MuphN

hello. For some reason my script works but it doesnt store to the detabase. I made these so it would be stored without selection input or something. $s = 100; $sa = 1; $sb = 10; $ac = 10; $sd = 10; And my storing results script. if ($insert_stmt = $mysqli->prepare("INSERT INTO members (username, email, password, salt, drop, s, sa, sb, ac, ad) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)")) { $insert_stmt->bind_param('ssssssssss', $username, $email, $password, $random_salt, $drop, $s, $sa, $sb, $ac, $ad); // Execute the prepared query. if (! $insert_stmt->execute()) { header('Location: ../error.php?err=Registration failure: INSERT'); } }

Okey I understand it now. Thanks again for saving my script. Gratefull!! )) and thx mac_graver for taking your time to help me aswell! Awesome.

what is return false; for in that function? i mean, If the function called it should show, there is no else. OR Should I make $usersThing = getThing($mysqli); if ($usersThing === True) { return true; }else{ return false; } If that works. hmmm

function getThing($mysqli) { if ($stmt = $mysqli->prepare("SELECT Thing FROM members WHERE id = ? LIMIT 1")) { $user_id = $_SESSION['user_id']; $stmt->bind_param('i', $user_id); $stmt->execute(); $stmt->store_result(); if ($stmt->num_rows == 1) { $stmt->bind_result( $Thing); $stmt->fetch(); return $Thing; } } return false; } $usersThing = getThing($mysqli); // get the users thing Then I should use echo $usersThing; as I understood?

so should I create new function? and use it on other? function getThing($mysqli) { if ($stmt = $mysqli->prepare("SELECT Thing FROM members WHERE id = ? LIMIT 1")) { $stmt->bind_param('i', $Thingy); $stmt->execute(); // Execute the prepared query. $stmt->store_result(); if ($stmt->num_rows == 1) { // If the user exists get variables from result. $stmt->bind_result( $Thing); $stmt->fetch(); } hmmm I still dont understand this quet well. I think I made up a nonsense for this function. But if it would be ok then I would echo getThing; ??

So after this I could just do echo $Thing; right and it will print the Thing from the detabase witch is from the right User ID - Logged in now?

Hello. I need some help making a script (udnerstanding it). So I need to get for exemple "Thing" from detabase by salecting id witch user is logged in now. This is to check if user is logged in. function login_check($mysqli) { // Check if all session variables are set if (isset($_SESSION['user_id'], $_SESSION['username'], $_SESSION['login_string'])) { $user_id = $_SESSION['user_id']; $login_string = $_SESSION['login_string']; $username = $_SESSION['username']; // Get the user-agent string of the user. $user_browser = $_SERVER['HTTP_USER_AGENT']; if ($stmt = $mysqli->prepare("SELECT password FROM members WHERE id = ? LIMIT 1")) { // Bind "$user_id" to parameter. $stmt->bind_param('i', $user_id); $stmt->execute(); // Execute the prepared query. $stmt->store_result(); if ($stmt->num_rows == 1) { // If the user exists get variables from result. $stmt->bind_result($password); $stmt->fetch(); $login_check = hash('sha512', $password . $user_browser); if ($login_check == $login_string) { // Logged In!!!! return true; } else { // Not logged in return false; } } else { // Not logged in return false; } } else { // Not logged in return false; } } else { // Not logged in return false; } } And I need to get the the thing from detabase table named Members. and name it a $. I know how to get it, but I dont know how to get from logged id now. (ID). For exemple user loggs in and it should show Hes satus from thing.

oh, now I understand it, Thank you man! Solved. Really gratefull! Cheers

Script does work, but it doesn't insert new user to a detabase. Where could I go wrong?

So as I understood that, if I name my new dropdown . $drop = filter_input(INPUT_POST, 'my_dropdown', FILTER_SANITIZE_STRING); and I place it somewhere near $password = filter_input(INPUT_POST, 'p', FILTER_SANITIZE_STRING); if (strlen($password) != 128) { // The hashed pwd should be 128 characters long. // If it's not, something really odd has happened $error_msg .= '<p class="error">Invalid password configuration.</p>'; } $drop = filter_input(INPUT_POST, 'my_dropdown', FILTER_SANITIZE_STRING); and I place it somewhere near for exemple like that. and place "<?php $name = 'my_dropdown'; $options = array( 'test', 'Dtrsdft', 'Asdfgn', 'Adfs' ); $selected = 0; echo dropdown( $name, $options, $selected ); ?>" in register <form> and then I place prepare("INSERT INTO members (username, email, password, salt, Thing) VALUES (?, ?, ?, ?, $drop)") //is that correct? - I dont really understand the questionmarks, dose it include the posts in row, For exemple if option will be last one its the last ? or username will be after password so there will be like username on password?

