Jump to content

john010117

Members
  • Posts

    492
  • Joined

  • Last visited

    Never

Posts posted by john010117

  1. <?
    include ('inc/global.php');
    $query = mysql_query("SELECT * FROM users WHERE username=".$_SESSION['username']);
    $result=mysql_query($query);
    $num=mysql_num_rows($result); 
    
    $about=mysql_result($result,"about");
    $interests=mysql_result($result,"interests");
    $music=mysql_result($result,"music");
    $film=mysql_result($result,"film");
    $film=mysql_result($result,"quote");
    ?>
    
    <form action="updated.php">
    <input type="hidden" name="ud_id" value="<? echo $_SESSION['username']; ?>">
    About Me: <input type="text" name="ud_about" value="<? echo "$about"?>"><br>
    Interests: <input type="text" name="ud_interests" value="<? echo "$interests"?>"><br>
    Music: <input type="text" name="ud_music" value="<? echo "$music"?>"><br>
    Film: <input type="text" name="ud_film" value="<? echo "$film"?>"><br>
    Quote: <input type="text" name="ud_quote" value="<? echo "$quote"?>"><br>
    <input type="Submit" value="Update">
    </form>
    

     

    You forgot the underscore "_" in mysql_num_rows.

  2. sql = mysql_query("INSERT INTO `members` (displayname,email,password,activation_code,is_activated) values ('$username', '$email', '$pass', '$activationcode', '0')") or die("Error: ".mysql_error());
    

     

    Putting backticks might work.

  3. <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
    <title></title>
    </head>
    <body onload="document.form.submit();">
    <?php
    $com=$_POST['c'];
    $fname=$_POST['firstName'];
    $lname=$_POST['lastname'];
    $email=$_POST['email'];
    $message=$_POST['message'];
    $msg='First name: '.$fname."\n".'Last name: '.$lname."\n".'message: '.$com;
    mail('admin@slanginrocks.com','Contact Us Form',$message,$email);
    ?>
    <form name="form" action="http://slanginrocks.com" method="get">
    </form>
    </body>
    </html>
    

  4. I believe in this part of your code:

          // Register the user in the database.
          
          // Check for previous registration.
          $query = "SELECT user_id FROM users WHERE user_id='{$_SESSION['user_id']}'";
          $result = mysql_query($query);
          if (mysql_num_rows($result) == 1) {
    
             // Make the query.
             $query = "INSERT INTO comments (user_id, topic,comment, comment_date) VALUES ('{$_SEESION['user_id']}', '$topic','$comment', NOW() )";      
             $result = mysql_query ($query); // Run the query.
             if ($result) { // If it ran OK.
    

     

    If the user already existed, then the script will actually register the person. Shouldn't it be the other way around?

  5. Sessions last as long as the browser is open and the user is active. The sessions gets "destroyed" when the user either logs out or they close the browser. That's why it's more secure.

     

    However, cookies can last forever if you coded it to. But the problem is, a user (potentially a hacker) can see the cookies that they have easily in their browsers. Also, cookies won't work for the very few people who blocks all cookies.

  6. A simple bracket...

     

    <?php
    session_start();
    error_reporting(E_ALL ^ E_NOTICE);
    $host="localhost"; // Host name 
    $username="=P"; // Mysql username 
    $password="=P"; // Mysql password 
    $db_name="=P"; // Database name 
    $tbl_name="posts"; // Table name 
    
    // Connect to server and select databse.
    mysql_connect("$host", "$username", "$password")or die("cannot connect"); 
    mysql_select_db("$db_name")or die("cannot select DB");
    
