Jump to content

Skeleten Neteleks

Members
 View Profile  See their activity

  • Posts

    51

  • Joined

  • Last visited

    Never

 Content Type 

Everything posted by Skeleten Neteleks

  1. Skeleten Neteleks
    I'm missing something obvious aren't I!
  2. Skeleten Neteleks
    Actually this issue has popped up again. I am seeking help with my hosting company (no longer doing it in-house) but preliminary diagnosis seems to indicate that the script is fine... and their servers don't have any restrictions... about who mail is sent to... please help!!!
  3. Skeleten Neteleks
    I'll settle for passwording in Word for now! Another question (tell me if I'm asking for too much)... I will at some point be writing up a rather large form, preferrably in HTML so I don't get muddled up in PHP code. The form should post to a PHP file which: 1. Sends the user a html email which contains the form values, and... 2. Sends the user to a html page generated by the same code used for the email message Feel free to tell me to bugger off at any point! thanks
  4. Skeleten Neteleks
    Nevermind, we're using an in-house web server on the intranet. I ran the script on my 34sp.com PHP enabled server and it worked fine. thanks anyway
  5. Skeleten Neteleks
    Hi, I am using the script below to send two html emails. One goes to my personal hotmail address (which is set in the PHP script), and the other goes to an email address which is typed into the form. I have tested both methods and I have no problem receiving the email to my hotmail address. I have tried addresses ending in @webnet2000.net and @tiscali.co.uk and @fsmail.net - no email received on any of them. Junk folders are empty and there are no known spam blockers in effect. Can anyone tell me where I'm going wrong? [code]<?php function wpautop($pee, $br = 1) {         $pee = $pee . "\n"; // just to make things a little easier, pad the end         $pee = preg_replace('|<br />\s*<br />|', "\n\n", $pee);         // Space things out a little         $pee = preg_replace('!(<(?:table|thead|tfoot|caption|colgroup|tbody|tr|td|th|div|dl|dd|dt|ul|ol|li|pre|select|form|blockquote|address|math|p|h[1-6])[^>]*>)!', "\n$1", $pee);         $pee = preg_replace('!(</(?:table|thead|tfoot|caption|colgroup|tbody|tr|td|th|div|dl|dd|dt|ul|ol|li|pre|select|form|blockquote|address|math|p|h[1-6])>)!', "$1\n\n", $pee);         $pee = str_replace(array("\r\n", "\r"), "\n", $pee); // cross-platform newlines         $pee = preg_replace("/\n\n+/", "\n\n", $pee); // take care of duplicates         $pee = preg_replace('/\n?(.+?)(?:\n\s*\n|\z)/s', "$1<p>\n", $pee); // make paragraphs, including one at the end         $pee = preg_replace('|<p>\s*?</p>|', '', $pee); // under certain strange conditions it could create a P of entirely whitespace         $pee = preg_replace('!<p>\s*(</?(?:table|thead|tfoot|caption|colgroup|tbody|tr|td|th|div|dl|dd|dt|ul|ol|li|hr|pre|select|form|blockquote|address|math|p|h[1-6])[^>]*>)\s*</p>!', "$1", $pee); // don't pee all over a tag         $pee = preg_replace("|<p>(<li.+?)</p>|", "$1", $pee); // problem with nested lists         $pee = preg_replace('|<p><blockquote([^>]*)>|i', "<blockquote$1><p>", $pee);         $pee = str_replace('</blockquote></p>', '</p></blockquote>', $pee);         $pee = preg_replace('!<p>\s*(</?(?:table|thead|tfoot|caption|colgroup|tbody|tr|td|th|div|dl|dd|dt|ul|ol|li|hr|pre|select|form|blockquote|address|math|p|h[1-6])[^>]*>)!', "$1", $pee);         $pee = preg_replace('!(</?(?:table|thead|tfoot|caption|colgroup|tbody|tr|td|th|div|dl|dd|dt|ul|ol|li|pre|select|form|blockquote|address|math|p|h[1-6])[^>]*>)\s*</p>!', "$1", $pee);         if ($br) $pee = preg_replace('|(?<!<br />)\s*\n|', "<br />\n", $pee);         $pee = preg_replace('!(</?(?:table|thead|tfoot|caption|tbody|tr|td|th|div|dl|dd|dt|ul|ol|li|pre|select|form|blockquote|address|math|p|h[1-6])[^>]*>)\s*<br />!', "$1", $pee);         $pee = preg_replace('!<br />(\s*</?(?:p|li|div|dl|dd|dt|th|pre|td|ul|ol)>)!', '$1', $pee);         $pee = preg_replace('!(<pre.*?>)(.*?)</pre>!ise', " stripslashes('$1') .  stripslashes(clean_pre('$2'))  . '</pre>' ", $pee);         return stripslashes($pee); } $name = stripslashes($_POST['name']); $date = $_POST['date']; $email = $_POST['email']; $message = wpautop($_POST['message']);     //change this to your email.     $to1 = "someone@hotmail.com";     $from1 = "noreply@domain.com";     $subject1 = "$name's profile - $date";     //change this to your email.     $to2 = "$email";     $from2 = "noreply@domain.com";     $subject2 = "$name's profile - $date";     //begin of HTML message     $message1 = <<<EOF <html> <head></head> <body> Message: $message </body> </html> EOF; $message2 = <<<EOF <html> <head></head> <body> Message: $message </body> </html> EOF;     //end of message     $headers1  = "From: $from1\r\n";     $headers1 .= "Content-type: text/html\r\n";     $headers2  = "From: $from2\r\n";     $headers2 .= "Content-type: text/html\r\n";     //options to send to cc+bcc     //$headers .= "Cc: [email][/email]";     //$headers .= "Bcc: [email][/email]";     header("Location: thankyou.html");     // now lets send the email.     mail($to1, $subject1, $message1, $headers1);     mail($to2, $subject2, $message2, $headers2); ?>[/code]
  6. Skeleten Neteleks
    I also need to add links to some of the word document files that are on the server. I figure I can put the links in the "Description" box on my database? At the moment, anyone can download the word documents if they explore the diretcories of my site. Is there any way to use php to password protect the word document files so that only the clients on the database can access them for download? I will use Word's password feature in the meantime, but I don't know how secure that will be... I tried googling this but I kept getting mistaken results and it's just frustrating!!!
  7. Skeleten Neteleks
    No takers? dang... thanks anyway
  8. Skeleten Neteleks
    Hi, I use the code below to send a html email which retains the paragraph formatting of form fields such as text areas and removes unwanted slashes. The problem is that any form field I use this script with, makes a white space above and below the data entered into the form field. For example, if someone types in a textarea "Hello world", it will display in my email message as: " Hello world " (the speech marks are used to indicate the extra space being added). Is there any way to stop the extra space being added? Please help! the offending code is below: [code]<?php function wpautop($pee, $br = 1) {         $pee = $pee . "\n"; // just to make things a little easier, pad the end         $pee = preg_replace('|<br />\s*<br />|', "\n\n", $pee);         // Space things out a little         $pee = preg_replace('!(<(?:table|thead|tfoot|caption|colgroup|tbody|tr|td|th|div|dl|dd|dt|ul|ol|li|pre|select|form|blockquote|address|math|p|h[1-6])[^>]*>)!', "\n$1", $pee);         $pee = preg_replace('!(</(?:table|thead|tfoot|caption|colgroup|tbody|tr|td|th|div|dl|dd|dt|ul|ol|li|pre|select|form|blockquote|address|math|p|h[1-6])>)!', "$1\n\n", $pee);         $pee = str_replace(array("\r\n", "\r"), "\n", $pee); // cross-platform newlines         $pee = preg_replace("/\n\n+/", "\n\n", $pee); // take care of duplicates         $pee = preg_replace('/\n?(.+?)(?:\n\s*\n|\z)/s', "<p>$1</p>\n", $pee); // make paragraphs, including one at the end         $pee = preg_replace('|<p>\s*?</p>|', '', $pee); // under certain strange conditions it could create a P of entirely whitespace         $pee = preg_replace('!<p>\s*(</?(?:table|thead|tfoot|caption|colgroup|tbody|tr|td|th|div|dl|dd|dt|ul|ol|li|hr|pre|select|form|blockquote|address|math|p|h[1-6])[^>]*>)\s*</p>!', "$1", $pee); // don't pee all over a tag         $pee = preg_replace("|<p>(<li.+?)</p>|", "$1", $pee); // problem with nested lists         $pee = preg_replace('|<p><blockquote([^>]*)>|i', "<blockquote$1><p>", $pee);         $pee = str_replace('</blockquote></p>', '</p></blockquote>', $pee);         $pee = preg_replace('!<p>\s*(</?(?:table|thead|tfoot|caption|colgroup|tbody|tr|td|th|div|dl|dd|dt|ul|ol|li|hr|pre|select|form|blockquote|address|math|p|h[1-6])[^>]*>)!', "$1", $pee);         $pee = preg_replace('!(</?(?:table|thead|tfoot|caption|colgroup|tbody|tr|td|th|div|dl|dd|dt|ul|ol|li|pre|select|form|blockquote|address|math|p|h[1-6])[^>]*>)\s*</p>!', "$1", $pee);         if ($br) $pee = preg_replace('|(?<!<br />)\s*\n|', "<br />\n", $pee);         $pee = preg_replace('!(</?(?:table|thead|tfoot|caption|tbody|tr|td|th|div|dl|dd|dt|ul|ol|li|pre|select|form|blockquote|address|math|p|h[1-6])[^>]*>)\s*<br />!', "$1", $pee);         $pee = preg_replace('!<br />(\s*</?(?:p|li|div|dl|dd|dt|th|pre|td|ul|ol)>)!', '$1', $pee);         $pee = preg_replace('!(<pre.*?>)(.*?)</pre>!ise', " stripslashes('$1') .  stripslashes(clean_pre('$2'))  . '</pre>' ", $pee);         return stripslashes($pee); } [/code] cheers
