Jump to content

crashmaster

Members
 View Profile  See their activity

  • Posts

    169

  • Joined

  • Last visited

    Never

 Content Type 

Everything posted by crashmaster

  1. crashmaster
    [quote author=wildteen88 link=topic=101603.msg405042#msg405042 date=1154081502] crashmaster I would strongly advise you yo validate user input, especially when they login, as at the moment your site is prone to SQL Injection attacks! I would recommend you to use a function called mysql_real_escape_string() on your $username and $password variables in the check_database function. [/quote] thanks wildteen..I will imediatly correct it...
  2. crashmaster
    [quote author=cmgmyr link=topic=101603.msg404840#msg404840 date=1154045636] I'd make your top links rollovers. I like the logo with the black sun better. -Chris [/quote] what does it mean, rollover?? \you mean when you mouseover links should change color or somethibng else.. ??
  3. crashmaster
    Hi..I 've just updated my web, now you can try also functional side of the web :P Username: admin password: admin And...I have a question to designer..Look at the logo.. I think, that flower doesnt match to that text, blackSun but there is a flower... I have another logo, but I dont like, whcih is the better one ... look this one : [img]http://www.blacksun.magistri.net/imgs/logo.gif[/img] or this one: [img]http://www.blacksun.magistri.net/imgs/logo2.gif[/img] or do you have any other ideas ?? [that blacksun is a  real logo of the clothes]
  4. crashmaster
    And logining in..I dont know how do it ... My problem is : whn somebody is shopping..And wants to login, he just lOGIN , but if Logining is OK, it makes refesh to that place where he was before logining....before this script it was that after logining he was refreshed to deafut page for all users... here is my script of logining at the header of index.php [code] session_start(); require_once("scripts/auth.inc.php"); require_once("mysql.php"); $action = $_GET[action]; if ($action == "login") { check_database($_POST[username], $_POST[password]); //this function will return :$db_status = 0 [if user and pass are bad] or db_status = 1 + $db_array [if user and pass are OK] if ($db_status == 1) { set_cookie($db_array,session_id()); //and function set_cookie will setcookie (SESSION, session_id()); //also will set $auth_status = 1      } } if ($action == "logout") {   $session = $_COOKIE[SESSION];   $q = mysql_query(" DELETE FROM sessions WHERE session = '".$session."' ")     or die(mysql_error()); unset($_SESSION[user_id],$_SESSION[username],$_SESSION[user_level]);   setcookie('SESSION', '', 0);   header("location: index.php"); } check_auth($_COOKIE); [/code] in the pace where  login form is : [code] if ($auth_status == '1')       {         logged_menu();   } else { login_page();   } [/code] and at last auth.inc.php: [code] function login_page() { echo ' <table width="160" align="center" border="0" cellpadding="0">       <form method="post" action="'.$_SERVER['HTTP_REFERER'].'&action=login">       <tr>         <td colspan="2"><img src="imgs/menu_login.gif"></td>       </tr>   <tr>         <td width="70">&nbsp;Username: </td>         <td width="90"><input type="text" name="username" size="10" class="login_box"></td>       </tr>       <tr>         <td>&nbsp;Password: </td>         <td><input type="password" name="password" size="10" class="login_box"></td>       </tr>        <tr>         <td colspan="2"> <table width="100%" border="0" cellspacing="0" cellpadding="0">   <tr>     <td><a href="?page=register">&nbsp;<img src="imgs/button_register.png" border="0"></a></td>     <td align="right"><input type="image" src="imgs/button_login.png" name="login" value="login">&nbsp;</td>   </tr> </table>       </td>       </tr>     </form> </table>'; } function check_database($username, $password) { global $db_status; global $db_array;   $query = mysql_query("SELECT user_id, user_level, username FROM users WHERE username = '".