ajoo

Hi all ! I wish to post the value of an auto submit dropdown value to another page, be redirected to that page, and use it on that page. I am unable to achieve this in php and so I tried as :-follows:- dropdown.php <form method="post" action = dropdownaction.php> <select name="myselect" onchange="this.form.submit();"> <option>blue</option> <option>red</option> </select> </form> and now I need the equivalent of dropdownaction.php <?php if(isset($_POST(['myselect']))) echo " I am selected".$_POST['myselect']; ?> Please can someone tell me how I may retrieve the value of 'myselect' in the dropdownaction.php after being redirected to it. Thanks loads.

Thanks Ch0cu3r, your suggestion resolved the problem. It's fine even on a reboot. Thanks loads !

Thanks Ch0cu3r, I'll try this and revert soon. Thanks !

Hi Ch0cu3r, yes you are right ofcourse but i don't want to just stop the current apache 2,2 httpd.exe service but i want to remove it permanently. Else every time I restart the machine the 2,2 httpd.exe service come on and prevents the latest apache from starting. So any ideas how I can remove the 2.2 version service permanently. Thanks !

Hi, I upgraded my XAMPP to the version 1.8.3 (win32) recently. Apache failed to start and I got the following error Port 443 in use by ""D:\xampp\apache\bin\httpd.exe" -k runservice" with PID 1568! On checking this PID against the running processes I found that this was the service Apache 2.2 httpd.exe. This new version installed however is Apache2.4. So it seems that the old version is somehow conflicting with the new. How can I do so. I do not wish to change ports in config files. The last version worked seamlessly and this upgrade has caused this conflict. I do not wish to have a patchwork solution, instead I would like to remove the old httpd.exe from wherever I must and have the ports free for the new one. Thanks for any suggestions and help. Ajoo.

Yes Thanks , I guess that was not required as correctly pointed by all of you. Thanks

Hi I am trying to split a form as shown in this simple code. I tried what I thought should work but obviously it is not working. This submits the first part of the form but does not go to the second part of the form. So First name, Last names and Age are submitted but email and cell are not and it throws a undefined index warning for those. Can someone please take a look at this and suggest if what I am trying to do can be accomplished using PHP. Thanks <?php if(isset($_POST['submit']) && $_POST['submit'] == 'Submit') { echo"<br> First Name = ".$_POST['fname']."<br>" ; echo"Last Name = ".$_POST['lname']."<br>" ; echo"Age = ".$_POST['age']."<br>" ; echo"Email = ".$_POST['email']."<br>" ; echo"Cell = ".$_POST['cell']."<br>" ; } ?> <html> <head> <title> WOW </title></head> <body> <table> <form id="form1" action = "splitform.php" method="post"> <th> TEST </th> <tr><td>First Name : </td> <td><Input type='text' name = 'fname'></td></tr> <tr><td>Last Name : </td> <td><Input type='text' name = 'lname'></td></tr> <tr><td>AGE : </td> <td><Input type='text' name = 'age'></td></tr> </form> <form id ="form1" action = "splitform.php" method="post"> <tr><td>Email : </td> <td><Input type='text' name = 'email'></td></tr> <tr><td>Cell: </td> <td><Input type='text' name = 'cell'></td></tr> </form> <tr><td><Input type="submit" name = "submit" value = "Submit" form = "form1"></tr></td> </table> </body> </html>

Hi Psycho & all. I have gone through the example but I don't understand it too well bcos I am not familiar with javascript or Jquery for that matter. Hence I wanted a PHP only solution. My problem has two parts. The first is to display a SUBMIT button centered below the form. The second is to ensure that that submit button is also a part of the form that contains the checked box buttons. Else how would the status of the checked boxes get POSTed on submit. If this cannot be achieved with PHP alone then please could you kindly integrate the jquery code into my example for me. Thanks !

