Michael_Baxter

/* process_login.php*/ 2. 3.<?php 4.include_once 'db_connect.php'; 5.include_once 'functions.php'; 6. 7.sec_session_start(); // Our custom secure way of starting a PHP session. 8. 9.if (isset($_POST['email'], $_POST['p'])) { 10. $email = $_POST['email']; 11. $password = $_POST['p']; // The hashed password. 12. 13. if (login($email, $password, $mysqli) == true) { 14. // Login success 15. header('Location: ../protected_page.php'); 16. } else { 17. // Login failed 18. header('Location: ../index.php?error=1'); 19. } 20.} else { 21. // The correct POST variables were not sent to this page. 22. echo 'Invalid Request'; 23.} /*INDEX>PHP*/ 2. 3.<?php 4.error_reporting(E_ALL); 5.ini_set("display_errors",1); 6. 7.include_once 'includes/db_connect.php'; 8.include_once 'includes/functions.php'; 9. 10.sec_session_start(); 11. 12.if (login_check($mysqli) == true) { 13. $logged = 'in'; 14.} else { 15. $logged = 'out'; 16.} 17.?> 18.<!DOCTYPE html> 19.<html> 20. <head> 21. <title>Secure Login: Log In</title> 22. <link rel="stylesheet" href="styles/main.css" /> 23. <script type="text/JavaScript" src="js/sha512.js"></script> 24. <script type="text/JavaScript" src="js/forms.js"></script> 25. </head> 26. <body> 27. <?php 28. if (isset($_GET['error'])) { 29. echo '<p class="error">Error Logging In!</p>'; 30. } 31. ?> 32. <form action="includes/process_login.php" method="post" name="login_form"> 33. Email: <input type="text" name="email" /> 34. Password: <input type="password" 35. name="password" 36. id="password"/> 37. <input type="button" 38. value="Login" 39. onclick="formhash(this.form, this.form.password);" /> 40. </form> 41. 42.<?php 43. if (login_check($mysqli) == true) { 44. echo '<p>Currently logged ' . $logged . ' as ' . htmlentities($_SESSION['username']) . '.</p>'; 45. 46. echo '<p>Do you want to change user? <a href="includes/logout.php">Log out</a>.</p>'; 47. } else { 48. echo '<p>Currently logged ' . $logged . '.</p>'; 49. echo "<p>If you don't have a login, please <a href='register.php'>register</a></p>"; 50. } 51.?> 52. </body> 53.</html> hi I have been building this secure login system but for some reson the submit button on my index page juust is not working once an email and password is entered and you click on submit absolutely nothing happens no form reset no login no errors nothing can anyone see why at all please........

/* process_login.php*/ <?php include_once 'db_connect.php'; include_once 'functions.php'; sec_session_start(); // Our custom secure way of starting a PHP session. if (isset($_POST['email'], $_POST['p'])) { $email = $_POST['email']; $password = $_POST['p']; // The hashed password. if (login($email, $password, $mysqli) == true) { // Login success header('Location: ../protected_page.php'); } else { // Login failed header('Location: ../index.php?error=1'); } } else { // The correct POST variables were not sent to this page. echo 'Invalid Request'; } /*INDEX>PHP*/ <?php error_reporting(E_ALL); ini_set("display_errors",1); include_once 'includes/db_connect.php'; include_once 'includes/functions.php'; sec_session_start(); if (login_check($mysqli) == true) { $logged = 'in'; } else { $logged = 'out'; } ?> <!DOCTYPE html> <html> <head> <title>Secure Login: Log In</title> <link rel="stylesheet" href="styles/main.css" /> <script type="text/JavaScript" src="js/sha512.js"></script> <script type="text/JavaScript" src="js/forms.js"></script> </head> <body> <?php if (isset($_GET['error'])) { echo '<p class="error">Error Logging In!</p>'; } ?> <form action="includes/process_login.php" method="post" name="login_form"> Email: <input type="text" name="email" /> Password: <input type="password" name="password" id="password"/> <input type="button" value="Login" onclick="formhash(this.form, this.form.password);" /> </form> <?php if (login_check($mysqli) == true) { echo '<p>Currently logged ' . $logged . ' as ' . htmlentities($_SESSION['username']) . '.</p>'; echo '<p>Do you want to change user? <a href="includes/logout.php">Log out</a>.</p>'; } else { echo '<p>Currently logged ' . $logged . '.</p>'; echo "<p>If you don't have a login, please <a href='register.php'>register</a></p>"; } ?> </body> </html> hi again sorry o be back with yet more issues but my happy ending to this was very short lived after I corrected the above error I went away to test the new login system and registration system and nothing basically, I loaded my page up ( mnvb.co.uk/secure_login ) this is the address, I have not added any kind of styling here YET my eyes do not care black & white or colour although I'm not a registered member I just typed my email and password into the form and hit submit, to test the error trap, I got nothing no errors no reload the form did not reset the button simply was inactive........ I have included copies of 2 files here the first page is simply my index.php to this directory that has the login and register elements, the second file is process_login.php as this page is refered to in the form action in my index page if anyone can determine why my button is dead it would be great thanks....