$username."' AND password = '".$password."' LIMIT 1");   $db_array =  mysql_fetch_array($query);   $count = mysql_num_rows($query);   if($count == 1)   {   $db_status = 1;   }   else {   $db_status = 0;         }     } function check_auth($cookie) {   global $auth_status;   $session = $cookie[SESSION];   $q = mysql_query(" SELECT user_id, username FROM sessions WHERE session = '".$session."' ")     or die(mysql_error());   if  (mysql_num_rows($q) == 1) {     $r = mysql_fetch_array($q);       $_SESSION['user_id']  = $r['user_id'];       $_SESSION['username'] = $r['username'];   $q2 = mysql_query("SELECT user_level FROM users WHERE user_id = '$r[user_id]'");   $r2 =  mysql_fetch_array($q2);   $_SESSION['user_level']  = $r2['user_level'];   $auth_status = 1;                                 } else { $auth_status = 0; }   } function set_cookie($db_array,$session) { setcookie('SESSION', $session, time() + 60*60*24*21);       $C = mysql_query(" SELECT * FROM sessions WHERE user_id = '".$db_array[user_id]."' AND username = '".$db_array[username]."' ");       if(mysql_num_rows($C) == 0) {     $Q = mysql_query(" INSERT INTO sessions (session, user_id, username) VALUES ('".$session."','".$db_array[user_id]."','".$db_array[username]."') ");     } else {     $Q = mysql_query(" UPDATE sessions SET session = '$session' WHERE user_id = '".$db_array[user_id]."' AND username = '".$db_array[username]."' ");                                     } refresh(0,$_SERVER['HTTP_REFERER']); } function logged_menu() { echo 'Now you are Logged IN'; //I've just cutted this part off, coz here is code that shows your user_menu when you are logged in } function fm($String) {   return addslashes(strip_tags(trim($String))); } [/code]
  5. crashmaster
    I know..But it isnot Error :P "Home" page is created for showing me, if variable has been setted... For example 1st line: Array is showing me my cookies 2nd line: Array is showing me my $_SESSION variable 3rd line: STATUS is showing me if I am looged or not 4th line: is showing me $_SERVER[referer] variable 5th line: Level Is Showing me level of user, logged in... If you will log as main admin your LEVEL will be "2', if you will log as normal user your level is "0"... if you log as moderator your level is 1 6th line: NUM_ITEM -> look my topic at PHP Questions and Answers '$num++' and 7th line: CLEAR $_S[cart] is link [action] which unsets $_SESSION[cart] variable ... Its so simple :P
  6. crashmaster
    Hi there...I am webprogrammer and webdesigner...but still amateur... One day I've learned how to create sites with <TABLE> tag..And Until now I am using it.. Yesterday I posted to topic WEB CRITIQUE, and peoples told me that using DIV is better than table, but I dont see bad side of using TABLE... CAn somebody answer me, why using DIV is better than using TABLE ??
  7. crashmaster
    ok...I'd be happy, if you find it and post it here..
  8. crashmaster
    [code] <? if (empty($_GET[user_id])) { $user_id = $_POST[user_id]; } else $user_id = $_GET[user_id]; if (empty($_GET[code])) { $code = $_POST[code]; } else $code = $_GET[code]; if (!empty($user_id) && !empty($code) ) { $q = mysql_query("SELECT * FROM confirm WHERE user_id = '$user_id' AND code = '$code' LIMIT 1"); $z = mysql_fetch_array($q); if (mysql_num_rows($q) == 1) { $user_level = 0; $username = $z[username]; $password = $z[password]; $email = $z[email]; $insert = mysql_query("INSERT INTO users (user_id,user_level,username,password,email) VALUES ('".$user_id."','".$user_level."','".$username."','".$password."','".