quasiman

The only error I'm getting is "Text from image incorrect" coming out of my language file for the elseif statement. If I echo $_SESSION['key'] it does show the correct number, but echoing $_SESSION['number'] returns blank. Sorry I can't give more info...maybe there's something else I need to test for?

Thank you for the suggestion, but it doesn't change anything...

oh, and 'captcha_auth' above just points to the language file as "Text from image incorrect"

I'm working in DaDaBIK, and I need to increase the security a bit for this project.  So one of my changes I'm adding on CAPTCHA authentication to the login.  My problem is the number $_POST doesn't seem to be passing through the session correctly, and won't validate with the the image. This modification uses two of the DaDaBIK files and a captcha.php: include/forms/login.php (the displayed login form) [code=php:0] <table summary="login" class="table_login_form" align="center"> <tr class="tr_header_login_form"> <td valign=top> <b><?php echo $login_messages_ar['please_authenticate']; ?></b> </td> </tr> <tr> <td valign="top" align="center"> <br> <form method="post" action="<?php echo $dadabik_login_file; ?>?function=check_login"> <table> <tr><td><?php echo $login_messages_ar['username']; ?></td><td><input type="text" name="username_user" class="input_login_form"></td></tr> <tr><td><?php echo $login_messages_ar['password']; ?></td><td><input type="password" name="password_user" class="input_login_form"></td></tr> <tr><td>&nbsp;</td><td><img src="captcha.php"></td></tr> <tr><td><?php echo $login_messages_ar['captcha']; ?></td><td><input type="text" name="number" class="input_login_form"></td></tr> <tr><td colspan="2" align="center"><input type="submit" value="<?php echo $login_messages_ar['login']; ?>"></td></tr> </table> </form> </tr> </td> </table> [/code] login.php [code=php:0] $key = $_SESSION['key']; $_SESSION['number'] = $_POST['number']; $number = $_SESSION['number']; $show_record_numbers_change_table = 0; switch($function){ case 'check_login': if ( $_POST['username_user'] === '' || $_POST['password_user'] === '' || $_POST['number'] === '') { txt_out('<p align="center">'.$login_messages_ar['username_password_are_required'].'</p>', 'error_messages_form'); include './include/forms/login.php'; } // end if elseif ($number!=$key) { //CHECK CAPTCHA txt_out('<p align="center">'.$login_messages_ar['captcha_auth'].'</p>', 'error_messages_form'); include './include/forms/login.php'; } // end if else{ $_SESSION['logged_user_infos_ar'] = get_user_infos_ar_from_username_password($_POST['username_user'], $_POST['password_user']); //var_dump ($_SESSION['logged_user_infos_ar']); //exit; if ( $_SESSION['logged_user_infos_ar'] !== false){ //header ('Location: '.$site_url.'index.php'); header ('Location: '.$site_url.$dadabik_main_file); die(); } // end if else{ unset($_SESSION['logged_user_infos_ar']); txt_out('<p align="center">'.$login_messages_ar['incorrect_login'].'</p>', 'error_messages_form'); include './include/forms/login.php'; } // end else } // end else break; // case 'check_login' case 'logout': unset($_SESSION['logged_user_infos_ar']); header ('Location: '.$site_url.$dadabik_login_file); die(); break; // case 'logout' case 'show_login_form': include './include/forms/login.php'; break; // case 'show_login_form' } // end swtich ($function) // include footer include ("./include/footer.php"); [/code] And finally - captcha.php [code=php:0] session_start(); $RandomStr = md5(microtime());// md5 to generate the random string $ResultStr = substr($RandomStr,0,5);//trim 5 digit $NewImage =imagecreatefromjpeg("img.jpg");//image create by existing image and as back ground $LineColor = imagecolorallocate($NewImage,233,239,239);//line color $TextColor = imagecolorallocate($NewImage, 255, 255, 255);//text color-white imageline($NewImage,1,1,40,40,$LineColor);//create line 1 on image imageline($NewImage,1,100,60,0,$LineColor);//create line 2 on image imagestring($NewImage, 5, 20, 10, $ResultStr, $TextColor);// Draw a random string horizontally $_SESSION['key'] = $ResultStr;// carry the data through session header("Content-type: image/jpeg");// out out the image imagejpeg($NewImage);//Output image to browser [/code]

This is more of an advice question than coding... I have a catchall@domain.com email address importing into 2 tables (one for messages, another for attachments).  I can remove the domain.com part of an email to import only the user name, and then use that to only let users see emails associated to their name - IE: user login "Bill" can only see emails sent to bill@domain.com. But if an email is sent to more than one person, it comes in as user@domain.com, user2@domain.com, user3@otherdomain.com.  So...what can I do about it?  I'm thinking I could explode the list and remove each of the domain.com's, then create a seperate record for each user at my domain, but how would I handle the address's not going to my domain?

do you mean: [code=php:0] $move_message = "INSERT INTO mailbox (id, time, name, address, subject_text, body_text) SELECT 'id', 'time', 'name', 'address', 'subject_text', 'body_text' FROM table1"; mysql_query($move_message) or die(mysql_error()); [/code] All this does is insert "id, time, name, address, subject_text, body_text" - not the actual records

I'm trying to copy all records in table1 to table2 (then verify and delete from table1, but I haven't gotten that far yet). But table2 has additional columns, so I must specify each of the columns I want copied.  Even doing so I'm getting the error "Column count doesn't match value count at row 1". Here's what I'm trying: [code=php:0] <?php include('includes/config.inc'); // Make the DB connection $sql_link = mysql_connect ("$sql_host", "$sql_user", "$sql_pass") or exit; mysql_select_db("$sql_db"); //collect info $result = mysql_query("SELECT 'id', 'time', 'name', 'address', 'subject_text', 'body_text' FROM table1"); //insert the info into the 2nd table $move = "INSERT INTO mailbox (id, time, name, address, subject_text, body_text) VALUES ('$result')"; mysql_query($move) or die(mysql_error()); ?> [/code] Any help would be greatly appreciated!