  9. Skeleten Neteleks
    If I had money, so would you!
  10. Skeleten Neteleks
    Back again! Need to log my users out with a link... will check google to see if there is a standardised log out script i can use...
  11. Skeleten Neteleks
    Cheers, I managed to make it work. I'll just enclose the form in a DIV tag to position it further down the page. thanks!
  12. Skeleten Neteleks
    Erm... how would one go about configuring the pages to look like all the others on my website? I have experimented in adding my page template code into the script in index.php but with no luck - I get the PHP code display on the page in a chunk. My code needs to use both speech marks and apostrophies (some javascript involved). thanks
  13. Skeleten Neteleks
    Great! It worked. cheers pal!
  14. Skeleten Neteleks
    Hi, I'm using a PHP mailer script which I have used before successfully. However, now that I've configured the html output of the email message, I get this error: [quote]Parse error: syntax error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING in /usr/local/psa/home/vhosts/adkm.34sp.com/httpdocs/output.php on line 203[/quote] I'm not sure where the extra whitespace is... please help! [code] <?php function wpautop($pee, $br = 1) {         $pee = $pee . "\n"; // just to make things a little easier, pad the end         $pee = preg_replace('|<br />\s*<br />|', "\n\n", $pee);         // Space things out a little         $pee = preg_replace('!(<(?:table|thead|tfoot|caption|colgroup|tbody|tr|td|th|div|dl|dd|dt|ul|ol|li|pre|select|form|blockquote|address|math|p|h[1-6])[^>]*>)!', "\n$1", $pee);         $pee = preg_replace('!(</(?:table|thead|tfoot|caption|colgroup|tbody|tr|td|th|div|dl|dd|dt|ul|ol|li|pre|select|form|blockquote|address|math|p|h[1-6])>)!', "$1\n\n", $pee);         $pee = str_replace(array("\r\n", "\r"), "\n", $pee); // cross-platform newlines         $pee = preg_replace("/\n\n+/", "\n\n", $pee); // take care of duplicates         $pee = preg_replace('/\n?(.+?)(?:\n\s*\n|\z)/s', "<p>$1</p>\n", $pee); // make paragraphs, including one at the end         $pee = preg_replace('|<p>\s*?</p>|', '', $pee); // under certain strange conditions it could create a P of entirely whitespace         $pee = preg_replace('!<p>\s*(</?(?:table|thead|tfoot|caption|colgroup|tbody|tr|td|th|div|dl|dd|dt|ul|ol|li|hr|pre|select|form|blockquote|address|math|p|h[1-6])[^>]*>)\s*</p>!', "$1", $pee); // don't pee all over a tag         $pee = preg_replace("|<p>(<li.+?)</p>|", "$1", $pee); // problem with nested lists         $pee = preg_replace('|<p><blockquote([^>]*)>|i', "<blockquote$1><p>", $pee);         $pee = str_replace('</blockquote></p>', '</p></blockquote>', $pee);         $pee = preg_replace('!<p>\s*(</?(?:table|thead|tfoot|caption|colgroup|tbody|tr|td|th|div|dl|dd|dt|ul|ol|li|hr|pre|select|form|blockquote|address|math|p|h[1-6])[^>]*>)!', "$1", $pee);         $pee = preg_replace('!(</?(?:table|thead|tfoot|caption|colgroup|tbody|tr|td|th|div|dl|dd|dt|ul|ol|li|pre|select|form|blockquote|address|math|p|h[1-6])[^>]*>)\s*</p>!', "$1", $pee);         if ($br) $pee = preg_replace('|(?<!<br />)\s*\n|', "<br />\n", $pee);         $pee = preg_replace('!(</?(?:table|thead|tfoot|caption|tbody|tr|td|th|div|dl|dd|dt|ul|ol|li|pre|select|form|blockquote|address|math|p|h[1-6])[^>]*>)\s*<br />!', "$1", $pee);         $pee = preg_replace('!<br />(\s*</?(?:p|li|div|dl|dd|dt|th|pre|td|ul|ol)>)!', '$1', $pee);         $pee = preg_replace('!(<pre.*?>)(.*?)</pre>!ise', " stripslashes('$1') .  stripslashes(clean_pre('$2'))  . '</pre>' ", $pee);         return stripslashes($pee); }     //change this to your email.     $to = "myemail@hotmail.com";     $from = "noreply";     $subject = "$email's Job Search Evidence - $centre - $date"; $name = $_POST['name']; $date = $_POST['date']; $centre = $_POST['centre']; $email = $_POST['email']; $sitesandpapers = wpautop($_POST['sitesandpapers']); $phcompany1 = $_POST['phcompany1']; $phcompany2 = $_POST['phcompany2']; $phcompany3 = $_POST['phcompany3']; $phname1 = $_POST['phname1']; $phname2 = $_POST['phname2']; $phname3 = $_POST['phname3']; $phnumber1 = $_POST['phnumber1']; $phnumber2 = $_POST['phnumber2']; $phnumber3 = $_POST['phnumber3']; $phpurpose1 = $_POST['phpurpose1']; $phpurpose2 = $_POST['phpurpose2']; $phpurpose3 = $_POST['phpurpose3']; $phresult1 = $_POST['phresult1']; $phresult2 = $_POST['phresult2']; $phresult3 = $_POST['phresult3']; $updatedcv = $_POST['updatedcv']; $jobsearchactivities = wpautop($_POST['jobsearchactivities']); $appcom1 = $_POST['appcom1']; $appcom2 = $_POST['appcom2']; $appcom3 = $_POST['appcom3']; $appcom4 = $_POST['appcom4']; $appcom5 = $_POST['appcom5']; $appcom6 = $_POST['appcom6']; $appmet1 = $_POST['appmet1']; $appmet2 = $_POST['appmet2']; $appmet3 = $_POST['appmet3']; $appmet4 = $_POST['appmet4']; $appmet5 = $_POST['appmet5']; $appmet6 = $_POST['appmet6']; $apppos1 = $_POST['apppos1']; $apppos2 = $_POST['apppos2']; $apppos3 = $_POST['apppos3']; $apppos4 = $_POST['apppos4']; $apppos5 = $_POST['apppos5']; $apppos6 = $_POST['apppos6']; $appsent1 = $_POST['appsent1']; $appsent2 = $_POST['appsent2']; $appsent3 = $_POST['appsent3']; $appsent4 = $_POST['appsent4']; $appsent5 = $_POST['appsent5']; $appsent6 = $_POST['appsent6']; $appsent7 = $_POST['appsent7']; $appsent8 = $_POST['appsent8']; $appsent9 = $_POST['appsent9']; $appsent10 = $_POST['appsent10']; $appsent11 = $_POST['appsent11']; $appsent12 = $_POST['appsent12']; $appsent13 = $_POST['appsent13']; $appsent14 = $_POST['appsent14']; $appsent15 = $_POST['appsent15']; $appsent16 = $_POST['appsent16']; $appsent17 = $_POST['appsent17']; $appsent18 = $_POST['appsent18']; $appsent19 = $_POST['appsent19']; $appsent20 = $_POST['appsent20']; $appsent21 = $_POST['appsent21']; $appsent22 = $_POST['appsent22']; $appsent23 = $_POST['appsent23']; $appsent24 = $_POST['appsent24']; $appdatesent1 = $_POST['appdatesent1']; $appdatesent2 = $_POST['appdatesent2']; $appdatesent3 = $_POST['appdatesent3']; $appdatesent4 = $_POST['appdatesent4']; $appdatesent5 = $_POST['appdatesent5']; $appdatesent6 = $_POST['appdatesent6']; $appaddress1 = wpautop($_POST['appaddress1']); $appaddress2 = wpautop($_POST['appaddress2']); $appaddress3 = wpautop($_POST['appaddress3']); $appaddress4 = wpautop($_POST['appaddress4']); $appaddress5 = wpautop($_POST['appaddress5']); $appaddress6 = wpautop($_POST['appaddress6']);     //begin of HTML message     $message = <<<EOF <html> <head> <style type="text/css"> body, td { background-color: white; font-family: Arial; font-size: 12px; color: black; } </style> </head> <body> <table width="600" cellpadding="5" style="border: 3 double black"> <tr> <td style="font-size: 16px"><strong>$email's</strong> Job Search Evidence</td> <td align="right" style="font-size: 16px"><strong>$centre - $date</strong></td> </tr> </table> <div style="margin-left: 11px"> <p><strong>Web sites and newspapers:</strong> <br><font color="blue">$sitesandpapers</font> <p><strong>Phone Calls</strong> <br><table width="600"> <tr> <td>Company #1</td><td><font color="blue">$phcompany1</font></td> <td>Company #2</td><td><font color="blue">$phcompany2</font></td> <td>Company #3</td><td><font color="blue">$phcompany3</font></td> </tr> <tr> <td>Spoke to:</td><td><font color="blue">$phname1</font></td> <td>Spoke to:</td><td><font color="blue">$phname2</font></td> <td>Spoke to:</td><td><font color="blue">$phname3</font></td> </tr> <tr> <td>Number:</td><td><font color="blue">$phnumber1</font></td> <td>Number:</td><td><font color="blue">$phnumber2</font></td> <td>Number:</td><td><font color="blue">$phnumber3</font></td> </tr> <tr> <td>Purpose:</td><td><font color="blue">$phpurpose1</font></td> <td>Purpose:</td><td><font color="blue">$phpurpose2</font></td> <td>Purpose:</td><td><font color="blue">$phpurpose3</font></td> </tr> <tr> <td>Result:</td><td><font color="blue">$phresult1</font></td> <td>Result:</td><td><font color="blue">$phresult2</font></td> <td>Result:</td><td><font color="blue">$phresult3</font></td> </tr> </table> <p><strong>Other