Hazukiy
-
Posts
125 -
Joined
-
Last visited
Everything posted by Hazukiy
-
Well I have this as my session but I would like it to get the name through the database ID. So when they login, it's getting their database ID. function sec_session_start() { $session_name = 'sec_session_id'; $secure = false; $httponly = true; ini_set('session.use_only_cookies', 1); $cookieParams = session_get_cookie_params(); session_set_cookie_params($cookieParams["lifetime"], $cookieParams["path"], $cookieParams["domain"], $secure, $httponly); session_name($session_name); session_start(); session_regenerate_id(true); }
-
Aha done it. I removed the = ?, my fault, was being stupid xD Thanks for your help ^.^ EDIT: Ok I've noticed a problem, it's returning only 1 record, so i'm only getting one name, its not getting the name depending on the ID :/
-
Ok so instead of this: "SELECT id, firstname, lastname FROM users WHERE firstname = ? AND lastname = ? LIMIT 1" I should change it to this?: "SELECT id, firstname, lastname FROM users WHERE id = ? LIMIT 1"
-
Sorry forgot to add the login function, here it is: function login($email, $password, $mysqli) { if ($stmt = $mysqli->prepare("SELECT id, username, password, salt FROM users WHERE email = ? LIMIT 1")) { $stmt->bind_param('s', $email); $stmt->execute(); $stmt->store_result(); $stmt->bind_result($user_id, $username, $db_password, $salt); $stmt->fetch(); $password = hash('sha512', $password.$salt); if($stmt->num_rows == 1) { if(checkbrute($user_id, $mysqli) == true) { return false; } else { if($db_password == $password) { $user_browser = $_SERVER['HTTP_USER_AGENT']; $user_id = preg_replace("/[^0-9]+/", "", $user_id); $_SESSION['user_id'] = $user_id; $username = preg_replace("/[^a-zA-Z0-9_\-]+/", "", $username); $_SESSION['username'] = $username; $_SESSION['login_string'] = hash('sha512', $password.$user_browser); return true; } else { $now = time(); $mysqli->query("INSERT INTO login_attempts (user_id, time) VALUES ('$user_id', '$now')"); return false; } } } else { return false; } } }
-
Hi, recently I've created a login form and I've used the salt method (which I've not really used before) and everything is working great apart from the login. Basically what happens is I can login with any password. So if my password was 'hello1234' and I put 'fndsjnmfosd' it would state that as correct; try it yourself at www.harvy.info Sign up and then try to login, you'll see that you can enter any password and it'll see that as correct. Thanks. Login proccess (What happens when you try to login) <?php include 'dbConfig.php'; include 'functions.php'; sec_session_start(); if(isset($_POST['email'], $_POST['p'])) { $email = $_POST['email']; $password = $_POST['p']; if(login($email, $password, $mysqli) == true) { header('Location: member.php?id='); } else { header('Location: login.php?error=1'); } } else { echo 'Invalid Request'; } ?>
-
Yeah, I wanted it so that when they login it returns their First and Lastname depending on the ID.
-
Hi, how would I make it so that my page returns and echos database information? I've used the mysqli method in most of my coding, examples below and basically I want it so that it querys the firstname and lastname to the correct session id. I managed to do something like this before by doing a $row search but the problem with that was that it was returning all of the first and lastnames not one that matches the id to the database. I know you can do $row searches but I'm not too sure on those and the ones that were shown are not safe as it displays things like the database name, database password ect in that document where I've done an include like > include 'dbConfig.php'; (Also please note even though it hasn't got any includes, that's because the pages themselves are includes and all the includes that are needed such as the database one, I've declared on previous pages.) How I would like it to work: <?php Do some kind of safe row search up here. if(<USERS ID IS VALID THEN DO THIS>) { Echo the firstname and lastname here. } ?> How I've tried to do it: <?php if ($stmt = $mysqli->prepare("SELECT id, firstname, lastname FROM users WHERE firstname = ? AND lastname = ? LIMIT 1")) { $stmt->execute(); $stmt->store_result(); $stmt->bind_result($user_id, $firstname, $lastname); $stmt->fetch(); if($stmt->num_rows == 1) { $_SESSION['user_id'] = $user_id; $_SESSION['firstname'] = $firstname; $_SESSION['lastname'] = $lastname; echo $firstname; echo $lastname; return true; } } ?>
-
"I'm trying to make it so that my Wrapper fixes to the screen resolution"
-
Ah ok so one of the passwords in the database that I'm just testing with is "$2nv5iZW/6eTw" and I've salted the hash this way $passwordHash = crypt($password, '$2y$12$' . generate_salt()); So I would have to do this in the login?: $password = "$2y$12$"
-
Ok so i need to change this? $password = trim ($_POST['password']);
-
Hi, I'm trying to make it so that my Wrapper fixes to the screen resolution depending on your screen, so I'm basically debugging on both my laptop and my 32"" monitor. Would they be any possible way to make it so: "height: 100%" "width: 100%" If so how would I do this method? I've got this far atm: (The wrapper is help inside the main Container which just has "width: 100%; min-width: 100%; padding: 0; margin: 0; " Excuse my sloppy coding. .index_wrapper { width: 100%; height: 1600px; min-width: 500px; max-width: 100%; min-height: 500px; max-height: 1600px; margin-top: 50px; margin-bottom: 25px; margin-right: auto; margin-left: auto; } .index_content { background-color: #1e1f1f; background-image:url('images/structure/background-2.jpg'); background-repeat: no-repeat; height: 100%; min-height: 100%; width: 100%; min-width: 1452px; border: 1px solid #505050; border-left:none; border-right:none; border-top: none; vertical-align: baseline; }
-
Appreciate the help and no I'm not a hacker and I don't plan on being on either. I'm 18 years old and I just want to learn more about web development such as PHP, jQuery ect... I've created a small website just to understand it and so far so good. The reason I'm not using the "free system" PHP forms is because If I'm going to program I like to do it on my own, but of course when I need help with something that I can't get my head around I go on forums, hence my presence here.
