Jump to content


  • Content Count

  • Joined

  • Last visited

Community Reputation

0 Neutral

About moosey_man1988

  • Rank
    Regular Member
  1. Well i have done a lot of reading since my first post apparently this is a bug in chrome which basically now ignores autcomplete=off, The fields aren't the same one is email and password the other is username and password. Its a really annoying bug, apparently according to google the user requirement for ignoring auto complete is a higher requirement than what developers want on their own pages. This is now working fine in all other browsers other than chrome
  2. These guys are right that is very out of date, I would suggest trying to use PDO rather than mysql connect, for getting a users IP address you can use the $_SERVER['REMOTE_ADDR'] although i don't think this will stop someone who proxies? if ($_POST['submit'] == ' Login ')){ $usersIP = $_SERVER['REMOTE_ADDR']; //now we have the users IP we want to log this in the database $timestamp = date('Y-m-d H:i:s'); $logUserQuery = "INSERT INTO loginIP ('ip','userName','TimeStamp') VALUES(:userIP,:userName,:timestamp)"; $UserResult = $pdo_connection->prepare($logUserQuery); $UserResult->execute(array(':userIP'=>$usersIP, ':userNAme'=>$_POST['username'], ':timestamp'=>$timestamp)); }//end of if statement
  3. Hi everyone I am building a CRM system/invoicing system in my spare time and on this system I have 2 login pages (there is a reason but its long). one for the CRM system and one for the invoicing section. They bother work perfectly well but I have a really annoying issue, If I were to store the login information to chrome passwords for example to the CRM system It would auto suggest to the other login and vice versa. This wouldn't be a problem but the CRM login is username based, the invoicing section is login by email for additional security. they're both called login.php the two files are /htdocs/login.php and /htdocs/invoicing/login.php I added a remember me cookie to the CRM system in hope that this would get around the issue but unfortunately the chrome saved information over rides this, I also tried autocomplete="off" as I am using bootstrap as a framework. How can I get around this?
  4. Solved it by putting some javascript If statements on button click.
  5. Hi everyone Im having a nightmare with javascript again grrrr, I'm just not great with javascript / jquery so basically I have a table with inputs to create an invoice, the reason im using javascript to post the form is because i have to allow for infinite items to be added into the database using json stringify as an array, the problem I have is im trying to force that atleast 1 item be added to the table before posting the data. I am using bootstrap and this hasn't been a problem for all of my other forms because i can just add required to the input but because i have to do this one differently using an a href button This form just wont validate (but it will post the data to the php script) so here is my code: Table with inputs: <tbody style="" class="item ui-sortable-handle"> <tr> <td rowspan="2" class="td-icon"> <i class="glyphicon glyphicon-resize-vertical cursor-move"></i> </td> <td class="td-text"> <input type="hidden" name="invoice_id" value="<?php echo $invoiceNo;?>"> <input type="hidden" name="item_id" value> <div class="input-group"> <span class="input-group-addon">Item</span> <input type="text" name="item_name" class="input-sm form-control" required> </div> </td> <td class="td-amount td-quantity"> <div class="input-group"> <span class="input-group-addon">Quantity</span> <input type="text" name="item_quantity" class="input-sm form-control amount"> </div> </td> <td class="td-amount"> <div class="input-group"> <span class="input-group-addon">Price</span> <input type="text" name="item_price" class="input-sm form-control amount"> </div> </td> <td class="td-amount"> <div class="input-group"> <span class="input-group-addon">Item Discount</span> <input type="text" name="item_discount_amount" class="input-sm form-control amount" data-toggle="tooltip" data-placement="bottom" title data-original-title="£ Per Item"> </div> </td> <td class="td-amount"> <div class="input-group"> <span class="input-group-addon">Tax Rate</span> <select name="item_tax_rate_id" class="form-control input-sm"> <?php //this section may update based upon selections but for now We have none echo "<option value='0'>None</option>"; ?