Jump to content

Tom8001

Members
  • Content Count

    205
  • Joined

  • Last visited

Community Reputation

0 Neutral

About Tom8001

  • Rank
    Advanced Member
  • Birthday 05/25/2000

Profile Information

  • Gender
    Male
  • Location
    Unk0wn
  1. Yeah File Permissions are 0644 and my server log, [25-Jul-2017 18:10:27 UTC] PHP Fatal error: Call to a member function bindParam() on string in /home/supernatural/public_html/forum/banappeal.php on line 16 [25-Jul-2017 18:14:15 UTC] PHP Fatal error: Call to a member function bindParam() on string in /home/supernatural/public_html/forum/banappeal.php on line 16 [26-Jul-2017 12:39:50 UTC] PHP Fatal error: Call to a member function bindParam() on string in /home/supernatural/public_html/forum/banappeal.php on line 16 [26-Jul-2017 12:52:54 UTC] PHP Warning: mysqli::prepare(): Couldn't fetch mysqli in /home/supernatural/public_html/forum/banappeal.php on line 14 [26-Jul-2017 12:52:54 UTC] PHP Fatal error: Call to a member function bindparam() on null in /home/supernatural/public_html/forum/banappeal.php on line 15 [26-Jul-2017 12:53:40 UTC] PHP Warning: mysqli::prepare(): Couldn't fetch mysqli in /home/supernatural/public_html/forum/banappeal.php on line 11 [26-Jul-2017 12:53:40 UTC] PHP Fatal error: Call to a member function bindparam() on null in /home/supernatural/public_html/forum/banappeal.php on line 12 This is kind of a tricky one because the banned users are on my mine craft server which on a separate server host so i could copy the banned txt over to the web server but i would have to keep copying it everytime the file is updated.
  2. Hello, i am currently working on my forum for a minecraft server and am trying to code a banappeal submission form but when i run the code i get a 500 internal error and wanted to post my code here since I might have totally misunderstood the logic i am still fairly new to it all. And i was told not to use if($_SERVER['REQUEST_METHOD'] == "POST") { Does anyone know the reason for this? <?php require('con.php'); if($_SERVER['REQUEST_METHOD'] == "POST") { $user = htmlentities($_POST['mineuser'], ENT_QUOTES); $forumuser = htmlentities($_POST['forumuser'], ENT_QUOTES); $reason = htmlentities($_POST['text'], ENT_QUOTES); $stmt = $con->prepare("INSERT INTO banappeal (mineuser, forumuser, reason) VALUES (?, ?, ?)"); $stmt->bindparam("sss", $user, $forumuser, $reason); $user = htmlentities($_POST['mineuser'], ENT_QUOTES); $forumuser = htmlentities($_POST['forumuser'], ENT_QUOTES); $reason = htmlentities($_POST['text'], ENT_QUOTES); $result = $con->prepare("SELECT mineuser FROM banappeal VALUES(?)"); $result->bindParam("s", $user); $user = htmlentities($_POST['mineuser'], ENT_QUOTES); $result->execute(); $stmt->execute(); if(mysqli_num_rows($result != 0)) { echo "An appeal has already been made for the user ".$user." and cannot be appealed more than once. If you wish to appeal again then please contact the server admin."; } if($stmt === "TRUE") { echo "Your appeal for user ".$user." has been submitted and is under review."; } else { echo "There was an error while processing your request. Please try again later."; } exit(); } ?>
  3. Hello, how would i code a script that finds certain words or characters in a thread on my forum and then redirect the user? Thanks!
  4. I dont understand how i can get rid of the vulnerability in the url you can change the username and token and take over accounts with my current code i don't understand how i can prevent this