job search activities:</strong> <br><font color="blue">$jobsearchactivities</font> <p><strong>Applications</strong> <br><table width="600"> <tr> <td> Company #1: <font color="blue">$appcom1</font> / Method: <font color="blue">$appmet1</font> / Position: <font color="blue">$apppos1</font> <br>Sent: <font color="blue">$appsent1 $appsent2 $appsent3 $appsent4</font> / Date: <font color="blue">$appdatesent1</font> <br>Address: <font color="blue">$appaddress1</font></td> </tr> <tr> <td>Company #2: <font color="blue">$appcom2</font> / Method: <font color="blue">$appmet2</font> / Position: <font color="blue">$apppos2</font> <br>Sent: <font color="blue">$appsent5 $appsent6 $appsent7 $appsent8</font> / Date: <font color="blue">$appdatesent2</font> <br>Address: <font color="blue">$appaddress2</font></td> </tr> <tr> <td>Company #3: <font color="blue">$appcom3</font> / Method: <font color="blue">$appmet3</font> / Position: <font color="blue">$apppos3</font> <br>Sent: <font color="blue">$appsent9 $appsent10 $appsent11 $appsent12</font> / Date: <font color="blue">$appdatesent3</font> <br>Address: <font color="blue">$appaddress3</font></td> </tr> <tr> <td>Company #4: <font color="blue">$appcom4</font> / Method: <font color="blue">$appmet4</font> / Position: <font color="blue">$apppos4</font> <br>Sent: <font color="blue">$appsent13 $appsent14 $appsent15 $appsent16</font> / Date: <font color="blue">$appdatesent4</font> <br>Address: <font color="blue">$appaddress4</font></td> </tr> <tr> <td>Company #5: <font color="blue">$appcom5</font> / Method: <font color="blue">$appmet5</font> / Position: <font color="blue">$apppos5</font> <br>Sent: <font color="blue">$appsent17 $appsent18 $appsent19 $appsent20</font> / Date: <font color="blue">$appdatesent5</font> <br>Address: <font color="blue">$appaddress5</font></td> </tr> <tr> <td>Company #6: <font color="blue">$appcom6</font> / Method: <font color="blue">$appmet6</font> / Position: <font color="blue">$apppos6</font> <br>Sent: <font color="blue">$appsent21 $appsent22 $appsent23 $appsent24</font> / Date: <font color="blue">$appdatesent6</font> <br>Address: <font color="blue">$appaddress6</font></td> </tr> <tr> <td align="right" style="padding-right: 50px"><input type="button" value="Print" onclick="window.print()"></td> </tr> </table> </div> </body> </html> EOF;     //end of message     $headers  = "From: $from\r\n";     $headers .= "Content-type: text/html\r\n";     //options to send to cc+bcc     $headers .= "Cc: [email]$email[/email]";     //$headers .= "Bcc: [email][/email]";     header("Location: http://thankyou/");     // now lets send the email.     mail($to, $subject, $message, $headers); ?>[/code]
  15. Skeleten Neteleks
    Thank you very much roopurt. You have been great help and I wouldn't have got this far without you. cheers mate
  16. Skeleten Neteleks
    I have not done what you advised above because I looked through the code before I checked back on this thread. In the home.php, I changed... [code]. "u.User={$_SESSION['UserClean']}"; // Notice the added condition here![/code] to... [code]. "u.Username={$_SESSION['UsernameClean']}"; // Notice the added condition here![/code] I thought I had already changed all instances of "User" to "Username" but obviously not. I don't know how I missed it, I pressed F3 to find next through the whole Notepad file from top to bottom. Anyhow, I now have partial success. The following is what I get when I log in: [quote]Welcome, John123! Product Name: Benji's Smokes Description: Increase the toxicity of your street cred by puffing on these fine fellows. It's a murderous product, which will leave you dying in agnony in maybe 80 years or so. this is product 3 by the way Array (     [LoggedIn] => 1     [UsernameClean] => 'John123'     [Username] => John123 ) [/quote] For some reason it's printing the array code after the details. Unless that's what this section is for? [code]// Let's also print out some debugging information     $Out .= '<pre style="text-align: left;">' . print_r($_SESSION, true)           . '</pre>';[/code]
  17. Skeleten Neteleks
