tellyphp

Ch0cu3r mentioned uncommenting the line in the code that assigns the date, but that I only included for testing purposes. The start_point variable eqarlier in the code already has a value (which is the same date in the uncommented code). It is juts that it works as a string, when the code is uncommented, but when ready as a date value from MySQL it does not. Thanks for the information on the MYSQL functions, but I really want to get this done from within PHP code. Telly

//$start_point = '2014-07-22'; $lastday = date('t',strtotime($start_point)); $month_val = date('n',strtotime($start_point)); echo "Last day: ". $lastday . "<br/>"; echo "Month: ". $month_val . "<br/>"; I have a problem with a date value read from a MySQL database table into a PHP variable but when manipulating the vale to determine the month of the date, unexpected results appear. I am not sure what causes this but I suspect PHP is not properly handling date to string conversion. The output from the code shows 1 as the month when it should be 7. Hower the line of code with the comment "//$start_point = '2014-07-22' if added in give the correct result. When the value of the variable "start_point" is printed, it gives the value "2014-07-22". Please see the code Telly

27.//file: selectBenefit.php 28.<?php 29.echo "value: " .$_POST['ss_num'] . "<br/>"; ?> 16.// file: applicant_info.js 17. 18.function getApplicantInfo() { 19. $("#divMainBenefitsProcessing").slideDown(); 20. $.ajax({ cache: false, url: 'selectedBenefit.php', type: 'GET', cache: false, success: function(response) { console.log(response); 21. $("#divMainBenefitsProcessing").html(response); $("#divMainBenefitsProcessing").slideDown(); 22.var radioButton = $("input[name='arr_bnft_records']:checked"); if (radioButton == null || radioButton.length < 1) alert("Please select a benefit record for processing."); else { $("#ss_id_other").val(radioButton.attr("data-ss-id-other")); $.post('selectedBenefit.php',{ss_num: $("#ss_id_other").val()}); 23. } 24. }, beforeSend: function(){ 25. }, error: function(e) { console.log(e.message); } }); } 1.<!-- file: "benefits.htm" --> 2.?<!DOCTYPE html> <html> 3.<head> <title>Benefit Processing Page Social</title> <meta charset = "utf-8"> <link rel = "stylesheet" type = "text/css" href = "css_files/divapplist.css"> 4.<script src="js_files/jquery-1.11.1.min.js"></script> 5. <script type = "text/javascript" src = "js_files/selectBenefit.js"></script> 6. <script type = "text/javascript" src = "js_files/applicant_info.js"></script> 7.</head> 8.<table border="0" cellpadding="10" cellspacing="1" width="900" class="tblListForm"> <tr class="listheader"> <td></td> <td>Social Security No.</td> <td>Last Name</td> <td>Other Name(s)</td> <td>Date of Birth</td> <td>Benefit Type</td> 9.</tr> 10. <tr > <td><input type="radio" name="arr_bnft_records" value="47" data-app-id="37" data-benefit-type="Funeral Grant" data-ss-id-other="33333" data-father-weeks="" data-funeral-qual="" data-last-name="Lee" data-other-names="Brenda" data-dob="1965-04-04" data-sex="F" ></td> <td>33333</td> <td>Lee</td> <td>Brenda</td> <td>1965-04-04</td> <td>Funeral Grant</td> 11.</tr> 12. 13.<tr class="listheader"> <td colspan="6"><input type="button" id = "submit_btn2" value ="Select" onclick= "getApplicantInfo()" /></td> </tr> </table> 14. I have some data assigned in jQuery code that I need to send over to my PHP script and I am not quite sure how to do it. I have a main page "benefit.htm" which calls a JavaScript function "getApplicantInfo()" defined in the source file "applicant_info.js". The get Applicant function then calls "selectBenefit.js" and tries to pass the value "$(#ss_id_other").val()" to the "selectBenefit.js" file as the variable "ss_num" within that file. How can this be accomplished? Source code snippets are included

Thank you so much. It worked by adding the "name" attribute. For some reason, I thought I read somewhere that the "id" attribute was the replacing the use of the "name" attribute so both are note needed, but in this case it really works!. Thanks so much. Telly

