Saizuchi
New Members-
Posts
1 -
Joined
-
Last visited
Never
Contact Methods
-
AIM
Naishouyka
-
Website URL
http://www.akeboshi.net
Profile Information
-
Gender
Not Telling
-
Location
Dayton, Ohio
Saizuchi's Achievements
Newbie (1/5)
0
Reputation
-
I am trying to run a double security validation for an extremely cautious customer who wants a simple to read php coded validation script that: [b][o][/b] 1. Requires User to Submit to Database Values & Emails Site Owners the Information everytime before login. (Complete) [b][o][/b] 2. Requires User to Register Information. (Complete) [b][x][/b] 3. Requires User to Login. (Incomplete/Buggy) Site Example: [a href=\"http://p6.hostingprod.com/@idealrealtyusa.com/\" target=\"_blank\"]http://p6.hostingprod.com/@idealrealtyusa.com/[/a] access.php [code]<? if(empty($_SESSION[EmailID])) { header("location:login.php"); exit(); } else { if(empty($_SESSION[AgentID])) { header("location:validate.php"); exit(); } } ?>[/code] validate.php [code]<? require_once("conn.php"); if(isset($_POST[s1])) { $q1 = "select * from re2_agents where email = '$_POST[em]' and password = '$_POST[ps]' "; $r1 = mysql_query($q1) or die(mysql_error()); if(mysql_num_rows($r1) == '1') { //ok $a1 = mysql_fetch_array($r1); $_SESSION[AgentID] = $a1[AgentID]; $_SESSION[username] = $al[username]; $_SESSION[MaxOffers] = $a1[offers]; $_SESSION[AccountStatus] = $a1[AccountStatus]; $_SESSION[AccountType] = $a1[AccountType]; $_SESSION[AccountExpireDate] = $a1[ExpDate]; header("location:index.php"); exit(); } else { $error = "<font face=verdana color=red size=2><b>Invalid Email/Password!</b></font>"; } } //get the templates require_once("includes.php"); require_once("templates/HeaderTemplate.php"); require_once("templates/LoginTemplate.php"); require_once("templates/FooterTemplate.php"); ?>[/code] AuthTemplate.php [code]<form method=post action="login.php" name=eform onsubmit="return CheckEmail();"> <table align=center width=300> <caption align=center> <font face=verdana size=2><b>Email Confirmation</b></font><br> <?=$error?></caption> <tr> <td align=right>Email:</td> <td><input type=text name=email></td> </tr> <tr> <td align=right>Phone:</td> <td><input type=text name=phone></td> </tr> <tr> <td align=right>First Name:</td> <td><input type=text name=FirstName></td> </tr> <tr> <td align=right>Last Name:</td> <td><input type=text name=LastName></td> </tr> <tr> <td> </td> <td><input type=submit name=sa value="Submit"></td> </tr> </table> </form> <div align="center">All entries are case sensative.</div>[/code] LoginTemplate.php [code]<form method=post action="validate.php" name=lform onsubmit="return CheckLogin();"> <table align=center width=300> <caption align=center> <font face=verdana size=2><b>Login</b></font><br> <?=$error?></caption> <tr> <td align=right>Email:</td> <td><input type=text name=em></td> </tr> <tr> <td align=right>Password:</td> <td><input type=password name=ps></td> </tr> <tr> <td> </td> <td><input type=submit name=s1 value="Submit"></td> </tr> <tr> <td colspan=2 style="padding-top:20" align=center><a class=BlackLink href="r1.php">New User?</a> | <a class=BlackLink href="forgot.php">Forgot your password?</a></td> </tr> </table> </form> <div align="center">All entries are case sensative.</div>[/code] login.php [code]<? require_once("conn.php"); if(isset($_POST[sa])) { $qp = "insert into re2_authorize set EmailID = '', email = '$_POST[email]', phone = '$_POST[phone]', FirstName = '$_POST[FirstName]', LastName = '$_POST[LastName]' "; mysql_query($qp) or die(mysql_error()); $q1 = "select * from re2_authorize where email = '$_POST[email]'"; $r1 = mysql_query($q1) or die(mysql_error()); //send an email $to = "agents@idealrealtyusa.com"; $subject = "New Visitor $_POST[FirstName] $_POST[LastName]"; $message = "$_POST[FirstName] $_POST[LastName] has visited the site.