> </select> </div> </td> <td class="td-icon text-right td-vert-middle"></td> </tr> <tr> <td class="td-textarea"> <div class="input-group"> <span class="input-group-addon">Description</span> <textarea name="item_description" class="input-sm form-control"></textarea> </div> </td> <td colspan="2" class="td-admount td-vert-middle"> <span>Subtotal</span> <br> <span name="subtotal" class="amount"></span> </td> <td class="td-amount td-vert-middle"> <span>Discount</span> <br> <span name="item_discount_total" class="amount"></span> </td> <td class="td-amount td-vert-middle"> <span>Tax</span> <br> <span name="item_tax_total" class="amount"></span> </td> <td class="td-amount td-vert-middle"> <span>Total</span> <br> <span name="item_total" class="amount"></span> </td> </tr> </tbody> </table> </form> </div> </div> <!-- End of items Tables--> The Save button at the top of the page before the table: <a href="#" class="btn btn-success ajax-loader" id="btn_save_invoice"> And lastly my attempt at the javascript / jquery / ajax: <script type="text/javascript"> $('#btn_save_invoice').click(function () { $('#item_form').validate({ rules: { item_name:{ required: true, message: 'This is required' } }, }); var items = []; var item_order = 1; $('table tbody.item').each(function () { var row = {}; $(this).find('input,select,textarea').each(function () { if ($(this).is(':checkbox')) { row[$(this).attr('name')] = $(this).is(':checked'); } else { row[$(this).attr('name')] = $(this).val(); } }); row['item_order'] = item_order; item_order++; items.push(row); }); $.post("<?php echo url()."Clients/invoice_ajax.php"; ?>", { invoice_id: <?php echo $invoice_id; ?>, invoice_number: $('#invoice_number').val(), invoice_date_created: $('#invoice_date_created').val(), invoice_date_due: $('#invoice_date_due').val(), invoice_status_id: $('#invoice_status_id').val(), invoice_password: $('#invoice_password').val(), items: JSON.stringify(items), invoice_discount_amount: $('#invoice_discount_amount').val(), invoice_discount_percent: $('#invoice_discount_percent').val(), invoice_terms: $('#invoice_terms').val(), custom: $('input[name^=custom]').serializeArray(), payment_method: $('#payment_method').val() }, function (data) { var response = JSON.parse(data); if (response.success == '1') { window.location = "<?php echo url()."Clients/invoice_ajax.php"; ?>/" + <?php echo $invoice_id; ?>; } else { $('#fullpage-loader').hide(); $('.control-group').removeClass('has-error'); $('div.alert[class*="alert-"]').remove(); var resp_errors = response.validation_errors, all_resp_errors = ''; for (var key in resp_errors) { $('#' + key).parent().addClass('has-error'); all_resp_errors += resp_errors[key]; } $('#invoice_form').prepend('<div class="alert alert-danger">' + all_resp_errors + '</div>'); } }); }); </script> Please bare in mind the actual posting section of the form Works perfectly! the only issue is the inputs will not validate before post. here is what the page looks like (i have highlighted the parts that I am referring to in the post: I really am thankful for all the help i get, a huge thank you in advance to anyone who helps with this.
  6. perfect! so i can just use PHP for the command and use this javascript to keep the 2nd tab open that was simpler than i previous thought thanks guys
  7. there is no code yet, I first need to know whether im correct in saying this needs to be jquery / ajax for it not to affect the tab on update, and I also need pointing in the right direction for something like this :± ajax and jquery are a weakness to me.
  8. Hi Peeps So basically im creating a "customer page" i have 2 tabs, 1 is customer info which is the primary and the invoicing tab I have a date picker in the invoicing tab which im hoping will populate a table below. I tried having the form post to php but this resets the page which then goes to the customer info tab so im guessing this will have to be done with jquery and ajax. could someone please point me in the right direction to do this? here is the current page for better explanation: All help is greatly appreciated in advance Mooseh