  5. Thanks, the password is able to be reset now, but i have a field in the database called 'hash' and i have the query to update it with the hashed token but it does not change, Here is my new updated code: <?php require('./includes/connect.php'); $encodedToken = $_GET['token']; $token = hex2bin($encodedToken); $tokenHash = hash('sha256', $rawToken); $username = $_GET['s']; $stmt = $handler->prepare("UPDATE users SET hash = :hash WHERE username = :u"); $stmt->bindParam(':u', $username, PDO::PARAM_STR, 255); $stmt->bindParam(':hash', $tokenHash, PDO::PARAM_STR, 255); $stmt->execute(); if($stmt) { echo ' <form action="" method="POST"> <h3>New Password: </h3> <input type="password" name="newpass" placeholder="New Password" required /><br> <h3>Confirm Password: </h3> <input type="password" name="confpass" placeholder="Confirm Password" required /><br> <input type="submit" name="update" value="Update Password"> </form> '; } else { echo "Invalid token"; exit; } if($_POST['update']) { $newpass = $_POST['newpass']; $confpass = $_POST['confpass']; if($confpass == $newpass) { $enc_password = password_hash($confpass, PASSWORD_BCRYPT); $stmt = $handler->prepare("UPDATE users SET password = :cpass WHERE username = :u"); $stmt->bindParam(':u', $username, PDO::PARAM_STR, 255); $stmt->bindParam(':cpass', $enc_password, PDO::PARAM_STR, 255); $stmt->execute(); if($stmt) { echo "Your password has been reset!"; echo '<meta http-equiv="refresh" content="0;login.php">'; } else { echo "Error"; exit; } } } ?>
  6. I don't see what you mean about not inserting the token hash in the query string?
  7. $encodedToken = $_GET['token']; $token = hex2bin($encodedToken); $tokenHash = hash('sha256', $token); $username = $_GET['s']; $stmt = $handler->prepare("UPDATE users SET reset = ".$tokenHash." WHERE username = :u"); $stmt->bindParam(':u', $username, PDO::PARAM_STR, 255); $stmt->execute(); Fatal error: Call to a member function prepare() on a non-object I get this error when clicking the reset link in the email, it says on line 10 which is the update query
  8. I read it on a stack overflow thread somewhere, And i don't know the token is what doesn't make sense to me.
  9. Hi, This is my forgot password code so far. <?php require('./includes/connect.php'); error_reporting(E_ALL | E_NOTICE); ini_set('display_errors', 1); if($_SERVER['REQUEST_METHOD'] == "POST") { $email = $_POST['email']; $email = htmlentities($email, ENT_QUOTES); $stmt = $handler->prepare("SELECT email FROM users WHERE email = :email"); $stmt->bindParam(':email', $email, PDO::PARAM_STR, 255); $stmt->execute(); if($stmt) { $fetch = $stmt->fetch(); if($email == $fetch['email']) { $stmt = $handler->prepare("SELECT username FROM users WHERE email = :email"); $stmt->bindParam(':email', $email, PDO::PARAM_STR, 255); $stmt->execute(); $row = $stmt->fetch(); $username = $row['username']; $token = mcrypt_create_iv(MCRYPT_RAND); $headers = "Password Reset"; $body = "Hi, ".$username."!, You have recently requested to reset your password. ".PHP_EOL." \n If you did not make this request please forget this email. ".PHP_EOL." To reset your password please click this link: <a href='http://ps3modding.co.uk/forgot_password.php?token=$token'></a>"; } else { echo "The E-Mail Address entered was Not Found."; } } } ?> What i am wondering is because your not ment to store the token in the database how do you check to see if it is valid? Is it done by $_COOKIE?, Thanks
  10. Sorry i'm still fairly new to PHP i don't understand what to do about the token am i ment to use the rand() function?
  11. What i don't understand is when they request to reset their password, I will be hashing the password using password_hash but how am i ment to let them see the password in the email in plaint text? Edit: Sorry we posted at the same time
  12. I was thinking to just reset the password when the form is submitted and then query the database for the new password, decrypt it and send it via email?
  13. I am currently using password_hash and password_verify in my code, I am unsure can i decrypt the password?
  14. Thanks, I will take a look at other threads.
  15. Hi, how can i create a Forgotten password script? I know security can be a real issue with this if the code isn't written correctly.
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.