-
Ok so I tried what you said but it seems to keep returning it? I've had this problem in the past with any Login / Registration forms where it just keeps returning it when I try to log in, my register form works fine but I've always had a problem with the loggin in part. Here's the up to date version of my login.php <?php session_start(); include "dbConfig.php"; if ($_SERVER['REQUEST_METHOD'] == "POST") { $username = trim($_POST['username']); $password = trim ($_POST['password']); $query = "SELECT * FROM users WHERE username='$username' AND password='$password' LIMIT 1"; $result = mysql_query($query) or die(mysql_error()); if(!$result) { die("Wrong username or password."); } if(!mysql_num_rows($result)) { die("No user found by that username."); } else { Header("Location: memberstest.php"); exit(); } } ?>
-
Well it made no sense to me? Why would he say "in my eyes creating a "login form" is a crime" ?? I'm sorry but I don't get why he's saying this for? If I was a hacker I don't think I'd be on a forum asking for help? + I like to be constructive
-
I'm sorry but wtf? Being creative and wanting to learn is a crime? Sorry but ahha what? xD
-
It's returning this: "elseif(!mysql_num_rows($result))"
-
Hi, I'm trying to make a login form for my website, but I can't seem to get my head around this problem, basically it keeps returning this row error and I'm not too sure why? Really need some help on this, thanks. (Excuse my sloppy coding; just trying to get the basics to work atm) LOGIN.PHP <?php session_start(); include "dbConfig.php"; if ($_SERVER['REQUEST_METHOD'] == "POST") { $username = trim($_POST['username']); $password = trim ($_POST['password']); $query = "SELECT * FROM users WHERE username='$username' AND password='$password' LIMIT 1"; $result = mysql_query($query) or die(mysql_error()); if(!$result) { die("Wrong username or password."); } elseif(!mysql_num_rows($result)) { die("No user found by that username."); } else { Header("Location: memberstest.php"); exit(); } } ?> <form action="login.php" method="POST"> Username:<br> <input class="login_form" type="text" name="username" id="username" maxlength="20"> <br><br> Password:<br> <input class="login_form" type="password" name="password" id="password" maxlength="50"> <br><br> <button type="submit" name="submit" class="InputButton">Login</button> </form> REGISTER.PHP <?php session_start(); define('SALT_CHARACTERS', 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789'); function generate_salt() { $salt = ''; for($i = 0; $i < 21; $i++) { $salt .= substr(SALT_CHARACTERS, mt_rand(0, strlen(SALT_CHARACTERS) - 1), 1); } return $salt; } $errors = array(); if(isset($_POST['firstname']) && isset($_POST['lastname']) && isset($_POST['username']) && isset($_POST['email']) && isset($_POST['password'])){ require_once 'dbConfig.php'; $firstname = trim($_POST['firstname']); $lastname = trim($_POST['lastname']); $username = trim($_POST['username']); $email = trim($_POST['email']); $password = $_POST['password']; if($firstname == '') { $errors[] = 'Please enter your firstname.'; header("location: register.php?r=error"); } if($lastname == '') { $errors[] = 'Please enter your lastname.'; header("location: register.php?r=error"); } if($email == '') { $errors[] = 'Please enter an email address.'; header("location: register.php?r=error"); } if($username == '') { $errors[] = 'Please enter a username.'; header("location: register.php?r=error"); } if($password == '') { $errors[] = 'Please enter a password.'; header("location: register.php?r=error"); }elseif(strlen($password) < 6) { $errors[] = 'Your password must be at least 6 characters long.'; header("location: register.php?r=error"); } if(count($errors) === 0) { $passwordHash = crypt($password, '$2y$12$' . generate_salt()); $query = "INSERT INTO users(firstname, lastname, username, email, password) VALUES('$firstname', '$lastname', '$username', '$email', '$passwordHash')"; $result = mysql_query($query) or die(mysql_error()); if ($result) { header("location: register.php?r=success"); exit(); } else { die("Query failed"); } } } ?>
-
Ok so I'm getting some errors with my Query, would you know how I can lay it out other than the way I've done it? if(count($errors) === 0) { $passwordHash = crypt($password, '$2y$12$' . generate_salt()); $query = $link->prepare('INSERT INTO users VALUES(\'\', :firstname, :lastname, :username, :email, :password, \'0\')'); $query->execute(array( ':firstname' => $firstname, ':lastname' => $lastname, ':username' => $username, ':email' => $email, ':password' => $passwordHash, )); $lastId = $link->lastInsertId(); }