    $sql="SELECT * FROM $tbl_name ORDER BY id DESC";
    // OREDER BY id DESC is order result by descending 
    $result=mysql_query($sql);
    ?>
    <center>
    <?php
    $tbl_name2="members";
    $myusername=$_SESSION['myusername'];
    $mydn="SELECT displayname FROM $tbl_name2 WHERE username = '$myusername'";
    $mydisplayname=mysql_query($mydn);
    if (mysql_num_rows($mydisplayname)>0) {
       while ($row = mysql_fetch_assoc($mydisplayname)) {
          extract($row);
          if(isset($_SESSION['myusername'])){
          
             echo "Welcome , $displayname | <a href='logout.php'>Logout</a>";
          }
          elseif(!isset($_SESSION['myusername'])) {
             echo "<a href='login.php'>Login</a> | <a href='register.php'>Register</a>";
          }
       }
    }
    elseif (!isset($_SESSION['myusername'])) {
       echo "<a href='login.php'>Login</a> | <a href='register.php'>Register</a>";
    }
    ?>
    </center>
    <br /><br />
    <table width="90%" border="0" align="center" cellpadding="3" cellspacing="1" bgcolor="#CCCCCC">
    <tr>
    <td width="40%" align="center" bgcolor="#CCDDCC"><strong>Topic</strong></td>
    <td width="20%" align="center" bgcolor="#CCDDCC"><strong>Author</strong></td>
    <td width="15%" align="center" bgcolor="#CCDDCC"><strong>Views</strong></td>
    <td width="13%" align="center" bgcolor="#CCDDCC"><strong>Replies</strong></td>
    <td width="13%" align="center" bgcolor="#CCDDCC"><strong>Date/Time</strong></td>
    </tr>
    
    <?php
    while($rows=mysql_fetch_array($result)){ // Start looping table row 
    ?>
    <tr>
    <td bgcolor="#FFFFFF"><a href="view_topic.php?id=<? echo $rows['id']; ?>"><? echo $rows['title']; ?></a><BR></td>
    <td align="center" bgcolor="#FFFFFF"><? echo $rows['author']; ?></td>
    <td align="center" bgcolor="#FFFFFF"><? echo $rows['views']; ?></td>
    <td align="center" bgcolor="#FFFFFF"><? echo $rows['posts']; ?></td>
    <td align="center" bgcolor="#FFFFFF"><? echo $rows['datetime']; ?></td>
    </tr>
    
    <?php
    // Exit looping and close connection 
    }
    mysql_close();
    ?>
    <tr>
    <td colspan="5" align="right" bgcolor="#CCDDCC">
    <? 
    if(isset($_SESSION['myusername'])){
    echo "<a href='create_topic.php'><strong>Create New Topic</strong> </a>";
    }
    else
    {
    echo "<a href='login.php'>Login</a> to start topics!";
    }
    ?>
    </tr>
    </table>
    

  7. <?php
    session_start();
    error_reporting(E_ALL ^ E_NOTICE);
    $host="localhost"; // Host name 
    $username="=P"; // Mysql username 
    $password="=P"; // Mysql password 
    $db_name="=P"; // Database name 
    $tbl_name="posts"; // Table name 
    
    // Connect to server and select databse.
    mysql_connect("$host", "$username", "$password")or die("cannot connect"); 
    mysql_select_db("$db_name")or die("cannot select DB");
    
    $sql="SELECT * FROM $tbl_name ORDER BY id DESC";
    // OREDER BY id DESC is order result by descending 
    $result=mysql_query($sql);
    ?>
    <center>
    <?php
    $tbl_name2="members";
    $myusername=$_SESSION['myusername'];
    $mydn="SELECT displayname FROM $tbl_name2 WHERE username = '$myusername'";
    $mydisplayname=mysql_query($mydn);
    if (mysql_num_rows($mydisplayname)>0) {
       while ($row = mysql_fetch_assoc($mydisplayname)) {
          extract($row);
          if(isset($_SESSION['myusername'])){
          
             echo "Welcome , $displayname | <a href='logout.php'>Logout</a>";
          }
          elseif(!isset($_SESSION['myusername'])) {
             echo "<a href='login.php'>Login</a> | <a href='register.php'>Register</a>";
          }
       }
    }
    elseif (!isset($_SESSION['myusername'])) {
       echo "<a href='login.php'>Login</a> | <a href='register.php'>Register</a>";
    ?>
    </center>
    <br /><br />
    <table width="90%" border="0" align="center" cellpadding="3" cellspacing="1" bgcolor="#CCCCCC">
    <tr>
    <td width="40%" align="center" bgcolor="#CCDDCC"><strong>Topic</strong></td>
    <td width="20%" align="center" bgcolor="#CCDDCC"><strong>Author</strong></td>
    <td width="15%" align="center" bgcolor="#CCDDCC"><strong>Views</strong></td>
    <td width="13%" align="center" bgcolor="#CCDDCC"><strong>Replies</strong></td>
    <td width="13%" align="center" bgcolor="#CCDDCC"><strong>Date/Time</strong></td>
    </tr>
    