<?php // create_user.php $username = $_POST['username']; $password = $_POST['user_pass']; $ss_name = $_POST['ss_name']; echo "ss_name: ". $ss_name. "<br/>"; ?> <!-- registration_page.php --> <form method="post" action="create_user.php"> <datalist id = "oecs_systems"> <?php include_once 'db_connect.php'; /*establish databse connection and create mysql object called msql2 */ if ($stmt = $mysqli_obj2->prepare("SELECT ss_name FROM ss_systems ORDER BY ss_name")){ $stmt->execute(); // Execute the prepared query. $stmt->store_result(); $stmt->bind_result($ss_name); while($stmt->fetch()){ echo "<option value=\" $ss_name\">"; } } else{ echo "Error in preparing database statement to display Social Security Systems <br/>"; } ?> </datalist> <label for = "ss_name"> Social Security Organization:</label> <input id = "ss_name" list = "oecs_systems"/> <br> <input name="Button" type="submit" value="Create user account" /> </form> ?> I create a data list in my source file registration_page.php. However when this page then invokes "create_user.php", the "ss_name" id used for the data list echoes nothing to the screen as if nothing was selected. Why can't I read the datalist selection? I have added the code s well

//login.php code below <?php include_once 'connection.php'; include_once 'myphpfunctions.php'; include_once 'make_connection.php'; start_secure_session(); // defined in "myphpfunctions.php" if (isset($_POST['username'], $_POST['password'])) { $username = $_POST['username']; $password = $_POST['password']; // The hashed password. if (login($username, $password, $mysqli) == true) { // Login success //echo("Login successful"); header('Location:http://main_function_page.htm'); } else { // Login failed //echo ("Login failed"); } } else { // The correct POST variables were not sent to this page. echo 'Invalid Request'; } ?> </body> </html> //-------------------------------------------------------------------- //myphpfunctions.php code below <?php include_once 'connection.php'; include_once 'make_connection.php'; ini_set('display_startup_errors',1); ini_set('display_errors',1); error_reporting(-1); function start_secure_session() { $session_name = '12345'; // Set a custom session name //$secure = SECURE; // This stops JavaScript being able to access the session id. $httponly = true; // Forces sessions to only use cookies. if (ini_set('session.use_only_cookies', 1) === FALSE) { echo ("Could not open a secure session"); exit(); } // Gets current cookies params. $cookieParams = session_get_cookie_params(); session_set_cookie_params($cookieParams["lifetime"], $cookieParams["path"], $cookieParams["domain"], true, true); // Sets the session name to the one set above. session_name($session_name); session_start(); // Start the PHP session session_regenerate_id(); } function login($user_name, $password, $mysqli) { // Using prepared statements means that SQL injection is not possible. if ($stmt = $mysqli->prepare("SELECT user_name, password, salt FROM user_profiles WHERE user_name = ? ")) { $stmt->bind_param('s', $user_name); // Bind "$user_name" to parameter. $stmt->execute(); // Execute the prepared query. $stmt->store_result(); // get variables from result. $stmt->bind_result($user_name, $database_password, $salt); $stmt->fetch(); // hash the password with the unique salt. $password = hash('sha512', $password . $salt); if ($stmt->num_rows == 1) { // Check if the password in the database matches // the password the user submitted. $short_password = substr($password,0,80); if ($database_password == $short_password) { // Password is correct! //echo "password is correct <br/>"; // Get the user-agent string of the user. $user_browser = $_SERVER ['HTTP_USER_AGENT']; // XSS protection as we might print this value $user_name = preg_replace("/[^a-zA-Z0-9_\-]+/", "", $user_name); $_SESSION['user_name'] = $user_name; $_SESSION['login_string'] = hash('sha512', $password . $user_browser); //echo "In login function user name: " . $_SESSION['user_name'] . "<br/>"; //echo "In login function login string: " . $_SESSION['login_string'] . "<br/>"; // Login successful. return true; } else { echo ("Password is incorrect!!!"); return false; } } else { // No user exists. echo "No user exists!!!"; return false; } } // end of if ($stmt = $mysqli->prepare.......) } function login_check($mysqli) { echo 'In login_check function...'; echo "In login_check user name: " . $_SESSION['user_name'] . "<br/>"; //line 103 echo "In login_check login string: " . $_SESSION['login_string'] . "<br/>"; //line 104 // Check if all session variables are set if (isset($_SESSION['user_name'], $_SESSION['login_string'])) { $login_string = $_SESSION['login_string']; $user_name = $_SESSION['user_name']; // Get the user-agent string of the user. $user_browser = $_SERVER['HTTP_USER_AGENT']; if ($stmt = $mysqli->prepare("SELECT password FROM user_profiles WHERE user_name = ? LIMIT 1")) { echo "In if