Hey I am sorry. I did not intend to post this one here but did so by mistake. I am using only php here. But from your reply it seems that it came to the right place. Is there no way to do this using PHP ? If not, then can we use JQuery instead? Meanwhile I'll look at your reply. Thanks for that Psycho.

Hi ! I am created this form - well it's more of a view and less of a form since the form part is only the check-boxes column and the rest is the data displayed from a database. But now I want to have this submitted with a SUBMIT button centered beneath the form after I have checked the required check boxes. I am unable to find a way to do this maybe simple task. Please help, unclubbed.php <?php $dbhost = 'localhost'; $dbuser = 'root'; $dbpass = ''; $db = 'testdb'; // CHANGE THIS TO ANY EXISTING DB ON PHPMYADMIN OR CREATE THIS DB FIRST IN PHPMYADMIN // $fcon = mysqli_connect($dbhost, $dbuser, $dbpass, $db); if(!$fcon ) { die('Could not connect: ' . mysql_error()); } // echo 'Connected successfully'; /* /////////// UNCOMMENT TO CREATE A TABLE IN A DATABASE NAMED testdb THEN COMMENT BACK ///////////// $sql = "CREATE TABLE member( mid INT NOT NULL AUTO_INCREMENT, name VARCHAR(20) NOT NULL, reg_date Date NOT NULL, email VARCHAR(30) NOT NULL, cell INT NOT NULL, status VARCHAR(2) NOT NULL, primary key ( mid ))"; if (mysqli_query($fcon,$sql)) { echo "Table member created successfully"; } else { echo "Error creating table: " . mysqli_error($con); } $query = "Insert into member (name, reg_date, email, status) VALUES ('John','1980-08-12','john@123.com','9878954323','cc')"; mysqli_query($fcon, $query); $query = "Insert into member (name, reg_date, email, status) VALUES ('Bill','1988-03-21','bill@123.com','9878900123','cc')"; mysqli_query($fcon, $query); $query = "Insert into member (name, reg_date, email, status) VALUES ('Jack','1990-05-18','jack@123.com','9878912300','cc')"; mysqli_query($fcon, $query); */ $check = true; $query = "SELECT * from member"; $result = mysqli_query($fcon, $query); if(isset($_POST['submit']) && $_POST['submit'] == 'Submit') { echo "<br> Member = ".$_POST['name']."<br>" ; echo "RegDate = ".$_POST['reg_date']."<br>" ; echo "Email = ".$_POST['email']."<br>" ; echo "Status = ".$_POST['status']."<br>" ; /// more code would go here once I have submitted the check box information successfully ///// } ?> <html> <head> <title> CLUB ADMIN </title></head> <body> <table> <?php echo "<table class = 'TFtable' border = 1 cellspacing =2 cellpadding = 5 >"; echo "<tr>"; echo "<th> S.No. </th>"; echo "<th> Member </th>"; echo "<th> Reg Date </th>"; echo "<th> Email </th>"; if($check == true) echo "<th> <Input type='checkbox' id='selecctall' /> All </th>"; else echo "<th> Status </th>"; echo "</tr>"; $cnt = 1; while ($row = mysqli_fetch_array($result, MYSQLI_ASSOC)) { $name = htmlspecialchars($row['name']); $reg_date = htmlspecialchars($row['reg_date']); $cell = htmlspecialchars($row['cell']); $email = htmlspecialchars($row['email']); $mid = htmlspecialchars($row['mid']); if($check == false) $status = htmlspecialchars($row['status']); echo "<tr>"; echo "<td>".$cnt++."</td>"; echo "<td>".$name."</td>"; echo "<td>".$reg_date. "</td>"; echo "<td>".$email. "</td>"; if($check == true) { echo "<form name = 'form1' action='unclubbed.php' method='post' > "; echo "<td align ='center'><Input type='hidden' name='mid' value=$mid> <Input class='checkbox1' type = 'checkbox' name='check[]' value='$mid'> </td>"; echo "</form>"; echo "</tr>"; } else echo "<td>".$status. "</td> </tr> "; } ?> </table> </body> </html> Thanks !