  9. Wow I cant believe how simple that is! haha I even wrote this a work around function usercheck($userlevel){ if ($userlevel > 3){ echo "you are authorised to be here!"; } else { $url = url(). "/dashboard.php"; die('<script type="text/javascript">window.location.href="' . $url . '?error=you are not Authorised to be here";</script>'); } } and then just called that function but i think it would be a wiser option to put the command before the header Thanks guys, sometimes it just takes a different pair of eyes to look at something differently or properly in this case
  10. Okay which is a bit of a problem as multiple funtionc are used by the javascript in the header :| so maybe I will have to make a redirect function instead as a work around?
  11. Hi Guys I've across an issue With my project im working on and I cannot solve it When accessing my reports page I get this: Warning: Cannot modify header information - headers already sent by (output started at /var/www/virtual/crmtech.co.uk/minicrm/htdocs/header.php:104) in I have eliminated the issues down to my javascript scripts in the header :| but I just cannot work out why it would be causing the issue. here is the header.php <?php require ('secure/session.php'); require ('Functions/functions.php'); error_reporting(E_ALL); ini_set('display_errors', 1); ?> <!DOCTYPE html> <html> <head> <!--favicon--> <link rel="icon" href="<?php echo url();?>Images/favicon.ico" type="image/x-icon" /> <!--Style Sheets--> <link rel="stylesheet" type="text/css" href="<?php echo url();?>bootstrap/css/style.css"> <link rel="stylesheet" type="text/css" href="<?php echo url();?>bootstrap/css/bootstrap.min.css"> <link rel="stylesheet" type="text/css" href="<?php echo url();?>bootstrap/css/custom.css"> <!--Script Links--> <script src="<?php echo url();?>bootstrap/js/jquery/jquery.js"></script> <script src="<?php echo url();?>bootstrap/js/bootstrap.min.js"></script> <script src="<?php echo url();?>bootstrap/js/typeahead/typeahead.js"></script> <script src="<?php echo url();?>bootstrap/js/bootstrap-datepicker/bootstrap-datepicker.js"></script> <!-- For Displaying Modals--> <script type="text/javascript"> $(".btn-group").find(':input:checked').parent('.btn').addClass('active'); </script> <!--This is the datepicker --> <script type="text/javascript"> $('.datepicker').datepicker({ format: 'mm/dd/yyyy', startDate: '-3d' }) </script> <!--lets use the better to typeahead for search forms --> <script type="text/javascript"> $(function (){ $("#typeaheadCust").typeahead({ source: function(customer, process) { $.ajax({ url: '<?php echo url();?>Functions/Getter.php', type: 'POST', data: 'customer=' + customer, dataType: 'JSON', async: true, success: function(data) { process(data); } }); } }); }); </script> and here is the my reporting/main.php page <?php //this is going to be the main section for reporting include('../header.php'); //lets check the user is authorised to be here! if ($userLevel > 3){ echo "you are authorised to be here!"; } else { echo "you are not allowed here naughty!"; //sleep(10); echo "lets send you here ". SERVER_PATH; header('Location: ../index.php'); } ?> here is the page result, sorry i had to delete the server path Any help would be massively appreciated Thanks!
  12. Hi guys, thanks for an excellent answer I will work on a new process as it all makes complete sense p.s there is a I forgot my password procedure
  13. Resolved it... Face palming right now Used the $bantime variable twice which was screwing things up changed the first query to have the row as $currentBantime which worked...
