Jump to content

Mlaaa

Members
  • Content Count

    22
  • Joined

  • Last visited

  • Days Won

    1

Mlaaa last won the day on April 8 2017

Mlaaa had the most liked content!

Community Reputation

2 Neutral

About Mlaaa

  • Rank
    Member
  • Birthday 09/24/1982

Profile Information

  • Gender
    Male
  • Location
    Croatia
  • Age
    34

Contact Methods

  • Skype
    mario.lukacic.or
  1. <?php // date H is display a hour in a 24 hour format 20:00 $t = date("H"); // so if Hour $t is lesser than 20:00 display message "have a good day" 00:00 - 19:59 if ($t < "20") { // display this message until 20:00 h echo "Have a good day."; } else { // time is now 20:00+ echo "Have a good night."; } ?>
  2. Are u using error_reporting(E_ALL); ini_set('error_reporting', 1); var_dump($_COOKIE); And i think that u need to check if user is logged in ( if cookie exists ) before u try to login.
  3. First of all u don't have in your input fields name="" which is used for $_POST['name'], it need to be like this Login form: <form action ="login.php" method="POST"> <input type="text" name="Username" class= "inputvalues" placeholder="Username" required/><br> <input type="password" name="Password" class= "inputvalues" placeholder="Password" required/><br> <input type="submit" name="submit" id="login_btn" value="Register"/> </form> Register form: <form action ="register.php" method="POST"> <input type="text"
  4. U thinking clearly , if i select username from database it will give me all information about this user as i need, and what i need is to check if that password is valid for that username from query. So your code need to be valid. I try to login with all combination and it only login me with right username and password. So this works. Thanks guys.
  5. I try this, and it works, if u enter valid username it wont login if u enter valid password and invalid username it wont login. But if i leave WHERE korisnicko_ime = :username AND lozinka = :password this don't works. $stmt = $dbh->prepare("SELECT * FROM administrator WHERE korisnicko_ime = :username"); $stmt->bindParam(':username', $username); $stmt->execute(); $p = $stmt->fetch(); if (password_verify($password, $p['lozinka']) && $p['korisnicko_ime'] == $username) { $_SESSION['laa'] = $username; header('Location: index.php'); exit(); }
  6. Thanks i used it like this and how works, also problem was in $p['password'] instead or $p['lozinka'] and same for username/korisnicko ime. $stmt = $dbh->prepare("SELECT * FROM administrator WHERE korisnicko_ime = :username"); $stmt->bindParam(':username', $username); $stmt->execute(); $p = $stmt->fetch(); if (password_verify($password, $p['lozinka']) || $p['korisnicko_ime'] == $username) { $_SESSION['laa'] = $username; header('Location: index.php'); exit(); }
  7. So i need first query to get the password from the database that i can check it with entered password ? Then another query to check if username and password match ?
  8. Hi, i have problem with login script. Problem is that i cant login using my username and password. Password i entered in database was with password_hash('admin', PASSWORD_DEFAULT); Here is a code <?php include 'config.php'; if (isset($_SESSION['laa'])) { die('U already logged in. <a href="index.php">Home</a>'); } if (isset($_POST['login'])) { if (isset($_POST['username']) && isset($_POST['password'])) { $username = strip_tags($_POST['username']); $password = strip_tags($_POST['password']); if (empty($username) || empty($password)) { $error = 'Pleas
  9. So what u can suggest to me how do i escape data before i insert them into database ? Because i founded in one CMS some fuctions to escape, or is this bad example of using function cleartext($text, $bbcode=true, $calledfrom='root') { $text = htmlspecialchars($text); $text = strip_tags($text); $text = smileys($text,1,$calledfrom); $text = insertlinks($text,$calledfrom); $text = flags($text,$calledfrom); $text = replacement($text, $bbcode); $text = htmlnl($text); $text = nl2br($text); return $text; } function htmloutput($text) { $text = smileys($text); $text = insertlinks($text);
  10. I know for validation that i must check is user/email already exists, double password check, crypt password, password/username lenght and that kind of stuff im just curious when i take $_POST data from form do i must somehow to secure them before inserting.
  11. Hi I have a question about managing data from forms and database, to be exact for safe input/output data from form input fields. Do i need some filters to remove code from input if user try to insert ? When i making database table i limiting chars and same in form. Here is a piece of code i use just for test and example : // connection to database $dbh = new PDO('mysql:host=localhost;dbname=test123', 'root', ''); $dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); // variables to insert into database $username = $_POST['username']; $password = $_POST['pass
  12. Sorry for this try...catch block i was trying it on my computer i readed on link he gave Set PDO in exception mode. Do not use try..catch to report errors. Configure PHP for proper error reporting But can u tell me what to use then to protect input fields when inserting data into database or PDO do it itself ? Do i must use some kind of filter or just go with variable itself without any protection ? I know that with prepared statements u avoid SQL injections.
  13. So is this will be a good usage of PDO ? Im just curious because i learned from codeacademy from youtube chanell. I just didn't added that code in function in try...catch block. try { $dbh = new PDO('mysql:host=localhost;dbname=test123', 'root', ''); } catch (PDOException $e) { print "Error!: " . $e->getMessage() . "<br/>"; die(); } function NewUser() { $username = strip_tags($_POST['username']); $email = filter_var($_POST['useremail'], FILTER_VALIDATE_EMAIL); $password = strip_tags($_POST['password']); $stmt = $dbh->prepare("INSERT INTO members (usernam
  14. I personally using a built in php filters http://php.net/manual/en/book.filter.php But from hes code u see he is starting to learn and even don't know how to make a query right, so for start will be better to jump straight to PDO http://www.w3schools.com/php/php_mysql_prepared_statements.asp http://php.net/manual/en/book.pdo.php
  15. Try like this and check for PDO instead of using mysqli its more simpler and less code. <?php $con = new mysqli('localhost', 'id535401_root', 'Patch201796','id535401_kickednetwork' ) or die("Could not connect to mysql".mysqli_error($con)); function NewUser() { $username = htmlspecialchars($_POST['username']); $email = htmlspecialchars($_POST['useremail']); $password = htmlspecialchars($_POST['password']); $username = mysqli_real_escape_string($con, $username); $email = mysqli_real_escape_string($con, $email); $password = mysqli_real_escape_string($con, $password); $qu
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.