Thanks loads. I'll take the precautions. Thanks Jacques for that insight into character encoding. I'll read more on that.

Hi ! Thanks for the reply. #1. The source of this information would be a Mysql database. But yes I will use htmlspecialchars(). #2. For the second case I mentioned the hyperlink because that is passed through the URL and I thought that that maybe be a cause of a security concerns which should be addressed. #3. Yes this would be just like the #2 as you have mentioned and for this I would need to validate the post data submitted. If there is anything that you would like to add to the first 2 cases. Thanks

Hi friends, Another security issue but this time its regarding outputting data from a DB to a browser. Please have a look at the code below which displays some output fetched from a DB and sends it to a browser. 1. If I just wish to display this output on a screen and not provide the user with any buttons or hyperlinks to interact with the information, would I still need to sanitize the output before echoing it to the screen ? 2. If I was to make at least one of the fields a hyperlink, so that I could then display some related information on another webpage, what security concerns would I need to address in my code? 3. If I was to add a button against each of these records, on each row, and then select some related information on another webpage after processing the button handler, what would be the security concerns that I should address for the code below. Thanks very much. <table> <tr> <th> S.No. </th> <th> Name </th> <th> Age </th> <th> City </th> <th> Cell </th> <th> Email</th> </tr> <?php $cnt = 1; while ($row = mysqli_fetch_array($result, MYSQLI_ASSOC)) { echo "<tr>"; echo "<td>".$cnt++."</td>"; echo "<td>".$row['Name']. "</td>"; echo "<td>".$row['Age']. "</td>"; echo "<td>".$row['City']. "</td>"; echo "<td>".$row['Cell']. "</td>"; echo "<td>".$row['Email']. "</td>"; echo "</tr>"; } ?> </table>