  14. Hi Everyone So I've been recently working on a script which will store login IP's and ban them on failed attempts Although I have a little problem, for some reason it doesnt redirect to the banned page when they should be, unless there is a successful login or if they come off of the login page so they can keep bruteforcing as much as they like all the time they stay on that page. Have i got something wrong? please bear in mind I haven't put in place when login successful remove the warnings count. here is the login.php <!DOCTYPE html> <?php require ('../Functions/functions.php'); require('../database/pdo_connection.php'); //first lets get the IP that logged in $login_ip = $_SERVER['REMOTE_ADDR']; securityBanCheck($login_ip); if (isset($_POST['Login'])) { //Set session timeout to 2 weeks session_set_cookie_params(1*7*24*60*60); session_start(); $error=''; // Currently A Blank Error Message $username=$_POST['userName']; //Grab the hash $selectPasswordHash = "SELECT username,secret FROM MC_users WHERE email=email=:username OR username=:username"; $hashresult= $pdo->prepare($selectPasswordHash); $hashresult->bindParam(':username', $username); $hashresult->execute(); $row = $hashresult->fetch(PDO::FETCH_ASSOC); $hash = $row['secret']; //got the hash //lets verify it if (password_verify($_POST['password'],$hash) === true){ //login correct $login_user = $row['username']; //Set the Session $_SESSION['login_user']=$login_user; // Redirect to dashboard.php header ("Location: ../dashboard.php"); } else { $error = 'Username or Password in invalid'; $error2 = 'Try Logging in with your email instead'; //Bruteforce Detection //lets check if there is already warnings $checkWarnings = "SELECT Warning_count FROM MC_login_security WHERE Warning_count > 0 AND Login_IP=:loginIP ORDER BY Timestamp DESC"; $warningsResult = $pdo->prepare($checkWarnings); $warningsResult->bindParam(':loginIP',$login_ip); $warningsResult->execute(); $warningAmount = 1; $banTime = 0; if ($warningsResult->rowCount() > 0){ $warningRow = $warningsResult->fetch(PDO::FETCH_ASSOC); $warningRowCount = $warningRow['Warning_count']; $warningAmount = $warningRowCount + 1; securityBanCheck($login_ip); } //Lets log this in the DB $insertWarning = "INSERT INTO MC_login_security (Login_user_name,Login_IP,Warning_count,timestamp) VALUES (:loginUser,:Login_ip,:warningAmount,:dateToday)"; $insertResult = $pdo->prepare($insertWarning); $insertResult->execute(array(':loginUser'=>$username, ':Login_ip'=>$login_ip, ':warningAmount'=>$warningAmount, ':dateToday'=>date('Y-m-d H:i:s'))); } } //Lastly if the user is logged in, point them back to the Dashboard if(isset($_SESSION['login_user'])){ header("location: ../dashboard.php");} ?> the security check function which is called at the start of the login page AND if the password is entered incorrectly function securityBanCheck($login_ip){ //call the url function for redirects url(); $todaysDate = date('Y-m-d H:i:s'); require (PHP_PATH .'/database/pdo_connection.php'); $checkBan = "SELECT Warning_count,Timestamp,Ban_time FROM MC_login_security WHERE Warning_count > 4 AND Login_IP=:loginIP ORDER BY Timestamp DESC"; $checkResult = $pdo->prepare($checkBan); $checkResult->bindParam(':loginIP',$login_ip); $checkResult->execute(); if ($checkResult->rowCount() > 0){ $banRow = $checkResult->fetch(PDO::FETCH_ASSOC); $warningCount = $banRow['Warning_count']; $timeStamp = $banRow['Timestamp']; $bantime = $banRow['Ban_time']; echo "did we get here?"; //if theyre banned direct them to the banned page and stop this script from going any further if ($bantime > $todaysDate){ header('Location: '. SERVER_PATH .'banned.php'); die(); } //if theyre currently not banned check their warnings and if needed add a ban. if ($warningCount == 4){ $bantime = date('Y-m-d H:i:s', strtotime($timeStamp . '+1 hour')); echo $bantime; }elseif ($warningCount == 9){ $bantime = date('Y-m-d H:i:s', strtotime($timeStamp . '+1 day')); }elseif ($warningCount == 14){ $bantime = date('Y-m-d H:i:s', strtotime($timeStamp . '+1 month')); } //ultimately if we got to this stage we would be adding a ban $insertBanTime = "UPDATE MC_login_security SET Ban_time = :banTime WHERE Login_IP = :loginIP ORDER BY Timestamp DESC"; $banResult = $pdo->prepare($insertBanTime); $banResult->execute(array(':banTime'=>$bantime, ':loginIP'=>$login_ip));; } } Any help given is greatly appreciated and i thank everyone in advance for all the support I get form this amazing forum. thanks Mooseh
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.