phreak3r

It is still bothering you, eh? Gee... I am still checking for the name of a button to be submitted? Well, it works apparently, no errors. Is it necessary to change it? Fine, I will use those prepared statements.

Thank you, but it still does not seem to work correctly.

Hi there PHPFreaks! Phreak3r back again! I would like to restrict users/visitors to the site that are not logged in from access certain pages, I would also like to redirect them to the 'splash/landing page' which would consist of index.php. I already have something similar to what I am describing, except it only works with displaying register/login and logout in/on the navigation bar. I have tried many attempts which have all resulted in some sort of failure. Thank you for your answers and your time! Here's the code for the header page that display the navbar and checks if the user is logged in or not: <?php // Session is automatically incorporated into each page on the site. // Start new session. session_start(); ?> <html> <head> <meta content="text/html;charset=utf-8" http-equiv="Content-Type"> <meta content="utf-8" http-equiv="encoding"> <!-- <link rel="stylesheet" type="text/css" href="/css/header.css"> --> </head> <nav> <a class="logo">soapbox</a> <?php if (!(isset($_SESSION['logged_in_user']))) { //header('Location: /'); echo '<ul><li><a class="header" href="signup.php">Register | </a><a class="header" href="login.php">Login</a></li></ul>'; } elseif ($_SESSION['logged_in_user'] == TRUE) { echo '<ul><li><a class="header" href="logout.php">Logout</a> <a class="header" href="">'. $_SESSION['username'] . '</a></li></ul>'; } ?> </nav> Here's the code for the login.php script <?php include('header.php'); require('dbcon/dbcon.php'); ?> <?php // if fields in form are set and submitted, check if user exists and is logged in or not if (isset($_POST['submit'])) { $username = mysqli_real_escape_string($conn, $_POST['username']); $password = mysqli_real_escape_string($conn, $_POST['password']); $user_query = "SELECT * FROM profile0 WHERE username = '$username'"; $result = mysqli_query($conn, $user_query); $row = mysqli_fetch_assoc($result); // if username and password match, init session and redirect to another page. if (mysqli_num_rows($result) == 1 && password_verify($password, $row['password'])) { $_SESSION['logged_in_user'] = $username; // set to IDnum later on... $_SESSION['username'] = $username; // check if the user is logged in if (isset($_SESSION['logged_in_user'])) { $_SESSION['logged_in_user'] = TRUE; header('Location: main.php'); } else { // not logged in, keep on same page... session_destroy(); exit(); } } // HERE: else incorrect username or password error sent out. } ?> P.S. If there are any errors or if something seems off, please excuse that, I am very tired at the moment and do not sleep with any problems being unsolved.

Thank you for the link! MySQLi is nice, but there are still issues with it. I think PDO may help with developing better practices and is more secure.

Hi there PHPFreaks! Phreak3r here, back again with another question. This is just code from one of the main scripts/files that I am working with. I would just like to know if I should go ahead and convert to PDO before I even continue writing more code or not. I have been told that this mess is ripe for SQL injection attacks. <?php include('header.php'); require('dbcon/dbcon.php'); if ($_SERVER['REQUEST_METHOD'] == 'POST') { // sanitize values before entering them into db, no bad seeds. $username = mysqli_real_escape_string($conn, $_POST['username']); $password = mysqli_real_escape_string($conn, $_POST['password']); $hashed_password = mysqli_real_escape_string($conn, password_hash($password, PASSWORD_DEFAULT)); $email = mysqli_real_escape_string($conn, $_POST['email_address']); $confirmation_status = 0; $account_open_date = date("Y-m-d h:i:s"); $current_date = date("Y-m-d h:i:s"); $account_open_date_retrieval_sql_select = "SELECT account_open_date from profile0"; $account_age = date_diff($row, $current_date); // acct open date - current date = account age $account_age_result = mysqli_query($conn, $account_open_date_retrieval_sql_select); $row = mysqli_fetch_assoc($account_age_result); $sqlinsert = "INSERT INTO profile0 (username, password, email_address, confirmation_status, account_open_date, account_age) VALUES ('$username', '$hashed_password', '$email', '$confirmation_status', '$account_open_date', '$account_age')"; $result = mysqli_query($conn, $sqlinsert); /*if (!$result) { die('Could not enter data!' . mysqli_error($conn)); }*/ } P.S. Any and all resources and opinions are welcomed! I am new to PDO and have been reading up on some off it. Although, I do not want to continue any bad habits or practices.

