Jump to content

mmarkym

New Members
  • Posts

    7
  • Joined

  • Last visited

Everything posted by mmarkym

  1. I'm using sha1 in my INSERT statement on the password field which works fine. It stores a string into a 40 character encryption in the DB. $str = "INSERT INTO users (fname, lname, date, street, city, state, zip, email, phone, username, password) VALUES ('$fname', '$lname', '$date', '$street', '$city', '$state', '$zip', '$email', '$phone', '$username', sha1('$password'))"; The problem is with the SELECT statement that retrieves the password field. The query does not work using sha1 on INSERT then SELECT but does work with the password field used alone. $query = "SELECT * FROM users WHERE username = '$user' AND password = sha1('$password')";
  2. I did a work around and everything works, almost. Instead of requiring the AccountLinks in header.php and requiring that in index.php, I put the AccountLinks.php require directive directly in index. My problem now is the sha1 algorithm. I am trying to encrypt password in signup and checkAuthentification by using SHA1(password). If I take away the sha1 algorithm everything works, otherwise not. mark
  3. Well, I know when I require header.php, which contains AccountLinks.php, in the pages, and toggle on and off(comment out) the require in header, the content shows. mark
  4. When I click on signup or login from the homepage, with good or bad info, I get a page with everything in header.php down to the php output. The logo, and heading, and a black background. The php is not outputting the signup form or login results. I think, furthermore, that the require statement at the bottom of header.php, AccountLinks.php, is the culprit somehow because when I comment it everything shows, except for, of course, AccountLinks.php. mark
  5. Hi, I'm using cookies and the $_SESSION global variable to create a login system. If visiting this newly enabled HTTPS site and you try to signup or login the content is somehow getting blocked. The signup and login scripts are attached and could hold the problem but I've found the fact that I required another file, AccountLinks.php(Which is the login form and logout link.) in my header file which is presenting the problem. If I comment out the require("AccountLinks.php"); than content is not blocked. I've attached header, AccountLinks, signup, and checkAuthentification(Login) below. The site is https://www.theatlanticmint.com header.php <!DOCTYPE html 5> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <link href="css/styleGrid.css" rel="stylesheet" /> <link href="../css/styleGrid.css" rel="stylesheet" /> <script src="js/addEventHandler.js"> </script> <script src="js/script.js"> </script> <title>The Atlantic Mint</title> </head> <body> <header> <span id="heading"><a href="index.php" class="homeLink">The Atlantic Mint</a> <span id="siteseal"><script async type="text/javascript" src="https://seal.godaddy.com/getSeal?sealID=VtwWAF1HXegBhXVgpiNqX5tUMNCN55ELFrrGpiELL5T4Y0TtqLTmuAIG7ADT"></script></span> <p id="saying">One TAM Digital Coin Is Equivalent To One Troy Ounce Silver</p> </span> <?php if (isset($_SESSION['login'])) { ?> <div id="splashImage"> <aside id="bear" class="item-one"> <video id="videoDean" controls height="80%" width="100%"> <source src="images/bears1.mp4" type="video/mp4"> Your browser doesn't support the HTML5 video tag. </video> <!--<img id="moneyPhoto" src="images/silverCoins.png" />--> </aside> </div> <?php } require("php/AccountLinks.php"); ?> </header> AccountLinks.php <div id="accountLinks"> <span id="imageCoins"><img id="accountImages" src="../images/coin5.png" /></span> <P>One TAM Silver In Physical Form</P> <?php session_start(); if (isset($_COOKIE['loggedIn'])) { if (!isset($_SESSION['login'])) { $_SESSION['login'] = $_COOKIE['loggedIn']; } } if (isset($_SESSION['login'])) { ?> <div id="accountHyperlinks"> <div id="logoutLink"><a href="php/logout.php" class="accountLink">LOGOUT</a></div> <?php echo "<span id=\"YouRLoggedIn\">You are logged in as:</span> <br />" . "<div id='loginResult'>" . $_SESSION['login'] . "</div>"; } else { ?> <!