Hi friends, I came back this morning and saw no response to my query and thought either I must be doing something brilliant ( big doubt!) or something downright foolish ( more likely). So instead of being disheartened, I took that as an opportunity to delve deeper and explore my code again. I then broke my code apart piecemeal till I came to a point where I realized that in all probability the sub-menu was not really locked but was going under one of the divs!! and when I shifted .lblock div (LEFT BLOCK) down by 50 points, well there was the menu buried under it. So the locking was just an illusion and the sub-menus were appearing though underneath the left div. Well that solves most of it except that now maybe someone can say how I can get the menu to be on top and now below the divs when the mouse hover action is triggered. Please check the pic attached. It shows the dropdown menu going below the left div. Btw the portion with the grey background is the left div, the portion with the brown background is the right div and the total area covered by both is the mainbody div. The mainbody div holds the left and the right div. The div structure portion of the code is as follows: /////////////////////////// MAIN BODY DIV HOLDS THE LEFT AND RIGHT DIVS <div class = 'mainbody'> <div class = 'lblock'> <!-- ////////////// LEFT DIV STARTS HERE /////////////////// --> <?php $query = "Select * FROM $table "; $result = mysqli_query($fcon,$query); if(!$result)die('Error in accessing the Database ' . mysqli_error($fcon)); else { $count = 0; $tf ="demo.php?page=contacts"; echo "<table class=TFtable width=100% >"; echo "<tr> <td COLSPAN=4 bgcolor='#aafff1' >CLUB MEMBERS REGISTER </td></tr>"; while($rows=mysqli_fetch_array($result)) { $count = $count+1; $field[$count][0] = $rows['ID']; $field[$count][1] = $rows['fname']; $field[$count][2] = $rows['lname']; $field[$count][3] = $rows['city']; echo "<tr>"; echo "<td> " .$count. "</td>"; echo "<form action = demo.php?page=contacts method = post > "; echo "<td> &nbsp ".$rows['fname'].' '.$rows['lname']. "</td>"; echo "<td> <Input type = hidden name = id value=" .$field[$count][0]. " /> </td>"; echo "<td> <Input type=submit name=submit value=Submit /> </td>"; echo "</tr>"; echo "</form>"; } echo '</table>'; } ?> </div> //////////////////// RIGHT DIV STARTS HERE ////////////////////////////////// <div class = 'rblock' > <center> <form action="demo.php?page=contacts" method = "POST" > <!-- <table bgcolor="#89a89a" cellspacing = 10px cellpadding = 10px> --> <table class = 'TFtable' width = 100%> <tr><td COLSPAN = 2 bgcolor="#aafff1">CLUB REGISTRATION </td></tr> <tr> <td width = 30%>Room No: </td><td width = 70%> <input size="30" maxlength="30" STYLE="background-color: #efefef;" type ="text/css" name="room_no" value = "<?php echo ($room_no); ?>" readonly/> <input size="10" maxlength="30" type ="hidden" name="sid" value = "<?php echo ($sid); ?>" /> </td> <tr> <td width = 30%>Name : </td><td width = 70%><input size="30" maxlength="60" type ="text/css" name="name" value = "<?php echo ($name); ?>" readonly/> </td> <tr> <td width = 30%>City : </td><td width = 70%><input size="30" maxlength="60" type="text" name="city" value = "<?php echo ($city); ?>" readonly/> </td> <tr> <td>User ID :* </td><td><input size="30" maxlength="60" type ="text/css" name="userid" value = "<?php if(isset($_POST["userid"])) echo htmlspecialchars($userid); ?>"/></td> <tr><td colspan = 2 align = "center"> <Input style="height:22px; width:64px" type = "submit" name = "esubmit" value = "ERegister" /> </td></tr> <tr><td COLSPAN = 2 bgcolor="#aafff1" align = 'center'> <?php echo $_SESSION['msg_conterr'] ; ?><?php echo $_SESSION['msg_contsucc'] ; ?> </td></tr> </table> </form> </div> </div>