    I try to sign in on http://www.adkm.34sp.com/test95/index.php - I enter the username John123 and the password 1111. I am then taken to home.php which displays this error message: [quote]You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1[/quote] I have no way to determine if it's a PHP or MySQL error. I am simply editing these files in Notepad, saving them as PHP files and uploading them to my server.
  18. Skeleten Neteleks
    Changed it in the home.php page but still get the same error. It doesn't seem to like a speech mark near the top... strange...
  19. Skeleten Neteleks
    index.php [code]<?php   // index.php   // A sample PHP script to display a login form and validate user identity   // Upon successful login, we redirect to our universal home.php   // I will wrap up functionalities specific to your application in functions   // which you can fill out for yourself   mysql_connect("myhost", "dbusername", "dbpassword") or die(mysql_error());   mysql_select_db("dbname") or die(mysql_error());   session_start(); // The first think we must do is start our session   $Out = ''; // This variable is going to hold our final output for the page   $Errors = Array(); // This is our errors array for the form   // Now we check in $_SESSION if the user is already logged in   if(isset($_SESSION['LoggedIn']) && $_SESSION['LoggedIn'] === true){     // This user is already logged in, we should just redirect to home.php     header("Location: home.php");     exit();   }   // We're going to count how many entries are in $_POST, if there are _any_   // entries in $_POST, then our login form must have been submitted and we   // need to validate the user   if(count($_POST)){     // Form has been submitted, we need to validate our user     if(ValidateForm()){       // Our user is a valid user, so let's log them in and redirect       $_SESSION['LoggedIn'] = true;       $_SESSION['UsernameClean'] = CleanFormField($_POST['Username']);       $_SESSION['Username'] = $_POST['Username'];       // We have set our $_SESSION parameters, so now we can redirect       header("Location: home.php");       exit();     }else{       // Our form was submitted but it's invalid!  This means we need to       // redisplay the form       $Out .= ShowForm();     }   }else{     // Form not submitted, we need to show it     $Out .= ShowForm();   }   echo $Out; // Dump our output at the very end   // ShowForm   // RETURN: The html to display for the form   function ShowForm(){     $Form = ''; // Start with an empty variable     // First we check for errors     global $Errors;     if(count($Errors)){       // We have errors       $Form .= 'The follow error(s) were encountered:'             . '<ul><li>' . implode('</li><li>', $Errors) . '</li><ul>';     }     // Set up default values for our form, using the ones from the previous     // submission if one was made     $defUsername = isset($_POST['Username']) ? $_POST['Username'] : NULL;     // Now display the form - we use the post method so that we can use     // the $_POST array above     $Form .= '<form name="login" method="post" action="">'           // Create the login field, using the default           . 'Login: <input type="text" name="Username" value="' . $defUsername . '" />'           . '&nbsp;'           // Create the password field, never set a default password           . 'Password: <input type="password" name="Password" value="" />'           . '<input type="submit" name="login" value="Login" />'           . '</form>';     // Return our form     return $Form;   }   // ValidateForm   // This function validates the log in form   // RETURN: true if form is valid, false otherwise   function ValidateForm(){     global $Errors; // We need access to our errors array     $HadErrors = false; // We initially assume our form is valid     // We are going to systematically check our field for good data     // Any time we find bad data, we set $HadErrors to true and add an error     // message to our $Errors array     // First we check if the username is valid, the condition to do so varies     // based on your application.  A valid username might be alphanumeric only,     // or alpha only, and usually they have a length restriction.  It's a good     // idea to test for that here     // The value $user_name_is_invalid is a dummy to represent whatever check     // you might actually make     // if(!