\n\nInformation:\nName: $_POST[FirstName] $_POST[LastName]\nEmail: $_POST[email]\nTelephone: $_POST[phone]\n\nHave a great day!"; $headers = "MIME-Version: 1.0\n"; $headers .= "Content-type: text/plain; charset=iso-8859-1\n"; $headers .= "Content-Transfer-Encoding: 8bit\n"; $headers .= "From: $_SERVER[HTTP_POST] <$aset[ContactEmail]>\n"; $headers .= "X-Priority: 1\n"; $headers .= "X-MSMail-Priority: High\n"; $headers .= "X-Mailer: PHP/" . phpversion()."\n"; mail($to, $subject, $message, $headers); if(mysql_num_rows($r1) == '1') { //ok $a1 = mysql_fetch_array($r1); $_SESSION[EmailID] = $a1[EmailID]; $_SESSION[Email] = $a1[email]; $_SESSION[Phone] = $a1[phone]; $_SESSION[FirstName] = $al[FirstName]; $_SESSION[LastName] = $al[LastName]; header("location:validate.php"); exit(); } else { header("location:validate.php"); } } //get the templates require_once("includes.php"); require_once("templates/HeaderTemplate.php"); require_once("templates/AuthTemplate.php"); require_once("templates/FooterTemplate.php"); ?>[/code] Sample Locked Page: advanced.php [code]<? require_once("conn.php"); if(isset($_POST[s1])) { if(!empty($_POST[cat])) { $CatInfo = explode("|", $_POST[cat]); $c = $CatInfo[0]; if($CatInfo[1] > '0') { $s = $CatInfo[1]; } } if(!empty($_POST[search_country])) { $search_country = $_POST[search_country]; } if(!empty($_POST[search_state])) { $state = $_POST[search_state]; } if(!empty($_POST[search_city])) { $search_city = $_POST[search_city]; } if(!empty($_POST[search_PropertyType])) { $search_PropertyType = $_POST[search_PropertyType]; } if(!empty($_POST[MinPrice])) { $min = $_POST[MinPrice]; } if(!empty($_POST[MaxPrice])) { $max = $_POST[MaxPrice]; } if(!empty($_POST[MinRooms])) { $rooms1 = $_POST[MinRooms]; } if(!empty($_POST[MaxRooms])) { $rooms2 = $_POST[MaxRooms]; } if(!empty($_POST[MinBath])) { $bath1 = $_POST[MinBath]; } if(!empty($_POST[MaxBath])) { $bath2 = $_POST[MaxBath]; } if(!empty($_POST[AgentID])) { $agent = $_POST[AgentID]; } if(!empty($_POST[old])) { $before = $_POST[old]; } if(!empty($_POST[NearSchool])) { $school = $_POST[NearSchool]; } if(!empty($_POST[NearTransit])) { $transit = $_POST[NearTransit]; } if(!empty($_POST[NearPark])) { $park = $_POST[NearPark]; } if(!empty($_POST[OceanView])) { $ocean_view = $_POST[OceanView]; } if(!empty($_POST[LakeView])) { $lake_view = $_POST[LakeView]; } if(!empty($_POST[MountainView])) { $mountain_view = $_POST[MountainView]; } if(!empty($_POST[OceanWaterfront])) { $ocean_waterfront = $_POST[OceanWaterfront]; } if(!empty($_POST[LakeWaterfront])) { $lake_waterfront = $_POST[LakeWaterfront]; } if(!empty($_POST[RiverWaterfront])) { $river_waterfront = $_POST[RiverWaterfront]; } $url = "search.php?c=$c&s=$s&search_country=$_POST[search_country]&search_state=$_POST[search_state]&search_city=$_POST[search_city]&search_PropertyType=$_POST[search_PropertyType]&min=$min&max=$max&rooms1=$rooms1&rooms2=$rooms2&bath1=$bath1&bath2=$bath2&AgentID=$agent&before=$before&school=$school&transit=$transit&park=$park&ocean_view=$ocean_view&lake_view=$lake_view&mountain_view=$mountain_view&ocean_waterfront=$ocean_waterfront&lake_waterfront=$lake_waterfront&river_waterfront=$river_waterfront"; header("location:$url"); exit(); } require_once("includes.php"); require_once("access.php"); /* //create the category menu $CategoryMenu = "<select name=cat>\n\t<option value=\"\"></option>\n\t"; $q1 = "select * from re2_categories order by CategoryName"; $r1 = mysql_query($q1) or die(mysql_error()); if(mysql_num_rows($r1) > '0') { while($a1 = mysql_fetch_array($r1)) { $CategoryMenu .