mysqli->prepare statement <br/>"; $stmt->bind_param('s', $user_name); $stmt->execute(); // Execute the prepared query. $stmt->store_result(); if ($stmt->num_rows == 1) { echo "A row found in user_profiles table <br/>"; // If the user exists get variables from result. $stmt->bind_result($password); $stmt->fetch(); $login_check = hash('sha512', $password . $user_browser); if ($login_check == $login_string) { // Logged In!!!! echo "User logged in <br/>"; return true; } else { // Not logged in echo "User not logged in: "; return false; } } else { // Not logged in echo "User not logged in: "; return false; } } else { // Not logged in echo "User not logged in"; return false; } } else { // Not logged in echo "User not logged in"; return false; } } ?> //----------------------------------------------------------------- //process_applicants.php code below <?php include_once 'connection.php'; //include_once 'make_connection.php'; include_once 'myphpfunctions.php'; ini_set('display_startup_errors',1); ini_set('display_errors',1); error_reporting(-1); echo "In process_applicant session variable user name: " . $_SESSION['user_name'] . "<br/>"; /*line 10 */ echo "In process_applicant session variable login string: " . $_SESSION['login_string'] . "<br/>";/*line 11*/ //if (1==1){ if (login_check($mysqli) == true) { // Add your protected page content here! // Check connection if (mysqli_connect_errno()) { echo "Failed to connect to MySQL: " . mysqli_connect_error(); exit(); } if (isset($POST_['ss_residence'])){ $ss_residence = $_POST['ss_residence']; echo 'ss_residence: '. $ss_residence . '<br/>'; } else $ss_residence = NULL; if (isset($_POST['data_file'])){ $data_file = $_POST['data_file']; echo 'data file: '. $data_file. '<br/>'; } if (isset($_POST['last_name'])){ $last_name = $_POST['last_name']; echo 'last_name: '. $last_name. '<br/>'; } if (isset($_POST['oth_names'])){ $oth_names = $_POST['oth_names']; echo 'oth_names: '. $oth_names. '<br/>'; } if (isset($_POST['email'])){ $email = $_POST['email']; echo 'e-mail: '. $email. '<br/>'; } if (isset($_POST['dob'])){ $dob = $_POST['dob']; echo 'date of birth: '. $dob. '<br/>'; } if (isset($_POST['sexType'])){ $sexType = $_POST['sexType']; echo 'sexType: '. $sexType .'<br/>'; } if (isset($_POST['otherOECSSystem'])){ $otherOECSSystem = $_POST['otherOECSSystem']; echo 'Worked in Other OECS territory: '. $otherOECSSystem .'<br/>'; } if (isset($_POST['ss_system'])){ $ss_system = $_POST['ss_system']; echo 'ss_system: '. $ss_system .'<br/>'; } if (isset($_POST['ss_id_other'])){ $ss_id_other = $_POST['ss_id_other']; echo 'Social Security ID number in other OECS territory: '. $ss_id_other. '<br/>'; } if (isset($_POST['id_doc_name'])){ $id_doc_name = $_POST['id_doc_name']; echo 'Name of identification document file: '. $id_doc_name. '<br/>'; } /*if (isset($_POST['appl_date'])){ $appl_date = $_POST['appl_date']; echo 'Application date: '. $appl_date. '<br/>'; }*/ $entered_by = "admin"; /* this should really assign the user name of the person logged in */ $entry_date = "2014/06/08";/*$entry_date = Now();*/ if ($sexType == "Male") $applicant_sex = 'M'; else $applicant_sex = 'F'; echo "applicant_sex: " . $applicant_sex . "<br/>"; if ($stmt = $mysqli->prepare("INSERT INTO applicants (last_name,other_names,sex,dob) values (?, ?,?,?)")) { echo "In if statement prepare section...<br/>"; $stmt->bind_param('ssss', $last_name,$oth_names,$applicant_sex,$dob); $stmt->execute(); $stmt->close(); } else{ echo "Prepared Statement Error: ". $mysqli->error . "br/>"; } } else { echo 'You are not authorized to access this page, please login.'; } ?> </body> </html> I am having a problem where my PHP session variables are becoming undefined. The code starts execution on "login_page.htm" which accepts a user name and password and invokes the php script "login.php". "login.php" calls the function login which is located in the php script "myphpfunctions.php" and within the login function the session variables' values can be printed. After returning from calling the "login" function within "login.php" the session variables' values can still be printed. Then a successful login causes a page called "main_functions_page.htm" to be displayed which has a hyperlink to a page called "applicant_page.htm" which in turn runs a php script called "process_applicants.php". In "process_applicants.php", however, the session variables are now said to be undefined and its function call to the function "login_check" (defined in "myphpfunctions.php") also result in the session variables being undefined. There error messages are as follows: Undefined variable _SESSION in ..../process_applicant.php on line 10 Undefined variable _SESSION in ..../process_applicant.php on line 11 Undefined variable _SESSION in ..../myphpfunctions.php on line 103 Undefined variable _SESSION in .../myphpfunctions.php on line 104 There are comments by these lines in the code.