Hi all ! I have a website at www.bestbet.bugs3.com/club/demo.php wherein I have a menu on a menubar which seems to be malfunctioning. I am unable to rectify this. If anyone has ever come across a similar behavior pleas help me out. The login and ID is itsme and f19768 respectively. The menu is a simple menu with two buttons Home and Member. The Member upon mouse hover drops down two submenus Member & Record. The menu functions fine if I click on Home or Member submenu. After clicking any of these two buttons if I hover on Member, the menu drops down again but if I click on Record submenu and then mouse hover on Member, the menu does not hover and seems to be locked for some unknown reason. I then have to click on Home to unlock the menu. I am baffled by this locking action. Please help. Thanks ! The css file /* CSS for menu buttons & the navbar */ .navbar{ width: 1000px; height: 25px; background-image: url(../images/navbar_grad1.jpg); background-repeat: repeat-x; } .button { margin: 0px; padding: 0px; } .button ul { margin: 0px; padding: 0px; } .button li { list-style: none; float: left; position: relative; background: #efefef; /* Rem This helped remove the transparency issue in menu buttons. It in effect assigns the block color of the menu button */ } .button ul li a { ' padding: 5px, 10px, 5px, 10px; line-height: 23px; color: #222222; text-align: center; text-decoration : none; width: 100px; height: 25px; display: block; } .button ul ul { position: absolute; display: none; } .button ul li:hover ul { display:block; } .button ul{ padding: 0 0px; 'border-radius: 10px; list-style: none; position: relative; display: inline-block; background: linear-gradient(top, #efefef 08, #bbbbbb 1008); background: -webkit-linear-gradient(top, #efefef 08, #bbbbbb 1008); /* For Chrome and Safari */ background: -moz-linear-gradient(top, #efefef 08, #bbbbbb 1008); /* For old Fx (3.6 to 15) */ box-shadow: 0px 0px 9px rgba(0,0,0,15); } .button ul li{ float: left; } .button ul li:hover{ background: #4b545f; /* Changes the background color of the button on hover to white */ background: linear-gradient(top, #4f5964 08, #5f6975 408); background: -webkit-linear-gradient(top, #4f5964 08, #5f6975 408); /* For Chrome and Safari */ background: -moz-linear-gradient(top, #4f5964 08, #5f6975 408); /* For old Fx (3.6 to 15) */ } .button ul li:hover a{ line-height: 23px; color: #fff; } .button ul li:hover > ul {margin:0px; padding:0px;} .button ul li:hover > ul li{float:none; display:block;} .button ul li:hover > ul li a{color:#666; min-width:100px;} .button ul li:hover > ul li a:hover{color: #fff;} .button ul li {position:relative;} .button ul li ul{position:absolute; top: 25px; left: 0px;} the navbar <div class = 'navbar'> <div class = 'button'> <ul> <li> <a href="demo.php?page=home">Home</a> </li> <li> <a href="#">Member</a> <ul> <li> <a href="demo.php?page=gallery">Member</a> </li> <li> <a href="demo.php?page=contacts">Record</a> </li> </ul> </li> </ul> </div> </div> The file that processes thye clicking on the 'Record' drop down menu. <?php // error_reporting(E_ALL & ~E_NOTICE); if(!defined('INCLUDE_CHECK')) die('header.php is cannot run directly'); sec_session_start(); if(isset($_SESSION['timeout'])) { $is_timed_out = is_timed_out(); // check for timeout of a session. if($is_timed_out == 1) { $_SESSION['msg'] = " FROM --- TIMEOUT --- LINE 51"; header ("Location: loggedout.php"); // logout if timed out exit; } } $error = 0; $err = ""; // $_SESSION['msg_conterr'] = $_SESSION['msg']['reg-err']; // $_SESSION['msg_contsucc']= $_SESSION['reg-success']; $table = "employees"; if($_POST['submit']=='Submit') { $id = $_POST['id']; $query = "Select * FROM $table WHERE ID = $id"; $result = mysqli_query($fcon,$query); if(!$result)die('Error in accessing the Database ' . mysqli_error($fcon)); else { $rows=mysqli_fetch_array($result); $fname = htmlspecialchars($rows['fname']); $lname = htmlspecialchars($rows['lname']); $dob = htmlspecialchars($rows['dob']); $room_no = htmlspecialchars($rows['room_no']); } $name = htmlspecialchars($fname.' '.$lname); // $_SESSION['msg']['reg-err']="Enter a unique User ID"; // $_SESSION['msg']['reg-success']=""; mysqli_free_result($result); } if($_POST['esubmit']=='ERegister') { $err = array(); $room_no = htmlspecialchars($_POST['room_no']); $name = htmlspecialchars($_POST['name']); $current = 'http://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']; if(isset($_SERVER['HTTP_REFERER'])) $referrer = $_SERVER['HTTP_REFERER']; if ( $referrer != $current ) { $err[]='WRONG PAGE WRONG FORM = '.$_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']. 'SCRIPT = '; } if(strlen($_POST['userid'])<4 || strlen($_POST['userid'])>32) { $err[]='Your username must be between 3 and 32 characters!'; } if(preg_match('/[^a-z0-9\-\_\.]