$user_name_is_invalid){     // $HadErrors = true; // Not valid, so mark that we had errors     //  $Errors[] = "Login name appears to be invalid.";     // }     // Now we'll check that the user exists in our database, we make sure to     // clean each of the form fields (User & Password)     $Clean['Username'] = CleanFormField($_POST['Username']);     $Clean['PW'] = CleanFormField($_POST['Password']);     $sql = "SELECT COUNT(*) AS Num FROM Users WHERE "         . "Username=" . $Clean['Username'] . " AND "         . "Password=" . $Clean['PW'];     $q = mysql_query($sql);     $HaveUsername = false; // Initially we have no user     if($q){       // Query successful, let's make sure we have a user       while($row = mysql_fetch_array($q)){         $HaveUsername = $row['Num'] == 1; // Set $HaveUsername to the result of the test         break;       }     }     // By now $HaveUser is true or false depending on if we have a user     if(!$HaveUsername){       // We have no user       $HadErrors = true; // Not valid, so mark that we had errors       $Errors[] = "Your account could not be found.";       // It is very important that when checking an account that you NEVER       // tell the user which of the fields is correct or incorrect.       // This makes it harder for an attacker to determine if the login       // or password they are working with are correct or not     }     // Now we return the NOT of $HadErrors     return !$HadErrors;   }   // CleanFormField   // $fld - the input field to clean   // RETURN: $fld cleaned for safe use   function CleanFormField($fld){     if(is_string($fld)){       // $fld is a string so we must enclose in single quotes and escape       // special characters       $fld = "'" . addslashes($fld) . "'";     }else if(!is_numeric($fld)){       // We already knew it wasn't a string, but now we know it's not numeric       // either, so trash it       $fld = NULL;     }     return $fld;   } ?>[/code] home.php [code]<?php   // home.php   // This is our homepage for users   mysql_connect("myhost", "dbusername", "dbpassword") or die(mysql_error());   mysql_select_db("dbname") or die(mysql_error());  session_start(); // The first think we must do is start our session   $Out = ''; // This variable is going to hold our final output for the page   // First check if we have a valid user   if(!isset($_SESSION['LoggedIn']) || $_SESSION['LoggedIn'] !== true){     // Invalid user is trying to hack our site!     $Out .= 'You do not have permission to view this page.';   }else{     // User is valid - print welcome message     $Out .= "Welcome, {$_SESSION['User']}!";     // THIS IS WHERE YOU'D PULL MORE INFORMATION FROM THE DATABASE DEPENDING     // ON WHICH USER HAS LOGGED IN AND DISPLAY IT TO THEM!   $sql = "SELECT * FROM Users u, Products p, UserProductLinks l WHERE "     . "l.user_id = u.id AND "     . "l.product_id=p.id AND "     . "u.User={$_SESSION['UserClean']}"; // Notice the added condition here! $result = mysql_query($sql) or die(mysql_error()); // YOU STILL NEED TO LOOP OVER THE $result // store the record of the "example" table into $row while($row = mysql_fetch_array( $result )){ // <- there was a semicolon there,                                             // which can be removed.  I guess                                             // I fat-fingered something :D   $Out .= "<p>Product Name: " . $row['Name']         . "<p>Description: " . $row['Description']; }     // Let's also print out some debugging information     $Out .= '<pre style="text-align: left;">' . print_r($_SESSION, true)           . '</pre>';   }   echo $Out; ?>[/code] thanks
  20. Skeleten Neteleks
    Ok, I removed that, then I got errors from the home.php about not be able to connect to the database, so I added that info in the script at the top: [code]<?php   // home.php   // This is our homepage for users   mysql_connect("myhost", "dbusername", "dbpassword") or die(mysql_error());   mysql_select_db("dbname") or die(mysql_error());   session_start(); // The first think we must do is start our session[/code] Now all I get is: [quote]You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1"[/quote] Am I using correct code and it's just my server can't handle it, or am I using incorrect code?