In login_check function... Notice: Undefined index: user_name in /home/u797292730/public_html/myphpfunctions.php on line 101 In login_check user name: Notice: Undefined index: login_string in /home/u797292730/public_html/myphpfunctions.php on line 102 In login_check login string: User not logged inYou are not authorized to access this page, please login. Hi Jazzman and All: I got some errors in the myphpfunctions.php source file where the login_check function fires an error (which seems to suggest the array indexes of the $_SESSION array do not exist even though they were previously set in the login() function). I am einlcudeing the errors in the code window

session_set_cookie_params($cookieParams["lifetime"], $cookieParams["path"], $cookieParams["domain"], true, true); Hi Maxxd: Thanks for your help. I reduced some errors by eliminating use of the "SECURE" constant and as seen in the code but the replacement code in the session_set_cookie_params functions (where the second to last argument value was replace with the value true instead on that SECURE constant

Notice: Use of undefined constant SECURE - assumed 'SECURE' in /home/u797292730/public_html/myphpfunctions.php on line 14 Notice: Use of undefined constant SECURE - assumed 'SECURE' in /home/u797292730/public_html/myphpfunctions.php on line 27 Warning: session_start() [function.session-start]: Cannot send session cookie - headers already sent by (output started at /home/u797292730/public_html/myphpfunctions.php:14) in /home/u797292730/public_html/myphpfunctions.php on line 32 Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /home/u797292730/public_html/myphpfunctions.php:14) in /home/u797292730/public_html/myphpfunctions.php on line 32 Warning: session_regenerate_id() [function.session-regenerate-id]: Cannot regenerate session id - headers already sent in /home/u797292730/public_html/myphpfunctions.php on line 33 Warning: Cannot modify header information - headers already sent by (output started at /home/u797292730/public_html/myphpfunctions.php:14) in /home/u797292730/public_html/login.php on line 18 Thanks for the information on adding the 3 extra lines at the top for the error reporting. After adding these I get the errors as shown in the code window

The code I am using was modified from http://www.wikihow.com/Create-a-Secure-Login-Script-in-PHP-and-MySQL and a static session id was first assigned and then it was regenerated. However, I am not sure how this affects the fact that I cannot access the values of the session variables. Could you explain further? Regards, Telly

function start_secure_session() { $session_name = 'u797292730_sec'; // Set a custom session name $secure = SECURE; // This stops JavaScript being able to access the session id. $httponly = true; // Forces sessions to only use cookies. if (ini_set('session.use_only_cookies', 1) === FALSE) { echo ("Could not open a secure session"); exit(); } // Gets current cookies params. $cookieParams = session_get_cookie_params(); session_set_cookie_params($cookieParams["lifetime"], $cookieParams["path"], $cookieParams["domain"], SECURE, true); // Sets the session name to the one set above. session_name($session_name); session_start(); // Start the PHP session session_regenerate_id(); } I am sorry, I thought I had included it. Here is the code for the start_secure_session() function