--<a href="authenticate.php" class="accountLink">LOGIN</a><br />--> <div class="forms"> <form method="post" action="php/checkAuthentification.php" id="loginForm"> <fieldset> <legend>Please log in:</legend> <div class="tblRow"> <label for="username">Username:</label> <input class="frmInput" type="text" name="username" id="username" placeholder="Enter a valid username." required aria-required="true" value="<?php echo isset($_SESSION['signupUser']) ? $_SESSION['signupUser'] : '' ; ?>" /><br /> <!-- <a href="forgotLogin.php" id="usernameRecover" class="smallLinks" name="userRecover">Forgot Username >></a> --> </div> <div class="tblRow"> <label for="password">Password:</label> <input class="frmInput" type="password" name="password" id="password" placeholder="Enter a valid password." required aria-required="true" /><br /> <!-- <a href="forgotLogin.php" id="passwordRecover" class="smallLinks" name="passRecover">Forgot Password >></a> --> </div> <div class="tblRow"> <input type="submit" name="login" id="login" value="Login" /> </div> </fieldset> </form> </div> <a href="php/signup.php" class="accountLink">SIGNUP</a> </div> <?php } ?> </div> signup.php <?php session_start(); require("header.php"); require('credentials.php'); if (isset($_COOKIE['signedup'])) { if (!isset($_SESSION['signupUser'])) { $_SESSION['signupUser'] = $_COOKIE['signedup']; } } if (isset($_SESSION['signupUser'])) { echo "<div id='loginResult'>You are already signed up as: <br />" . $_SESSION['signupUser'] . ". You may now login.</div>"; } ?> <a href="authenticate.php" class="accountLink">LOGIN </a> <?php if (isset($_POST['btnSignup'])) { $conn = mysqli_connect(DBHOST, DBUSER, DBPASS, DBNAME)or die("error with the connection"); $fname = mysqli_real_escape_string($conn, trim($_POST['fname'])); $lname = mysqli_real_escape_string($conn, trim($_POST['lname'])); $date = mysqli_real_escape_string($conn, trim($_POST['date'])); $street = mysqli_real_escape_string($conn, trim($_POST['street'])); $city = mysqli_real_escape_string($conn, trim($_POST['city'])); $state = mysqli_real_escape_string($conn, trim($_POST['state'])); $zip = mysqli_real_escape_string($conn, trim($_POST['zip'])); $email = mysqli_real_escape_string($conn, trim($_POST['email'])); $phone = mysqli_real_escape_string($conn, trim($_POST['phone'])); $username = mysqli_real_escape_string($conn, trim($_POST['username'])); $password = mysqli_real_escape_string($conn, trim($_POST['password'])); $query = "SELECT * FROM users WHERE email = '$email'"; $dataSet = mysqli_query($conn, $query) or die("Error with the signup email query."); if (mysqli_num_rows($dataSet) === 0) { $row = mysqli_fetch_array($dataSet); $_SESSION['signupUser'] = $username; setcookie('signedup', 'allready', time() + 36 * 24); $str = "INSERT INTO users (fname, lname, date, street, city, state, zip, email, phone, username, password) VALUES ('$fname', '$lname', '$date ', '$street', '$city', '$state', '$zip', '$email', '$phone', '$username', sha1('$password'))"; mysqli_query($conn, $str)or die('error with the signup query'); //gather the data $str2 = "SELECT * FROM users WHERE email = '$email'"; $result = mysqli_query($conn, $str2) or die("Error with the signup email query."); $row2 = mysqli_fetch_array($result); echo "<div id=\"registerResults\">"; echo "<h3>Signup Results</h3>"; echo $row2['fname'] . "<br />"; echo $row2['lname'] . "<br />"; echo $row2['date'] . "<br />"; echo $row2['street'] . "<br />"; echo $row2['city'] . "<br />"; echo $row2['state'] . "<br />"; echo $row2['zip'] . "<br />"; echo $row2['email'] . "<br />"; echo $row2['phone'] . "<br />"; echo $row2['username'] . "<br />"; echo $row2['password'] . "<br />"; echo "<p>This user has successfully signed up and can now <a href=\"authenticate.php\" id=\"smLogin\">log in</a></p>"; $hideForm = true; $home_url = 'http://' . $_SERVER['HTTP_HOST'] . '/index.php'; header('Location: ' . $home_url); echo "</div>"; } else { echo '<p class="else">That email already exists. Please use a different email or log in.</p>'; } } if (!$hideForm) { ?> <section> <article> <div id="frmSignup" class="forms"> <fieldset> <legend>Please Sign Up:</legend> <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post" name="frmSignup" id="frmSignup"> <h3 id="contactHeading">Signup Form:</h3> <div class="frmRow"><label for="fname">First Name:</label><input type="text" id="fname" name="fname" value="<?php echo isset($fname) ? $fname : ''; ?>" placeholder="Enter First Name" autofocus></div> <div class="frmRow"><label for="lname">Last Name:</label><input type="text" id="lname" name="lname" value="<?php echo isset($lname) ? $lname : ''; ?>" placeholder="Enter Last Name"></div> <div class="frmRow"><label for="date">Today's Date:</label><input type="datetime" id="date" name="date" value="<?php echo isset($date) ? $date : ''; ?>" placeholder="Enter Today's Date"></div> <div class="frmRow"><label for="street">Street:</label><input type="text" id="street" name="street" value="<?php echo isset($street) ? $street : ''; ?>" placeholder="Enter Street"></div> <div class="frmRow"><label for="city">City/Town:</label><input type="text" id="city" name="city" value="<?php echo isset($city) ? $city : ''; ?>" placeholder="Enter City"></div> <div class="frmRow"><label for="state">State:</label><input type="text" id="state" name="state" value="<?php echo isset($state) ? $state : ''; ?>" placeholder="Enter State" list="states"></div> <datalist id="states"> <select> <option value="AL">Alabama</option> <option value="AK">Alaska</option> <option value="AZ">Arizona</option> <option value="AR">Arkansas</option> <option value="CA">California</option> <option value="CO">Colorado</option> <option value="CT">Connecticut</option> <option value="DE">Delaware</option> <option value="DC">District Of Columbia</option> <option value="FL">Florida</option> <option value="GA">Georgia</option> <option value="HI">Hawaii</option> <option value="ID">Idaho</option> <option value="IL">Illinois</option> <option value="IN">Indiana</option> <option value="IA">Iowa</option> <option value="KS">Kansas</option> <option value="KY">Kentucky</option> <option value="LA">Louisiana</option> <option value="ME">Maine</option> <option value="MD">Maryland</option> <option value="MA">Massachusetts</option> <option value="MI">Michigan</option> <option value="MN">Minnesota</option> <option value="MS">Mississippi</option> <option value="MO">Missouri</option> <option value="MT">Montana</option> <option value="NE">Nebraska</option> <option value="NV">Nevada</option> <option value="NH">New Hampshire</option> <option value="NJ">New Jersey</option> <option value="NM">New Mexico</option> <option value="NY">New York</option> <option value="NC">North Carolina</option> <option value="ND">North Dakota</option> <option value="OH">Ohio</option> <option value="OK">Oklahoma</option> <option value="OR">Oregon</option> <option value="PA">Pennsylvania</option> <option value="RI">Rhode Island</option> <option value="SC">South Carolina</option> <option value="SD">South Dakota</option> <option value="TN">Tennessee</option> <option value="TX">Texas</option> <option value="UT">Utah</option> <option value="VT">Vermont</option> <option value="VA">Virginia</option> <option value="WA">Washington</option> <option value="WV">West Virginia</option> <option value="WI">Wisconsin</option> <option value="WY">Wyoming</option> </select> </datalist> <div class="frmRow"><label for="zip">Zip Code:</label><input type="text" id="zip" name="zip" value="<?php echo isset($zip) ? $zip : ''; ?>" placeholder="Enter Zip Code"></div> <div class="frmRow"><label for="email">Email:</label><input type="email" id="email" name="email" placeholder="Enter a valid Email"></div> <div class="frmRow"><label id="phoneLabel" for="phone">Phone:</label><input type="tel" id="phone" name="phone" aria-required="true" required value="<?php echo isset($phone) ? $phone : ''; ?>" placeholder="Enter Phone Number" /></div> <div class="frmRow"><label for="username">Username:</label><input type="username" id="username" name="username" placeholder="Enter a valid username" value="<?php echo isset($username) ? $username : ''?>"</div> <div class="frmRow"><label for="password">Password:</label><input type="password" id="password" name="password" placeholder="Enter a valid password" value="<?php echo isset($password) ? $password : ''?>"</div> <input type="submit" value="Sign Me Up" id="btnSignup" name="btnSignup"> </form> </fieldset> </div> </article></section> <?php } require('php/footer.php'); ?