oh dear in a genuine way I do appreciate the way getting debug help on here makes me fell rather silly sometimes this one was no exception the little missing symbol set off 4 exceptions through my files then once I had added ( into the line I noticed that due to the fact I had been writing these codes and file and functions for too many hours none stop I had managed to name a file pil_confige.php which should have been psl_config.php which caused some other errors ...........hahaha not to worry I have fixed all these errors now I am going to actually test the system

<?php include_once 'psl-config.php'; function sec_session_start() { $session_name = 'sec_session_id'; // Set a custom session name $secure = true; // This stops JavaScript being able to access the session id. $httponly = true; // Forces sessions to only use cookies. if (ini_set('session.use_only_cookies', 1) === FALSE) { header("Location: ../error.php?err=Could not initiate a safe session (ini_set)"); exit(); } // Gets current cookies params. $cookieParams = session_get_cookie_params(); session_set_cookie_params($cookieParams["lifetime"], $cookieParams["path"], $cookieParams["domain"], $secure, $httponly); // Sets the session name to the one set above. session_name($session_name); session_start(); // Start the PHP session session_regenerate_id(true); // regenerated the session, delete the old one. } function login($email, $password, $mysqli) { // Using prepared statements means that SQL injection is not possible. if ($stmt = $mysqli->prepare("SELECT id, username, password FROM members WHERE email = ? LIMIT 1")) { $stmt->bind_param('s', $email); // Bind "$email" to parameter. $stmt->execute(); // Execute the prepared query. $stmt->store_result(); // get variables from result. $stmt->bind_result($user_id, $username, $db_password); $stmt->fetch(); if ($stmt->num_rows == 1) { // If the user exists we check if the account is locked // from too many login attempts if (checkbrute($user_id, $mysqli) == true) { // Account is locked // Send an email to user saying their account is locked return false; } else { // Check if the password in the database matches // the password the user submitted. We are using // the password_verify function to avoid timing attacks. if (password_verify($password, $db_password) { // Password is correct! // Get the user-agent string of the user. $user_browser = $_SERVER['HTTP_USER_AGENT']; // XSS protection as we might print this value $user_id = preg_replace("/[^0-9]+/", "", $user_id); $_SESSION['user_id'] = $user_id; // XSS protection as we might print this value $username = preg_replace("/[^a-zA-Z0-9_\-]+/", "", $username); $_SESSION['username'] = $username; $_SESSION['login_string'] = hash('sha512', $db_password . $user_browser); // Login successful. return true; } else { // Password is not correct // We record this attempt in the database $now = time(); $mysqli->query("INSERT INTO login_attempts(user_id, time) VALUES ('$user_id', '$now')"); return false; } } } else { // No user exists. return false; } } } I have been working on a secure login system for my site, I feel that I have been doing well so far but now I am getting a parse error coming from my functions.php include file, the error code I am getting is: so here is the code from functions.php i have included everything from line 1 of the functions.php file to the end of the problem funxtion

as for the post before that your asking for nothing un reasonable, it does make more sense to change the way I am laying things out in my code sets thanks for your feed back, also you asked about where my query is defined yes its in $sql

wow oh wowwy i'm not sure there is an expression to cover that when I just looked over that, so just to make sure I am understanding everything clearly, the code posted above by Psycho a re write of my code correctly formatted, but essentially the end result will still work the same, you have separated the PHP from HTML, and generally changed the coding into up to date language. but now I have changed my code for your code everything seems to work the same as an end result so I still face the problem of finding the .checked function

<html> <head> <title> DaTaBaSe CoNeCtIoN TeStInG PaGe </title> </head> <body bgcolor="000000"> <font color="FF0000"> <?php include ('conection.php'); //define $result as $con and run the query $sql $result = $conn->query($sql); //if number of rows in the table is higher 0 draw the table if ($result->num_rows > 0) { echo "<table border= 5 bordercolor= #0000FF><tr><th><font color=#FF0000>ID</th><th><font color=#FF0000>Name</th></tr>"; //output the data while($row = $result ->fetch_assoc()) { //add the results to populate the table echo "<tr><td><font color= #FF0000>".$row [id]."</td><td><font color= #FF0000>".$row["name"]."</td><td><font color= #FF0000>".$row["score"]."</td><td><input type= checkbox name=win>".$row["win"]."</td></tr>"; } echo "</table>"; } else { echo "0 results found"; } $conn->close(); ?> </font> </body> </html> HAHA your right nit-picking, Your now as everyone is always telling me about my punctuation (or lack of), I did just notice however I did miss something a lot more important that a few ....,,,,,'s from my last post, I stated that I had revised and re written my code then failed to re show it here, THIS TIME I AM NOT ASKING FOR HELP I AM MEERLY SHOWING MY RE WORK WHILE IM READING ABOUT JQUERY.AJAX()

