either the username or password field blank!</font>'; } else if ($numrows == 1) { if ($dbuser == $username) { if ($hasher->CheckPassword($password, $hash)) { //$hash is the hash retrieved from the DB $error_string .= '<font color=red>so far so good!</font>'; } else { $error_string .= '<font color=red>Please enter a valid username and password</font>'; } } } else { $error_string .= '<font color=red>No username can be found! (2)</font>'; } } if ($hasher->CheckPassword($password, $hash)) keeps returning false. therefore not authetinticating the password. Does anyone know why this is

the code from register is, $hashed_password = crypt('pass1'); so for login instead of it being... $hashed_password = crypt($password, $dbpass); it should be $hashed_password = crypt($password);

how? i thought i did so with $hashed_password = crypt($password, $dbpass); sorry for this issue, like first month into php

made a change on my orginal script: instead of if ($password == $hashed_password) i used if ($hashed_password == $dbpass) @pikachu well the password in the database is being hashed up i believe. its not the same password that was inputted. in my register page when the table updates, the user password goes through crypt($password); so how would i fix this in login then? because i can't just do if ($password == $dbpass) ones hashed, the others not