Do you think there will eventually come a time where MySQLi won't be around?

Solved.

I have removed the size constraint, the error still persists. PHP Fatal error: Uncaught mysqli_sql_exception: Incorrect datetime value: '2018-Jan-Thu' for column 'account_open_date' at row 1 in /var/www/html/soapbox/confirmation.php:17\nStack trace:\n#0 /var/www/html/soapbox/confirmation.php(17): mysqli_query(Object(mysqli), 'INSERT INTO pro...')\n#1 {main}\n thrown in /var/www/html/soapbox/confirmation.php on line 17, referer: http://localhost/soapbox/signup.php

I do not think that will work, the max values allowed for DATETIME is 6.

Oh, I guess this will not work with MySQL then: $account_open_date = date('d-m-Y H:i:m'); Thank You! EDIT: I am still having issues, unfortunately.

Bingo! All errors have been turned on: [Thu Jan 18 00:51:50.905149 2018] [php7:error] [pid 13738] [client 127.0.0.1:39012] PHP Fatal error: Uncaught mysqli_sql_exception: Incorrect datetime value: '18-01-2018 00:51:01' for column 'account_open_date' at row 1 in /var/www/html/soapbox/confirmation.php:17\nStack trace:\n#0 /var/www/html/soapbox/confirmation.php(17): mysqli_query(Object(mysqli), 'INSERT INTO pro...')\n#1 {main}\n thrown in /var/www/html/soapbox/confirmation.php on line 17, referer: http://localhost/soapbox/signup.php If that is not a suitable datetime value, then what is?

Okay, thank you, I will go ahead and follow the instructions of the poster before your previous response.

Uh.....no I do not think I do. Let me go and find that.

Like this, yeah? <?php $servername = "localhost"; $database = "soapbox"; $username = "root"; $password = "1234"; mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT); // Create connection $conn = mysqli_connect($servername, $username, $password, $database); mysqli_select_db($conn, $database); /*if (!$conn) { die("Connection failed: " . mysqli_connect_error()); } else { echo "Connection successful!"; } if (!mysqli_select_db($conn, $database)) { echo " Database not selected!"; } else { echo " Database selected!"; }*/ ?> EDIT: Not sure what I am supposed to be looking out for in the console, with this added.

Restarting the MySQL server did not help. I think the problem may be that I have one of the types set as DATETIME.

No I have/am not.