I have managed to stop sit back and take a good look at my paretic codes from above and yes I simply deleted them maybe I should read and re read then think before I post on these forums but neverless here I am again with a new revised set of codes that actually work and have everything on that I said that I wanted, thanks to budimir for the harsh way of dealing with my insulting codes above as it was your short sharp answer that made me think hard about am I trying to learn or bum my answers all the time after reading all the above comments I now know I need to look into the javascrip one click system as I had not thought of that part yet that's better than having a single update button, ok so as I said I have added my new codes and now I have an ASSOCs array from MySQL table into a HTML table and I have added a simple checkbox to the right but the checkbox is still worthless at this point as I'm not sure where to begin with writing the codes to make the query to add the value of 1 to the score perhaps I should be looking at the javascript for the one click system next

I put some I read and some common sense to it so kind of every page I build starts on old scripts while I learn

<html> <head> <title> DaTaBaSe CoNeCtIoN TeStInG PaGe </title> </head> <body bgcolor="000000"> <font color="FF0000"> <?php include "conection.php"; while($row = mysql_fetch_array($retval, MYSQL_ASSOC)) { echo "ID :{$row['id']} <br> ". "NAME : {$row['name']} <br> ". " Score: {$row['score']} <br> ". " Win: {$row['win']} <br>". "--------------------------------<br>"; } echo "Fetched data successfully\n"; mysql_close($conn); ?> </font> </body> </html> hi I have built this script so far as you can see my ASOC is out put here however I am trying to add a checkbox called win to each output so that when it is checked it adds the value of 1 to the row score I thought this would be an easy task but everything I try just to get the checkbox onto each record simply results in the page displaying as a blank white page anyone whish to make me some suggestions please

haha lol ok that's so funny it made me laugh so hard my ribs hurt I had already been into all those section of phpmyadmin join the day today just looking around for a possible answer and totally over looked that possibility, but YES you were 100% right there I had left it set as a INT, I've changed the type to a VARCHAR now this should allow alphanumeric input right? and TADA just like a peace of magic its all fixed LOL, as soon as I changed and save my table I went back to my form submitted a record opened the output page and there it was 4 records of 0 values and then a 5th with my name in place....... thank you mac_gyver, P.S that's just the beginning of this extension project of my site i'm sure I have new things to need to learn to make the end product viable and then I have to look through all of this and add some extra security files to stop hacking and spam injection

<?php error_reporting(E_ALL); ini_set("display_errors",1); if (isset($_POST['submit'] ) ) { $host_name = "localhost"; $database = "DB name"; $user_name = "user name"; $password = "my p/w"; $db = mysqli_connect( $host_name, $user_name, $password, $database ); if (!$db) { die("ERROR please try reloading or email [email protected]: " . mysql_error()); } // example of inserting data into that table: $sql = "INSERT INTO minis(name, score) " . " VALUES( ?, ? )"; $stmt = $db->prepare( $sql ); if (!$stmt) { die("Failed to prepare statement: " . $sql); } // Get Values $name=$_POST['name']; $score="0"; $stmt->bind_param("ss", $name, $score); if ( ! $stmt->execute() ) { die("Execution of bound statement failed: " . $stmt->error); } echo "Inserted {$stmt->affected_rows} correctly.<hr/>"; $db->close(); } ?> <!doctype html> <html> <head> <meta charset="utf-8"> <title>Music Cafe Minis</title> </head> <body> <div align="left"> <form name="minis" action="" method="post"> <table width="274" border="0" align="center" cellpadding="2" cellspacing="0"> <tr> <td width="95"><div align="right">Name:</div></td> <td width="171"><input type="text" name="name" /></td> </tr> <tr> <input type="hidden" name="score" value="0"> </tr> <tr> <td><div align="right"></div></td> <td><input name="submit" type="submit" value="Submit" /></td> </tr> </table> </form> </body> </html> I find this a little bazar , after all the help and work I have done using this forum in the past I have over come many hurdles but no matter how long I sit staring at my coding I cant see nothing to obvious I have error reporting turned on and I am also getting my message returned that 1 record was created successfully but when I go to phpmyadmin or my out put page the record is indeed there but the record is not showing the input data from my form as you will see in my codes my form consists of a text field labelled: name and a submit button, once submitted I check my table records and the value inserted is 0 even though I type a name into the text field....... so here is the codes: