Jump to content

redarrow

Members
  • Content Count

    7,306
  • Joined

  • Last visited

Everything posted by redarrow

  1. my code not working it like the $sql->bindParam all fail please help $user_paypal_email=$_POST['user_paypal_email']; $user_skype_name=$_POST['user_skype_name']; $user_package_type=$_POST['user_package_type']; if( ($user_date_added) && ($user_id) && ($user_paypal_email) && ($user_skype_name) && ($user_package_type) ){ $conn = new PDO("mysql:host=$dbhost; dbname=$dbname", $dbusername, $dbpassword); $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); $sql = ("INSERT INTO user_add (`user_id`, `user_paypal_email` , `user_skype_name` , `user_package_type` , `user_date_added` ) VALUES (:user_id, :user_paypal_email, :user_skype_name, :user_package_type, :user_date_added )"); $sql->bindParam(':user_id', $user_id, PDO::PARAM_STR); $sql->bindParam(':user_paypal_email', $user_paypal_email, PDO::PARAM_STR); $sql->bindParam(':user_skype_name', $user_skype_name, PDO::PARAM_STR); $sql->bindParam(':user_package_type', $user_package_type, PDO::PARAM_STR); $sql->bindParam(':user_date_added', $user_date_added, PDO::PARAM_STR); $sql->exec($sql);
  2. Thank you i am learning thank you for teaching me , i will print it all out and try and understand it all ... Thanks for your help . Regards john ..
  3. Is the order correct cid should be uid
  4. I agree with you but as a one night shit was not bad at all , yes it was a way for me to learn but like i say since i have found a good tutorial i change the code as i go , off course i am not going to use the code online in real life . Can you point out the way your think that a hacker can do wrong ..... Buy the way it was a pdo first go i am just learning pdo , php i am ok on. Dont no how you see only 88 times with my shuffle code .... Ps. If you look at the code you got to have the session set as admin before you can even use the page , so i dont no how anyone can set a session as admin if there not going thru the database and getting the session set , if the session not set then the session can not be set in the url ,,,, unless your saying there a way to set a session in a url but how???
  5. If your comming from the old mysql or the old mysqli i suggest a really good tutorail I was having really bad problams understanding All night , the totrial given to me above was to hard to understand , I come across a really good example Know i want throw my computer in the road . http://wiki.hashphp.org/PDO_Tutorial_for_MySQL_Developers#Fetch_Modes The above link is really easy to undestand as it exsplaines from mysql to pdo and it differences Which really helps . Please read it you wont regreat it. http://wiki.hashphp.org/PDO_Tutorial_for_MySQL_Developers#Fetch_Modes My code i posted as solved is not solved in a perfect way , as pdo has a way to stop hackers getting in or changeing info using a ? Place holder so as i learn i will rebuild my code properly and not cry like a child....
  6. <?php session_start(); error_reporting(0); @ini_set('display_errors', 0); if(!$_SESSION['username']=="admin"){ header("location: member_login.php"); exit; } $dbhost = "localhost"; $dbname = " "; $dbusername = "root"; $dbpassword = ""; if(isset($_POST['submit'])){ $user_date_added=date('m.d.y'); function randomGen($min, $max, $quantity) { $numbers = range($min, $max); shuffle($numbers); return array_slice($numbers, 0, $quantity); } $num=(randomGen(0,6,6)); $user_id=implode($num); $user_paypal_email=$_POST['user_paypal_email']; $user_skype_name=$_POST['user_skype_name']; $user_package_type=$_POST['user_package_type']; if( ($user_date_added) && ($user_id) && ($user_paypal_email) && ($user_skype_name) && ($user_package_type) ){ $conn = new PDO("mysql:host=$dbhost;dbname=$dbname", $dbusername, $dbpassword); $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); $sql = "INSERT INTO user_add (`user_id`, `user_paypal_email` , `user_skype_name` , `user_package_type` , `user_date_added` ) VALUES('$user_id', '$user_paypal_email' , '$user_skype_name' , '$user_package_type' , '$user_date_added' )"; // use exec() because no results are returned $conn->exec($sql); echo "Please add another <a href='admin_add_user.php'>HERE</a>"; exit; $conn = null; }else{ echo "Please try agin <a href='admin_add_user.php'>HERE</a>"; exit; } } ?> SOLVED solved it my self........
  7. That dont help me at all, i am like a spastic i am trying to post from a form, if i can not add variables ,i might as well throw my pc throw the wall, and burn it in the middle of the road ,then go and find who made pdo and just kill them with a hammer............