I think the query did not insert anything at all, if so I would have seen it in the database. Here is what the mysql log looks like (the apache log is error-free): 2018-01-17T23:07:04.089990Z 0 [Warning] Changed limits: max_open_files: 1024 (requested 5000) 2018-01-17T23:07:04.090083Z 0 [Warning] Changed limits: table_open_cache: 431 (requested 2000) 2018-01-17T23:07:04.274857Z 0 [Warning] TIMESTAMP with implicit DEFAULT value is deprecated. Please use --explicit_defaults_for_timestamp server option (see documentation for more details). 2018-01-17T23:07:04.456628Z 0 [Note] /usr/sbin/mysqld (mysqld 5.7.20-0ubuntu0.17.10.1) starting as process 905 ... 2018-01-17T23:07:04.905887Z 0 [Note] InnoDB: PUNCH HOLE support available 2018-01-17T23:07:04.905938Z 0 [Note] InnoDB: Mutexes and rw_locks use GCC atomic builtins 2018-01-17T23:07:04.905944Z 0 [Note] InnoDB: Uses event mutexes 2018-01-17T23:07:04.905947Z 0 [Note] InnoDB: GCC builtin __atomic_thread_fence() is used for memory barrier 2018-01-17T23:07:04.905950Z 0 [Note] InnoDB: Compressed tables use zlib 1.2.11 2018-01-17T23:07:04.905953Z 0 [Note] InnoDB: Using Linux native AIO 2018-01-17T23:07:04.925266Z 0 [Note] InnoDB: Number of pools: 1 2018-01-17T23:07:04.935852Z 0 [Note] InnoDB: Using CPU crc32 instructions 2018-01-17T23:07:04.936710Z 0 [Note] InnoDB: Initializing buffer pool, total size = 128M, instances = 1, chunk size = 128M 2018-01-17T23:07:04.946154Z 0 [Note] InnoDB: Completed initialization of buffer pool 2018-01-17T23:07:04.954066Z 0 [Note] InnoDB: If the mysqld execution user is authorized, page cleaner thread priority can be changed. See the man page of setpriority(). 2018-01-17T23:07:05.032222Z 0 [Note] InnoDB: Highest supported file format is Barracuda. 2018-01-17T23:07:05.339294Z 0 [Note] InnoDB: Creating shared tablespace for temporary tables 2018-01-17T23:07:05.339343Z 0 [Note] InnoDB: Setting file './ibtmp1' size to 12 MB. Physically writing the file full; Please wait ... 2018-01-17T23:07:05.578341Z 0 [Note] InnoDB: File './ibtmp1' size is now 12 MB. 2018-01-17T23:07:05.578839Z 0 [Note] InnoDB: 96 redo rollback segment(s) found. 96 redo rollback segment(s) are active. 2018-01-17T23:07:05.578847Z 0 [Note] InnoDB: 32 non-redo rollback segment(s) are active. 2018-01-17T23:07:05.579286Z 0 [Note] InnoDB: Waiting for purge to start 2018-01-17T23:07:05.629441Z 0 [Note] InnoDB: 5.7.20 started; log sequence number 2879136 2018-01-17T23:07:05.629751Z 0 [Note] InnoDB: Loading buffer pool(s) from /var/lib/mysql/ib_buffer_pool 2018-01-17T23:07:05.656916Z 0 [Note] Plugin 'FEDERATED' is disabled. 2018-01-17T23:07:06.308865Z 0 [Warning] Failed to set up SSL because of the following SSL library error: SSL context is not usable without certificate and private key 2018-01-17T23:07:06.308902Z 0 [Note] Server hostname (bind-address): '127.0.0.1'; port: 3306 2018-01-17T23:07:06.308917Z 0 [Note] - '127.0.0.1' resolves to '127.0.0.1'; 2018-01-17T23:07:06.308952Z 0 [Note] Server socket created on IP: '127.0.0.1'. 2018-01-17T23:07:06.372336Z 0 [Note] InnoDB: Buffer pool(s) load completed at 180117 17:07:06 2018-01-17T23:07:06.912378Z 0 [Note] Event Scheduler: Loaded 0 events 2018-01-17T23:07:06.912799Z 0 [Note] /usr/sbin/mysqld: ready for connections. Version: '5.7.20-0ubuntu0.17.10.1' socket: '/var/run/mysqld/mysqld.sock' port: 3306 (Ubuntu) 2018-01-17T23:07:06.912828Z 0 [Note] Executing 'SELECT * FROM INFORMATION_SCHEMA.TABLES;' to get a list of tables using the deprecated partition engine. You may use the startup option '--disable-partition-engine-check' to skip this check. 2018-01-17T23:07:06.912845Z 0 [Note] Beginning of list of non-natively partitioned tables 2018-01-17T23:07:07.431913Z 0 [Note] End of list of non-natively partitioned tables 2018-01-17T23:07:07.626505Z 3 [Note] Access denied for user 'root'@'localhost' (using password: NO) P.S. I will try restarting the server.