The starting point is the PHP code on the login form which has two text fields - one for the user name and one for the password. Here is the code below. <?php include_once 'connection.php'; include_once 'myphpfunctions.php'; include_once 'make_connection.php'; start_secure_session(); // To start a secure PHP session if (isset($_POST['username'], $_POST['password'])) { $username = $_POST['username']; $password = $_POST['password']; // The hashed password. if (login($username, $password, $mysqli) == true) { // Login success //echo("Login successful"); header('Location:../main_function_page.htm'); } else { // Login failed //echo ("Login failed"); } } else { // The correct POST variables were not sent to this page. echo 'Invalid Request'; } ?> </body> </html> ------------------------------------------------- The function start_secure_session() looks like this function start_secure_session() { $session_name = 'u797292730_sec'; // Set a custom session name $secure = SECURE; // This stops JavaScript being able to access the session id. $httponly = true; // Forces sessions to only use cookies. if (ini_set('session.use_only_cookies', 1) === FALSE) { echo ("Could not open a secure session"); exit(); } // Gets current cookies params. $cookieParams = session_get_cookie_params(); session_set_cookie_params($cookieParams["lifetime"], $cookieParams["path"], $cookieParams["domain"], SECURE, true); // Sets the session name to the one set above. session_name($session_name); session_start(); // Start the PHP session session_regenerate_id(); } The login function is this function login($user_name, $password, $mysqli) { // Using prepared statements means that SQL injection is not possible. if ($stmt = $mysqli->prepare("SELECT user_name, password, salt FROM user_profiles WHERE user_name = ? ")) { $stmt->bind_param('s', $user_name); // Bind "$user_name" to parameter. $stmt->execute(); // Execute the prepared query. $stmt->store_result(); // get variables from result. $stmt->bind_result($user_name, $database_password, $salt); $stmt->fetch(); // hash the password with the unique salt. $password = hash('sha512', $password . $salt); if ($stmt->num_rows == 1) { // Check if the password in the database matches // the password the user submitted. $short_password = substr($password,0,80); if ($database_password == $short_password) { // Password is correct! //echo "password is correct <br/>"; // Get the user-agent string of the user. $user_browser = $_SERVER ['HTTP_USER_AGENT']; // XSS protection as we might print this value $user_name = preg_replace("/[^a-zA-Z0-9_\-]+/", "", $user_name); $_SESSION['user_name'] = $user_name; $_SESSION['login_string'] = hash('sha512', $password . $user_browser); // echo "In login function user name: " . $_SESSION['user_name'] . "<br/>"; //echo "In login function login string: " . $_SESSION['login_string'] . "<br/>"; // Login successful. return true; } else { echo ("Password is incorrect!!!"); return false; } } else { // No user exists. echo "No user exists!!!"; return false; } } // end of if ($stmt = $mysqli->prepare.......) } In the login function the "echo" statements do print the values of the session variables $_SESSION['user_name'] and $_SESSION['login_string']. Then the next age thatdisplays calls the login_check function which is shown below and at the point the session variables have no values. function login_check($mysqli) { echo 'In login_check function...'; echo "In login_check user name: " . $_SESSION['user_name'] . "<br/>"; echo "In login_check login string: " . $_SESSION['login_string'] . "<br/>"; // Check if all session variables are set if (isset($_SESSION['user_name'], $_SESSION['login_string'])) { $login_string = $_SESSION['login_string']; $user_name = $_SESSION['user_name']; // Get the user-agent string of the user. $user_browser = $_SERVER['HTTP_USER_AGENT']; if ($stmt = $mysqli->prepare("SELECT password FROM user_profiles WHERE user_name = ? LIMIT 1")) { echo "In if mysqli->prepare statement <br/>"; $stmt->bind_param('s', $user_name); $stmt->execute(); // Execute the prepared query. $stmt->store_result(); if ($stmt->num_rows == 1) { echo "A row found in user_profiles table <br/>"; // If the user exists get variables from result. $stmt->bind_result($password); $stmt->fetch(); $login_check = hash('sha512', $password . $user_browser); if ($login_check == $login_string) { // Logged In!!!! echo "User logged in <br/>"; return true; } else { // Not logged in echo "User not logged in: "; return false; } } else { // Not logged in echo "User not logged in: "; return false; } } else { // Not logged in echo "User not logged in"; return false; } } else { // Not logged in echo "User not logged in"; return false; } } Can anyone explain where I went wrong? OK. I am giving a shot at using the code tags to explain my problem here below

Hi Jazzman: I am new to this PHPFreaks thing. I am not sure what is meant by posting code using the forums code tags. I have always noticed that I cannot copy and past directly into the forum's post pages. Can you direct me as to how I can post the code without using an attached file with the code? Regards, Telly

I have some difficulty identifying why the session variables' values have disappeared in my PHP code. When I try to echo their values, nothing shows up and when I try to compare the values, it does not work. There are no error messages to indicate something has gone wrong? Can someone assist? x.txt

Hi I solved the problem: For some reason it seems like whenever I removed the comment to test the two lines of PHP code that I was leaving off the ''$' symbol from before "sexType". The code is now working. Thanks everyone for your contributions. Telly

Hi I removed the parenthesis, but I still have the same problem

I am having some difficulty with accessing radio button values with PHP code. Please see the attached file x.txt

Thanks so much. I really overlooked that '$'. Telly

I have a problem: I have some PHP code as show below and every time I add the code at the while loop which starts while($select_stmt->fetch()), I immediately get an error and my page did not display. I downloaded the Zend Studio IDE and at the same line it highlights an error which states "Multiple annotations found at this line. Syntax error unexpected ->, unexpected ')'. I have no clue how to resolve the error as I am new to PHP programming and the "Fix" option from the compiler offers no suggestions. See the attached code file code.txt