Okey. So I read tutorial how to make log/reg sacure script. I did understand most of things. But now I need to add for exemple an option to it. I have register page with containts: <form action="<?php echo esc_url($_SERVER['PHP_SELF']); ?>" method="post" name="registration_form"> Username: <input type='text' name='username' id='username' /><br> Email: <input type="text" name="email" id="email" /><br> Password: <input type="password" name="password" id="password"/><br> Confirm password: <input type="password" name="confirmpwd" id="confirmpwd" /><br> <input type="button" value="Register" onclick="return regformhash(this.form, this.form.username, this.form.email, this.form.password, this.form.confirmpwd);" /> <select class="select"> <option id="Archer" selected>Archer</option> <option id="Swordsman">SwordsMan</option> <option id="Assasin">Assasin</option> <option id="Dualist">Dualist</option> </select> </form> and then there is my option: in my functions.php function dropdown( $name, array $options, $selected=null ) { /*** begin the select ***/ $dropdown = '<select name="'.$name.'" id="'.$name.'">'."\n"; $selected = $selected; /*** loop over the options ***/ foreach( $options as $key=>$option ) { /*** assign a selected value ***/ $select = $selected==$key ? ' selected' : null; /*** add each option to the dropdown ***/ $dropdown .= '<option value="'.$key.'"'.$select.'>'.$option.'</option>'."\n"; } /*** close the select ***/ $dropdown .= '</select>'."\n"; /*** and return the completed dropdown ***/ return $dropdown; } ----- In reg.php. Functions are included. <?php $name = 'my_dropdown'; $options = array( 'test', 'Dtrsdft', 'Asdfgn', 'Adfs' ); $selected = 0; echo dropdown( $name, $options, $selected ); ?> and this is my whole rgister.inc.php file. Which adds contet to detabase <?php include_once 'db_connect.php'; include_once 'psl-config.php'; $error_msg = ""; if (isset($_POST['username'], $_POST['email'], $_POST['p'])) { // Sanitize and validate the data passed in $username = filter_input(INPUT_POST, 'username', FILTER_SANITIZE_STRING); $email = filter_input(INPUT_POST, 'email', FILTER_SANITIZE_EMAIL); $email = filter_var($email, FILTER_VALIDATE_EMAIL); if (!filter_var($email, FILTER_VALIDATE_EMAIL)) { // Not a valid email $error_msg .= '<p class="error">The email address you entered is not valid</p>'; } $password = filter_input(INPUT_POST, 'p', FILTER_SANITIZE_STRING); if (strlen($password) != 128) { // The hashed pwd should be 128 characters long. // If it's not, something really odd has happened $error_msg .= '<p class="error">Invalid password configuration.</p>'; } // Username validity and password validity have been checked client side. // This should should be adequate as nobody gains any advantage from // breaking these rules. // $prep_stmt = "SELECT id FROM members WHERE email = ? LIMIT 1"; $stmt = $mysqli->prepare($prep_stmt); if ($stmt) { $stmt->bind_param('s', $email); $stmt->execute(); $stmt->store_result(); if ($stmt->num_rows == 1) { // A user with this email address already exists $error_msg .= '<p class="error">A user with this email address already exists.</p>'; } } else { $error_msg .= '<p class="error">Database error</p>'; } // TODO: // We'll also have to account for the situation where the user doesn't have // rights to do registration, by checking what type of user is attempting to // perform the operation. if (empty($error_msg)) { // Create a random salt $random_salt = hash('sha512', uniqid(openssl_random_pseudo_bytes(16), TRUE)); // Create salted password $password = hash('sha512', $password . $random_salt); // Insert the new user into the database if ($insert_stmt = $mysqli->prepare("INSERT INTO members (username, email, password, salt) VALUES (?, ?, ?, ?)")) { $insert_stmt->bind_param('ssss', $username, $email, $password, $random_salt); // Execute the prepared query. if (! $insert_stmt->execute()) { header('Location: ../error.php?err=Registration failure: INSERT'); } } header('Location: ./register_success.php'); } }?> So, I need to understand how dose it work. I understand somethings. but not all of it. Talking about transfering username, password and so on. So I need to transfare the Option aswell. for exemple table name is members and add an option to "Things" on members table. Dont understand this part especealy prepare("INSERT INTO members (username, email, password, salt) VALUES (?, ?, ?, ?)") - does the "?" gets the values from cookies or something? Would be grateful for help.