= "<option value=\"$a1[CategoryID]|0\">$a1[CategoryName]</option>\n\t"; //get the subcategories $q2 = "select * from re2_subcategories where CategoryID = '$a1[CategoryID]' order by SubcategoryName "; $r2 = mysql_query($q2) or die(mysql_error()); while($a2 = mysql_fetch_array($r2)) { $CategoryMenu .= "<option value=\"$a1[CategoryID]|$a2[SubcategoryID]\">$a1[CategoryName] - $a2[SubcategoryName]</option>\n\t"; } } } $CategoryMenu .= "</select>\n"; */ //create the state menu $StateMenu = "<select name=search_state>\n\t<option value=\"\">All States</option>\n\t"; $q1 = "select distinct state from re2_listings order by state"; $r1 = mysql_query($q1) or die(mysql_error()); if(mysql_num_rows($r1) > '0') { while($a1 = mysql_fetch_array($r1)) { $StateMenu .= "<option value=\"$a1[state]\">$a1[state]</option>\n\t"; } } $StateMenu .= "</select>\n"; //create the city menu $CityMenu = "<select name=search_city>\n\t<option value=\"\">All Cities</option>\n\t"; $q1 = "select distinct city from re2_listings order by city"; $r1 = mysql_query($q1) or die(mysql_error()); if(mysql_num_rows($r1) > '0') { while($a1 = mysql_fetch_array($r1)) { $CityMenu .= "<option value=\"$a1[city]\">$a1[city]</option>\n\t"; } } $CityMenu .= "</select>\n"; //create the country menu $CountryMenu = "<select name=search_country>\n\t<option value=\"\">All Countries</option>\n\t"; $q1 = "select distinct country from re2_listings order by country"; $r1 = mysql_query($q1) or die(mysql_error()); if(mysql_num_rows($r1) > '0') { while($a1 = mysql_fetch_array($r1)) { $CountryMenu .= "<option value=\"$a1[country]\">$a1[country]</option>\n\t"; } } $CountryMenu .= "</select>\n"; //create the PropertyType menu $TypeMenu = "<select name=search_PropertyType>\n\t<option value=\"\">Any Type</option>\n\t"; $q1 = "select distinct PropertyType from re2_listings order by PropertyType"; $r1 = mysql_query($q1) or die(mysql_error()); if(mysql_num_rows($r1) > '0') { while($a1 = mysql_fetch_array($r1)) { $TypeMenu .= "<option value=\"$a1[PropertyType]\">$a1[PropertyType]</option>\n\t"; } } $TypeMenu .= "</select>\n"; //create the Price Minimum menu $MinPrice = "<select name=min>\n\t<option value=\"\">Minimum</option>\n\t"; $q1 = "select distinct Price from re2_listings order by Price asc"; $r1 = mysql_query($q1) or die(mysql_error()); if(mysql_num_rows($r1) > '0') { while($a1 = mysql_fetch_array($r1)) { $prices .= "<option value=\"$a1[Price]\">$ $a1[Price]</option>\n\t"; } } $MinPrice .= $prices."</select>\n"; //create the max price menu $MaxPrice = "<select name=max>\n\t<option value=\"\">Maximum</option>\n\t"; $MaxPrice .= $prices."</select>\n"; //bedrooms $MinBed = "<select name=MinRooms>\n\t<option value=\"\">Minimum</option>\n\t"; for($i = '1'; $i <= '20'; $i++) { $bed .= "<option value=\"$i\">$i</option>\n\t"; } $MinBed .= $bed."</select>\n"; $MaxBed = "<select name=MaxRooms>\n\t<option value=\"\">Minimum</option>\n\t"; $MaxBed .= $bed."</select>\n"; //bathrooms $MinBath = "<select name=MinBath>\n\t<option value=\"\">Minimum</option>\n\t"; for($i = '1'; $i <= '10'; $i++) { $bath .= "<option value=\"$i\">$i</option>\n\t"; } $MinBath .= $bath."</select>\n"; $MaxBath = "<select name=MaxBath>\n\t<option value=\"\">Minimum</option>\n\t"; $MaxBath .= $bath."</select>\n"; //agents menu $q1 = "select AgentID, FirstName, LastName from re2_agents order by FirstName, LastName"; $r1 = mysql_query($q1) or die(mysql_error()); $AgentsMenu = "<select name=AgentID>\n\t<option value=\"\">Any Agent</option>\n\t"; if(mysql_num_rows($r1) > '0') { while($a1 = mysql_fetch_array($r1)) { $AgentsMenu .= "<option value=\"$a1[AgentID]\">$a1[FirstName] $a1[LastName]</option>\n\t"; } } $AgentsMenu .= "</select>\n"; require_once("templates/HeaderTemplate.php"); require_once("templates/AdvancedSearchTemplate.php"); if(!ereg("index.php", $_SERVER[SCRIPT_NAME])) { require_once("templates/FooterTemplate.php"); } ?>[/code][b]