+/i',$_POST['userid'])) { $err[]='Your username contains invalid characters!'; } if(preg_match('/[^a-z0-9\-\_\.]+/i',$_POST['city'])) { $err[]='Your city contains invalid characters!'; } if(!count($err)) { $pass = substr(md5($_SERVER['REMOTE_ADDR'].microtime().rand(1,100000)),0,6); $userid = mysqli_real_escape_string($fcon,$_POST['userid']); $query = "Select Username FROM members WHERE Username = '$userid' "; $result = mysqli_query($fcon,$query); $rowcount=mysqli_num_rows($result); if($rowcount == 0) // dumn co { $strSql="INSERT INTO members(Username,Password,city,room_no) VALUES( '".$userid."', '".md5($pass)."', '".$city."', '".$room_no."' )"; mysqli_query($fcon,$strSql) or die (mysqli_error($fcon)); mysqli_free_result($result); if(mysqli_affected_rows($fcon)==1) // data inserted successfully { } else $err[] = ' Error inserting data '; } else { $err[]='This username is already taken!'; } } if(count($err)) { $_SESSION['msg']['reg-err'] = implode('<br />',$err); } } ?> <div class = 'mainbody'> <style type="text/css"> .lblock { float:left; width: 50%; height: 476px; background-color: #888; position: relative; text-align: left; } .rblock { float:right; width: 50%; height: 476px; background-color: #C87; position: relative; text-align: center; } .rblock p{ padding: 2px; font-family: verdana; font-size: 14px; text-align: center; color: #fff; } .mainbody{ width: 1000px; height: 476px; font-family: verdana; font-size: 11px; color: #313131; background: #c5c5c5; overflow: auto; } <!-- Styling of the left side rows --> .TFtable{ width:100%; border-collapse:collapse; } .TFtable td{ padding:7px; border:#4e95f4 1px solid; } /* provide some minimal visual accomodation for IE8 and below */ .TFtable tr{ background: #b8d1f3; } /* Define the background color for all the ODD background rows */ .TFtable tr:nth-child(odd){ background: #b8d1f3; } /* Define the background color for all the EVEN background rows */ .TFtable tr:nth-child(even){ background: #dae5f4; } <!-- Styling of the input form --> .rblock input[type=submit] { width: 30em; height: 3em; } </style> <div class = 'lblock'> <!-- ////////////// TABLE STARTS HERE /////////////////// --> <?php $query = "Select * FROM $table "; $result = mysqli_query($fcon,$query); if(!$result)die('Error in accessing the Database ' . mysqli_error($fcon)); else { $count = 0; $tf ="demo.php?page=contacts"; echo "<table class=TFtable width=100% >"; echo "<tr> <td COLSPAN=4 bgcolor='#aafff1' >CLUB MEMBERS REGISTER </td></tr>"; while($rows=mysqli_fetch_array($result)) { $count = $count+1; $field[$count][0] = $rows['ID']; $field[$count][1] = $rows['fname']; $field[$count][2] = $rows['lname']; $field[$count][3] = $rows['city']; echo "<tr>"; echo "<td> " .$count. "</td>"; echo "<form action = demo.php?page=contacts method = post > "; echo "<td> &nbsp ".$rows['fname'].' '.$rows['lname']. "</td>"; echo "<td> <Input type = hidden name = id value=" .$field[$count][0]. " /> </td>"; echo "<td> <Input type=submit name=submit value=Submit /> </td>"; echo "</tr>"; echo "</form>"; } echo '</table>'; } ?> </div> <div class = 'rblock' > <center> <form action="demo.php?page=contacts" method = "POST" > <!-- <table bgcolor="#89a89a" cellspacing = 10px cellpadding = 10px> --> <table class = 'TFtable' width = 100%> <tr><td COLSPAN = 2 bgcolor="#aafff1">CLUB REGISTRATION </td></tr> <tr> <td width = 30%>Room No: </td><td width = 70%> <input size="30" maxlength="30" STYLE="background-color: #efefef;" type ="text/css" name="room_no" value = "<?php echo ($room_no); ?>" readonly/> <input size="10" maxlength="30" type ="hidden" name="sid" value = "<?php echo ($sid); ?>" /> </td> <tr> <td width = 30%>Name : </td><td width = 70%><input size="30" maxlength="60" type ="text/css" name="name" value = "<?php echo ($name); ?>" readonly/> </td> <tr> <td width = 30%>City : </td><td width = 70%><input size="30" maxlength="60" type="text" name="city" value = "<?php echo ($city); ?>" readonly/> </td> <tr> <td>User ID :* </td><td><input size="30" maxlength="60" type ="text/css" name="userid" value = "<?php if(isset($_POST["userid"])) echo htmlspecialchars($userid); ?>"/></td> <tr><td colspan = 2 align = "center"> <Input style="height:22px; width:64px" type = "submit" name = "esubmit" value = "ERegister" /> </td></tr> <tr><td COLSPAN = 2 bgcolor="#aafff1" align = 'center'> <?php echo $_SESSION['msg_conterr'] ; ?><?php echo $_SESSION['msg_contsucc'] ; ?> </td></tr> </table> </form> </div> </div> In case these are not sufficient, I can zip the entire website ( its not very big) and send / post it as an attachment on this forum or to an email ID for anyone wanting to help. Thanks again to all.