  8. i don't understand please give me a full example cheers. the top example is fully pdo? are you telling me ever think i no on mysql is gone not here no more at all???????
  9. i keep getting database error please help... ! ) Deprecated: mysql_real_escape_string(): The mysql extension is deprecated and will be removed in the future: use mysqli or PDO instead in C:\wamp\www\seotoolsgroupbuys\done\admin_add_user.php on line 28 i have tried pdo and mysql and mysqli please help....... <?php $dbhost = "localhost"; $dbname = " "; $dbusername = "root"; $dbpassword = "liononabridge"; $link = new PDO("mysql:host=$dbhost;dbname=$dbname",$dbusername,$dbpassword); $link->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); try { $statement = $link->prepare ("INSERT INTO user_add (`id`, `user_id`, `user_paypal_email`, `user_skype_name`, `user_package_type`, `user_date_added`) ) VALUES(NULL, NULL, 'john@paypal.com', 'nicky@skpe.com', 'Keyword Tool', '22112017')"); $statement->execute(array("Bob","Desaunois",18)); } catch(PDOException $e) { echo $e->getMessage(); } ?> here what i got and still error <?php //Turn the erros off , so when file deleted no php and mysql error..... //error_reporting(0); //@ini_set('display_errors', 0); $servername = "localhost"; $username = "root"; $password = "liononabridge"; $conn = mysqli_connect($servername, $username, $password); if (!$conn) { die("Connection failed: " . mysqli_connect_error()); } if(isset($_POST['submit'])){ // add a date $user_date_added=date('m.d.y'); //post all the varables to the database. $user_paypal_email=mysql_real_escape_string($_POST['user_paypal_email']); $user_skype_name=mysql_real_escape_string($_POST['user_skype_name']); $user_package_type=mysql_real_escape_string($_POST['user_package_type']); mysqli_select_db($conn, "seotoolsgorpbuys_tool"); mysqli_query($conn, "INSERT INTO add_user (`id` , `user_id `, `user_paypal_email` , `user_skype_name` , `user_package_type` , `user_date_added` ) VALUES( NULL , NULL , '$user_paypal_email' , '$user_skype_name' , '$user_package_type' , '$user_date_added' )"); echo "New record created successfully"; exit; } ?> SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ') VALUES(NULL, NULL, 'john@paypal.com', 'nicky@skpe.com', 'Keyword Tool', ' at line 1
  10. try a different loop then can help. i am still running towards processing power it a processing problem. it works fine fast until it hits the loop that right.
  11. what pc you got, maybe it comes down to the processing speed or ram.
  12. Not tested but the full code....... tincker with it ateast try it......... <?php $db=mysql_connect("localhost","username","password"); $result=mysql_create_db("database_name",$db)or die ('Database connection error'.mysql_errow()); if(isset($_POST['submit'])){ $email=mysql_real_escape_string($_POST['email']); $email=mysql_real_escape_string($_POST['r_email']); $s_info=mysql_real_escape_string($_POST['s_info']); $r=mysql_real_escape_string($_POST['r']); if(!preg_match("/[A-Za-z0-9\_\-]+@[A-Za-z0-9\-\_]+.[a-zA-Z0-9]+/",$email)){ echo"Sorry but your email is not valid"; } if( empty($email) || empty($r_email) || empty($s_info)){ echo"Please fill in all the form!"; } if($email()) if($email==$r_email){ $sql="select * table where email='$email' and s_info='$_info'"; $res=mysql_query($sql)or die('Mysql select error'.mysql_error()); if(mysql_num_rows($res)==1){ $r=rand(0,999999); $password=md5(sha1(md5($r))); $up="update table set password='$password' where email='$email' and s_info='$s_info'"; $res2=mysql_query($up)or die('Mysql update error'.mysql_error()); if(mysql_affected_rows($res)){ $email=$eamil; $pasword=$r; $Messages='Thank you enjoy your new adventure here your password!'; // $to = $email; // set the email address.......... $subject = 'Forgor Password!'; //subject of the email //$mes is using caternation . << a dot $mes = "Hello; $email <br><br> You have recieved an email from us about a new password<br><br>"; $mes .= "This message below is for your convenience. <br><br> ****************************** <br><br>"; $mes .= $email; $mes .= "<br><br>"; $mes .= "Password: "; $mes .= $password; $mes .= "<br><br>"; $mes .= "Message: "; $mes .= $Messages; $mes .