> and checkAuthentification.php <?php session_start(); require("header.php"); require('credentials.php'); if (isset($_POST['login'])) { $connection = mysqli_connect(DBHOST, DBUSER, DBPASS, DBNAME)or die('error with the connection');//DBHOST, DBUSER, DBPASS, DBNAME $user = mysqli_real_escape_string($connection, trim($_POST['username'])); $password = mysqli_real_escape_string($connection, trim($_POST['password'])); $query = "SELECT * FROM users WHERE username = '$user' AND password = sha1('$password')"; $result = mysqli_query($connection, $query)or die('error with the login query'); while ($row = mysqli_fetch_array($result)) { if ($user == $row['username'] && $password == $row['password']) { if (mysqli_num_rows($result) !== 0) { setcookie('loggedIn', 'allset', time()+60*60*24*30); $_SESSION['login'] = "<br /><span>". " " . " <div class='resultRows'><span class=\"rowResults\">" . "Username:</span> <span class=\"fields\">" . $row['username'] . "</span></div>" . " <div class='resultRows'><span class=\"rowResults\">" . "Full Name:</span> <span class=\"fields\">" . $row['fname'] . " " . $row['lname'] . "</span></div>" . " <div class='resultRows'><span class=\"rowResults\">" . "Street:</span> <span class=\"fields\">" . $row['street']. "</span></div>" . " <div class='resultRows'><span class=\"rowResults\">" . "City/Town:</span> <span class=\"fields\">" . $row['city'] . "</span></div>". " <div class='resultRows'><span class=\"rowResults\">" . "State:</span> <span class=\"fields\">" . $row['state'] . "</span></div>" . " <div class='resultRows'><span class=\"rowResults\">" . "Zip-Code:</span> <span class=\"fields\">" . $row['zip'] . "</span></div>". " <div class='resultRows'><span class=\"rowResults\">" . "Email:</span> <span class=\"fields\">" . $row['email'] . "</span></div>" . " <div class='resultRows'><span class=\"rowResults\">" . "Phone:</span> <span class=\"fields\">" . $row['phone'] . "</span></div>". " <div class='resultRows'><span class=\"rowResults\">" . "Date:</span> <span class=\"fields\">" . $row['date'] . "</span></div>". "</span>"; echo "<p></p>"; } else { echo "No such record."; } } } } //} if (!isset($_SESSION['login'])) { ?> <section> <article> <div class="forms"> <div id="login"> <h3>Log In:</h3> <form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>" id="loginForm"> <fieldset> <legend>Please log in:</legend> <div class="tblRow"> <label for="username">Username:</label> <input class="frmInput" type="text" name="username" id="username" placeholder="Enter a valid username." required aria-required="true" value="<?php echo isset($_SESSION['signupUser']) ? $_SESSION['signupUser'] : '' ; ?>" /> </div> <div class="tblRow"> <label for="password">Password:</label> <input class="frmInput" type="password" name="password" id="password" placeholder="Enter a valid password." required aria-required="true" /> </div> <div class="tblRow"> <input type="submit" name="login" id="login" /> </div> </fieldset> </form> </div><!--end login div--> </div> </article></section> <?php } else { echo "You are now logged in " . $_SESSION['login']; $home_url = 'http://' . $_SERVER['HTTP_HOST'] . '/index.php'; header('Location: ' . $home_url); } ?>
  6. I've found this information and found the signedup cookie is being set. What happens is the signup and login page are blank because that.s where I set the cookies. Anyway have a look at my site and I need to know what I do with the browser information to fix the problem. my signup page is signup.php. The login page is authenticate.php. add php/ at the end of the url to get the correct path to these pages. https://www.theatlanticmint.com mark
  7. I've recently upgraded my site to secure HTTPS from HTTP. Now my cookies won't work. I've read you have to add the secure attribute, setting it to 1 but not sure how to do this. Anyway my cookies are- setcookie('loggedIn', '$user', time() + 36 * 24); and setcookie('signedup', $username, time() + 36 * 24); I'm then combining them with the global $_SESSION variable to create a login system. if (isset($_COOKIE['signedup'])) { if (!isset($_SESSION['signupUser'])) { $_SESSION['signupUser'] = $_COOKIE['signedup']; } } if (isset($_SESSION['signupUser'])) { and the login page. session_start(); if (isset($_COOKIE['loggedIn'])) { if (!isset($_SESSION['login'])) { $_SESSION['login'] = $_COOKIE['loggedIn']; } } if (isset($_SESSION['login'])) { thanks mark
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.