Thanks loads. That was the problem. Will avoid using the short cut. How can I avoid the intermingling of of html and php , say in this very example. Thanks !

Hi ! Can someone take a look at this simple code which worked perfectly till I upgraded to php 5.5.11. Here in my code popo should be either late or great depending upon the variable value ( in this case Great ). It seems to be echoing out both !?? Please can someone point the error ? I seem to be missing it. Thanks ! <?php session_start(); $_SESSION['popo']="POPO"; ?> <html> <head> <title> DYN PAGE </title> <style> .wrapper{ width: 1000px; height: 600px; border: 1px solid #e1e1e1; margin: 10px auto 0 auto; } .header{ width: 1000px; height: 65px; font-size: 17px; font-width: bold; color: #fff; text-align: center; background: #717171; } .lowerheader{ width: 1000px; height: 60px; color: #fff; text-align: center; background: #919191; 'display: table; 'overflow: hidden; } </style> </head> <body> <div class = 'wrapper'> <div class = 'header'> <? if(isset($_SESSION['popo']) && $_SESSION['popo'] == "POPO"): ?> <h2><br> POPO IS GREAT </br></h2> <? else : ?> <h2><br> POPO IS LATE </br></h2> <? endif ; ?> </div> <div class = 'lowerheader'> <p> What ever it takes </P> </div> </div> </body> </html>

hey wow !! That seems like a lot of information to ingest. Thanks loads fellas I'll read this and more on sessions and logins and be back with some more meaningful questions. Thanks all !

Hi all ! I am really stuck on creating a secure login and site navigation system. Can someone say how secure sessions be created and how to use sessions / cookies / session - cookies together. for navigating a website, like moving from page to page and any special precautions to take while doing a critical task ( say one which involves accessing a database for reading or writing). Generally either sessions or cookies are used for this but I was wondering if it would be a good idea to use both in case that makes the system more secure. Thanks

Thanks Jacques, I will create a new thread now as you suggest but i can swear that almost all examples that I saw on the net use sha512. MD5 and the lot that you rejected for hashing passwords. Thanks for the example on bcrypt. I'll look into it.

Hi Jacques1 and Avi. Thank you both for the reply. I would like to make some clarifications. No I am not storing the password in a cookie nor am i storing th plain text password anywhere. I am storing a hashed and salted version of the password in the tables. However I use another hashed and salted string that i am creating from the password, user browser, and a salt ( 128 characters long) as shown below and store it in a session variable to check, for e.g. when a user moves to another page or if the page is refreshed,and ensure if the user is valid and belongs to this session. $login_str = hash('sha512', $submitted_password . $user_browser. $salt); // hashed string created from submitted password $_SESSION['logincheck'] = $login_str // stored in session. To check on another or refreshed page $login_check = hash('sha512', $stored_password . $user_browser. $salt); // hashed string created from stored password if($login_check == $_SESSION['$logincheck']); // confirm if the user is the right one. Yes I use sha512 because I read that that was safe and has been used in some of the secure login systems that I read about on the web. So if that's a mistake, kindly elaborate so that i can take another look at the other encryption routines. Then as i have mentioned I also thought I would use cookies simultaneously with sessions do be doubly sure of the users login. So i used a similar technique to hash another salted string and store that in a cookie on the user's machine for handshaking while browsing between pages or on page refreshes, I check for both these values and if they match, I know its the right user in the session. For this purpose, I pull out the password from the db and recreate a new string to check against the submitted password just as i have done for the sessions above. Now that, like i mentioned, may or may not be a good idea and I am not sure. Hence I am asking the gurus.