-
Ahah I just noticed, thanks xD
-
Oh, sorry forgot to post all the code <form action="register.php" method="POST"> <fieldset> <label for="firstname">First name:</label> <font color="red">*</font><input class="GeneralForm" type="text" name="firstname" id="firstname" maxlength="30"><br> <br> <label for="lastname">Last name:</label> <font color="red">*</font><input class="GeneralForm" type="text" name="lastname" id="lastname" maxlength="30"><br> <br> <label for="username">Username:</label> <font color="red">*</font><input class="GeneralForm" type="text" name="username" id="username" maxlength="20"><br> <br> <label for="email">Email:</label> <font color="red">*</font><input class="GeneralForm" type="text" name="email" id="email" maxlength="30"><br> <br> <label for="password">Password:</label> <font color="red">*</font><input class="GeneralForm" type="password" name="password" id="password" maxlength="20"><br> <br> <button type="submit" name="submit" class="InputButton" value="Submit">Submit</button> </fieldset> </form>
-
How's this? if(isset($_POST['firstname']) && isset($_POST['lastname']) && isset($_POST['username']) && isset($_POST['email']) && isset($_POST['password'])) { require_once 'dbConfig.php'; $fullname = strtolower(trim($_POST['firstname'])); $secondname = strtolower(trim($_POST['secondname'])); $username = strtolower(trim($_POST['username'])); $email = strtolower(trim($_POST['email'])); $password = $_POST['password']; if($firstname == '') { $errors[] = 'Please enter your firstname.'; } if($lastname == '') { $errors[] = 'Please enter your lastname.'; } if($email == '') { $errors[] = 'Please enter an email address.'; } if($username == '') { $errors[] = 'Please enter a username.'; } if($password == '') { $errors[] = 'Please enter a password.'; } elseif(strlen($password) < 6) { $errors[] = 'Your password must be at least 6 characters long.'; } if(count($errors) === 0) { $passwordHash = crypt($password, '$2y$12$' . generate_salt()); $query = $link->prepare('INSERT INTO users VALUES(\'\', :firstname, :secondname, :username, :email, :password, \'0\')'); $query->execute(array( ':firstname' => $firstname, ':secondname' => $secondname, ':username' => $username, ':email' => $email, ':password' => $passwordHash, )); } } ?> Also, what do you mean by work out my logic? Thanks.
-
UPDATE: This is what I have at the moment. <?php define('SALT_CHARACTERS', 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789'); function generate_salt() { $salt = ''; for($i = 0; $i < 21; $i++) { $salt .= substr(SALT_CHARACTERS, mt_rand(0, strlen(SALT_CHARACTERS) - 1), 1); } return $salt; } $errors = array(); if(isset($_POST['firstname']) && isset($_POST['lastname']) && isset($_POST['username']) && isset($_POST['email']) && isset($_POST['password'])) { require_once 'dbConfig.php'; $fullname = $_POST['firstname']; $email = strtolower(trim($_POST['email'])); $password = $_POST['password']; if($firstname == '') { $errors[] = 'Please enter your firstname.'; } if($lastname == '') { $errors[] = 'Please enter your lastname.'; } if($email == '') { $errors[] = 'Please enter an email address.'; } if($username == '') { $errors[] = 'Please enter a username.'; } if($password == '') { $errors[] = 'Please enter a password.'; } elseif(strlen($password) < 6) { $errors[] = 'Your password must be at least 6 characters long.'; } if(count($errors) === 0) { $passwordHash = crypt($password, '$2y$12$' . generate_salt()); $query = $link->prepare('INSERT INTO users VALUES(\'\', :firstname, :secondname, :username, :email, :password, \'0\')'); $query->execute(array( ':firstname' => $firstname, ':secondname' => $secondname, ':username' => $username, ':email' => $email, ':password' => $passwordHash, )); } }
-
Hi, I'm just wondering but if my webhost has SQL version 5.1, what are the syntax of that for PHP login & register forms? So like $q = "INSERT INTO `Table1` (`username`,`password`,`email`) " ."VALUES ('".$_POST["username"]."', " ."PASSWORD('".$_POST["password"]."'), " ."'".$_POST["email"]."')"; Would this be the right use of syntax? I'm having a few problems with making a clean and safe php login and register form. Thanks.
-
Can anyone recommend some website that'll teach me how to create clean, safe and effient code cause all the ones that I've come across so far are not that good.