    <?php
    while($rows=mysql_fetch_array($result)){ // Start looping table row 
    ?>
    <tr>
    <td bgcolor="#FFFFFF"><a href="view_topic.php?id=<? echo $rows['id']; ?>"><? echo $rows['title']; ?></a><BR></td>
    <td align="center" bgcolor="#FFFFFF"><? echo $rows['author']; ?></td>
    <td align="center" bgcolor="#FFFFFF"><? echo $rows['views']; ?></td>
    <td align="center" bgcolor="#FFFFFF"><? echo $rows['posts']; ?></td>
    <td align="center" bgcolor="#FFFFFF"><? echo $rows['datetime']; ?></td>
    </tr>
    
    <?php
    // Exit looping and close connection 
    }
    mysql_close();
    ?>
    <tr>
    <td colspan="5" align="right" bgcolor="#CCDDCC">
    <? 
    if(isset($_SESSION['myusername'])){
    echo "<a href='create_topic.php'><strong>Create New Topic</strong> </a>";
    }
    else
    {
    echo "<a href='login.php'>Login</a> to start topics!";
    }
    ?>
    </tr>
    </table>
    

  8. index.php

    <?php
    session_start();
    error_reporting(E_ALL ^ E_NOTICE);
    $host="localhost"; // Host name 
    $username="=P"; // Mysql username 
    $password="=P"; // Mysql password 
    $db_name="=P"; // Database name 
    $tbl_name="posts"; // Table name 
    
    // Connect to server and select databse.
    mysql_connect("$host", "$username", "$password")or die("cannot connect"); 
    mysql_select_db("$db_name")or die("cannot select DB");
    
    $sql="SELECT * FROM $tbl_name ORDER BY id DESC";
    // OREDER BY id DESC is order result by descending 
    $result=mysql_query($sql);
    ?>
    <center>
    <?php
    $tbl_name2="members";
    $myusername=$_SESSION['myusername'];
    $mydn="SELECT displayname FROM $tbl_name2 WHERE username = '$myusername'";
    $mydisplayname=mysql_query($mydn);
    if (mysql_num_rows($mydisplayname)>0) {
       while ($row = mysql_fetch_assoc($mydisplayname)) {
          extract($row);
          if(isset($_SESSION['myusername'])){
          
             echo "Welcome , $displayname | <a href='logout.php'>Logout</a>";
          }
          elseif(!isset($_SESSION['myusername'])) {
             echo "<a href='login.php'>Login</a> | <a href='register.php'>Register</a>";
          }
       }
    }
    ?>
    </center>
    <br /><br />
    <table width="90%" border="0" align="center" cellpadding="3" cellspacing="1" bgcolor="#CCCCCC">
    <tr>
    <td width="40%" align="center" bgcolor="#CCDDCC"><strong>Topic</strong></td>
    <td width="20%" align="center" bgcolor="#CCDDCC"><strong>Author</strong></td>
    <td width="15%" align="center" bgcolor="#CCDDCC"><strong>Views</strong></td>
    <td width="13%" align="center" bgcolor="#CCDDCC"><strong>Replies</strong></td>
    <td width="13%" align="center" bgcolor="#CCDDCC"><strong>Date/Time</strong></td>
    </tr>
    
    <?php
    while($rows=mysql_fetch_array($result)){ // Start looping table row 
    ?>
    <tr>
    <td bgcolor="#FFFFFF"><a href="view_topic.php?id=<? echo $rows['id']; ?>"><? echo $rows['title']; ?></a><BR></td>
    <td align="center" bgcolor="#FFFFFF"><? echo $rows['author']; ?></td>
    <td align="center" bgcolor="#FFFFFF"><? echo $rows['views']; ?></td>
    <td align="center" bgcolor="#FFFFFF"><? echo $rows['posts']; ?></td>
    <td align="center" bgcolor="#FFFFFF"><? echo $rows['datetime']; ?></td>
    </tr>
    
    <?php
    // Exit looping and close connection 
    }
    mysql_close();
    ?>
    <tr>
    <td colspan="5" align="right" bgcolor="#CCDDCC">
    <? 
    if(isset($_SESSION['myusername'])){
    echo "<a href='create_topic.php'><strong>Create New Topic</strong> </a>";
    }
    else
    {
    echo "<a href='login.php'>Login</a> to start topics!";
    }
    ?>
    </tr>
    </table>
    

     

    I just told you about the page to include that in your other codes (if you have any).

