Masonh928
-
Posts
6 -
Joined
-
Last visited
Posts posted by Masonh928
-
-
Also, might consider using a different hashing method. Md5() so outdated and EXTREMELY vulnerable.
-
Here's the code that deals with the client side:
<?php session_start(); if(!isset($_SESSION['Logged_in'])){ header("Location: /page.php?page=login"); } ?> <!DOCTYPE Html> <html> <head> <!--Connections made and head included--> <?php require_once("../INC/head.php"); ?> <?php require_once("../Scripts/DB/connect.php"); ?> <!--Asynchronously Return User Names--> <script> $(document).ready(function(){ function search(){ var textboxvalue = $('input[name=search]').val(); $.ajax( { type: "GET", url: 'search.php', data: {Search: textboxvalue}, success: function(result) { $("#results").html(result); } }); }; </script> </head> <body> <div id="header-wrapper"> <?php include_once("../INC/nav2.php"); ?> </div> <div id="content"> <h1 style="color: red; text-align: center;">Member Directory</h1> <form onsubmit="search()"> <label for="search">Search for User:</label> <input type="text" size="70px" id="search" name="search"> </form> <a href="index.php?do=">Show All Users</a>|<a href="index.php?do=ONLINE">Show All Online Users</a> <div id="results"> <!--Results will be returned HERE!--> </div>
search.php
<?php //testing if data is sent ok echo "<h1>Hello</h1><br>" . $_GET['search']; ?>
This is the link I get after sending foo.
http://www.family-line.dx.am/Community/index.php?&search=foo
Is that mean it was sent, but I'm not processing it correctly? I'm new to the whole AJAX thing.
-
Got it to work!!!!!!!!!!!!!!!!
Used Select count(*)...
-
I did an or die("NOPE");
It killed the script… So there must be a sql error...
-
I know they do, because I tested with.
die($HASH_Pass);
And it returned the same password as the password stored with the username associated in the database.
<?php /* <p class="required">All fields are required</p><br/> <form method="post" action="Scripts/UserFunctions/login.php"> <label for="username">Username:</label><input type="text" name="username" id="username" size="40px"><br/> <label for="password">Password:</label> <input type="password" name="password" id="password" size="40px"><br/> <input type="submit" name="submit" value="Login"> </form> */ if(isset($_POST['submit'])){ //set default variables $msg = ""; $error = false; //set variables from user input $Username = $_POST['username']; $Password = $_POST['password']; $HASH_Pass = hash("sha512", $Password); //include connection require_once("../DB/connect.php"); //create quarries to get data $Query = $connect->prepare("SELECT * FROM Users WHERE Username = :hhh AND Password = :jjj"); $Query->bindValue(':hhh', $Username); $Query->bindValue(':jjj', $HASH_Pass); $Query->execute() or die("Not executed"); $ROWS = $Query->fetch(PDO::FETCH_NUM); if($ROWS != 0){ $_SESSION['Logged_in']=$Username; header("Location: http://www.family-line.dx.am/Community/profile.php?user=$Username"); exit(); } else { $msg .= "Username and Password do not match. Try again"; $error = true; } if($error){ $Self = $_SERVER['PHP_SELF']; echo <<<form <div style="background: #efefef;"> <h2 style="color: red; font-weight: 850;">{$msg}</h2> <p class="required">All fields are required</p><br/> <form method="post" action="{$Self}"> <label for="username">Username:</label><input type="text" name="username" id="username" size="40px"><br/> <label for="password">Password:</label> <input type="password" name="password" id="password" size="40px"><br/> <input type="submit" name="submit" value="Login"> </form> </div> form; } } ?>
Spelled Queries wrong…sorry
I'm using PDO (obviously), but is there anything that would cause this error? I've made a working Login script, but I never used bindValue()...
I'm new here.
But I'm pretty sure it's not the SQL's issue, because it never displayed the or die(...)
Not sure if this helps but the script is here...
http://family-line.dx.am/page.php?page=login
Username: Test
Password: Test
Passing two variables via URL but not able to GET one of them...
in Applications
Posted
1 thing to add (not sure if already said) but you should be using MySqli or PDO for DBase interaction.
You could try… Die($_GET);
It will kill the script and just print out the variable.
(Btw, I live in Indiana too haha.)