Hi all, In the login systems on the web, I have found that some use sessions and some others use cookies to validate a login. Normally for login systems with sessions, a hashed login string is created using say the password and HTTP_USER_AGENT is stored in a $_SESSION['logincheck'] variable. $login_check = hash('sha512', $password . $user_browser); and Before access is provided to the secure login page this SESSION variable is checked against a hashed string created again from values of password retrieved from the database again. $_SESSION['logincheck']== $login_check and if the two are same then the user is allowed to access his secure area. A similar approach is also provided in some cases where cookies are used. The values stored in cookies are checked against hashed values created with values of variables from the database and if they match access to the user page is granted. What I wish to ask and know is that would it be a good idea or a bad idea to implement both of these in a login system? What would be the advantages or disadvantages in both cases. I thought that using both would be a good idea but i am not sure. I have also not come across any system where both of these have been used simultaneously. Thanks all !

Hi thanks for the reply. Yes that's correct, the drive letter path and all and btw I managed to get rid of the error by just shutting down the machine once and starting it again. Yea just that. Without making a single change to the code. That error message seemed to have got stuck. So finally after many attempts at trying this n that I decided to shut down the browser and also the machine. It worked. Now the code is working and there are no messages. So the question is does anyone have any idea or has shared a similar experience whereby shutting the machine gets things going ? Any idea why this happens ? Thanks !

Hi all, I am getting this Notice and I am unable to figure out why. Notice: Array to string conversion in D:\xampp\htdocs\xampp\MagicOn\functions\gen_functions.php on line 1084 Index.php calls the session start routine sec_session_start() which generates the error mentioned above. Line 1084 ( I have put the line number in the function against the line ) is indicated in the function sec_session_start() as the one which is calling session_start(). <?php //error_reporting(E_ALL & ~E_NOTICE); define('INCLUDE_CHECK',true); require 'loader.php'; sec_session_start(); $now = time(); . . . function sec_session_start() { $session_name = 'sec_session_id'; // Set a custom session name $secure = false; // Set to true if using https. $httponly = true; // This stops javascript being able to access the session id. ini_set('session.use_only_cookies', 1); // Forces sessions to only use cookies. $cookieParams = session_get_cookie_params(); // Gets current cookies params. session_set_cookie_params($cookieParams["lifetime"], $cookieParams["path"], $cookieParams["domain"], $secure, $httponly); // 0, /, ''. session_name($session_name); // Sets the session name to the one set above. 1084 session_start(); // Start the php session session_regenerate_id(TRUE); // regenerated the session, delete the old one. } ?> Grateful for any help. Thanks.

Hi, I am using transactions on a piece of code whose structure is somewhat like this if ( condition ) { mysqli_autocommit($fcon, false); if ( condition ) { $query " "; if ( condition ) { $query " "; if ( condition ) { $make = makeTable(); // where this is a function which creates a table and uses a query like INSERT into ... to create an entry in a table if ( $make == true) { $query " "; if ( condition ) { $query " "; } else else and so on ending all else. The problem is that the function call to makeTable prevents the roll back beyond that point. Please can someone tell me if and how it would be possible to roll back all the way to the defined starting point at the very beginning of the code block. Thanks all for any help, comments, suggestions.