Thanks for all the help!!

I'll be using this as an include to the index page, so everytime the index is loaded this file runs with no output to the user that it's happened. I don't really need to worry about sql injection for that do I?

Well I'm just asking...is that a correct way to do it?  Am I missing anything?

Ok....I like that you're making me work for this  ;) [code]<?php $dbhost = "localhost"; $dbuser = "mydbusername"; $mydbpass = "mydbpassword"; $dbtable1 = "1sttable"; $dbtable2 = "newtable"; $con = mysql_connect($dbhost,$dbuser,$dbpass); if (!$con)   {   die('Could not connect: ' . mysql_error());   } mysql_select_db($mydbase, $con); //get the email address from the first table $getmail = 'SELECT to_address FROM $dbtable1'; mysql_query($getmail) or die(mysql_error()); //get the other data that's important $userdata = 'SELECT userlocation, yahooid,  FROM $dbtable1'; mysql_query($userdata) or die(mysql_error()); //take out the 'domain.com' part of the email address $takeaway_email=(eregi_replace("@[a-z0-9\-]+\.[a-z0-9\-\.]+$","",$getmail)); //insert the username and other data into the 2nd table $add_user = 'INSERT INTO $dbtable2 (username, userlocation, yahooid) VALUES('$takeaway_email', 'Portland', 'my_yahooid')'; mysql_query($add_user) or die(mysql_error()); ?>[/code]

Wow, thanks for the responses! So would something like this work? [code]$takeaway_email=(eregi_replace("@[a-z0-9\-]+\.[a-z0-9\-\.]+$","",$email)); mysql_query("INSERT INTO table_name2 VALUES (firstname, email,....) FROM table_name1 VALUES (firstname, $takeaway_email,....)") or die(mysql_error()); [/code]

I have two mysql tables, and I'd like to copy the records from one to the other.  The first table has an email address field - "user@domain.com", but when it's being copied I want to shorten it down to just "user". Any ideas?

yeah, that's what I've been trying but it's not passing the logged in status between the two....there's probably one little line where I accidently named the session incorrectly. Thanks for the suggestion.

I have a php/mysql login system in use, and I'd like to add a simple pop3 client for my users. So when an account is created through the current scripts, they're also given a pop3 account (Curl to Cpanel via doaddpop), then able to read email while logged in. My problem is that a users login session is set with their username, and when going to check email they need to use the full email address as a login. How can I append the domain name to the users session without killing it?

*bump*

[!--quoteo(post=369403:date=Apr 27 2006, 07:06 PM:name=kenrbnsn)--][div class=\'quotetop\']QUOTE(kenrbnsn @ Apr 27 2006, 07:06 PM) [snapback]369403[/snapback][/div][div class=\'quotemain\'][!--quotec--] No. People will be able to see them by doing a show source. Using sessions are a little more secure, but since sessions are stored in files, they can be read. We'll need a little more information before we can advise you how to do this securely. Ken [/quote] The users would need to first create an account and login, then they would only see their own details for each page. Using foreign keys to have seperate tables for my users and their pop3 login details. If a person isn't logged in, they wouldn't see anything about it in the source. Sorry I wasn't more clear...

I'm starting out to make a system for people to save login/password information to a database (mysql) - basically a place to check all their pop3 email accounts from one login on my system. I'll need the passwords in plain text so they can be passed correctly to the server for login details(IE: not md5), is it safe to post passwords through a hidden field form?

The Dischdate field is a date, so when I create a record and leave it blank, it has an automatic value of 0000-00-00. I want the LOS (length of stay) field to account for this and never be less than 1: [code]if ($DischDate == 0000-00-00){     mysql_query ("UPDATE mytable SET LOS = (TO_DAYS(AdmitDate) + 1)"); } else {     mysql_query ("UPDATE mytable SET LOS = (TO_DAYS(AdmitDate) - TO_DAYS(DischDate) + 1)"); }[/code] This seems to work, but it creates records in the LOS as 732738 when there's only a 4 day difference. I'm assuming that's a date converted to a number? I have the LOS field set to VARCHAR.

Hi AndyB, Actually I want it to update all records. I have the script included on the index page, so on every load it updates based on the other two fields.

AH HA!! Thank you! Unfortunately it's not updating the days correctly, but at least I'm past the error! Sorry it's in the wrong forum...

Hello, I've found this script online that I'm trying to modify for my needs...still newbie at it though. Basically it's supposed to take two values from the db table (AdmitDate and DischDate) and calculate the difference in days. If the dates are the same, make the value 1 day. The error I'm getting is [code]Parse error: syntax error, unexpected T_ELSE in filename.php on line 13[/code] [code] <?php // calculate difference and convert to days the absolute value; 1 day = 86400 s $diff = abs($AdmitDate-$DischDate); $diff = $diff/86400; // remove decimals     If ($AdmitDate == $dischDate);         $diff = ceil($diff) + 1;     else        $diff = ceil($diff); // Update records for LOS column in the database $sql = "update PatientInfo set LOS=$diff"; // execute the select query $open = execute_db($sql, $conn); ?> [/code]