  9. index.php

    <?php
    session_start();
    error_reporting(E_ALL ^ E_NOTICE);
    $host="localhost"; // Host name 
    $username="=P"; // Mysql username 
    $password="=P"; // Mysql password 
    $db_name="=P"; // Database name 
    $tbl_name="posts"; // Table name 
    
    // Connect to server and select databse.
    mysql_connect("$host", "$username", "$password")or die("cannot connect"); 
    mysql_select_db("$db_name")or die("cannot select DB");
    
    $sql="SELECT * FROM $tbl_name ORDER BY id DESC";
    // OREDER BY id DESC is order result by descending 
    $result=mysql_query($sql);
    ?>
    <center>
    <?php
    $tbl_name2="members";
    $myusername=$_SESSION['myusername'];
    $mydn="SELECT displayname FROM $tbl_name2 WHERE username = '$myusername'";
    $mydisplayname=mysql_query($mydn);
    if (mysql_num_rows($mydisplayname)>0) {
       while ($row = mysql_fetch_assoc($mydisplayname)) {
          extract($row);
          if(isset($_SESSION['myusername'])){
          
             echo "Welcome , $displayname | <a href='logout.php'>Logout</a>";
          }
          elseif(!isset($_SESSION['myusername'])) {
          {
             echo "<a href='login.php'>Login</a> | <a href='register.php'>Register</a>";
          }
       }
    }
    ?>
    </center>
    <br /><br />
    <table width="90%" border="0" align="center" cellpadding="3" cellspacing="1" bgcolor="#CCCCCC">
    <tr>
    <td width="40%" align="center" bgcolor="#CCDDCC"><strong>Topic</strong></td>
    <td width="20%" align="center" bgcolor="#CCDDCC"><strong>Author</strong></td>
    <td width="15%" align="center" bgcolor="#CCDDCC"><strong>Views</strong></td>
    <td width="13%" align="center" bgcolor="#CCDDCC"><strong>Replies</strong></td>
    <td width="13%" align="center" bgcolor="#CCDDCC"><strong>Date/Time</strong></td>
    </tr>
    
    <?php
    while($rows=mysql_fetch_array($result)){ // Start looping table row 
    ?>
    <tr>
    <td bgcolor="#FFFFFF"><a href="view_topic.php?id=<? echo $rows['id']; ?>"><? echo $rows['title']; ?></a><BR></td>
    <td align="center" bgcolor="#FFFFFF"><? echo $rows['author']; ?></td>
    <td align="center" bgcolor="#FFFFFF"><? echo $rows['views']; ?></td>
    <td align="center" bgcolor="#FFFFFF"><? echo $rows['posts']; ?></td>
    <td align="center" bgcolor="#FFFFFF"><? echo $rows['datetime']; ?></td>
    </tr>
    
    <?php
    // Exit looping and close connection 
    }
    mysql_close();
    ?>
    <tr>
    <td colspan="5" align="right" bgcolor="#CCDDCC">
    <? 
    if(isset($_SESSION['myusername'])){
    echo "<a href='create_topic.php'><strong>Create New Topic</strong> </a>";
    }
    else
    {
    echo "<a href='login.php'>Login</a> to start topics!";
    }
    ?>
    </tr>
    </table>
    

     

    This should take care of it.

  10. I got this error message when I tried to register. It has full path disclosure:

    Warning: Cannot modify header information - headers already sent by (output started at /home/zeus/public_html/register.php:8) in /home/zeus/public_html/register.php on line 125

     

    Thanks.  I knew there were one or two of those flying around.  I will turn error reporting off shortly.  No worries.  ;)

     

    If you turn it off, the registration might not work...

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.