I am having another issue with inserting data into the database again. I am a bit tired at the moment, so pardon any mistakes/errors. I usually don't like to go to bed with problems unsolved. So, upon registration, the user is taken to a page with a message informing them that their data was sent to the server, yadda, yadda confirmation of account is need. However, when refreshing the database or the table, the newly registered user is not showing up in the database. Here's the particular piece of code that controls this (it appears to be fine to me): $username = mysqli_real_escape_string($conn, $_POST['username']); $password = mysqli_real_escape_string($conn, $_POST['password']); $hashed_password = mysqli_real_escape_string($conn, password_hash($password, PASSWORD_DEFAULT)); $email = mysqli_real_escape_string($conn, $_POST['email_address']); $confirmation_status = 0; $account_open_date = date('d-m-Y H:i:m'); $account_age = $account_open_date; $sqlinsert = "INSERT INTO profile0 (username, password, email_address, confirmation_status, account_open_date, account_age) VALUES ('$username', '$hashed_password', '$email', '$confirmation_status', '$account_open_date', '$account_age')"; $result = mysqli_query($conn, $sqlinsert); I must also note that prior to including variables account_open_date and account_age into the SQL statement, there were no errors and data was being inserted into the database with no problem. There are no errors in the error log on my end, I am pretty clueless.

Thanks, but 'tis this is no longer an issue, I've done it dynamically. Thank you for the help though!

Ahaha, quite the comedian, I assume so. Well, thank you!? Sorry for taking up valuable space with this thread, feel free to delete it.

Yes, I have done that, but at the top of each page I include a header file with Register|Login in the navbar. I want to figure out how to dynamically change it when the user is logged in. The process of checking if the user is logged in or not takes place in another file separate from the header file. What you've provided me above is already in my script.

Hi there PHPFreaks, phreak3r is back for the second time today! I have been trying to figure out how to implement a minor change here. When the user is not logged in, the nav bar will display Register/Login, that has already been accomplished. When the user is logged in, the nav bar should display logout. I am trying to figure out how to best go about doing that. Suggestions are greatly appreciated, thank you!

Thank you very much for your assistance Barand! This issue has been solved, you may close the thread to further discussion, please and thank you! Have a great day!

Thank You! I have fixed that silly mistake, but I am not taken to the main.php page upon logging on.

Hi there PHPFreaks, phreak3r here again. The thread I posted yesterday has been solved. If any staff come across this, please lock it to prevent further discussion; I would appreciate that, please and thank you! I am back with another problem! This forum is all contained in one page. I am doing a very basic login system for now (I will add in everything else in later) and it does not work. I go to submit the forum and the values are displayed in the url after the page refreshes. Here's the code for the login.php script involved: <?php 2 include('header.php'); 3 require('dbcon/dbcon.php'); 4 ?> 5 6 <?php 7 if (isset($_POST['submit'])) { 8 $username = mysqli_real_escape_string($conn, $_POST['username']); 9 $password = mysqli_real_escape_string($conn, $_POST['password']); 10 $sql = "SELECT * FROM profile0 WHERE username = '$username' "; 11 $query = mysqli_query($conn, $sql); 12 13 if (mysqli_num_rows($query) == 1) { 14 // init session 15 // redirect to new page 16 header('main.php'); 17 } 18 } 19 ?> 20 21 <!DOCTYPE html> 22 <html> 23 <head> 24 <title>soapbox - log in</title> 25 </head> 26 <body> 27 <form action="login.php" method"POST"> 28 <br><input type="text" name="username" placeholder="Username"><br> 29 <br><input type="password" name="password" placeholder="Password"><br> 30 <input type="submit" name="submit" value="Submit"> 31 </form> 32 </body> 33 </html> EDIT: No errors in the error log.