= "<br><br>****************************** <br><br>This Is An Automatically Generated Message, Do Not Repond!"; $message = $mes; $headers = 'X-Mailer: PHP/' . phpversion() . "\r\n" . "MIME-Version: 1.0\r\n" . "Content-Type: text/html; charset=utf-8\r\n" . "Content-Transfer-Encoding: 8bit\r\n\r\n"; // we are saying if the email is ent tell us using the email function. if(mail($to, $subject, $message, $headers)){ // message was sent. echo " MAIL WAS SENT TO $to!"; }else{ // message was not sent. echo " SORRY NO MESSAGE SENT TO $to"; } echo"Thank you your new password been updated! <br>please now log in!"; } }else{ echo"Sorry we dont have a account with that info please try agin or join us!"; } }else{ echo"Sorry your emails diidnt match please try agin!"; } } ?> // header.php <center> <form method="POST" action="<?php $_SERVER['PHP_SELF']; ?>"> <br><br> please enter your email address! <br><br> <input type="text" name="email"> <br><br> please re enter your email address! <br><br> <input type="text" name="r_email"> <br><br> please enter your specil info <br><br> <input type="POST" name="s_info"> <br><br> <input type="submit" name="submit" value="Password Request"> </form> </center> //footer.php
  13. Example only ok not tested but somethink to work on........... <?php if(isset($_POST['submit'])){ $email=mysql_real_escape_string($_POST['email']); $s_info=mysql_real_escape_string($_POST['s_info']); $sql="select * table where email='$email' and s_info='$_info'"; $res=mysql_query($sql)or die(mysql_error()); if(mysql_num_rows($res)==1){ $r=rand(0,999999); $password=md5(sha1(md5($r))); $up="update table set password='$password' where email='$email' and s_info='$s_info'"; $res2=mysql_query($up)or die(mysql_error()); if(mysql_affected_rows($res)){ echo"Thank you your new password been updated! <br>please now log in!"; } }else{ echo"Sorry we dont have a account with that info please try agin or join us!"; } } ?> // header.php <center> <form method="POST" action="<?php $_SERVER['PHP_SELF']; ?>"> <br><br> please enter your email address! <br><br> <input type="text" name="email"> <br><br> please enter your specil info <br><br> <input type="POST" name="s_info"> <br><br> <input type="submit" name="submit" value="Password Request"> </form> </center> //footer.php
  14. Look create a form asking the user to enter there email address, and also somethink else u no only what's in the database from joining your website. Add your header and footer, call it forget_password.php. Then add a link underneith the enter password form. call the link example forgot password....... afther doing all that, goto the forget_password.php page and create the code........ all you need is a simple update statement updating the password, where email and specil info match there database entrys.........
  15. CORRECT if a user wants to recover a password you then have to create one for them, and send it via email or text.... you update the database via there id or email address..... then when the users logs in then they can change there password to a unique password name.........
  16. What ive been told and been using and was recommended from the zend group... And yes it true you can add all diffrent methods for password protection..... Dont forget it not just the code that we need to protect passwords, we also need the user to understand to use proper password names .... MOST WEBSITES AND PROGRAMMERS SEND THE USER THERE PASSWORD FOR SECUITY REASONS.. pps. please dont also underestamate the md5 function on it own, if you have told your users to use very fine passwords in a order that makes only sence to them the md5 is a grate powerfull function..... <?php // post password $password=$_POST['password']; //This is a common password name well unprotected... //passwords should be charecter djddj number 34443 charecter even mixed better.... $password="god"; echo " this is the password uncrypted $password it unsecure <br><br>"; // let secure the password with md5. $password=md5($password); echo"<br><br> this password $password is secure one way not able to be uncripted <br><br>"; // now the password is in a md5 format and encrypted you think it's secure wrong, // becouse the name off the password was a normall everyday name like god it not, //secure, there are hundreds off databases that collect encripted passwords, with the format off //md5, and others. //let realy secure password. $password=md5(sha1(md5($password))); echo" This is my password $password very secure"; // there issent no database that supports yet the un encryption to uncript // md5 and sh1 then md5 out there, Even if it exists it be very hard to get the // encrypted password correctly formatted.... ?>
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.