$email."') "); $del =  mysql_query("DELETE FROM confirm WHERE user_id = '$user_id' LIMIT 1"); if ($insert && $del) { msg_it ("Congratulation!","Your validation successfully done. Now you can login with your username and password!"); } else echo mysql_error(); } else { msg_it("Error","Invalid USER_ID or CONFIRMATION CODE"); } } else { echo '<form method="POST" action="?fid=html&page=confirm"> <table width="600" border="0" cellspacing="0" cellpadding="0">       <tr>         <td colspan="2" align="left" bgcolor="#FFA029"><strong>Validation</strong></td>       </tr>       <tr>         <td colspan="2">&nbsp;</td>       </tr>       <tr>         <td width="100"><strong>User_ID:</strong></td>         <td><input name="user_id" type="text" class="reg_form"  maxlength="3"></td>       </tr>       <tr>         <td><strong>CODE:</strong></td>         <td><input name="code" type="text" class="reg_form" maxlength="80"></td>       </tr>       <tr>   <td>&nbsp;</td>         <td><input type="image" src="images/buttons/validate.png" /></td>       </tr>     </table> </form>'; } ?> [/code][/code][/code][/code]
  9. crashmaster
    ok...any ideas why DIV is Better than TABLE ??
  10. crashmaster
    Problem can be, if this code isnt in HEADER>... Setting COOKIE has to be done BEFORE ANY HTML CODE..
  11. crashmaster
    you eman Like it has done GOOGLE MAIL ?? U cannot register without INVITATION ?
  12. crashmaster
    and 1 more question: why dont you like to use tabs ???or...why does many peoples say that using tabs is so noobish ?? I dont see any BAD side of using TABS.. Maybe coz I've never used <DIV>s :P And If somebody knows , why using DIV is better than TABLES, tell me it... -Konstantin
  13. crashmaster
    I want to sorry :) BUt Username and Password I've posted isnt correct.. I was looking to another database :D So If you want you can login there : admin | admin Sorry... :P [quote]Your naviagation is made of images, which isn't need instead you could produce the same result with CSS. [/quote] I am not sure that i understand this sentence... IF I can use CSSS insted of Images...Tell me how : ? To remove square from all images, but not from main [ [square]blacksun] ?? I will try :) But all FUN is that we will sell t-shirts... designs of T-shirts will create I and 2 my friends... And all friends are studying art school, deisgn, interier design..and nobody had never said: Remove thiis squares :D You dont like my self-done buttons ?? If text will not be bold...It will lose in background...and It doesnt like very well...after a few minutes you will fill pain in your eyes.. Why dont you like TimeNewRomans???
  14. crashmaster
    <? include ('mysql.php'); $name = $_POST[name]; $text = $_POST[text]; $query = Mysql_query ("SELECT email FROM members"); $count = mysql_num_rows($query); for ($i=0;$i<$count;$i++){ $to_all = MySQL_Result($query, $i, "email"); $mail = mail("$to_all", "Message to all members from $name", "Od koho(nickname) : $name Text              : $text "); if ($mail){echo "Your massage to $to_all has been sent!<br>";} elseif (!$mail){echo "Your massage to $to_all has NOT been sent!<br>";} } ?>
  15. crashmaster
    I said too..one time.... try to use $check_status .... on the top use : if ($check_status == 1) { setcookie (blablabla); } and and then use form... But if it will not work..use ob_flush(); Its a pretty powerfull tool in PHP...
  16. crashmaster
    not..It will return only FIELD.. Look at expression "SELECT [b]field[/b] ... " so than you do : $r = mysql_fetch_array($query); and $r[field] .... Nothing Else
  17. crashmaster
    Hi there...I would like to hear your opinion of GRAPHICAL design not functional side.. here you are: [url=http://blacksun.magistri.net]blacksun.magistri.net[/url] Also you can LOG IN : demo | demo
  18. crashmaster
    1st) To set up cookie you have to do in a header, before ANY HTML CODE !!! that PHP code where you are setting cookies have to be where you have # ini_set('error_reporting', E_ALL); 2st) If you cannot move this code you have to use : Output Buffering try to find some tutorials about ob_start(); ob_flush(); ob_end_flush(); It will definetly help you...
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.