  21. Skeleten Neteleks
    Ok, so I changed all instances of the word "User" into "Username" in both index.php and home.php to hopefully correspond with the field "Username" in my "Users" table on my database. I can now successfully reach the home.php page, but I get this error: Parse error: syntax error, unexpected '.' in /usr/local/psa/home/vhosts/adkm.34sp.com/httpdocs/test95/home.php on line 31 Line 31 (in Windows Notepad) contains this: [code]. "<p>Description: " . $row['Description'];[/code] Since this was given to me in your previous code, I assume that it should work. The full code I now have for the home.php is as follows: [code]<?php   // home.php   // This is our homepage for users   session_start(); // The first think we must do is start our session   $Out = ''; // This variable is going to hold our final output for the page   // First check if we have a valid user   if(!isset($_SESSION['LoggedIn']) || $_SESSION['LoggedIn'] !== true){     // Invalid user is trying to hack our site!     $Out .= 'You do not have permission to view this page.';   }else{     // User is valid - print welcome message     $Out .= "Welcome, {$_SESSION['Username']}!";     // THIS IS WHERE YOU'D PULL MORE INFORMATION FROM THE DATABASE DEPENDING     // ON WHICH USER HAS LOGGED IN AND DISPLAY IT TO THEM!     $sql = "SELECT * FROM Users u, Products p, UserProductLinks l WHERE "     . "l.username_id = u.id AND "     . "l.product_id=p.id AND "     . "u.Username={$_SESSION['UsernameClean']}"; // Notice the added condition here! $result = mysql_query($sql) or die(mysql_error()); // YOU STILL NEED TO LOOP OVER THE $result // store the record of the "example" table into $row while($row = mysql_fetch_array( $result )){ // <- there was a semicolon there,                                             // which can be removed.  I guess                                             // I fat-fingered something :D   $Out .= "<p>Product Name: " . $row['Name'];       . "<p>Description: " . $row['Description']; }     // Let's also print out some debugging information     $Out .= '<pre style="text-align: left;">' . print_r($_SESSION, true)           . '</pre>';   }   echo $Out; ?>[/code] I appreciate if you don't wanna carry on teaching dummies like me. I hope I got the correct line 31... I just counted down from the ?php bit.
  22. Skeleten Neteleks
    That's a fair point, but I don't have a background in PHP or programming so I didn't know that leaving it in there was going to cause me this problem. I have since commented it out... [code]// if(!$user_name_is_invalid){     // $HadErrors = true; // Not valid, so mark that we had errors     //  $Errors[] = "Login name appears to be invalid.";     // }[/code] ...I still get "Your account could not be found." though. I'm missing something else aren't I! I changed the UserTable bit to Users (as below - the table name of the users in my DB is called "Users"): [code]$sql = "SELECT COUNT(*) AS Num FROM Users WHERE "[/code] ...I still get "Your account could not be found." I'll keep looking through the code, hopefully something will look out of place... I appreciate if you don't want to help me anymore, and I wish I didn't have to ask obvious questions which I'm sure annoy you! Many thanks for your help, roopurt. You're a star!
  23. Skeleten Neteleks
    Am I missing something?
  24. Skeleten Neteleks
    Ok, I got this far: http://www.adkm.34sp.com/test95/index.php - The script wouldn't work without my db info at the top of the index.php page (so I added it). John123 and password 1111 doesn't log me in. These details match what is on my database....
  25. Skeleten Neteleks
    No the extra [code]<?php[/code] gives a warning...
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.